You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2017/05/04 19:43:42 UTC

ambari git commit: AMBARI-20909. Server Error in Ambari UI, when trying to login as a pam user due to user name conflict (Anita Jebaraj via rlevas)

Repository: ambari
Updated Branches:
  refs/heads/trunk 423d836d0 -> 7cc5e9e22


AMBARI-20909. Server Error in Ambari UI, when trying to login as a pam user due to user name conflict (Anita Jebaraj via rlevas)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/7cc5e9e2
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/7cc5e9e2
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/7cc5e9e2

Branch: refs/heads/trunk
Commit: 7cc5e9e220b82052256a352f0e65323f2b1bc962
Parents: 423d836
Author: Anita Jebaraj <aj...@us.ibm.com>
Authored: Thu May 4 15:43:33 2017 -0400
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Thu May 4 15:43:33 2017 -0400

----------------------------------------------------------------------
 .../authorization/AmbariPamAuthenticationProvider.java        | 7 +++++++
 .../authorization/AmbariPamAuthenticationProviderTest.java    | 3 +++
 2 files changed, 10 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/7cc5e9e2/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
index b3fb861..4c0963d 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java
@@ -75,6 +75,13 @@ public class AmbariPamAuthenticationProvider implements AuthenticationProvider {
   public Authentication authenticate(Authentication authentication) throws AuthenticationException {
       if(isPamEnabled()){
         PAM pam;
+        String userName = String.valueOf(authentication.getPrincipal());
+        UserEntity existingUser = userDAO.findUserByName(userName);
+        if ((existingUser != null) && (existingUser.getUserType() != UserType.PAM)) {
+          String errorMsg = String.format("%s user exists with the username %s. Cannot authenticate via PAM", existingUser.getUserType(), userName);
+          LOG.error(errorMsg);
+          return null;
+        }
         try{
           //Set PAM configuration file (found under /etc/pam.d)
           String pamConfig = configuration.getPamConfigurationFile();

http://git-wip-us.apache.org/repos/asf/ambari/blob/7cc5e9e2/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
index b7272c5..b789470 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java
@@ -29,6 +29,7 @@ import org.apache.ambari.server.H2DatabaseCleaner;
 import org.apache.ambari.server.audit.AuditLoggerModule;
 import org.apache.ambari.server.configuration.Configuration;
 import org.apache.ambari.server.orm.GuiceJpaInitializer;
+import org.apache.ambari.server.orm.dao.UserDAO;
 import org.apache.ambari.server.orm.entities.PrincipalEntity;
 import org.apache.ambari.server.orm.entities.UserEntity;
 import org.apache.ambari.server.security.ClientSecurityType;
@@ -93,6 +94,7 @@ public class AmbariPamAuthenticationProviderTest {
     UnixUser unixUser = createNiceMock(UnixUser.class);
     UserEntity userEntity = combineUserEntity();
     User user = new User(userEntity);
+    UserDAO userDAO = createNiceMock(UserDAO.class);
     Collection<AmbariGrantedAuthority> userAuthorities = Collections.singletonList(createNiceMock(AmbariGrantedAuthority.class));
     expect(pam.authenticate(EasyMock.anyObject(String.class), EasyMock.anyObject(String.class))).andReturn(unixUser).atLeastOnce();
     expect(unixUser.getGroups()).andReturn(new HashSet<>(Arrays.asList("group"))).atLeastOnce();
@@ -100,6 +102,7 @@ public class AmbariPamAuthenticationProviderTest {
     EasyMock.replay(pam);
     Authentication authentication = new AmbariUserAuthentication("userPass", user, userAuthorities);
     Authentication result = authenticationProvider.authenticateViaPam(pam,authentication);
+    expect(userDAO.findUserByName("userName")).andReturn(null).once();
     Assert.assertNotNull(result);
     Assert.assertEquals(true, result.isAuthenticated());
     Assert.assertTrue(result instanceof AmbariUserAuthentication);