def __init__(self,
host=None,
port=10000,
authMechanism=None,
user=None,
password=None,
database=None,
cursorclass=Cursor):
authMechanisms = set(['NOSASL', 'PLAIN', 'KERBEROS', 'LDAP'])
if authMechanism not in authMechanisms or authMechanism == 'KERBEROS':
raise NotImplementedError(
'authMechanism is either not supported or not implemented')
#Must set a password for thrift, even if it doesn't need one
#Open issue with python-sasl
if authMechanism == 'PLAIN' and (password is None
or len(password) == 0):
password = '******'
socket = TSocket(host, port)
self.cursorclass = cursorclass
if authMechanism == 'NOSASL':
transport = TBufferedTransport(socket)
else:
saslc = sasl.Client()
saslc.setAttr("username", user)
saslc.setAttr("password", password)
saslc.init()
transport = TSaslClientTransport(saslc, "PLAIN", socket)
self.client = TCLIService.Client(TBinaryProtocol(transport))
transport.open()
res = self.client.OpenSession(TOpenSessionReq())
self.session = res.sessionHandle
if database is not None:
with self.cursor() as cur:
query = "USE {0}".format(database)
cur.execute(query)
def sasl_factory():
sasl_client = sasl.Client()
sasl_client.setAttr('host', 'localhost')
sasl_client.setAttr('username', 'test_username')
sasl_client.setAttr('password', 'x')
sasl_client.init()
return sasl_client
def sasl_factory():
sasl_client = sasl.Client()
sasl_client.setAttr(b'username', username.encode('latin-1'))
# Password doesn't matter in NONE mode, just needs to be nonempty.
sasl_client.setAttr(b'password', b'x')
sasl_client.init()
return sasl_client
def sasl_factory():
sasl_client = sasl.Client()
sasl_client.setAttr('host', host)
sasl_client.setAttr('service', kerberos_service_name)
if auth_mechanism.upper() in ['PLAIN', 'LDAP']:
sasl_client.setAttr('username', user)
sasl_client.setAttr('password', password)
sasl_client.init()
return sasl_client
def sasl_factory():
saslc = sasl.Client()
saslc.setAttr("host", str(conf.host))
saslc.setAttr("service", str(conf.kerberos_principal))
if conf.mechanism == 'PLAIN':
saslc.setAttr("username", str(conf.username))
saslc.setAttr("password", str(conf.password)) # Defaults to 'hue' for a non-empty string unless using LDAP
saslc.init()
return saslc
def sasl_factory():
sasl_client = sasl.Client()
sasl_client.setAttr("host", host)
sasl_client.setAttr("service", service)
if transport_type.lower() == "plain_sasl":
sasl_client.setAttr("username", user)
sasl_client.setAttr("password", password)
sasl_client.init()
return sasl_client
def sasl_factory():
saslc = sasl.Client()
saslc.setAttr("host", str(conf.host))
saslc.setAttr("service", str(conf.kerberos_principal))
if conf.mechanism == 'PLAIN':
saslc.setAttr("username", str(conf.username))
saslc.setAttr("password", 'hue') # Just a non empty string
saslc.init()
return saslc
def sasl_factory():
sasl_client = sasl.Client()
sasl_client.setAttr("host", sasl_host)
if self.use_ldap:
sasl_client.setAttr("username", self.user)
sasl_client.setAttr("password", self.ldap_password)
else:
sasl_client.setAttr("service", self.kerberos_service_name)
sasl_client.init()
return sasl_client
def sasl_factory():
sasl_client = sasl.Client()
sasl_client.setAttr('host', host)
if sasl_auth == 'GSSAPI':
sasl_client.setAttr('service', kerberos_service_name)
elif sasl_auth == 'PLAIN':
sasl_client.setAttr('username', username)
sasl_client.setAttr('password', password)
else:
raise AssertionError
sasl_client.init()
return sasl_client
def sasl_factory():
sasl_client = sasl.Client()
sasl_client.setAttr(b'username', username.encode('latin-1'))
# Password doesn't matter in PLAIN mode, just needs to be nonempty.
sasl_client.setAttr(
b'password',
password.encode('latin-1') if password else b'b')
if authMechanism == 'GSSAPI':
sasl_client.setAttr(b"host", krb_host.encode('latin-1'))
sasl_client.setAttr(b"service", krb_service.encode('latin-1'))
sasl_client.init()
return sasl_client
def __init__(self,
unix_socket=None,
host=None,
port=10000,
authMechanism=None,
user=None,
password=None,
database=None,
configuration=None,
timeout=None):
authMechanisms = set(['NOSASL', 'PLAIN', 'KERBEROS', 'LDAP'])
if authMechanism not in authMechanisms:
raise NotImplementedError(
'authMechanism is either not supported or not implemented')
#Must set a password for thrift, even if it doesn't need one
#Open issue with python-sasl
if authMechanism == 'PLAIN' and (password is None
or len(password) == 0):
password = '******'
if unix_socket is not None:
socket = TSocket(unix_socket=unix_socket)
else:
socket = TSocket(host, port)
socket.setTimeout(timeout)
if authMechanism == 'NOSASL':
transport = TBufferedTransport(socket)
else:
sasl_mech = 'PLAIN'
saslc = sasl.Client()
saslc.setAttr("username", user)
saslc.setAttr("password", password)
if authMechanism == 'KERBEROS':
krb_host, krb_service = self._get_krb_settings(
host, configuration)
sasl_mech = 'GSSAPI'
saslc.setAttr("host", krb_host)
saslc.setAttr("service", krb_service)
saslc.init()
transport = TSaslClientTransport(saslc, sasl_mech, socket)
self.client = TCLIService.Client(TBinaryProtocol(transport))
transport.open()
res = self.client.OpenSession(
TOpenSessionReq(username=user,
password=password,
configuration=configuration))
self.session = res.sessionHandle
if database is not None:
with self.cursor() as cur:
query = "USE {0}".format(database)
cur.execute(query)
def connect(self):
# use service name component from principal
service = re.split('[\/@]', str(HDFSConfig.hdfs_namenode_principal))[0]
negotiate = RpcSaslProto()
negotiate.state = 1
self._send_sasl_message(negotiate)
self.sasl = sasl.Client()
self.sasl.setAttr("service", service)
self.sasl.setAttr("host", self._trans.host)
self.sasl.init()
# do while true
while True:
res = self._recv_sasl_message()
# TODO: check mechanisms
if res.state == 1:
mechs = []
for auth in res.auths:
mechs.append(auth.mechanism)
log.debug("Available mechs: %s" % (",".join(mechs)))
s_mechs = str(",".join(mechs))
ret, chosen_mech, initial_response = self.sasl.start(s_mechs)
log.debug("Chosen mech: %s" % chosen_mech)
initiate = RpcSaslProto()
initiate.state = 2
initiate.token = initial_response
for auth in res.auths:
if auth.mechanism == chosen_mech:
auth_method = initiate.auths.add()
auth_method.mechanism = chosen_mech
auth_method.method = auth.method
auth_method.protocol = auth.protocol
auth_method.serverId = self._trans.host
self._send_sasl_message(initiate)
continue
if res.state == 3:
res_token = self._evaluate_token(res)
response = RpcSaslProto()
response.token = res_token
response.state = 4
self._send_sasl_message(response)
continue
if res.state == 0:
return True
def _get_sasl_client(self, host, authMechanism, user, password,
configuration):
sasl_mech = 'PLAIN'
saslc = sasl.Client()
saslc.setAttr("username", user)
saslc.setAttr("password", password)
if authMechanism == 'KERBEROS':
krb_host, krb_service = self._get_krb_settings(host, configuration)
sasl_mech = 'GSSAPI'
saslc.setAttr("host", krb_host)
saslc.setAttr("service", krb_service)
saslc.init()
return saslc, sasl_mech
def _authenticate_with_sasl(self, host, timeout):
saslc = sasl.Client()
saslc.setAttr('host', host)
saslc.setAttr('service', self.sasl_server_principal)
saslc.init()
ret, chosen_mech, initial_response = saslc.start('GSSAPI')
if not ret:
raise SaslException(saslc.getError())
response = initial_response
xid = 0
while True:
xid += 1
request = SASL(response)
self._submit(request, timeout, xid)
header, buffer, offset = self._read_header(timeout)
if header.xid != xid:
raise RuntimeError(
'xids do not match, expected %r '
'received %r', xid, header.xid)
if header.zxid > 0:
client.last_zxid = zxid
if header.err:
callback_exception = EXCEPTIONS[header.err]()
self.logger.debug('Received error(xid=%s) %r', xid,
callback_exception)
raise callback_exception
token, _ = SASL.deserialize(buffer, offset)
if not token:
break
ret, response = saslc.step(token)
if not ret:
raise SaslException(saslc.getError())
def sasl_factory():
saslc = sasl.Client()
saslc.setAttr("username", username)
saslc.setAttr("password", password)
saslc.init()
return saslc
def sasl_factory():
saslc = sasl.Client()
saslc.setAttr("host", "hadoop")
saslc.setAttr("service", str(conf.kerberos_principal))
saslc.init()
return saslc
def sasl_factory():
sasl_client = sasl.Client()
sasl_client.setAttr('host', self.host)
sasl_client.setAttr('service', self.sasl_service_name)
sasl_client.init()
return sasl_client
def sasl_factory():
saslc = sasl.Client()
saslc.setAttr("host", conf.host)
saslc.setAttr("service", conf.kerberos_principal)
saslc.init()
return saslc
