def connect(self): # use service name component from principal service = re.split('[\/@]', str(HDFSConfig.hdfs_namenode_principal))[0] negotiate = RpcSaslProto() negotiate.state = 1 self._send_sasl_message(negotiate) self.sasl = sasl.Client() self.sasl.setAttr("service", service) self.sasl.setAttr("host", self._trans.host) self.sasl.init() # do while true while True: res = self._recv_sasl_message() # TODO: check mechanisms if res.state == 1: mechs = [] for auth in res.auths: mechs.append(auth.mechanism) log.debug("Available mechs: %s" % (",".join(mechs))) s_mechs = str(",".join(mechs)) ret, chosen_mech, initial_response = self.sasl.start(s_mechs) log.debug("Chosen mech: %s" % chosen_mech) initiate = RpcSaslProto() initiate.state = 2 initiate.token = initial_response for auth in res.auths: if auth.mechanism == chosen_mech: auth_method = initiate.auths.add() auth_method.mechanism = chosen_mech auth_method.method = auth.method auth_method.protocol = auth.protocol auth_method.serverId = self._trans.host self._send_sasl_message(initiate) continue if res.state == 3: res_token = self._evaluate_token(res) response = RpcSaslProto() response.token = res_token response.state = 4 self._send_sasl_message(response) continue if res.state == 0: return True
def connect(self): # use service name component from principal service = re.split('[\/@]', str(self.hdfs_namenode_principal))[0] if not self.sasl: self.sasl = SASLClient(self._trans.host, service) negotiate = RpcSaslProto() negotiate.state = 1 self._send_sasl_message(negotiate) # do while true while True: res = self._recv_sasl_message() # TODO: check mechanisms if res.state == 1: mechs = [] for auth in res.auths: mechs.append(auth.mechanism) log.debug("Available mechs: %s" % (",".join(mechs))) self.sasl.choose_mechanism(mechs, allow_anonymous=False) log.debug("Chosen mech: %s" % self.sasl.mechanism) initiate = RpcSaslProto() initiate.state = 2 initiate.token = self.sasl.process() for auth in res.auths: if auth.mechanism == self.sasl.mechanism: auth_method = initiate.auths.add() auth_method.mechanism = self.sasl.mechanism auth_method.method = auth.method auth_method.protocol = auth.protocol auth_method.serverId = self._trans.host self._send_sasl_message(initiate) continue if res.state == 3: res_token = self._evaluate_token(res) response = RpcSaslProto() response.token = res_token response.state = 4 self._send_sasl_message(response) continue if res.state == 0: return True
def wrap(self, message): encoded = self.sasl.wrap(message) sasl_message = RpcSaslProto() sasl_message.state = 5 # WRAP sasl_message.token = encoded self._send_sasl_message(sasl_message)
def wrap(self, message): ret, encoded = self.sasl.encode(message) if not ret: raise Exception("Cannot encode message: %s" % (self.sasl.getError())) sasl_message = RpcSaslProto() sasl_message.state = 5 # WRAP sasl_message.token = encoded self._send_sasl_message(sasl_message)
def wrap(self, message): ret, encoded = self.sasl.encode(message) if not ret: raise Exception("Cannot encode message: %s" % (self.sasl.getError())) sasl_message = RpcSaslProto() sasl_message.state = 5 # WRAP # Java follows RFC2222 meanwhile Cyrus Sasl follows 4422 # To make the two implementation to work, the first 4 bytes from # the encrypted token are stripped. # More info https://lists.andrew.cmu.edu/pipermail/cyrus-sasl/2017-March/003002.html sasl_message.token = encoded[4:] self._send_sasl_message(sasl_message)