001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018package org.apache.hadoop.hbase.security.provider; 019 020import java.io.IOException; 021import java.net.InetAddress; 022import java.util.Map; 023import javax.security.auth.callback.Callback; 024import javax.security.auth.callback.CallbackHandler; 025import javax.security.auth.callback.NameCallback; 026import javax.security.auth.callback.PasswordCallback; 027import javax.security.auth.callback.UnsupportedCallbackException; 028import javax.security.sasl.RealmCallback; 029import javax.security.sasl.RealmChoiceCallback; 030import javax.security.sasl.Sasl; 031import javax.security.sasl.SaslClient; 032import org.apache.hadoop.conf.Configuration; 033import org.apache.hadoop.hbase.security.SaslUtil; 034import org.apache.hadoop.hbase.security.SecurityInfo; 035import org.apache.hadoop.hbase.security.User; 036import org.apache.hadoop.security.token.Token; 037import org.apache.hadoop.security.token.TokenIdentifier; 038import org.apache.yetus.audience.InterfaceAudience; 039import org.slf4j.Logger; 040import org.slf4j.LoggerFactory; 041 042import org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.UserInformation; 043 044@InterfaceAudience.Private 045public class DigestSaslClientAuthenticationProvider extends DigestSaslAuthenticationProvider 046 implements SaslClientAuthenticationProvider { 047 048 @Override 049 public SaslClient createClient(Configuration conf, InetAddress serverAddr, 050 SecurityInfo securityInfo, Token<? extends TokenIdentifier> token, boolean fallbackAllowed, 051 Map<String, String> saslProps) throws IOException { 052 return Sasl.createSaslClient(new String[] { getSaslAuthMethod().getSaslMechanism() }, null, 053 null, SaslUtil.SASL_DEFAULT_REALM, saslProps, new DigestSaslClientCallbackHandler(token)); 054 } 055 056 public static class DigestSaslClientCallbackHandler implements CallbackHandler { 057 private static final Logger LOG = 058 LoggerFactory.getLogger(DigestSaslClientCallbackHandler.class); 059 private final String userName; 060 private final char[] userPassword; 061 062 public DigestSaslClientCallbackHandler(Token<? extends TokenIdentifier> token) { 063 this.userName = SaslUtil.encodeIdentifier(token.getIdentifier()); 064 this.userPassword = SaslUtil.encodePassword(token.getPassword()); 065 } 066 067 @Override 068 public void handle(Callback[] callbacks) throws UnsupportedCallbackException { 069 NameCallback nc = null; 070 PasswordCallback pc = null; 071 RealmCallback rc = null; 072 for (Callback callback : callbacks) { 073 if (callback instanceof RealmChoiceCallback) { 074 continue; 075 } else if (callback instanceof NameCallback) { 076 nc = (NameCallback) callback; 077 } else if (callback instanceof PasswordCallback) { 078 pc = (PasswordCallback) callback; 079 } else if (callback instanceof RealmCallback) { 080 rc = (RealmCallback) callback; 081 } else { 082 throw new UnsupportedCallbackException(callback, "Unrecognized SASL client callback"); 083 } 084 } 085 if (nc != null) { 086 LOG.debug("SASL client callback: setting username: {}", userName); 087 nc.setName(userName); 088 } 089 if (pc != null) { 090 LOG.debug("SASL client callback: setting userPassword"); 091 pc.setPassword(userPassword); 092 } 093 if (rc != null) { 094 LOG.debug("SASL client callback: setting realm: {}", rc.getDefaultText()); 095 rc.setText(rc.getDefaultText()); 096 } 097 } 098 } 099 100 @Override 101 public UserInformation getUserInfo(User user) { 102 // Don't send user for token auth. Copied from RpcConnection. 103 return null; 104 } 105}