Source code

001/**
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018
019package org.apache.hadoop.security.rpcauth;
020
021import java.io.DataOutput;
022import java.io.IOException;
023import java.util.Map;
024
025import javax.security.sasl.SaslClient;
026import javax.security.sasl.SaslServer;
027
028import org.apache.hadoop.ipc.Server;
029import org.apache.hadoop.ipc.protobuf.IpcConnectionContextProtos.UserInformationProto.Builder;
030import org.apache.hadoop.security.AccessControlException;
031import org.apache.hadoop.security.UserGroupInformation;
032import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
033import org.apache.hadoop.security.token.SecretManager;
034
035public abstract class RpcAuthMethod {
036  private static final String[] LOGIN_MODULES = new String[0];
037
038  @Deprecated
039  protected final byte authcode;
040  protected final String simpleName;
041  protected final String mechanismName;
042  protected final AuthenticationMethod authenticationMethod;
043
044  protected RpcAuthMethod(byte code, String simpleName,
045      String mechanismName, AuthenticationMethod authMethod) {
046    this.authcode = code;
047    this.simpleName = simpleName;
048    this.mechanismName = mechanismName;
049    this.authenticationMethod = authMethod;
050  }
051
052  @Deprecated
053  public byte getAuthCode() {
054    return authcode;
055  }
056
057  /** Return the SASL mechanism name */
058  public String getMechanismName() {
059    return mechanismName;
060  }
061
062  public AuthenticationMethod getAuthenticationMethod() {
063    return authenticationMethod;
064  }
065
066  @Override
067  public final int hashCode() {
068    return getClass().getName().hashCode();
069  }
070
071  @Override
072  public final boolean equals(Object that) {
073    if (this == that) {
074      return true;
075    }
076    if (that instanceof RpcAuthMethod) {
077      RpcAuthMethod other = (RpcAuthMethod)that;
078      getClass().getName().equals(other.getClass().getName());
079    }
080    return false;
081  }
082
083  public String[] loginModules() {
084    return RpcAuthMethod.LOGIN_MODULES;
085  }
086
087  /** Write to out. */
088  public void write(DataOutput out) throws IOException {
089    out.write(authcode);
090  }
091
092  public UserGroupInformation getUser(UserGroupInformation ticket) {
093    return ticket;
094  }
095
096  public void writeUGI(UserGroupInformation ugi, Builder ugiProto) {
097    // default, do-nothing implementation
098  }
099
100  public UserGroupInformation getAuthorizedUgi(String authorizedId,
101      SecretManager secretManager) throws IOException {
102    return UserGroupInformation.createRemoteUser(authorizedId);
103  }
104
105  public boolean shouldReLogin() throws IOException {
106    return false;
107  }
108
109  /** does nothing */
110  public void reLogin() throws IOException {
111  }
112
113  public boolean isProxyAllowed() {
114    return true;
115  }
116
117  @Override
118  public String toString() {
119    return simpleName.toUpperCase();
120  }
121
122  /** {@code false} by default */
123  public boolean isNegotiable() {
124    return false;
125  }
126
127  /** {@code false} by default */
128  public boolean isSasl() {
129    return false;
130  }
131
132  public String getProtocol() throws IOException {
133      throw new AccessControlException("Server does not support SASL " + this.simpleName.toUpperCase());
134  }
135
136  public String getServerId() throws IOException {
137    throw new AccessControlException("Server does not support SASL " + this.simpleName.toUpperCase());
138  }
139
140  /**
141   * Implementors which uses SASL authentication must return {@code true}
142   * for {@link #isSasl() isSasl()} method and return and instance of
143   * {@link javax.security.sasl.SaslClient}.
144   * @throws IOException
145   */
146  public SaslClient createSaslClient(final Map<String, Object> saslProperties)
147      throws IOException {
148    throw new UnsupportedOperationException(
149        this.getClass().getCanonicalName() + " does not support createSaslClient()");
150  }
151
152  /**
153   * Implementors which uses SASL authentication must return {@code true}
154   * for {@link #isSasl() isSasl()} method and return and instance of
155   * {@link javax.security.sasl.SaslServer}.
156   * @param connection
157   * @throws IOException
158   * @throws InterruptedException
159   */
160  public SaslServer createSaslServer(Server.Connection connection,
161      final Map<String, Object> saslProperties)
162      throws IOException, InterruptedException {
163    throw new UnsupportedOperationException(
164        this.getClass().getCanonicalName() + " does not support createSaslServer()");
165  }
166
167}