Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.security;
019
020import org.apache.hadoop.conf.Configuration;
021import org.apache.hadoop.fs.CommonConfigurationKeys;
022import org.apache.hadoop.hbase.HBaseConfiguration;
023import org.apache.yetus.audience.InterfaceAudience;
024import org.slf4j.Logger;
025import org.slf4j.LoggerFactory;
026import org.apache.hbase.thirdparty.com.google.common.base.Strings;
027import org.apache.hadoop.security.UserGroupInformation;
028
029import java.io.IOException;
030import java.net.InetAddress;
031
032@InterfaceAudience.Private
033public class HBaseKerberosUtils {
034  private static final Logger LOG = LoggerFactory.getLogger(HBaseKerberosUtils.class);
035
036  public static final String KRB_PRINCIPAL = "hbase.regionserver.kerberos.principal";
037  public static final String MASTER_KRB_PRINCIPAL = "hbase.master.kerberos.principal";
038  public static final String KRB_KEYTAB_FILE = "hbase.regionserver.keytab.file";
039
040  public static boolean isKerberosPropertySetted() {
041    String krbPrincipal = System.getProperty(KRB_PRINCIPAL);
042    String krbKeytab = System.getProperty(KRB_KEYTAB_FILE);
043    if (Strings.isNullOrEmpty(krbPrincipal) || Strings.isNullOrEmpty(krbKeytab)) {
044      return false;
045    }
046    return true;
047  }
048
049  public static void setPrincipalForTesting(String principal) {
050    setSystemProperty(KRB_PRINCIPAL, principal);
051  }
052
053  public static void setKeytabFileForTesting(String keytabFile) {
054    setSystemProperty(KRB_KEYTAB_FILE, keytabFile);
055  }
056
057  public static void setSystemProperty(String propertyName, String propertyValue) {
058    System.setProperty(propertyName, propertyValue);
059  }
060
061  public static String getKeytabFileForTesting() {
062    return System.getProperty(KRB_KEYTAB_FILE);
063  }
064
065  public static String getPrincipalForTesting() {
066    return System.getProperty(KRB_PRINCIPAL);
067  }
068
069  public static Configuration getConfigurationWoPrincipal() {
070    Configuration conf = HBaseConfiguration.create();
071    conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
072    conf.set(User.HBASE_SECURITY_CONF_KEY, "kerberos");
073    conf.setBoolean(User.HBASE_SECURITY_AUTHORIZATION_CONF_KEY, true);
074    return conf;
075  }
076
077  public static Configuration getSecuredConfiguration() {
078    Configuration conf = HBaseConfiguration.create();
079    setSecuredConfiguration(conf);
080    return conf;
081  }
082
083  public static void setSecuredConfiguration(Configuration conf) {
084    conf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
085    conf.set(User.HBASE_SECURITY_CONF_KEY, "kerberos");
086    conf.setBoolean(User.HBASE_SECURITY_AUTHORIZATION_CONF_KEY, true);
087    conf.set(KRB_KEYTAB_FILE, System.getProperty(KRB_KEYTAB_FILE));
088    conf.set(KRB_PRINCIPAL, System.getProperty(KRB_PRINCIPAL));
089    conf.set(MASTER_KRB_PRINCIPAL, System.getProperty(KRB_PRINCIPAL));
090  }
091
092  public static UserGroupInformation loginAndReturnUGI(Configuration conf, String username)
093      throws IOException {
094    String hostname = InetAddress.getLocalHost().getHostName();
095    String keyTabFileConfKey = "hbase." + username + ".keytab.file";
096    String keyTabFileLocation = conf.get(keyTabFileConfKey);
097    String principalConfKey = "hbase." + username + ".kerberos.principal";
098    String principal = org.apache.hadoop.security.SecurityUtil
099        .getServerPrincipal(conf.get(principalConfKey), hostname);
100    if (keyTabFileLocation == null || principal == null) {
101      LOG.warn("Principal or key tab file null for : " + principalConfKey + ", "
102          + keyTabFileConfKey);
103    }
104    UserGroupInformation ugi =
105        UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal, keyTabFileLocation);
106    return ugi;
107  }
108}