Example 51 with Id
use of org.apache.zookeeper.data.Id in project hive by apache.
the class ZkRegistryBase method checkAndSetAcls.
private void checkAndSetAcls() throws Exception {
if (!UserGroupInformation.isSecurityEnabled())
return;
// We are trying to check ACLs on the "workers" directory, which noone except us should be
// able to write to. Higher-level directories shouldn't matter - we don't read them.
String pathToCheck = workersPath;
List<ACL> acls = zooKeeperClient.getACL().forPath(pathToCheck);
if (acls == null || acls.isEmpty()) {
// Can there be no ACLs? There's some access (to get ACLs), so assume it means free for all.
LOG.warn("No ACLs on " + pathToCheck + "; setting up ACLs. " + disableMessage);
setUpAcls(pathToCheck);
return;
}
// This could be brittle.
assert userNameFromPrincipal != null;
Id currentUser = new Id("sasl", userNameFromPrincipal);
for (ACL acl : acls) {
if ((acl.getPerms() & ~ZooDefs.Perms.READ) == 0 || currentUser.equals(acl.getId())) {
// Read permission/no permissions, or the expected user.
continue;
}
LOG.warn("The ACL " + acl + " is unnacceptable for " + pathToCheck + "; setting up ACLs. " + disableMessage);
setUpAcls(pathToCheck);
return;
}
}Example 52 with Id
use of org.apache.zookeeper.data.Id in project zookeeper by apache.
the class MultiOpSessionUpgradeTest method makeCreateRequest.
private Request makeCreateRequest(String path, long sessionId) throws IOException {
ByteArrayOutputStream boas = new ByteArrayOutputStream();
BinaryOutputArchive boa = BinaryOutputArchive.getArchive(boas);
CreateRequest createRequest = new CreateRequest(path, "data".getBytes(), ZooDefs.Ids.OPEN_ACL_UNSAFE, CreateMode.EPHEMERAL.toFlag());
createRequest.serialize(boa, "request");
ByteBuffer bb = ByteBuffer.wrap(boas.toByteArray());
return new Request(null, sessionId, 1, ZooDefs.OpCode.create2, bb, new ArrayList<Id>());
}
Also used :
BinaryOutputArchive(org.apache.jute.BinaryOutputArchive)
CreateRequest(org.apache.zookeeper.proto.CreateRequest)
GetDataRequest(org.apache.zookeeper.proto.GetDataRequest)
CreateRequest(org.apache.zookeeper.proto.CreateRequest)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
Id(org.apache.zookeeper.data.Id)
ByteBuffer(java.nio.ByteBuffer)
Example 53 with Id
use of org.apache.zookeeper.data.Id in project zookeeper by apache.
the class MultiOpSessionUpgradeTest method makeGetDataRequest.
private Request makeGetDataRequest(String path, long sessionId) throws IOException {
ByteArrayOutputStream boas = new ByteArrayOutputStream();
BinaryOutputArchive boa = BinaryOutputArchive.getArchive(boas);
GetDataRequest getDataRequest = new GetDataRequest(path, false);
getDataRequest.serialize(boa, "request");
ByteBuffer bb = ByteBuffer.wrap(boas.toByteArray());
return new Request(null, sessionId, 1, ZooDefs.OpCode.getData, bb, new ArrayList<Id>());
}
Also used :
BinaryOutputArchive(org.apache.jute.BinaryOutputArchive)
GetDataRequest(org.apache.zookeeper.proto.GetDataRequest)
CreateRequest(org.apache.zookeeper.proto.CreateRequest)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
Id(org.apache.zookeeper.data.Id)
GetDataRequest(org.apache.zookeeper.proto.GetDataRequest)
ByteBuffer(java.nio.ByteBuffer)
Example 54 with Id
use of org.apache.zookeeper.data.Id in project zookeeper by apache.
the class ZooKeeperServer method processSasl.
private Record processSasl(ByteBuffer incomingBuffer, ServerCnxn cnxn) throws IOException {
LOG.debug("Responding to client SASL token.");
GetSASLRequest clientTokenRecord = new GetSASLRequest();
ByteBufferInputStream.byteBuffer2Record(incomingBuffer, clientTokenRecord);
byte[] clientToken = clientTokenRecord.getToken();
LOG.debug("Size of client SASL token: " + clientToken.length);
byte[] responseToken = null;
try {
ZooKeeperSaslServer saslServer = cnxn.zooKeeperSaslServer;
try {
// note that clientToken might be empty (clientToken.length == 0):
// if using the DIGEST-MD5 mechanism, clientToken will be empty at the beginning of the
// SASL negotiation process.
responseToken = saslServer.evaluateResponse(clientToken);
if (saslServer.isComplete()) {
String authorizationID = saslServer.getAuthorizationID();
LOG.info("adding SASL authorization for authorizationID: " + authorizationID);
cnxn.addAuthInfo(new Id("sasl", authorizationID));
if (System.getProperty("zookeeper.superUser") != null && authorizationID.equals(System.getProperty("zookeeper.superUser"))) {
cnxn.addAuthInfo(new Id("super", ""));
}
}
} catch (SaslException e) {
LOG.warn("Client failed to SASL authenticate: " + e, e);
if ((System.getProperty("zookeeper.allowSaslFailedClients") != null) && (System.getProperty("zookeeper.allowSaslFailedClients").equals("true"))) {
LOG.warn("Maintaining client connection despite SASL authentication failure.");
} else {
LOG.warn("Closing client connection due to SASL authentication failure.");
cnxn.close();
}
}
} catch (NullPointerException e) {
LOG.error("cnxn.saslServer is null: cnxn object did not initialize its saslServer properly.");
}
if (responseToken != null) {
LOG.debug("Size of server SASL response: " + responseToken.length);
}
// wrap SASL response token to client inside a Response object.
return new SetSASLResponse(responseToken);
}
Also used :
SetSASLResponse(org.apache.zookeeper.proto.SetSASLResponse)
Id(org.apache.zookeeper.data.Id)
SaslException(javax.security.sasl.SaslException)
GetSASLRequest(org.apache.zookeeper.proto.GetSASLRequest)
Example 55 with Id
use of org.apache.zookeeper.data.Id in project zookeeper by apache.
the class KeyAuthenticationProvider method handleAuthentication.
@Override
public KeeperException.Code handleAuthentication(ServerObjs serverObjs, byte[] authData) {
byte[] key = getKey(serverObjs.getZks());
String authStr = "";
String keyStr = "";
try {
authStr = new String(authData, "UTF-8");
} catch (Exception e) {
LOG.error("UTF-8", e);
}
if (key != null) {
if (!validate(key, authData)) {
try {
keyStr = new String(key, "UTF-8");
} catch (Exception e) {
LOG.error("UTF-8", e);
// empty key
keyStr = authStr;
}
LOG.debug("KeyAuthenticationProvider handleAuthentication (" + keyStr + ", " + authStr + ") -> FAIL.\n");
return KeeperException.Code.AUTHFAILED;
}
}
// default to allow, so the key can be initially written
LOG.debug("KeyAuthenticationProvider handleAuthentication -> OK.\n");
// NOTE: keyStr in addAuthInfo() sticks with the created node ACLs.
// For transient keys or certificates, this presents a problem.
// In that case, replace it with something non-ephemeral (or punt with null).
//
// BOTH addAuthInfo and an OK return-code are needed for authentication.
serverObjs.getCnxn().addAuthInfo(new Id(getScheme(), keyStr));
return KeeperException.Code.OK;
}
Also used :
Id(org.apache.zookeeper.data.Id)
KeeperException(org.apache.zookeeper.KeeperException)
NoNodeException(org.apache.zookeeper.KeeperException.NoNodeException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Aggregations
Id (org.apache.zookeeper.data.Id)57
ACL (org.apache.zookeeper.data.ACL)43
ArrayList (java.util.ArrayList)22
Test (org.junit.Test)20
KeeperException (org.apache.zookeeper.KeeperException)8
ZooKeeper (org.apache.zookeeper.ZooKeeper)8
ByteArrayOutputStream (java.io.ByteArrayOutputStream)6
BinaryOutputArchive (org.apache.jute.BinaryOutputArchive)6
ByteBuffer (java.nio.ByteBuffer)5
Stat (org.apache.zookeeper.data.Stat)5
CreateRequest (org.apache.zookeeper.proto.CreateRequest)5
TestableZooKeeper (org.apache.zookeeper.TestableZooKeeper)4
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
Configuration (org.apache.hadoop.conf.Configuration)3
GetDataRequest (org.apache.zookeeper.proto.GetDataRequest)3
File (java.io.File)2
IOException (java.io.IOException)2
LinkedHashSet (java.util.LinkedHashSet)2
SetupStep (org.apache.atlas.setup.SetupStep)2
CuratorFramework (org.apache.curator.framework.CuratorFramework)2
