Exemple #1
0
    def wrap(self, message):
        encoded = self.sasl.wrap(message)

        sasl_message = RpcSaslProto()
        sasl_message.state = 5  #  WRAP
        sasl_message.token = encoded

        self._send_sasl_message(sasl_message)
Exemple #2
0
    def wrap(self, message):
        ret, encoded = self.sasl.encode(message)
        if not ret:
            raise Exception("Cannot encode message: %s" % (self.sasl.getError()))

        sasl_message = RpcSaslProto()
        sasl_message.state = 5 #  WRAP
        sasl_message.token = encoded

        self._send_sasl_message(sasl_message)
Exemple #3
0
    def wrap(self, message):
        ret, encoded = self.sasl.encode(message)
        if not ret:
            raise Exception("Cannot encode message: %s" %
                            (self.sasl.getError()))

        sasl_message = RpcSaslProto()
        sasl_message.state = 5  #  WRAP
        sasl_message.token = encoded

        self._send_sasl_message(sasl_message)
Exemple #4
0
    def wrap(self, message):
        ret, encoded = self.sasl.encode(message)
        if not ret:
            raise Exception("Cannot encode message: %s" % (self.sasl.getError()))
        sasl_message = RpcSaslProto()
        sasl_message.state = 5 #  WRAP
        # Java follows RFC2222 meanwhile Cyrus Sasl follows 4422
        # To make the two implementation to work, the first 4 bytes from
        # the encrypted token are stripped.
        # More info https://lists.andrew.cmu.edu/pipermail/cyrus-sasl/2017-March/003002.html
        sasl_message.token = encoded[4:]

        self._send_sasl_message(sasl_message)
Exemple #5
0
    def connect(self):
        # use service name component from principal
        try:
            service, host, realm = re.split("[\/@]", str(HDFSConfig.hdfs_namenode_principal))
            if host.lower() == "_host":
                host = self._trans.host
        except ValueError:
            raise Exception("Error parsing kerberos principal: %s" % repr(HDFSConfig.hdfs_namenode_principal))

        negotiate = RpcSaslProto()
        negotiate.state = 1
        self._send_sasl_message(negotiate)

        self.sasl = sasl.Client()
        self.sasl.setAttr("service", service)
        self.sasl.setAttr("host", host)
        self.sasl.init()

        # do while true
        while True:
            res = self._recv_sasl_message()
            # TODO: check mechanisms
            if res.state == 1:
                mechs = []
                for auth in res.auths:
                    mechs.append(auth.mechanism)

                log.debug("Available mechs: %s" % (",".join(mechs)))
                s_mechs = str(",".join(mechs))
                ret, chosen_mech, initial_response = self.sasl.start(s_mechs)
                if not ret:
                    raise Exception("Sasl failed to start: %s" % self.sasl.getError())
                log.debug("Chosen mech: %s" % chosen_mech)

                initiate = RpcSaslProto()
                initiate.state = 2
                initiate.token = initial_response

                for auth in res.auths:
                    if auth.mechanism == chosen_mech:
                        auth_method = initiate.auths.add()
                        auth_method.mechanism = chosen_mech
                        auth_method.method = auth.method
                        auth_method.protocol = auth.protocol
                        auth_method.serverId = auth.serverId

                self._send_sasl_message(initiate)
                continue

            if res.state == 3:
                res_token = self._evaluate_token(res)
                response = RpcSaslProto()
                response.token = res_token
                response.state = 4
                self._send_sasl_message(response)
                continue

            if res.state == 0:
                return True
Exemple #6
0
    def connect(self):
        # use service name component from principal
        service = re.split('[\/@]', str(self.hdfs_namenode_principal))[0]

        negotiate = RpcSaslProto()
        negotiate.state = 1
        self._send_sasl_message(negotiate)

        self.sasl = sasl.Client()
        self.sasl.setAttr("service", service)
        self.sasl.setAttr("host", self._trans.host)
        self.sasl.init()

        # do while true
        while True:
          res = self._recv_sasl_message()
          # TODO: check mechanisms
          if res.state == 1:
            mechs = []
            for auth in res.auths:
                mechs.append(auth.mechanism)

            log.debug("Available mechs: %s" % (",".join(mechs)))
            s_mechs = str(",".join(mechs))
            ret, chosen_mech, initial_response = self.sasl.start(s_mechs)
            log.debug("Chosen mech: %s" % chosen_mech)

            initiate = RpcSaslProto()
            initiate.state = 2
            initiate.token = initial_response

            for auth in res.auths:
                if auth.mechanism == chosen_mech:
                    auth_method = initiate.auths.add()
                    auth_method.mechanism = chosen_mech
                    auth_method.method = auth.method
                    auth_method.protocol = auth.protocol
                    auth_method.serverId = self._trans.host

            self._send_sasl_message(initiate)
            continue
           
          if res.state == 3:
            res_token = self._evaluate_token(res)
            response = RpcSaslProto()
            response.token = res_token
            response.state = 4
            self._send_sasl_message(response)
            continue

          if res.state == 0:
            return True
Exemple #7
0
    def connect(self):
        # use service name component from principal
        service = re.split('[\/@]', str(self.hdfs_namenode_principal))[0]

        if not self.sasl:
            self.sasl = SASLClient(self._trans.host, service)

        negotiate = RpcSaslProto()
        negotiate.state = 1
        self._send_sasl_message(negotiate)

        # do while true
        while True:
            res = self._recv_sasl_message()
            # TODO: check mechanisms
            if res.state == 1:
                mechs = []
                for auth in res.auths:
                    mechs.append(auth.mechanism)

                log.debug("Available mechs: %s" % (",".join(mechs)))
                self.sasl.choose_mechanism(mechs, allow_anonymous=False)
                log.debug("Chosen mech: %s" % self.sasl.mechanism)

                initiate = RpcSaslProto()
                initiate.state = 2
                initiate.token = self.sasl.process()

                for auth in res.auths:
                    if auth.mechanism == self.sasl.mechanism:
                        auth_method = initiate.auths.add()
                        auth_method.mechanism = self.sasl.mechanism
                        auth_method.method = auth.method
                        auth_method.protocol = auth.protocol
                        auth_method.serverId = self._trans.host

                self._send_sasl_message(initiate)
                continue

            if res.state == 3:
                res_token = self._evaluate_token(res)
                response = RpcSaslProto()
                response.token = res_token
                response.state = 4
                self._send_sasl_message(response)
                continue

            if res.state == 0:
                return True
Exemple #8
0
    def connect(self):
        negotiate = RpcSaslProto()
        negotiate.state = 1
        self._send_sasl_message(negotiate)

        self.sasl = sasl.Client()
        self.sasl.setAttr("service", "hdfs")
        self.sasl.setAttr("host", self._trans.host)
        self.sasl.init()

        # do while true
        while True:
          res = self._recv_sasl_message()
          # TODO: check mechanisms
          if res.state == 1:
            mechs = []
            for auth in res.auths:
                mechs.append(auth.mechanism)

            log.debug("Available mechs: %s" % (",".join(mechs)))
            s_mechs = str(",".join(mechs))
            ret, chosen_mech, initial_response = self.sasl.start(s_mechs)
            log.debug("Chosen mech: %s" % chosen_mech)

            initiate = RpcSaslProto()
            initiate.state = 2
            initiate.token = initial_response

            for auth in res.auths:
                if auth.mechanism == chosen_mech:
                    auth_method = initiate.auths.add()
                    auth_method.mechanism = chosen_mech
                    auth_method.method = auth.method
                    auth_method.protocol = auth.protocol
                    auth_method.serverId = self._trans.host

            self._send_sasl_message(initiate)
            continue
           
          if res.state == 3:
            res_token = self._evaluate_token(res)
            response = RpcSaslProto()
            response.token = res_token
            response.state = 4
            self._send_sasl_message(response)
            continue

          if res.state == 0:
            return True
Exemple #9
0
    def negotiate_sasl(self, token):
        log.debug("##############NEGOTIATING SASL#####################")

        # Prepares negotiate request

        header_bytes = self.create_sasl_header().SerializeToString()

        negotiate_request = RpcSaslProto()
        negotiate_request.state = RpcSaslProto.NEGOTIATE
        negotiate_request.version = 0

        sasl_bytes = negotiate_request.SerializeToString()

        total_length = (
            len(header_bytes)
            + len(sasl_bytes)
            + encoder._VarintSize(len(header_bytes))
            + encoder._VarintSize(len(sasl_bytes))
        )

        # Sends negotiate request
        self.write(struct.pack("!I", total_length))
        self.write_delimited(header_bytes)
        self.write_delimited(sasl_bytes)

        # Gets negotiate response
        bytes = self.recv_rpc_message()
        resp = self.parse_response(bytes, RpcSaslProto)

        chosen_auth = None
        for auth in resp.auths:
            if auth.method == "TOKEN" and auth.mechanism == "DIGEST-MD5":
                chosen_auth = auth

        if chosen_auth is None:
            raise IOError("Token digest-MD5 authentication not supported by server")

        # Prepares initiate request

        self.sasl = SASLClient(
            chosen_auth.serverId,
            chosen_auth.protocol,
            mechanism=chosen_auth.mechanism,
            username=base64.b64encode(token["identifier"]),
            password=base64.b64encode(token["password"]),
        )

        challenge_resp = self.sasl.process(chosen_auth.challenge)

        auth = RpcSaslProto.SaslAuth()
        auth.method = chosen_auth.method
        auth.mechanism = chosen_auth.mechanism
        auth.protocol = chosen_auth.protocol
        auth.serverId = chosen_auth.serverId

        initiate_request = RpcSaslProto()
        initiate_request.state = RpcSaslProto.INITIATE
        initiate_request.version = 0
        initiate_request.auths.extend([auth])
        initiate_request.token = challenge_resp

        sasl_bytes = initiate_request.SerializeToString()

        total_length = (
            len(header_bytes)
            + len(sasl_bytes)
            + encoder._VarintSize(len(header_bytes))
            + encoder._VarintSize(len(sasl_bytes))
        )

        # Sends initiate request
        self.write(struct.pack("!I", total_length))
        self.write_delimited(header_bytes)
        self.write_delimited(sasl_bytes)

        bytes = self.recv_rpc_message()
        resp = self.parse_response(bytes, RpcSaslProto)
Exemple #10
0
    def connect(self):
        # use service name component from principal
        service = re.split('[\/@]', str(self.hdfs_namenode_principal))[0]

        negotiate = RpcSaslProto()
        negotiate.state = 1
        self._send_sasl_message(negotiate)

        if not self.sasl:
            self.sasl = sasl.Client()
            self.sasl.setAttr("service", service)
            self.sasl.setAttr("host", self._trans.host)
            self.sasl.init()

        while True:
            res = self._recv_sasl_message()

            if res.state == 1:
                mechs = []
                for auth in res.auths:
                    mechs.append(auth.mechanism)

                log.debug("Available mechs: %s" % (",".join(mechs)))
                s_mechs = str(",".join(mechs))
                ret, chosen_mech, initial_response = self.sasl.start(s_mechs)
                log.debug("Chosen mech: %s" % chosen_mech)

                initiate = RpcSaslProto()
                initiate.state = 2
                initiate.token = initial_response
                for auth in res.auths:
                    if auth.mechanism == chosen_mech.decode():
                        log.debug("chosen_mech.decode(): " + chosen_mech.decode())
                        auth_method = initiate.auths.add()
                        auth_method.mechanism = chosen_mech.decode()
                        auth_method.method = auth.method
                        auth_method.protocol = auth.protocol
                        auth_method.serverId = self._trans.host

                self._send_sasl_message(initiate)
                continue

            if res.state == 3:
                res_token = self._evaluate_token(res)
                response = RpcSaslProto()
                response.token = res_token
                response.state = 4
                self._send_sasl_message(response)
                continue

            if res.state == 0:
                return True