Example 31 with Id
use of org.apache.zookeeper.data.Id in project zookeeper by apache.
the class DigestAuthenticationProvider method handleAuthentication.
public KeeperException.Code handleAuthentication(ServerCnxn cnxn, byte[] authData) {
String id = new String(authData);
try {
String digest = generateDigest(id);
if (digest.equals(superDigest)) {
cnxn.addAuthInfo(new Id("super", ""));
}
cnxn.addAuthInfo(new Id(getScheme(), digest));
return KeeperException.Code.OK;
} catch (NoSuchAlgorithmException e) {
LOG.error("Missing algorithm", e);
}
return KeeperException.Code.AUTHFAILED;
}
Also used :
Id(org.apache.zookeeper.data.Id)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Example 32 with Id
use of org.apache.zookeeper.data.Id in project zookeeper by apache.
the class X509AuthenticationProvider method handleAuthentication.
@Override
public KeeperException.Code handleAuthentication(ServerCnxn cnxn, byte[] authData) {
X509Certificate[] certChain = (X509Certificate[]) cnxn.getClientCertificateChain();
if (certChain == null || certChain.length == 0) {
return KeeperException.Code.AUTHFAILED;
}
if (trustManager == null) {
LOG.error("No trust manager available to authenticate session 0x{}", Long.toHexString(cnxn.getSessionId()));
return KeeperException.Code.AUTHFAILED;
}
X509Certificate clientCert = certChain[0];
try {
// Authenticate client certificate
trustManager.checkClientTrusted(certChain, clientCert.getPublicKey().getAlgorithm());
} catch (CertificateException ce) {
LOG.error("Failed to trust certificate for session 0x" + Long.toHexString(cnxn.getSessionId()), ce);
return KeeperException.Code.AUTHFAILED;
}
String clientId = getClientId(clientCert);
if (clientId.equals(System.getProperty(ZOOKEEPER_X509AUTHENTICATIONPROVIDER_SUPERUSER))) {
cnxn.addAuthInfo(new Id("super", clientId));
LOG.info("Authenticated Id '{}' as super user", clientId);
}
Id authInfo = new Id(getScheme(), clientId);
cnxn.addAuthInfo(authInfo);
LOG.info("Authenticated Id '{}' for Scheme '{}'", authInfo.getId(), authInfo.getScheme());
return KeeperException.Code.OK;
}
Also used :
CertificateException(java.security.cert.CertificateException)
Id(org.apache.zookeeper.data.Id)
X509Certificate(java.security.cert.X509Certificate)
Example 33 with Id
use of org.apache.zookeeper.data.Id in project hive by apache.
the class LlapZookeeperRegistryImpl method checkAndSetAcls.
private void checkAndSetAcls() throws Exception {
if (!UserGroupInformation.isSecurityEnabled())
return;
// We are trying to check ACLs on the "workers" directory, which noone except us should be
// able to write to. Higher-level directories shouldn't matter - we don't read them.
String pathToCheck = workersPath;
List<ACL> acls = zooKeeperClient.getACL().forPath(pathToCheck);
if (acls == null || acls.isEmpty()) {
// Can there be no ACLs? There's some access (to get ACLs), so assume it means free for all.
LOG.warn("No ACLs on " + pathToCheck + "; setting up ACLs. " + DISABLE_MESSAGE);
setUpAcls(pathToCheck);
return;
}
// This could be brittle.
assert userNameFromPrincipal != null;
Id currentUser = new Id("sasl", userNameFromPrincipal);
for (ACL acl : acls) {
if ((acl.getPerms() & ~ZooDefs.Perms.READ) == 0 || currentUser.equals(acl.getId())) {
// Read permission/no permissions, or the expected user.
continue;
}
LOG.warn("The ACL " + acl + " is unnacceptable for " + pathToCheck + "; setting up ACLs. " + DISABLE_MESSAGE);
setUpAcls(pathToCheck);
return;
}
}
Also used :
ACL(org.apache.zookeeper.data.ACL)
ApplicationId(org.apache.hadoop.yarn.api.records.ApplicationId)
ContainerId(org.apache.hadoop.yarn.api.records.ContainerId)
Id(org.apache.zookeeper.data.Id)
Example 34 with Id
use of org.apache.zookeeper.data.Id in project zookeeper by apache.
the class SaslAuthDesignatedClientTest method testReadAccessUser.
@Test
public void testReadAccessUser() throws Exception {
System.setProperty("zookeeper.letAnySaslUserDoX", "anyone");
ZooKeeper zk = createClient();
List<ACL> aclList = new ArrayList<ACL>();
ACL acl = new ACL(Perms.ADMIN | Perms.CREATE | Perms.WRITE | Perms.DELETE, new Id("sasl", "fakeuser"));
ACL acl1 = new ACL(Perms.READ, new Id("sasl", "anyone"));
aclList.add(acl);
aclList.add(acl1);
try {
zk.create("/abc", "testData".getBytes(), aclList, CreateMode.PERSISTENT);
} catch (KeeperException e) {
Assert.fail("Unable to create znode");
}
zk.close();
Thread.sleep(100);
// try to access it with different user (myuser)
zk = createClient();
try {
zk.setData("/abc", "testData1".getBytes(), -1);
Assert.fail("Should not be able to set data");
} catch (KeeperException.NoAuthException e) {
// success
}
try {
byte[] bytedata = zk.getData("/abc", null, null);
String data = new String(bytedata);
Assert.assertTrue("testData".equals(data));
} catch (KeeperException e) {
Assert.fail("failed to get data");
}
zk.close();
Thread.sleep(100);
// disable Client Sasl
System.setProperty(ZKClientConfig.ENABLE_CLIENT_SASL_KEY, "false");
try {
zk = createClient();
try {
zk.getData("/abc", null, null);
Assert.fail("Should not be able to read data when not authenticated");
} catch (KeeperException.NoAuthException e) {
// success
}
zk.close();
} finally {
// enable Client Sasl
System.setProperty(ZKClientConfig.ENABLE_CLIENT_SASL_KEY, "true");
}
}Example 35 with Id
use of org.apache.zookeeper.data.Id in project zookeeper by apache.
the class SaslAuthTest method testInvalidSaslIds.
@Test
public void testInvalidSaslIds() throws Exception {
ZooKeeper zk = createClient();
List<String> invalidIds = new ArrayList<String>();
invalidIds.add("user@KERB.REALM/server.com");
invalidIds.add("user@KERB.REALM1@KERB.REALM2");
int i = 0;
for (String invalidId : invalidIds) {
List<ACL> aclList = new ArrayList<ACL>();
try {
ACL acl = new ACL(0, new Id("sasl", invalidId));
aclList.add(acl);
zk.create("/invalid" + i, null, aclList, CreateMode.PERSISTENT);
Assert.fail("SASLAuthenticationProvider.isValid() failed to catch invalid Id.");
} catch (KeeperException.InvalidACLException e) {
// ok.
} finally {
i++;
}
}
}
Also used :
ZooKeeper(org.apache.zookeeper.ZooKeeper)
TestableZooKeeper(org.apache.zookeeper.TestableZooKeeper)
ArrayList(java.util.ArrayList)
ACL(org.apache.zookeeper.data.ACL)
Id(org.apache.zookeeper.data.Id)
KeeperException(org.apache.zookeeper.KeeperException)
Test(org.junit.Test)
Aggregations
Id (org.apache.zookeeper.data.Id)57
ACL (org.apache.zookeeper.data.ACL)43
ArrayList (java.util.ArrayList)22
Test (org.junit.Test)20
KeeperException (org.apache.zookeeper.KeeperException)8
ZooKeeper (org.apache.zookeeper.ZooKeeper)8
ByteArrayOutputStream (java.io.ByteArrayOutputStream)6
BinaryOutputArchive (org.apache.jute.BinaryOutputArchive)6
ByteBuffer (java.nio.ByteBuffer)5
Stat (org.apache.zookeeper.data.Stat)5
CreateRequest (org.apache.zookeeper.proto.CreateRequest)5
TestableZooKeeper (org.apache.zookeeper.TestableZooKeeper)4
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
Configuration (org.apache.hadoop.conf.Configuration)3
GetDataRequest (org.apache.zookeeper.proto.GetDataRequest)3
File (java.io.File)2
IOException (java.io.IOException)2
LinkedHashSet (java.util.LinkedHashSet)2
SetupStep (org.apache.atlas.setup.SetupStep)2
CuratorFramework (org.apache.curator.framework.CuratorFramework)2
