001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018package org.apache.hadoop.hbase.security; 019 020import org.apache.hadoop.conf.Configuration; 021import org.apache.hadoop.fs.CommonConfigurationKeys; 022import org.apache.hadoop.hbase.HBaseConfiguration; 023import org.apache.yetus.audience.InterfaceAudience; 024import org.slf4j.Logger; 025import org.slf4j.LoggerFactory; 026import org.apache.hbase.thirdparty.com.google.common.base.Strings; 027import org.apache.hadoop.security.UserGroupInformation; 028 029import java.io.IOException; 030import java.net.InetAddress; 031 032@InterfaceAudience.Private 033public class HBaseKerberosUtils { 034 private static final Logger LOG = LoggerFactory.getLogger(HBaseKerberosUtils.class); 035 036 public static final String KRB_PRINCIPAL = "hbase.regionserver.kerberos.principal"; 037 public static final String MASTER_KRB_PRINCIPAL = "hbase.master.kerberos.principal"; 038 public static final String KRB_KEYTAB_FILE = "hbase.regionserver.keytab.file"; 039 040 public static boolean isKerberosPropertySetted() { 041 String krbPrincipal = System.getProperty(KRB_PRINCIPAL); 042 String krbKeytab = System.getProperty(KRB_KEYTAB_FILE); 043 if (Strings.isNullOrEmpty(krbPrincipal) || Strings.isNullOrEmpty(krbKeytab)) { 044 return false; 045 } 046 return true; 047 } 048 049 public static void setPrincipalForTesting(String principal) { 050 setSystemProperty(KRB_PRINCIPAL, principal); 051 } 052 053 public static void setKeytabFileForTesting(String keytabFile) { 054 setSystemProperty(KRB_KEYTAB_FILE, keytabFile); 055 } 056 057 public static void setSystemProperty(String propertyName, String propertyValue) { 058 System.setProperty(propertyName, propertyValue); 059 } 060 061 public static String getKeytabFileForTesting() { 062 return System.getProperty(KRB_KEYTAB_FILE); 063 } 064 065 public static String getPrincipalForTesting() { 066 return System.getProperty(KRB_PRINCIPAL); 067 } 068 069 public static Configuration getConfigurationWoPrincipal() { 070 Configuration conf = HBaseConfiguration.create(); 071 conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); 072 conf.set(User.HBASE_SECURITY_CONF_KEY, "kerberos"); 073 conf.setBoolean(User.HBASE_SECURITY_AUTHORIZATION_CONF_KEY, true); 074 return conf; 075 } 076 077 public static Configuration getSecuredConfiguration() { 078 Configuration conf = HBaseConfiguration.create(); 079 setSecuredConfiguration(conf); 080 return conf; 081 } 082 083 public static void setSecuredConfiguration(Configuration conf) { 084 conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos"); 085 conf.set(User.HBASE_SECURITY_CONF_KEY, "kerberos"); 086 conf.setBoolean(User.HBASE_SECURITY_AUTHORIZATION_CONF_KEY, true); 087 conf.set(KRB_KEYTAB_FILE, System.getProperty(KRB_KEYTAB_FILE)); 088 conf.set(KRB_PRINCIPAL, System.getProperty(KRB_PRINCIPAL)); 089 conf.set(MASTER_KRB_PRINCIPAL, System.getProperty(KRB_PRINCIPAL)); 090 } 091 092 public static UserGroupInformation loginAndReturnUGI(Configuration conf, String username) 093 throws IOException { 094 String hostname = InetAddress.getLocalHost().getHostName(); 095 String keyTabFileConfKey = "hbase." + username + ".keytab.file"; 096 String keyTabFileLocation = conf.get(keyTabFileConfKey); 097 String principalConfKey = "hbase." + username + ".kerberos.principal"; 098 String principal = org.apache.hadoop.security.SecurityUtil 099 .getServerPrincipal(conf.get(principalConfKey), hostname); 100 if (keyTabFileLocation == null || principal == null) { 101 LOG.warn("Principal or key tab file null for : " + principalConfKey + ", " 102 + keyTabFileConfKey); 103 } 104 UserGroupInformation ugi = 105 UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal, keyTabFileLocation); 106 return ugi; 107 } 108}