ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rle...@apache.org
Subject ambari git commit: AMBARI-20909. Server Error in Ambari UI, when trying to login as a pam user due to user name conflict (Anita Jebaraj via rlevas)
Date Thu, 04 May 2017 19:45:49 GMT
Repository: ambari
Updated Branches:
  refs/heads/branch-2.5 3023419de -> f8f8abbbb


AMBARI-20909. Server Error in Ambari UI, when trying to login as a pam user due to user name
conflict (Anita Jebaraj via rlevas)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/f8f8abbb
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/f8f8abbb
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/f8f8abbb

Branch: refs/heads/branch-2.5
Commit: f8f8abbbbad230c574d8bcdb971ea59900a8dc7a
Parents: 3023419
Author: Anita Jebaraj <ajebara@us.ibm.com>
Authored: Thu May 4 15:45:37 2017 -0400
Committer: Robert Levas <rlevas@hortonworks.com>
Committed: Thu May 4 15:45:37 2017 -0400

----------------------------------------------------------------------
 .../authorization/AmbariPamAuthenticationProvider.java        | 7 +++++++
 .../authorization/AmbariPamAuthenticationProviderTest.java    | 3 +++
 2 files changed, 10 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/f8f8abbb/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
index 2179e05..1626cd8 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
@@ -75,6 +75,13 @@ public class AmbariPamAuthenticationProvider implements AuthenticationProvider
{
   public Authentication authenticate(Authentication authentication) throws AuthenticationException
{
       if(isPamEnabled()){
         PAM pam;
+        String userName = String.valueOf(authentication.getPrincipal());
+        UserEntity existingUser = userDAO.findUserByName(userName);
+        if ((existingUser != null) && (existingUser.getUserType() != UserType.PAM))
{
+          String errorMsg = String.format("%s user exists with the username %s. Cannot authenticate
via PAM", existingUser.getUserType(), userName);
+          LOG.error(errorMsg);
+          return null;
+        }
         try{
           //Set PAM configuration file (found under /etc/pam.d)
           String pamConfig = configuration.getPamConfigurationFile();

http://git-wip-us.apache.org/repos/asf/ambari/blob/f8f8abbb/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
index adfec3d..59a0c7a 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
@@ -29,6 +29,7 @@ import org.apache.ambari.server.H2DatabaseCleaner;
 import org.apache.ambari.server.audit.AuditLoggerModule;
 import org.apache.ambari.server.configuration.Configuration;
 import org.apache.ambari.server.orm.GuiceJpaInitializer;
+import org.apache.ambari.server.orm.dao.UserDAO;
 import org.apache.ambari.server.orm.entities.PrincipalEntity;
 import org.apache.ambari.server.orm.entities.UserEntity;
 import org.apache.ambari.server.security.ClientSecurityType;
@@ -92,6 +93,7 @@ public class AmbariPamAuthenticationProviderTest {
     UnixUser unixUser = createNiceMock(UnixUser.class);
     UserEntity userEntity = combineUserEntity();
     User user = new User(userEntity);
+    UserDAO userDAO = createNiceMock(UserDAO.class);
     Collection<AmbariGrantedAuthority> userAuthorities = Collections.singletonList(createNiceMock(AmbariGrantedAuthority.class));
     expect(pam.authenticate(EasyMock.anyObject(String.class), EasyMock.anyObject(String.class))).andReturn(unixUser).atLeastOnce();
     expect(unixUser.getGroups()).andReturn(new HashSet<String>(Arrays.asList("group"))).atLeastOnce();
@@ -99,6 +101,7 @@ public class AmbariPamAuthenticationProviderTest {
     EasyMock.replay(pam);
     Authentication authentication = new AmbariUserAuthentication("userPass", user, userAuthorities);
     Authentication result = authenticationProvider.authenticateViaPam(pam,authentication);
+    expect(userDAO.findUserByName("userName")).andReturn(null).once();
     Assert.assertNotNull(result);
     Assert.assertEquals(true, result.isAuthenticated());
     Assert.assertTrue(result instanceof AmbariUserAuthentication);


Mime
View raw message