org.apache.hadoop.security.KerberosInfo Java Examples

The following examples show how to use org.apache.hadoop.security.KerberosInfo. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AdminSecurityInfo.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  if (!protocol.equals(ResourceManagerAdministrationProtocolPB.class)) {
    return null;
  }
  return new KerberosInfo() {

    @Override
    public Class<? extends Annotation> annotationType() {
      return null;
    }

    @Override
    public String serverPrincipal() {
      return YarnConfiguration.RM_PRINCIPAL;
    }

    @Override
    public String clientPrincipal() {
      return null;
    }
  };
}
 
Example #2
Source File: TestSaslRPC.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return new KerberosInfo() {
    @Override
    public Class<? extends Annotation> annotationType() {
      return null;
    }
    @Override
    public String serverPrincipal() {
      return SERVER_PRINCIPAL_KEY;
    }
    @Override
    public String clientPrincipal() {
      return null;
    }
  };
}
 
Example #3
Source File: ClientHSSecurityInfo.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  if (!protocol
      .equals(HSClientProtocolPB.class)) {
    return null;
  }
  return new KerberosInfo() {

    @Override
    public Class<? extends Annotation> annotationType() {
      return null;
    }

    @Override
    public String serverPrincipal() {
      return JHAdminConfig.MR_HISTORY_PRINCIPAL;
    }

    @Override
    public String clientPrincipal() {
      return null;
    }
  };
}
 
Example #4
Source File: ClientRMSecurityInfo.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  if (!protocol
      .equals(ApplicationClientProtocolPB.class)) {
    return null;
  }
  return new KerberosInfo() {

    @Override
    public Class<? extends Annotation> annotationType() {
      return null;
    }

    @Override
    public String serverPrincipal() {
      return YarnConfiguration.RM_PRINCIPAL;
    }

    @Override
    public String clientPrincipal() {
      return null;
    }
  };
}
 
Example #5
Source File: ClientTimelineSecurityInfo.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  if (!protocol
      .equals(ApplicationHistoryProtocolPB.class)) {
    return null;
  }
  return new KerberosInfo() {

    @Override
    public Class<? extends Annotation> annotationType() {
      return null;
    }

    @Override
    public String serverPrincipal() {
      return YarnConfiguration.TIMELINE_SERVICE_PRINCIPAL;
    }

    @Override
    public String clientPrincipal() {
      return null;
    }
  };
}
 
Example #6
Source File: RMNMSecurityInfoClass.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  if (!protocol.equals(ResourceTrackerPB.class)) {
    return null;
  }
  return new KerberosInfo() {

    @Override
    public Class<? extends Annotation> annotationType() {
      return null;
    }

    @Override
    public String serverPrincipal() {
      return YarnConfiguration.RM_PRINCIPAL;
    }

    @Override
    public String clientPrincipal() {
      return YarnConfiguration.NM_PRINCIPAL;
    }
  };
}
 
Example #7
Source File: RMNMSecurityInfoClass.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  if (!protocol.equals(ResourceTrackerPB.class)) {
    return null;
  }
  return new KerberosInfo() {

    @Override
    public Class<? extends Annotation> annotationType() {
      return null;
    }

    @Override
    public String serverPrincipal() {
      return YarnConfiguration.RM_PRINCIPAL;
    }

    @Override
    public String clientPrincipal() {
      return YarnConfiguration.NM_PRINCIPAL;
    }
  };
}
 
Example #8
Source File: ClientTimelineSecurityInfo.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  if (!protocol
      .equals(ApplicationHistoryProtocolPB.class)) {
    return null;
  }
  return new KerberosInfo() {

    @Override
    public Class<? extends Annotation> annotationType() {
      return null;
    }

    @Override
    public String serverPrincipal() {
      return YarnConfiguration.TIMELINE_SERVICE_PRINCIPAL;
    }

    @Override
    public String clientPrincipal() {
      return null;
    }
  };
}
 
Example #9
Source File: ClientRMSecurityInfo.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  if (!protocol
      .equals(ApplicationClientProtocolPB.class)) {
    return null;
  }
  return new KerberosInfo() {

    @Override
    public Class<? extends Annotation> annotationType() {
      return null;
    }

    @Override
    public String serverPrincipal() {
      return YarnConfiguration.RM_PRINCIPAL;
    }

    @Override
    public String clientPrincipal() {
      return null;
    }
  };
}
 
Example #10
Source File: ClientHSSecurityInfo.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  if (!protocol
      .equals(HSClientProtocolPB.class)) {
    return null;
  }
  return new KerberosInfo() {

    @Override
    public Class<? extends Annotation> annotationType() {
      return null;
    }

    @Override
    public String serverPrincipal() {
      return JHAdminConfig.MR_HISTORY_PRINCIPAL;
    }

    @Override
    public String clientPrincipal() {
      return null;
    }
  };
}
 
Example #11
Source File: AdminSecurityInfo.java    From big-c with Apache License 2.0 6 votes vote down vote up
@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  if (!protocol.equals(ResourceManagerAdministrationProtocolPB.class)) {
    return null;
  }
  return new KerberosInfo() {

    @Override
    public Class<? extends Annotation> annotationType() {
      return null;
    }

    @Override
    public String serverPrincipal() {
      return YarnConfiguration.RM_PRINCIPAL;
    }

    @Override
    public String clientPrincipal() {
      return null;
    }
  };
}
 
Example #12
Source File: TestSaslRPC.java    From hadoop with Apache License 2.0 6 votes vote down vote up
@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return new KerberosInfo() {
    @Override
    public Class<? extends Annotation> annotationType() {
      return null;
    }
    @Override
    public String serverPrincipal() {
      return SERVER_PRINCIPAL_KEY;
    }
    @Override
    public String clientPrincipal() {
      return null;
    }
  };
}
 
Example #13
Source File: HdfsPlugin.java    From crate with Apache License 2.0 5 votes vote down vote up
private static Void eagerInit() {
    /*
     * Hadoop RPC wire serialization uses ProtocolBuffers. All proto classes for Hadoop
     * come annotated with configurations that denote information about if they support
     * certain security options like Kerberos, and how to send information with the
     * message to support that authentication method. SecurityUtil creates a service loader
     * in a static field during its clinit. This loader provides the implementations that
     * pull the security information for each proto class. The service loader sources its
     * services from the current thread's context class loader, which must contain the Hadoop
     * jars. Since plugins don't execute with their class loaders installed as the thread's
     * context class loader, we need to install the loader briefly, allow the util to be
     * initialized, then restore the old loader since we don't actually own this thread.
     */
    ClassLoader oldCCL = Thread.currentThread().getContextClassLoader();
    try {
        Thread.currentThread().setContextClassLoader(HdfsRepository.class.getClassLoader());
        KerberosInfo info = SecurityUtil.getKerberosInfo(ClientNamenodeProtocolPB.class, null);
        // Make sure that the correct class loader was installed.
        if (info == null) {
            throw new RuntimeException("Could not initialize SecurityUtil: " +
                "Unable to find services for [org.apache.hadoop.security.SecurityInfo]");
        }
    } finally {
        Thread.currentThread().setContextClassLoader(oldCCL);
    }
    return null;
}
 
Example #14
Source File: MRClientSecurityInfo.java    From big-c with Apache License 2.0 4 votes vote down vote up
@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return null;
}
 
Example #15
Source File: StreamingContainerSecurityInfo.java    From Bats with Apache License 2.0 4 votes vote down vote up
@Override
public KerberosInfo getKerberosInfo(Class<?> type, Configuration c)
{
  return null;
}
 
Example #16
Source File: DAGClientSecurityInfo.java    From tez with Apache License 2.0 4 votes vote down vote up
@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return null;
}
 
Example #17
Source File: DAGClientSecurityInfo.java    From incubator-tez with Apache License 2.0 4 votes vote down vote up
@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return null;
}
 
Example #18
Source File: StreamingContainerSecurityInfo.java    From attic-apex-core with Apache License 2.0 4 votes vote down vote up
@Override
public KerberosInfo getKerberosInfo(Class<?> type, Configuration c)
{
  return null;
}
 
Example #19
Source File: ContainerManagerSecurityInfo.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return null;
}
 
Example #20
Source File: Client.java    From big-c with Apache License 2.0 4 votes vote down vote up
private synchronized void setupConnection() throws IOException {
  short ioFailures = 0;
  short timeoutFailures = 0;
  while (true) {
    try {
      this.socket = socketFactory.createSocket();
      this.socket.setTcpNoDelay(tcpNoDelay);
      this.socket.setKeepAlive(true);
      
      /*
       * Bind the socket to the host specified in the principal name of the
       * client, to ensure Server matching address of the client connection
       * to host name in principal passed.
       */
      UserGroupInformation ticket = remoteId.getTicket();
      if (ticket != null && ticket.hasKerberosCredentials()) {
        KerberosInfo krbInfo = 
          remoteId.getProtocol().getAnnotation(KerberosInfo.class);
        if (krbInfo != null && krbInfo.clientPrincipal() != null) {
          String host = 
            SecurityUtil.getHostFromPrincipal(remoteId.getTicket().getUserName());
          
          // If host name is a valid local address then bind socket to it
          InetAddress localAddr = NetUtils.getLocalInetAddress(host);
          if (localAddr != null) {
            this.socket.bind(new InetSocketAddress(localAddr, 0));
          }
        }
      }
      
      NetUtils.connect(this.socket, server, connectionTimeout);
      if (rpcTimeout > 0) {
        pingInterval = rpcTimeout;  // rpcTimeout overwrites pingInterval
      }
      this.socket.setSoTimeout(pingInterval);
      return;
    } catch (ConnectTimeoutException toe) {
      /* Check for an address change and update the local reference.
       * Reset the failure counter if the address was changed
       */
      if (updateAddress()) {
        timeoutFailures = ioFailures = 0;
      }
      handleConnectionTimeout(timeoutFailures++,
          maxRetriesOnSocketTimeouts, toe);
    } catch (IOException ie) {
      if (updateAddress()) {
        timeoutFailures = ioFailures = 0;
      }
      handleConnectionFailure(ioFailures++, ie);
    }
  }
}
 
Example #21
Source File: ServiceAuthorizationManager.java    From big-c with Apache License 2.0 4 votes vote down vote up
/**
 * Authorize the user to access the protocol being used.
 * 
 * @param user user accessing the service 
 * @param protocol service being accessed
 * @param conf configuration to use
 * @param addr InetAddress of the client
 * @throws AuthorizationException on authorization failure
 */
public void authorize(UserGroupInformation user, 
                             Class<?> protocol,
                             Configuration conf,
                             InetAddress addr
                             ) throws AuthorizationException {
  AccessControlList[] acls = protocolToAcls.get(protocol);
  MachineList[] hosts = protocolToMachineLists.get(protocol);
  if (acls == null || hosts == null) {
    throw new AuthorizationException("Protocol " + protocol + 
                                     " is not known.");
  }
  
  // get client principal key to verify (if available)
  KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol, conf);
  String clientPrincipal = null; 
  if (krbInfo != null) {
    String clientKey = krbInfo.clientPrincipal();
    if (clientKey != null && !clientKey.isEmpty()) {
      try {
        clientPrincipal = SecurityUtil.getServerPrincipal(
            conf.get(clientKey), addr);
      } catch (IOException e) {
        throw (AuthorizationException) new AuthorizationException(
            "Can't figure out Kerberos principal name for connection from "
                + addr + " for user=" + user + " protocol=" + protocol)
            .initCause(e);
      }
    }
  }
  if((clientPrincipal != null && !clientPrincipal.equals(user.getUserName())) || 
     acls.length != 2  || !acls[0].isUserAllowed(user) || acls[1].isUserAllowed(user)) {
    AUDITLOG.warn(AUTHZ_FAILED_FOR + user + " for protocol=" + protocol
        + ", expected client Kerberos principal is " + clientPrincipal);
    throw new AuthorizationException("User " + user + 
        " is not authorized for protocol " + protocol + 
        ", expected client Kerberos principal is " + clientPrincipal);
  }
  if (addr != null) {
    String hostAddress = addr.getHostAddress();
    if (hosts.length != 2 || !hosts[0].includes(hostAddress) ||
        hosts[1].includes(hostAddress)) {
      AUDITLOG.warn(AUTHZ_FAILED_FOR + " for protocol=" + protocol
          + " from host = " +  hostAddress);
      throw new AuthorizationException("Host " + hostAddress +
          " is not authorized for protocol " + protocol) ;
    }
  }
  AUDITLOG.info(AUTHZ_SUCCESSFUL_FOR + user + " for protocol="+protocol);
}
 
Example #22
Source File: SchedulerSecurityInfo.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return null;
}
 
Example #23
Source File: Client.java    From hadoop with Apache License 2.0 4 votes vote down vote up
private synchronized void setupConnection() throws IOException {
  short ioFailures = 0;
  short timeoutFailures = 0;
  while (true) {
    try {
      this.socket = socketFactory.createSocket();
      this.socket.setTcpNoDelay(tcpNoDelay);
      this.socket.setKeepAlive(true);
      
      /*
       * Bind the socket to the host specified in the principal name of the
       * client, to ensure Server matching address of the client connection
       * to host name in principal passed.
       */
      UserGroupInformation ticket = remoteId.getTicket();
      if (ticket != null && ticket.hasKerberosCredentials()) {
        KerberosInfo krbInfo = 
          remoteId.getProtocol().getAnnotation(KerberosInfo.class);
        if (krbInfo != null && krbInfo.clientPrincipal() != null) {
          String host = 
            SecurityUtil.getHostFromPrincipal(remoteId.getTicket().getUserName());
          
          // If host name is a valid local address then bind socket to it
          InetAddress localAddr = NetUtils.getLocalInetAddress(host);
          if (localAddr != null) {
            this.socket.bind(new InetSocketAddress(localAddr, 0));
          }
        }
      }
      
      NetUtils.connect(this.socket, server, connectionTimeout);
      if (rpcTimeout > 0) {
        pingInterval = rpcTimeout;  // rpcTimeout overwrites pingInterval
      }
      this.socket.setSoTimeout(pingInterval);
      return;
    } catch (ConnectTimeoutException toe) {
      /* Check for an address change and update the local reference.
       * Reset the failure counter if the address was changed
       */
      if (updateAddress()) {
        timeoutFailures = ioFailures = 0;
      }
      handleConnectionTimeout(timeoutFailures++,
          maxRetriesOnSocketTimeouts, toe);
    } catch (IOException ie) {
      if (updateAddress()) {
        timeoutFailures = ioFailures = 0;
      }
      handleConnectionFailure(ioFailures++, ie);
    }
  }
}
 
Example #24
Source File: TestClientToAMTokens.java    From big-c with Apache License 2.0 4 votes vote down vote up
@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return null;
}
 
Example #25
Source File: LocalizerSecurityInfo.java    From big-c with Apache License 2.0 4 votes vote down vote up
@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return null;
}
 
Example #26
Source File: LocalizerSecurityInfo.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return null;
}
 
Example #27
Source File: TestClientToAMTokens.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return null;
}
 
Example #28
Source File: MRClientSecurityInfo.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return null;
}
 
Example #29
Source File: SchedulerSecurityInfo.java    From big-c with Apache License 2.0 4 votes vote down vote up
@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return null;
}
 
Example #30
Source File: ContainerManagerSecurityInfo.java    From big-c with Apache License 2.0 4 votes vote down vote up
@Override
public KerberosInfo getKerberosInfo(Class<?> protocol, Configuration conf) {
  return null;
}