All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.hive.service.auth.ldap.LdapUtils Maven / Gradle / Ivy

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.hive.service.auth.ldap;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hive.service.ServiceUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * Static utility methods related to LDAP authentication module.
 */
public final class LdapUtils {

  private static final Logger LOG = LoggerFactory.getLogger(LdapUtils.class);

  /**
   * Extracts a base DN from the provided distinguished name.
   * 
* Example: *
* "ou=CORP,dc=mycompany,dc=com" is the base DN for "cn=user1,ou=CORP,dc=mycompany,dc=com" * * @param dn distinguished name * @return base DN */ public static String extractBaseDn(String dn) { final int indexOfFirstDelimiter = dn.indexOf(","); if (indexOfFirstDelimiter > -1) { return dn.substring(indexOfFirstDelimiter + 1); } return null; } /** * Extracts the first Relative Distinguished Name (RDN). *
* Example: *
* For DN "cn=user1,ou=CORP,dc=mycompany,dc=com" this method will return "cn=user1" * @param dn distinguished name * @return first RDN */ public static String extractFirstRdn(String dn) { return dn.substring(0, dn.indexOf(",")); } /** * Extracts username from user DN. *
* Examples: *
   * LdapUtils.extractUserName("UserName")                        = "UserName"
   * LdapUtils.extractUserName("[email protected]")             = "UserName"
   * LdapUtils.extractUserName("cn=UserName,dc=mycompany,dc=com") = "UserName"
   * 
* @param userDn * @return */ public static String extractUserName(String userDn) { if (!isDn(userDn) && !hasDomain(userDn)) { return userDn; } int domainIdx = ServiceUtils.indexOfDomainMatch(userDn); if (domainIdx > 0) { return userDn.substring(0, domainIdx); } if (userDn.contains("=")) { return userDn.substring(userDn.indexOf("=") + 1, userDn.indexOf(",")); } return userDn; } /** * Gets value part of the first attribute in the provided RDN. *
* Example: *
* For RDN "cn=user1,ou=CORP" this method will return "user1" * @param rdn Relative Distinguished Name * @return value part of the first attribute */ public static String getShortName(String rdn) { return ((rdn.split(","))[0].split("="))[1]; } /** * Check for a domain part in the provided username. *
* Example: *
*
   * LdapUtils.hasDomain("[email protected]") = true
   * LdapUtils.hasDomain("user1")            = false
   * 
* @param userName username * @return true if {@code userName} contains {@code @} part */ public static boolean hasDomain(String userName) { return (ServiceUtils.indexOfDomainMatch(userName) > 0); } /** * Detects DN names. *
* Example: *
*
   * LdapUtils.isDn("cn=UserName,dc=mycompany,dc=com") = true
   * LdapUtils.isDn("user1")                           = false
   * 
* @param name name to be checked * @return true if the provided name is a distinguished name */ public static boolean isDn(String name) { return name.contains("="); } /** * Reads and parses DN patterns from Hive configuration. *
* If no patterns are provided in the configuration, then the base DN will be used. * @param conf Hive configuration * @param var variable to be read * @return a list of DN patterns * @see HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BASEDN * @see HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GUIDKEY * @see HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPDNPATTERN * @see HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERDNPATTERN */ public static List parseDnPatterns(HiveConf conf, HiveConf.ConfVars var) { String patternsString = conf.getVar(var); List result = new ArrayList<>(); if (StringUtils.isBlank(patternsString)) { String defaultBaseDn = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_BASEDN); String guidAttr = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GUIDKEY); if (StringUtils.isNotBlank(defaultBaseDn)) { result.add(guidAttr + "=%s," + defaultBaseDn); } } else { String[] patterns = patternsString.split(":"); for (String pattern : patterns) { if (pattern.contains(",") && pattern.contains("=")) { result.add(pattern); } else { LOG.warn("Unexpected format for " + var + "..ignoring " + pattern); } } } return result; } private static String patternToBaseDn(String pattern) { if (pattern.contains("=%s")) { return pattern.split(",", 2)[1]; } return pattern; } /** * Converts a collection of Distinguished Name patterns to a collection of base DNs. * @param patterns Distinguished Name patterns * @return a list of base DNs * @see HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_GROUPDNPATTERN * @see HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERDNPATTERN */ public static List patternsToBaseDns(Collection patterns) { List result = new ArrayList<>(); for (String pattern : patterns) { result.add(patternToBaseDn(pattern)); } return result; } /** * Creates a list of principals to be used for user authentication. * @param conf Hive configuration * @param user username * @return a list of user's principals */ public static List createCandidatePrincipals(HiveConf conf, String user) { if (hasDomain(user) || isDn(user)) { return Collections.singletonList(user); } String ldapDomain = conf.getVar(HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_DOMAIN); if (StringUtils.isNotBlank(ldapDomain)) { return Collections.singletonList(user + "@" + ldapDomain); } List userPatterns = parseDnPatterns(conf, HiveConf.ConfVars.HIVE_SERVER2_PLAIN_LDAP_USERDNPATTERN); if (userPatterns.isEmpty()) { return Collections.singletonList(user); } List candidatePrincipals = new ArrayList<>(); for (String userPattern : userPatterns) { candidatePrincipals.add(userPattern.replaceAll("%s", user)); } return candidatePrincipals; } private LdapUtils() { } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy