public Map<String, ?> getSaslClientProperties(final DrillbitEndpoint remoteEndpoint, final Map<String, String> overrides) throws IOException { final DrillProperties properties = DrillProperties.createEmpty(); final UserGroupInformation loginUser = UserGroupInformation.getLoginUser(); if (loginUser.getAuthenticationMethod() == UserGroupInformation.AuthenticationMethod.KERBEROS) { final HadoopKerberosName loginPrincipal = new HadoopKerberosName(loginUser.getUserName()); if (!useLoginPrincipal) { properties.setProperty(DrillProperties.SERVICE_PRINCIPAL, KerberosUtil.getPrincipalFromParts(loginPrincipal.getShortName(), remoteEndpoint.getAddress(), loginPrincipal.getRealm())); } else { properties.setProperty(DrillProperties.SERVICE_PRINCIPAL, loginPrincipal.toString()); } } properties.merge(overrides); return properties.stringPropertiesAsMap(); }
/** * get delegation tokens for a specific FS * @param fs * @param credentials * @param p * @param conf * @throws IOException */ private static void obtainTokensForNamenodesInternal(FileSystem fs, Credentials credentials, Configuration conf) throws IOException { HadoopKerberosName jtKrbName = new HadoopKerberosName(conf.get(JobTracker.JT_USER_NAME, "")); String delegTokenRenewer = jtKrbName.getShortName(); mergeBinaryTokens(credentials, conf); final Token<?> tokens[] = fs.addDelegationTokens(delegTokenRenewer, credentials); if (tokens != null) { for (Token<?> token : tokens) { LOG.info("Got dt for " + fs.getUri() + "; "+token); } } }
public AbstractDelegationTokenIdentifier(Text owner, Text renewer, Text realUser) { if (owner == null) { this.owner = new Text(); } else { this.owner = owner; } if (renewer == null) { this.renewer = new Text(); } else { HadoopKerberosName renewerKrbName = new HadoopKerberosName(renewer.toString()); try { this.renewer = new Text(renewerKrbName.getShortName()); } catch (IOException e) { throw new RuntimeException(e); } } if (realUser == null) { this.realUser = new Text(); } else { this.realUser = realUser; } issueDate = 0; maxDate = 0; }
public void setRenewer(Text renewer) { if (renewer == null) { this.renewer = new Text(); } else { HadoopKerberosName renewerKrbName = new HadoopKerberosName(renewer.toString()); try { this.renewer = new Text(renewerKrbName.getShortName()); } catch (IOException e) { throw new RuntimeException(e); } } }
@Test public void testValidKerberosName() throws Throwable { new HadoopKerberosName(ZOOKEEPER).getShortName(); new HadoopKerberosName(ZOOKEEPER_LOCALHOST).getShortName(); new HadoopKerberosName(ZOOKEEPER_REALM).getShortName(); // standard rules don't pick this up // new HadoopKerberosName(ZOOKEEPER_LOCALHOST_REALM).getShortName(); }
@Override public void finalizeSaslSession() throws IOException { final String authorizationID = getSaslServer().getAuthorizationID(); final String remoteShortName = new HadoopKerberosName(authorizationID).getShortName(); final String localShortName = UserGroupInformation.getLoginUser().getShortUserName(); if (!localShortName.equals(remoteShortName)) { throw new SaslException(String.format("'primary' part of remote drillbit's service principal " + "does not match with this drillbit's. Expected: '%s' Actual: '%s'", localShortName, remoteShortName)); } getLogger().debug("Authenticated connection for {}", authorizationID); }
@Override public void finalizeSaslSession() throws IOException { final String authorizationID = getSaslServer().getAuthorizationID(); final String userName = new HadoopKerberosName(authorizationID).getShortName(); logger.debug("Created session for {}", userName); finalizeSession(userName); }
