Return-Path: X-Original-To: apmail-ranger-commits-archive@www.apache.org Delivered-To: apmail-ranger-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id EC78C177FC for ; Wed, 3 Jun 2015 10:29:03 +0000 (UTC) Received: (qmail 960 invoked by uid 500); 3 Jun 2015 10:29:03 -0000 Delivered-To: apmail-ranger-commits-archive@ranger.apache.org Received: (qmail 935 invoked by uid 500); 3 Jun 2015 10:29:03 -0000 Mailing-List: contact commits-help@ranger.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ranger.incubator.apache.org Delivered-To: mailing list commits@ranger.incubator.apache.org Received: (qmail 926 invoked by uid 99); 3 Jun 2015 10:29:03 -0000 Received: from Unknown (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Jun 2015 10:29:03 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 65911CB061 for ; Wed, 3 Jun 2015 10:29:03 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.791 X-Spam-Level: * X-Spam-Status: No, score=1.791 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-us-east.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id SP4JkTn18_67 for ; Wed, 3 Jun 2015 10:28:50 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx1-us-east.apache.org (ASF Mail Server at mx1-us-east.apache.org) with SMTP id 1270E42AA6 for ; Wed, 3 Jun 2015 10:28:48 +0000 (UTC) Received: (qmail 118 invoked by uid 99); 3 Jun 2015 10:28:48 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Jun 2015 10:28:48 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 903F5E01CA; Wed, 3 Jun 2015 10:28:48 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: sneethir@apache.org To: commits@ranger.incubator.apache.org Date: Wed, 03 Jun 2015 10:28:48 -0000 Message-Id: <94825217671c4763850b09cc73d95089@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [01/10] incubator-ranger git commit: RANGER-518 : Disable SHA256 hashing of password to test rolling downgrade of ranger admin Repository: incubator-ranger Updated Branches: refs/heads/ranger-0.5 681e1ef5c -> 866c01aae RANGER-518 : Disable SHA256 hashing of password to test rolling downgrade of ranger admin Signed-off-by: sneethiraj Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/144c2153 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/144c2153 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/144c2153 Branch: refs/heads/ranger-0.5 Commit: 144c2153b7379761a0531d822013460962d55a9f Parents: 681e1ef Author: Gautam Borad Authored: Mon Jun 1 14:14:50 2015 +0530 Committer: sneethiraj Committed: Mon Jun 1 11:58:00 2015 -0400 ---------------------------------------------------------------------- kms/scripts/db_setup.py | 8 ++++---- kms/scripts/dba_script.py | 8 ++++---- security-admin/scripts/db_setup.py | 8 ++++---- security-admin/scripts/dba_script.py | 8 ++++---- security-admin/src/bin/ranger_install.py | 10 +++++----- .../src/main/java/org/apache/ranger/biz/UserMgr.java | 9 ++++++++- .../java/org/apache/ranger/common/PropertiesUtil.java | 11 +++++++++++ .../security/handler/RangerAuthenticationProvider.java | 5 ++++- .../resources/conf.dist/ranger-admin-default-site.xml | 5 +++++ 9 files changed, 49 insertions(+), 23 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/144c2153/kms/scripts/db_setup.py ---------------------------------------------------------------------- diff --git a/kms/scripts/db_setup.py b/kms/scripts/db_setup.py index e7aa9a1..fd10f4e 100644 --- a/kms/scripts/db_setup.py +++ b/kms/scripts/db_setup.py @@ -277,9 +277,9 @@ class PostgresConf(BaseDB): path = RANGER_KMS_HOME self.JAVA_BIN = self.JAVA_BIN.strip("'") if os_name == "LINUX": - jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,self.host, db_name, user, password) + jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,self.host, db_name, user, password) elif os_name == "WINDOWS": - jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password) + jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password) return jisql_cmd def check_connection(self, db_name, db_user, db_password): @@ -347,9 +347,9 @@ class SqlServerConf(BaseDB): path = RANGER_KMS_HOME self.JAVA_BIN = self.JAVA_BIN.strip("'") if os_name == "LINUX": - jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, user, password, self.host,db_name) + jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, user, password, self.host,db_name) elif os_name == "WINDOWS": - jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name) + jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name) return jisql_cmd def check_connection(self, db_name, db_user, db_password): http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/144c2153/kms/scripts/dba_script.py ---------------------------------------------------------------------- diff --git a/kms/scripts/dba_script.py b/kms/scripts/dba_script.py index f2f3650..2a3d5d7 100644 --- a/kms/scripts/dba_script.py +++ b/kms/scripts/dba_script.py @@ -524,9 +524,9 @@ class PostgresConf(BaseDB): path = RANGER_KMS_HOME self.JAVA_BIN = self.JAVA_BIN.strip("'") if os_name == "LINUX": - jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,self.host, db_name, user, password) + jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,self.host, db_name, user, password) elif os_name == "WINDOWS": - jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password) + jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password) return jisql_cmd def verify_user(self, root_user, db_root_password, db_user,dryMode): @@ -721,9 +721,9 @@ class SqlServerConf(BaseDB): path = RANGER_KMS_HOME self.JAVA_BIN = self.JAVA_BIN.strip("'") if os_name == "LINUX": - jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password, self.host,db_name) + jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password, self.host,db_name) elif os_name == "WINDOWS": - jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name) + jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name) return jisql_cmd def verify_user(self, root_user, db_root_password, db_user,dryMode): http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/144c2153/security-admin/scripts/db_setup.py ---------------------------------------------------------------------- diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py index 52ddeb1..67f2a43 100644 --- a/security-admin/scripts/db_setup.py +++ b/security-admin/scripts/db_setup.py @@ -664,9 +664,9 @@ class PostgresConf(BaseDB): path = RANGER_ADMIN_HOME self.JAVA_BIN = self.JAVA_BIN.strip("'") if os_name == "LINUX": - jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password) + jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password) elif os_name == "WINDOWS": - jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password) + jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password) return jisql_cmd def check_connection(self, db_name, db_user, db_password): @@ -912,9 +912,9 @@ class SqlServerConf(BaseDB): path = RANGER_ADMIN_HOME self.JAVA_BIN = self.JAVA_BIN.strip("'") if os_name == "LINUX": - jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name) + jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name) elif os_name == "WINDOWS": - jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name) + jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name) return jisql_cmd def check_connection(self, db_name, db_user, db_password): http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/144c2153/security-admin/scripts/dba_script.py ---------------------------------------------------------------------- diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py index bf2a780..a3737ed 100644 --- a/security-admin/scripts/dba_script.py +++ b/security-admin/scripts/dba_script.py @@ -699,9 +699,9 @@ class PostgresConf(BaseDB): path = RANGER_ADMIN_HOME self.JAVA_BIN = self.JAVA_BIN.strip("'") if os_name == "LINUX": - jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, self.host, db_name, user, password) + jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, self.host, db_name, user, password) elif os_name == "WINDOWS": - jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password) + jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password) return jisql_cmd def verify_user(self, root_user, db_root_password, db_user,dryMode): @@ -906,9 +906,9 @@ class SqlServerConf(BaseDB): path = RANGER_ADMIN_HOME self.JAVA_BIN = self.JAVA_BIN.strip("'") if os_name == "LINUX": - jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password, self.host,db_name) + jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password, self.host,db_name) elif os_name == "WINDOWS": - jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name) + jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name) return jisql_cmd def verify_user(self, root_user, db_root_password, db_user,dryMode): http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/144c2153/security-admin/src/bin/ranger_install.py ---------------------------------------------------------------------- diff --git a/security-admin/src/bin/ranger_install.py b/security-admin/src/bin/ranger_install.py index d961b55..42142fe 100644 --- a/security-admin/src/bin/ranger_install.py +++ b/security-admin/src/bin/ranger_install.py @@ -292,7 +292,7 @@ def init_variables(switch): conf_dict['SQL_CONNECTOR_JAR'] = os.path.join(dir,filename) - conf_dict['db_host']=os.getenv("RANGER_ADMIN_DB_HOST") + conf_dict['db_host']=os.getenv("RANGER_ADMIN_DB_HOST") + ":" + os.getenv("RANGER_ADMIN_DB_PORT") conf_dict['db_name']=os.getenv("RANGER_ADMIN_DB_DBNAME") conf_dict['db_user']=os.getenv("RANGER_ADMIN_DB_USERNAME") conf_dict['db_password']=os.getenv("RANGER_ADMIN_DB_PASSWORD") @@ -737,7 +737,7 @@ def update_properties(): log("SQL_HOST is : " + MYSQL_HOST,"debug") if RANGER_DB_FLAVOR == "MYSQL": propertyName="ranger.jpa.jdbc.url" - newPropertyValue="jdbc:log4jdbc:mysql://" + MYSQL_HOST + ":RANGER_ADMIN_DB_PORT/" + db_name + newPropertyValue="jdbc:log4jdbc:mysql://%s:%s/%s" %(MYSQL_HOST ,RANGER_ADMIN_DB_PORT, db_name) updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) propertyName="ranger.jpa.jdbc.user" @@ -749,7 +749,7 @@ def update_properties(): updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) propertyName="ranger.jpa.audit.jdbc.url" - newPropertyValue="jdbc:log4jdbc:mysql://"+MYSQL_HOST+":RANGER_AUDIT_DB_PORT/"+audit_db_name + newPropertyValue="jdbc:log4jdbc:mysql://%s:%s/%s" %(MYSQL_HOST, RANGER_AUDIT_DB_PORT, audit_db_name) updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) propertyName="ranger.jpa.jdbc.dialect" @@ -837,7 +837,7 @@ def update_properties(): elif RANGER_DB_FLAVOR == "MSSQL": propertyName="ranger.jpa.jdbc.url" - newPropertyValue="jdbc:sqlserver://%s;databaseName=%s" %(MYSQL_HOST, db_name) + newPropertyValue="jdbc:sqlserver://%s:%s;databaseName=%s" %(MYSQL_HOST, RANGER_ADMIN_DB_PORT, db_name) updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) propertyName="ranger.jpa.jdbc.user" @@ -849,7 +849,7 @@ def update_properties(): updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) propertyName="ranger.jpa.audit.jdbc.url" - newPropertyValue="jdbc:sqlserver://%s;databaseName=%s" % (MYSQL_HOST, audit_db_name) + newPropertyValue="jdbc:sqlserver://%s:%s;databaseName=%s" % (MYSQL_HOST, RANGER_AUDIT_DB_PORT, audit_db_name) updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) propertyName="ranger.jpa.jdbc.dialect" http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/144c2153/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java index f047d14..939ddc2 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java @@ -33,6 +33,7 @@ import org.apache.ranger.common.ContextUtil; import org.apache.ranger.common.DateUtil; import org.apache.ranger.common.GUIDUtil; import org.apache.ranger.common.MessageEnums; +import org.apache.ranger.common.PropertiesUtil; import org.apache.ranger.common.RESTErrorUtil; import org.apache.ranger.common.RangerCommonEnums; import org.apache.ranger.common.RangerConfigUtil; @@ -1109,7 +1110,13 @@ public class UserMgr { } public String encrypt(String loginId, String password) { - String saltEncodedpasswd = sha256Encoder.encodePassword(password, loginId); + String sha256PasswordUpdateDisable=PropertiesUtil.getProperty("ranger.sha256Password.update.disable", "false"); + String saltEncodedpasswd=""; + if("false".equalsIgnoreCase(sha256PasswordUpdateDisable)){ + saltEncodedpasswd = sha256Encoder.encodePassword(password, loginId); + }else{ + saltEncodedpasswd = md5Encoder.encodePassword(password, loginId); + } return saltEncodedpasswd; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/144c2153/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java b/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java index 4044443..5229fe7 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java @@ -152,6 +152,17 @@ public class PropertiesUtil extends PropertyPlaceholderConfigurer { } } } + if(propertiesMap!=null){ + String sha256PasswordUpdateDisable="false"; + if(propertiesMap.containsKey("ranger.sha256Password.update.disable")){ + sha256PasswordUpdateDisable=propertiesMap.get("ranger.sha256Password.update.disable"); + if(sha256PasswordUpdateDisable==null || sha256PasswordUpdateDisable.trim().isEmpty()|| !"true".equalsIgnoreCase(sha256PasswordUpdateDisable)){ + sha256PasswordUpdateDisable="false"; + } + } + propertiesMap.put("ranger.sha256Password.update.disable", sha256PasswordUpdateDisable); + props.put("ranger.sha256Password.update.disable", sha256PasswordUpdateDisable); + } super.processProperties(beanFactory, props); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/144c2153/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java index ac522cc..1f1d957 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java +++ b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java @@ -82,6 +82,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider { @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { + String sha256PasswordUpdateDisable=PropertiesUtil.getProperty("ranger.sha256Password.update.disable", "false"); if(rangerAuthenticationMethod==null){ rangerAuthenticationMethod="NONE"; } @@ -144,7 +145,9 @@ public class RangerAuthenticationProvider implements AuthenticationProvider { throw e; } if(authentication!=null && authentication.isAuthenticated()){ - userMgr.updatePasswordInSHA256(userName,userPassword); + if("false".equalsIgnoreCase(sha256PasswordUpdateDisable)){ + userMgr.updatePasswordInSHA256(userName,userPassword); + } return authentication; }else{ return authentication; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/144c2153/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml ---------------------------------------------------------------------- diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml index de0f8b1..580341b 100644 --- a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml +++ b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml @@ -436,4 +436,9 @@ ranger.solr.password + + ranger.sha256Password.update.disable + false + +