kudu-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jdcry...@apache.org
Subject kudu git commit: Fix Webserver option 'password_file' to pass correct Squeasel option 'global_auth_file' for enabling HTTP authorization.
Date Thu, 09 Mar 2017 00:18:13 GMT
Repository: kudu
Updated Branches:
  refs/heads/branch-1.3.x 27b850469 -> 4f02c9204


Fix Webserver option 'password_file' to pass correct Squeasel option
'global_auth_file' for enabling HTTP authorization.

Also add test case for web UI .htpasswd support.

Change-Id: I2d30f450abfb3d0addc0eef39bcf78c87e4298c5
Reviewed-on: http://gerrit.cloudera.org:8080/6300
Tested-by: Kudu Jenkins
Reviewed-by: Dan Burkert <danburkert@apache.org>
(cherry picked from commit 937064f9187e07d2d1880d61cf67792eefe9a82d)
Reviewed-on: http://gerrit.cloudera.org:8080/6323
Reviewed-by: Jean-Daniel Cryans <jdcryans@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/kudu/repo
Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/4f02c920
Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/4f02c920
Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/4f02c920

Branch: refs/heads/branch-1.3.x
Commit: 4f02c9204ea80917900e5b36de81c44016bd9f0d
Parents: 27b8504
Author: hahao <hao.hao@cloudera.com>
Authored: Tue Mar 7 13:11:37 2017 -0800
Committer: Jean-Daniel Cryans <jdcryans@apache.org>
Committed: Thu Mar 9 00:15:14 2017 +0000

----------------------------------------------------------------------
 src/kudu/security/CMakeLists.txt    |  2 +-
 src/kudu/security/test/test_pass.cc | 40 ++++++++++++++++++++++++++++++++
 src/kudu/security/test/test_pass.h  | 33 ++++++++++++++++++++++++++
 src/kudu/server/webserver-test.cc   | 21 +++++++++++++++++
 src/kudu/server/webserver.cc        |  2 +-
 5 files changed, 96 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kudu/blob/4f02c920/src/kudu/security/CMakeLists.txt
----------------------------------------------------------------------
diff --git a/src/kudu/security/CMakeLists.txt b/src/kudu/security/CMakeLists.txt
index c24deef..0dc7d0f 100644
--- a/src/kudu/security/CMakeLists.txt
+++ b/src/kudu/security/CMakeLists.txt
@@ -93,7 +93,7 @@ if (NOT NO_TESTS)
   set(SECURITY_TEST_SRCS
     security-test-util.cc
     test/mini_kdc.cc
-    test/test_certs.cc)
+    test/test_certs.cc test/test_pass.cc)
 
   add_library(security-test ${SECURITY_TEST_SRCS})
   target_link_libraries(security-test

http://git-wip-us.apache.org/repos/asf/kudu/blob/4f02c920/src/kudu/security/test/test_pass.cc
----------------------------------------------------------------------
diff --git a/src/kudu/security/test/test_pass.cc b/src/kudu/security/test/test_pass.cc
new file mode 100644
index 0000000..9a0ab46
--- /dev/null
+++ b/src/kudu/security/test/test_pass.cc
@@ -0,0 +1,40 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+#include "kudu/security/test/test_pass.h"
+
+#include "kudu/util/env.h"
+#include "kudu/util/path_util.h"
+
+using std::string;
+
+namespace kudu {
+namespace security {
+
+Status CreateTestHTPasswd(const string& dir,
+                          string* passwd_file) {
+
+  // In the format of user:realm:digest. Digest is generated bases on
+  // password 'test'.
+  const char *kHTPasswd = "test:0.0.0.0:e4c02fbc8e89377a942ffc6b1bc3a566";
+  *passwd_file = JoinPathSegments(dir, "test.passwd");
+  RETURN_NOT_OK(WriteStringToFile(Env::Default(), kHTPasswd, *passwd_file));
+  return Status::OK();
+}
+
+} // namespace security
+} // namespace kudu

http://git-wip-us.apache.org/repos/asf/kudu/blob/4f02c920/src/kudu/security/test/test_pass.h
----------------------------------------------------------------------
diff --git a/src/kudu/security/test/test_pass.h b/src/kudu/security/test/test_pass.h
new file mode 100644
index 0000000..c0974d0
--- /dev/null
+++ b/src/kudu/security/test/test_pass.h
@@ -0,0 +1,33 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+#pragma once
+
+#include <string>
+
+#include "kudu/util/status.h"
+
+namespace kudu {
+namespace security {
+
+// Creates .htpasswd for HTTP basic authentication in the format
+// of 'user:realm:digest', returning the path in '*passwd_file'.
+Status CreateTestHTPasswd(const std::string &dir,
+                          std::string *passwd_file);
+
+} // namespace security
+} // namespace kudu

http://git-wip-us.apache.org/repos/asf/kudu/blob/4f02c920/src/kudu/server/webserver-test.cc
----------------------------------------------------------------------
diff --git a/src/kudu/server/webserver-test.cc b/src/kudu/server/webserver-test.cc
index 82f68e2..6142319 100644
--- a/src/kudu/server/webserver-test.cc
+++ b/src/kudu/server/webserver-test.cc
@@ -24,6 +24,7 @@
 #include "kudu/gutil/strings/util.h"
 #include "kudu/gutil/stringprintf.h"
 #include "kudu/security/test/test_certs.h"
+#include "kudu/security/test/test_pass.h"
 #include "kudu/server/default-path-handlers.h"
 #include "kudu/server/webserver.h"
 #include "kudu/util/curl_util.h"
@@ -50,6 +51,11 @@ void SetSslOptions(WebserverOptions* opts) {
                                         &password));
   opts->private_key_password_cmd = strings::Substitute("echo $0", password);
 }
+
+void SetHTPasswdOptions(WebserverOptions* opts) {
+  CHECK_OK(security::CreateTestHTPasswd(GetTestDataDirectory(),
+                                        &opts->password_file));
+}
 } // anonymous namespace
 
 class WebserverTest : public KuduTest {
@@ -66,6 +72,7 @@ class WebserverTest : public KuduTest {
     opts.port = 0;
     opts.doc_root = static_dir_;
     if (use_ssl()) SetSslOptions(&opts);
+    if (use_htpasswd()) SetHTPasswdOptions(&opts);
     server_.reset(new Webserver(opts));
 
     AddDefaultPathHandlers(server_.get());
@@ -80,6 +87,7 @@ class WebserverTest : public KuduTest {
  protected:
   // Overridden by subclasses.
   virtual bool use_ssl() const { return false; }
+  virtual bool use_htpasswd() const { return false; }
 
   EasyCurl curl_;
   faststring buf_;
@@ -94,6 +102,19 @@ class SslWebserverTest : public WebserverTest {
   bool use_ssl() const override { return true; }
 };
 
+class PasswdWebserverTest : public WebserverTest {
+ protected:
+  bool use_htpasswd() const override { return true; }
+};
+
+// Send a HTTP request with no username and password. It should reject
+// the request as the .htpasswd is presented to webserver.
+TEST_F(PasswdWebserverTest, TestPasswd) {
+  Status status = curl_.FetchURL(strings::Substitute("http://$0/", addr_.ToString()),
+                                 &buf_);
+  ASSERT_EQ("Remote error: HTTP 401", status.ToString());
+}
+
 TEST_F(WebserverTest, TestIndexPage) {
   curl_.set_return_headers(true);
   ASSERT_OK(curl_.FetchURL(strings::Substitute("http://$0/", addr_.ToString()),

http://git-wip-us.apache.org/repos/asf/kudu/blob/4f02c920/src/kudu/server/webserver.cc
----------------------------------------------------------------------
diff --git a/src/kudu/server/webserver.cc b/src/kudu/server/webserver.cc
index 6d493b5..743eee8 100644
--- a/src/kudu/server/webserver.cc
+++ b/src/kudu/server/webserver.cc
@@ -193,7 +193,7 @@ Status Webserver::Start() {
       return Status::InvalidArgument(ss.str());
     }
     LOG(INFO) << "Webserver: Password file is " << opts_.password_file;
-    options.push_back("global_passwords_file");
+    options.push_back("global_auth_file");
     options.push_back(opts_.password_file);
   }
 


Mime
View raw message