0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011
0012
0013
0014
0015
0016
0017
0018 package org.apache.hive.service.auth;
0019
0020 import java.io.IOException;
0021 import java.security.Security;
0022 import java.util.HashMap;
0023 import javax.security.auth.callback.Callback;
0024 import javax.security.auth.callback.CallbackHandler;
0025 import javax.security.auth.callback.NameCallback;
0026 import javax.security.auth.callback.PasswordCallback;
0027 import javax.security.auth.callback.UnsupportedCallbackException;
0028 import javax.security.auth.login.LoginException;
0029 import javax.security.sasl.AuthenticationException;
0030 import javax.security.sasl.AuthorizeCallback;
0031 import javax.security.sasl.SaslException;
0032
0033 import org.apache.hive.service.auth.AuthenticationProviderFactory.AuthMethods;
0034 import org.apache.hive.service.auth.PlainSaslServer.SaslPlainProvider;
0035 import org.apache.hive.service.cli.thrift.ThriftCLIService;
0036 import org.apache.hive.service.rpc.thrift.TCLIService.Iface;
0037 import org.apache.thrift.TProcessor;
0038 import org.apache.thrift.TProcessorFactory;
0039 import org.apache.thrift.transport.TSaslClientTransport;
0040 import org.apache.thrift.transport.TSaslServerTransport;
0041 import org.apache.thrift.transport.TTransport;
0042 import org.apache.thrift.transport.TTransportFactory;
0043
0044 public final class PlainSaslHelper {
0045
0046 public static TProcessorFactory getPlainProcessorFactory(ThriftCLIService service) {
0047 return new SQLPlainProcessorFactory(service);
0048 }
0049
0050
0051 static {
0052 Security.addProvider(new SaslPlainProvider());
0053 }
0054
0055 public static TTransportFactory getPlainTransportFactory(String authTypeStr)
0056 throws LoginException {
0057 TSaslServerTransport.Factory saslFactory = new TSaslServerTransport.Factory();
0058 try {
0059 saslFactory.addServerDefinition("PLAIN", authTypeStr, null, new HashMap<String, String>(),
0060 new PlainServerCallbackHandler(authTypeStr));
0061 } catch (AuthenticationException e) {
0062 throw new LoginException("Error setting callback handler" + e);
0063 }
0064 return saslFactory;
0065 }
0066
0067 public static TTransport getPlainTransport(String username, String password,
0068 TTransport underlyingTransport) throws SaslException {
0069 return new TSaslClientTransport("PLAIN", null, null, null, new HashMap<String, String>(),
0070 new PlainCallbackHandler(username, password), underlyingTransport);
0071 }
0072
0073 private PlainSaslHelper() {
0074 throw new UnsupportedOperationException("Can't initialize class");
0075 }
0076
0077 private static final class PlainServerCallbackHandler implements CallbackHandler {
0078
0079 private final AuthMethods authMethod;
0080
0081 PlainServerCallbackHandler(String authMethodStr) throws AuthenticationException {
0082 authMethod = AuthMethods.getValidAuthMethod(authMethodStr);
0083 }
0084
0085 @Override
0086 public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
0087 String username = null;
0088 String password = null;
0089 AuthorizeCallback ac = null;
0090
0091 for (Callback callback : callbacks) {
0092 if (callback instanceof NameCallback) {
0093 NameCallback nc = (NameCallback) callback;
0094 username = nc.getName();
0095 } else if (callback instanceof PasswordCallback) {
0096 PasswordCallback pc = (PasswordCallback) callback;
0097 password = new String(pc.getPassword());
0098 } else if (callback instanceof AuthorizeCallback) {
0099 ac = (AuthorizeCallback) callback;
0100 } else {
0101 throw new UnsupportedCallbackException(callback);
0102 }
0103 }
0104 PasswdAuthenticationProvider provider =
0105 AuthenticationProviderFactory.getAuthenticationProvider(authMethod);
0106 provider.Authenticate(username, password);
0107 if (ac != null) {
0108 ac.setAuthorized(true);
0109 }
0110 }
0111 }
0112
0113 public static class PlainCallbackHandler implements CallbackHandler {
0114
0115 private final String username;
0116 private final String password;
0117
0118 public PlainCallbackHandler(String username, String password) {
0119 this.username = username;
0120 this.password = password;
0121 }
0122
0123 @Override
0124 public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
0125 for (Callback callback : callbacks) {
0126 if (callback instanceof NameCallback) {
0127 NameCallback nameCallback = (NameCallback) callback;
0128 nameCallback.setName(username);
0129 } else if (callback instanceof PasswordCallback) {
0130 PasswordCallback passCallback = (PasswordCallback) callback;
0131 passCallback.setPassword(password.toCharArray());
0132 } else {
0133 throw new UnsupportedCallbackException(callback);
0134 }
0135 }
0136 }
0137 }
0138
0139 private static final class SQLPlainProcessorFactory extends TProcessorFactory {
0140
0141 private final ThriftCLIService service;
0142
0143 SQLPlainProcessorFactory(ThriftCLIService service) {
0144 super(null);
0145 this.service = service;
0146 }
0147
0148 @Override
0149 public TProcessor getProcessor(TTransport trans) {
0150 return new TSetIpAddressProcessor<Iface>(service);
0151 }
0152 }
0153
0154 }