@Override public synchronized void dropUser(String user) throws AccumuloSecurityException { final String encodedUser = Base64.getEncoder().encodeToString(user.getBytes(UTF_8)); try { zkAuthenticator.dropUser(encodedUser); } catch (AccumuloSecurityException e) { throw new AccumuloSecurityException(user, e.asThriftException().getCode(), e.getCause()); } }
public void changeAuthorizations(TCredentials credentials, String user, Authorizations authorizations) throws ThriftSecurityException { if (!canChangeAuthorizations(credentials, user)) throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); targetUserExists(user); try { authorizor.changeAuthorizations(user, authorizations); log.info("Changed authorizations for user {} at the request of user {}", user, credentials.getPrincipal()); } catch (AccumuloSecurityException ase) { throw ase.asThriftException(); } }
public void revokeSystemPermission(TCredentials credentials, String user, SystemPermission permission) throws ThriftSecurityException { if (!canRevokeSystem(credentials, user, permission)) throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); targetUserExists(user); try { permHandle.revokeSystemPermission(user, permission); log.info("Revoked system permission {} for user {} at the request of user {}", permission, user, credentials.getPrincipal()); } catch (AccumuloSecurityException e) { throw e.asThriftException(); } }
public void grantSystemPermission(TCredentials credentials, String user, SystemPermission permissionById) throws ThriftSecurityException { if (!canGrantSystem(credentials, user, permissionById)) throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); targetUserExists(user); try { permHandle.grantSystemPermission(user, permissionById); log.info("Granted system permission {} for user {} at the request of user {}", permissionById, user, credentials.getPrincipal()); } catch (AccumuloSecurityException e) { throw e.asThriftException(); } }
throw new AccumuloSecurityException(base.getUser(), base.asThriftException().getCode(), base.getTableInfo(), excep); } else if (excep instanceof AccumuloServerException) {
public void dropUser(TCredentials credentials, String user) throws ThriftSecurityException { if (!canDropUser(credentials, user)) throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); try { authorizor.dropUser(user); authenticator.dropUser(user); permHandle.cleanUser(user); log.info("Deleted user {} at the request of user {}", user, credentials.getPrincipal()); } catch (AccumuloSecurityException e) { throw e.asThriftException(); } }
protected void _createUser(TCredentials credentials, Credentials newUser) throws ThriftSecurityException { try { AuthenticationToken token = newUser.getToken(); authenticator.createUser(newUser.getPrincipal(), token); authorizor.initUser(newUser.getPrincipal()); permHandle.initUser(newUser.getPrincipal()); log.info("Created user {} at the request of user {}", newUser.getPrincipal(), credentials.getPrincipal()); } catch (AccumuloSecurityException ase) { throw ase.asThriftException(); } }
public void changePassword(TCredentials credentials, Credentials toChange) throws ThriftSecurityException { if (!canChangePassword(credentials, toChange.getPrincipal())) throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); try { AuthenticationToken token = toChange.getToken(); authenticator.changePassword(toChange.getPrincipal(), token); log.info("Changed password for user {} at the request of user {}", toChange.getPrincipal(), credentials.getPrincipal()); } catch (AccumuloSecurityException e) { throw e.asThriftException(); } }
@Override public List<String> bulkImportFiles(TInfo tinfo, final TCredentials credentials, final long tid, final String tableId, final List<String> files, final String errorDir, final boolean setTime) throws ThriftSecurityException, ThriftTableOperationException, TException { try { if (!security.canPerformSystemActions(credentials)) throw new AccumuloSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); bulkImportStatus.updateBulkImportStatus(files, BulkImportState.INITIAL); log.debug("Got request to bulk import files to table({}): {}", tableId, files); bulkImportStatus.updateBulkImportStatus(files, BulkImportState.PROCESSING); try { return BulkImporter.bulkLoad(context, tid, tableId, files, setTime); } finally { bulkImportStatus.removeBulkImportStatus(files); } } catch (AccumuloSecurityException e) { throw e.asThriftException(); } catch (Exception ex) { throw new TException(ex); } }
public void grantTablePermission(TCredentials c, String user, Table.ID tableId, TablePermission permission, Namespace.ID namespaceId) throws ThriftSecurityException { if (!canGrantTable(c, user, tableId, namespaceId)) throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); targetUserExists(user); try { permHandle.grantTablePermission(user, tableId.canonicalID(), permission); log.info("Granted table permission {} for user {} on the table {} at the request of user {}", permission, user, tableId, c.getPrincipal()); } catch (AccumuloSecurityException e) { throw e.asThriftException(); } catch (TableNotFoundException e) { throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.TABLE_DOESNT_EXIST); } }
public void grantNamespacePermission(TCredentials c, String user, Namespace.ID namespace, NamespacePermission permission) throws ThriftSecurityException { if (!canGrantNamespace(c, namespace)) throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); targetUserExists(user); try { permHandle.grantNamespacePermission(user, namespace.canonicalID(), permission); log.info("Granted namespace permission {} for user {} on the namespace {}" + " at the request of user {}", permission, user, namespace, c.getPrincipal()); } catch (AccumuloSecurityException e) { throw e.asThriftException(); } catch (NamespaceNotFoundException e) { throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.NAMESPACE_DOESNT_EXIST); } }
public void revokeTablePermission(TCredentials c, String user, Table.ID tableId, TablePermission permission, Namespace.ID namespaceId) throws ThriftSecurityException { if (!canRevokeTable(c, user, tableId, namespaceId)) throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); targetUserExists(user); try { permHandle.revokeTablePermission(user, tableId.canonicalID(), permission); log.info("Revoked table permission {} for user {} on the table {} at the request of user {}", permission, user, tableId, c.getPrincipal()); } catch (AccumuloSecurityException e) { throw e.asThriftException(); } catch (TableNotFoundException e) { throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.TABLE_DOESNT_EXIST); } }
public void revokeNamespacePermission(TCredentials c, String user, Namespace.ID namespace, NamespacePermission permission) throws ThriftSecurityException { if (!canRevokeNamespace(c, namespace)) throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); targetUserExists(user); try { permHandle.revokeNamespacePermission(user, namespace.canonicalID(), permission); log.info("Revoked namespace permission {} for user {} on the namespace {}" + " at the request of user {}", permission, user, namespace, c.getPrincipal()); } catch (AccumuloSecurityException e) { throw e.asThriftException(); } catch (NamespaceNotFoundException e) { throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.NAMESPACE_DOESNT_EXIST); } }
public void createUser(TCredentials credentials, Credentials newUser, Authorizations authorizations) throws ThriftSecurityException { if (!canCreateUser(credentials, newUser.getPrincipal())) throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); _createUser(credentials, newUser); if (canChangeAuthorizations(credentials, newUser.getPrincipal())) { try { authorizor.changeAuthorizations(newUser.getPrincipal(), authorizations); } catch (AccumuloSecurityException ase) { throw ase.asThriftException(); } } }
public void deleteTable(TCredentials credentials, Table.ID tableId, Namespace.ID namespaceId) throws ThriftSecurityException { if (!canDeleteTable(credentials, tableId, namespaceId)) throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); try { permHandle.cleanTablePermissions(tableId.canonicalID()); } catch (AccumuloSecurityException e) { e.setUser(credentials.getPrincipal()); throw e.asThriftException(); } catch (TableNotFoundException e) { throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.TABLE_DOESNT_EXIST); } }
public void deleteNamespace(TCredentials credentials, Namespace.ID namespace) throws ThriftSecurityException { if (!canDeleteNamespace(credentials, namespace)) throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED); try { permHandle.cleanNamespacePermissions(namespace.canonicalID()); } catch (AccumuloSecurityException e) { e.setUser(credentials.getPrincipal()); throw e.asThriftException(); } catch (NamespaceNotFoundException e) { throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.NAMESPACE_DOESNT_EXIST); } }
@Override public TSummaries startGetSummariesForPartition(TInfo tinfo, TCredentials credentials, TSummaryRequest request, int modulus, int remainder) throws ThriftSecurityException, TException { // do not expect users to call this directly, expect other tservers to call this method if (!security.canPerformSystemActions(credentials)) { throw new AccumuloSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED).asThriftException(); } ServerConfigurationFactory factory = context.getServerConfFactory(); ExecutorService spe = resourceManager.getSummaryRemoteExecutor(); Future<SummaryCollection> future = new Gatherer(context, request, factory.getTableConfiguration(Table.ID.of(request.getTableId())), context.getCryptoService()).processPartition(spe, modulus, remainder); return startSummaryOperation(credentials, future); }
public boolean authenticateUser(TCredentials credentials, TCredentials toAuth) throws ThriftSecurityException { canAskAboutUser(credentials, toAuth.getPrincipal()); // User is already authenticated from canAskAboutUser if (credentials.equals(toAuth)) return true; try { Credentials toCreds = Credentials.fromThrift(toAuth); if (isKerberos) { // If we have kerberos credentials for a user from the network but no account // in the system, we need to make one before proceeding if (!authenticator.userExists(toCreds.getPrincipal())) { createUser(credentials, toCreds, Authorizations.EMPTY); } // Likely that the KerberosAuthenticator will fail as we don't have the credentials for the // other user, // we only have our own Kerberos credentials. } return authenticator.authenticateUser(toCreds.getPrincipal(), toCreds.getToken()); } catch (AccumuloSecurityException e) { throw e.asThriftException(); } }
@Override public TSummaries startGetSummariesFromFiles(TInfo tinfo, TCredentials credentials, TSummaryRequest request, Map<String,List<TRowRange>> files) throws ThriftSecurityException, TException { // do not expect users to call this directly, expect other tservers to call this method if (!security.canPerformSystemActions(credentials)) { throw new AccumuloSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED).asThriftException(); } ExecutorService srp = resourceManager.getSummaryRetrievalExecutor(); TableConfiguration tableCfg = confFactory .getTableConfiguration(Table.ID.of(request.getTableId())); BlockCache summaryCache = resourceManager.getSummaryCache(); BlockCache indexCache = resourceManager.getIndexCache(); Cache<String,Long> fileLenCache = resourceManager.getFileLenCache(); FileSystemResolver volMgr = p -> fs.getVolumeByPath(p).getFileSystem(); Future<SummaryCollection> future = new Gatherer(context, request, tableCfg, context.getCryptoService()).processFiles(volMgr, files, summaryCache, indexCache, fileLenCache, srp); return startSummaryOperation(credentials, future); }
@Override public TSummaries startGetSummaries(TInfo tinfo, TCredentials credentials, TSummaryRequest request) throws ThriftSecurityException, ThriftTableOperationException, TException { Namespace.ID namespaceId; Table.ID tableId = Table.ID.of(request.getTableId()); try { namespaceId = Tables.getNamespaceId(context, tableId); } catch (TableNotFoundException e1) { throw new ThriftTableOperationException(tableId.canonicalID(), null, null, TableOperationExceptionType.NOTFOUND, null); } if (!security.canGetSummaries(credentials, tableId, namespaceId)) { throw new AccumuloSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED).asThriftException(); } ServerConfigurationFactory factory = context.getServerConfFactory(); ExecutorService es = resourceManager.getSummaryPartitionExecutor(); Future<SummaryCollection> future = new Gatherer(context, request, factory.getTableConfiguration(tableId), context.getCryptoService()).gather(es); return startSummaryOperation(credentials, future); }