ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gau...@apache.org
Subject ambari git commit: AMBARI-13538. Allow special characters in passwords for Ranger
Date Mon, 26 Oct 2015 09:19:25 GMT
Repository: ambari
Updated Branches:
  refs/heads/branch-2.1 1a5cd771c -> 09e7a0361


AMBARI-13538. Allow special characters in passwords for Ranger


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/09e7a036
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/09e7a036
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/09e7a036

Branch: refs/heads/branch-2.1
Commit: 09e7a0361a068058f72f4a8b50be9d6abf901fa4
Parents: 1a5cd77
Author: Gautam Borad <gautam@apache.org>
Authored: Mon Oct 26 10:35:08 2015 +0530
Committer: Gautam Borad <gautam@apache.com>
Committed: Mon Oct 26 14:49:18 2015 +0530

----------------------------------------------------------------------
 .../RANGER/0.4.0/package/scripts/params.py              |  3 ++-
 .../RANGER/0.4.0/package/scripts/setup_ranger_xml.py    | 12 ++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/09e7a036/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
index 3900196..ec1e3da 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
@@ -177,4 +177,5 @@ ranger_ug_ldap_url = config["configurations"]["ranger-ugsync-site"]["ranger.user
 ranger_ug_ldap_bind_dn = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.binddn"]
 ranger_ug_ldap_user_searchfilter = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.user.searchfilter"]
 ranger_ug_ldap_group_searchbase = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.group.searchbase"]
-ranger_ug_ldap_group_searchfilter = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.group.searchfilter"]
\ No newline at end of file
+ranger_ug_ldap_group_searchfilter = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.group.searchfilter"]
+ug_sync_source = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.source.impl.class"]

http://git-wip-us.apache.org/repos/asf/ambari/blob/09e7a036/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
index f41fb4d..f6a9cb8 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
@@ -18,6 +18,7 @@ limitations under the License.
 
 """
 import os
+import re
 from resource_management.core.logger import Logger
 from resource_management.core.resources.system import File, Directory, Execute
 from resource_management.core.source import DownloadSource, InlineTemplate
@@ -270,6 +271,14 @@ def do_keystore_setup(rolling_upgrade=False):
       mode = 0640
     )
 
+def password_validation(password):
+  import params
+  if password.strip() == "":
+    raise Fail("Blank password is not allowed for Bind user. Please enter valid password.")
+  if re.search("[\\\`'\"]",password):
+    raise Fail("LDAP/AD bind password contains one of the unsupported special characters
like \" ' \ `")
+  else:
+    Logger.info("password validated")
  
 def setup_usersync(rolling_upgrade=False):
   import params
@@ -277,6 +286,9 @@ def setup_usersync(rolling_upgrade=False):
   usersync_home = params.usersync_home
   ranger_ugsync_conf = params.ranger_ugsync_conf
 
+  if not is_empty(params.ranger_usersync_ldap_ldapbindpassword) and params.ug_sync_source
== 'org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder':
+    password_validation(params.ranger_usersync_ldap_ldapbindpassword)
+
   if rolling_upgrade:
     usersync_home = format("/usr/hdp/{version}/ranger-usersync")
     ranger_ugsync_conf = format("/usr/hdp/{version}/ranger-usersync/conf")


Mime
View raw message