1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.hadoop.hbase;
20
21 import java.io.IOException;
22 import java.net.UnknownHostException;
23
24 import org.apache.commons.logging.Log;
25 import org.apache.commons.logging.LogFactory;
26 import org.apache.hadoop.conf.Configuration;
27 import org.apache.hadoop.hbase.classification.InterfaceAudience;
28 import org.apache.hadoop.hbase.classification.InterfaceStability;
29 import org.apache.hadoop.hbase.security.UserProvider;
30 import org.apache.hadoop.hbase.util.DNS;
31 import org.apache.hadoop.hbase.util.Strings;
32 import org.apache.hadoop.hbase.util.Threads;
33 import org.apache.hadoop.security.UserGroupInformation;
34
35
36
37
38 @InterfaceAudience.Public
39 @InterfaceStability.Evolving
40 public class AuthUtil {
41 private static final Log LOG = LogFactory.getLog(AuthUtil.class);
42
43
44 public static final String GROUP_PREFIX = "@";
45
46 private AuthUtil() {
47 super();
48 }
49
50
51
52
53 public static void launchAuthChore(Configuration conf) throws IOException {
54 UserProvider userProvider = UserProvider.instantiate(conf);
55
56 boolean securityEnabled =
57 userProvider.isHadoopSecurityEnabled() && userProvider.isHBaseSecurityEnabled();
58 if (!securityEnabled) return;
59 String host = null;
60 try {
61 host = Strings.domainNamePointerToHostName(DNS.getDefaultHost(
62 conf.get("hbase.client.dns.interface", "default"),
63 conf.get("hbase.client.dns.nameserver", "default")));
64 userProvider.login("hbase.client.keytab.file", "hbase.client.kerberos.principal", host);
65 } catch (UnknownHostException e) {
66 LOG.error("Error resolving host name: " + e.getMessage(), e);
67 throw e;
68 } catch (IOException e) {
69 LOG.error("Error while trying to perform the initial login: " + e.getMessage(), e);
70 throw e;
71 }
72
73 final UserGroupInformation ugi = userProvider.getCurrent().getUGI();
74 Stoppable stoppable = new Stoppable() {
75 private volatile boolean isStopped = false;
76
77 @Override
78 public void stop(String why) {
79 isStopped = true;
80 }
81
82 @Override
83 public boolean isStopped() {
84 return isStopped;
85 }
86 };
87
88
89
90
91 final int CHECK_TGT_INTERVAL = 30 * 1000;
92
93 Chore refreshCredentials = new Chore("RefreshCredentials", CHECK_TGT_INTERVAL, stoppable) {
94 @Override
95 protected void chore() {
96 try {
97 ugi.checkTGTAndReloginFromKeytab();
98 } catch (IOException e) {
99 LOG.error("Got exception while trying to refresh credentials: " + e.getMessage(), e);
100 }
101 }
102 };
103
104 Threads.setDaemonThreadRunning(refreshCredentials.getThread());
105 }
106
107
108
109
110
111
112 public static boolean isGroupPrincipal(String name) {
113 return name != null && name.startsWith(GROUP_PREFIX);
114 }
115
116
117
118
119
120 public static String getGroupName(String aclKey) {
121 if (!isGroupPrincipal(aclKey)) {
122 return aclKey;
123 }
124
125 return aclKey.substring(GROUP_PREFIX.length());
126 }
127
128
129
130
131 public static String toGroupEntry(String name) {
132 return GROUP_PREFIX + name;
133 }
134 }