001    /**
002     * Licensed to the Apache Software Foundation (ASF) under one
003     * or more contributor license agreements.  See the NOTICE file
004     * distributed with this work for additional information
005     * regarding copyright ownership.  The ASF licenses this file
006     * to you under the Apache License, Version 2.0 (the
007     * "License"); you may not use this file except in compliance
008     * with the License.  You may obtain a copy of the License at
009     *
010     *     http://www.apache.org/licenses/LICENSE-2.0
011     *
012     * Unless required by applicable law or agreed to in writing, software
013     * distributed under the License is distributed on an "AS IS" BASIS,
014     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015     * See the License for the specific language governing permissions and
016     * limitations under the License.
017     */
018    package org.apache.hadoop.hdfs.protocol.datatransfer;
019    
020    import java.net.InetAddress;
021    import java.net.UnknownHostException;
022    
023    import org.apache.hadoop.conf.Configuration;
024    import org.apache.hadoop.hdfs.protocol.datatransfer.TrustedChannelResolver;
025    import org.apache.hadoop.util.CombinedIPWhiteList;
026    
027    
028    public class WhitelistBasedTrustedChannelResolver  extends TrustedChannelResolver {
029    
030      private CombinedIPWhiteList whiteListForServer;
031      private CombinedIPWhiteList whitelistForClient;
032    
033      private static final String FIXEDWHITELIST_DEFAULT_LOCATION = "/etc/hadoop/fixedwhitelist";
034    
035      private static final String VARIABLEWHITELIST_DEFAULT_LOCATION = "/etc/hadoop/whitelist";
036    
037      /**
038       * Path to the file to containing subnets and ip addresses to form fixed whitelist.
039       */
040      public static final String DFS_DATATRANSFER_SERVER_FIXEDWHITELIST_FILE =
041        "dfs.datatransfer.server.fixedwhitelist.file";
042      /**
043       * Enables/Disables variable whitelist
044       */
045      public static final String DFS_DATATRANSFER_SERVER_VARIABLEWHITELIST_ENABLE =
046        "dfs.datatransfer.server.variablewhitelist.enable";
047      /**
048       * Path to the file to containing subnets and ip addresses to form variable whitelist.
049       */
050      public static final String DFS_DATATRANSFER_SERVER_VARIABLEWHITELIST_FILE =
051        "dfs.datatransfer.server.variablewhitelist.file";
052      /**
053       * time in seconds by which the variable whitelist file is checked for updates
054       */
055      public static final String DFS_DATATRANSFER_SERVER_VARIABLEWHITELIST_CACHE_SECS =
056        "dfs.datatransfer.server.variablewhitelist.cache.secs";
057    
058      /**
059       * Path to the file to containing subnets and ip addresses to form fixed whitelist.
060       */
061      public static final String DFS_DATATRANSFER_CLIENT_FIXEDWHITELIST_FILE =
062        "dfs.datatransfer.client.fixedwhitelist.file";
063      /**
064       * Enables/Disables variable whitelist
065       */
066      public static final String DFS_DATATRANSFER_CLIENT_VARIABLEWHITELIST_ENABLE =
067        "dfs.datatransfer.client.variablewhitelist.enable";
068      /**
069       * Path to the file to containing subnets and ip addresses to form variable whitelist.
070       */
071      public static final String DFS_DATATRANSFER_CLIENT_VARIABLEWHITELIST_FILE =
072        "dfs.datatransfer.client.variablewhitelist.file";
073      /**
074       * time in seconds by which the variable whitelist file is checked for updates
075       */
076      public static final String DFS_DATATRANSFER_CLIENT_VARIABLEWHITELIST_CACHE_SECS =
077        "dfs.datatransfer.client.variablewhitelist.cache.secs";
078    
079      @Override
080      public void setConf(Configuration conf) {
081        super.setConf(conf);
082        String fixedFile = conf.get(DFS_DATATRANSFER_SERVER_FIXEDWHITELIST_FILE,
083            FIXEDWHITELIST_DEFAULT_LOCATION);
084        String variableFile = null;
085        long expiryTime = 0;
086    
087        if (conf.getBoolean(DFS_DATATRANSFER_SERVER_VARIABLEWHITELIST_ENABLE, false)) {
088          variableFile = conf.get(DFS_DATATRANSFER_SERVER_VARIABLEWHITELIST_FILE,
089              VARIABLEWHITELIST_DEFAULT_LOCATION);
090          expiryTime =
091            conf.getLong(DFS_DATATRANSFER_SERVER_VARIABLEWHITELIST_CACHE_SECS,3600) * 1000;
092        }
093    
094        whiteListForServer = new CombinedIPWhiteList(fixedFile,variableFile,expiryTime);
095    
096        fixedFile = conf.get(DFS_DATATRANSFER_CLIENT_FIXEDWHITELIST_FILE, fixedFile);
097        expiryTime = 0;
098    
099        if (conf.getBoolean(DFS_DATATRANSFER_CLIENT_VARIABLEWHITELIST_ENABLE, false)) {
100          variableFile = conf.get(DFS_DATATRANSFER_CLIENT_VARIABLEWHITELIST_FILE,variableFile);
101          expiryTime =
102            conf.getLong(DFS_DATATRANSFER_CLIENT_VARIABLEWHITELIST_CACHE_SECS,3600) * 1000;
103        }
104    
105        whitelistForClient = new CombinedIPWhiteList(fixedFile,variableFile,expiryTime);
106      }
107    
108      public boolean isTrusted() {
109        try {
110          return whitelistForClient.isIn(InetAddress.getLocalHost().getHostAddress());
111        } catch (UnknownHostException e) {
112          return false;
113        }
114      }
115    
116      public boolean isTrusted(InetAddress clientAddress) {
117        return whiteListForServer.isIn(clientAddress.getHostAddress());
118      }
119    }