[1/4] hbase git commit: HBASE-19118 Use SaslUtil to set Sasl.QOP in 'Thrift'

elserj Wed, 01 Nov 2017 21:47:59 -0700

Repository: hbase
Updated Branches:
  refs/heads/branch-1 61753bd13 -> 01cb1d99b
  refs/heads/branch-1.4 acc0ed6eb -> 690498111
  refs/heads/branch-2 663f3c7b5 -> e61606231
  refs/heads/master 8d1e6a3e2 -> 49abc2e1c



HBASE-19118 Use SaslUtil to set Sasl.QOP in 'Thrift'

Signed-off-by: Josh Elser <els...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/49abc2e1
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/49abc2e1
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/49abc2e1

Branch: refs/heads/master
Commit: 49abc2e1c281665a23ee3b1bf8b6040eeebe47b0
Parents: 8d1e6a3
Author: Reid Chan <reidddc...@outlook.com>
Authored: Mon Oct 30 17:25:59 2017 +0800
Committer: Josh Elser <els...@apache.org>
Committed: Wed Nov 1 23:43:17 2017 -0400

----------------------------------------------------------------------
 .../hadoop/hbase/thrift/ThriftServerRunner.java | 25 +++++++++++++-------
 .../hadoop/hbase/thrift2/ThriftServer.java      |  5 +---
 2 files changed, 17 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hbase/blob/49abc2e1/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
----------------------------------------------------------------------
diff --git 
a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
 
b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
index a6c59c0..599713f 100644
--- 
a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
+++ 
b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
@@ -23,7 +23,6 @@ import static org.apache.hadoop.hbase.util.Bytes.getBytes;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.security.sasl.AuthorizeCallback;
-import javax.security.sasl.Sasl;
 import javax.security.sasl.SaslServer;
 import java.io.IOException;
 import java.net.InetAddress;
@@ -80,6 +79,8 @@ import org.apache.hadoop.hbase.filter.Filter;
 import org.apache.hadoop.hbase.filter.ParseFilter;
 import org.apache.hadoop.hbase.filter.PrefixFilter;
 import org.apache.hadoop.hbase.filter.WhileMatchFilter;
+import org.apache.hadoop.hbase.security.SaslUtil;
+import org.apache.hadoop.hbase.security.SaslUtil.QualityOfProtection;
 import org.apache.hadoop.hbase.security.SecurityUtil;
 import org.apache.hadoop.hbase.security.UserProvider;
 import org.apache.hadoop.hbase.thrift.generated.AlreadyExists;
@@ -207,7 +208,7 @@ public class ThriftServerRunner implements Runnable {
   private final HBaseHandler hbaseHandler;
   private final UserGroupInformation realUser;
 
-  private final String qop;
+  private SaslUtil.QualityOfProtection qop;
   private String host;
 
   private final boolean securityEnabled;
@@ -334,7 +335,10 @@ public class ThriftServerRunner implements Runnable {
     this.handler = HbaseHandlerMetricsProxy.newInstance(
       hbaseHandler, metrics, conf);
     this.realUser = userProvider.getCurrent().getUGI();
-    qop = conf.get(THRIFT_QOP_KEY);
+    String strQop = conf.get(THRIFT_QOP_KEY);
+    if (strQop != null) {
+      this.qop = SaslUtil.getQop(strQop);
+    }
     doAsEnabled = conf.getBoolean(THRIFT_SUPPORT_PROXYUSER, false);
     if (doAsEnabled) {
       if (!conf.getBoolean(USE_HTTP_CONF_KEY, false)) {
@@ -342,10 +346,14 @@ public class ThriftServerRunner implements Runnable {
       }
     }
     if (qop != null) {
-      if (!qop.equals("auth") && !qop.equals("auth-int")
-          && !qop.equals("auth-conf")) {
-        throw new IOException("Invalid " + THRIFT_QOP_KEY + ": " + qop
-          + ", it must be 'auth', 'auth-int', or 'auth-conf'");
+      if (qop != QualityOfProtection.AUTHENTICATION &&
+          qop != QualityOfProtection.INTEGRITY &&
+          qop != QualityOfProtection.PRIVACY) {
+        throw new IOException(String.format("Invalide %s: It must be one of 
%s, %s, or %s.",
+                              THRIFT_QOP_KEY,
+                              QualityOfProtection.AUTHENTICATION.name(),
+                              QualityOfProtection.INTEGRITY.name(),
+                              QualityOfProtection.PRIVACY.name()));
       }
       if (!securityEnabled) {
         throw new IOException("Thrift server must"
@@ -524,8 +532,7 @@ public class ThriftServerRunner implements Runnable {
       // Extract the name from the principal
       String name = SecurityUtil.getUserFromPrincipal(
         conf.get("hbase.thrift.kerberos.principal"));
-      Map<String, String> saslProperties = new HashMap<>();
-      saslProperties.put(Sasl.QOP, qop);
+      Map<String, String> saslProperties = 
SaslUtil.initSaslProperties(qop.name());
       TSaslServerTransport.Factory saslFactory = new 
TSaslServerTransport.Factory();
       saslFactory.addServerDefinition("GSSAPI", name, host, saslProperties,
         new SaslGssCallbackHandler() {

http://git-wip-us.apache.org/repos/asf/hbase/blob/49abc2e1/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift2/ThriftServer.java
----------------------------------------------------------------------
diff --git 
a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift2/ThriftServer.java 
b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift2/ThriftServer.java
index 68a71ff..c590370 100644
--- 
a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift2/ThriftServer.java
+++ 
b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift2/ThriftServer.java
@@ -23,7 +23,6 @@ import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.UnknownHostException;
 import java.security.PrivilegedAction;
-import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.ExecutorService;
@@ -35,7 +34,6 @@ import java.util.concurrent.TimeUnit;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.security.sasl.AuthorizeCallback;
-import javax.security.sasl.Sasl;
 import javax.security.sasl.SaslServer;
 
 import org.apache.commons.cli.CommandLine;
@@ -197,8 +195,7 @@ public class ThriftServer extends Configured implements 
Tool {
     } else if (qop == null) {
       return new TTransportFactory();
     } else {
-      Map<String, String> saslProperties = new HashMap<>();
-      saslProperties.put(Sasl.QOP, qop.getSaslQop());
+      Map<String, String> saslProperties = 
SaslUtil.initSaslProperties(qop.name());
       TSaslServerTransport.Factory saslFactory = new 
TSaslServerTransport.Factory();
       saslFactory.addServerDefinition("GSSAPI", name, host, saslProperties,
         new SaslGssCallbackHandler() {

[1/4] hbase git commit: HBASE-19118 Use SaslUtil to set Sasl.QOP in 'Thrift'

Reply via email to