1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.hadoop.hbase;
20
21 import java.io.IOException;
22 import java.net.UnknownHostException;
23
24 import org.apache.commons.logging.Log;
25 import org.apache.commons.logging.LogFactory;
26 import org.apache.hadoop.conf.Configuration;
27 import org.apache.hadoop.hbase.classification.InterfaceAudience;
28 import org.apache.hadoop.hbase.classification.InterfaceStability;
29 import org.apache.hadoop.hbase.security.UserProvider;
30 import org.apache.hadoop.hbase.util.DNS;
31 import org.apache.hadoop.hbase.util.Strings;
32 import org.apache.hadoop.security.UserGroupInformation;
33
34
35
36
37 @InterfaceAudience.Private
38 @InterfaceStability.Evolving
39 public class AuthUtil {
40 private static final Log LOG = LogFactory.getLog(AuthUtil.class);
41
42
43 public static final String GROUP_PREFIX = "@";
44
45 private AuthUtil() {
46 super();
47 }
48
49
50
51
52 public static ScheduledChore getAuthChore(Configuration conf) throws IOException {
53 UserProvider userProvider = UserProvider.instantiate(conf);
54
55 boolean securityEnabled =
56 userProvider.isHadoopSecurityEnabled() && userProvider.isHBaseSecurityEnabled();
57 if (!securityEnabled) return null;
58 String host = null;
59 try {
60 host = Strings.domainNamePointerToHostName(DNS.getDefaultHost(
61 conf.get("hbase.client.dns.interface", "default"),
62 conf.get("hbase.client.dns.nameserver", "default")));
63 userProvider.login("hbase.client.keytab.file", "hbase.client.kerberos.principal", host);
64 } catch (UnknownHostException e) {
65 LOG.error("Error resolving host name: " + e.getMessage(), e);
66 throw e;
67 } catch (IOException e) {
68 LOG.error("Error while trying to perform the initial login: " + e.getMessage(), e);
69 throw e;
70 }
71
72 final UserGroupInformation ugi = userProvider.getCurrent().getUGI();
73 Stoppable stoppable = new Stoppable() {
74 private volatile boolean isStopped = false;
75
76 @Override
77 public void stop(String why) {
78 isStopped = true;
79 }
80
81 @Override
82 public boolean isStopped() {
83 return isStopped;
84 }
85 };
86
87
88
89
90 final int CHECK_TGT_INTERVAL = 30 * 1000;
91
92 ScheduledChore refreshCredentials =
93 new ScheduledChore("RefreshCredentials", stoppable, CHECK_TGT_INTERVAL) {
94 @Override
95 protected void chore() {
96 try {
97 ugi.checkTGTAndReloginFromKeytab();
98 } catch (IOException e) {
99 LOG.error("Got exception while trying to refresh credentials: " + e.getMessage(), e);
100 }
101 }
102 };
103
104 return refreshCredentials;
105 }
106
107
108
109
110
111
112 public static boolean isGroupPrincipal(String name) {
113 return name != null && name.startsWith(GROUP_PREFIX);
114 }
115
116
117
118
119
120 public static String getGroupName(String aclKey) {
121 if (!isGroupPrincipal(aclKey)) {
122 return aclKey;
123 }
124
125 return aclKey.substring(GROUP_PREFIX.length());
126 }
127
128
129
130
131 public static String toGroupEntry(String name) {
132 return GROUP_PREFIX + name;
133 }
134 }