/
Auth.java
155 lines (139 loc) · 5.39 KB
/
Auth.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.cassandra.auth;
import java.util.concurrent.TimeUnit;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.apache.cassandra.config.DatabaseDescriptor;
import org.apache.cassandra.cql3.UntypedResultSet;
import org.apache.cassandra.cql3.QueryProcessor;
import org.apache.cassandra.exceptions.RequestExecutionException;
import org.apache.cassandra.service.MigrationManager;
import org.apache.cassandra.service.StorageService;
public class Auth
{
private static final Logger logger = LoggerFactory.getLogger(Auth.class);
public static final String DEFAULT_SUPERUSER_NAME = "cassandra";
public static final String AUTH_KS = "system_auth";
public static final String USERS_CF = "users";
/**
* Checks if the username is stored in AUTH_KS.USERS_CF.
*
* @param username Username to query.
* @return whether or not Cassandra knows about the user.
*/
public static boolean isExistingUser(String username)
{
String query = String.format("SELECT * FROM %s.%s WHERE name = '%s'", AUTH_KS, USERS_CF, escape(username));
try
{
return !QueryProcessor.process(query).isEmpty();
}
catch (RequestExecutionException e)
{
throw new RuntimeException(e);
}
}
/**
* Checks if the user is a known superuser.
*
* @param username Username to query.
* @return true is the user is a superuser, false if they aren't or don't exist at all.
*/
public static boolean isSuperuser(String username)
{
String query = String.format("SELECT super FROM %s.%s WHERE name = '%s'", AUTH_KS, USERS_CF, escape(username));
try
{
UntypedResultSet result = QueryProcessor.process(query);
return !result.isEmpty() && result.one().getBoolean("super");
}
catch (RequestExecutionException e)
{
throw new RuntimeException(e);
}
}
/**
* Inserts the user into AUTH_KS.USERS_CF (or overwrites their superuser status as a result of an ALTER USER query).
*
* @param username Username to insert.
* @param isSuper User's new status.
*/
public static void insertUser(String username, boolean isSuper) throws RequestExecutionException
{
QueryProcessor.process(String.format("INSERT INTO %s.%s (name, super) VALUES ('%s', %s)",
AUTH_KS,
USERS_CF,
escape(username),
isSuper));
}
/**
* Deletes the user from AUTH_KS.USERS_CF.
*
* @param username Username to delete.
*/
public static void deleteUser(String username) throws RequestExecutionException
{
QueryProcessor.process(String.format("DELETE FROM %s.%s WHERE name = '%s'",
AUTH_KS,
USERS_CF,
escape(username)));
}
/**
* Sets up Authenticator and Authorizer.
*/
public static void setup()
{
authenticator().setup();
authorizer().setup();
// register a custom MigrationListener for permissions cleanup after dropped keyspaces/cfs.
MigrationManager.instance.register(new MigrationListener());
// schedule seeding a superuser in RING_DELAY milliseconds.
Runnable runnable = new Runnable()
{
public void run()
{
try
{
// insert a default superuser if AUTH_KS.USERS_CF is empty.
if (QueryProcessor.process(String.format("SELECT * FROM %s.%s", AUTH_KS, USERS_CF)).isEmpty())
insertUser(DEFAULT_SUPERUSER_NAME, true);
}
catch (RequestExecutionException e)
{
logger.warn("Skipping default superuser setup: some nodes are not ready");
}
}
};
StorageService.tasks.schedule(runnable, StorageService.RING_DELAY, TimeUnit.MILLISECONDS);
}
// we only worry about one character ('). Make sure it's properly escaped.
private static String escape(String name)
{
return StringUtils.replace(name, "'", "''");
}
private static IAuthenticator authenticator()
{
return DatabaseDescriptor.getAuthenticator();
}
private static IAuthorizer authorizer()
{
return DatabaseDescriptor.getAuthorizer();
}
}