Google Git
Sign in
apache / hbase-site / 5a6938ba8875b19a3d96e84a37f1016c53778aec / . / devapidocs / src-html / org / apache / hadoop / hbase / ipc / ServerRpcConnection.html
blob: 72602a7246dff1eb49603e66cdd3985de725aabf [file] [log] [blame]
<!DOCTYPE HTML>
<html lang="en">
<head>
<!-- Generated by javadoc (17) -->
<title>Source code</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="source: package: org.apache.hadoop.hbase.ipc, class: ServerRpcConnection">
<meta name="generator" content="javadoc/SourceToHTMLConverter">
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="Style">
</head>
<body class="source-page">
<main role="main">
<div class="source-container">
<pre><span class="source-line-no">001</span><span id="line-1">/*</span>
<span class="source-line-no">002</span><span id="line-2"> * Licensed to the Apache Software Foundation (ASF) under one</span>
<span class="source-line-no">003</span><span id="line-3"> * or more contributor license agreements. See the NOTICE file</span>
<span class="source-line-no">004</span><span id="line-4"> * distributed with this work for additional information</span>
<span class="source-line-no">005</span><span id="line-5"> * regarding copyright ownership. The ASF licenses this file</span>
<span class="source-line-no">006</span><span id="line-6"> * to you under the Apache License, Version 2.0 (the</span>
<span class="source-line-no">007</span><span id="line-7"> * "License"); you may not use this file except in compliance</span>
<span class="source-line-no">008</span><span id="line-8"> * with the License. You may obtain a copy of the License at</span>
<span class="source-line-no">009</span><span id="line-9"> *</span>
<span class="source-line-no">010</span><span id="line-10"> * http://www.apache.org/licenses/LICENSE-2.0</span>
<span class="source-line-no">011</span><span id="line-11"> *</span>
<span class="source-line-no">012</span><span id="line-12"> * Unless required by applicable law or agreed to in writing, software</span>
<span class="source-line-no">013</span><span id="line-13"> * distributed under the License is distributed on an "AS IS" BASIS,</span>
<span class="source-line-no">014</span><span id="line-14"> * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</span>
<span class="source-line-no">015</span><span id="line-15"> * See the License for the specific language governing permissions and</span>
<span class="source-line-no">016</span><span id="line-16"> * limitations under the License.</span>
<span class="source-line-no">017</span><span id="line-17"> */</span>
<span class="source-line-no">018</span><span id="line-18">package org.apache.hadoop.hbase.ipc;</span>
<span class="source-line-no">019</span><span id="line-19"></span>
<span class="source-line-no">020</span><span id="line-20">import static org.apache.hadoop.hbase.HConstants.RPC_HEADER;</span>
<span class="source-line-no">021</span><span id="line-21"></span>
<span class="source-line-no">022</span><span id="line-22">import io.opentelemetry.api.GlobalOpenTelemetry;</span>
<span class="source-line-no">023</span><span id="line-23">import io.opentelemetry.api.trace.Span;</span>
<span class="source-line-no">024</span><span id="line-24">import io.opentelemetry.context.Context;</span>
<span class="source-line-no">025</span><span id="line-25">import io.opentelemetry.context.Scope;</span>
<span class="source-line-no">026</span><span id="line-26">import io.opentelemetry.context.propagation.TextMapGetter;</span>
<span class="source-line-no">027</span><span id="line-27">import java.io.Closeable;</span>
<span class="source-line-no">028</span><span id="line-28">import java.io.DataOutputStream;</span>
<span class="source-line-no">029</span><span id="line-29">import java.io.IOException;</span>
<span class="source-line-no">030</span><span id="line-30">import java.net.InetAddress;</span>
<span class="source-line-no">031</span><span id="line-31">import java.net.InetSocketAddress;</span>
<span class="source-line-no">032</span><span id="line-32">import java.nio.ByteBuffer;</span>
<span class="source-line-no">033</span><span id="line-33">import java.security.GeneralSecurityException;</span>
<span class="source-line-no">034</span><span id="line-34">import java.security.cert.X509Certificate;</span>
<span class="source-line-no">035</span><span id="line-35">import java.util.Collections;</span>
<span class="source-line-no">036</span><span id="line-36">import java.util.Map;</span>
<span class="source-line-no">037</span><span id="line-37">import java.util.Objects;</span>
<span class="source-line-no">038</span><span id="line-38">import java.util.Properties;</span>
<span class="source-line-no">039</span><span id="line-39">import org.apache.commons.crypto.cipher.CryptoCipherFactory;</span>
<span class="source-line-no">040</span><span id="line-40">import org.apache.commons.crypto.random.CryptoRandom;</span>
<span class="source-line-no">041</span><span id="line-41">import org.apache.commons.crypto.random.CryptoRandomFactory;</span>
<span class="source-line-no">042</span><span id="line-42">import org.apache.hadoop.hbase.DoNotRetryIOException;</span>
<span class="source-line-no">043</span><span id="line-43">import org.apache.hadoop.hbase.ExtendedCellScanner;</span>
<span class="source-line-no">044</span><span id="line-44">import org.apache.hadoop.hbase.client.ConnectionRegistryEndpoint;</span>
<span class="source-line-no">045</span><span id="line-45">import org.apache.hadoop.hbase.client.VersionInfoUtil;</span>
<span class="source-line-no">046</span><span id="line-46">import org.apache.hadoop.hbase.codec.Codec;</span>
<span class="source-line-no">047</span><span id="line-47">import org.apache.hadoop.hbase.io.ByteBufferOutputStream;</span>
<span class="source-line-no">048</span><span id="line-48">import org.apache.hadoop.hbase.io.crypto.aes.CryptoAES;</span>
<span class="source-line-no">049</span><span id="line-49">import org.apache.hadoop.hbase.ipc.RpcServer.CallCleanup;</span>
<span class="source-line-no">050</span><span id="line-50">import org.apache.hadoop.hbase.nio.ByteBuff;</span>
<span class="source-line-no">051</span><span id="line-51">import org.apache.hadoop.hbase.regionserver.RegionServerAbortedException;</span>
<span class="source-line-no">052</span><span id="line-52">import org.apache.hadoop.hbase.security.AccessDeniedException;</span>
<span class="source-line-no">053</span><span id="line-53">import org.apache.hadoop.hbase.security.HBaseSaslRpcServer;</span>
<span class="source-line-no">054</span><span id="line-54">import org.apache.hadoop.hbase.security.SaslStatus;</span>
<span class="source-line-no">055</span><span id="line-55">import org.apache.hadoop.hbase.security.SaslUtil;</span>
<span class="source-line-no">056</span><span id="line-56">import org.apache.hadoop.hbase.security.User;</span>
<span class="source-line-no">057</span><span id="line-57">import org.apache.hadoop.hbase.security.provider.SaslServerAuthenticationProvider;</span>
<span class="source-line-no">058</span><span id="line-58">import org.apache.hadoop.hbase.security.provider.SaslServerAuthenticationProviders;</span>
<span class="source-line-no">059</span><span id="line-59">import org.apache.hadoop.hbase.security.provider.SimpleSaslServerAuthenticationProvider;</span>
<span class="source-line-no">060</span><span id="line-60">import org.apache.hadoop.hbase.trace.TraceUtil;</span>
<span class="source-line-no">061</span><span id="line-61">import org.apache.hadoop.hbase.util.ByteBufferUtils;</span>
<span class="source-line-no">062</span><span id="line-62">import org.apache.hadoop.hbase.util.Bytes;</span>
<span class="source-line-no">063</span><span id="line-63">import org.apache.hadoop.hbase.util.Pair;</span>
<span class="source-line-no">064</span><span id="line-64">import org.apache.hadoop.io.IntWritable;</span>
<span class="source-line-no">065</span><span id="line-65">import org.apache.hadoop.io.Writable;</span>
<span class="source-line-no">066</span><span id="line-66">import org.apache.hadoop.io.WritableUtils;</span>
<span class="source-line-no">067</span><span id="line-67">import org.apache.hadoop.io.compress.CompressionCodec;</span>
<span class="source-line-no">068</span><span id="line-68">import org.apache.hadoop.security.UserGroupInformation;</span>
<span class="source-line-no">069</span><span id="line-69">import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;</span>
<span class="source-line-no">070</span><span id="line-70">import org.apache.hadoop.security.authorize.AuthorizationException;</span>
<span class="source-line-no">071</span><span id="line-71">import org.apache.hadoop.security.authorize.ProxyUsers;</span>
<span class="source-line-no">072</span><span id="line-72">import org.apache.yetus.audience.InterfaceAudience;</span>
<span class="source-line-no">073</span><span id="line-73"></span>
<span class="source-line-no">074</span><span id="line-74">import org.apache.hbase.thirdparty.com.google.common.collect.Maps;</span>
<span class="source-line-no">075</span><span id="line-75">import org.apache.hbase.thirdparty.com.google.protobuf.BlockingService;</span>
<span class="source-line-no">076</span><span id="line-76">import org.apache.hbase.thirdparty.com.google.protobuf.ByteInput;</span>
<span class="source-line-no">077</span><span id="line-77">import org.apache.hbase.thirdparty.com.google.protobuf.ByteString;</span>
<span class="source-line-no">078</span><span id="line-78">import org.apache.hbase.thirdparty.com.google.protobuf.CodedInputStream;</span>
<span class="source-line-no">079</span><span id="line-79">import org.apache.hbase.thirdparty.com.google.protobuf.Descriptors.MethodDescriptor;</span>
<span class="source-line-no">080</span><span id="line-80">import org.apache.hbase.thirdparty.com.google.protobuf.Message;</span>
<span class="source-line-no">081</span><span id="line-81">import org.apache.hbase.thirdparty.com.google.protobuf.TextFormat;</span>
<span class="source-line-no">082</span><span id="line-82">import org.apache.hbase.thirdparty.com.google.protobuf.UnsafeByteOperations;</span>
<span class="source-line-no">083</span><span id="line-83"></span>
<span class="source-line-no">084</span><span id="line-84">import org.apache.hadoop.hbase.shaded.protobuf.ProtobufUtil;</span>
<span class="source-line-no">085</span><span id="line-85">import org.apache.hadoop.hbase.shaded.protobuf.generated.HBaseProtos;</span>
<span class="source-line-no">086</span><span id="line-86">import org.apache.hadoop.hbase.shaded.protobuf.generated.HBaseProtos.VersionInfo;</span>
<span class="source-line-no">087</span><span id="line-87">import org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos;</span>
<span class="source-line-no">088</span><span id="line-88">import org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.ConnectionHeader;</span>
<span class="source-line-no">089</span><span id="line-89">import org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.RequestHeader;</span>
<span class="source-line-no">090</span><span id="line-90">import org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.ResponseHeader;</span>
<span class="source-line-no">091</span><span id="line-91">import org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.SecurityPreamableResponse;</span>
<span class="source-line-no">092</span><span id="line-92">import org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.UserInformation;</span>
<span class="source-line-no">093</span><span id="line-93">import org.apache.hadoop.hbase.shaded.protobuf.generated.RegistryProtos.GetConnectionRegistryResponse;</span>
<span class="source-line-no">094</span><span id="line-94">import org.apache.hadoop.hbase.shaded.protobuf.generated.TracingProtos.RPCTInfo;</span>
<span class="source-line-no">095</span><span id="line-95"></span>
<span class="source-line-no">096</span><span id="line-96">/** Reads calls from a connection and queues them for handling. */</span>
<span class="source-line-no">097</span><span id="line-97">@edu.umd.cs.findbugs.annotations.SuppressWarnings(value = "VO_VOLATILE_INCREMENT",</span>
<span class="source-line-no">098</span><span id="line-98"> justification = "False positive according to http://sourceforge.net/p/findbugs/bugs/1032/")</span>
<span class="source-line-no">099</span><span id="line-99">@InterfaceAudience.Private</span>
<span class="source-line-no">100</span><span id="line-100">abstract class ServerRpcConnection implements Closeable {</span>
<span class="source-line-no">101</span><span id="line-101"></span>
<span class="source-line-no">102</span><span id="line-102"> private static final TextMapGetter&lt;RPCTInfo&gt; getter = new RPCTInfoGetter();</span>
<span class="source-line-no">103</span><span id="line-103"></span>
<span class="source-line-no">104</span><span id="line-104"> protected final RpcServer rpcServer;</span>
<span class="source-line-no">105</span><span id="line-105"> // If the connection header has been read or not.</span>
<span class="source-line-no">106</span><span id="line-106"> protected boolean connectionHeaderRead = false;</span>
<span class="source-line-no">107</span><span id="line-107"></span>
<span class="source-line-no">108</span><span id="line-108"> protected CallCleanup callCleanup;</span>
<span class="source-line-no">109</span><span id="line-109"></span>
<span class="source-line-no">110</span><span id="line-110"> // Cache the remote host &amp; port info so that even if the socket is</span>
<span class="source-line-no">111</span><span id="line-111"> // disconnected, we can say where it used to connect to.</span>
<span class="source-line-no">112</span><span id="line-112"> protected String hostAddress;</span>
<span class="source-line-no">113</span><span id="line-113"> protected int remotePort;</span>
<span class="source-line-no">114</span><span id="line-114"> protected InetAddress addr;</span>
<span class="source-line-no">115</span><span id="line-115"> protected ConnectionHeader connectionHeader;</span>
<span class="source-line-no">116</span><span id="line-116"> protected Map&lt;String, byte[]&gt; connectionAttributes;</span>
<span class="source-line-no">117</span><span id="line-117"></span>
<span class="source-line-no">118</span><span id="line-118"> /**</span>
<span class="source-line-no">119</span><span id="line-119"> * Codec the client asked use.</span>
<span class="source-line-no">120</span><span id="line-120"> */</span>
<span class="source-line-no">121</span><span id="line-121"> protected Codec codec;</span>
<span class="source-line-no">122</span><span id="line-122"> /**</span>
<span class="source-line-no">123</span><span id="line-123"> * Compression codec the client asked us use.</span>
<span class="source-line-no">124</span><span id="line-124"> */</span>
<span class="source-line-no">125</span><span id="line-125"> protected CompressionCodec compressionCodec;</span>
<span class="source-line-no">126</span><span id="line-126"> protected BlockingService service;</span>
<span class="source-line-no">127</span><span id="line-127"></span>
<span class="source-line-no">128</span><span id="line-128"> protected SaslServerAuthenticationProvider provider;</span>
<span class="source-line-no">129</span><span id="line-129"> protected boolean skipInitialSaslHandshake;</span>
<span class="source-line-no">130</span><span id="line-130"> protected boolean useSasl;</span>
<span class="source-line-no">131</span><span id="line-131"> protected HBaseSaslRpcServer saslServer;</span>
<span class="source-line-no">132</span><span id="line-132"></span>
<span class="source-line-no">133</span><span id="line-133"> // was authentication allowed with a fallback to simple auth</span>
<span class="source-line-no">134</span><span id="line-134"> protected boolean authenticatedWithFallback;</span>
<span class="source-line-no">135</span><span id="line-135"></span>
<span class="source-line-no">136</span><span id="line-136"> protected boolean retryImmediatelySupported = false;</span>
<span class="source-line-no">137</span><span id="line-137"></span>
<span class="source-line-no">138</span><span id="line-138"> protected User user = null;</span>
<span class="source-line-no">139</span><span id="line-139"> protected UserGroupInformation ugi = null;</span>
<span class="source-line-no">140</span><span id="line-140"> protected SaslServerAuthenticationProviders saslProviders = null;</span>
<span class="source-line-no">141</span><span id="line-141"> protected X509Certificate[] clientCertificateChain = null;</span>
<span class="source-line-no">142</span><span id="line-142"></span>
<span class="source-line-no">143</span><span id="line-143"> public ServerRpcConnection(RpcServer rpcServer) {</span>
<span class="source-line-no">144</span><span id="line-144"> this.rpcServer = rpcServer;</span>
<span class="source-line-no">145</span><span id="line-145"> this.callCleanup = null;</span>
<span class="source-line-no">146</span><span id="line-146"> this.saslProviders = SaslServerAuthenticationProviders.getInstance(rpcServer.getConf());</span>
<span class="source-line-no">147</span><span id="line-147"> }</span>
<span class="source-line-no">148</span><span id="line-148"></span>
<span class="source-line-no">149</span><span id="line-149"> @Override</span>
<span class="source-line-no">150</span><span id="line-150"> public String toString() {</span>
<span class="source-line-no">151</span><span id="line-151"> return getHostAddress() + ":" + remotePort;</span>
<span class="source-line-no">152</span><span id="line-152"> }</span>
<span class="source-line-no">153</span><span id="line-153"></span>
<span class="source-line-no">154</span><span id="line-154"> public String getHostAddress() {</span>
<span class="source-line-no">155</span><span id="line-155"> return hostAddress;</span>
<span class="source-line-no">156</span><span id="line-156"> }</span>
<span class="source-line-no">157</span><span id="line-157"></span>
<span class="source-line-no">158</span><span id="line-158"> public InetAddress getHostInetAddress() {</span>
<span class="source-line-no">159</span><span id="line-159"> return addr;</span>
<span class="source-line-no">160</span><span id="line-160"> }</span>
<span class="source-line-no">161</span><span id="line-161"></span>
<span class="source-line-no">162</span><span id="line-162"> public int getRemotePort() {</span>
<span class="source-line-no">163</span><span id="line-163"> return remotePort;</span>
<span class="source-line-no">164</span><span id="line-164"> }</span>
<span class="source-line-no">165</span><span id="line-165"></span>
<span class="source-line-no">166</span><span id="line-166"> public VersionInfo getVersionInfo() {</span>
<span class="source-line-no">167</span><span id="line-167"> if (connectionHeader != null &amp;&amp; connectionHeader.hasVersionInfo()) {</span>
<span class="source-line-no">168</span><span id="line-168"> return connectionHeader.getVersionInfo();</span>
<span class="source-line-no">169</span><span id="line-169"> }</span>
<span class="source-line-no">170</span><span id="line-170"> return null;</span>
<span class="source-line-no">171</span><span id="line-171"> }</span>
<span class="source-line-no">172</span><span id="line-172"></span>
<span class="source-line-no">173</span><span id="line-173"> private String getFatalConnectionString(final int version, final byte authByte) {</span>
<span class="source-line-no">174</span><span id="line-174"> return "serverVersion=" + RpcServer.CURRENT_VERSION + ", clientVersion=" + version</span>
<span class="source-line-no">175</span><span id="line-175"> + ", authMethod=" + authByte +</span>
<span class="source-line-no">176</span><span id="line-176"> // The provider may be null if we failed to parse the header of the request</span>
<span class="source-line-no">177</span><span id="line-177"> ", authName=" + (provider == null ? "unknown" : provider.getSaslAuthMethod().getName())</span>
<span class="source-line-no">178</span><span id="line-178"> + " from " + toString();</span>
<span class="source-line-no">179</span><span id="line-179"> }</span>
<span class="source-line-no">180</span><span id="line-180"></span>
<span class="source-line-no">181</span><span id="line-181"> /**</span>
<span class="source-line-no">182</span><span id="line-182"> * Set up cell block codecs</span>
<span class="source-line-no">183</span><span id="line-183"> */</span>
<span class="source-line-no">184</span><span id="line-184"> private void setupCellBlockCodecs() throws FatalConnectionException {</span>
<span class="source-line-no">185</span><span id="line-185"> // TODO: Plug in other supported decoders.</span>
<span class="source-line-no">186</span><span id="line-186"> if (!connectionHeader.hasCellBlockCodecClass()) {</span>
<span class="source-line-no">187</span><span id="line-187"> return;</span>
<span class="source-line-no">188</span><span id="line-188"> }</span>
<span class="source-line-no">189</span><span id="line-189"> String className = connectionHeader.getCellBlockCodecClass();</span>
<span class="source-line-no">190</span><span id="line-190"> if (className == null || className.length() == 0) {</span>
<span class="source-line-no">191</span><span id="line-191"> return;</span>
<span class="source-line-no">192</span><span id="line-192"> }</span>
<span class="source-line-no">193</span><span id="line-193"> try {</span>
<span class="source-line-no">194</span><span id="line-194"> this.codec = (Codec) Class.forName(className).getDeclaredConstructor().newInstance();</span>
<span class="source-line-no">195</span><span id="line-195"> } catch (Exception e) {</span>
<span class="source-line-no">196</span><span id="line-196"> throw new UnsupportedCellCodecException(className, e);</span>
<span class="source-line-no">197</span><span id="line-197"> }</span>
<span class="source-line-no">198</span><span id="line-198"> if (!connectionHeader.hasCellBlockCompressorClass()) {</span>
<span class="source-line-no">199</span><span id="line-199"> return;</span>
<span class="source-line-no">200</span><span id="line-200"> }</span>
<span class="source-line-no">201</span><span id="line-201"> className = connectionHeader.getCellBlockCompressorClass();</span>
<span class="source-line-no">202</span><span id="line-202"> try {</span>
<span class="source-line-no">203</span><span id="line-203"> this.compressionCodec =</span>
<span class="source-line-no">204</span><span id="line-204"> (CompressionCodec) Class.forName(className).getDeclaredConstructor().newInstance();</span>
<span class="source-line-no">205</span><span id="line-205"> } catch (Exception e) {</span>
<span class="source-line-no">206</span><span id="line-206"> throw new UnsupportedCompressionCodecException(className, e);</span>
<span class="source-line-no">207</span><span id="line-207"> }</span>
<span class="source-line-no">208</span><span id="line-208"> }</span>
<span class="source-line-no">209</span><span id="line-209"></span>
<span class="source-line-no">210</span><span id="line-210"> /**</span>
<span class="source-line-no">211</span><span id="line-211"> * Set up cipher for rpc encryption with Apache Commons Crypto.</span>
<span class="source-line-no">212</span><span id="line-212"> */</span>
<span class="source-line-no">213</span><span id="line-213"> private Pair&lt;RPCProtos.ConnectionHeaderResponse, CryptoAES&gt; setupCryptoCipher()</span>
<span class="source-line-no">214</span><span id="line-214"> throws FatalConnectionException {</span>
<span class="source-line-no">215</span><span id="line-215"> // If simple auth, return</span>
<span class="source-line-no">216</span><span id="line-216"> if (saslServer == null) {</span>
<span class="source-line-no">217</span><span id="line-217"> return null;</span>
<span class="source-line-no">218</span><span id="line-218"> }</span>
<span class="source-line-no">219</span><span id="line-219"> // check if rpc encryption with Crypto AES</span>
<span class="source-line-no">220</span><span id="line-220"> String qop = saslServer.getNegotiatedQop();</span>
<span class="source-line-no">221</span><span id="line-221"> boolean isEncryption = SaslUtil.QualityOfProtection.PRIVACY.getSaslQop().equalsIgnoreCase(qop);</span>
<span class="source-line-no">222</span><span id="line-222"> boolean isCryptoAesEncryption = isEncryption</span>
<span class="source-line-no">223</span><span id="line-223"> &amp;&amp; this.rpcServer.conf.getBoolean("hbase.rpc.crypto.encryption.aes.enabled", false);</span>
<span class="source-line-no">224</span><span id="line-224"> if (!isCryptoAesEncryption) {</span>
<span class="source-line-no">225</span><span id="line-225"> return null;</span>
<span class="source-line-no">226</span><span id="line-226"> }</span>
<span class="source-line-no">227</span><span id="line-227"> if (!connectionHeader.hasRpcCryptoCipherTransformation()) {</span>
<span class="source-line-no">228</span><span id="line-228"> return null;</span>
<span class="source-line-no">229</span><span id="line-229"> }</span>
<span class="source-line-no">230</span><span id="line-230"> String transformation = connectionHeader.getRpcCryptoCipherTransformation();</span>
<span class="source-line-no">231</span><span id="line-231"> if (transformation == null || transformation.length() == 0) {</span>
<span class="source-line-no">232</span><span id="line-232"> return null;</span>
<span class="source-line-no">233</span><span id="line-233"> }</span>
<span class="source-line-no">234</span><span id="line-234"> // Negotiates AES based on complete saslServer.</span>
<span class="source-line-no">235</span><span id="line-235"> // The Crypto metadata need to be encrypted and send to client.</span>
<span class="source-line-no">236</span><span id="line-236"> Properties properties = new Properties();</span>
<span class="source-line-no">237</span><span id="line-237"> // the property for SecureRandomFactory</span>
<span class="source-line-no">238</span><span id="line-238"> properties.setProperty(CryptoRandomFactory.CLASSES_KEY,</span>
<span class="source-line-no">239</span><span id="line-239"> this.rpcServer.conf.get("hbase.crypto.sasl.encryption.aes.crypto.random",</span>
<span class="source-line-no">240</span><span id="line-240"> "org.apache.commons.crypto.random.JavaCryptoRandom"));</span>
<span class="source-line-no">241</span><span id="line-241"> // the property for cipher class</span>
<span class="source-line-no">242</span><span id="line-242"> properties.setProperty(CryptoCipherFactory.CLASSES_KEY,</span>
<span class="source-line-no">243</span><span id="line-243"> this.rpcServer.conf.get("hbase.rpc.crypto.encryption.aes.cipher.class",</span>
<span class="source-line-no">244</span><span id="line-244"> "org.apache.commons.crypto.cipher.JceCipher"));</span>
<span class="source-line-no">245</span><span id="line-245"></span>
<span class="source-line-no">246</span><span id="line-246"> int cipherKeyBits =</span>
<span class="source-line-no">247</span><span id="line-247"> this.rpcServer.conf.getInt("hbase.rpc.crypto.encryption.aes.cipher.keySizeBits", 128);</span>
<span class="source-line-no">248</span><span id="line-248"> // generate key and iv</span>
<span class="source-line-no">249</span><span id="line-249"> if (cipherKeyBits % 8 != 0) {</span>
<span class="source-line-no">250</span><span id="line-250"> throw new IllegalArgumentException(</span>
<span class="source-line-no">251</span><span id="line-251"> "The AES cipher key size in bits" + " should be a multiple of byte");</span>
<span class="source-line-no">252</span><span id="line-252"> }</span>
<span class="source-line-no">253</span><span id="line-253"> int len = cipherKeyBits / 8;</span>
<span class="source-line-no">254</span><span id="line-254"> byte[] inKey = new byte[len];</span>
<span class="source-line-no">255</span><span id="line-255"> byte[] outKey = new byte[len];</span>
<span class="source-line-no">256</span><span id="line-256"> byte[] inIv = new byte[len];</span>
<span class="source-line-no">257</span><span id="line-257"> byte[] outIv = new byte[len];</span>
<span class="source-line-no">258</span><span id="line-258"></span>
<span class="source-line-no">259</span><span id="line-259"> CryptoAES cryptoAES;</span>
<span class="source-line-no">260</span><span id="line-260"> try {</span>
<span class="source-line-no">261</span><span id="line-261"> // generate the cipher meta data with SecureRandom</span>
<span class="source-line-no">262</span><span id="line-262"> CryptoRandom secureRandom = CryptoRandomFactory.getCryptoRandom(properties);</span>
<span class="source-line-no">263</span><span id="line-263"> secureRandom.nextBytes(inKey);</span>
<span class="source-line-no">264</span><span id="line-264"> secureRandom.nextBytes(outKey);</span>
<span class="source-line-no">265</span><span id="line-265"> secureRandom.nextBytes(inIv);</span>
<span class="source-line-no">266</span><span id="line-266"> secureRandom.nextBytes(outIv);</span>
<span class="source-line-no">267</span><span id="line-267"></span>
<span class="source-line-no">268</span><span id="line-268"> // create CryptoAES for server</span>
<span class="source-line-no">269</span><span id="line-269"> cryptoAES = new CryptoAES(transformation, properties, inKey, outKey, inIv, outIv);</span>
<span class="source-line-no">270</span><span id="line-270"> } catch (GeneralSecurityException | IOException ex) {</span>
<span class="source-line-no">271</span><span id="line-271"> throw new UnsupportedCryptoException(ex.getMessage(), ex);</span>
<span class="source-line-no">272</span><span id="line-272"> }</span>
<span class="source-line-no">273</span><span id="line-273"> // create SaslCipherMeta and send to client,</span>
<span class="source-line-no">274</span><span id="line-274"> // for client, the [inKey, outKey], [inIv, outIv] should be reversed</span>
<span class="source-line-no">275</span><span id="line-275"> RPCProtos.CryptoCipherMeta.Builder ccmBuilder = RPCProtos.CryptoCipherMeta.newBuilder();</span>
<span class="source-line-no">276</span><span id="line-276"> ccmBuilder.setTransformation(transformation);</span>
<span class="source-line-no">277</span><span id="line-277"> ccmBuilder.setInIv(getByteString(outIv));</span>
<span class="source-line-no">278</span><span id="line-278"> ccmBuilder.setInKey(getByteString(outKey));</span>
<span class="source-line-no">279</span><span id="line-279"> ccmBuilder.setOutIv(getByteString(inIv));</span>
<span class="source-line-no">280</span><span id="line-280"> ccmBuilder.setOutKey(getByteString(inKey));</span>
<span class="source-line-no">281</span><span id="line-281"> RPCProtos.ConnectionHeaderResponse resp =</span>
<span class="source-line-no">282</span><span id="line-282"> RPCProtos.ConnectionHeaderResponse.newBuilder().setCryptoCipherMeta(ccmBuilder).build();</span>
<span class="source-line-no">283</span><span id="line-283"> return Pair.newPair(resp, cryptoAES);</span>
<span class="source-line-no">284</span><span id="line-284"> }</span>
<span class="source-line-no">285</span><span id="line-285"></span>
<span class="source-line-no">286</span><span id="line-286"> private ByteString getByteString(byte[] bytes) {</span>
<span class="source-line-no">287</span><span id="line-287"> // return singleton to reduce object allocation</span>
<span class="source-line-no">288</span><span id="line-288"> return (bytes.length == 0) ? ByteString.EMPTY : ByteString.copyFrom(bytes);</span>
<span class="source-line-no">289</span><span id="line-289"> }</span>
<span class="source-line-no">290</span><span id="line-290"></span>
<span class="source-line-no">291</span><span id="line-291"> private UserGroupInformation createUser(ConnectionHeader head) {</span>
<span class="source-line-no">292</span><span id="line-292"> UserGroupInformation ugi = null;</span>
<span class="source-line-no">293</span><span id="line-293"></span>
<span class="source-line-no">294</span><span id="line-294"> if (!head.hasUserInfo()) {</span>
<span class="source-line-no">295</span><span id="line-295"> return null;</span>
<span class="source-line-no">296</span><span id="line-296"> }</span>
<span class="source-line-no">297</span><span id="line-297"> UserInformation userInfoProto = head.getUserInfo();</span>
<span class="source-line-no">298</span><span id="line-298"> String effectiveUser = null;</span>
<span class="source-line-no">299</span><span id="line-299"> if (userInfoProto.hasEffectiveUser()) {</span>
<span class="source-line-no">300</span><span id="line-300"> effectiveUser = userInfoProto.getEffectiveUser();</span>
<span class="source-line-no">301</span><span id="line-301"> }</span>
<span class="source-line-no">302</span><span id="line-302"> String realUser = null;</span>
<span class="source-line-no">303</span><span id="line-303"> if (userInfoProto.hasRealUser()) {</span>
<span class="source-line-no">304</span><span id="line-304"> realUser = userInfoProto.getRealUser();</span>
<span class="source-line-no">305</span><span id="line-305"> }</span>
<span class="source-line-no">306</span><span id="line-306"> if (effectiveUser != null) {</span>
<span class="source-line-no">307</span><span id="line-307"> if (realUser != null) {</span>
<span class="source-line-no">308</span><span id="line-308"> UserGroupInformation realUserUgi = UserGroupInformation.createRemoteUser(realUser);</span>
<span class="source-line-no">309</span><span id="line-309"> ugi = UserGroupInformation.createProxyUser(effectiveUser, realUserUgi);</span>
<span class="source-line-no">310</span><span id="line-310"> } else {</span>
<span class="source-line-no">311</span><span id="line-311"> ugi = UserGroupInformation.createRemoteUser(effectiveUser);</span>
<span class="source-line-no">312</span><span id="line-312"> }</span>
<span class="source-line-no">313</span><span id="line-313"> }</span>
<span class="source-line-no">314</span><span id="line-314"> return ugi;</span>
<span class="source-line-no">315</span><span id="line-315"> }</span>
<span class="source-line-no">316</span><span id="line-316"></span>
<span class="source-line-no">317</span><span id="line-317"> protected final void disposeSasl() {</span>
<span class="source-line-no">318</span><span id="line-318"> if (saslServer != null) {</span>
<span class="source-line-no">319</span><span id="line-319"> saslServer.dispose();</span>
<span class="source-line-no">320</span><span id="line-320"> saslServer = null;</span>
<span class="source-line-no">321</span><span id="line-321"> }</span>
<span class="source-line-no">322</span><span id="line-322"> }</span>
<span class="source-line-no">323</span><span id="line-323"></span>
<span class="source-line-no">324</span><span id="line-324"> /**</span>
<span class="source-line-no">325</span><span id="line-325"> * No protobuf encoding of raw sasl messages</span>
<span class="source-line-no">326</span><span id="line-326"> */</span>
<span class="source-line-no">327</span><span id="line-327"> protected final void doRawSaslReply(SaslStatus status, Writable rv, String errorClass,</span>
<span class="source-line-no">328</span><span id="line-328"> String error) throws IOException {</span>
<span class="source-line-no">329</span><span id="line-329"> BufferChain bc;</span>
<span class="source-line-no">330</span><span id="line-330"> // In my testing, have noticed that sasl messages are usually</span>
<span class="source-line-no">331</span><span id="line-331"> // in the ballpark of 100-200. That's why the initial capacity is 256.</span>
<span class="source-line-no">332</span><span id="line-332"> try (ByteBufferOutputStream saslResponse = new ByteBufferOutputStream(256);</span>
<span class="source-line-no">333</span><span id="line-333"> DataOutputStream out = new DataOutputStream(saslResponse)) {</span>
<span class="source-line-no">334</span><span id="line-334"> out.writeInt(status.state); // write status</span>
<span class="source-line-no">335</span><span id="line-335"> if (status == SaslStatus.SUCCESS) {</span>
<span class="source-line-no">336</span><span id="line-336"> rv.write(out);</span>
<span class="source-line-no">337</span><span id="line-337"> } else {</span>
<span class="source-line-no">338</span><span id="line-338"> WritableUtils.writeString(out, errorClass);</span>
<span class="source-line-no">339</span><span id="line-339"> WritableUtils.writeString(out, error);</span>
<span class="source-line-no">340</span><span id="line-340"> }</span>
<span class="source-line-no">341</span><span id="line-341"> bc = new BufferChain(saslResponse.getByteBuffer());</span>
<span class="source-line-no">342</span><span id="line-342"> }</span>
<span class="source-line-no">343</span><span id="line-343"> doRespond(() -&gt; bc);</span>
<span class="source-line-no">344</span><span id="line-344"> }</span>
<span class="source-line-no">345</span><span id="line-345"></span>
<span class="source-line-no">346</span><span id="line-346"> HBaseSaslRpcServer getOrCreateSaslServer() throws IOException {</span>
<span class="source-line-no">347</span><span id="line-347"> if (saslServer == null) {</span>
<span class="source-line-no">348</span><span id="line-348"> saslServer = new HBaseSaslRpcServer(provider, rpcServer.saslProps, rpcServer.secretManager);</span>
<span class="source-line-no">349</span><span id="line-349"> }</span>
<span class="source-line-no">350</span><span id="line-350"> return saslServer;</span>
<span class="source-line-no">351</span><span id="line-351"> }</span>
<span class="source-line-no">352</span><span id="line-352"></span>
<span class="source-line-no">353</span><span id="line-353"> void finishSaslNegotiation() throws IOException {</span>
<span class="source-line-no">354</span><span id="line-354"> String qop = saslServer.getNegotiatedQop();</span>
<span class="source-line-no">355</span><span id="line-355"> ugi = provider.getAuthorizedUgi(saslServer.getAuthorizationID(), this.rpcServer.secretManager);</span>
<span class="source-line-no">356</span><span id="line-356"> RpcServer.LOG.debug(</span>
<span class="source-line-no">357</span><span id="line-357"> "SASL server context established. Authenticated client: {}. Negotiated QoP is {}", ugi, qop);</span>
<span class="source-line-no">358</span><span id="line-358"> rpcServer.metrics.authenticationSuccess();</span>
<span class="source-line-no">359</span><span id="line-359"> RpcServer.AUDITLOG.info(RpcServer.AUTH_SUCCESSFUL_FOR + ugi);</span>
<span class="source-line-no">360</span><span id="line-360"> }</span>
<span class="source-line-no">361</span><span id="line-361"></span>
<span class="source-line-no">362</span><span id="line-362"> public void processOneRpc(ByteBuff buf) throws IOException, InterruptedException {</span>
<span class="source-line-no">363</span><span id="line-363"> if (connectionHeaderRead) {</span>
<span class="source-line-no">364</span><span id="line-364"> processRequest(buf);</span>
<span class="source-line-no">365</span><span id="line-365"> } else {</span>
<span class="source-line-no">366</span><span id="line-366"> processConnectionHeader(buf);</span>
<span class="source-line-no">367</span><span id="line-367"> callCleanupIfNeeded();</span>
<span class="source-line-no">368</span><span id="line-368"> this.connectionHeaderRead = true;</span>
<span class="source-line-no">369</span><span id="line-369"> if (rpcServer.needAuthorization() &amp;&amp; !authorizeConnection()) {</span>
<span class="source-line-no">370</span><span id="line-370"> // Throw FatalConnectionException wrapping ACE so client does right thing and closes</span>
<span class="source-line-no">371</span><span id="line-371"> // down the connection instead of trying to read non-existent retun.</span>
<span class="source-line-no">372</span><span id="line-372"> throw new AccessDeniedException("Connection from " + this + " for service "</span>
<span class="source-line-no">373</span><span id="line-373"> + connectionHeader.getServiceName() + " is unauthorized for user: " + ugi);</span>
<span class="source-line-no">374</span><span id="line-374"> }</span>
<span class="source-line-no">375</span><span id="line-375"> this.user = this.rpcServer.userProvider.create(this.ugi);</span>
<span class="source-line-no">376</span><span id="line-376"> }</span>
<span class="source-line-no">377</span><span id="line-377"> }</span>
<span class="source-line-no">378</span><span id="line-378"></span>
<span class="source-line-no">379</span><span id="line-379"> private boolean authorizeConnection() throws IOException {</span>
<span class="source-line-no">380</span><span id="line-380"> try {</span>
<span class="source-line-no">381</span><span id="line-381"> // If auth method is DIGEST, the token was obtained by the</span>
<span class="source-line-no">382</span><span id="line-382"> // real user for the effective user, therefore not required to</span>
<span class="source-line-no">383</span><span id="line-383"> // authorize real user. doAs is allowed only for simple or kerberos</span>
<span class="source-line-no">384</span><span id="line-384"> // authentication</span>
<span class="source-line-no">385</span><span id="line-385"> if (ugi != null &amp;&amp; ugi.getRealUser() != null &amp;&amp; provider.supportsProtocolAuthentication()) {</span>
<span class="source-line-no">386</span><span id="line-386"> ProxyUsers.authorize(ugi, this.getHostAddress(), this.rpcServer.conf);</span>
<span class="source-line-no">387</span><span id="line-387"> }</span>
<span class="source-line-no">388</span><span id="line-388"> this.rpcServer.authorize(ugi, connectionHeader, getHostInetAddress());</span>
<span class="source-line-no">389</span><span id="line-389"> this.rpcServer.metrics.authorizationSuccess();</span>
<span class="source-line-no">390</span><span id="line-390"> } catch (AuthorizationException ae) {</span>
<span class="source-line-no">391</span><span id="line-391"> if (RpcServer.LOG.isDebugEnabled()) {</span>
<span class="source-line-no">392</span><span id="line-392"> RpcServer.LOG.debug("Connection authorization failed: " + ae.getMessage(), ae);</span>
<span class="source-line-no">393</span><span id="line-393"> }</span>
<span class="source-line-no">394</span><span id="line-394"> this.rpcServer.metrics.authorizationFailure();</span>
<span class="source-line-no">395</span><span id="line-395"> doRespond(getErrorResponse(ae.getMessage(), new AccessDeniedException(ae)));</span>
<span class="source-line-no">396</span><span id="line-396"> return false;</span>
<span class="source-line-no">397</span><span id="line-397"> }</span>
<span class="source-line-no">398</span><span id="line-398"> return true;</span>
<span class="source-line-no">399</span><span id="line-399"> }</span>
<span class="source-line-no">400</span><span id="line-400"></span>
<span class="source-line-no">401</span><span id="line-401"> private CodedInputStream createCis(ByteBuff buf) {</span>
<span class="source-line-no">402</span><span id="line-402"> // Here we read in the header. We avoid having pb</span>
<span class="source-line-no">403</span><span id="line-403"> // do its default 4k allocation for CodedInputStream. We force it to use</span>
<span class="source-line-no">404</span><span id="line-404"> // backing array.</span>
<span class="source-line-no">405</span><span id="line-405"> CodedInputStream cis;</span>
<span class="source-line-no">406</span><span id="line-406"> if (buf.hasArray()) {</span>
<span class="source-line-no">407</span><span id="line-407"> cis = UnsafeByteOperations</span>
<span class="source-line-no">408</span><span id="line-408"> .unsafeWrap(buf.array(), buf.arrayOffset() + buf.position(), buf.limit()).newCodedInput();</span>
<span class="source-line-no">409</span><span id="line-409"> } else {</span>
<span class="source-line-no">410</span><span id="line-410"> cis = UnsafeByteOperations.unsafeWrap(new ByteBuffByteInput(buf, buf.limit()), 0, buf.limit())</span>
<span class="source-line-no">411</span><span id="line-411"> .newCodedInput();</span>
<span class="source-line-no">412</span><span id="line-412"> }</span>
<span class="source-line-no">413</span><span id="line-413"> cis.enableAliasing(true);</span>
<span class="source-line-no">414</span><span id="line-414"> return cis;</span>
<span class="source-line-no">415</span><span id="line-415"> }</span>
<span class="source-line-no">416</span><span id="line-416"></span>
<span class="source-line-no">417</span><span id="line-417"> // Reads the connection header following version</span>
<span class="source-line-no">418</span><span id="line-418"> private void processConnectionHeader(ByteBuff buf) throws IOException {</span>
<span class="source-line-no">419</span><span id="line-419"> this.connectionHeader = ConnectionHeader.parseFrom(createCis(buf));</span>
<span class="source-line-no">420</span><span id="line-420"></span>
<span class="source-line-no">421</span><span id="line-421"> // we want to copy the attributes prior to releasing the buffer so that they don't get corrupted</span>
<span class="source-line-no">422</span><span id="line-422"> // eventually</span>
<span class="source-line-no">423</span><span id="line-423"> if (connectionHeader.getAttributeList().isEmpty()) {</span>
<span class="source-line-no">424</span><span id="line-424"> this.connectionAttributes = Collections.emptyMap();</span>
<span class="source-line-no">425</span><span id="line-425"> } else {</span>
<span class="source-line-no">426</span><span id="line-426"> this.connectionAttributes =</span>
<span class="source-line-no">427</span><span id="line-427"> Maps.newHashMapWithExpectedSize(connectionHeader.getAttributeList().size());</span>
<span class="source-line-no">428</span><span id="line-428"> for (HBaseProtos.NameBytesPair nameBytesPair : connectionHeader.getAttributeList()) {</span>
<span class="source-line-no">429</span><span id="line-429"> this.connectionAttributes.put(nameBytesPair.getName(),</span>
<span class="source-line-no">430</span><span id="line-430"> nameBytesPair.getValue().toByteArray());</span>
<span class="source-line-no">431</span><span id="line-431"> }</span>
<span class="source-line-no">432</span><span id="line-432"> }</span>
<span class="source-line-no">433</span><span id="line-433"> String serviceName = connectionHeader.getServiceName();</span>
<span class="source-line-no">434</span><span id="line-434"> if (serviceName == null) {</span>
<span class="source-line-no">435</span><span id="line-435"> throw new EmptyServiceNameException();</span>
<span class="source-line-no">436</span><span id="line-436"> }</span>
<span class="source-line-no">437</span><span id="line-437"> this.service = RpcServer.getService(this.rpcServer.services, serviceName);</span>
<span class="source-line-no">438</span><span id="line-438"> if (this.service == null) {</span>
<span class="source-line-no">439</span><span id="line-439"> throw new UnknownServiceException(serviceName);</span>
<span class="source-line-no">440</span><span id="line-440"> }</span>
<span class="source-line-no">441</span><span id="line-441"> setupCellBlockCodecs();</span>
<span class="source-line-no">442</span><span id="line-442"> sendConnectionHeaderResponseIfNeeded();</span>
<span class="source-line-no">443</span><span id="line-443"> UserGroupInformation protocolUser = createUser(connectionHeader);</span>
<span class="source-line-no">444</span><span id="line-444"> if (!useSasl) {</span>
<span class="source-line-no">445</span><span id="line-445"> ugi = protocolUser;</span>
<span class="source-line-no">446</span><span id="line-446"> if (ugi != null) {</span>
<span class="source-line-no">447</span><span id="line-447"> ugi.setAuthenticationMethod(AuthenticationMethod.SIMPLE);</span>
<span class="source-line-no">448</span><span id="line-448"> }</span>
<span class="source-line-no">449</span><span id="line-449"> // audit logging for SASL authenticated users happens in saslReadAndProcess()</span>
<span class="source-line-no">450</span><span id="line-450"> if (authenticatedWithFallback) {</span>
<span class="source-line-no">451</span><span id="line-451"> RpcServer.LOG.warn("Allowed fallback to SIMPLE auth for {} connecting from {}", ugi,</span>
<span class="source-line-no">452</span><span id="line-452"> getHostAddress());</span>
<span class="source-line-no">453</span><span id="line-453"> }</span>
<span class="source-line-no">454</span><span id="line-454"> } else {</span>
<span class="source-line-no">455</span><span id="line-455"> // user is authenticated</span>
<span class="source-line-no">456</span><span id="line-456"> ugi.setAuthenticationMethod(provider.getSaslAuthMethod().getAuthMethod());</span>
<span class="source-line-no">457</span><span id="line-457"> // Now we check if this is a proxy user case. If the protocol user is</span>
<span class="source-line-no">458</span><span id="line-458"> // different from the 'user', it is a proxy user scenario. However,</span>
<span class="source-line-no">459</span><span id="line-459"> // this is not allowed if user authenticated with DIGEST.</span>
<span class="source-line-no">460</span><span id="line-460"> if ((protocolUser != null) &amp;&amp; (!protocolUser.getUserName().equals(ugi.getUserName()))) {</span>
<span class="source-line-no">461</span><span id="line-461"> if (!provider.supportsProtocolAuthentication()) {</span>
<span class="source-line-no">462</span><span id="line-462"> // Not allowed to doAs if token authentication is used</span>
<span class="source-line-no">463</span><span id="line-463"> throw new AccessDeniedException("Authenticated user (" + ugi</span>
<span class="source-line-no">464</span><span id="line-464"> + ") doesn't match what the client claims to be (" + protocolUser + ")");</span>
<span class="source-line-no">465</span><span id="line-465"> } else {</span>
<span class="source-line-no">466</span><span id="line-466"> // Effective user can be different from authenticated user</span>
<span class="source-line-no">467</span><span id="line-467"> // for simple auth or kerberos auth</span>
<span class="source-line-no">468</span><span id="line-468"> // The user is the real user. Now we create a proxy user</span>
<span class="source-line-no">469</span><span id="line-469"> UserGroupInformation realUser = ugi;</span>
<span class="source-line-no">470</span><span id="line-470"> ugi = UserGroupInformation.createProxyUser(protocolUser.getUserName(), realUser);</span>
<span class="source-line-no">471</span><span id="line-471"> // Now the user is a proxy user, set Authentication method Proxy.</span>
<span class="source-line-no">472</span><span id="line-472"> ugi.setAuthenticationMethod(AuthenticationMethod.PROXY);</span>
<span class="source-line-no">473</span><span id="line-473"> }</span>
<span class="source-line-no">474</span><span id="line-474"> }</span>
<span class="source-line-no">475</span><span id="line-475"> }</span>
<span class="source-line-no">476</span><span id="line-476"> String version;</span>
<span class="source-line-no">477</span><span id="line-477"> if (this.connectionHeader.hasVersionInfo()) {</span>
<span class="source-line-no">478</span><span id="line-478"> // see if this connection will support RetryImmediatelyException</span>
<span class="source-line-no">479</span><span id="line-479"> this.retryImmediatelySupported = VersionInfoUtil.hasMinimumVersion(getVersionInfo(), 1, 2);</span>
<span class="source-line-no">480</span><span id="line-480"> version = this.connectionHeader.getVersionInfo().getVersion();</span>
<span class="source-line-no">481</span><span id="line-481"> } else {</span>
<span class="source-line-no">482</span><span id="line-482"> version = "UNKNOWN";</span>
<span class="source-line-no">483</span><span id="line-483"> }</span>
<span class="source-line-no">484</span><span id="line-484"> RpcServer.AUDITLOG.info("Connection from {}:{}, version={}, sasl={}, ugi={}, service={}",</span>
<span class="source-line-no">485</span><span id="line-485"> this.hostAddress, this.remotePort, version, this.useSasl, this.ugi, serviceName);</span>
<span class="source-line-no">486</span><span id="line-486"> }</span>
<span class="source-line-no">487</span><span id="line-487"></span>
<span class="source-line-no">488</span><span id="line-488"> /**</span>
<span class="source-line-no">489</span><span id="line-489"> * Send the response for connection header</span>
<span class="source-line-no">490</span><span id="line-490"> */</span>
<span class="source-line-no">491</span><span id="line-491"> private void sendConnectionHeaderResponseIfNeeded() throws FatalConnectionException {</span>
<span class="source-line-no">492</span><span id="line-492"> Pair&lt;RPCProtos.ConnectionHeaderResponse, CryptoAES&gt; pair = setupCryptoCipher();</span>
<span class="source-line-no">493</span><span id="line-493"> // Response the connection header if Crypto AES is enabled</span>
<span class="source-line-no">494</span><span id="line-494"> if (pair == null) {</span>
<span class="source-line-no">495</span><span id="line-495"> return;</span>
<span class="source-line-no">496</span><span id="line-496"> }</span>
<span class="source-line-no">497</span><span id="line-497"> try {</span>
<span class="source-line-no">498</span><span id="line-498"> int size = pair.getFirst().getSerializedSize();</span>
<span class="source-line-no">499</span><span id="line-499"> BufferChain bc;</span>
<span class="source-line-no">500</span><span id="line-500"> try (ByteBufferOutputStream bbOut = new ByteBufferOutputStream(4 + size);</span>
<span class="source-line-no">501</span><span id="line-501"> DataOutputStream out = new DataOutputStream(bbOut)) {</span>
<span class="source-line-no">502</span><span id="line-502"> out.writeInt(size);</span>
<span class="source-line-no">503</span><span id="line-503"> pair.getFirst().writeTo(out);</span>
<span class="source-line-no">504</span><span id="line-504"> bc = new BufferChain(bbOut.getByteBuffer());</span>
<span class="source-line-no">505</span><span id="line-505"> }</span>
<span class="source-line-no">506</span><span id="line-506"> doRespond(new RpcResponse() {</span>
<span class="source-line-no">507</span><span id="line-507"></span>
<span class="source-line-no">508</span><span id="line-508"> @Override</span>
<span class="source-line-no">509</span><span id="line-509"> public BufferChain getResponse() {</span>
<span class="source-line-no">510</span><span id="line-510"> return bc;</span>
<span class="source-line-no">511</span><span id="line-511"> }</span>
<span class="source-line-no">512</span><span id="line-512"></span>
<span class="source-line-no">513</span><span id="line-513"> @Override</span>
<span class="source-line-no">514</span><span id="line-514"> public void done() {</span>
<span class="source-line-no">515</span><span id="line-515"> // must switch after sending the connection header response, as the client still uses the</span>
<span class="source-line-no">516</span><span id="line-516"> // original SaslClient to unwrap the data we send back</span>
<span class="source-line-no">517</span><span id="line-517"> saslServer.switchToCryptoAES(pair.getSecond());</span>
<span class="source-line-no">518</span><span id="line-518"> }</span>
<span class="source-line-no">519</span><span id="line-519"> });</span>
<span class="source-line-no">520</span><span id="line-520"> } catch (IOException ex) {</span>
<span class="source-line-no">521</span><span id="line-521"> throw new UnsupportedCryptoException(ex.getMessage(), ex);</span>
<span class="source-line-no">522</span><span id="line-522"> }</span>
<span class="source-line-no">523</span><span id="line-523"> }</span>
<span class="source-line-no">524</span><span id="line-524"></span>
<span class="source-line-no">525</span><span id="line-525"> protected abstract void doRespond(RpcResponse resp) throws IOException;</span>
<span class="source-line-no">526</span><span id="line-526"></span>
<span class="source-line-no">527</span><span id="line-527"> /**</span>
<span class="source-line-no">528</span><span id="line-528"> * Has the request header and the request param and optionally encoded data buffer all in this one</span>
<span class="source-line-no">529</span><span id="line-529"> * array.</span>
<span class="source-line-no">530</span><span id="line-530"> * &lt;p/&gt;</span>
<span class="source-line-no">531</span><span id="line-531"> * Will be overridden in tests.</span>
<span class="source-line-no">532</span><span id="line-532"> */</span>
<span class="source-line-no">533</span><span id="line-533"> protected void processRequest(ByteBuff buf) throws IOException, InterruptedException {</span>
<span class="source-line-no">534</span><span id="line-534"> long totalRequestSize = buf.limit();</span>
<span class="source-line-no">535</span><span id="line-535"> int offset = 0;</span>
<span class="source-line-no">536</span><span id="line-536"> // Here we read in the header. We avoid having pb</span>
<span class="source-line-no">537</span><span id="line-537"> // do its default 4k allocation for CodedInputStream. We force it to use</span>
<span class="source-line-no">538</span><span id="line-538"> // backing array.</span>
<span class="source-line-no">539</span><span id="line-539"> CodedInputStream cis = createCis(buf);</span>
<span class="source-line-no">540</span><span id="line-540"> int headerSize = cis.readRawVarint32();</span>
<span class="source-line-no">541</span><span id="line-541"> offset = cis.getTotalBytesRead();</span>
<span class="source-line-no">542</span><span id="line-542"> Message.Builder builder = RequestHeader.newBuilder();</span>
<span class="source-line-no">543</span><span id="line-543"> ProtobufUtil.mergeFrom(builder, cis, headerSize);</span>
<span class="source-line-no">544</span><span id="line-544"> RequestHeader header = (RequestHeader) builder.build();</span>
<span class="source-line-no">545</span><span id="line-545"> offset += headerSize;</span>
<span class="source-line-no">546</span><span id="line-546"> Context traceCtx = GlobalOpenTelemetry.getPropagators().getTextMapPropagator()</span>
<span class="source-line-no">547</span><span id="line-547"> .extract(Context.current(), header.getTraceInfo(), getter);</span>
<span class="source-line-no">548</span><span id="line-548"></span>
<span class="source-line-no">549</span><span id="line-549"> // n.b. Management of this Span instance is a little odd. Most exit paths from this try scope</span>
<span class="source-line-no">550</span><span id="line-550"> // are early-exits due to error cases. There's only one success path, the asynchronous call to</span>
<span class="source-line-no">551</span><span id="line-551"> // RpcScheduler#dispatch. The success path assumes ownership of the span, which is represented</span>
<span class="source-line-no">552</span><span id="line-552"> // by null-ing out the reference in this scope. All other paths end the span. Thus, and in</span>
<span class="source-line-no">553</span><span id="line-553"> // order to avoid accidentally orphaning the span, the call to Span#end happens in a finally</span>
<span class="source-line-no">554</span><span id="line-554"> // block iff the span is non-null.</span>
<span class="source-line-no">555</span><span id="line-555"> Span span = TraceUtil.createRemoteSpan("RpcServer.process", traceCtx);</span>
<span class="source-line-no">556</span><span id="line-556"> try (Scope ignored = span.makeCurrent()) {</span>
<span class="source-line-no">557</span><span id="line-557"> int id = header.getCallId();</span>
<span class="source-line-no">558</span><span id="line-558"> // HBASE-28128 - if server is aborting, don't bother trying to process. It will</span>
<span class="source-line-no">559</span><span id="line-559"> // fail at the handler layer, but worse might result in CallQueueTooBigException if the</span>
<span class="source-line-no">560</span><span id="line-560"> // queue is full but server is not properly processing requests. Better to throw an aborted</span>
<span class="source-line-no">561</span><span id="line-561"> // exception here so that the client can properly react.</span>
<span class="source-line-no">562</span><span id="line-562"> if (rpcServer.server != null &amp;&amp; rpcServer.server.isAborted()) {</span>
<span class="source-line-no">563</span><span id="line-563"> RegionServerAbortedException serverIsAborted = new RegionServerAbortedException(</span>
<span class="source-line-no">564</span><span id="line-564"> "Server " + rpcServer.server.getServerName() + " aborting");</span>
<span class="source-line-no">565</span><span id="line-565"> this.rpcServer.metrics.exception(serverIsAborted);</span>
<span class="source-line-no">566</span><span id="line-566"> sendErrorResponseForCall(id, totalRequestSize, span, serverIsAborted.getMessage(),</span>
<span class="source-line-no">567</span><span id="line-567"> serverIsAborted);</span>
<span class="source-line-no">568</span><span id="line-568"> return;</span>
<span class="source-line-no">569</span><span id="line-569"> }</span>
<span class="source-line-no">570</span><span id="line-570"></span>
<span class="source-line-no">571</span><span id="line-571"> if (RpcServer.LOG.isTraceEnabled()) {</span>
<span class="source-line-no">572</span><span id="line-572"> RpcServer.LOG.trace("RequestHeader " + TextFormat.shortDebugString(header)</span>
<span class="source-line-no">573</span><span id="line-573"> + " totalRequestSize: " + totalRequestSize + " bytes");</span>
<span class="source-line-no">574</span><span id="line-574"> }</span>
<span class="source-line-no">575</span><span id="line-575"> // Enforcing the call queue size, this triggers a retry in the client</span>
<span class="source-line-no">576</span><span id="line-576"> // This is a bit late to be doing this check - we have already read in the</span>
<span class="source-line-no">577</span><span id="line-577"> // total request.</span>
<span class="source-line-no">578</span><span id="line-578"> if (</span>
<span class="source-line-no">579</span><span id="line-579"> (totalRequestSize + this.rpcServer.callQueueSizeInBytes.sum())</span>
<span class="source-line-no">580</span><span id="line-580"> &gt; this.rpcServer.maxQueueSizeInBytes</span>
<span class="source-line-no">581</span><span id="line-581"> ) {</span>
<span class="source-line-no">582</span><span id="line-582"> this.rpcServer.metrics.exception(RpcServer.CALL_QUEUE_TOO_BIG_EXCEPTION);</span>
<span class="source-line-no">583</span><span id="line-583"> sendErrorResponseForCall(id, totalRequestSize, span,</span>
<span class="source-line-no">584</span><span id="line-584"> "Call queue is full on " + this.rpcServer.server.getServerName()</span>
<span class="source-line-no">585</span><span id="line-585"> + ", is hbase.ipc.server.max.callqueue.size too small?",</span>
<span class="source-line-no">586</span><span id="line-586"> RpcServer.CALL_QUEUE_TOO_BIG_EXCEPTION);</span>
<span class="source-line-no">587</span><span id="line-587"> return;</span>
<span class="source-line-no">588</span><span id="line-588"> }</span>
<span class="source-line-no">589</span><span id="line-589"> MethodDescriptor md = null;</span>
<span class="source-line-no">590</span><span id="line-590"> Message param = null;</span>
<span class="source-line-no">591</span><span id="line-591"> ExtendedCellScanner cellScanner = null;</span>
<span class="source-line-no">592</span><span id="line-592"> try {</span>
<span class="source-line-no">593</span><span id="line-593"> if (header.hasRequestParam() &amp;&amp; header.getRequestParam()) {</span>
<span class="source-line-no">594</span><span id="line-594"> md = this.service.getDescriptorForType().findMethodByName(header.getMethodName());</span>
<span class="source-line-no">595</span><span id="line-595"> if (md == null) {</span>
<span class="source-line-no">596</span><span id="line-596"> throw new UnsupportedOperationException(header.getMethodName());</span>
<span class="source-line-no">597</span><span id="line-597"> }</span>
<span class="source-line-no">598</span><span id="line-598"> builder = this.service.getRequestPrototype(md).newBuilderForType();</span>
<span class="source-line-no">599</span><span id="line-599"> cis.resetSizeCounter();</span>
<span class="source-line-no">600</span><span id="line-600"> int paramSize = cis.readRawVarint32();</span>
<span class="source-line-no">601</span><span id="line-601"> offset += cis.getTotalBytesRead();</span>
<span class="source-line-no">602</span><span id="line-602"> if (builder != null) {</span>
<span class="source-line-no">603</span><span id="line-603"> ProtobufUtil.mergeFrom(builder, cis, paramSize);</span>
<span class="source-line-no">604</span><span id="line-604"> param = builder.build();</span>
<span class="source-line-no">605</span><span id="line-605"> }</span>
<span class="source-line-no">606</span><span id="line-606"> offset += paramSize;</span>
<span class="source-line-no">607</span><span id="line-607"> } else {</span>
<span class="source-line-no">608</span><span id="line-608"> // currently header must have request param, so we directly throw</span>
<span class="source-line-no">609</span><span id="line-609"> // exception here</span>
<span class="source-line-no">610</span><span id="line-610"> String msg = "Invalid request header: " + TextFormat.shortDebugString(header)</span>
<span class="source-line-no">611</span><span id="line-611"> + ", should have param set in it";</span>
<span class="source-line-no">612</span><span id="line-612"> RpcServer.LOG.warn(msg);</span>
<span class="source-line-no">613</span><span id="line-613"> throw new DoNotRetryIOException(msg);</span>
<span class="source-line-no">614</span><span id="line-614"> }</span>
<span class="source-line-no">615</span><span id="line-615"> if (header.hasCellBlockMeta()) {</span>
<span class="source-line-no">616</span><span id="line-616"> buf.position(offset);</span>
<span class="source-line-no">617</span><span id="line-617"> ByteBuff dup = buf.duplicate();</span>
<span class="source-line-no">618</span><span id="line-618"> dup.limit(offset + header.getCellBlockMeta().getLength());</span>
<span class="source-line-no">619</span><span id="line-619"> cellScanner = this.rpcServer.cellBlockBuilder.createCellScannerReusingBuffers(this.codec,</span>
<span class="source-line-no">620</span><span id="line-620"> this.compressionCodec, dup);</span>
<span class="source-line-no">621</span><span id="line-621"> }</span>
<span class="source-line-no">622</span><span id="line-622"> } catch (Throwable thrown) {</span>
<span class="source-line-no">623</span><span id="line-623"> InetSocketAddress address = this.rpcServer.getListenerAddress();</span>
<span class="source-line-no">624</span><span id="line-624"> String msg = (address != null ? address : "(channel closed)")</span>
<span class="source-line-no">625</span><span id="line-625"> + " is unable to read call parameter from client " + getHostAddress();</span>
<span class="source-line-no">626</span><span id="line-626"> RpcServer.LOG.warn(msg, thrown);</span>
<span class="source-line-no">627</span><span id="line-627"></span>
<span class="source-line-no">628</span><span id="line-628"> this.rpcServer.metrics.exception(thrown);</span>
<span class="source-line-no">629</span><span id="line-629"></span>
<span class="source-line-no">630</span><span id="line-630"> final Throwable responseThrowable;</span>
<span class="source-line-no">631</span><span id="line-631"> if (thrown instanceof LinkageError) {</span>
<span class="source-line-no">632</span><span id="line-632"> // probably the hbase hadoop version does not match the running hadoop version</span>
<span class="source-line-no">633</span><span id="line-633"> responseThrowable = new DoNotRetryIOException(thrown);</span>
<span class="source-line-no">634</span><span id="line-634"> } else if (thrown instanceof UnsupportedOperationException) {</span>
<span class="source-line-no">635</span><span id="line-635"> // If the method is not present on the server, do not retry.</span>
<span class="source-line-no">636</span><span id="line-636"> responseThrowable = new DoNotRetryIOException(thrown);</span>
<span class="source-line-no">637</span><span id="line-637"> } else {</span>
<span class="source-line-no">638</span><span id="line-638"> responseThrowable = thrown;</span>
<span class="source-line-no">639</span><span id="line-639"> }</span>
<span class="source-line-no">640</span><span id="line-640"></span>
<span class="source-line-no">641</span><span id="line-641"> sendErrorResponseForCall(id, totalRequestSize, span,</span>
<span class="source-line-no">642</span><span id="line-642"> msg + "; " + responseThrowable.getMessage(), responseThrowable);</span>
<span class="source-line-no">643</span><span id="line-643"> return;</span>
<span class="source-line-no">644</span><span id="line-644"> }</span>
<span class="source-line-no">645</span><span id="line-645"></span>
<span class="source-line-no">646</span><span id="line-646"> int timeout = 0;</span>
<span class="source-line-no">647</span><span id="line-647"> if (header.hasTimeout() &amp;&amp; header.getTimeout() &gt; 0) {</span>
<span class="source-line-no">648</span><span id="line-648"> timeout = Math.max(this.rpcServer.minClientRequestTimeout, header.getTimeout());</span>
<span class="source-line-no">649</span><span id="line-649"> }</span>
<span class="source-line-no">650</span><span id="line-650"> ServerCall&lt;?&gt; call = createCall(id, this.service, md, header, param, cellScanner,</span>
<span class="source-line-no">651</span><span id="line-651"> totalRequestSize, this.addr, timeout, this.callCleanup);</span>
<span class="source-line-no">652</span><span id="line-652"></span>
<span class="source-line-no">653</span><span id="line-653"> if (this.rpcServer.scheduler.dispatch(new CallRunner(this.rpcServer, call))) {</span>
<span class="source-line-no">654</span><span id="line-654"> // unset span do that it's not closed in the finally block</span>
<span class="source-line-no">655</span><span id="line-655"> span = null;</span>
<span class="source-line-no">656</span><span id="line-656"> } else {</span>
<span class="source-line-no">657</span><span id="line-657"> this.rpcServer.callQueueSizeInBytes.add(-1 * call.getSize());</span>
<span class="source-line-no">658</span><span id="line-658"> this.rpcServer.metrics.exception(RpcServer.CALL_QUEUE_TOO_BIG_EXCEPTION);</span>
<span class="source-line-no">659</span><span id="line-659"> call.setResponse(null, null, RpcServer.CALL_QUEUE_TOO_BIG_EXCEPTION,</span>
<span class="source-line-no">660</span><span id="line-660"> "Call queue is full on " + this.rpcServer.server.getServerName()</span>
<span class="source-line-no">661</span><span id="line-661"> + ", too many items queued ?");</span>
<span class="source-line-no">662</span><span id="line-662"> TraceUtil.setError(span, RpcServer.CALL_QUEUE_TOO_BIG_EXCEPTION);</span>
<span class="source-line-no">663</span><span id="line-663"> call.sendResponseIfReady();</span>
<span class="source-line-no">664</span><span id="line-664"> }</span>
<span class="source-line-no">665</span><span id="line-665"> } finally {</span>
<span class="source-line-no">666</span><span id="line-666"> if (span != null) {</span>
<span class="source-line-no">667</span><span id="line-667"> span.end();</span>
<span class="source-line-no">668</span><span id="line-668"> }</span>
<span class="source-line-no">669</span><span id="line-669"> }</span>
<span class="source-line-no">670</span><span id="line-670"> }</span>
<span class="source-line-no">671</span><span id="line-671"></span>
<span class="source-line-no">672</span><span id="line-672"> private void sendErrorResponseForCall(int id, long totalRequestSize, Span span, String msg,</span>
<span class="source-line-no">673</span><span id="line-673"> Throwable responseThrowable) throws IOException {</span>
<span class="source-line-no">674</span><span id="line-674"> ServerCall&lt;?&gt; failedcall = createCall(id, this.service, null, null, null, null,</span>
<span class="source-line-no">675</span><span id="line-675"> totalRequestSize, null, 0, this.callCleanup);</span>
<span class="source-line-no">676</span><span id="line-676"> failedcall.setResponse(null, null, responseThrowable, msg);</span>
<span class="source-line-no">677</span><span id="line-677"> TraceUtil.setError(span, responseThrowable);</span>
<span class="source-line-no">678</span><span id="line-678"> failedcall.sendResponseIfReady();</span>
<span class="source-line-no">679</span><span id="line-679"> }</span>
<span class="source-line-no">680</span><span id="line-680"></span>
<span class="source-line-no">681</span><span id="line-681"> protected final RpcResponse getErrorResponse(String msg, Exception e) throws IOException {</span>
<span class="source-line-no">682</span><span id="line-682"> ResponseHeader.Builder headerBuilder = ResponseHeader.newBuilder().setCallId(-1);</span>
<span class="source-line-no">683</span><span id="line-683"> ServerCall.setExceptionResponse(e, msg, headerBuilder);</span>
<span class="source-line-no">684</span><span id="line-684"> ByteBuffer headerBuf =</span>
<span class="source-line-no">685</span><span id="line-685"> ServerCall.createHeaderAndMessageBytes(null, headerBuilder.build(), 0, null);</span>
<span class="source-line-no">686</span><span id="line-686"> BufferChain buf = new BufferChain(headerBuf);</span>
<span class="source-line-no">687</span><span id="line-687"> return () -&gt; buf;</span>
<span class="source-line-no">688</span><span id="line-688"> }</span>
<span class="source-line-no">689</span><span id="line-689"></span>
<span class="source-line-no">690</span><span id="line-690"> private void doBadPreambleHandling(String msg) throws IOException {</span>
<span class="source-line-no">691</span><span id="line-691"> doBadPreambleHandling(msg, new FatalConnectionException(msg));</span>
<span class="source-line-no">692</span><span id="line-692"> }</span>
<span class="source-line-no">693</span><span id="line-693"></span>
<span class="source-line-no">694</span><span id="line-694"> private void doBadPreambleHandling(String msg, Exception e) throws IOException {</span>
<span class="source-line-no">695</span><span id="line-695"> RpcServer.LOG.warn(msg, e);</span>
<span class="source-line-no">696</span><span id="line-696"> doRespond(getErrorResponse(msg, e));</span>
<span class="source-line-no">697</span><span id="line-697"> }</span>
<span class="source-line-no">698</span><span id="line-698"></span>
<span class="source-line-no">699</span><span id="line-699"> private void doPreambleResponse(Message resp) throws IOException {</span>
<span class="source-line-no">700</span><span id="line-700"> ResponseHeader header = ResponseHeader.newBuilder().setCallId(-1).build();</span>
<span class="source-line-no">701</span><span id="line-701"> ByteBuffer buf = ServerCall.createHeaderAndMessageBytes(resp, header, 0, null);</span>
<span class="source-line-no">702</span><span id="line-702"> BufferChain bufChain = new BufferChain(buf);</span>
<span class="source-line-no">703</span><span id="line-703"> doRespond(() -&gt; bufChain);</span>
<span class="source-line-no">704</span><span id="line-704"> }</span>
<span class="source-line-no">705</span><span id="line-705"></span>
<span class="source-line-no">706</span><span id="line-706"> private boolean doConnectionRegistryResponse() throws IOException {</span>
<span class="source-line-no">707</span><span id="line-707"> if (!(rpcServer.server instanceof ConnectionRegistryEndpoint)) {</span>
<span class="source-line-no">708</span><span id="line-708"> // should be in tests or some scenarios where we should not reach here</span>
<span class="source-line-no">709</span><span id="line-709"> return false;</span>
<span class="source-line-no">710</span><span id="line-710"> }</span>
<span class="source-line-no">711</span><span id="line-711"> // on backup masters, this request may be blocked since we need to fetch it from filesystem,</span>
<span class="source-line-no">712</span><span id="line-712"> // but since it is just backup master, it is not a critical problem</span>
<span class="source-line-no">713</span><span id="line-713"> String clusterId = ((ConnectionRegistryEndpoint) rpcServer.server).getClusterId();</span>
<span class="source-line-no">714</span><span id="line-714"> RpcServer.LOG.debug("Response connection registry, clusterId = '{}'", clusterId);</span>
<span class="source-line-no">715</span><span id="line-715"> if (clusterId == null) {</span>
<span class="source-line-no">716</span><span id="line-716"> // should be in tests or some scenarios where we should not reach here</span>
<span class="source-line-no">717</span><span id="line-717"> return false;</span>
<span class="source-line-no">718</span><span id="line-718"> }</span>
<span class="source-line-no">719</span><span id="line-719"> GetConnectionRegistryResponse resp =</span>
<span class="source-line-no">720</span><span id="line-720"> GetConnectionRegistryResponse.newBuilder().setClusterId(clusterId).build();</span>
<span class="source-line-no">721</span><span id="line-721"> doPreambleResponse(resp);</span>
<span class="source-line-no">722</span><span id="line-722"> return true;</span>
<span class="source-line-no">723</span><span id="line-723"> }</span>
<span class="source-line-no">724</span><span id="line-724"></span>
<span class="source-line-no">725</span><span id="line-725"> private void doSecurityPreambleResponse() throws IOException {</span>
<span class="source-line-no">726</span><span id="line-726"> if (rpcServer.isSecurityEnabled) {</span>
<span class="source-line-no">727</span><span id="line-727"> SecurityPreamableResponse resp = SecurityPreamableResponse.newBuilder()</span>
<span class="source-line-no">728</span><span id="line-728"> .setServerPrincipal(rpcServer.serverPrincipal).build();</span>
<span class="source-line-no">729</span><span id="line-729"> doPreambleResponse(resp);</span>
<span class="source-line-no">730</span><span id="line-730"> } else {</span>
<span class="source-line-no">731</span><span id="line-731"> // security is not enabled, do not need a principal when connecting, throw a special exception</span>
<span class="source-line-no">732</span><span id="line-732"> // to let client know it should just use simple authentication</span>
<span class="source-line-no">733</span><span id="line-733"> doRespond(getErrorResponse("security is not enabled", new SecurityNotEnabledException()));</span>
<span class="source-line-no">734</span><span id="line-734"> }</span>
<span class="source-line-no">735</span><span id="line-735"> }</span>
<span class="source-line-no">736</span><span id="line-736"></span>
<span class="source-line-no">737</span><span id="line-737"> protected final void callCleanupIfNeeded() {</span>
<span class="source-line-no">738</span><span id="line-738"> if (callCleanup != null) {</span>
<span class="source-line-no">739</span><span id="line-739"> callCleanup.run();</span>
<span class="source-line-no">740</span><span id="line-740"> callCleanup = null;</span>
<span class="source-line-no">741</span><span id="line-741"> }</span>
<span class="source-line-no">742</span><span id="line-742"> }</span>
<span class="source-line-no">743</span><span id="line-743"></span>
<span class="source-line-no">744</span><span id="line-744"> protected enum PreambleResponse {</span>
<span class="source-line-no">745</span><span id="line-745"> SUCCEED, // successfully processed the rpc preamble header</span>
<span class="source-line-no">746</span><span id="line-746"> CONTINUE, // the preamble header is for other purpose, wait for the rpc preamble header</span>
<span class="source-line-no">747</span><span id="line-747"> CLOSE // close the rpc connection</span>
<span class="source-line-no">748</span><span id="line-748"> }</span>
<span class="source-line-no">749</span><span id="line-749"></span>
<span class="source-line-no">750</span><span id="line-750"> protected final PreambleResponse processPreamble(ByteBuffer preambleBuffer) throws IOException {</span>
<span class="source-line-no">751</span><span id="line-751"> assert preambleBuffer.remaining() == 6;</span>
<span class="source-line-no">752</span><span id="line-752"> if (</span>
<span class="source-line-no">753</span><span id="line-753"> ByteBufferUtils.equals(preambleBuffer, preambleBuffer.position(), 6,</span>
<span class="source-line-no">754</span><span id="line-754"> RpcClient.REGISTRY_PREAMBLE_HEADER, 0, 6) &amp;&amp; doConnectionRegistryResponse()</span>
<span class="source-line-no">755</span><span id="line-755"> ) {</span>
<span class="source-line-no">756</span><span id="line-756"> return PreambleResponse.CLOSE;</span>
<span class="source-line-no">757</span><span id="line-757"> }</span>
<span class="source-line-no">758</span><span id="line-758"> if (</span>
<span class="source-line-no">759</span><span id="line-759"> ByteBufferUtils.equals(preambleBuffer, preambleBuffer.position(), 6,</span>
<span class="source-line-no">760</span><span id="line-760"> RpcClient.SECURITY_PREAMBLE_HEADER, 0, 6)</span>
<span class="source-line-no">761</span><span id="line-761"> ) {</span>
<span class="source-line-no">762</span><span id="line-762"> doSecurityPreambleResponse();</span>
<span class="source-line-no">763</span><span id="line-763"> return PreambleResponse.CONTINUE;</span>
<span class="source-line-no">764</span><span id="line-764"> }</span>
<span class="source-line-no">765</span><span id="line-765"> if (!ByteBufferUtils.equals(preambleBuffer, preambleBuffer.position(), 4, RPC_HEADER, 0, 4)) {</span>
<span class="source-line-no">766</span><span id="line-766"> doBadPreambleHandling(</span>
<span class="source-line-no">767</span><span id="line-767"> "Expected HEADER=" + Bytes.toStringBinary(RPC_HEADER) + " but received HEADER="</span>
<span class="source-line-no">768</span><span id="line-768"> + Bytes.toStringBinary(</span>
<span class="source-line-no">769</span><span id="line-769"> ByteBufferUtils.toBytes(preambleBuffer, preambleBuffer.position(), RPC_HEADER.length),</span>
<span class="source-line-no">770</span><span id="line-770"> 0, RPC_HEADER.length)</span>
<span class="source-line-no">771</span><span id="line-771"> + " from " + toString());</span>
<span class="source-line-no">772</span><span id="line-772"> return PreambleResponse.CLOSE;</span>
<span class="source-line-no">773</span><span id="line-773"> }</span>
<span class="source-line-no">774</span><span id="line-774"> int version = preambleBuffer.get(preambleBuffer.position() + 4) &amp; 0xFF;</span>
<span class="source-line-no">775</span><span id="line-775"> byte authByte = preambleBuffer.get(preambleBuffer.position() + 5);</span>
<span class="source-line-no">776</span><span id="line-776"> if (version != RpcServer.CURRENT_VERSION) {</span>
<span class="source-line-no">777</span><span id="line-777"> String msg = getFatalConnectionString(version, authByte);</span>
<span class="source-line-no">778</span><span id="line-778"> doBadPreambleHandling(msg, new WrongVersionException(msg));</span>
<span class="source-line-no">779</span><span id="line-779"> return PreambleResponse.CLOSE;</span>
<span class="source-line-no">780</span><span id="line-780"> }</span>
<span class="source-line-no">781</span><span id="line-781"></span>
<span class="source-line-no">782</span><span id="line-782"> this.provider = this.saslProviders.selectProvider(authByte);</span>
<span class="source-line-no">783</span><span id="line-783"> if (this.provider == null) {</span>
<span class="source-line-no">784</span><span id="line-784"> String msg = getFatalConnectionString(version, authByte);</span>
<span class="source-line-no">785</span><span id="line-785"> doBadPreambleHandling(msg, new BadAuthException(msg));</span>
<span class="source-line-no">786</span><span id="line-786"> return PreambleResponse.CLOSE;</span>
<span class="source-line-no">787</span><span id="line-787"> }</span>
<span class="source-line-no">788</span><span id="line-788"> // TODO this is a wart while simple auth'n doesn't go through sasl.</span>
<span class="source-line-no">789</span><span id="line-789"> if (this.rpcServer.isSecurityEnabled &amp;&amp; isSimpleAuthentication()) {</span>
<span class="source-line-no">790</span><span id="line-790"> if (this.rpcServer.allowFallbackToSimpleAuth) {</span>
<span class="source-line-no">791</span><span id="line-791"> this.rpcServer.metrics.authenticationFallback();</span>
<span class="source-line-no">792</span><span id="line-792"> authenticatedWithFallback = true;</span>
<span class="source-line-no">793</span><span id="line-793"> } else {</span>
<span class="source-line-no">794</span><span id="line-794"> AccessDeniedException ae = new AccessDeniedException("Authentication is required");</span>
<span class="source-line-no">795</span><span id="line-795"> doRespond(getErrorResponse(ae.getMessage(), ae));</span>
<span class="source-line-no">796</span><span id="line-796"> return PreambleResponse.CLOSE;</span>
<span class="source-line-no">797</span><span id="line-797"> }</span>
<span class="source-line-no">798</span><span id="line-798"> }</span>
<span class="source-line-no">799</span><span id="line-799"> if (!this.rpcServer.isSecurityEnabled &amp;&amp; !isSimpleAuthentication()) {</span>
<span class="source-line-no">800</span><span id="line-800"> doRawSaslReply(SaslStatus.SUCCESS, new IntWritable(SaslUtil.SWITCH_TO_SIMPLE_AUTH), null,</span>
<span class="source-line-no">801</span><span id="line-801"> null);</span>
<span class="source-line-no">802</span><span id="line-802"> provider = saslProviders.getSimpleProvider();</span>
<span class="source-line-no">803</span><span id="line-803"> // client has already sent the initial Sasl message and we</span>
<span class="source-line-no">804</span><span id="line-804"> // should ignore it. Both client and server should fall back</span>
<span class="source-line-no">805</span><span id="line-805"> // to simple auth from now on.</span>
<span class="source-line-no">806</span><span id="line-806"> skipInitialSaslHandshake = true;</span>
<span class="source-line-no">807</span><span id="line-807"> }</span>
<span class="source-line-no">808</span><span id="line-808"> useSasl = !(provider instanceof SimpleSaslServerAuthenticationProvider);</span>
<span class="source-line-no">809</span><span id="line-809"> return PreambleResponse.SUCCEED;</span>
<span class="source-line-no">810</span><span id="line-810"> }</span>
<span class="source-line-no">811</span><span id="line-811"></span>
<span class="source-line-no">812</span><span id="line-812"> boolean isSimpleAuthentication() {</span>
<span class="source-line-no">813</span><span id="line-813"> return Objects.requireNonNull(provider) instanceof SimpleSaslServerAuthenticationProvider;</span>
<span class="source-line-no">814</span><span id="line-814"> }</span>
<span class="source-line-no">815</span><span id="line-815"></span>
<span class="source-line-no">816</span><span id="line-816"> public abstract boolean isConnectionOpen();</span>
<span class="source-line-no">817</span><span id="line-817"></span>
<span class="source-line-no">818</span><span id="line-818"> public abstract ServerCall&lt;?&gt; createCall(int id, BlockingService service, MethodDescriptor md,</span>
<span class="source-line-no">819</span><span id="line-819"> RequestHeader header, Message param, ExtendedCellScanner cellScanner, long size,</span>
<span class="source-line-no">820</span><span id="line-820"> InetAddress remoteAddress, int timeout, CallCleanup reqCleanup);</span>
<span class="source-line-no">821</span><span id="line-821"></span>
<span class="source-line-no">822</span><span id="line-822"> private static class ByteBuffByteInput extends ByteInput {</span>
<span class="source-line-no">823</span><span id="line-823"></span>
<span class="source-line-no">824</span><span id="line-824"> private ByteBuff buf;</span>
<span class="source-line-no">825</span><span id="line-825"> private int length;</span>
<span class="source-line-no">826</span><span id="line-826"></span>
<span class="source-line-no">827</span><span id="line-827"> ByteBuffByteInput(ByteBuff buf, int length) {</span>
<span class="source-line-no">828</span><span id="line-828"> this.buf = buf;</span>
<span class="source-line-no">829</span><span id="line-829"> this.length = length;</span>
<span class="source-line-no">830</span><span id="line-830"> }</span>
<span class="source-line-no">831</span><span id="line-831"></span>
<span class="source-line-no">832</span><span id="line-832"> @Override</span>
<span class="source-line-no">833</span><span id="line-833"> public byte read(int offset) {</span>
<span class="source-line-no">834</span><span id="line-834"> return this.buf.get(offset);</span>
<span class="source-line-no">835</span><span id="line-835"> }</span>
<span class="source-line-no">836</span><span id="line-836"></span>
<span class="source-line-no">837</span><span id="line-837"> @Override</span>
<span class="source-line-no">838</span><span id="line-838"> public int read(int offset, byte[] out, int outOffset, int len) {</span>
<span class="source-line-no">839</span><span id="line-839"> this.buf.get(offset, out, outOffset, len);</span>
<span class="source-line-no">840</span><span id="line-840"> return len;</span>
<span class="source-line-no">841</span><span id="line-841"> }</span>
<span class="source-line-no">842</span><span id="line-842"></span>
<span class="source-line-no">843</span><span id="line-843"> @Override</span>
<span class="source-line-no">844</span><span id="line-844"> public int read(int offset, ByteBuffer out) {</span>
<span class="source-line-no">845</span><span id="line-845"> int len = out.remaining();</span>
<span class="source-line-no">846</span><span id="line-846"> this.buf.get(out, offset, len);</span>
<span class="source-line-no">847</span><span id="line-847"> return len;</span>
<span class="source-line-no">848</span><span id="line-848"> }</span>
<span class="source-line-no">849</span><span id="line-849"></span>
<span class="source-line-no">850</span><span id="line-850"> @Override</span>
<span class="source-line-no">851</span><span id="line-851"> public int size() {</span>
<span class="source-line-no">852</span><span id="line-852"> return this.length;</span>
<span class="source-line-no">853</span><span id="line-853"> }</span>
<span class="source-line-no">854</span><span id="line-854"> }</span>
<span class="source-line-no">855</span><span id="line-855">}</span>
</pre>
</div>
</main>
</body>
</html>