@Override public void changeLocalUserPassword(final String principal, final PasswordToken token) throws AccumuloException, AccumuloSecurityException { checkArgument(principal != null, "principal is null"); checkArgument(token != null, "token is null"); final Credentials toChange = new Credentials(principal, token); executeVoid(client -> client.changeLocalUserPassword(Tracer.traceInfo(), context.rpcCreds(), principal, ByteBuffer.wrap(token.getPassword()))); if (context.getCredentials().getPrincipal().equals(principal)) { context.setCredentials(toChange); } }
@Override public boolean authenticateUser(String principal, AuthenticationToken token) throws AccumuloSecurityException { if (!(token instanceof PasswordToken)) throw new AccumuloSecurityException(principal, SecurityErrorCode.INVALID_TOKEN); PasswordToken pt = (PasswordToken) token; byte[] pass; String zpath = ZKUserPath + "/" + principal; pass = zooCache.get(zpath); boolean result = ZKSecurityTool.checkPass(pt.getPassword(), pass); if (!result) { zooCache.clear(zpath); pass = zooCache.get(zpath); result = ZKSecurityTool.checkPass(pt.getPassword(), pass); } return result; }
@Override public void createLocalUser(final String principal, final PasswordToken password) throws AccumuloException, AccumuloSecurityException { checkArgument(principal != null, "principal is null"); if (context.getSaslParams() == null) { checkArgument(password != null, "password is null"); } executeVoid(client -> { if (context.getSaslParams() == null) { client.createLocalUser(Tracer.traceInfo(), context.rpcCreds(), principal, ByteBuffer.wrap(password.getPassword())); } else { client.createLocalUser(Tracer.traceInfo(), context.rpcCreds(), principal, ByteBuffer.wrap(new byte[0])); } }); }
@Override public void createUser(String principal, AuthenticationToken token) throws AccumuloSecurityException { try { if (!(token instanceof PasswordToken)) throw new AccumuloSecurityException(principal, SecurityErrorCode.INVALID_TOKEN); PasswordToken pt = (PasswordToken) token; constructUser(principal, ZKSecurityTool.createPass(pt.getPassword())); } catch (KeeperException e) { if (e.code().equals(KeeperException.Code.NODEEXISTS)) throw new AccumuloSecurityException(principal, SecurityErrorCode.USER_EXISTS, e); throw new AccumuloSecurityException(principal, SecurityErrorCode.CONNECTION_ERROR, e); } catch (InterruptedException e) { log.error("{}", e.getMessage(), e); throw new RuntimeException(e); } catch (AccumuloException e) { log.error("{}", e.getMessage(), e); throw new AccumuloSecurityException(principal, SecurityErrorCode.DEFAULT_SECURITY_ERROR, e); } }
@Override public void changePassword(String principal, AuthenticationToken token) throws AccumuloSecurityException { if (!(token instanceof PasswordToken)) throw new AccumuloSecurityException(principal, SecurityErrorCode.INVALID_TOKEN); PasswordToken pt = (PasswordToken) token; if (userExists(principal)) { try { synchronized (zooCache) { zooCache.clear(ZKUserPath + "/" + principal); context.getZooReaderWriter().putPrivatePersistentData(ZKUserPath + "/" + principal, ZKSecurityTool.createPass(pt.getPassword()), NodeExistsPolicy.OVERWRITE); } } catch (KeeperException e) { log.error("{}", e.getMessage(), e); throw new AccumuloSecurityException(principal, SecurityErrorCode.CONNECTION_ERROR, e); } catch (InterruptedException e) { log.error("{}", e.getMessage(), e); throw new RuntimeException(e); } catch (AccumuloException e) { log.error("{}", e.getMessage(), e); throw new AccumuloSecurityException(principal, SecurityErrorCode.DEFAULT_SECURITY_ERROR, e); } } else // user doesn't exist throw new AccumuloSecurityException(principal, SecurityErrorCode.USER_DOESNT_EXIST); }
public byte[] getPassword() { return password.getPassword(); }
public byte[] getUserPassword(String user) { Object obj = state.get(user + userPass); if (obj instanceof PasswordToken) { return ((PasswordToken) obj).getPassword(); } return null; }
ProxyConnector(ProxyInstance instance, String principal, AuthenticationToken auth) throws AccumuloSecurityException, TException { // TODO probably a better way to do this... if (!(auth instanceof PasswordToken)) { throw new IllegalArgumentException("Currently only works with PasswordTokens."); } this.instance = instance; this.principal = principal; String passwd = new String(((PasswordToken) auth).getPassword(), UTF8); Map<String,String> password = new HashMap<String,String>(); password.put("password", passwd); token = instance.getClient().login(principal, password); }
public void createLocalUser(String principal, PasswordToken password) throws AccumuloException, AccumuloSecurityException { try { client.createLocalUser(token, principal, ByteBuffer.wrap(password.getPassword())); } catch (TException e) { throw ExceptionFactory.accumuloException(e); } }
public void changeLocalUserPassword(String principal, PasswordToken token) throws AccumuloException, AccumuloSecurityException { try { client.changeLocalUserPassword(this.token, principal, ByteBuffer.wrap(token.getPassword())); } catch (TException e) { throw ExceptionFactory.accumuloException(e); } }
protected AccumuloGraphConfiguration setToken(byte[] token){ conf.setProperty(Keys.PASSWORD, new String(deserailize(token).getPassword())); return this; }
public boolean authenticateUser(String principal, AuthenticationToken token) throws AccumuloException, AccumuloSecurityException { if (!(token instanceof PasswordToken)) { throw ExceptionFactory.notYetImplemented(); } PasswordToken passwd = (PasswordToken) token; try { Map<String,String> properties = new HashMap<String,String>(); properties.put("password", new String(passwd.getPassword(), UTF8)); return client.authenticateUser(this.token, principal, properties); } catch (TException e) { throw ExceptionFactory.accumuloException(e); } }
public byte[] getSysPassword() { Object obj = state.get(getSysUserName() + userPass); if (obj instanceof PasswordToken) { return ((PasswordToken) obj).getPassword(); } return null; }
public byte[] getTabPassword() { Object obj = state.get(getTabUserName() + userPass); if (obj instanceof PasswordToken) { return ((PasswordToken) obj).getPassword(); } return null; }
@Override public void execute(ClientService.Client client) throws Exception { client.changeLocalUserPassword(Tracer.traceInfo(), context.rpcCreds(), principal, ByteBuffer.wrap(token.getPassword())); } });
@Override public boolean authenticateUser(String principal, AuthenticationToken token) throws AccumuloSecurityException { if (!(token instanceof PasswordToken)) throw new AccumuloSecurityException(principal, SecurityErrorCode.INVALID_TOKEN); PasswordToken pt = (PasswordToken) token; byte[] pass; String zpath = ZKUserPath + "/" + principal; pass = zooCache.get(zpath); boolean result = ZKSecurityTool.checkPass(pt.getPassword(), pass); if (!result) { zooCache.clear(zpath); pass = zooCache.get(zpath); result = ZKSecurityTool.checkPass(pt.getPassword(), pass); } return result; }
@Override public ClusterUser getAdminUser() { switch (type) { case MINI: if (null == krb) { PasswordToken passwordToken = (PasswordToken) getAdminToken(); return new ClusterUser(getAdminPrincipal(), new String(passwordToken.getPassword(), UTF_8)); } return krb.getRootUser(); case STANDALONE: return new ClusterUser(getAdminPrincipal(), ((StandaloneAccumuloClusterConfiguration) clusterConf).getAdminKeytab()); default: throw new RuntimeException("Unknown cluster type"); } }
@Override public void execute(ClientService.Client client) throws Exception { if (null == context.getSaslParams()) { client.createLocalUser(Tracer.traceInfo(), context.rpcCreds(), principal, ByteBuffer.wrap(password.getPassword())); } else { client.createLocalUser(Tracer.traceInfo(), context.rpcCreds(), principal, ByteBuffer.wrap(new byte[0])); } } });
@Override public void createUser(String principal, AuthenticationToken token) throws AccumuloSecurityException { try { if (!(token instanceof PasswordToken)) throw new AccumuloSecurityException(principal, SecurityErrorCode.INVALID_TOKEN); PasswordToken pt = (PasswordToken) token; constructUser(principal, ZKSecurityTool.createPass(pt.getPassword())); } catch (KeeperException e) { if (e.code().equals(KeeperException.Code.NODEEXISTS)) throw new AccumuloSecurityException(principal, SecurityErrorCode.USER_EXISTS, e); throw new AccumuloSecurityException(principal, SecurityErrorCode.CONNECTION_ERROR, e); } catch (InterruptedException e) { log.error("{}", e.getMessage(), e); throw new RuntimeException(e); } catch (AccumuloException e) { log.error("{}", e.getMessage(), e); throw new AccumuloSecurityException(principal, SecurityErrorCode.DEFAULT_SECURITY_ERROR, e); } }
@Test public void test() throws Exception { Connector c = getConnector(); String tableName = getUniqueNames(1)[0]; c.tableOperations().create(tableName); AuthenticationToken token = getAdminToken(); if (token instanceof KerberosToken) { deleteTest(c, getCluster(), getAdminPrincipal(), null, tableName, getAdminUser().getKeytab().getAbsolutePath()); } else if (token instanceof PasswordToken) { PasswordToken passwdToken = (PasswordToken) token; deleteTest(c, getCluster(), getAdminPrincipal(), new String(passwdToken.getPassword(), UTF_8), tableName, null); } }