Example 1 with QuorumAuthPacket
use of org.apache.zookeeper.server.quorum.QuorumAuthPacket in project zookeeper by apache.
the class SaslQuorumAuthLearner method authenticate.
@Override
public void authenticate(Socket sock, String hostName) throws IOException {
if (!quorumRequireSasl) {
// let it through, we don't require auth
LOG.info("Skipping SASL authentication as {}={}", QuorumAuth.QUORUM_LEARNER_SASL_AUTH_REQUIRED, quorumRequireSasl);
return;
}
SaslClient sc = null;
String principalConfig = SecurityUtils.getServerPrincipal(quorumServicePrincipal, hostName);
try {
DataOutputStream dout = new DataOutputStream(sock.getOutputStream());
DataInputStream din = new DataInputStream(sock.getInputStream());
byte[] responseToken = new byte[0];
sc = SecurityUtils.createSaslClient(learnerLogin.getSubject(), principalConfig, QuorumAuth.QUORUM_SERVER_PROTOCOL_NAME, QuorumAuth.QUORUM_SERVER_SASL_DIGEST, LOG, "QuorumLearner");
if (sc.hasInitialResponse()) {
responseToken = createSaslToken(new byte[0], sc, learnerLogin);
}
send(dout, responseToken);
QuorumAuthPacket authPacket = receive(din);
QuorumAuth.Status qpStatus = QuorumAuth.Status.getStatus(authPacket.getStatus());
while (!sc.isComplete()) {
switch(qpStatus) {
case SUCCESS:
responseToken = createSaslToken(authPacket.getToken(), sc, learnerLogin);
// we're done; don't expect to send another BIND
if (responseToken != null) {
throw new SaslException("Protocol error: attempting to send response after completion");
}
break;
case IN_PROGRESS:
responseToken = createSaslToken(authPacket.getToken(), sc, learnerLogin);
send(dout, responseToken);
authPacket = receive(din);
qpStatus = QuorumAuth.Status.getStatus(authPacket.getStatus());
break;
case ERROR:
throw new SaslException("Authentication failed against server addr: " + sock.getRemoteSocketAddress());
default:
LOG.warn("Unknown status:{}!", qpStatus);
throw new SaslException("Authentication failed against server addr: " + sock.getRemoteSocketAddress());
}
}
// Validate status code at the end of authentication exchange.
checkAuthStatus(sock, qpStatus);
} finally {
if (sc != null) {
try {
sc.dispose();
} catch (SaslException e) {
LOG.error("SaslClient dispose() failed", e);
}
}
}
return;
}
Also used :
DataOutputStream(java.io.DataOutputStream)
QuorumAuthPacket(org.apache.zookeeper.server.quorum.QuorumAuthPacket)
DataInputStream(java.io.DataInputStream)
SaslException(javax.security.sasl.SaslException)
SaslClient(javax.security.sasl.SaslClient)
Example 2 with QuorumAuthPacket
use of org.apache.zookeeper.server.quorum.QuorumAuthPacket in project zookeeper by apache.
the class SaslQuorumAuthServer method receive.
private byte[] receive(DataInputStream din) throws IOException {
QuorumAuthPacket authPacket = new QuorumAuthPacket();
BinaryInputArchive bia = BinaryInputArchive.getArchive(din);
authPacket.deserialize(bia, QuorumAuth.QUORUM_AUTH_MESSAGE_TAG);
return authPacket.getToken();
}
Also used :
BinaryInputArchive(org.apache.jute.BinaryInputArchive)
QuorumAuthPacket(org.apache.zookeeper.server.quorum.QuorumAuthPacket)
Example 3 with QuorumAuthPacket
use of org.apache.zookeeper.server.quorum.QuorumAuthPacket in project zookeeper by apache.
the class SaslQuorumAuthLearner method receive.
private QuorumAuthPacket receive(DataInputStream din) throws IOException {
QuorumAuthPacket authPacket = new QuorumAuthPacket();
BinaryInputArchive bia = BinaryInputArchive.getArchive(din);
authPacket.deserialize(bia, QuorumAuth.QUORUM_AUTH_MESSAGE_TAG);
return authPacket;
}
Also used :
BinaryInputArchive(org.apache.jute.BinaryInputArchive)
QuorumAuthPacket(org.apache.zookeeper.server.quorum.QuorumAuthPacket)
Example 4 with QuorumAuthPacket
use of org.apache.zookeeper.server.quorum.QuorumAuthPacket in project zookeeper by apache.
the class SaslQuorumAuthLearner method send.
private void send(DataOutputStream dout, byte[] response) throws IOException {
QuorumAuthPacket authPacket;
BufferedOutputStream bufferedOutput = new BufferedOutputStream(dout);
BinaryOutputArchive boa = BinaryOutputArchive.getArchive(bufferedOutput);
authPacket = QuorumAuth.createPacket(QuorumAuth.Status.IN_PROGRESS, response);
boa.writeRecord(authPacket, QuorumAuth.QUORUM_AUTH_MESSAGE_TAG);
bufferedOutput.flush();
}
Also used :
BinaryOutputArchive(org.apache.jute.BinaryOutputArchive)
QuorumAuthPacket(org.apache.zookeeper.server.quorum.QuorumAuthPacket)
BufferedOutputStream(java.io.BufferedOutputStream)
Example 5 with QuorumAuthPacket
use of org.apache.zookeeper.server.quorum.QuorumAuthPacket in project zookeeper by apache.
the class SaslQuorumAuthServer method send.
private void send(DataOutputStream dout, byte[] challenge, QuorumAuth.Status s) throws IOException {
BufferedOutputStream bufferedOutput = new BufferedOutputStream(dout);
BinaryOutputArchive boa = BinaryOutputArchive.getArchive(bufferedOutput);
QuorumAuthPacket authPacket;
if (challenge == null && s != QuorumAuth.Status.SUCCESS) {
authPacket = QuorumAuth.createPacket(QuorumAuth.Status.IN_PROGRESS, null);
} else {
authPacket = QuorumAuth.createPacket(s, challenge);
}
boa.writeRecord(authPacket, QuorumAuth.QUORUM_AUTH_MESSAGE_TAG);
bufferedOutput.flush();
}
Also used :
BinaryOutputArchive(org.apache.jute.BinaryOutputArchive)
QuorumAuthPacket(org.apache.zookeeper.server.quorum.QuorumAuthPacket)
BufferedOutputStream(java.io.BufferedOutputStream)
Aggregations
QuorumAuthPacket (org.apache.zookeeper.server.quorum.QuorumAuthPacket)5
BufferedOutputStream (java.io.BufferedOutputStream)2
BinaryInputArchive (org.apache.jute.BinaryInputArchive)2
BinaryOutputArchive (org.apache.jute.BinaryOutputArchive)2
DataInputStream (java.io.DataInputStream)1
DataOutputStream (java.io.DataOutputStream)1
SaslClient (javax.security.sasl.SaslClient)1
SaslException (javax.security.sasl.SaslException)1
