You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ga...@apache.org on 2015/10/26 10:18:37 UTC
ambari git commit: AMBARI-13538. Allow special characters in
passwords for Ranger
Repository: ambari
Updated Branches:
refs/heads/trunk 16a457543 -> a9546afca
AMBARI-13538. Allow special characters in passwords for Ranger
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/a9546afc
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/a9546afc
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/a9546afc
Branch: refs/heads/trunk
Commit: a9546afcab20f8419c0fb26e2ae8ad43b3bcb3a6
Parents: 16a4575
Author: Gautam Borad <ga...@apache.org>
Authored: Mon Oct 26 10:35:08 2015 +0530
Committer: Gautam Borad <ga...@apache.com>
Committed: Mon Oct 26 14:48:26 2015 +0530
----------------------------------------------------------------------
.../RANGER/0.4.0/package/scripts/params.py | 3 ++-
.../RANGER/0.4.0/package/scripts/setup_ranger_xml.py | 12 ++++++++++++
2 files changed, 14 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9546afc/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
index 3900196..ec1e3da 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/params.py
@@ -177,4 +177,5 @@ ranger_ug_ldap_url = config["configurations"]["ranger-ugsync-site"]["ranger.user
ranger_ug_ldap_bind_dn = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.binddn"]
ranger_ug_ldap_user_searchfilter = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.ldap.user.searchfilter"]
ranger_ug_ldap_group_searchbase = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.group.searchbase"]
-ranger_ug_ldap_group_searchfilter = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.group.searchfilter"]
\ No newline at end of file
+ranger_ug_ldap_group_searchfilter = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.group.searchfilter"]
+ug_sync_source = config["configurations"]["ranger-ugsync-site"]["ranger.usersync.source.impl.class"]
http://git-wip-us.apache.org/repos/asf/ambari/blob/a9546afc/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
index b682c4f..d4b9a86 100644
--- a/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
+++ b/ambari-server/src/main/resources/common-services/RANGER/0.4.0/package/scripts/setup_ranger_xml.py
@@ -18,6 +18,7 @@ limitations under the License.
"""
import os
+import re
from resource_management.core.logger import Logger
from resource_management.core.resources.system import File, Directory, Execute
from resource_management.core.source import DownloadSource, InlineTemplate
@@ -270,6 +271,14 @@ def do_keystore_setup(rolling_upgrade=False):
mode = 0640
)
+def password_validation(password):
+ import params
+ if password.strip() == "":
+ raise Fail("Blank password is not allowed for Bind user. Please enter valid password.")
+ if re.search("[\\\`'\"]",password):
+ raise Fail("LDAP/AD bind password contains one of the unsupported special characters like \" ' \ `")
+ else:
+ Logger.info("password validated")
def setup_usersync(rolling_upgrade=False):
import params
@@ -277,6 +286,9 @@ def setup_usersync(rolling_upgrade=False):
usersync_home = params.usersync_home
ranger_ugsync_conf = params.ranger_ugsync_conf
+ if not is_empty(params.ranger_usersync_ldap_ldapbindpassword) and params.ug_sync_source == 'org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder':
+ password_validation(params.ranger_usersync_ldap_ldapbindpassword)
+
if rolling_upgrade:
usersync_home = format("/usr/hdp/{version}/ranger-usersync")
ranger_ugsync_conf = format("/usr/hdp/{version}/ranger-usersync/conf")