You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/11/11 21:58:46 UTC
[02/10] incubator-ranger git commit: RANGER-714: Enhancements to the
db admin setup scripts
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index 11b72b4..36696a0 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -22,7 +22,6 @@
PROPFILE=$PWD/install.properties
propertyValue=''
-#. $PROPFILE
if [ ! $? = "0" ];then
log "$PROPFILE file not found....!!";
exit 1;
@@ -42,12 +41,16 @@ get_prop(){
validateProperty=$(sed '/^\#/d' $2 | grep "^$1\s*=" | tail -n 1) # for validation
if test -z "$validateProperty" ; then log "[E] '$1' not found in $2 file while getting....!!"; exit 1; fi
value=$(echo $validateProperty | cut -d "=" -f2-)
- echo $value
+ if [[ $1 == *password* ]]
+ then
+ echo $value
+ else
+ echo $value | tr -d \'\"
+ fi
}
PYTHON_COMMAND_INVOKER=$(get_prop 'PYTHON_COMMAND_INVOKER' $PROPFILE)
DB_FLAVOR=$(get_prop 'DB_FLAVOR' $PROPFILE)
-SQL_COMMAND_INVOKER=$(get_prop 'SQL_COMMAND_INVOKER' $PROPFILE)
SQL_CONNECTOR_JAR=$(get_prop 'SQL_CONNECTOR_JAR' $PROPFILE)
db_root_user=$(get_prop 'db_root_user' $PROPFILE)
db_root_password=$(get_prop 'db_root_password' $PROPFILE)
@@ -169,18 +172,6 @@ getPropertyFromFile(){
#Update Properties to File
#$1 -> propertyName $2 -> newPropertyValue $3 -> fileName
-updatePropertyToFile(){
- sed -i 's@^'$1'=[^ ]*$@'$1'='$2'@g' $3
- #validate=`sed -i 's/^'$1'=[^ ]*$/'$1'='$2'/g' $3` #for validation
- validate=$(sed '/^\#/d' $3 | grep "^$1" | tail -n 1 | cut -d "=" -f2-) # for validation
- #echo 'V1:'$validate
- if test -z "$validate" ; then log "[E] '$1' not found in $3 file while Updating....!!"; exit 1; fi
- log "[I] File $3 Updated successfully : {'$1'}"
-}
-
-
-#Update Properties to File
-#$1 -> propertyName $2 -> newPropertyValue $3 -> fileName
updatePropertyToFilePy(){
python update_property.py $1 $2 $3
check_ret_status $? "Update property failed for: " $1
@@ -195,78 +186,18 @@ init_logfiles () {
init_variables(){
curDt=`date '+%Y%m%d%H%M%S'`
-
VERSION=`cat ${PWD}/version`
-
XAPOLICYMGR_DIR=$PWD
-
RANGER_ADMIN_INITD=ranger-admin-initd
-
RANGER_ADMIN=ranger-admin
-
INSTALL_DIR=${XAPOLICYMGR_DIR}
-
WEBAPP_ROOT=${INSTALL_DIR}/ews/webapp
-
DB_FLAVOR=`echo $DB_FLAVOR | tr '[:lower:]' '[:upper:]'`
if [ "${DB_FLAVOR}" == "" ]
then
DB_FLAVOR="MYSQL"
fi
log "[I] DB_FLAVOR=${DB_FLAVOR}"
-
- #getPropertyFromFile 'db_root_user' $PROPFILE db_root_user
- #getPropertyFromFile 'db_root_password' $PROPFILE db_user
- #getPropertyFromFile 'db_user' $PROPFILE db_user
- #getPropertyFromFile 'db_password' $PROPFILE db_password
- #if [ "${audit_store}" == "solr" ]
- #then
- # getPropertyFromFile 'audit_solr_urls' $PROPFILE audit_solr_urls
- # getPropertyFromFile 'audit_solr_user' $PROPFILE audit_solr_user
- # getPropertyFromFile 'audit_solr_password' $PROPFILE audit_solr_password
- # getPropertyFromFile 'audit_solr_zookeepers' $PROPFILE audit_solr_zookeepers
- #else
- # getPropertyFromFile 'audit_db_user' $PROPFILE audit_db_user
- # getPropertyFromFile 'audit_db_password' $PROPFILE audit_db_password
- #fi
-}
-
-wait_for_tomcat_shutdown() {
- i=1
- touch $TMPFILE
- while [ $i -le 20 ]
- do
- ps -ef | grep catalina.startup.Bootstrap | grep -v grep > $TMPFILE
- if [ $? -eq 1 ]; then
- log "[I] Tomcat stopped"
- i=21
- else
- log "[I] stopping Tomcat.."
- i=`expr $i + 1`
- sleep 1
- fi
- done
-}
-
-check_db_version() {
- if [ "${DB_FLAVOR}" == "MYSQL" ]
- then
- if is_command ${SQL_COMMAND_INVOKER} ; then
- log "[I] '${SQL_COMMAND_INVOKER}' command found"
- else
- log "[E] '${SQL_COMMAND_INVOKER}' command not found"
- exit 1;
- fi
- fi
- if [ "${DB_FLAVOR}" == "ORACLE" ]
- then
- if is_command ${SQL_COMMAND_INVOKER} ; then
- log "[I] '${SQL_COMMAND_INVOKER}' command found"
- else
- log "[E] '${SQL_COMMAND_INVOKER}' command not found"
- exit 1;
- fi
- fi
}
check_python_command() {
@@ -319,13 +250,6 @@ check_java_version() {
log "[E] Java 1.7 is required, current java version is $version"
exit 1;
fi
-
-
- #$JAVA_BIN -version 2>&1 | grep -q "$JAVA_ORACLE"
- #if [ $? != 0 ] ; then
- #log "[E] Oracle Java is required"
- #exit 1;
- #fi
}
sanity_check_files() {
@@ -389,436 +313,6 @@ create_rollback_point() {
cp "$APP" "$BAK_FILE"
}
-create_db_user(){
- check_db_user_password
- strError="ERROR"
- if [ "${DB_FLAVOR}" == "MYSQL" ]
- then
- log "[I] Creating ${DB_FLAVOR} user '${db_user}'"
- for thost in '%' localhost
- do
- usercount=`$SQL_COMMAND_INVOKER -B -u "$db_root_user" --password="$db_root_password" -h $DB_HOST --skip-column-names -e "select count(*) from mysql.user where user = '$db_user' and host = '$thost';"`
- if [ ${usercount} -eq 0 ]
- then
- $SQL_COMMAND_INVOKER -B -u "$db_root_user" --password="$db_root_password" -h $DB_HOST -e "create user '$db_user'@'$thost' identified by '$db_password';"
- log "[I] Creating user '$db_user' for host $thost done"
- fi
- dbquery="REVOKE ALL PRIVILEGES,GRANT OPTION FROM '$db_user'@'$thost';FLUSH PRIVILEGES;"
- echo "${dbquery}" | $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST
- check_ret_status $? "'$DB_FLAVOR' revoke *.* privileges from user '$db_user'@'$thost' failed"
- done
- log "[I] Creating ${DB_FLAVOR} user '${db_user}' DONE"
- fi
- if [ "${DB_FLAVOR}" == "ORACLE" ]
- then
- #check user exist or not
- result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${db_user}');"`
- username=`echo ${db_user} | tr '[:lower:]' '[:upper:]'`
- #if does not contains username so create user
- if test "${result3#*$username}" == "$result3"
- then
- #create user
- result4=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "create user ${db_user} identified by \"${db_password}\";"`
- result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${db_user}');"`
- username=`echo ${db_user} | tr '[:lower:]' '[:upper:]'`
- #if user is not created print error message
- if test "${result3#*$username}" == "$result3"
- then
- log "[E] Creating User: ${db_user} Failed";
- log "[E] $result4"
- exit 1
- else
- log "[I] Creating User: ${db_user} Success";
- fi
- fi
- result5=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED TABLESPACE TO ${db_user} WITH ADMIN OPTION;"`
- if test "${result5#*$strError}" == "$result5"
- then
- log "[I] Granting User: ${db_user} Success";
- else
- log "[E] Granting User: ${db_user} Failed";
- log "[E] $result5"
- exit 1
- fi
- log "[I] Creating $DB_FLAVOR user '${db_user}' DONE"
- fi
-}
-
-check_db_admin_password () {
- count=0
- msg=''
- cmdStatus=''
- strError="ERROR"
- if [ "${DB_FLAVOR}" == "MYSQL" ]
- then
- log "[I] Checking ${DB_FLAVOR} $db_root_user password"
- msg=`$SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h "$DB_HOST" -s -e "select version();" 2>&1`
- cmdStatus=$?
- fi
-
- if [ "${DB_FLAVOR}" == "ORACLE" ]
- then
- log "[I] Checking ${DB_FLAVOR} $db_root_user password"
- msg=`echo "select 1 from dual;" | $SQL_COMMAND_INVOKER -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA>&1`
- cmdStatus=$?
- fi
- if test "${msg#*$strError}" != "$msg"
- then
- cmdStatus=1
- else
- cmdStatus=0 # $substring is not in $string
- fi
- while :
- do
- if [ $cmdStatus != 0 ]; then
- if [ $count != 0 ]
- then
- if [ "${DB_FLAVOR}" == "MYSQL" ]
- then
- log "[I] COMMAND: mysql -u $db_root_user --password=...... -h $DB_HOST : FAILED with error message:"
- fi
- if [ "${DB_FLAVOR}" == "ORACLE" ]
- then
- log "[I] COMMAND: sqlplus $db_root_user/...... @$DB_HOST AS SYSDBA : FAILED with error message:"
- fi
- log "*******************************************${sg}*******************************************"
- fi
- if [ $count -gt 2 ]
- then
- log "[E] Unable to continue as db connectivity fails."
- exit 1
- fi
- trap 'stty echo; exit 1' 2 3 15
- if [ "${DB_FLAVOR}" == "MYSQL" ]
- then
- printf "Please enter password for mysql user-id, $db_root_user@${DB_HOST} : "
- fi
- if [ "${DB_FLAVOR}" == "ORACLE" ]
- then
- log="[msg] ${msg}"
- printf "Please enter password for oracle user-id, $db_root_user@${DB_HOST} AS SYSDBA: "
- fi
- stty -echo
- read db_root_password
- stty echo
- printf "\n"
- trap '' 2 3 15
- count=`expr ${count} + 1`
- if [ "${DB_FLAVOR}" == "MYSQL" ]
- then
- msg=`$SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h "$DB_HOST" -s -e "select version();" 2>&1`
- cmdStatus=$?
- fi
- if [ "${DB_FLAVOR}" == "ORACLE" ]
- then
- msg=`echo "select 1 from dual;" | $SQL_COMMAND_INVOKER -L -S "${db_root_user}"/"\"${db_root_password}\""@"{$DB_HOST}" AS SYSDBA >&1`
- cmdStatus=$?
- fi
- if test "${msg#*$strError}" != "$msg"
- then
- cmdStatus=1
- else
- cmdStatus=0 # $substring is not in $string
- fi
- else
- log "[I] Checking DB password DONE"
- break;
- fi
- done
- return 0;
-}
-
-check_db_user_password() {
- count=0
- muser=${db_user}@${DB_HOST}
- while [ "${db_password}" = "" ]
- do
- if [ $count -gt 0 ]
- then
- log "[I] You can not have a empty password for user: (${muser})."
- fi
- if [ ${count} -gt 2 ]
- then
- log "[E] Unable to continue as user, ${muser} does not have a non-empty password."
- fi
- printf "Please enter password for the Ranger schema owner (${muser}): "
- trap 'stty echo; exit 1' 2 3 15
- stty -echo
- read db_password
- stty echo
- printf "\n"
- trap '' 2 3 15
- count=`expr ${count} + 1`
- done
-}
-
-
-check_audit_user_password() {
- count=0
- muser=${audit_db_user}@${DB_HOST}
- while [ "${audit_db_password}" = "" ]
- do
- if [ $count -gt 0 ]
- then
- log "[I] You can not have a empty password for user: (${muser})."
- fi
- if [ ${count} -gt 2 ]
- then
- log "[E] Unable to continue as user, ${muser} does not have a non-empty password."
- fi
- printf "Please enter password for the Ranger Audit Table owner (${muser}): "
- trap 'stty echo; exit 1' 2 3 15
- stty -echo
- read audit_db_password
- stty echo
- printf "\n"
- trap '' 2 3 15
- count=`expr ${count} + 1`
- done
-}
-
-upgrade_db() {
- log "[I] - starting upgradedb ... "
- if [ "${DB_FLAVOR}" == "MYSQL" ]
- then
- DBVERSION_CATALOG_CREATION=db/mysql/create_dbversion_catalog.sql
- if [ -f ${DBVERSION_CATALOG_CREATION} ]
- then
- log "[I] Verifying database version catalog table .... "
- ${mysqlexec} < ${DBVERSION_CATALOG_CREATION}
- `${SQL_COMMAND_INVOKER} -u "${db_root_user}" --password="${db_root_password}" -h ${DB_HOST} -D ${db_name} < ${DBVERSION_CATALOG_CREATION}`
- check_ret_status $? "Verifying database version catalog table Failed."
- fi
-
- dt=`date '+%s'`
- tempFile=/tmp/sql_${dt}_$$.sql
- sqlfiles=`ls -1 db/mysql/patches/*.sql 2> /dev/null | awk -F/ '{ print $NF }' | awk -F- '{ print $1, $0 }' | sort -k1 -n | awk '{ printf("db/mysql/patches/%s\n",$2) ; }'`
- for sql in ${sqlfiles}
- do
- if [ -f ${sql} ]
- then
- bn=`basename ${sql}`
- version=`echo ${bn} | awk -F'-' '{ print $1 }'`
- if [ "${version}" != "" ]
- then
- c=`${SQL_COMMAND_INVOKER} -u "${db_root_user}" --password="${db_root_password}" -h ${DB_HOST} -D ${db_name} -B --skip-column-names -e "select count(id) from x_db_version_h where version = '${version}' and active = 'Y'"`
- check_ret_status $? "DBVerionCheck - ${version} Failed."
- if [ ${c} -eq 0 ]
- then
- cat ${sql} > ${tempFile}
- echo >> ${tempFile}
- echo "insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ( '${version}', now(), user(), now(), user()) ;" >> ${tempFile}
- log "[I] - patch [${version}] is being applied."
- `${SQL_COMMAND_INVOKER} -u "${db_root_user}" --password="${db_root_password}" -h ${DB_HOST} -D ${db_name} < ${tempFile}`
- check_ret_status $? "Update patch - ${version} Failed. See sql file : [${tempFile}]"
- rm -f ${tempFile}
- else
- log "[I] - patch [${version}] is already applied. Skipping ..."
- fi
- fi
- fi
- done
- fi
- ####
- if [ "${DB_FLAVOR}" == "ORACLE" ]
- then
- strError="ERROR"
- DBVERSION_CATALOG_CREATION=db/oracle/create_dbversion_catalog.sql
- VERSION_TABLE=x_db_version_h
- log "[I] Verifying table $VERSION_TABLE in database $db_name";
- if [ -f ${DBVERSION_CATALOG_CREATION} ]
- then
- result1=`${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" <<< "select UPPER(table_name) from all_tables where UPPER(tablespace_name)=UPPER('${db_name}') and UPPER(table_name)=UPPER('${VERSION_TABLE}');"`
- tablename=`echo $VERSION_TABLE | tr '[:lower:]' '[:upper:]'`
- if test "${result1#*$tablename}" == "$result1" #does not contains tablename so create table
- then
- log "[I] Importing Version Catalog file: $DBVERSION_CATALOG_CREATION..."
- result2=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" @$DBVERSION_CATALOG_CREATION`
- if test "${result2#*$strError}" == "$result2"
- then
- log "[I] Importing Version Catalog file : $DBVERSION_CATALOG_CREATION DONE";
- else
- log "[E] Importing Version Catalog file : $DBVERSION_CATALOG_CREATION Failed";
- log "[E] $result2"
- fi
- else
- log "[I] Table $VERSION_TABLE already exists in database ${db_name}"
- fi
- fi
-
- dt=`date '+%s'`
- tempFile=/tmp/sql_${dt}_$$.sql
- sqlfiles=`ls -1 db/oracle/patches/*.sql 2> /dev/null | awk -F/ '{ print $NF }' | awk -F- '{ print $1, $0 }' | sort -k1 -n | awk '{ printf("db/oracle/patches/%s\n",$2) ; }'`
- for sql in ${sqlfiles}
- do
- if [ -f ${sql} ]
- then
- bn=`basename ${sql}`
- version=`echo ${bn} | awk -F'-' '{ print $1 }'`
- if [ "${version}" != "" ]
- then
- result2=`${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" <<< "select version from x_db_version_h where version = '${version}' and active = 'Y';"`
- #does not contains record so insert
- if test "${result2#*$version}" == "$result2"
- then
- cat ${sql} > ${tempFile}
- echo >> ${tempFile}
- echo "insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by) values ( X_DB_VERSION_H_SEQ.nextval,'${version}', sysdate, '${db_user}', sysdate, '${db_user}') ;" >> ${tempFile}
- log "[I] - patch [${version}] is being applied. $tempFile"
- result3=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" @$tempFile`
- log "[+]$result3"
- if test "${result3#*$strError}" == "$result3"
- then
- log "[I] Update patch - ${version} applied. See sql file : [${tempFile}]"
- else
- log "[E] Update patch - ${version} Failed. See sql file : [${tempFile}]"
- fi
- rm -f ${tempFile}
- elif test "${result2#*$strError}" != "$result2"
- then
- log "[E] - patch [${version}] could not applied. Skipping ..."
- exit 1
- else
- log "[I] - patch [${version}] is already applied. Skipping ..."
- fi
- fi
- fi
- done
- fi
- log "[I] - upgradedb completed."
-}
-
-import_db(){
- if [ "${DB_FLAVOR}" == "MYSQL" ]
- then
- log "[I] Verifying Database: ${db_name}";
- existdb=`${SQL_COMMAND_INVOKER} -u "${db_root_user}" --password="${db_root_password}" -h $DB_HOST -B --skip-column-names -e "show databases like '${db_name}' ;"`
- if [ "${existdb}" = "${db_name}" ]
- then
- log "[I] - database ${db_name} already exists. Ignoring import_db ..."
- else
- log "[I] Creating Database: $db_name";
- $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST -e "create database $db_name"
- check_ret_status $? "Creating database Failed.."
- log "[I] Importing Core Database file: $mysql_core_file "
- $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST $db_name < $mysql_core_file
- check_ret_status $? "Importing Database Failed.."
- if [ -f "${mysql_asset_file}" ]
- then
- $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST ${db_name} < ${mysql_asset_file}
- check_ret_status $? "Reset of DB repositories failed"
- fi
- log "[I] Importing Database file : $mysql_core_file DONE";
- fi
- for thost in '%' localhost
- do
- mysqlquery="GRANT ALL ON $db_name.* TO '$db_user'@'$thost' ;
- GRANT ALL PRIVILEGES ON $db_name.* to '$db_user'@'$thost' WITH GRANT OPTION;
- FLUSH PRIVILEGES;"
- echo "${mysqlquery}" | $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST
- check_ret_status $? "'$db_user' grant privileges on '$db_name' failed"
- log "[I] Granting MYSQL user '$db_user' for host $thost DONE"
- done
- fi
- if [ "${DB_FLAVOR}" == "ORACLE" ]
- then
- log "[I] Importing TABLESPACE: ${db_name}";
- strError="ERROR"
- existdb="false"
-
- #Verifying Users
- log "[I] Verifying DB User: ${db_user}";
- result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${db_user}');"`
- username=`echo ${db_user} | tr '[:lower:]' '[:upper:]'`
- if test "${result3#*$username}" == "$result3" #does not contains username so create user
- then
- #create user
- result4=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "create user ${db_user} identified by \"${db_password}\";"`
- result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${db_user}');"`
- username=`echo ${db_user} | tr '[:lower:]' '[:upper:]'`
- if test "${result3#*$username}" == "$result3" #does not contains username so create user
- then
- log "[E] Creating User: ${db_user} Failed";
- log "[E] ${result4}";
- exit 1
- else
- log "[I] Creating User: ${db_user} Success";
- fi
- else
- log "[I] User: ${db_user} exist";
- fi
-
- #creating db/tablespace
- result1=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TABLESPACES where UPPER(TABLESPACE_NAME)=UPPER('${db_name}');"`
- tablespace=`echo ${db_name} | tr '[:lower:]' '[:upper:]'`
- if test "${result1#*$tablespace}" == "$result1" #does not contains tablespace so create tablespace
- then
- log "[I] Creating TABLESPACE: ${db_name}";
- result2=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "create tablespace ${db_name} datafile '${db_name}.dat' size 10M autoextend on;"`
- if test "${result2#*$strError}" == "$result2"
- then
- log "[I] TABLESPACE ${db_name} created.";
- existdb="true"
- else
- log "[E] Creating TABLESPACE: ${db_name} Failed";
- log "[E] $result2";
- exit 1
- fi
- else
- log "[I] TABLESPACE ${db_name} already exists.";
- fi
-
- #verify table space
- result1a=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TABLESPACES where UPPER(TABLESPACE_NAME)=UPPER('${db_name}');"`
- tablespace1a=`echo ${db_name} | tr '[:lower:]' '[:upper:]'`
- if test "${result1a#*$tablespace1a}" == "$result1a" #does not contains tablespace so exit
- then
- log "[E] TABLESPACE: ${db_name} Does not exist!!";
- exit 1
- fi
-
- #verify user
- result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${db_user}');"`
- username=`echo ${db_user} | tr '[:lower:]' '[:upper:]'`
- if test "${result3#*$username}" == "$result3" #does not contains username so exit
- then
- log "[E] User: ${db_user} Does not exist!!";
- exit 1
- fi
-
- # ASSIGN DEFAULT TABLESPACE ${db_name}
- result8=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "alter user ${db_user} identified by \"${db_password}\" DEFAULT TABLESPACE ${db_name};"`
-
- #grant user
- result5=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED TABLESPACE TO ${db_user} WITH ADMIN OPTION;"`
- if test "${result5#*$strError}" == "$result5"
- then
- log "[I] Granting User: ${db_user} Success";
- else
- log "[E] Granting User: ${db_user} Failed";
- log "[E] $result5";
- exit 1
- fi
-
- #if does not contains tables create tables
- if [ "${existdb}" == "true" ]
- then
- log "[I] Importing XA Database file: ${oracle_core_file}..."
- result7=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" @${oracle_core_file}`
- if test "${result7#*$strError}" == "$result7"
- then
- log "[I] Importing XA Database file : ${oracle_core_file} DONE";
- else
- log "[E] Importing XA Database file : ${oracle_core_file} Failed";
- log "[E] $result7";
- exit 1
- fi
- else
- log "[I] - database ${db_name} already exists. Ignoring import_db ..." ;
- fi
- fi
-}
-
copy_db_connector(){
log "[I] Copying ${DB_FLAVOR} Connector to $app_home/WEB-INF/lib ";
cp -f $SQL_CONNECTOR_JAR $app_home/WEB-INF/lib
@@ -874,11 +368,18 @@ update_properties() {
if [ "${DB_FLAVOR}" == "ORACLE" ]
then
propertyName=ranger.jpa.jdbc.url
- newPropertyValue="jdbc:oracle:thin:@${DB_HOST}"
+ count=$(grep -o ":" <<< "$DB_HOST" | wc -l)
+ #if [[ ${count} -eq 2 ]] ; then
+ if [ ${count} -eq 2 ] || [ ${count} -eq 0 ]; then
+ #jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL
+ newPropertyValue="jdbc:oracle:thin:@${DB_HOST}"
+ else
+ #jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE
+ newPropertyValue="jdbc:oracle:thin:@//${DB_HOST}"
+ fi
updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
propertyName=ranger.jpa.audit.jdbc.url
- newPropertyValue="jdbc:oracle:thin:@${DB_HOST}"
updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
propertyName=ranger.jpa.jdbc.dialect
@@ -994,7 +495,6 @@ update_properties() {
newPropertyValue=${audit_store}
updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
-
propertyName=ranger.externalurl
newPropertyValue="${policymgr_external_url}"
updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
@@ -1022,7 +522,6 @@ update_properties() {
then
mkdir -p `dirname "${keystore}"`
$PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "$db_password_alias" -v "$db_password" -c 1
- #$JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$db_password_alias" -value "$db_password" -provider jceks://file$keystore
propertyName=ranger.credential.provider.path
newPropertyValue="${keystore}"
@@ -1065,18 +564,10 @@ update_properties() {
if [ "${keystore}" != "" ]
then
$PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "$audit_db_password_alias" -v "$audit_db_password" -c 1
- #$JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$audit_db_password_alias" -value "$audit_db_password" -provider jceks://file$keystore
propertyName=ranger.jpa.audit.jdbc.credential.alias
newPropertyValue="${audit_db_password_alias}"
updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default
-
- #Use the same provider file for both audit/admin db
- # propertyName=audit.jdbc.credential.provider.path
- #propertyName=ranger.credential.provider.path
- #newPropertyValue="${keystore}"
- #updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
-
propertyName=ranger.jpa.audit.jdbc.password
newPropertyValue="_"
updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
@@ -1117,7 +608,6 @@ update_properties() {
audit_solr_password_alias=ranger.solr.password
$PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "$audit_solr_password_alias" -v "$audit_solr_password" -c 1
-# $JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$audit_solr_password_alias" -value "$audit_solr_password" -provider jceks://file$keystore
propertyName=ranger.solr.audit.credential.alias
newPropertyValue="${audit_solr_password_alias}"
@@ -1143,183 +633,6 @@ update_properties() {
fi
}
-create_audit_db_user(){
- check_audit_user_password
- AUDIT_DB="${audit_db_name}"
- AUDIT_USER="${audit_db_user}"
- AUDIT_PASSWORD="${audit_db_password}"
- strError="ERROR"
- #Verifying Database
- if [ "${DB_FLAVOR}" == "MYSQL" ]
- then
- log "[I] Verifying Database: $AUDIT_DB";
- existdb=`${SQL_COMMAND_INVOKER} -u "$db_root_user" --password="$db_root_password" -h $DB_HOST -B --skip-column-names -e "show databases like '$AUDIT_DB' ;"`
- if [ "${existdb}" = "$AUDIT_DB" ]
- then
- log "[I] Database $AUDIT_DB already exists."
- else
- log "[I] Creating Database: $audit_db_name";
- $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST -e "create database $AUDIT_DB"
- check_ret_status $? "Creating database $AUDIT_DB Failed.."
- fi
- fi
- if [ "${DB_FLAVOR}" == "ORACLE" ]
- then
- log "[I] Verifying TABLESPACE: $AUDIT_DB";
- result1=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "SELECT distinct UPPER(TABLESPACE_NAME) FROM USER_TABLESPACES where UPPER(TABLESPACE_NAME)=UPPER('${AUDIT_DB}');"`
- tablespace=`echo $AUDIT_DB | tr '[:lower:]' '[:upper:]'`
- if test "${result1#*$tablespace}" == "$result1" #does not contains tablespace so create tablespace
- then
- log "[I] Creating TABLESPACE: $AUDIT_DB";
- result2=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "create tablespace $AUDIT_DB datafile '$AUDIT_DB.dat' size 10M autoextend on;"`
- if test "${result2#*$strError}" == "$result2"
- then
- log "[I] TABLESPACE $AUDIT_DB created."
- else
- log "[E] Creating TABLESPACE: $AUDIT_DB Failed";
- log "[E] $result2"
- exit 1
- fi
- else
- log "[I] TABLESPACE $AUDIT_DB already exists."
- fi
- fi
-
- #Verifying Users
- log "[I] Verifying Audit User: $AUDIT_USER";
- if [ "${DB_FLAVOR}" == "MYSQL" ]
- then
- for thost in '%' localhost
- do
- usercount=`$SQL_COMMAND_INVOKER -B -u "$db_root_user" --password="$db_root_password" -h $DB_HOST --skip-column-names -e "select count(*) from mysql.user where user = '$AUDIT_USER' and host = '$thost';"`
- if [ ${usercount} -eq 0 ]
- then
- log "[I] Creating ${DB_FLAVOR} user '$AUDIT_USER'@'$thost'"
- $SQL_COMMAND_INVOKER -B -u "$db_root_user" --password="$db_root_password" -h $DB_HOST -e "create user '$AUDIT_USER'@'$thost' identified by '$AUDIT_PASSWORD';"
- check_ret_status $? "${DB_FLAVOR} create user failed"
- fi
- if [ "${AUDIT_USER}" != "${db_user}" ]
- then
- mysqlquery="REVOKE ALL PRIVILEGES,GRANT OPTION FROM '$AUDIT_USER'@'$thost' ;
- FLUSH PRIVILEGES;"
- echo "${mysqlquery}" | $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST
- check_ret_status $? "'$DB_FLAVOR' revoke privileges from user '$AUDIT_USER'@'$thost' failed"
- log "[I] '$DB_FLAVOR' revoke all privileges from user '$AUDIT_USER'@'$thost' DONE"
- fi
- done
- fi
- if [ "${DB_FLAVOR}" == "ORACLE" ]
- then
- result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${AUDIT_USER}');"`
- username=`echo $AUDIT_USER | tr '[:lower:]' '[:upper:]'`
- if test "${result3#*$username}" == "$result3" #does not contains username so create user
- then
- #create user
- result4=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "create user ${AUDIT_USER} identified by \"${AUDIT_PASSWORD}\" DEFAULT TABLESPACE ${AUDIT_DB};"`
- if test "${result4#*$strError}" == "$result4"
- then
- log "[I] Creating User: ${AUDIT_USER} Success";
- else
- log "[E] Creating User: ${AUDIT_USER} Failed";
- log "[E] $result4"
- exit 1
- fi
- else
- log "[I] User: ${AUDIT_USER} exist";
- fi
- result5=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "GRANT CREATE SESSION TO ${AUDIT_USER};"`
- if test "${result5#*$strError}" == "$result5"
- then
- log "[I] Granting User: $AUDIT_USER Success";
- else
- log "[E] Granting User: $AUDIT_USER Failed";
- log "[E] $result5"
- exit 1
- fi
- fi
-
- #Verifying audit table
- AUDIT_TABLE=xa_access_audit
- if [ "${DB_FLAVOR}" == "MYSQL" ]
- then
- log "[I] Verifying table $AUDIT_TABLE in audit database $AUDIT_DB";
- existtbl=`${SQL_COMMAND_INVOKER} -u "$db_root_user" --password="$db_root_password" -D $AUDIT_DB -h $DB_HOST -B --skip-column-names -e "show tables like '$AUDIT_TABLE' ;"`
- if [ "${existtbl}" != "$AUDIT_TABLE" ]
- then
- log "[I] Importing Audit Database file: $mysql_audit_file..."
- $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST $AUDIT_DB < $mysql_audit_file
- check_ret_status $? "Importing Audit Database Failed.."
- log "[I] Importing Audit Database file : $mysql_audit_file DONE";
- else
- log "[I] Table $AUDIT_TABLE already exists in audit database $AUDIT_DB"
- fi
- fi
- if [ "${DB_FLAVOR}" == "ORACLE" ]
- then
- log "[I] Verifying table $AUDIT_TABLE in TABLESPACE $db_name";
- # ASSIGN DEFAULT TABLESPACE ${db_name}
- result8=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "alter user ${AUDIT_USER} identified by \"${AUDIT_PASSWORD}\" DEFAULT TABLESPACE ${AUDIT_DB};"`
- result6=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(table_name) from all_tables where UPPER(tablespace_name)=UPPER('$db_name') and UPPER(table_name)=UPPER('${AUDIT_TABLE}');"`
- tablename=`echo $AUDIT_TABLE | tr '[:lower:]' '[:upper:]'`
- if test "${result6#*$tablename}" == "$result6" #does not contains tablename so create table
- then
- log "[I] Importing Audit Database file: $oracle_audit_file..."
- result7=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" @$oracle_audit_file`
- if test "${result7#*$strError}" == "$result7"
- then
- log "[I] Importing Audit Database file : $oracle_audit_file DONE";
- else
- log "[E] Importing Audit Database file : $oracle_audit_file failed";
- log "[E] $result7"
- fi
- else
- log "[I] Table $AUDIT_TABLE already exists in TABLESPACE $db_name"
- fi
- fi
-
- #Granting Users
- log "[I] Granting Privileges to User: $AUDIT_USER";
- if [ "${DB_FLAVOR}" == "MYSQL" ]
- then
- for thost in '%' localhost
- do
- mysqlquery="GRANT ALL ON $AUDIT_DB.* TO '$db_user'@'$thost' ;
- GRANT ALL PRIVILEGES ON $AUDIT_DB.* to '$db_user'@'$thost' WITH GRANT OPTION;
- FLUSH PRIVILEGES;"
- echo "${mysqlquery}" | $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST
- check_ret_status $? "'$db_user' grant privileges on '$AUDIT_DB' failed"
- log "[I] Creating MYSQL user '$AUDIT_USER' for host $thost DONE"
-
- mysqlquery="GRANT INSERT ON $AUDIT_DB.$AUDIT_TABLE TO '$AUDIT_USER'@'$thost' ;
- FLUSH PRIVILEGES;"
- echo "${mysqlquery}" | $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST
- check_ret_status $? "'$DB_FLAVOR' grant INSERT privileges to user '$AUDIT_USER'@'$thost' on $AUDIT_TABLE failed"
- log "[I] '$DB_FLAVOR' grant INSERT privileges to user '$AUDIT_USER'@'$thost' on $AUDIT_TABLE DONE"
- done
- fi
- if [ "${DB_FLAVOR}" == "ORACLE" ]
- then
- if [ "${AUDIT_USER}" != "${db_user}" ]
- then
- result11=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "GRANT SELECT ON ${db_user}.XA_ACCESS_AUDIT_SEQ TO ${AUDIT_USER};"`
- result12=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "GRANT INSERT ON ${db_user}.${AUDIT_TABLE} TO ${AUDIT_USER};"`
- if test "${result11#*$strError}" != "$result11"
- then
- log "[E] Granting User: $AUDIT_USER Failed";
- log "[E] $result11";
- exit1
- elif test "${result12#*$strError}" != "$result12"
- then
- log "[E] Granting User: $AUDIT_USER Failed";
- log "[E] $result12";
- exit 1
- else
- log "[I] Granting User: $AUDIT_USER Success";
- fi
- fi
- fi
-}
-
do_unixauth_setup() {
ldap_file=$app_home/WEB-INF/classes/conf/ranger-admin-site.xml
@@ -1356,40 +669,33 @@ do_authentication_setup(){
ldap_file=$app_home/WEB-INF/classes/conf/ranger-admin-site.xml
if test -f $ldap_file; then
log "[I] $ldap_file file found"
-# propertyName=xa_ldap_url
propertyName=ranger.ldap.url
newPropertyValue="${xa_ldap_url}"
-
updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
-# propertyName=xa_ldap_userDNpattern
propertyName=ranger.ldap.user.dnpattern
newPropertyValue="${xa_ldap_userDNpattern}"
updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
-# propertyName=xa_ldap_groupSearchBase
propertyName=ranger.ldap.group.searchbase
newPropertyValue="${xa_ldap_groupSearchBase}"
updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
-# propertyName=xa_ldap_groupSearchFilter
propertyName=ranger.ldap.group.searchfilter
newPropertyValue="${xa_ldap_groupSearchFilter}"
updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
-# propertyName=xa_ldap_groupRoleAttribute
propertyName=ranger.ldap.group.roleattribute
newPropertyValue="${xa_ldap_groupRoleAttribute}"
updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
-# propertyName=authentication_method
propertyName=ranger.authentication.method
newPropertyValue="${authentication_method}"
updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
if [ "${xa_ldap_base_dn}" != "" ] && [ "${xa_ldap_bind_dn}" != "" ] && [ "${xa_ldap_bind_password}" != "" ]
then
- $PYTHON_COMMAND_INVOKER dba_script.py ${xa_ldap_bind_password} 'LDAP'
+ $PYTHON_COMMAND_INVOKER dba_script.py ${xa_ldap_bind_password} 'LDAP' 'password_validation'
if [ "$?" != "0" ]
then
exit 1
@@ -1419,7 +725,6 @@ do_authentication_setup(){
ldap_password_alias=ranger.ldap.binddn.password
$PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "$ldap_password_alias" -v "$xa_ldap_bind_password" -c 1
-# $JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$ldap_password_alias" -value "$xa_ldap_bind_password" -provider jceks://file$keystore
to_file_default=$app_home/WEB-INF/classes/conf/ranger-admin-default-site.xml
@@ -1464,24 +769,21 @@ do_authentication_setup(){
ldap_file=$app_home/WEB-INF/classes/conf/ranger-admin-site.xml
if test -f $ldap_file; then
log "[I] $ldap_file file found"
-# propertyName=xa_ldap_ad_url
propertyName=ranger.ldap.ad.url
newPropertyValue="${xa_ldap_ad_url}"
updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
-# propertyName=xa_ldap_ad_domain
propertyName=ranger.ldap.ad.domain
newPropertyValue="${xa_ldap_ad_domain}"
updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
-# propertyName=authentication_method
propertyName=ranger.authentication.method
newPropertyValue="${authentication_method}"
updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
if [ "${xa_ldap_ad_base_dn}" != "" ] && [ "${xa_ldap_ad_bind_dn}" != "" ] && [ "${xa_ldap_ad_bind_password}" != "" ]
then
- $PYTHON_COMMAND_INVOKER dba_script.py ${xa_ldap_ad_bind_password} 'AD'
+ $PYTHON_COMMAND_INVOKER dba_script.py ${xa_ldap_ad_bind_password} 'AD' 'password_validation'
if [ "$?" != "0" ]
then
exit 1
@@ -1510,7 +812,6 @@ do_authentication_setup(){
ad_password_alias=ranger.ad.binddn.password
$PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "$ad_password_alias" -v "$xa_ldap_ad_bind_password" -c 1
-# $JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$ad_password_alias" -value "$xa_ldap_ad_bind_password" -provider jceks://file$keystore
to_file_default=$app_home/WEB-INF/classes/conf/ranger-admin-default-site.xml
@@ -1564,18 +865,12 @@ do_authentication_setup(){
log "[I] Finished setup based on user authentication method=$authentication_method";
}
-
#=====================================================================
-
setup_unix_user_group(){
-
log "[I] Setting up UNIX user : ${unix_user} and group: ${unix_group}";
-
groupadd ${unix_group}
check_ret_status_for_groupadd $? "Creating group ${unix_group} failed"
-
id -u ${unix_user} > /dev/null 2>&1
-
if [ $? -ne 0 ]
then
log "[I] Creating new user and adding to group";
@@ -1585,14 +880,11 @@ setup_unix_user_group(){
log "[I] User already exists, adding it to group";
usermod -g ${unix_group} ${unix_user}
fi
-
log "[I] Setting up UNIX user : ${unix_user} and group: ${unix_group} DONE";
}
setup_install_files(){
-
log "[I] Setting up installation files and directory";
-
if [ ! -d ${WEBAPP_ROOT}/WEB-INF/classes/conf ]; then
log "[I] Copying ${WEBAPP_ROOT}/WEB-INF/classes/conf.dist ${WEBAPP_ROOT}/WEB-INF/classes/conf"
mkdir -p ${WEBAPP_ROOT}/WEB-INF/classes/conf
@@ -1684,88 +976,6 @@ setup_install_files(){
fi
}
-execute_java_patches(){
- if [ "${DB_FLAVOR}" == "MYSQL" ]
- then
- dt=`date '+%s'`
- tempFile=/tmp/sql_${dt}_$$.sql
- #mysqlexec="${SQL_COMMAND_INVOKER} -u ${db_root_user} --password="${db_root_password}" -h ${DB_HOST} ${db_name}"
- javaFiles=`ls -1 $app_home/WEB-INF/classes/org/apache/ranger/patch/Patch*.class 2> /dev/null | awk -F/ '{ print $NF }' | awk -F_J '{ print $2, $0 }' | sort -k1 -n | awk '{ printf("%s\n",$2) ; }'`
- for javaPatch in ${javaFiles}
- do
- if test -f "$app_home/WEB-INF/classes/org/apache/ranger/patch/$javaPatch"; then
- className=$(basename "$javaPatch" .class)
- version=`echo ${className} | awk -F'_' '{ print $2 }'`
- if [ "${version}" != "" ]
- then
- #c=`${mysqlexec} -B --skip-column-names -e "select count(id) from x_db_version_h where version = '${version}' and active = 'Y'"`
- c=`$JAVA_HOME/bin/java -cp $SQL_CONNECTOR_JAR:jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://$DB_HOST/$db_name -u ${db_user} -p "${db_password}" -noheader -trim -delimiter '' -c \; -query "select version from x_db_version_h where version = '${version}' and active = 'Y';"`
- check_ret_status $? "DBVerionCheck - ${version} Failed."
- #if [ ${c} -eq 0 ]
- if [ "${c}" != "${version}" ]
- then
- log "[I] patch ${javaPatch} is being applied..";
- msg=`$JAVA_HOME/bin/java -cp "$app_home/WEB-INF/classes/conf:$app_home/WEB-INF/classes/lib/*:$app_home/WEB-INF/:$app_home/META-INF/:$app_home/WEB-INF/lib/*:$app_home/WEB-INF/classes/:$app_home/WEB-INF/classes/META-INF:$SQL_CONNECTOR_JAR" org.apache.ranger.patch.${className}`
- check_ret_status $? "Unable to apply patch:$javaPatch. $msg"
- touch ${tempFile}
- echo >> ${tempFile}
- echo "insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ( '${version}', now(), user(), now(), user()) ;" >> ${tempFile}
- #${mysqlexec} < ${tempFile}
- c=`$JAVA_HOME/bin/java -cp $SQL_CONNECTOR_JAR:jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://$DB_HOST/$db_name -u ${db_user} -p "${db_password}" -noheader -trim -delimiter '' -c \; -input ${tempFile}`
- check_ret_status $? "Update patch - ${javaPatch} has failed."
- rm -f ${tempFile}
- log "[I] patch ${javaPatch} has been applied!!";
- else
- log "[I] - patch [${javaPatch}] is already applied. Skipping ..."
- fi
- fi
- fi
- done
- fi
- if [ "${DB_FLAVOR}" == "ORACLE" ]
- then
- dt=`date '+%s'`
- tempFile=/tmp/sql_${dt}_$$.sql
- javaFiles=`ls -1 $app_home/WEB-INF/classes/org/apache/ranger/patch/Patch*.class 2> /dev/null | awk -F/ '{ print $NF }' | awk -F_J '{ print $2, $0 }' | sort -k1 -n | awk '{ printf("%s\n",$2) ; }'`
- for javaPatch in ${javaFiles}
- do
- if test -f "$app_home/WEB-INF/classes/org/apache/ranger/patch/$javaPatch"; then
- className=$(basename "$javaPatch" .class)
- version=`echo ${className} | awk -F'_' '{ print $2 }'`
- if [ "${version}" != "" ]
- then
- #result2=`${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" <<< "select version from x_db_version_h where version = '${version}' and active = 'Y';"`
- result2=`$JAVA_HOME/bin/java -cp $SQL_CONNECTOR_JAR:jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@$DB_HOST -u ${db_user} -p "${db_password}" -noheader -trim -delimiter '' -c \; -query "select version from x_db_version_h where version = '${version}' and active = 'Y';"`
- #does not contains record so insert
- if test "${result2#*$version}" == "$result2"
- then
- log "[I] patch ${javaPatch} is being applied..";
- msg=`$JAVA_HOME/bin/java -cp "$app_home/WEB-INF/classes/conf:$app_home/WEB-INF/classes/lib/*:$app_home/WEB-INF/:$app_home/META-INF/:$app_home/WEB-INF/lib/*:$app_home/WEB-INF/classes/:$app_home/WEB-INF/classes/META-INF/" org.apache.ranger.patch.${className}`
- check_ret_status $? "Unable to apply patch:$javaPatch. $msg"
- touch ${tempFile}
- echo >> ${tempFile}
- echo "insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by) values ( X_DB_VERSION_H_SEQ.nextval,'${version}', sysdate, '${db_user}', sysdate, '${db_user}') ;" >> ${tempFile}
- #result3=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" @$tempFile`
- result3=`$JAVA_HOME/bin/java -cp $SQL_CONNECTOR_JAR:jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@$DB_HOST -u ${db_user} -p "${db_password}" -noheader -trim -delimiter '' -c \; -input ${tempFile}`
- if test "${result3#*$strError}" == "$result3"
- then
- log "[I] patch ${javaPatch} has been applied!!";
- else
- log "[E] patch ${javaPatch} has failed."
- fi
- rm -f ${tempFile}
- elif test "${result2#*$strError}" != "$result2"
- then
- log "[E] - patch [${javaPatch}] could not applied. Skipping ..."
- exit 1
- else
- log "[I] - patch [${javaPatch}] is already applied. Skipping ..."
- fi
- fi
- fi
- done
- fi
-}
init_logfiles
log " --------- Running Ranger PolicyManager Web Application Install Script --------- "
log "[I] uname=`uname`"
@@ -1773,17 +983,11 @@ log "[I] hostname=`hostname`"
init_variables
get_distro
check_java_version
-#check_db_version
check_db_connector
setup_unix_user_group
setup_install_files
sanity_check_files
-#check_db_admin_password
-#create_db_user
copy_db_connector
-#import_db
-#upgrade_db
-#create_audit_db_user
check_python_command
run_dba_steps
if [ "$?" == "0" ]
@@ -1800,7 +1004,6 @@ else
log "[E] DB schema setup failed! Please contact Administrator."
exit 1
fi
-#execute_java_patches
$PYTHON_COMMAND_INVOKER db_setup.py -javapatch
if [ "$?" == "0" ]
then
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/security-admin/src/bin/ranger_install.py
----------------------------------------------------------------------
diff --git a/security-admin/src/bin/ranger_install.py b/security-admin/src/bin/ranger_install.py
index 294f0da..0cbe43d 100644
--- a/security-admin/src/bin/ranger_install.py
+++ b/security-admin/src/bin/ranger_install.py
@@ -43,6 +43,8 @@ conf_dict={}
def log(msg,type):
if type == 'info':
logging.info(" %s",msg)
+ if type == 'error':
+ logging.error(" %s",msg)
if type == 'debug':
logging.debug(" %s",msg)
if type == 'warning':
@@ -50,21 +52,16 @@ def log(msg,type):
if type == 'exception':
logging.exception(" %s",msg)
-#def check_mysql_connector():
-# global MYSQL_CONNECTOR_JAR
-# ### From properties file
-# MYSQL_CONNECTOR_JAR = os.getenv("MYSQL_CONNECTOR_JAR")
-# debugMsg = "Checking MYSQL CONNECTOR FILE : " + MYSQL_CONNECTOR_JAR
-# log(debugMsg, 'debug')
-# log( "Checking MYSQL CONNECTOR FILE : " + MYSQL_CONNECTOR_JAR, "debug")
-# ### From properties file
-# if os.path.isfile(MYSQL_CONNECTOR_JAR):
-# log(" MYSQL CONNECTOR FILE :" + MYSQL_CONNECTOR_JAR + "file found",'info')
-# else:
-# log(" MYSQL CONNECTOR FILE : "+MYSQL_CONNECTOR_JAR+" file does not exist",'info')
-#pass
-
-
+def password_validation(password, userType):
+ if password:
+ if re.search("[\\\`'\"]",password):
+ log("[E] "+userType+" user password contains one of the unsupported special characters like \" ' \ `","error")
+ sys.exit(1)
+ else:
+ log("[I] "+userType+" user password validated","info")
+ else:
+ log("[E] Blank password is not allowed,please enter valid password.","error")
+ sys.exit(1)
def resolve_sym_link(path):
path = os.path.realpath(path)
@@ -738,70 +735,78 @@ def update_properties():
log("SQL_HOST is : " + MYSQL_HOST,"debug")
if RANGER_DB_FLAVOR == "MYSQL":
- propertyName="ranger.jpa.jdbc.url"
- newPropertyValue="jdbc:log4jdbc:mysql://%s:%s/%s" %(MYSQL_HOST ,RANGER_ADMIN_DB_PORT, db_name)
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+ propertyName="ranger.jpa.jdbc.url"
+ newPropertyValue="jdbc:log4jdbc:mysql://%s:%s/%s" %(MYSQL_HOST ,RANGER_ADMIN_DB_PORT, db_name)
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.jpa.jdbc.user"
+ newPropertyValue=db_user
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
- propertyName="ranger.jpa.jdbc.user"
- newPropertyValue=db_user
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+ propertyName="ranger.jpa.audit.jdbc.user"
+ newPropertyValue=audit_db_user
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.jpa.audit.jdbc.url"
+ newPropertyValue="jdbc:log4jdbc:mysql://%s:%s/%s" %(MYSQL_HOST, RANGER_AUDIT_DB_PORT, audit_db_name)
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.jpa.jdbc.dialect"
+ newPropertyValue="org.eclipse.persistence.platform.database.MySQLPlatform"
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
+
+ propertyName="ranger.jpa.audit.jdbc.dialect"
+ newPropertyValue="org.eclipse.persistence.platform.database.MySQLPlatform"
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
+
+ propertyName="ranger.jpa.jdbc.driver"
+ newPropertyValue="net.sf.log4jdbc.DriverSpy"
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.jpa.audit.jdbc.driver"
+ newPropertyValue="net.sf.log4jdbc.DriverSpy"
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
- propertyName="ranger.jpa.audit.jdbc.user"
- newPropertyValue=audit_db_user
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-
- propertyName="ranger.jpa.audit.jdbc.url"
- newPropertyValue="jdbc:log4jdbc:mysql://%s:%s/%s" %(MYSQL_HOST, RANGER_AUDIT_DB_PORT, audit_db_name)
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-
- propertyName="ranger.jpa.jdbc.dialect"
- newPropertyValue="org.eclipse.persistence.platform.database.MySQLPlatform"
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
-
- propertyName="ranger.jpa.audit.jdbc.dialect"
- newPropertyValue="org.eclipse.persistence.platform.database.MySQLPlatform"
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
-
- propertyName="ranger.jpa.jdbc.driver"
- newPropertyValue="net.sf.log4jdbc.DriverSpy"
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-
- propertyName="ranger.jpa.audit.jdbc.driver"
- newPropertyValue="net.sf.log4jdbc.DriverSpy"
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-
elif RANGER_DB_FLAVOR == "ORACLE":
- propertyName="ranger.jpa.jdbc.url"
- newPropertyValue="jdbc:oracle:thin:@%s" %(MYSQL_HOST)
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-
- propertyName="ranger.jpa.jdbc.user"
- newPropertyValue=db_user
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-
- propertyName="ranger.jpa.audit.jdbc.user"
- newPropertyValue=audit_db_user
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-
- propertyName="ranger.jpa.audit.jdbc.url"
- newPropertyValue="jdbc:oracle:thin:@%s" %(MYSQL_HOST)
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-
- propertyName="ranger.jpa.jdbc.dialect"
- newPropertyValue="org.eclipse.persistence.platform.database.OraclePlatform"
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
-
- propertyName="ranger.jpa.audit.jdbc.dialect"
- newPropertyValue="org.eclipse.persistence.platform.database.OraclePlatform"
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
-
- propertyName="ranger.jpa.jdbc.driver"
- newPropertyValue="oracle.jdbc.OracleDriver"
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
-
- propertyName="ranger.jpa.audit.jdbc.driver"
- newPropertyValue="oracle.jdbc.OracleDriver"
- updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+ propertyName="ranger.jpa.jdbc.url"
+ #if MYSQL_HOST.count(":") == 2:
+ if MYSQL_HOST.count(":") == 2 or MYSQL_HOST.count(":") == 0:
+ #jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL
+ cstring="jdbc:oracle:thin:@%s" %(MYSQL_HOST)
+ else:
+ #jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE
+ cstring="jdbc:oracle:thin:@//%s" %(MYSQL_HOST)
+
+ newPropertyValue=cstring
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.jpa.jdbc.user"
+ newPropertyValue=db_user
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.jpa.audit.jdbc.user"
+ newPropertyValue=audit_db_user
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.jpa.audit.jdbc.url"
+ newPropertyValue=cstring
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.jpa.jdbc.dialect"
+ newPropertyValue="org.eclipse.persistence.platform.database.OraclePlatform"
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
+
+ propertyName="ranger.jpa.audit.jdbc.dialect"
+ newPropertyValue="org.eclipse.persistence.platform.database.OraclePlatform"
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default)
+
+ propertyName="ranger.jpa.jdbc.driver"
+ newPropertyValue="oracle.jdbc.OracleDriver"
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
+
+ propertyName="ranger.jpa.audit.jdbc.driver"
+ newPropertyValue="oracle.jdbc.OracleDriver"
+ updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
elif RANGER_DB_FLAVOR == "POSTGRES":
propertyName="ranger.jpa.jdbc.url"
@@ -905,6 +910,9 @@ def update_properties():
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
if os.getenv("RANGER_AUTHENTICATION_METHOD") == "LDAP":
+
+ password_validation(os.getenv("RANGER_LDAP_BIND_PASSWORD"), "LDAP_BIND")
+
propertyName="ranger.authentication.method"
newPropertyValue=os.getenv("RANGER_AUTHENTICATION_METHOD")
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
@@ -950,6 +958,9 @@ def update_properties():
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
elif os.getenv("RANGER_AUTHENTICATION_METHOD") == "ACTIVE_DIRECTORY":
+
+ password_validation(os.getenv("RANGER_LDAP_AD_BIND_PASSWORD"), "AD_BIND")
+
propertyName="ranger.authentication.method"
newPropertyValue=os.getenv("RANGER_AUTHENTICATION_METHOD")
updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 572323f..2d43379 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -175,7 +175,12 @@ public class XUserMgr extends XUserMgrBase {
}
public VXUser getXUserByUserName(String userName) {
- return xUserService.getXUserByUserName(userName);
+ VXUser vXUser=null;
+ vXUser=xUserService.getXUserByUserName(userName);
+ if(vXUser!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){
+ vXUser=getMaskedVXUser(vXUser);
+ }
+ return vXUser;
}
public VXUser createXUser(VXUser vXUser) {
@@ -533,8 +538,12 @@ public class XUserMgr extends XUserMgrBase {
}
public VXUser getXUser(Long id) {
- return xUserService.readResourceWithOutLogin(id);
-
+ VXUser vXUser=null;
+ vXUser=xUserService.readResourceWithOutLogin(id);
+ if(vXUser!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){
+ vXUser=getMaskedVXUser(vXUser);
+ }
+ return vXUser;
}
public VXGroupUser getXGroupUser(Long id) {
@@ -543,8 +552,12 @@ public class XUserMgr extends XUserMgrBase {
}
public VXGroup getXGroup(Long id) {
- return xGroupService.readResourceWithOutLogin(id);
-
+ VXGroup vXGroup=null;
+ vXGroup=xGroupService.readResourceWithOutLogin(id);
+ if(vXGroup!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){
+ vXGroup=getMaskedVXGroup(vXGroup);
+ }
+ return vXGroup;
}
/**
@@ -1305,4 +1318,94 @@ public class XUserMgr extends XUserMgrBase {
return vXStringList;
}
+ public boolean hasAccess(String loginID) {
+ UserSessionBase session = ContextUtil.getCurrentUserSession();
+ if (session != null) {
+ if(session.isUserAdmin() || session.getLoginId().equalsIgnoreCase(loginID)){
+ return true;
+ }
+ }
+ return false;
+ }
+
+ public VXUser getMaskedVXUser(VXUser vXUser) {
+ if(vXUser!=null){
+ if(vXUser.getGroupIdList()!=null && vXUser.getGroupIdList().size()>0){
+ vXUser.setGroupIdList(new ArrayList<Long>());
+ }
+ if(vXUser.getGroupNameList()!=null && vXUser.getGroupNameList().size()>0){
+ vXUser.setGroupNameList(getMaskedCollection(vXUser.getGroupNameList()));
+ }
+ if(vXUser.getUserRoleList()!=null && vXUser.getUserRoleList().size()>0){
+ vXUser.setUserRoleList(getMaskedCollection(vXUser.getUserRoleList()));
+ }
+ vXUser.setUpdatedBy(AppConstants.Masked_String);
+ }
+ return vXUser;
+ }
+
+ public VXGroup getMaskedVXGroup(VXGroup vXGroup) {
+ if(vXGroup!=null){
+ vXGroup.setUpdatedBy(AppConstants.Masked_String);
+ }
+ return vXGroup;
+ }
+
+ @Override
+ public VXUserList searchXUsers(SearchCriteria searchCriteria) {
+ VXUserList vXUserList = new VXUserList();
+ vXUserList=xUserService.searchXUsers(searchCriteria);
+ if(vXUserList!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){
+ List<VXUser> vXUsers = new ArrayList<VXUser>();
+ if(vXUserList!=null && vXUserList.getListSize()>0){
+ for(VXUser vXUser:vXUserList.getList()){
+ vXUser=getMaskedVXUser(vXUser);
+ vXUsers.add(vXUser);
+ }
+ vXUserList.setVXUsers(vXUsers);
+ }
+ }
+ return vXUserList;
+ }
+
+ @Override
+ public VXGroupList searchXGroups(SearchCriteria searchCriteria) {
+ VXGroupList vXGroupList=null;
+ vXGroupList=xGroupService.searchXGroups(searchCriteria);
+ if(vXGroupList!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){
+ if(vXGroupList!=null && vXGroupList.getListSize()>0){
+ List<VXGroup> listMasked=new ArrayList<VXGroup>();
+ for(VXGroup vXGroup:vXGroupList.getList()){
+ vXGroup=getMaskedVXGroup(vXGroup);
+ listMasked.add(vXGroup);
+ }
+ vXGroupList.setVXGroups(listMasked);
+ }
+ }
+ return vXGroupList;
+ }
+
+ public Collection<String> getMaskedCollection(Collection<String> listunMasked){
+ List<String> listMasked=new ArrayList<String>();
+ if(listunMasked!=null && listunMasked.size()>0){
+ for(String content:listunMasked){
+ listMasked.add(AppConstants.Masked_String);
+ }
+ }
+ return listMasked;
+ }
+
+ public boolean hasAccessToModule(String moduleName){
+ UserSessionBase userSession = ContextUtil.getCurrentUserSession();
+ if (userSession != null && userSession.getLoginId()!=null){
+ VXUser vxUser = xUserService.getXUserByUserName(userSession.getLoginId());
+ if(vxUser!=null){
+ List<String> permissionList = daoManager.getXXModuleDef().findAccessibleModulesByUserId(userSession.getUserId(), vxUser.getId());
+ if(permissionList!=null && permissionList.contains(moduleName)){
+ return true;
+ }
+ }
+ }
+ return false;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
index 488ba8f..e47d10b 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
@@ -595,6 +595,7 @@ public class AppConstants extends RangerCommonEnums {
public static final int HIST_OBJ_STATUS_DELETED = 3;
public static final int MAX_HIST_OBJ_STATUS = 3;
+ public static final String Masked_String = "*****";
static public String getLabelFor_AssetType( int elementValue ) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
index abf4db4..40b08c4 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
@@ -505,6 +505,10 @@ public class RangerAuthenticationProvider implements AuthenticationProvider {
final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths);
authentication= authenticator.authenticate(finalAuthentication);
return authentication;
+ }else{
+ if(authentication!=null&&!authentication.isAuthenticated()){
+ throw new BadCredentialsException("Bad credentials");
+ }
}
} catch (BadCredentialsException e) {
throw e;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js b/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js
index 3d33d86..c226d63 100644
--- a/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js
+++ b/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js
@@ -33,18 +33,19 @@ if (!Array.indexOf) {
function doLogin() {
- if ($("#username").val() === '' || $('#password').val() === '') {
+ var userName = $('#username').val().trim();
+ var passwd = $('#password').val().trim();
+
+ if (userName === '' || passwd === '') {
$('#errorBox').show();
$('#signInLoading').hide();
$('#signIn').removeAttr('disabled');
$('#errorBox .errorMsg').text("The username or password you entered is incorrect..");
return false;
}
- var userName = $('#username').val().trim();
- var passwd = $('#password').val().trim();
var regexEmail = /^([a-zA-Z0-9_\.\-\+])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/;
- var regexPlain = /^([a-zA-Z0-9_\.\-\+])+$/;
+ var regexPlain = /^([a-zA-Z0-9_\.\-\+ ])+$/;
if(!regexPlain.test(userName)){
if(!regexEmail.test(userName)){
$('#errorBox').show();
@@ -63,8 +64,8 @@ function doLogin() {
$.ajax({
data : {
- j_username : userName,
- j_password : passwd
+ j_username : $('#username').val(),
+ j_password : $('#password').val()
},
url : url,
type : 'POST',
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/storm-agent/scripts/install.sh
----------------------------------------------------------------------
diff --git a/storm-agent/scripts/install.sh b/storm-agent/scripts/install.sh
index ab57bb9..955ceb5 100644
--- a/storm-agent/scripts/install.sh
+++ b/storm-agent/scripts/install.sh
@@ -228,7 +228,15 @@ if [ "${DB_FLAVOR}" == "ORACLE" ]
then
audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'`
propertyName=XAAUDIT.DB.JDBC_URL
- newPropertyValue="jdbc:oracle:thin:\@//${audit_db_hostname}"
+ count=$(grep -o ":" <<< "$audit_db_hostname" | wc -l)
+ #if [[ ${count} -eq 2 ]] ; then
+ if [ ${count} -eq 2 ] || [ ${count} -eq 0 ]; then
+ #jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL
+ newPropertyValue="jdbc:oracle:thin:@${audit_db_hostname}"
+ else
+ #jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE
+ newPropertyValue="jdbc:oracle:thin:@//${audit_db_hostname}"
+ fi
updatePropertyToFile $propertyName $newPropertyValue $to_file
propertyName=XAAUDIT.DB.JDBC_DRIVER