Source code

001/**
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hdfs.protocol.datatransfer;
019
020import java.net.InetAddress;
021import java.net.UnknownHostException;
022
023import org.apache.hadoop.conf.Configuration;
024import org.apache.hadoop.hdfs.protocol.datatransfer.TrustedChannelResolver;
025import org.apache.hadoop.util.CombinedIPWhiteList;
026
027
028public class WhitelistBasedTrustedChannelResolver  extends TrustedChannelResolver {
029
030  private CombinedIPWhiteList whiteListForServer;
031  private CombinedIPWhiteList whitelistForClient;
032
033  private static final String FIXEDWHITELIST_DEFAULT_LOCATION = "/etc/hadoop/fixedwhitelist";
034
035  private static final String VARIABLEWHITELIST_DEFAULT_LOCATION = "/etc/hadoop/whitelist";
036
037  /**
038   * Path to the file to containing subnets and ip addresses to form fixed whitelist.
039   */
040  public static final String DFS_DATATRANSFER_SERVER_FIXEDWHITELIST_FILE =
041    "dfs.datatransfer.server.fixedwhitelist.file";
042  /**
043   * Enables/Disables variable whitelist
044   */
045  public static final String DFS_DATATRANSFER_SERVER_VARIABLEWHITELIST_ENABLE =
046    "dfs.datatransfer.server.variablewhitelist.enable";
047  /**
048   * Path to the file to containing subnets and ip addresses to form variable whitelist.
049   */
050  public static final String DFS_DATATRANSFER_SERVER_VARIABLEWHITELIST_FILE =
051    "dfs.datatransfer.server.variablewhitelist.file";
052  /**
053   * time in seconds by which the variable whitelist file is checked for updates
054   */
055  public static final String DFS_DATATRANSFER_SERVER_VARIABLEWHITELIST_CACHE_SECS =
056    "dfs.datatransfer.server.variablewhitelist.cache.secs";
057
058  /**
059   * Path to the file to containing subnets and ip addresses to form fixed whitelist.
060   */
061  public static final String DFS_DATATRANSFER_CLIENT_FIXEDWHITELIST_FILE =
062    "dfs.datatransfer.client.fixedwhitelist.file";
063  /**
064   * Enables/Disables variable whitelist
065   */
066  public static final String DFS_DATATRANSFER_CLIENT_VARIABLEWHITELIST_ENABLE =
067    "dfs.datatransfer.client.variablewhitelist.enable";
068  /**
069   * Path to the file to containing subnets and ip addresses to form variable whitelist.
070   */
071  public static final String DFS_DATATRANSFER_CLIENT_VARIABLEWHITELIST_FILE =
072    "dfs.datatransfer.client.variablewhitelist.file";
073  /**
074   * time in seconds by which the variable whitelist file is checked for updates
075   */
076  public static final String DFS_DATATRANSFER_CLIENT_VARIABLEWHITELIST_CACHE_SECS =
077    "dfs.datatransfer.client.variablewhitelist.cache.secs";
078
079  @Override
080  public void setConf(Configuration conf) {
081    super.setConf(conf);
082    String fixedFile = conf.get(DFS_DATATRANSFER_SERVER_FIXEDWHITELIST_FILE,
083        FIXEDWHITELIST_DEFAULT_LOCATION);
084    String variableFile = null;
085    long expiryTime = 0;
086
087    if (conf.getBoolean(DFS_DATATRANSFER_SERVER_VARIABLEWHITELIST_ENABLE, false)) {
088      variableFile = conf.get(DFS_DATATRANSFER_SERVER_VARIABLEWHITELIST_FILE,
089          VARIABLEWHITELIST_DEFAULT_LOCATION);
090      expiryTime =
091        conf.getLong(DFS_DATATRANSFER_SERVER_VARIABLEWHITELIST_CACHE_SECS,3600) * 1000;
092    }
093
094    whiteListForServer = new CombinedIPWhiteList(fixedFile,variableFile,expiryTime);
095
096    fixedFile = conf.get(DFS_DATATRANSFER_CLIENT_FIXEDWHITELIST_FILE, fixedFile);
097    expiryTime = 0;
098
099    if (conf.getBoolean(DFS_DATATRANSFER_CLIENT_VARIABLEWHITELIST_ENABLE, false)) {
100      variableFile = conf.get(DFS_DATATRANSFER_CLIENT_VARIABLEWHITELIST_FILE,variableFile);
101      expiryTime =
102        conf.getLong(DFS_DATATRANSFER_CLIENT_VARIABLEWHITELIST_CACHE_SECS,3600) * 1000;
103    }
104
105    whitelistForClient = new CombinedIPWhiteList(fixedFile,variableFile,expiryTime);
106  }
107
108  public boolean isTrusted() {
109    try {
110      return whitelistForClient.isIn(InetAddress.getLocalHost().getHostAddress());
111    } catch (UnknownHostException e) {
112      return false;
113    }
114  }
115
116  public boolean isTrusted(InetAddress clientAddress) {
117    return whiteListForServer.isIn(clientAddress.getHostAddress());
118  }
119}