You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by nc...@apache.org on 2015/10/26 15:19:23 UTC
[14/17] ambari git commit: AMBARI-13538. Allow special characters in passwords for Ranger

AMBARI-13538. Allow special characters in passwords for Ranger


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/a9546afc
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/a9546afc
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/a9546afc

Branch: refs/heads/branch-dev-patch-upgrade
Commit: a9546afcab20f8419c0fb26e2ae8ad43b3bcb3a6
Parents: 16a4575
Author: Gautam Borad <ga...@apache.org>
Authored: Mon Oct 26 10:35:08 2015 +0530
Committer: Gautam Borad <ga...@apache.com>
Committed: Mon Oct 26 14:48:26 2015 +0530

----------------------------------------------------------------------
 .../RANGER/0.4.0/package/scripts/params.py              |  3 ++-
 .../RANGER/0.4.0/package/scripts/setup_ranger_xml.py    | 12 ++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/a9546afc/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
index 3900196..ec1e3da 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
@@ -177,4 +177,5 @@ ranger_ug_ldap_url = config["configurations"]["ranger-ugsync-site"]["ranger.user
 ranger_ug_ldap_bind_dn = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.binddn"]
 ranger_ug_ldap_user_searchfilter = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.user.searchfilter"]
 ranger_ug_ldap_group_searchbase = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.group.searchbase"]
-ranger_ug_ldap_group_searchfilter = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.group.searchfilter"]
\ No newline at end of file
+ranger_ug_ldap_group_searchfilter = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.group.searchfilter"]
+ug_sync_source = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.source.impl.class"]

http://git-wip-us.apache.org/repos/asf/ambari/blob/a9546afc/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
index b682c4f..d4b9a86 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
@@ -18,6 +18,7 @@ limitations under the License.
 
 """
 import os
+import re
 from resource_management.core.logger import Logger
 from resource_management.core.resources.system import File, Directory, Execute
 from resource_management.core.source import DownloadSource, InlineTemplate
@@ -270,6 +271,14 @@ def do_keystore_setup(rolling_upgrade=False):
       mode = 0640
     )
 
+def password_validation(password):
+  import params
+  if password.strip() == "":
+    raise Fail("Blank password is not allowed for Bind user. Please enter valid password.")
+  if re.search("[\\\`'\"]",password):
+    raise Fail("LDAP/AD bind password contains one of the unsupported special characters like \" ' \ `")
+  else:
+    Logger.info("password validated")
  
 def setup_usersync(rolling_upgrade=False):
   import params
@@ -277,6 +286,9 @@ def setup_usersync(rolling_upgrade=False):
   usersync_home = params.usersync_home
   ranger_ugsync_conf = params.ranger_ugsync_conf
 
+  if not is_empty(params.ranger_usersync_ldap_ldapbindpassword) and params.ug_sync_source == 'org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder':
+    password_validation(params.ranger_usersync_ldap_ldapbindpassword)
+
   if rolling_upgrade:
     usersync_home = format("/usr/hdp/{version}/ranger-usersync")
     ranger_ugsync_conf = format("/usr/hdp/{version}/ranger-usersync/conf")