Search in sources :

Example 1 with GetSASLRequest

use of org.apache.zookeeper.proto.GetSASLRequest in project fabric8 by jboss-fuse.

the class ZooKeeperSaslClient method sendSaslPacket.

private void sendSaslPacket(ClientCnxn cnxn) throws SaslException {
    if (LOG.isDebugEnabled()) {
        LOG.debug("ClientCnxn:sendSaslPacket:length=" + saslToken.length);
    }
    GetSASLRequest request = new GetSASLRequest();
    request.setToken(createSaslToken());
    SetSASLResponse response = new SetSASLResponse();
    ServerSaslResponseCallback cb = new ServerSaslResponseCallback();
    try {
        cnxn.sendPacket(request, response, cb, ZooDefs.OpCode.sasl);
    } catch (IOException e) {
        throw new SaslException("Failed to send SASL packet to server due " + "to IOException:", e);
    }
}
Also used : SetSASLResponse(org.apache.zookeeper.proto.SetSASLResponse) IOException(java.io.IOException) SaslException(javax.security.sasl.SaslException) GetSASLRequest(org.apache.zookeeper.proto.GetSASLRequest)

Example 2 with GetSASLRequest

use of org.apache.zookeeper.proto.GetSASLRequest in project zookeeper by apache.

the class ZooKeeperServer method processSasl.

private void processSasl(ByteBuffer incomingBuffer, ServerCnxn cnxn, RequestHeader requestHeader) throws IOException {
    LOG.debug("Responding to client SASL token.");
    GetSASLRequest clientTokenRecord = new GetSASLRequest();
    ByteBufferInputStream.byteBuffer2Record(incomingBuffer, clientTokenRecord);
    byte[] clientToken = clientTokenRecord.getToken();
    LOG.debug("Size of client SASL token: {}", clientToken.length);
    byte[] responseToken = null;
    try {
        ZooKeeperSaslServer saslServer = cnxn.zooKeeperSaslServer;
        try {
            // note that clientToken might be empty (clientToken.length == 0):
            // if using the DIGEST-MD5 mechanism, clientToken will be empty at the beginning of the
            // SASL negotiation process.
            responseToken = saslServer.evaluateResponse(clientToken);
            if (saslServer.isComplete()) {
                String authorizationID = saslServer.getAuthorizationID();
                LOG.info("Session 0x{}: adding SASL authorization for authorizationID: {}", Long.toHexString(cnxn.getSessionId()), authorizationID);
                cnxn.addAuthInfo(new Id("sasl", authorizationID));
                if (isSaslSuperUser(authorizationID)) {
                    cnxn.addAuthInfo(new Id("super", ""));
                    LOG.info("Session 0x{}: Authenticated Id '{}' as super user", Long.toHexString(cnxn.getSessionId()), authorizationID);
                }
            }
        } catch (SaslException e) {
            LOG.warn("Client {} failed to SASL authenticate: {}", cnxn.getRemoteSocketAddress(), e);
            if (shouldAllowSaslFailedClientsConnect() && !authHelper.isSaslAuthRequired()) {
                LOG.warn("Maintaining client connection despite SASL authentication failure.");
            } else {
                int error;
                if (authHelper.isSaslAuthRequired()) {
                    LOG.warn("Closing client connection due to server requires client SASL authenticaiton," + "but client SASL authentication has failed, or client is not configured with SASL " + "authentication.");
                    error = Code.SESSIONCLOSEDREQUIRESASLAUTH.intValue();
                } else {
                    LOG.warn("Closing client connection due to SASL authentication failure.");
                    error = Code.AUTHFAILED.intValue();
                }
                ReplyHeader replyHeader = new ReplyHeader(requestHeader.getXid(), 0, error);
                cnxn.sendResponse(replyHeader, new SetSASLResponse(null), "response");
                cnxn.sendCloseSession();
                cnxn.disableRecv();
                return;
            }
        }
    } catch (NullPointerException e) {
        LOG.error("cnxn.saslServer is null: cnxn object did not initialize its saslServer properly.");
    }
    if (responseToken != null) {
        LOG.debug("Size of server SASL response: {}", responseToken.length);
    }
    ReplyHeader replyHeader = new ReplyHeader(requestHeader.getXid(), 0, Code.OK.intValue());
    Record record = new SetSASLResponse(responseToken);
    cnxn.sendResponse(replyHeader, record, "response");
}
Also used : ReplyHeader(org.apache.zookeeper.proto.ReplyHeader) SetSASLResponse(org.apache.zookeeper.proto.SetSASLResponse) Record(org.apache.jute.Record) Id(org.apache.zookeeper.data.Id) SaslException(javax.security.sasl.SaslException) GetSASLRequest(org.apache.zookeeper.proto.GetSASLRequest)

Example 3 with GetSASLRequest

use of org.apache.zookeeper.proto.GetSASLRequest in project zookeeper by apache.

the class ZooKeeperSaslClient method sendSaslPacket.

private void sendSaslPacket(ClientCnxn cnxn) throws SaslException {
    LOG.debug("ClientCnxn:sendSaslPacket:length={}", saslToken.length);
    GetSASLRequest request = new GetSASLRequest();
    request.setToken(createSaslToken());
    SetSASLResponse response = new SetSASLResponse();
    ServerSaslResponseCallback cb = new ServerSaslResponseCallback();
    try {
        cnxn.sendPacket(request, response, cb, ZooDefs.OpCode.sasl);
    } catch (IOException e) {
        throw new SaslException("Failed to send SASL packet to server due " + "to IOException:", e);
    }
}
Also used : SetSASLResponse(org.apache.zookeeper.proto.SetSASLResponse) IOException(java.io.IOException) SaslException(javax.security.sasl.SaslException) GetSASLRequest(org.apache.zookeeper.proto.GetSASLRequest)

Example 4 with GetSASLRequest

use of org.apache.zookeeper.proto.GetSASLRequest in project zookeeper by apache.

the class ZooKeeperSaslClient method sendSaslPacket.

private void sendSaslPacket(byte[] saslToken, ClientCnxn cnxn) throws SaslException {
    LOG.debug("ClientCnxn:sendSaslPacket:length={}", saslToken.length);
    GetSASLRequest request = new GetSASLRequest();
    request.setToken(saslToken);
    SetSASLResponse response = new SetSASLResponse();
    ServerSaslResponseCallback cb = new ServerSaslResponseCallback();
    try {
        cnxn.sendPacket(request, response, cb, ZooDefs.OpCode.sasl);
    } catch (IOException e) {
        throw new SaslException("Failed to send SASL packet to server.", e);
    }
}
Also used : SetSASLResponse(org.apache.zookeeper.proto.SetSASLResponse) IOException(java.io.IOException) SaslException(javax.security.sasl.SaslException) GetSASLRequest(org.apache.zookeeper.proto.GetSASLRequest)

Example 5 with GetSASLRequest

use of org.apache.zookeeper.proto.GetSASLRequest in project zookeeper by apache.

the class ZooKeeperServer method processSasl.

private Record processSasl(ByteBuffer incomingBuffer, ServerCnxn cnxn) throws IOException {
    LOG.debug("Responding to client SASL token.");
    GetSASLRequest clientTokenRecord = new GetSASLRequest();
    ByteBufferInputStream.byteBuffer2Record(incomingBuffer, clientTokenRecord);
    byte[] clientToken = clientTokenRecord.getToken();
    LOG.debug("Size of client SASL token: " + clientToken.length);
    byte[] responseToken = null;
    try {
        ZooKeeperSaslServer saslServer = cnxn.zooKeeperSaslServer;
        try {
            // note that clientToken might be empty (clientToken.length == 0):
            // if using the DIGEST-MD5 mechanism, clientToken will be empty at the beginning of the
            // SASL negotiation process.
            responseToken = saslServer.evaluateResponse(clientToken);
            if (saslServer.isComplete()) {
                String authorizationID = saslServer.getAuthorizationID();
                LOG.info("adding SASL authorization for authorizationID: " + authorizationID);
                cnxn.addAuthInfo(new Id("sasl", authorizationID));
                if (System.getProperty("zookeeper.superUser") != null && authorizationID.equals(System.getProperty("zookeeper.superUser"))) {
                    cnxn.addAuthInfo(new Id("super", ""));
                }
            }
        } catch (SaslException e) {
            LOG.warn("Client failed to SASL authenticate: " + e, e);
            if ((System.getProperty("zookeeper.allowSaslFailedClients") != null) && (System.getProperty("zookeeper.allowSaslFailedClients").equals("true"))) {
                LOG.warn("Maintaining client connection despite SASL authentication failure.");
            } else {
                LOG.warn("Closing client connection due to SASL authentication failure.");
                cnxn.close();
            }
        }
    } catch (NullPointerException e) {
        LOG.error("cnxn.saslServer is null: cnxn object did not initialize its saslServer properly.");
    }
    if (responseToken != null) {
        LOG.debug("Size of server SASL response: " + responseToken.length);
    }
    // wrap SASL response token to client inside a Response object.
    return new SetSASLResponse(responseToken);
}
Also used : SetSASLResponse(org.apache.zookeeper.proto.SetSASLResponse) Id(org.apache.zookeeper.data.Id) SaslException(javax.security.sasl.SaslException) GetSASLRequest(org.apache.zookeeper.proto.GetSASLRequest)

Aggregations

SaslException (javax.security.sasl.SaslException)6 GetSASLRequest (org.apache.zookeeper.proto.GetSASLRequest)6 SetSASLResponse (org.apache.zookeeper.proto.SetSASLResponse)6 IOException (java.io.IOException)4 Id (org.apache.zookeeper.data.Id)2 Record (org.apache.jute.Record)1 ReplyHeader (org.apache.zookeeper.proto.ReplyHeader)1