/** Call with a single argument of user:pass to generate authdata. * Authdata output can be used when setting superDigest for example. * @param args single argument of user:pass * @throws NoSuchAlgorithmException */ public static void main(String args[]) throws NoSuchAlgorithmException { for (int i = 0; i < args.length; i++) { System.out.println(args[i] + "->" + generateDigest(args[i])); } } }
/** Call with a single argument of user:pass to generate authdata. * Authdata output can be used when setting superDigest for example. * @param args single argument of user:pass * @throws NoSuchAlgorithmException */ public static void main(String args[]) throws NoSuchAlgorithmException { for (int i = 0; i < args.length; i++) { System.out.println(args[i] + "->" + generateDigest(args[i])); } } }
public KeeperException.Code handleAuthentication(ServerCnxn cnxn, byte[] authData) { String id = new String(authData); try { String digest = generateDigest(id); if (digest.equals(superDigest)) { cnxn.addAuthInfo(new Id("super", "")); } cnxn.addAuthInfo(new Id(getScheme(), digest)); return KeeperException.Code.OK; } catch (NoSuchAlgorithmException e) { LOG.error("Missing algorithm",e); } return KeeperException.Code.AUTHFAILED; }
public KeeperException.Code handleAuthentication(ServerCnxn cnxn, byte[] authData) { String id = new String(authData); try { String digest = generateDigest(id); if (digest.equals(superDigest)) { cnxn.addAuthInfo(new Id("super", "")); } cnxn.addAuthInfo(new Id(getScheme(), digest)); return KeeperException.Code.OK; } catch (NoSuchAlgorithmException e) { LOG.error("Missing algorithm",e); } return KeeperException.Code.AUTHFAILED; }
@BeforeClass public static void setupStatic() throws Exception { oldAuthProvider = System.setProperty("zookeeper.authProvider.1","org.apache.zookeeper.server.auth.SASLAuthenticationProvider"); File tmpDir = createTmpDir(); File saslConfFile = new File(tmpDir, "jaas.conf"); FileWriter fwriter = new FileWriter(saslConfFile); fwriter.write("" + "Server {\n" + " org.apache.zookeeper.server.auth.DigestLoginModule required\n" + " user_super_duper=\"test\";\n" + "};\n" + "Client {\n" + " org.apache.zookeeper.server.auth.DigestLoginModule required\n" + " username=\"super_duper\"\n" + " password=\"test\";\n" + "};" + "\n"); fwriter.close(); oldLoginConfig = System.setProperty("java.security.auth.login.config",saslConfFile.getAbsolutePath()); oldSuperUser = System.setProperty("zookeeper.superUser","super_duper"); otherDigestUser = new Id ("digest", DigestAuthenticationProvider.generateDigest("jack:jack")); }
/** Call with a single argument of user:pass to generate authdata. * Authdata output can be used when setting superDigest for example. * @param args single argument of user:pass * @throws NoSuchAlgorithmException */ public static void main(String args[]) throws NoSuchAlgorithmException { for (int i = 0; i < args.length; i++) { System.out.println(args[i] + "->" + generateDigest(args[i])); } } }
/** * Generate a base-64 encoded digest of the idPasswordPair pair * @param idPasswordPair id:password * @return a string that can be used for authentication */ public String digest(String idPasswordPair) throws IOException { if (StringUtils.isEmpty(idPasswordPair) || !isValid(idPasswordPair)) { throw new IOException("Invalid id:password"); } try { return DigestAuthenticationProvider.generateDigest(idPasswordPair); } catch (NoSuchAlgorithmException e) { // unlikely since it is standard to the JVM, but maybe JCE restrictions // could trigger it throw new IOException(e.toString(), e); } }
/** * Generate a base-64 encoded digest of the idPasswordPair pair * @param idPasswordPair id:password * @return a string that can be used for authentication */ public String digest(String idPasswordPair) throws IOException { if (StringUtils.isEmpty(idPasswordPair) || !isValid(idPasswordPair)) { throw new IOException("Invalid id:password"); } try { return DigestAuthenticationProvider.generateDigest(idPasswordPair); } catch (NoSuchAlgorithmException e) { // unlikely since it is standard to the JVM, but maybe JCE restrictions // could trigger it throw new IOException(e.toString(), e); } }
public void init() throws Exception { LOG.info("ZC: init()"); client = new ZooKeeper(host + ":" + port, sessionTimeout, event -> watchers.forEach(w -> { try { w.process(event); } catch (Throwable t) { LOG.error(t.getMessage(), t); } })); client.addAuthInfo("digest", (uid + ":" + secret).getBytes()); secretDigest = DigestAuthenticationProvider.generateDigest(uid + ":" + secret); acls = Collections.singletonList(new ACL(ZooDefs.Perms.ALL, new Id("digest", secretDigest))); }
public KeeperException.Code handleAuthentication(ServerCnxn cnxn, byte[] authData) { String id = new String(authData); try { String digest = generateDigest(id); if (digest.equals(superDigest)) { cnxn.getAuthInfo().add(new Id("super", "")); } cnxn.getAuthInfo().add(new Id(getScheme(), digest)); return KeeperException.Code.OK; } catch (NoSuchAlgorithmException e) { LOG.error("Missing algorithm",e); } return KeeperException.Code.AUTHFAILED; }
private void createZookeeper(final CountDownLatch connectionLatch) throws Exception { zk = new ZooKeeper(this.properties.getProperty(keys.zkConnectString .toString()), Integer.parseInt(this.properties .getProperty(keys.zkSessionTimeout.toString())), new Watcher() { public void process(WatchedEvent event) { sessionEvent(connectionLatch, event); } }); String authString = this.properties.getProperty(keys.userName.toString()) + ":"+ this.properties.getProperty(keys.password.toString()); this.isCheckParentPath = Boolean.parseBoolean(this.properties.getProperty(keys.isCheckParentPath.toString(),"true")); zk.addAuthInfo("digest", authString.getBytes()); acl.clear(); acl.add(new ACL(ZooDefs.Perms.ALL, new Id("digest", DigestAuthenticationProvider.generateDigest(authString)))); acl.add(new ACL(ZooDefs.Perms.READ, Ids.ANYONE_ID_UNSAFE)); }
private void createZookeeper(final CountDownLatch connectionLatch) throws Exception { zk = new ZooKeeper(this.properties.getProperty(keys.zkConnectString .toString()), Integer.parseInt(this.properties .getProperty(keys.zkSessionTimeout.toString())), new Watcher() { public void process(WatchedEvent event) { sessionEvent(connectionLatch, event); } }); String authString = this.properties.getProperty(keys.userName.toString()) + ":"+ this.properties.getProperty(keys.password.toString()); zk.addAuthInfo("digest", authString.getBytes()); acl.clear(); acl.add(new ACL(ZooDefs.Perms.ALL, new Id("digest", DigestAuthenticationProvider.generateDigest(authString)))); acl.add(new ACL(ZooDefs.Perms.READ, Ids.ANYONE_ID_UNSAFE)); }
@Override protected List<ACL> createGlobalACLsToAdd() { try { List<ACL> result = new ArrayList<ACL>(); // Not to have to provide too much credentials and ACL information to the process it is assumed that you want "ALL"-acls // added to the user you are using to connect to ZK (if you are using VMParamsSingleSetCredentialsDigestZkCredentialsProvider) String digestAllUsername = System.getProperty(zkDigestAllUsernameVMParamName); String digestAllPassword = System.getProperty(zkDigestAllPasswordVMParamName); if (!StringUtils.isEmpty(digestAllUsername) && !StringUtils.isEmpty(digestAllPassword)) { result.add(new ACL(ZooDefs.Perms.ALL, new Id("digest", DigestAuthenticationProvider.generateDigest(digestAllUsername + ":" + digestAllPassword)))); } // Besides that support for adding additional "READONLY"-acls for another user String digestReadonlyUsername = System.getProperty(zkDigestReadonlyUsernameVMParamName); String digestReadonlyPassword = System.getProperty(zkDigestReadonlyPasswordVMParamName); if (!StringUtils.isEmpty(digestReadonlyUsername) && !StringUtils.isEmpty(digestReadonlyPassword)) { result.add(new ACL(ZooDefs.Perms.READ, new Id("digest", DigestAuthenticationProvider.generateDigest(digestReadonlyUsername + ":" + digestReadonlyPassword)))); } if (result.isEmpty()) { result = super.createGlobalACLsToAdd(); } return result; } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } }
/** * Note: only used for tests */ protected List<ACL> createACLsToAdd(boolean includeReadOnly, String digestAllUsername, String digestAllPassword, String digestReadonlyUsername, String digestReadonlyPassword) { try { List<ACL> result = new ArrayList<ACL>(); // Not to have to provide too much credentials and ACL information to the process it is assumed that you want "ALL"-acls // added to the user you are using to connect to ZK (if you are using VMParamsSingleSetCredentialsDigestZkCredentialsProvider) if (!StringUtils.isEmpty(digestAllUsername) && !StringUtils.isEmpty(digestAllPassword)) { result.add(new ACL(ZooDefs.Perms.ALL, new Id("digest", DigestAuthenticationProvider.generateDigest(digestAllUsername + ":" + digestAllPassword)))); } if (includeReadOnly) { // Besides that support for adding additional "READONLY"-acls for another user if (!StringUtils.isEmpty(digestReadonlyUsername) && !StringUtils.isEmpty(digestReadonlyPassword)) { result.add(new ACL(ZooDefs.Perms.READ, new Id("digest", DigestAuthenticationProvider.generateDigest(digestReadonlyUsername + ":" + digestReadonlyPassword)))); } } if (result.isEmpty()) { result = ZooDefs.Ids.OPEN_ACL_UNSAFE; } return result; } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } }
private List<ACL> createAclsForExclusiveReadAccess() throws LlamaException { List<ACL> acls = new ArrayList<ACL>(); for (ACL acl : conf.getZkAcls()) { acls.add(new ACL( ZKUtil.removeSpecificPerms(acl.getPerms(), ZooDefs.Perms.READ), acl.getId())); } Id llamaId; try { llamaId = new Id(authScheme, DigestAuthenticationProvider.generateDigest( fencingUsername + ":" + fencingPassword)); } catch (NoSuchAlgorithmException e) { throw new LlamaException(ErrorCode.INTERNAL_ERROR, "Unable to create username:password digest for ZK"); } acls.add(new ACL(ZooDefs.Perms.READ, llamaId)); return acls; }
/** * Given the {@link Configuration} and {@link ACL}s used (zkAcl) for * ZooKeeper access, construct the {@link ACL}s for the store's root node. * In the constructed {@link ACL}, all the users allowed by zkAcl are given * rwa access, while the current RM has exclude create-delete access. * * To be called only when HA is enabled and the configuration doesn't set ACL * for the root node. */ @VisibleForTesting @Private @Unstable protected List<ACL> constructZkRootNodeACL( Configuration conf, List<ACL> sourceACLs) throws NoSuchAlgorithmException { List<ACL> zkRootNodeAcl = new ArrayList<ACL>(); for (ACL acl : sourceACLs) { zkRootNodeAcl.add(new ACL( ZKUtil.removeSpecificPerms(acl.getPerms(), CREATE_DELETE_PERMS), acl.getId())); } zkRootNodeUsername = HAUtil.getConfValueForRMInstance( YarnConfiguration.RM_ADDRESS, YarnConfiguration.DEFAULT_RM_ADDRESS, conf); Id rmId = new Id(zkRootNodeAuthScheme, DigestAuthenticationProvider.generateDigest( zkRootNodeUsername + ":" + zkRootNodePassword)); zkRootNodeAcl.add(new ACL(CREATE_DELETE_PERMS, rmId)); return zkRootNodeAcl; }
/** * Given the {@link Configuration} and {@link ACL}s used (zkAcl) for * ZooKeeper access, construct the {@link ACL}s for the store's root node. * In the constructed {@link ACL}, all the users allowed by zkAcl are given * rwa access, while the current RM has exclude create-delete access. * * To be called only when HA is enabled and the configuration doesn't set ACL * for the root node. */ @VisibleForTesting @Private @Unstable protected List<ACL> constructZkRootNodeACL( Configuration conf, List<ACL> sourceACLs) throws NoSuchAlgorithmException { List<ACL> zkRootNodeAcl = new ArrayList<ACL>(); for (ACL acl : sourceACLs) { zkRootNodeAcl.add(new ACL( ZKUtil.removeSpecificPerms(acl.getPerms(), CREATE_DELETE_PERMS), acl.getId())); } zkRootNodeUsername = HAUtil.getConfValueForRMInstance( YarnConfiguration.RM_ADDRESS, YarnConfiguration.DEFAULT_RM_ADDRESS, conf); Id rmId = new Id(zkRootNodeAuthScheme, DigestAuthenticationProvider.generateDigest( zkRootNodeUsername + ":" + zkRootNodePassword)); zkRootNodeAcl.add(new ACL(CREATE_DELETE_PERMS, rmId)); return zkRootNodeAcl; }
YarnConfiguration.DEFAULT_RM_ADDRESS, conf); Id rmId = new Id(zkRootNodeAuthScheme, DigestAuthenticationProvider.generateDigest(zkRootNodeUsername + ":" + resourceManager.getZkRootNodePassword())); zkRootNodeAclList.add(new ACL(CREATE_DELETE_PERMS, rmId));
String userPass = "myuser:mypass"; final ACL digestACL = new ACL(ZooDefs.Perms.ALL, new Id("digest", DigestAuthenticationProvider.generateDigest(userPass))); ACLProvider digestAclProvider = new ACLProvider() { @Override
String userPass = "myuser:mypass"; final ACL digestACL = new ACL(ZooDefs.Perms.ALL, new Id("digest", DigestAuthenticationProvider.generateDigest(userPass))); ACLProvider digestAclProvider = new ACLProvider() { @Override