1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.drill.exec.rpc;
import com.google.common.collect.ImmutableList;
import com.google.protobuf.Internal.EnumLite;
import com.google.protobuf.MessageLite;
import org.apache.drill.exec.proto.CoordinationProtos.DrillbitEndpoint;
import org.apache.drill.exec.rpc.security.AuthenticatorFactory;
import org.apache.drill.exec.rpc.security.SaslProperties;
import org.apache.hadoop.security.UserGroupInformation;
import java.io.IOException;
import java.util.List;
import java.util.Map;
/**
* Utility class providing common methods shared between {@link org.apache.drill.exec.rpc.data.DataClient} and
* {@link org.apache.drill.exec.rpc.control.ControlClient}
*/
public final class BitRpcUtility {
private static final org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(BitRpcUtility.class);
/**
* Method to do validation on the handshake message received from server side. Only used by BitClients NOT UserClient.
* Verify if rpc version of handshake message matches the supported RpcVersion and also validates the
* security configuration between client and server
* @param handshakeRpcVersion - rpc version received in handshake message
* @param remoteAuthMechs - authentication mechanisms supported by server
* @param rpcVersion - supported rpc version on client
* @param connection - client connection
* @param config - client connectin config
* @param client - data client or control client
* @return - Immutable list of authentication mechanisms supported by server or null
* @throws RpcException - exception is thrown if rpc version or authentication configuration mismatch is found
*/
public static List<String> validateHandshake(int handshakeRpcVersion, List<String> remoteAuthMechs, int rpcVersion,
ClientConnection connection, BitConnectionConfig config,
BasicClient client) throws RpcException {
if (handshakeRpcVersion != rpcVersion) {
throw new RpcException(String.format("Invalid rpc version. Expected %d, actual %d.",
handshakeRpcVersion, rpcVersion));
}
if (remoteAuthMechs.size() != 0) { // remote requires authentication
client.setAuthComplete(false);
return ImmutableList.copyOf(remoteAuthMechs);
} else {
if (config.getAuthMechanismToUse() != null) { // local requires authentication
throw new RpcException(String.format("Remote Drillbit does not require auth, but auth is enabled in " +
"local Drillbit configuration. [Details: connection: (%s) and LocalAuthMechanism: (%s). Please check " +
"security configuration for bit-to-bit.", connection.getName(), config.getAuthMechanismToUse()));
}
}
return null;
}
/**
* Creates various instances needed to start the SASL handshake. This is called from
* {@link BasicClient#prepareSaslHandshake(RpcConnectionHandler, List)} only for
* {@link org.apache.drill.exec.rpc.data.DataClient} and {@link org.apache.drill.exec.rpc.control.ControlClient}
*
* @param connectionHandler - Connection handler used by client's to know about success/failure conditions.
* @param serverAuthMechanisms - List of auth mechanisms configured on server side
* @param connection - ClientConnection used for authentication
* @param config - ClientConnection config
* @param endpoint - Remote DrillbitEndpoint
* @param client - Either of DataClient/ControlClient instance
* @param saslRpcType - SASL_MESSAGE RpcType for Data and Control channel
*/
public static <T extends EnumLite, CC extends ClientConnection, HS extends MessageLite, HR extends MessageLite>
void prepareSaslHandshake(final RpcConnectionHandler<CC> connectionHandler, List<String> serverAuthMechanisms,
CC connection, BitConnectionConfig config, DrillbitEndpoint endpoint,
final BasicClient<T, CC, HS, HR> client, T saslRpcType) {
try {
final Map<String, String> saslProperties = SaslProperties.getSaslProperties(connection.isEncryptionEnabled(),
connection.getMaxWrappedSize());
final UserGroupInformation ugi = UserGroupInformation.getLoginUser();
final AuthenticatorFactory factory = config.getAuthFactory(serverAuthMechanisms);
client.startSaslHandshake(connectionHandler, config.getSaslClientProperties(endpoint, saslProperties),
ugi, factory, saslRpcType);
} catch (final IOException e) {
logger.error("Failed while doing setup for starting sasl handshake for connection", connection.getName());
final Exception ex = new RpcException(String.format("Failed to initiate authentication to %s",
endpoint.getAddress()), e);
connectionHandler.connectionFailed(RpcConnectionHandler.FailureType.AUTHENTICATION, ex);
}
}
// Suppress default constructor
private BitRpcUtility() {
}
}
|
