You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2018/11/14 13:52:35 UTC
ranger git commit: RANGER-2279: Reduce the time spent changing
passwords during Ranger Admin start
Repository: ranger
Updated Branches:
refs/heads/master 5285f6c74 -> 4b735de08
RANGER-2279: Reduce the time spent changing passwords during Ranger Admin start
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/4b735de0
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/4b735de0
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/4b735de0
Branch: refs/heads/master
Commit: 4b735de08f04ee6ece6b6f57fa4f4c8c17816b8a
Parents: 5285f6c
Author: Pradeep <pr...@apache.org>
Authored: Tue Nov 6 18:38:35 2018 +0530
Committer: Pradeep <pr...@apache.org>
Committed: Wed Nov 14 19:01:56 2018 +0530
----------------------------------------------------------------------
security-admin/scripts/db_setup.py | 534 ++++++++++++++++++-
security-admin/scripts/setup.sh | 91 ++--
.../patch/cliutil/ChangePasswordUtil.java | 191 +++++--
3 files changed, 718 insertions(+), 98 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/4b735de0/security-admin/scripts/db_setup.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py
index f84c8ca..73b24ac 100644
--- a/security-admin/scripts/db_setup.py
+++ b/security-admin/scripts/db_setup.py
@@ -703,6 +703,109 @@ class MysqlConf(BaseDB):
log("[E] Ranger "+ userName +" default password change request failed", "error")
sys.exit(1)
+ def change_all_admin_default_password(self, xa_db_host, db_user, db_password, db_name,userPwdArray):
+ userPwdString =""
+ if len(userPwdArray)>5:
+ for j in range(len(userPwdArray)):
+ if str(userPwdArray[j]) == "-pair":
+ userPwdString= userPwdString + " \"" + userPwdArray[j+1] + "\" \"" + userPwdArray[j+2] + "\" \"" + userPwdArray[j+3] +"\""
+
+ userName = "all admins"
+ className = "ChangePasswordUtil"
+ version = "DEFAULT_ALL_ADMIN_UPDATE"
+ app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
+ ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
+ filePath = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch","cliutil","ChangePasswordUtil.class")
+ if os.path.exists(filePath):
+ if version != "":
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+ if is_unix:
+ query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
+ jisql_log(query, db_password)
+ output = check_output(query)
+ if output.strip(version + " |"):
+ log("[I] Ranger "+ userName +" default password has already been changed!!","info")
+ else:
+ if is_unix:
+ query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\"" %(version)
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version)
+ jisql_log(query, db_password)
+ output = check_output(query)
+ if output.strip(version + " |"):
+ countTries = 0
+ while(output.strip(version + " |")):
+ if countTries < 3:
+ log("[I] Ranger Password change utility is being executed by some other process" ,"info")
+ time.sleep(retryPatchAfterSeconds)
+ jisql_log(query, db_password)
+ output = check_output(query)
+ countTries += 1
+ else:
+ log("[E] Tried updating the password "+ str(countTries) + " times","error")
+ log("[E] If Ranger "+ userName +" user password is not being changed by some other process then manually delete the entry from ranger database table x_db_version_h table where version is " + version ,"error")
+ sys.exit(1)
+ else:
+ if is_unix:
+ query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', now(), '%s', now(), '%s','N') ;\"" %(version,ranger_version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', now(), '%s', now(), '%s','N') ;\" -c ;" %(version,ranger_version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(query)
+ if ret == 0:
+ log ("[I] Ranger "+ userName +" default password change request is in process..","info")
+ else:
+ log("[E] Ranger "+ userName +" default password change request failed", "error")
+ sys.exit(1)
+ if is_unix:
+ path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
+ elif os_name == "WINDOWS":
+ path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
+ get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s -default"%(self.JAVA_BIN,ranger_log,path,className, userPwdString)
+ if is_unix:
+ status = subprocess.call(shlex.split(get_java_cmd))
+ elif os_name == "WINDOWS":
+ status = subprocess.call(get_java_cmd)
+ if status == 0 or status==2:
+ if is_unix:
+ query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(query)
+ if ret == 0 and status == 0:
+ log ("[I] Ranger "+ userName +" default password change request processed successfully..","info")
+ elif ret == 0 and status == 2:
+ log ("[I] Ranger "+ userName +" default password change request process skipped!","info")
+ else:
+ if is_unix:
+ query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(query)
+ log("[E] Ranger "+ userName +" default password change request failed", "error")
+ sys.exit(1)
+ else:
+ if is_unix:
+ query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(query)
+ log("[E] Ranger "+ userName +" default password change request failed", "error")
+ sys.exit(1)
+
def create_version_history_table(self, db_name, db_user, db_password, file_name,table_name):
name = basename(file_name)
if os.path.isfile(file_name):
@@ -1445,6 +1548,109 @@ class OracleConf(BaseDB):
log("[E] Ranger "+ userName +" default password change request failed", "error")
sys.exit(1)
+ def change_all_admin_default_password(self, xa_db_host, db_user, db_password, db_name,userPwdArray):
+ userPwdString =""
+ if len(userPwdArray)>5:
+ for j in range(len(userPwdArray)):
+ if str(userPwdArray[j]) == "-pair":
+ userPwdString= userPwdString + " \"" + userPwdArray[j+1] + "\" \"" + userPwdArray[j+2] + "\" \"" + userPwdArray[j+3] +"\""
+
+ userName = "all admins"
+ className = "ChangePasswordUtil"
+ version = "DEFAULT_ALL_ADMIN_UPDATE"
+ app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
+ ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
+ filePath = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch","cliutil","ChangePasswordUtil.class")
+ if os.path.exists(filePath):
+ if version != "":
+ get_cmd = self.get_jisql_cmd(db_user, db_password)
+ if is_unix:
+ query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
+ jisql_log(query, db_password)
+ output = check_output(query)
+ if output.strip(version + " |"):
+ log("[I] Ranger "+ userName +" default password has already been changed!!","info")
+ else:
+ if is_unix:
+ query = get_cmd + " -c \; -query \"select version from x_db_version_h where version = '%s' and active = 'N';\"" %(version)
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version)
+ jisql_log(query, db_password)
+ output = check_output(query)
+ if output.strip(version + " |"):
+ countTries = 0
+ while(output.strip(version + " |")):
+ if countTries < 3:
+ log("[I] Ranger Password change utility is being executed by some other process" ,"info")
+ time.sleep(retryPatchAfterSeconds)
+ jisql_log(query, db_password)
+ output = check_output(query)
+ countTries += 1
+ else:
+ log("[E] Tried updating the password "+ str(countTries) + " times","error")
+ log("[E] If Ranger "+ userName +" user password is not being changed by some other process then manually delete the entry from ranger database table x_db_version_h table where version is " + version ,"error")
+ sys.exit(1)
+ else:
+ if is_unix:
+ query = get_cmd + " -c \; -query \"insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by,active) values ( X_DB_VERSION_H_SEQ.nextval,'%s', sysdate, '%s', sysdate, '%s','N');\"" %(version, ranger_version, client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by,active) values ( X_DB_VERSION_H_SEQ.nextval,'%s', sysdate, '%s', sysdate, '%s','N');\" -c ;" %(version, ranger_version, client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(query)
+ if ret == 0:
+ log ("[I] Ranger "+ userName +" default password change request is in process..","info")
+ else:
+ log("[E] Ranger "+ userName +" default password change request failed", "error")
+ sys.exit(1)
+ if is_unix:
+ path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
+ elif os_name == "WINDOWS":
+ path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
+ get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s -default"%(self.JAVA_BIN,globalDict['ranger_admin_max_heap_size'],ranger_log,path,className,userPwdString)
+ if is_unix:
+ status = subprocess.call(shlex.split(get_java_cmd))
+ elif os_name == "WINDOWS":
+ status = subprocess.call(get_java_cmd)
+ if status == 0 or status==2:
+ if is_unix:
+ query = get_cmd + " -c \; -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(query)
+ if ret == 0 and status == 0:
+ log ("[I] Ranger "+ userName +" default password change request processed successfully..","info")
+ elif ret == 0 and status == 2:
+ log ("[I] Ranger "+ userName +" default password change request process skipped!","info")
+ else:
+ if is_unix:
+ query = get_cmd + " -c \; -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(query)
+ log("[E] Ranger "+ userName +" default password change request failed", "error")
+ sys.exit(1)
+ else:
+ if is_unix:
+ query = get_cmd + " -c \; -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(query)
+ log("[E] Ranger "+ userName +" default password change request failed", "error")
+ sys.exit(1)
+
def create_version_history_table(self, db_name, db_user, db_password, file_name,table_name):
name = basename(file_name)
if os.path.isfile(file_name):
@@ -2162,6 +2368,109 @@ class PostgresConf(BaseDB):
log("[E] Ranger "+ userName +" default password change request failed", "error")
sys.exit(1)
+ def change_all_admin_default_password(self, xa_db_host, db_user, db_password, db_name,userPwdArray):
+ userPwdString =""
+ if len(userPwdArray)>5:
+ for j in range(len(userPwdArray)):
+ if str(userPwdArray[j]) == "-pair":
+ userPwdString= userPwdString + " \"" + userPwdArray[j+1] + "\" \"" + userPwdArray[j+2] + "\" \"" + userPwdArray[j+3] +"\""
+
+ userName = "all admins"
+ className = "ChangePasswordUtil"
+ version = "DEFAULT_ALL_ADMIN_UPDATE"
+ app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
+ ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
+ filePath = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch","cliutil","ChangePasswordUtil.class")
+ if os.path.exists(filePath):
+ if version != "":
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+ if is_unix:
+ query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version)
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
+ jisql_log(query, db_password)
+ output = check_output(query)
+ if output.strip(version + " |"):
+ log("[I] Ranger "+ userName +" default password has already been changed!!","info")
+ else:
+ if is_unix:
+ query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\"" %(version)
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version)
+ jisql_log(query, db_password)
+ output = check_output(query)
+ if output.strip(version + " |"):
+ countTries = 0
+ while(output.strip(version + " |")):
+ if countTries < 3:
+ log("[I] Ranger Password change utility is being executed by some other process" ,"info")
+ time.sleep(retryPatchAfterSeconds)
+ jisql_log(query, db_password)
+ output = check_output(query)
+ countTries += 1
+ else:
+ log("[E] Tried updating the password "+ str(countTries) + " times","error")
+ log("[E] If Ranger "+ userName +" user password is not being changed by some other process then manually delete the entry from ranger database table x_db_version_h table where version is " + version ,"error")
+ sys.exit(1)
+ else:
+ if is_unix:
+ query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', current_timestamp, '%s', current_timestamp, '%s','N') ;\"" %(version,ranger_version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', current_timestamp, '%s', current_timestamp, '%s','N') ;\" -c ;" %(version,ranger_version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(query)
+ if ret == 0:
+ log ("[I] Ranger "+ userName +" default password change request is in process..","info")
+ else:
+ log("[E] Ranger "+ userName +" default password change request failed", "error")
+ sys.exit(1)
+ if is_unix:
+ path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
+ elif os_name == "WINDOWS":
+ path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
+ get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s -default"%(self.JAVA_BIN,globalDict['ranger_admin_max_heap_size'],ranger_log,path,className,userPwdString)
+ if is_unix:
+ status = subprocess.call(shlex.split(get_java_cmd))
+ elif os_name == "WINDOWS":
+ status = subprocess.call(get_java_cmd)
+ if status == 0 or status==2:
+ if is_unix:
+ query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(query)
+ if ret == 0 and status == 0:
+ log ("[I] Ranger "+ userName +" default password change request processed successfully..","info")
+ elif ret == 0 and status == 2:
+ log ("[I] Ranger "+ userName +" default password change request process skipped!","info")
+ else:
+ if is_unix:
+ query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(query)
+ log("[E] Ranger "+ userName +" default password change request failed", "error")
+ sys.exit(1)
+ else:
+ if is_unix:
+ query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\"" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(query)
+ log("[E] Ranger "+ userName +" default password change request failed", "error")
+ sys.exit(1)
+
def create_version_history_table(self, db_name, db_user, db_password, file_name,table_name):
name = basename(file_name)
if os.path.isfile(file_name):
@@ -2821,6 +3130,109 @@ class SqlServerConf(BaseDB):
log("[E] Ranger "+ userName +" default password change request failed", "error")
sys.exit(1)
+ def change_all_admin_default_password(self, xa_db_host, db_user, db_password, db_name,userPwdArray):
+ userPwdString =""
+ if len(userPwdArray)>5:
+ for j in range(len(userPwdArray)):
+ if str(userPwdArray[j]) == "-pair":
+ userPwdString= userPwdString + " \"" + userPwdArray[j+1] + "\" \"" + userPwdArray[j+2] + "\" \"" + userPwdArray[j+3] +"\""
+
+ userName = "all admins"
+ className = "ChangePasswordUtil"
+ version = "DEFAULT_ALL_ADMIN_UPDATE"
+ app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
+ ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
+ filePath = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch","cliutil","ChangePasswordUtil.class")
+ if os.path.exists(filePath):
+ if version != "":
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+ if is_unix:
+ query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c \;" %(version)
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
+ jisql_log(query, db_password)
+ output = check_output(query)
+ if output.strip(version + " |"):
+ log("[I] Ranger "+ userName +" default password has already been changed!!","info")
+ else:
+ if is_unix:
+ query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c \;" %(version)
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version)
+ jisql_log(query, db_password)
+ output = check_output(query)
+ if output.strip(version + " |"):
+ countTries = 0
+ while(output.strip(version + " |")):
+ if countTries < 3:
+ log("[I] Ranger Password change utility is being executed by some other process" ,"info")
+ time.sleep(retryPatchAfterSeconds)
+ jisql_log(query, db_password)
+ output = check_output(query)
+ countTries += 1
+ else:
+ log("[E] Tried updating the password "+ str(countTries) + " times","error")
+ log("[E] If Ranger "+ userName +" user password is not being changed by some other process then manually delete the entry from ranger database table x_db_version_h table where version is " + version ,"error")
+ sys.exit(1)
+ else:
+ if is_unix:
+ query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c \;" %(version,ranger_version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c ;" %(version,ranger_version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(query)
+ if ret == 0:
+ log ("[I] Ranger "+ userName +" default password change request is in process..","info")
+ else:
+ log("[E] Ranger "+ userName +" default password change request failed", "error")
+ sys.exit(1)
+ if is_unix:
+ path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
+ elif os_name == "WINDOWS":
+ path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
+ get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s -default"%(self.JAVA_BIN,globalDict['ranger_admin_max_heap_size'],ranger_log,path,className,userPwdString)
+ if is_unix:
+ status = subprocess.call(shlex.split(get_java_cmd))
+ elif os_name == "WINDOWS":
+ status = subprocess.call(get_java_cmd)
+ if status == 0 or status==2:
+ if is_unix:
+ query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(query)
+ if ret == 0 and status == 0:
+ log ("[I] Ranger "+ userName +" default password change request processed successfully..","info")
+ elif ret == 0 and status == 2:
+ log ("[I] Ranger "+ userName +" default password change request process skipped!","info")
+ else:
+ if is_unix:
+ query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(query)
+ log("[E] Ranger "+ userName +" default password change request failed", "error")
+ sys.exit(1)
+ else:
+ if is_unix:
+ query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(query)
+ log("[E] Ranger "+ userName +" default password change request failed", "error")
+ sys.exit(1)
+
def create_version_history_table(self, db_name, db_user, db_password, file_name,table_name):
name = basename(file_name)
if os.path.isfile(file_name):
@@ -3493,6 +3905,110 @@ class SqlAnywhereConf(BaseDB):
log("[E] Ranger "+ userName +" default password change request failed", "error")
sys.exit(1)
+ def change_all_admin_default_password(self, xa_db_host, db_user, db_password, db_name,userPwdArray):
+ userPwdString =""
+ if len(userPwdArray)>5:
+ for j in range(len(userPwdArray)):
+ if str(userPwdArray[j]) == "-pair":
+ userPwdString= userPwdString + " \"" + userPwdArray[j+1] + "\" \"" + userPwdArray[j+2] + "\" \"" + userPwdArray[j+3] +"\""
+
+ userName = "all admins"
+ className = "ChangePasswordUtil"
+ version = "DEFAULT_ALL_ADMIN_UPDATE"
+ app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
+ ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
+ filePath = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch","cliutil","ChangePasswordUtil.class")
+ if os.path.exists(filePath):
+ if version != "":
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+ if is_unix:
+ query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c \;" %(version)
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version)
+ jisql_log(query, db_password)
+ output = check_output(query)
+ if output.strip(version + " |"):
+ log("[I] Ranger "+ userName +" default password has already been changed!!","info")
+ else:
+ if is_unix:
+ query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c \;" %(version)
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'N';\" -c ;" %(version)
+ jisql_log(query, db_password)
+ output = check_output(query)
+ if output.strip(version + " |"):
+ countTries = 0
+ while(output.strip(version + " |")):
+ if countTries < 3:
+ log("[I] Ranger Password change utility is being executed by some other process" ,"info")
+ time.sleep(retryPatchAfterSeconds)
+ jisql_log(query, db_password)
+ output = check_output(query)
+ countTries += 1
+ else:
+ log("[E] Tried updating the password "+ str(countTries) + " times","error")
+ log("[E] If Ranger "+ userName +" user password is not being changed by some other process then manually delete the entry from ranger database table x_db_version_h table where version is " + version ,"error")
+ sys.exit(1)
+ else:
+ if is_unix:
+ query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c \;" %(version,ranger_version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by,active) values ('%s', GETDATE(), '%s', GETDATE(), '%s','N') ;\" -c ;" %(version,ranger_version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(query)
+ if ret == 0:
+ log ("[I] Ranger "+ userName +" default password change request is in process..","info")
+ else:
+ log("[E] Ranger "+ userName +" default password change request failed", "error")
+ sys.exit(1)
+ if is_unix:
+ path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
+ elif os_name == "WINDOWS":
+ path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR)
+ get_java_cmd = "%s -XX:MetaspaceSize=100m -XX:MaxMetaspaceSize=200m -Xmx%s -Xms1g -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s -default"%(self.JAVA_BIN,globalDict['ranger_admin_max_heap_size'],ranger_log,path,className,userPwdString)
+ if is_unix:
+ status = subprocess.call(shlex.split(get_java_cmd))
+ elif os_name == "WINDOWS":
+ status = subprocess.call(get_java_cmd)
+ if status == 0 or status==2:
+ if is_unix:
+ query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"update x_db_version_h set active='Y' where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(query)
+ if ret == 0 and status == 0:
+ log ("[I] Ranger "+ userName +" default password change request processed successfully..","info")
+ elif ret == 0 and status == 2:
+ log ("[I] Ranger "+ userName +" default password change request process skipped!","info")
+ else:
+ if is_unix:
+ query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(query)
+ log("[E] Ranger "+ userName +" default password change request failed", "error")
+ sys.exit(1)
+ else:
+ if is_unix:
+ query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c \;" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"delete from x_db_version_h where version='%s' and active='N' and updated_by='%s';\" -c ;" %(version,client_host)
+ jisql_log(query, db_password)
+ ret = subprocess.call(query)
+ log("[E] Ranger "+ userName +" default password change request failed", "error")
+ sys.exit(1)
+
+
def create_version_history_table(self, db_name, db_user, db_password, file_name,table_name):
name = basename(file_name)
if os.path.isfile(file_name):
@@ -3955,7 +4471,23 @@ def main(argv):
xa_sqlObj.is_new_install(xa_db_host, db_user, db_password, db_name)
if str(argv[i]) == "-changepassword":
- if len(argv)==5:
+ if len(argv)>5:
+ isValidPassWord = False
+ for j in range(len(argv)):
+ if str(argv[j]) == "-pair":
+ userName=argv[j+1]
+ oldPassword=argv[j+2]
+ newPassword=argv[j+3]
+ if oldPassword==newPassword:
+ log("[E] Old Password and New Password argument are same. Exiting!!", "error")
+ sys.exit(1)
+ if userName != "" and oldPassword != "" and newPassword != "":
+ password_validation(newPassword)
+ isValidPassWord=True
+ if isValidPassWord == True:
+ xa_sqlObj.change_all_admin_default_password(xa_db_host, db_user, db_password, db_name,argv)
+
+ elif len(argv)==5:
userName=argv[2]
oldPassword=argv[3]
newPassword=argv[4]
http://git-wip-us.apache.org/repos/asf/ranger/blob/4b735de0/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index 0b10e0f..bd4bd4c 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -1384,7 +1384,7 @@ setup_install_files(){
fi
}
python_command_for_change_password(){
- $PYTHON_COMMAND_INVOKER db_setup.py -changepassword "${1}" "${2}" "${3}"
+ $PYTHON_COMMAND_INVOKER db_setup.py -changepassword -pair "${1}" "${2}" "${3}" -pair "${4}" "${5}" "${6}" -pair "${7}" "${8}" "${9}" -pair "${10}" "${11}" "${12}"
}
validateDefaultUsersPassword(){
if [ "${2}" == "" ]
@@ -1399,38 +1399,47 @@ validateDefaultUsersPassword(){
}
change_default_users_password(){
- if [ "${rangerAdmin_password}" != "admin" ]
- then
- python_command_for_change_password 'admin' 'admin' "${rangerAdmin_password}"
- if [ "$?" != "0" ]
- then
- exit 1
- fi
- fi
- if [ "${rangerTagsync_password}" != "rangertagsync" ]
- then
- python_command_for_change_password 'rangertagsync' 'rangertagsync' "${rangerTagsync_password}"
- if [ "$?" != "0" ]
- then
- exit 1
- fi
- fi
- if [ "${rangerUsersync_password}" != "rangerusersync" ]
- then
- python_command_for_change_password 'rangerusersync' 'rangerusersync' "${rangerUsersync_password}"
- if [ "$?" != "0" ]
- then
- exit 1
- fi
- fi
- if [ "${keyadmin_password}" != "keyadmin" ]
- then
- python_command_for_change_password 'keyadmin' 'keyadmin' "${keyadmin_password}"
- if [ "$?" != "0" ]
- then
- exit 1
- fi
- fi
+ if [ "${rangerAdmin_password}" != "admin" ] && [ "${rangerTagsync_password}" != "rangertagsync" ] && [ "${rangerUsersync_password}" != "rangerusersync" ] && [ "${keyadmin_password}" != "keyadmin" ]
+ then
+ python_command_for_change_password 'admin' 'admin' "${rangerAdmin_password}" 'rangertagsync' 'rangertagsync' "${rangerTagsync_password}" 'rangerusersync' 'rangerusersync' "${rangerUsersync_password}" 'keyadmin' 'keyadmin' "${keyadmin_password}"
+ if [ "$?" != "0" ]
+ then
+ exit 1
+ fi
+ else
+ if [ "${rangerAdmin_password}" != "admin" ]
+ then
+ python_command_for_change_password 'admin' 'admin' "${rangerAdmin_password}"
+ if [ "$?" != "0" ]
+ then
+ exit 1
+ fi
+ fi
+ if [ "${rangerTagsync_password}" != "rangertagsync" ]
+ then
+ python_command_for_change_password 'rangertagsync' 'rangertagsync' "${rangerTagsync_password}"
+ if [ "$?" != "0" ]
+ then
+ exit 1
+ fi
+ fi
+ if [ "${rangerUsersync_password}" != "rangerusersync" ]
+ then
+ python_command_for_change_password 'rangerusersync' 'rangerusersync' "${rangerUsersync_password}"
+ if [ "$?" != "0" ]
+ then
+ exit 1
+ fi
+ fi
+ if [ "${keyadmin_password}" != "keyadmin" ]
+ then
+ python_command_for_change_password 'keyadmin' 'keyadmin' "${keyadmin_password}"
+ if [ "$?" != "0" ]
+ then
+ exit 1
+ fi
+ fi
+ fi
}
log " --------- Running Ranger PolicyManager Web Application Install Script --------- "
log "[I] uname=`uname`"
@@ -1447,10 +1456,10 @@ check_python_command
check_ranger_version
if [ "$?" != "0" ]
then
- validateDefaultUsersPassword 'admin' "${rangerAdmin_password}"
- validateDefaultUsersPassword 'rangertagsync' "${rangerTagsync_password}"
- validateDefaultUsersPassword 'rangerusersync' "${rangerUsersync_password}"
- validateDefaultUsersPassword 'keyadmin' "${keyadmin_password}"
+ validateDefaultUsersPassword 'admin' "${rangerAdmin_password}"
+ validateDefaultUsersPassword 'rangertagsync' "${rangerTagsync_password}"
+ validateDefaultUsersPassword 'rangerusersync' "${rangerUsersync_password}"
+ validateDefaultUsersPassword 'keyadmin' "${keyadmin_password}"
fi
run_dba_steps
if [ "$?" == "0" ]
@@ -1474,10 +1483,10 @@ then
if [ "$?" == "0" ]
then
$PYTHON_COMMAND_INVOKER db_setup.py -javapatch
- if [ "$?" == "0" ]
- then
- change_default_users_password
- fi
+ if [ "$?" == "0" ]
+ then
+ change_default_users_password
+ fi
else
exit 1
fi
http://git-wip-us.apache.org/repos/asf/ranger/blob/4b735de0/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
index 9d3ce59..3037053 100644
--- a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java
@@ -7,7 +7,7 @@
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
+ http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
@@ -39,41 +39,51 @@ public class ChangePasswordUtil extends BaseLoader {
@Autowired
UserMgr userMgr;
-
- @Autowired
- RESTErrorUtil restErrorUtil;
+
+ @Autowired
+ RESTErrorUtil restErrorUtil;
public static String userLoginId;
public static String currentPassword;
public static String newPassword;
- public static boolean defaultPwdChangeRequest=false;
+ public static boolean defaultPwdChangeRequest = false;
+ public static String[] userPwdArgs;
public static void main(String[] args) {
logger.info("main()");
try {
ChangePasswordUtil loader = (ChangePasswordUtil) CLIUtil.getBean(ChangePasswordUtil.class);
loader.init();
- if (args.length == 3 || args.length == 4) {
-
+ userPwdArgs=args;
+ if (args.length > 4) {
+ if ("-default".equalsIgnoreCase(args[args.length-1])) {
+ defaultPwdChangeRequest = true;
+ }
+ while (loader.isMoreToProcess()) {
+ loader.load();
+ }
+ logger.info("Load complete. Exiting!!!");
+ System.exit(0);
+ } else if (args.length == 3 || args.length == 4) {
userLoginId = args[0];
currentPassword = args[1];
newPassword = args[2];
- if (args.length == 4) {
- if("-default".equalsIgnoreCase(args[3])){
- defaultPwdChangeRequest=true;
- }
- }
- if(StringUtils.isEmpty(userLoginId)){
+ if (args.length == 4) {
+ if ("-default".equalsIgnoreCase(args[3])) {
+ defaultPwdChangeRequest = true;
+ }
+ }
+ if (StringUtils.isEmpty(userLoginId)) {
System.out.println("Invalid login ID. Exiting!!!");
logger.info("Invalid login ID. Exiting!!!");
System.exit(1);
}
- if(StringUtils.isEmpty(currentPassword)){
+ if (StringUtils.isEmpty(currentPassword)) {
System.out.println("Invalid current password. Exiting!!!");
logger.info("Invalid current password. Exiting!!!");
System.exit(1);
}
- if(StringUtils.isEmpty(newPassword)){
+ if (StringUtils.isEmpty(newPassword)) {
System.out.println("Invalid new password. Exiting!!!");
logger.info("Invalid new password. Exiting!!!");
System.exit(1);
@@ -83,13 +93,14 @@ public class ChangePasswordUtil extends BaseLoader {
}
logger.info("Load complete. Exiting!!!");
System.exit(0);
- }else{
- System.out.println("ChangePasswordUtil: Incorrect Arguments \n Usage: \n <loginId> <current-password> <new-password>");
- logger.error("ChangePasswordUtil: Incorrect Arguments \n Usage: \n <loginId> <current-password> <new-password>");
+ } else {
+ System.out.println(
+ "ChangePasswordUtil: Incorrect Arguments \n Usage: \n <loginId> <current-password> <new-password>");
+ logger.error(
+ "ChangePasswordUtil: Incorrect Arguments \n Usage: \n <loginId> <current-password> <new-password>");
System.exit(1);
}
- }
- catch (Exception e) {
+ } catch (Exception e) {
logger.error("Error loading", e);
System.exit(1);
}
@@ -106,29 +117,32 @@ public class ChangePasswordUtil extends BaseLoader {
@Override
public void execLoad() {
logger.info("==> ChangePasswordUtil.execLoad()");
- updateAdminPassword();
+ if(userPwdArgs.length>4) {
+ updateMultiplePasswords();
+ }else {
+ updateAdminPassword();
+ }
logger.info("<== ChangePasswordUtil.execLoad()");
}
public void updateAdminPassword() {
- XXPortalUser xPortalUser=daoMgr.getXXPortalUser().findByLoginId(userLoginId);
- if (xPortalUser!=null){
- String dbPassword=xPortalUser.getPassword();
- String currentEncryptedPassword=null;
-
+ XXPortalUser xPortalUser = daoMgr.getXXPortalUser().findByLoginId(userLoginId);
+ if (xPortalUser != null) {
+ String dbPassword = xPortalUser.getPassword();
+ String currentEncryptedPassword = null;
try {
-
- currentEncryptedPassword=userMgr.encrypt(userLoginId, currentPassword);
- if (currentEncryptedPassword.equals(dbPassword)){
- validatePassword(newPassword);
- userMgr.updatePasswordInSHA256(userLoginId,newPassword,true);
- logger.info("User '"+userLoginId+"' Password updated sucessfully.");
- }else if (!currentEncryptedPassword.equals(dbPassword) && defaultPwdChangeRequest){
- System.out.println("Skipping default password change request as provided password doesn't match with existing password.");
- logger.error("Skipping default password change request as provided password doesn't match with existing password.");
- System.exit(2);
- }
- else{
+ currentEncryptedPassword = userMgr.encrypt(userLoginId, currentPassword);
+ if (currentEncryptedPassword.equals(dbPassword)) {
+ validatePassword(newPassword);
+ userMgr.updatePasswordInSHA256(userLoginId, newPassword, true);
+ logger.info("User '" + userLoginId + "' Password updated sucessfully.");
+ } else if (!currentEncryptedPassword.equals(dbPassword) && defaultPwdChangeRequest) {
+ System.out.println(
+ "Skipping default password change request as provided password doesn't match with existing password.");
+ logger.error(
+ "Skipping default password change request as provided password doesn't match with existing password.");
+ System.exit(2);
+ } else {
System.out.println("Invalid user password");
logger.error("Invalid user password");
System.exit(1);
@@ -137,28 +151,93 @@ public class ChangePasswordUtil extends BaseLoader {
logger.error("Update Admin Password failure. Detail: \n", e);
System.exit(1);
}
- }
- else{
+ } else {
System.out.println("User does not exist in DB!!");
logger.error("User does not exist in DB");
System.exit(1);
}
}
- private void validatePassword(String newPassword) {
- boolean checkPassword = false;
- if (newPassword != null ) {
- String pattern = "(?=.*[0-9])(?=.*[a-zA-Z]).{8,}";
- checkPassword = newPassword.trim().matches(pattern);
- if (!checkPassword) {
- logger.error("validatePassword(). Password should be minimum 8 characters with minimum one alphabet and one numeric.");
- System.out.println("validatePassword(). Password should be minimum 8 characters with minimum one alphabet and one numeric.");
- throw restErrorUtil.createRESTException("serverMsg.changePasswordValidatePassword", MessageEnums.INVALID_PASSWORD, null, "Password should be minimum 8 characters with minimum one alphabet and one numeric", null);
- }
- } else {
- logger.error("validatePassword(). Password cannot be blank/null.");
- System.out.println("validatePassword(). Password cannot be blank/null.");
- throw restErrorUtil.createRESTException("serverMsg.changePasswordValidatePassword", MessageEnums.INVALID_PASSWORD, null, "Password cannot be blank/null", null);
- }
- }
+
+ public void updateMultiplePasswords() {
+ for (int i=0; i<userPwdArgs.length ; i+=3) {
+ if ("-default".equalsIgnoreCase(userPwdArgs[i])) {
+ continue;
+ }
+ String userLoginIdTemp=userPwdArgs[i];
+ String currentPasswordTemp=userPwdArgs[i+1];
+ String newPasswordTemp=userPwdArgs[i+2];
+ if (StringUtils.isEmpty(userLoginIdTemp)) {
+ System.out.println("Invalid login ID. Exiting!!!");
+ logger.info("Invalid login ID. Exiting!!!");
+ System.exit(1);
+ }
+ if (StringUtils.isEmpty(currentPasswordTemp)) {
+ System.out.println("Invalid current password. Exiting!!!");
+ logger.info("Invalid current password. Exiting!!!");
+ System.exit(1);
+ }
+ if (StringUtils.isEmpty(newPasswordTemp)) {
+ System.out.println("Invalid new password. Exiting!!!");
+ logger.info("Invalid new password. Exiting!!!");
+ System.exit(1);
+ }
+ XXPortalUser xPortalUser = daoMgr.getXXPortalUser().findByLoginId(userLoginIdTemp);
+ if (xPortalUser != null) {
+ String dbPassword = xPortalUser.getPassword();
+ String currentEncryptedPassword = null;
+ try {
+ currentEncryptedPassword = userMgr.encrypt(userLoginIdTemp, currentPasswordTemp);
+ if (currentEncryptedPassword.equals(dbPassword)) {
+ validatePassword(newPasswordTemp);
+ logger.info("User:" + userLoginIdTemp + "|Password:"+newPasswordTemp);
+ userMgr.updatePasswordInSHA256(userLoginIdTemp, newPasswordTemp, true);
+ logger.info("User '" + userLoginIdTemp + "' Password updated sucessfully.");
+ } else if (!currentEncryptedPassword.equals(dbPassword) && defaultPwdChangeRequest) {
+ System.out.println(
+ "Skipping default password change request as provided password doesn't match with existing password.");
+ logger.error(
+ "Skipping default password change request as provided password doesn't match with existing password.");
+ System.exit(2);
+ } else {
+ System.out.println("Invalid user password");
+ logger.error("Invalid user password");
+ System.exit(1);
+ break;
+ }
+ } catch (Exception e) {
+ logger.error("Update Admin Password failure. Detail: \n", e);
+ System.exit(1);
+ break;
+ }
+ } else {
+ System.out.println("User does not exist in DB!!");
+ logger.error("User does not exist in DB");
+ System.exit(1);
+ break;
+ }
+ }
+ }
+
+ private void validatePassword(String newPassword) {
+ boolean checkPassword = false;
+ if (newPassword != null) {
+ String pattern = "(?=.*[0-9])(?=.*[a-zA-Z]).{8,}";
+ checkPassword = newPassword.trim().matches(pattern);
+ if (!checkPassword) {
+ logger.error(
+ "validatePassword(). Password should be minimum 8 characters with minimum one alphabet and one numeric.");
+ System.out.println(
+ "validatePassword(). Password should be minimum 8 characters with minimum one alphabet and one numeric.");
+ throw restErrorUtil.createRESTException("serverMsg.changePasswordValidatePassword",
+ MessageEnums.INVALID_PASSWORD, null,
+ "Password should be minimum 8 characters with minimum one alphabet and one numeric", null);
+ }
+ } else {
+ logger.error("validatePassword(). Password cannot be blank/null.");
+ System.out.println("validatePassword(). Password cannot be blank/null.");
+ throw restErrorUtil.createRESTException("serverMsg.changePasswordValidatePassword",
+ MessageEnums.INVALID_PASSWORD, null, "Password cannot be blank/null", null);
+ }
+ }
}