You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ranger.apache.org by sn...@apache.org on 2014/11/06 00:30:09 UTC

[1/2] git commit: ARGUS-158 - SSL service disables SSLv3 protocol

Repository: incubator-argus
Updated Branches:
  refs/heads/ranger-0.4 2f8287b4c -> 548fac2a5


ARGUS-158 - SSL service disables SSLv3 protocol


Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/558270ef
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/558270ef
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/558270ef

Branch: refs/heads/ranger-0.4
Commit: 558270ef2f9cbf4ae2b64bcd7e4896d80ac8bdf9
Parents: 37c62a8
Author: sneethiraj <sn...@apache.org>
Authored: Wed Nov 5 17:52:54 2014 -0500
Committer: sneethiraj <sn...@apache.org>
Committed: Wed Nov 5 17:52:54 2014 -0500

----------------------------------------------------------------------
 .../xasecure/server/tomcat/EmbededServer.java   |  4 ++++
 .../UnixAuthenticationService.java              | 25 +++++++++++++++++++-
 2 files changed, 28 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/558270ef/embededwebserver/src/main/java/com/xasecure/server/tomcat/EmbededServer.java
----------------------------------------------------------------------
diff --git a/embededwebserver/src/main/java/com/xasecure/server/tomcat/EmbededServer.java b/embededwebserver/src/main/java/com/xasecure/server/tomcat/EmbededServer.java
index 7adc1aa..fd014e7 100644
--- a/embededwebserver/src/main/java/com/xasecure/server/tomcat/EmbededServer.java
+++ b/embededwebserver/src/main/java/com/xasecure/server/tomcat/EmbededServer.java
@@ -111,6 +111,10 @@ public class EmbededServer {
 			ssl.setAttribute("keyAlias", getConfig("https.attrib.keyAlias") ) ;
 			ssl.setAttribute("keystorePass", getConfig("https.attrib.keystorePass"));
 			ssl.setAttribute("keystoreFile",  getConfig("https.attrib.keystoreFile")) ;
+			
+			String enabledProtocols = "TLSv1, TLSv1.1, TLSv1.2" ;
+			ssl.setAttribute("sslEnabledProtocols", enabledProtocols ) ;
+			
 			server.getService().addConnector(ssl); 
 		}
 

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/558270ef/unixauthservice/src/main/java/com/xasecure/authentication/UnixAuthenticationService.java
----------------------------------------------------------------------
diff --git a/unixauthservice/src/main/java/com/xasecure/authentication/UnixAuthenticationService.java b/unixauthservice/src/main/java/com/xasecure/authentication/UnixAuthenticationService.java
index 107ba40..bd9eac2 100644
--- a/unixauthservice/src/main/java/com/xasecure/authentication/UnixAuthenticationService.java
+++ b/unixauthservice/src/main/java/com/xasecure/authentication/UnixAuthenticationService.java
@@ -28,12 +28,15 @@ import java.net.Socket;
 import java.security.KeyStore;
 import java.security.SecureRandom;
 import java.util.ArrayList;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Properties;
+import java.util.Set;
 
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLServerSocket;
 import javax.net.ssl.SSLServerSocketFactory;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
@@ -48,7 +51,7 @@ public class UnixAuthenticationService {
 	
 	private static final String serviceName = "UnixAuthenticationService" ;
 	
-	private static final String SSL_ALGORITHM = "SSLv3" ;
+	private static final String SSL_ALGORITHM = "TLS" ;
 	private static final String REMOTE_LOGIN_AUTH_SERVICE_PORT_PARAM = "authServicePort" ;
 	private static final String SSL_KEYSTORE_PATH_PARAM = "keyStore" ;
 	private static final String SSL_KEYSTORE_PATH_PASSWORD_PARAM = "keyStorePassword" ;
@@ -216,6 +219,26 @@ public class UnixAuthenticationService {
 		SSLServerSocketFactory sf = context.getServerSocketFactory() ; 
 
 		ServerSocket socket = (SSLEnabled ? sf.createServerSocket(portNum) :  new ServerSocket(portNum) ) ;
+		
+		if (SSLEnabled) {
+			SSLServerSocket secureSocket = (SSLServerSocket) socket ;
+			String[] protocols = secureSocket.getEnabledProtocols() ;
+			Set<String> allowedProtocols = new HashSet<String>() ;
+			for(String ep : protocols) {
+				if (! ep.toUpperCase().startsWith("SSLV3")) {
+					LOG.info("Enabling Protocol: [" + ep + "]");
+					allowedProtocols.add(ep) ;
+				}
+				else {
+					LOG.info("Disabling Protocol: [" + ep + "]");
+				}
+			}
+			
+			if (!allowedProtocols.isEmpty()) {
+				secureSocket.setEnabledProtocols(allowedProtocols.toArray(new String[0]));
+			}
+		}
+		
 				
 		Socket client = null ;

[2/2] git commit: Merge branch 'ranger-0.4' of https://git-wip-us.apache.org/repos/asf/incubator-argus into ranger-0.4

Posted by sn...@apache.org.

Merge branch 'ranger-0.4' of https://git-wip-us.apache.org/repos/asf/incubator-argus into ranger-0.4


Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/548fac2a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/548fac2a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/548fac2a

Branch: refs/heads/ranger-0.4
Commit: 548fac2a5cb04754f2edb56397fafe550578dd21
Parents: 558270e 2f8287b
Author: sneethiraj <sn...@apache.org>
Authored: Wed Nov 5 18:29:50 2014 -0500
Committer: sneethiraj <sn...@apache.org>
Committed: Wed Nov 5 18:29:50 2014 -0500

----------------------------------------------------------------------
 .../xasecure/ldapusersync/process/LdapUserGroupBuilder.java    | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)
----------------------------------------------------------------------