Search in sources :

Example 1 with QuorumAuthPacket

use of org.apache.zookeeper.server.quorum.QuorumAuthPacket in project zookeeper by apache.

the class SaslQuorumAuthLearner method authenticate.

@Override
public void authenticate(Socket sock, String hostName) throws IOException {
    if (!quorumRequireSasl) {
        // let it through, we don't require auth
        LOG.info("Skipping SASL authentication as {}={}", QuorumAuth.QUORUM_LEARNER_SASL_AUTH_REQUIRED, quorumRequireSasl);
        return;
    }
    SaslClient sc = null;
    String principalConfig = SecurityUtils.getServerPrincipal(quorumServicePrincipal, hostName);
    try {
        DataOutputStream dout = new DataOutputStream(sock.getOutputStream());
        DataInputStream din = new DataInputStream(sock.getInputStream());
        byte[] responseToken = new byte[0];
        sc = SecurityUtils.createSaslClient(learnerLogin.getSubject(), principalConfig, QuorumAuth.QUORUM_SERVER_PROTOCOL_NAME, QuorumAuth.QUORUM_SERVER_SASL_DIGEST, LOG, "QuorumLearner");
        if (sc.hasInitialResponse()) {
            responseToken = createSaslToken(new byte[0], sc, learnerLogin);
        }
        send(dout, responseToken);
        QuorumAuthPacket authPacket = receive(din);
        QuorumAuth.Status qpStatus = QuorumAuth.Status.getStatus(authPacket.getStatus());
        while (!sc.isComplete()) {
            switch(qpStatus) {
                case SUCCESS:
                    responseToken = createSaslToken(authPacket.getToken(), sc, learnerLogin);
                    // we're done; don't expect to send another BIND
                    if (responseToken != null) {
                        throw new SaslException("Protocol error: attempting to send response after completion");
                    }
                    break;
                case IN_PROGRESS:
                    responseToken = createSaslToken(authPacket.getToken(), sc, learnerLogin);
                    send(dout, responseToken);
                    authPacket = receive(din);
                    qpStatus = QuorumAuth.Status.getStatus(authPacket.getStatus());
                    break;
                case ERROR:
                    throw new SaslException("Authentication failed against server addr: " + sock.getRemoteSocketAddress());
                default:
                    LOG.warn("Unknown status:{}!", qpStatus);
                    throw new SaslException("Authentication failed against server addr: " + sock.getRemoteSocketAddress());
            }
        }
        // Validate status code at the end of authentication exchange.
        checkAuthStatus(sock, qpStatus);
    } finally {
        if (sc != null) {
            try {
                sc.dispose();
            } catch (SaslException e) {
                LOG.error("SaslClient dispose() failed", e);
            }
        }
    }
    return;
}
Also used : DataOutputStream(java.io.DataOutputStream) QuorumAuthPacket(org.apache.zookeeper.server.quorum.QuorumAuthPacket) DataInputStream(java.io.DataInputStream) SaslException(javax.security.sasl.SaslException) SaslClient(javax.security.sasl.SaslClient)

Example 2 with QuorumAuthPacket

use of org.apache.zookeeper.server.quorum.QuorumAuthPacket in project zookeeper by apache.

the class SaslQuorumAuthServer method receive.

private byte[] receive(DataInputStream din) throws IOException {
    QuorumAuthPacket authPacket = new QuorumAuthPacket();
    BinaryInputArchive bia = BinaryInputArchive.getArchive(din);
    authPacket.deserialize(bia, QuorumAuth.QUORUM_AUTH_MESSAGE_TAG);
    return authPacket.getToken();
}
Also used : BinaryInputArchive(org.apache.jute.BinaryInputArchive) QuorumAuthPacket(org.apache.zookeeper.server.quorum.QuorumAuthPacket)

Example 3 with QuorumAuthPacket

use of org.apache.zookeeper.server.quorum.QuorumAuthPacket in project zookeeper by apache.

the class SaslQuorumAuthLearner method receive.

private QuorumAuthPacket receive(DataInputStream din) throws IOException {
    QuorumAuthPacket authPacket = new QuorumAuthPacket();
    BinaryInputArchive bia = BinaryInputArchive.getArchive(din);
    authPacket.deserialize(bia, QuorumAuth.QUORUM_AUTH_MESSAGE_TAG);
    return authPacket;
}
Also used : BinaryInputArchive(org.apache.jute.BinaryInputArchive) QuorumAuthPacket(org.apache.zookeeper.server.quorum.QuorumAuthPacket)

Example 4 with QuorumAuthPacket

use of org.apache.zookeeper.server.quorum.QuorumAuthPacket in project zookeeper by apache.

the class SaslQuorumAuthLearner method send.

private void send(DataOutputStream dout, byte[] response) throws IOException {
    QuorumAuthPacket authPacket;
    BufferedOutputStream bufferedOutput = new BufferedOutputStream(dout);
    BinaryOutputArchive boa = BinaryOutputArchive.getArchive(bufferedOutput);
    authPacket = QuorumAuth.createPacket(QuorumAuth.Status.IN_PROGRESS, response);
    boa.writeRecord(authPacket, QuorumAuth.QUORUM_AUTH_MESSAGE_TAG);
    bufferedOutput.flush();
}
Also used : BinaryOutputArchive(org.apache.jute.BinaryOutputArchive) QuorumAuthPacket(org.apache.zookeeper.server.quorum.QuorumAuthPacket) BufferedOutputStream(java.io.BufferedOutputStream)

Example 5 with QuorumAuthPacket

use of org.apache.zookeeper.server.quorum.QuorumAuthPacket in project zookeeper by apache.

the class SaslQuorumAuthServer method send.

private void send(DataOutputStream dout, byte[] challenge, QuorumAuth.Status s) throws IOException {
    BufferedOutputStream bufferedOutput = new BufferedOutputStream(dout);
    BinaryOutputArchive boa = BinaryOutputArchive.getArchive(bufferedOutput);
    QuorumAuthPacket authPacket;
    if (challenge == null && s != QuorumAuth.Status.SUCCESS) {
        authPacket = QuorumAuth.createPacket(QuorumAuth.Status.IN_PROGRESS, null);
    } else {
        authPacket = QuorumAuth.createPacket(s, challenge);
    }
    boa.writeRecord(authPacket, QuorumAuth.QUORUM_AUTH_MESSAGE_TAG);
    bufferedOutput.flush();
}
Also used : BinaryOutputArchive(org.apache.jute.BinaryOutputArchive) QuorumAuthPacket(org.apache.zookeeper.server.quorum.QuorumAuthPacket) BufferedOutputStream(java.io.BufferedOutputStream)

Aggregations

QuorumAuthPacket (org.apache.zookeeper.server.quorum.QuorumAuthPacket)5 BufferedOutputStream (java.io.BufferedOutputStream)2 BinaryInputArchive (org.apache.jute.BinaryInputArchive)2 BinaryOutputArchive (org.apache.jute.BinaryOutputArchive)2 DataInputStream (java.io.DataInputStream)1 DataOutputStream (java.io.DataOutputStream)1 SaslClient (javax.security.sasl.SaslClient)1 SaslException (javax.security.sasl.SaslException)1