Example 1 with TrustedChannelResolver
use of org.apache.hadoop.hdfs.protocol.datatransfer.TrustedChannelResolver in project hbase by apache.
the class FanOutOneBlockAsyncDFSOutputSaslHelper method createSaslAdaptor.
private static SaslAdaptor createSaslAdaptor() throws NoSuchFieldException, NoSuchMethodException {
Field saslPropsResolverField = SaslDataTransferClient.class.getDeclaredField("saslPropsResolver");
saslPropsResolverField.setAccessible(true);
Field trustedChannelResolverField = SaslDataTransferClient.class.getDeclaredField("trustedChannelResolver");
trustedChannelResolverField.setAccessible(true);
Field fallbackToSimpleAuthField = SaslDataTransferClient.class.getDeclaredField("fallbackToSimpleAuth");
fallbackToSimpleAuthField.setAccessible(true);
return new SaslAdaptor() {
@Override
public TrustedChannelResolver getTrustedChannelResolver(SaslDataTransferClient saslClient) {
try {
return (TrustedChannelResolver) trustedChannelResolverField.get(saslClient);
} catch (IllegalAccessException e) {
throw new RuntimeException(e);
}
}
@Override
public SaslPropertiesResolver getSaslPropsResolver(SaslDataTransferClient saslClient) {
try {
return (SaslPropertiesResolver) saslPropsResolverField.get(saslClient);
} catch (IllegalAccessException e) {
throw new RuntimeException(e);
}
}
@Override
public AtomicBoolean getFallbackToSimpleAuth(SaslDataTransferClient saslClient) {
try {
return (AtomicBoolean) fallbackToSimpleAuthField.get(saslClient);
} catch (IllegalAccessException e) {
throw new RuntimeException(e);
}
}
};
}
Also used :
Field(java.lang.reflect.Field)
AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean)
TrustedChannelResolver(org.apache.hadoop.hdfs.protocol.datatransfer.TrustedChannelResolver)
SaslPropertiesResolver(org.apache.hadoop.security.SaslPropertiesResolver)
SaslDataTransferClient(org.apache.hadoop.hdfs.protocol.datatransfer.sasl.SaslDataTransferClient)
Example 2 with TrustedChannelResolver
use of org.apache.hadoop.hdfs.protocol.datatransfer.TrustedChannelResolver in project hbase by apache.
the class FanOutOneBlockAsyncDFSOutputSaslHelper method trySaslNegotiate.
static void trySaslNegotiate(Configuration conf, Channel channel, DatanodeInfo dnInfo, int timeoutMs, DFSClient client, Token<BlockTokenIdentifier> accessToken, Promise<Void> saslPromise) throws IOException {
SaslDataTransferClient saslClient = client.getSaslDataTransferClient();
SaslPropertiesResolver saslPropsResolver = SASL_ADAPTOR.getSaslPropsResolver(saslClient);
TrustedChannelResolver trustedChannelResolver = SASL_ADAPTOR.getTrustedChannelResolver(saslClient);
AtomicBoolean fallbackToSimpleAuth = SASL_ADAPTOR.getFallbackToSimpleAuth(saslClient);
InetAddress addr = ((InetSocketAddress) channel.remoteAddress()).getAddress();
if (trustedChannelResolver.isTrusted() || trustedChannelResolver.isTrusted(addr)) {
saslPromise.trySuccess(null);
return;
}
DataEncryptionKey encryptionKey = client.newDataEncryptionKey();
if (encryptionKey != null) {
if (LOG.isDebugEnabled()) {
LOG.debug("SASL client doing encrypted handshake for addr = " + addr + ", datanodeId = " + dnInfo);
}
doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey), encryptionKeyToPassword(encryptionKey.encryptionKey), createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise);
} else if (!UserGroupInformation.isSecurityEnabled()) {
if (LOG.isDebugEnabled()) {
LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr + ", datanodeId = " + dnInfo);
}
saslPromise.trySuccess(null);
} else if (dnInfo.getXferPort() < 1024) {
if (LOG.isDebugEnabled()) {
LOG.debug("SASL client skipping handshake in secured configuration with " + "privileged port for addr = " + addr + ", datanodeId = " + dnInfo);
}
saslPromise.trySuccess(null);
} else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {
if (LOG.isDebugEnabled()) {
LOG.debug("SASL client skipping handshake in secured configuration with " + "unsecured cluster for addr = " + addr + ", datanodeId = " + dnInfo);
}
saslPromise.trySuccess(null);
} else if (saslPropsResolver != null) {
if (LOG.isDebugEnabled()) {
LOG.debug("SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);
}
doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken), buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise);
} else {
// edge case.
if (LOG.isDebugEnabled()) {
LOG.debug("SASL client skipping handshake in secured configuration with no SASL " + "protection configured for addr = " + addr + ", datanodeId = " + dnInfo);
}
saslPromise.trySuccess(null);
}
}
Also used :
AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean)
DataEncryptionKey(org.apache.hadoop.hdfs.security.token.block.DataEncryptionKey)
InetSocketAddress(java.net.InetSocketAddress)
TrustedChannelResolver(org.apache.hadoop.hdfs.protocol.datatransfer.TrustedChannelResolver)
SaslPropertiesResolver(org.apache.hadoop.security.SaslPropertiesResolver)
InetAddress(java.net.InetAddress)
SaslDataTransferClient(org.apache.hadoop.hdfs.protocol.datatransfer.sasl.SaslDataTransferClient)
Aggregations
AtomicBoolean (java.util.concurrent.atomic.AtomicBoolean)2
TrustedChannelResolver (org.apache.hadoop.hdfs.protocol.datatransfer.TrustedChannelResolver)2
SaslDataTransferClient (org.apache.hadoop.hdfs.protocol.datatransfer.sasl.SaslDataTransferClient)2
SaslPropertiesResolver (org.apache.hadoop.security.SaslPropertiesResolver)2
Field (java.lang.reflect.Field)1
InetAddress (java.net.InetAddress)1
InetSocketAddress (java.net.InetSocketAddress)1
DataEncryptionKey (org.apache.hadoop.hdfs.security.token.block.DataEncryptionKey)1
