You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by da...@apache.org on 2017/03/09 00:00:54 UTC
[3/3] kudu git commit: Fix Webserver option 'password_file' to pass
correct Squeasel option 'global_auth_file' for enabling HTTP authorization.
Fix Webserver option 'password_file' to pass correct Squeasel option
'global_auth_file' for enabling HTTP authorization.
Also add test case for web UI .htpasswd support.
Change-Id: I2d30f450abfb3d0addc0eef39bcf78c87e4298c5
Reviewed-on: http://gerrit.cloudera.org:8080/6300
Tested-by: Kudu Jenkins
Reviewed-by: Dan Burkert <da...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/kudu/repo
Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/937064f9
Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/937064f9
Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/937064f9
Branch: refs/heads/master
Commit: 937064f9187e07d2d1880d61cf67792eefe9a82d
Parents: 5a24fe6
Author: hahao <ha...@cloudera.com>
Authored: Tue Mar 7 13:11:37 2017 -0800
Committer: Dan Burkert <da...@apache.org>
Committed: Wed Mar 8 23:37:00 2017 +0000
----------------------------------------------------------------------
src/kudu/security/CMakeLists.txt | 2 +-
src/kudu/security/test/test_pass.cc | 40 ++++++++++++++++++++++++++++++++
src/kudu/security/test/test_pass.h | 33 ++++++++++++++++++++++++++
src/kudu/server/webserver-test.cc | 21 +++++++++++++++++
src/kudu/server/webserver.cc | 2 +-
5 files changed, 96 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/kudu/blob/937064f9/src/kudu/security/CMakeLists.txt
----------------------------------------------------------------------
diff --git a/src/kudu/security/CMakeLists.txt b/src/kudu/security/CMakeLists.txt
index c24deef..0dc7d0f 100644
--- a/src/kudu/security/CMakeLists.txt
+++ b/src/kudu/security/CMakeLists.txt
@@ -93,7 +93,7 @@ if (NOT NO_TESTS)
set(SECURITY_TEST_SRCS
security-test-util.cc
test/mini_kdc.cc
- test/test_certs.cc)
+ test/test_certs.cc test/test_pass.cc)
add_library(security-test ${SECURITY_TEST_SRCS})
target_link_libraries(security-test
http://git-wip-us.apache.org/repos/asf/kudu/blob/937064f9/src/kudu/security/test/test_pass.cc
----------------------------------------------------------------------
diff --git a/src/kudu/security/test/test_pass.cc b/src/kudu/security/test/test_pass.cc
new file mode 100644
index 0000000..9a0ab46
--- /dev/null
+++ b/src/kudu/security/test/test_pass.cc
@@ -0,0 +1,40 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+#include "kudu/security/test/test_pass.h"
+
+#include "kudu/util/env.h"
+#include "kudu/util/path_util.h"
+
+using std::string;
+
+namespace kudu {
+namespace security {
+
+Status CreateTestHTPasswd(const string& dir,
+ string* passwd_file) {
+
+ // In the format of user:realm:digest. Digest is generated bases on
+ // password 'test'.
+ const char *kHTPasswd = "test:0.0.0.0:e4c02fbc8e89377a942ffc6b1bc3a566";
+ *passwd_file = JoinPathSegments(dir, "test.passwd");
+ RETURN_NOT_OK(WriteStringToFile(Env::Default(), kHTPasswd, *passwd_file));
+ return Status::OK();
+}
+
+} // namespace security
+} // namespace kudu
http://git-wip-us.apache.org/repos/asf/kudu/blob/937064f9/src/kudu/security/test/test_pass.h
----------------------------------------------------------------------
diff --git a/src/kudu/security/test/test_pass.h b/src/kudu/security/test/test_pass.h
new file mode 100644
index 0000000..c0974d0
--- /dev/null
+++ b/src/kudu/security/test/test_pass.h
@@ -0,0 +1,33 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+#pragma once
+
+#include <string>
+
+#include "kudu/util/status.h"
+
+namespace kudu {
+namespace security {
+
+// Creates .htpasswd for HTTP basic authentication in the format
+// of 'user:realm:digest', returning the path in '*passwd_file'.
+Status CreateTestHTPasswd(const std::string &dir,
+ std::string *passwd_file);
+
+} // namespace security
+} // namespace kudu
http://git-wip-us.apache.org/repos/asf/kudu/blob/937064f9/src/kudu/server/webserver-test.cc
----------------------------------------------------------------------
diff --git a/src/kudu/server/webserver-test.cc b/src/kudu/server/webserver-test.cc
index 82f68e2..6142319 100644
--- a/src/kudu/server/webserver-test.cc
+++ b/src/kudu/server/webserver-test.cc
@@ -24,6 +24,7 @@
#include "kudu/gutil/strings/util.h"
#include "kudu/gutil/stringprintf.h"
#include "kudu/security/test/test_certs.h"
+#include "kudu/security/test/test_pass.h"
#include "kudu/server/default-path-handlers.h"
#include "kudu/server/webserver.h"
#include "kudu/util/curl_util.h"
@@ -50,6 +51,11 @@ void SetSslOptions(WebserverOptions* opts) {
&password));
opts->private_key_password_cmd = strings::Substitute("echo $0", password);
}
+
+void SetHTPasswdOptions(WebserverOptions* opts) {
+ CHECK_OK(security::CreateTestHTPasswd(GetTestDataDirectory(),
+ &opts->password_file));
+}
} // anonymous namespace
class WebserverTest : public KuduTest {
@@ -66,6 +72,7 @@ class WebserverTest : public KuduTest {
opts.port = 0;
opts.doc_root = static_dir_;
if (use_ssl()) SetSslOptions(&opts);
+ if (use_htpasswd()) SetHTPasswdOptions(&opts);
server_.reset(new Webserver(opts));
AddDefaultPathHandlers(server_.get());
@@ -80,6 +87,7 @@ class WebserverTest : public KuduTest {
protected:
// Overridden by subclasses.
virtual bool use_ssl() const { return false; }
+ virtual bool use_htpasswd() const { return false; }
EasyCurl curl_;
faststring buf_;
@@ -94,6 +102,19 @@ class SslWebserverTest : public WebserverTest {
bool use_ssl() const override { return true; }
};
+class PasswdWebserverTest : public WebserverTest {
+ protected:
+ bool use_htpasswd() const override { return true; }
+};
+
+// Send a HTTP request with no username and password. It should reject
+// the request as the .htpasswd is presented to webserver.
+TEST_F(PasswdWebserverTest, TestPasswd) {
+ Status status = curl_.FetchURL(strings::Substitute("http://$0/", addr_.ToString()),
+ &buf_);
+ ASSERT_EQ("Remote error: HTTP 401", status.ToString());
+}
+
TEST_F(WebserverTest, TestIndexPage) {
curl_.set_return_headers(true);
ASSERT_OK(curl_.FetchURL(strings::Substitute("http://$0/", addr_.ToString()),
http://git-wip-us.apache.org/repos/asf/kudu/blob/937064f9/src/kudu/server/webserver.cc
----------------------------------------------------------------------
diff --git a/src/kudu/server/webserver.cc b/src/kudu/server/webserver.cc
index 6d493b5..743eee8 100644
--- a/src/kudu/server/webserver.cc
+++ b/src/kudu/server/webserver.cc
@@ -193,7 +193,7 @@ Status Webserver::Start() {
return Status::InvalidArgument(ss.str());
}
LOG(INFO) << "Webserver: Password file is " << opts_.password_file;
- options.push_back("global_passwords_file");
+ options.push_back("global_auth_file");
options.push_back(opts_.password_file);
}