View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  package org.apache.hadoop.hbase.security.access;
20  
21  import java.io.IOException;
22  import java.net.URI;
23  import java.nio.file.PathMatcher;
24  import java.util.Collection;
25  import java.util.List;
26  import java.util.regex.Matcher;
27  
28  import org.apache.commons.io.FilenameUtils;
29  import org.apache.commons.logging.Log;
30  import org.apache.commons.logging.LogFactory;
31  
32  import org.apache.hadoop.conf.Configuration;
33  import org.apache.hadoop.fs.Path;
34  
35  import org.apache.hadoop.hbase.classification.InterfaceAudience;
36  import org.apache.hadoop.hbase.coprocessor.BaseMasterObserver;
37  import org.apache.hadoop.hbase.coprocessor.MasterCoprocessorEnvironment;
38  import org.apache.hadoop.hbase.coprocessor.ObserverContext;
39  import org.apache.hadoop.hbase.HBaseInterfaceAudience;
40  import org.apache.hadoop.hbase.HConstants;
41  import org.apache.hadoop.hbase.HRegionInfo;
42  import org.apache.hadoop.hbase.HTableDescriptor;
43  import org.apache.hadoop.hbase.master.MasterServices;
44  import org.apache.hadoop.hbase.TableName;
45  import org.apache.hadoop.hbase.util.Bytes;
46  
47  /**
48   * Master observer for restricting coprocessor assignments.
49   */
50  @InterfaceAudience.LimitedPrivate(HBaseInterfaceAudience.CONFIG)
51  public class CoprocessorWhitelistMasterObserver extends BaseMasterObserver {
52  
53    public static final String CP_COPROCESSOR_WHITELIST_PATHS_KEY =
54        "hbase.coprocessor.region.whitelist.paths";
55  
56    private static final Log LOG = LogFactory
57        .getLog(CoprocessorWhitelistMasterObserver.class);
58  
59    @Override
60    public void preModifyTable(ObserverContext<MasterCoprocessorEnvironment> ctx,
61        TableName tableName, HTableDescriptor htd) throws IOException {
62      verifyCoprocessors(ctx, htd);
63    }
64  
65    @Override
66    public void preCreateTable(ObserverContext<MasterCoprocessorEnvironment> ctx,
67        HTableDescriptor htd, HRegionInfo[] regions) throws IOException {
68      verifyCoprocessors(ctx, htd);
69    }
70  
71    /**
72     * Validates a single whitelist path against the coprocessor path
73     * @param  coprocPath the path to the coprocessor including scheme
74     * @param  wlPath     can be:
75     *                      1) a "*" to wildcard all coprocessor paths
76     *                      2) a specific filesystem (e.g. hdfs://my-cluster/)
77     *                      3) a wildcard path to be evaluated by
78     *                         {@link FilenameUtils.wildcardMatch}
79     *                         path can specify scheme or not (e.g.
80     *                         "file:///usr/hbase/coprocessors" or for all
81     *                         filesystems "/usr/hbase/coprocessors")
82     * @return             if the path was found under the wlPath
83     * @throws IOException if a failure occurs in getting the path file system
84     */
85    private static boolean validatePath(Path coprocPath, Path wlPath,
86        Configuration conf) throws IOException {
87      // verify if all are allowed
88      if (wlPath.toString().equals("*")) {
89        return(true);
90      }
91  
92      // verify we are on the same filesystem if wlPath has a scheme
93      if (!wlPath.isAbsoluteAndSchemeAuthorityNull()) {
94        String wlPathScheme = wlPath.toUri().getScheme();
95        String coprocPathScheme = coprocPath.toUri().getScheme();
96        String wlPathHost = wlPath.toUri().getHost();
97        String coprocPathHost = coprocPath.toUri().getHost();
98        if (wlPathScheme != null) {
99          wlPathScheme = wlPathScheme.toString().toLowerCase();
100       } else {
101         wlPathScheme = "";
102       }
103       if (wlPathHost != null) {
104         wlPathHost = wlPathHost.toString().toLowerCase();
105       } else {
106         wlPathHost = "";
107       }
108       if (coprocPathScheme != null) {
109         coprocPathScheme = coprocPathScheme.toString().toLowerCase();
110       } else {
111         coprocPathScheme = "";
112       }
113       if (coprocPathHost != null) {
114         coprocPathHost = coprocPathHost.toString().toLowerCase();
115       } else {
116         coprocPathHost = "";
117       }
118       if (!wlPathScheme.equals(coprocPathScheme) || !wlPathHost.equals(coprocPathHost)) {
119         return(false);
120       }
121     }
122 
123     // allow any on this file-system (file systems were verified to be the same above)
124     if (wlPath.isRoot()) {
125       return(true);
126     }
127 
128     // allow "loose" matches stripping scheme
129     if (FilenameUtils.wildcardMatch(
130         Path.getPathWithoutSchemeAndAuthority(coprocPath).toString(),
131         Path.getPathWithoutSchemeAndAuthority(wlPath).toString())) {
132       return(true);
133     }
134     return(false);
135   }
136 
137   /**
138    * Perform the validation checks for a coprocessor to determine if the path
139    * is white listed or not.
140    * @throws IOException if path is not included in whitelist or a failure
141    *                     occurs in processing
142    * @param  ctx         as passed in from the coprocessor
143    * @param  htd         as passed in from the coprocessor
144    */
145   private void verifyCoprocessors(ObserverContext<MasterCoprocessorEnvironment> ctx,
146       HTableDescriptor htd) throws IOException {
147 
148     MasterServices services = ctx.getEnvironment().getMasterServices();
149     Configuration conf = services.getConfiguration();
150 
151     Collection<String> paths =
152         conf.getStringCollection(
153             CP_COPROCESSOR_WHITELIST_PATHS_KEY);
154 
155     List<String> coprocs = htd.getCoprocessors();
156     for (int i = 0; i < coprocs.size(); i++) {
157       String coproc = coprocs.get(i);
158 
159       String coprocSpec = Bytes.toString(htd.getValue(
160           Bytes.toBytes("coprocessor$" + (i + 1))));
161       if (coprocSpec == null) {
162         continue;
163       }
164 
165       // File path is the 1st field of the coprocessor spec
166       Matcher matcher =
167           HConstants.CP_HTD_ATTR_VALUE_PATTERN.matcher(coprocSpec);
168       if (matcher == null || !matcher.matches()) {
169         continue;
170       }
171 
172       String coprocPathStr = matcher.group(1).trim();
173       // Check if coprocessor is being loaded via the classpath (i.e. no file path)
174       if (coprocPathStr.equals("")) {
175         break;
176       }
177       Path coprocPath = new Path(coprocPathStr);
178       String coprocessorClass = matcher.group(2).trim();
179 
180       boolean foundPathMatch = false;
181       for (String pathStr : paths) {
182         Path wlPath = new Path(pathStr);
183         try {
184           foundPathMatch = validatePath(coprocPath, wlPath, conf);
185           if (foundPathMatch == true) {
186             LOG.debug(String.format("Coprocessor %s found in directory %s",
187                 coprocessorClass, pathStr));
188             break;
189           }
190         } catch (IOException e) {
191           LOG.warn(String.format("Failed to validate white list path %s for coprocessor path %s",
192               pathStr, coprocPathStr));
193         }
194       }
195       if (!foundPathMatch) {
196         throw new IOException(String.format("Loading %s DENIED in %s",
197             coprocessorClass, CP_COPROCESSOR_WHITELIST_PATHS_KEY));
198       }
199     }
200   }
201 }