ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From me...@apache.org
Subject ranger git commit: RANGER-2041 : Handle validations for passwords of admin accounts during ranger install (make default passwords mandatory during install)
Date Mon, 30 Apr 2018 14:01:35 GMT
Repository: ranger
Updated Branches:
  refs/heads/master fbaa4537c -> 2b9f76e81


RANGER-2041 : Handle validations for passwords of admin accounts during ranger install (make
default passwords mandatory during install)

Signed-off-by: Mehul Parikh <mehul@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/2b9f76e8
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/2b9f76e8
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/2b9f76e8

Branch: refs/heads/master
Commit: 2b9f76e818e404ae824b40479f6c3cb84d870a92
Parents: fbaa453
Author: fatimaawez <fatimakhan4689@gmail.com>
Authored: Wed Apr 25 13:34:40 2018 +0530
Committer: Mehul Parikh <mehul@apache.org>
Committed: Mon Apr 30 19:30:43 2018 +0530

----------------------------------------------------------------------
 security-admin/scripts/db_setup.py   | 101 ++++++++++++++++++++++++++++++
 security-admin/scripts/dba_script.py |  18 +-----
 security-admin/scripts/setup.sh      |  38 ++++++++---
 3 files changed, 132 insertions(+), 25 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/2b9f76e8/security-admin/scripts/db_setup.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py
index 2cbe665..f123dff 100644
--- a/security-admin/scripts/db_setup.py
+++ b/security-admin/scripts/db_setup.py
@@ -189,6 +189,9 @@ class BaseDB(object):
 	def import_core_db_schema(self, db_name, db_user, db_password, file_name,first_table,last_table):
 		log("[I] ---------- Importing Core DB Schema ----------", "info")
 
+        def is_new_install(xa_db_host, db_user, db_password, db_name):
+                log("[I] ----------------- Checking Ranger Version ------------", "info")
+
 class MysqlConf(BaseDB):
 	# Constructor
 	def __init__(self, host,SQL_CONNECTOR_JAR,JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type):
@@ -838,6 +841,25 @@ class MysqlConf(BaseDB):
 			else:
 				log("[I] "+ version +" status entry to x_db_version_h table completed", "info")
 
+        def is_new_install(self, xa_db_host, db_user, db_password, db_name):
+                get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+                if is_unix:
+                        query = get_cmd + " -query \"SELECT version();\""
+                elif os_name == "WINDOWS":
+                        query = get_cmd + " -query \"SELECT version();\" -c ;"
+                output = check_output(query)
+                if not output.strip('Production  |'):
+                        sys.exit(0)
+                get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+                version="J10001"
+                if is_unix:
+                        query = get_cmd + " -query \"select version from x_db_version_h where
version = '%s' and active = 'Y';\"" %(version)
+                elif os_name == "WINDOWS":
+                        query = get_cmd + " -query \"select version from x_db_version_h where
version = '%s' and active = 'Y';\" -c ;" %(version)
+                output = check_output(query)
+                if not output.strip(version + " |"):
+                         sys.exit(0)
+
 class OracleConf(BaseDB):
 	# Constructor
 	def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN):
@@ -1552,6 +1574,25 @@ class OracleConf(BaseDB):
 			else:
 				log("[I] "+ version +" status entry to x_db_version_h table completed", "info")
 
+        def is_new_install(self, xa_db_host, db_user, db_password, db_name):
+            get_cmd = self.get_jisql_cmd(db_user, db_password)
+            if is_unix:
+              query = get_cmd + " -c \; -query \"select * from v$version;\""
+            elif os_name == "WINDOWS":
+              query = get_cmd + " -query \"select * from v$version;\" -c ;"
+            output = check_output(query)
+            if not output.strip('Production  |'):
+              sys.exit(0)
+            get_cmd = self.get_jisql_cmd(db_user, db_password)
+            version="J10001"
+            if is_unix:
+              query = get_cmd + " -c \; -query \"select version from x_db_version_h where
version = '%s' and active = 'Y';\"" %(version)
+            elif os_name == "WINDOWS":
+              query = get_cmd + " -query \"select version from x_db_version_h where version
= '%s' and active = 'Y';\" -c ;" %(version)
+            output = check_output(query)
+            if not output.strip(version + " |"):
+              sys.exit(0)
+
 class PostgresConf(BaseDB):
 	# Constructor
 	def __init__(self, host,SQL_CONNECTOR_JAR,JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type):
@@ -2241,6 +2282,25 @@ class PostgresConf(BaseDB):
 			else:
 				log("[I] "+ version +" status entry to x_db_version_h table completed", "info")
 
+        def is_new_install(self, xa_db_host, db_user, db_password, db_name):
+                get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+                if is_unix:
+                        query = get_cmd + " -query \"SELECT 1;\""
+                elif os_name == "WINDOWS":
+                        query = get_cmd + " -query \"SELECT 1;\" -c ;"
+                output = check_output(query)
+                if not output.strip('1 |'):
+                         sys.exit(0)
+                get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+                version="J10001"
+                if is_unix:
+                        query = get_cmd + " -query \"select version from x_db_version_h where
version = '%s' and active = 'Y';\"" %(version)
+                elif os_name == "WINDOWS":
+                        query = get_cmd + " -query \"select version from x_db_version_h where
version = '%s' and active = 'Y';\" -c ;" %(version)
+                output = check_output(query)
+                if not output.strip(version + " |"):
+                         sys.exit(0)
+
 class SqlServerConf(BaseDB):
 	# Constructor
 	def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN):
@@ -2872,6 +2932,25 @@ class SqlServerConf(BaseDB):
 			else:
 				log("[I] "+ version +" status entry to x_db_version_h table completed", "info")
 
+        def is_new_install(self, xa_db_host, db_user, db_password, db_name):
+                get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+                if is_unix:
+                        query = get_cmd + " -c \; -query \"SELECT 1;\""
+                elif os_name == "WINDOWS":
+                        query = get_cmd + " -query \"SELECT 1;\" -c ;"
+                output = check_output(query)
+                if not output.strip('1 |'):
+                         sys.exit(0)
+                get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+                version="J10001"
+                if is_unix:
+                        query = get_cmd + " -query \"select version from x_db_version_h where
version = '%s' and active = 'Y';\" -c \;" %(version)
+                elif os_name == "WINDOWS":
+                        query = get_cmd + " -query \"select version from x_db_version_h where
version = '%s' and active = 'Y';\" -c ;" %(version)
+                output = check_output(query)
+                if not output.strip(version + " |"):
+                         sys.exit(0)
+
 class SqlAnywhereConf(BaseDB):
 	# Constructor
 	def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN):
@@ -3516,6 +3595,25 @@ class SqlAnywhereConf(BaseDB):
 			else:
 				log("[I] "+ version +" status entry to x_db_version_h table completed", "info")
 
+        def is_new_install(self, xa_db_host, db_user, db_password, db_name):
+                get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+                if is_unix:
+                        query = get_cmd + " -c \; -query \"SELECT 1;\""
+                elif os_name == "WINDOWS":
+                        query = get_cmd + " -query \"SELECT 1;\" -c ;"
+                output = check_output(query)
+                if not output.strip('1 |'):
+                         sys.exit(0)
+                get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+                version="J10001"
+                if is_unix:
+                        query = get_cmd + " -query \"select version from x_db_version_h where
version = '%s' and active = 'Y';\" -c \;" %(version)
+                elif os_name == "WINDOWS":
+                        query = get_cmd + " -query \"select version from x_db_version_h where
version = '%s' and active = 'Y';\" -c ;" %(version)
+                output = check_output(query)
+                if not output.strip(version + " |"):
+                         sys.exit(0)
+
 def main(argv):
 	populate_global_dict()
 
@@ -3798,6 +3896,9 @@ def main(argv):
 				else:
 					log("[I] JAVA_PATCHES have already been applied","info")
 
+                        if str(argv[i]) == "-checkupgrade":
+                                xa_sqlObj.is_new_install(xa_db_host, db_user, db_password,
db_name)
+
 			if str(argv[i]) == "-changepassword":
 				if len(argv)==5:
 					userName=argv[2]

http://git-wip-us.apache.org/repos/asf/ranger/blob/2b9f76e8/security-admin/scripts/dba_script.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py
index 4a57bba..e889529 100644
--- a/security-admin/scripts/dba_script.py
+++ b/security-admin/scripts/dba_script.py
@@ -124,11 +124,6 @@ def password_validation(password, userType):
 			log("[E] Blank password is not allowed,please enter valid password.","error")
 			sys.exit(1)
 
-def validateDefaultUsersPassword(password, userName):
-                if not re.search(r'(?=.*[0-9])(?=.*[a-zA-Z])', password) or len(password)<8
 or re.search("[\\\`'\"]",password):
-                                log("[E] validatePassword()."+userName+ " password change
failed. Password should be minimum 8 characters with minimum one alphabet and one numeric.
Unsupported special characters are  \" ' \ `","error")
-                                sys.exit(1)
-
 def jisql_log(query, db_root_password):
 	if jisql_debug == True:
 		if os_name == "WINDOWS":
@@ -1465,18 +1460,7 @@ def main(argv):
 					else:
 						log("[E] Invalid file Name! Unable to find file:"+dba_sql_file,"error")
 						sys.exit(1)
-        rangerAdmin_password = globalDict['rangerAdmin_password']
-        if ( rangerAdmin_password != '' ) and (rangerAdmin_password != "admin" ):
-                validateDefaultUsersPassword(rangerAdmin_password,"admin");
-        rangerTagsync_password = globalDict['rangerTagsync_password']
-        if ( rangerTagsync_password != '' ) and (rangerTagsync_password != "rangertagsync"
):
-                validateDefaultUsersPassword(rangerTagsync_password,"rangertagsync");
-        rangerUsersync_password = globalDict['rangerUsersync_password']
-        if ( rangerUsersync_password != '' ) and (rangerUsersync_password != "rangerusersync"
):
-                validateDefaultUsersPassword(rangerUsersync_password,"rangerusersync");
-        keyadmin_password = globalDict['keyadmin_password']
-        if ( keyadmin_password != '' ) and (keyadmin_password != "keyadmin" ):
-                validateDefaultUsersPassword(keyadmin_password,"keyadmin");
+
 	log("[I] Running DBA setup script. QuiteMode:" + str(quiteMode),"info")
 	if (quiteMode):
 		if (not 'JAVA_HOME' in os.environ) or (os.environ['JAVA_HOME'] == ""):

http://git-wip-us.apache.org/repos/asf/ranger/blob/2b9f76e8/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index 45bc918..76baa4c 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -287,6 +287,9 @@ run_dba_steps(){
                 python dba_script.py -q
         fi
 }
+check_ranger_version(){
+        $PYTHON_COMMAND_INVOKER db_setup.py -checkupgrade
+}
 check_db_connector() {
 	log "[I] Checking ${DB_FLAVOR} CONNECTOR FILE : ${SQL_CONNECTOR_JAR}"
 	if test -f "$SQL_CONNECTOR_JAR"; then
@@ -1379,23 +1382,34 @@ setup_install_files(){
 python_command_for_change_password(){
         $PYTHON_COMMAND_INVOKER db_setup.py -changepassword  "${1}" "${2}" "${3}"
 }
+validateDefaultUsersPassword(){
+        if [ "${2}" == "" ]
+        then
+          log "[E] validatePassword(). Password for ${1} user cannot be blank"
+          exit 1
+        elif ! [[ ${#2} -ge 8 && "$2" =~ [A-Za-z] && "$2" =~ [0-9] ]] ||
[[ "${2}" =~ [\"\`\\"'"] ]]
+        then
+           log "[E] validatePassword(). ${1} password change failed. Password should be minimum
8 characters with minimum one alphabet and one numeric. Unsupported special characters are
\\\`'\""
+           exit 1
+        fi
+}
 
 change_default_users_password(){
-        if [ "${rangerAdmin_password}" != '' ] && [ "${rangerAdmin_password}" !=
"admin" ]
+        if [ "${rangerAdmin_password}" != "admin" ]
         then
-                python_command_for_change_password  'admin' 'admin' "$rangerAdmin_password"
+          python_command_for_change_password  'admin' 'admin' "${rangerAdmin_password}"
         fi
-        if [ "${rangerTagsync_password}" != "" ] &&  [ "${rangerTagsync_password}"
!= "rangertagsync" ]
+        if [ "${rangerTagsync_password}" != "rangertagsync" ]
         then
-                python_command_for_change_password 'rangertagsync' 'rangertagsync' "$rangerTagsync_password"
+          python_command_for_change_password 'rangertagsync' 'rangertagsync' "${rangerTagsync_password}"
         fi
-        if [ "${rangerUsersync_password}" != "" ] &&  [ "${rangerUsersync_password}"
!= "rangerusersync" ]
+        if [ "${rangerUsersync_password}" != "rangerusersync" ]
         then
-   python_command_for_change_password 'rangerusersync' 'rangerusersync' "$rangerUsersync_password"
+          python_command_for_change_password 'rangerusersync' 'rangerusersync' "${rangerUsersync_password}"
         fi
-        if [ "${keyadmin_password}" != "" ] &&  [ "${keyadmin_password}" != "keyadmin"
]
+        if [ "${keyadmin_password}" != "keyadmin" ]
         then
-   python_command_for_change_password 'keyadmin' 'keyadmin' "$keyadmin_password"
+          python_command_for_change_password 'keyadmin' 'keyadmin' "${keyadmin_password}"
         fi
 }
 log " --------- Running Ranger PolicyManager Web Application Install Script --------- "
@@ -1410,6 +1424,14 @@ setup_install_files
 sanity_check_files
 copy_db_connector
 check_python_command
+check_ranger_version
+if [ "$?" != "0" ]
+then
+        validateDefaultUsersPassword 'admin' "${rangerAdmin_password}"
+        validateDefaultUsersPassword 'rangertagsync' "${rangerTagsync_password}"
+        validateDefaultUsersPassword 'rangerusersync' "${rangerUsersync_password}"
+        validateDefaultUsersPassword 'keyadmin' "${keyadmin_password}"
+fi
 run_dba_steps
 if [ "$?" == "0" ]
 then


Mime
View raw message