Return-Path: X-Original-To: apmail-ambari-commits-archive@www.apache.org Delivered-To: apmail-ambari-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id C51901821A for ; Mon, 26 Oct 2015 09:26:07 +0000 (UTC) Received: (qmail 66790 invoked by uid 500); 26 Oct 2015 09:19:26 -0000 Delivered-To: apmail-ambari-commits-archive@ambari.apache.org Received: (qmail 66764 invoked by uid 500); 26 Oct 2015 09:19:26 -0000 Mailing-List: contact commits-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: ambari-dev@ambari.apache.org Delivered-To: mailing list commits@ambari.apache.org Received: (qmail 66755 invoked by uid 99); 26 Oct 2015 09:19:25 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 26 Oct 2015 09:19:25 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id B0C87DFDCC; Mon, 26 Oct 2015 09:19:25 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: gautam@apache.org To: commits@ambari.apache.org Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: ambari git commit: AMBARI-13538. Allow special characters in passwords for Ranger Date: Mon, 26 Oct 2015 09:19:25 +0000 (UTC) Repository: ambari Updated Branches: refs/heads/branch-2.1 1a5cd771c -> 09e7a0361 AMBARI-13538. Allow special characters in passwords for Ranger Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/09e7a036 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/09e7a036 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/09e7a036 Branch: refs/heads/branch-2.1 Commit: 09e7a0361a068058f72f4a8b50be9d6abf901fa4 Parents: 1a5cd77 Author: Gautam Borad Authored: Mon Oct 26 10:35:08 2015 +0530 Committer: Gautam Borad Committed: Mon Oct 26 14:49:18 2015 +0530 ---------------------------------------------------------------------- .../RANGER/0.4.0/package/scripts/params.py | 3 ++- .../RANGER/0.4.0/package/scripts/setup_ranger_xml.py | 12 ++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/09e7a036/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py index 3900196..ec1e3da 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py @@ -177,4 +177,5 @@ ranger_ug_ldap_url = config["configurations"]["ranger-ugsync-site"]["ranger.user ranger_ug_ldap_bind_dn = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.binddn"] ranger_ug_ldap_user_searchfilter = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.user.searchfilter"] ranger_ug_ldap_group_searchbase = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.group.searchbase"] -ranger_ug_ldap_group_searchfilter = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.group.searchfilter"] \ No newline at end of file +ranger_ug_ldap_group_searchfilter = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.group.searchfilter"] +ug_sync_source = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.source.impl.class"] http://git-wip-us.apache.org/repos/asf/ambari/blob/09e7a036/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py index f41fb4d..f6a9cb8 100644 --- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py +++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py @@ -18,6 +18,7 @@ limitations under the License. """ import os +import re from resource_management.core.logger import Logger from resource_management.core.resources.system import File, Directory, Execute from resource_management.core.source import DownloadSource, InlineTemplate @@ -270,6 +271,14 @@ def do_keystore_setup(rolling_upgrade=False): mode = 0640 ) +def password_validation(password): + import params + if password.strip() == "": + raise Fail("Blank password is not allowed for Bind user. Please enter valid password.") + if re.search("[\\\`'\"]",password): + raise Fail("LDAP/AD bind password contains one of the unsupported special characters like \" ' \ `") + else: + Logger.info("password validated") def setup_usersync(rolling_upgrade=False): import params @@ -277,6 +286,9 @@ def setup_usersync(rolling_upgrade=False): usersync_home = params.usersync_home ranger_ugsync_conf = params.ranger_ugsync_conf + if not is_empty(params.ranger_usersync_ldap_ldapbindpassword) and params.ug_sync_source == 'org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder': + password_validation(params.ranger_usersync_ldap_ldapbindpassword) + if rolling_upgrade: usersync_home = format("/usr/hdp/{version}/ranger-usersync") ranger_ugsync_conf = format("/usr/hdp/{version}/ranger-usersync/conf")