You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/10/27 02:08:50 UTC
[32/33] incubator-ranger git commit: RANGER-701 : Update setup
scripts to allow special characters in passwords
RANGER-701 : Update setup scripts to allow special characters in passwords
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/bc4ee643
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/bc4ee643
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/bc4ee643
Branch: refs/heads/tag-policy
Commit: bc4ee643b6c73d2c357a26383767094f1f2bc3ea
Parents: 66b7788
Author: Gautam Borad <ga...@apache.org>
Authored: Mon Oct 26 13:46:42 2015 +0530
Committer: Gautam Borad <ga...@apache.com>
Committed: Mon Oct 26 15:00:53 2015 +0530
----------------------------------------------------------------------
kms/scripts/db_setup.py | 14 +-
kms/scripts/dba_script.py | 23 ++-
kms/scripts/setup.sh | 158 +++++++++++-----
security-admin/scripts/db_setup.py | 16 +-
security-admin/scripts/dba_script.py | 28 ++-
security-admin/scripts/set_globals.sh | 26 ++-
security-admin/scripts/setup.sh | 180 ++++++++++++++-----
.../org/apache/ranger/common/RESTErrorUtil.java | 26 +++
.../service/AbstractBaseResourceService.java | 5 +-
.../views/permissions/ModulePermissionCreate.js | 1 -
.../webapp/scripts/views/users/GroupCreate.js | 3 +-
.../webapp/scripts/views/users/UserCreate.js | 2 -
unixauthservice/scripts/set_globals.sh | 27 ++-
unixauthservice/scripts/setup.py | 54 +++---
14 files changed, 417 insertions(+), 146 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bc4ee643/kms/scripts/db_setup.py
----------------------------------------------------------------------
diff --git a/kms/scripts/db_setup.py b/kms/scripts/db_setup.py
old mode 100755
new mode 100644
index 5e2f950..bdac333
--- a/kms/scripts/db_setup.py
+++ b/kms/scripts/db_setup.py
@@ -100,9 +100,9 @@ class MysqlConf(BaseDB):
path = RANGER_KMS_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,path,self.host,db_name,user,password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u '%s' -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,path,self.host,db_name,user,password)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
+ jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
return jisql_cmd
def check_connection(self, db_name, db_user, db_password):
@@ -327,9 +327,9 @@ class SqlServerConf(BaseDB):
path = RANGER_KMS_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, user, password, self.host,db_name)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password '%s' -driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, user, password, self.host,db_name)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
+ jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password '%s' -driver mssql -cstring jdbc:sqlserver://%s;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
return jisql_cmd
def check_connection(self, db_name, db_user, db_password):
@@ -392,9 +392,9 @@ class SqlAnywhereConf(BaseDB):
path = RANGER_KMS_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password,db_name,self.host)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password,db_name,self.host)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password,db_name,self.host)
+ jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password,db_name,self.host)
return jisql_cmd
def check_connection(self, db_name, db_user, db_password):
@@ -527,6 +527,8 @@ def main(argv):
xa_db_core_file = os.path.join(RANGER_KMS_HOME ,oracle_core_file)
elif XA_DB_FLAVOR == "POSTGRES":
+ db_user=db_user.lower()
+ db_name=db_name.lower()
POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
xa_sqlObj = PostgresConf(xa_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN)
xa_db_core_file = os.path.join(RANGER_KMS_HOME , postgres_core_file)
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bc4ee643/kms/scripts/dba_script.py
----------------------------------------------------------------------
diff --git a/kms/scripts/dba_script.py b/kms/scripts/dba_script.py
index 950b8c3..d1da5d1 100755
--- a/kms/scripts/dba_script.py
+++ b/kms/scripts/dba_script.py
@@ -94,6 +94,17 @@ def logFile(msg):
print("Invalid input! Provide file path to write DBA scripts:")
sys.exit()
+def password_validation(password, userType):
+ if password:
+ if re.search("[\\\`'\"]",password):
+ log("[E] "+userType+" user password contains one of the unsupported special characters like \" ' \ `","error")
+ sys.exit(1)
+ else:
+ log("[I] "+userType+" user password validated","info")
+ else:
+ log("[E] Blank password is not allowed,please enter valid password.","error")
+ sys.exit(1)
+
class BaseDB(object):
def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password,dryMode):
@@ -866,9 +877,9 @@ class SqlAnywhereConf(BaseDB):
path = RANGER_KMS_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password,db_name,self.host)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password,db_name,self.host)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password,db_name,self.host)
+ jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password,db_name,self.host)
return jisql_cmd
def verify_user(self, root_user, db_root_password, db_user,dryMode):
if dryMode == False:
@@ -1036,6 +1047,10 @@ def main(argv):
dryMode=False
is_revoke=False
+ if len(argv) == 3:
+ password_validation(argv[1],argv[2]);
+ return;
+
if len(argv) > 1:
for i in range(len(argv)):
if str(argv[i]) == "-q":
@@ -1200,6 +1215,8 @@ def main(argv):
xa_db_core_file = os.path.join(RANGER_KMS_HOME,oracle_core_file)
elif XA_DB_FLAVOR == "POSTGRES":
+ db_user=db_user.lower()
+ db_name=db_name.lower()
POSTGRES_CONNECTOR_JAR=CONNECTOR_JAR
xa_sqlObj = PostgresConf(xa_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN)
xa_db_core_file = os.path.join(RANGER_KMS_HOME,postgres_core_file)
@@ -1222,6 +1239,8 @@ def main(argv):
log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error")
sys.exit(1)
+ log("[I] ---------- Verifing Ranger KMS db user password ---------- ","info")
+ password_validation(db_password,"KMS");
# Methods Begin
if DBA_MODE == "TRUE" :
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bc4ee643/kms/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/kms/scripts/setup.sh b/kms/scripts/setup.sh
index 96bf6a0..94b6e23 100755
--- a/kms/scripts/setup.sh
+++ b/kms/scripts/setup.sh
@@ -31,10 +31,6 @@ then
exit 1;
fi
-eval `grep -v '^XAAUDIT.' ${PROPFILE} | grep -v '^$' | grep -v '^#'`
-
-DB_HOST="${db_host}"
-
usage() {
[ "$*" ] && echo "$0: $*"
sed -n '/^##/,/^$/s/^## \{0,1\}//p' "$0"
@@ -46,6 +42,50 @@ log() {
echo "${prefix} $@" >> $LOGFILE
echo "${prefix} $@"
}
+#eval `grep -v '^XAAUDIT.' ${PROPFILE} | grep -v '^$' | grep -v '^#'`
+get_prop(){
+ validateProperty=$(sed '/^\#/d' $2 | grep "^$1\s*=" | tail -n 1) # for validation
+ if test -z "$validateProperty" ; then log "[E] '$1' not found in $2 file while getting....!!"; exit 1; fi
+ value=$(echo $validateProperty | cut -d "=" -f2-)
+ echo $value
+}
+
+PYTHON_COMMAND_INVOKER=$(get_prop 'PYTHON_COMMAND_INVOKER' $PROPFILE)
+DB_FLAVOR=$(get_prop 'DB_FLAVOR' $PROPFILE)
+SQL_COMMAND_INVOKER=$(get_prop 'SQL_COMMAND_INVOKER' $PROPFILE)
+SQL_CONNECTOR_JAR=$(get_prop 'SQL_CONNECTOR_JAR' $PROPFILE)
+db_root_user=$(get_prop 'db_root_user' $PROPFILE)
+db_root_password=$(get_prop 'db_root_password' $PROPFILE)
+db_host=$(get_prop 'db_host' $PROPFILE)
+db_name=$(get_prop 'db_name' $PROPFILE)
+db_user=$(get_prop 'db_user' $PROPFILE)
+db_password=$(get_prop 'db_password' $PROPFILE)
+KMS_MASTER_KEY_PASSWD=$(get_prop 'KMS_MASTER_KEY_PASSWD' $PROPFILE)
+unix_user=$(get_prop 'unix_user' $PROPFILE)
+unix_group=$(get_prop 'unix_group' $PROPFILE)
+POLICY_MGR_URL=$(get_prop 'POLICY_MGR_URL' $PROPFILE)
+REPOSITORY_NAME=$(get_prop 'REPOSITORY_NAME' $PROPFILE)
+SSL_KEYSTORE_FILE_PATH=$(get_prop 'SSL_KEYSTORE_FILE_PATH' $PROPFILE)
+SSL_KEYSTORE_PASSWORD=$(get_prop 'SSL_KEYSTORE_PASSWORD' $PROPFILE)
+SSL_TRUSTSTORE_FILE_PATH=$(get_prop 'SSL_TRUSTSTORE_FILE_PATH' $PROPFILE)
+SSL_TRUSTSTORE_PASSWORD=$(get_prop 'SSL_TRUSTSTORE_PASSWORD' $PROPFILE)
+KMS_DIR=$(eval echo "$(get_prop 'KMS_DIR' $PROPFILE)")
+app_home=$(eval echo "$(get_prop 'app_home' $PROPFILE)")
+TMPFILE=$(eval echo "$(get_prop 'TMPFILE' $PROPFILE)")
+LOGFILE=$(eval echo "$(get_prop 'LOGFILE' $PROPFILE)")
+LOGFILES=$(eval echo "$(get_prop 'LOGFILES' $PROPFILE)")
+JAVA_BIN=$(get_prop 'JAVA_BIN' $PROPFILE)
+JAVA_VERSION_REQUIRED=$(get_prop 'JAVA_VERSION_REQUIRED' $PROPFILE)
+JAVA_ORACLE=$(get_prop 'JAVA_ORACLE' $PROPFILE)
+mysql_core_file=$(get_prop 'mysql_core_file' $PROPFILE)
+oracle_core_file=$(get_prop 'oracle_core_file' $PROPFILE)
+postgres_core_file=$(get_prop 'postgres_core_file' $PROPFILE)
+sqlserver_core_file=$(get_prop 'sqlserver_core_file' $PROPFILE)
+sqlanywhere_core_file=$(get_prop 'sqlanywhere_core_file' $PROPFILE)
+cred_keystore_filename=$(eval echo "$(get_prop 'cred_keystore_filename' $PROPFILE)")
+KMS_BLACKLIST_DECRYPT_EEK=$(get_prop 'KMS_BLACKLIST_DECRYPT_EEK' $PROPFILE)
+
+DB_HOST="${db_host}"
check_ret_status(){
if [ $1 -ne 0 ]; then
@@ -82,29 +122,25 @@ get_distro(){
#Get Properties from File without erroring out if property is not there
#$1 -> propertyName $2 -> fileName $3 -> variableName $4 -> failIfNotFound
getPropertyFromFileNoExit(){
- validateProperty=$(sed '/^\#/d' $2 | grep "^$1" | tail -n 1) # for validation
+ validateProperty=$(sed '/^\#/d' $2 | grep "^$1\s*=" | tail -n 1) # for validation
if test -z "$validateProperty" ; then
- log "[E] '$1' not found in $2 file while getting....!!";
- if [ $4 == "true" ] ; then
- exit 1;
- else
- value=""
- fi
- else
- value=`sed '/^\#/d' $2 | grep "^$1" | tail -n 1 | cut -d "=" -f2-`
- fi
- #echo 'value:'$value
+ log "[E] '$1' not found in $2 file while getting....!!";
+ if [ $4 == "true" ] ; then
+ exit 1;
+ else
+ value=""
+ fi
+ else
+ value=$(echo $validateProperty | cut -d "=" -f2-)
+ fi
eval $3="'$value'"
}
#Get Properties from File
#$1 -> propertyName $2 -> fileName $3 -> variableName
getPropertyFromFile(){
- validateProperty=$(sed '/^\#/d' $2 | grep "^$1" | tail -n 1) # for validation
+ validateProperty=$(sed '/^\#/d' $2 | grep "^$1\s*=" | tail -n 1) # for validation
if test -z "$validateProperty" ; then log "[E] '$1' not found in $2 file while getting....!!"; exit 1; fi
- value=`sed '/^\#/d' $2 | grep "^$1" | tail -n 1 | cut -d "=" -f2-`
- #echo 'value:'$value
- #validate=$(sed '/^\#/d' $2 | grep "^$1" | tail -n 1 | cut -d "=" -f2-) # for validation
- #if test -z "$validate" ; then log "[E] '$1' not found in $2 file while getting....!!"; exit 1; fi
+ value=$(echo $validateProperty | cut -d "=" -f2-)
eval $3="'$value'"
}
@@ -132,7 +168,21 @@ init_logfiles () {
touch $f
done
}
-
+password_validation() {
+ if [ -z "$1" ]
+ then
+ log "[I] Blank password is not allowed for" $2". Please enter valid password."
+ exit 1
+ else
+ if [[ $1 =~ [\"\'\`\\\] ]]
+ then
+ log "[E]" $2 "password contains one of the unsupported special characters:\" ' \` \\"
+ exit 1
+ else
+ log "[I]" $2 "password validated."
+ fi
+ fi
+}
init_variables(){
curDt=`date '+%Y%m%d%H%M%S'`
@@ -157,11 +207,11 @@ init_variables(){
DB_FLAVOR="MYSQL"
fi
log "[I] DB_FLAVOR=${DB_FLAVOR}"
-
- getPropertyFromFile 'db_root_user' $PROPFILE db_root_user
- getPropertyFromFile 'db_root_password' $PROPFILE db_user
- getPropertyFromFile 'db_user' $PROPFILE db_user
- getPropertyFromFile 'db_password' $PROPFILE db_password
+ password_validation "$KMS_MASTER_KEY_PASSWD" "KMS Master key"
+ #getPropertyFromFile 'db_root_user' $PROPFILE db_root_user
+ #getPropertyFromFile 'db_root_password' $PROPFILE db_user
+ #getPropertyFromFile 'db_user' $PROPFILE db_user
+ #getPropertyFromFile 'db_password' $PROPFILE db_password
#if [ -L ${CONF_FILE} ]
# then
@@ -345,11 +395,6 @@ update_properties() {
log "[E] $to_file does not exists" ; exit 1;
fi
-
- propertyName=ranger.ks.jpa.jdbc.user
- newPropertyValue="${db_user}"
- updatePropertyToFilePy $propertyName $newPropertyValue $to_file
-
if [ "${DB_FLAVOR}" == "MYSQL" ]
then
propertyName=ranger.ks.jpa.jdbc.url
@@ -382,6 +427,9 @@ update_properties() {
fi
if [ "${DB_FLAVOR}" == "POSTGRES" ]
then
+ db_name=`echo ${db_name} | tr '[:upper:]' '[:lower:]'`
+ db_user=`echo ${db_user} | tr '[:upper:]' '[:lower:]'`
+
propertyName=ranger.ks.jpa.jdbc.url
newPropertyValue="jdbc:postgresql://${DB_HOST}/${db_name}"
updatePropertyToFilePy $propertyName $newPropertyValue $to_file
@@ -424,6 +472,10 @@ update_properties() {
newPropertyValue="sap.jdbc4.sqlanywhere.IDriver"
updatePropertyToFilePy $propertyName $newPropertyValue $to_file
fi
+ propertyName=ranger.ks.jpa.jdbc.user
+ newPropertyValue="${db_user}"
+ updatePropertyToFilePy $propertyName $newPropertyValue $to_file
+
keystore="${cred_keystore_filename}"
echo "Starting configuration for XA DB credentials:"
@@ -438,8 +490,10 @@ update_properties() {
then
mkdir -p `dirname "${keystore}"`
- $JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "${DB_CREDENTIAL_ALIAS}" -value "$db_password" -provider jceks://file$keystore
- $JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "${MK_CREDENTIAL_ALIAS}" -value "${KMS_MASTER_KEY_PASSWD}" -provider jceks://file$keystore
+ $PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "${DB_CREDENTIAL_ALIAS}" -v "${db_password}" -c 1
+ $PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "${MK_CREDENTIAL_ALIAS}" -v "${KMS_MASTER_KEY_PASSWD}" -c 1
+ #$JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "${DB_CREDENTIAL_ALIAS}" -value "$db_password" -provider jceks://file$keystore
+ #$JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "${MK_CREDENTIAL_ALIAS}" -value "${KMS_MASTER_KEY_PASSWD}" -provider jceks://file$keystore
propertyName=ranger.ks.jpa.jdbc.credential.alias
newPropertyValue="${DB_CREDENTIAL_ALIAS}"
@@ -524,23 +578,24 @@ setup_install_files(){
if [ ! -d ${WEBAPP_ROOT}/WEB-INF/classes/conf ]; then
log "[I] Copying ${WEBAPP_ROOT}/WEB-INF/classes/conf.dist ${WEBAPP_ROOT}/WEB-INF/classes/conf"
mkdir -p ${WEBAPP_ROOT}/WEB-INF/classes/conf
+ cp ${WEBAPP_ROOT}/WEB-INF/classes/conf.dist/* ${WEBAPP_ROOT}/WEB-INF/classes/conf
fi
- cp ${WEBAPP_ROOT}/WEB-INF/classes/conf.dist/* ${WEBAPP_ROOT}/WEB-INF/classes/conf
+ if [ -d ${WEBAPP_ROOT}/WEB-INF/classes/conf ]; then
chown -R ${unix_user} ${WEBAPP_ROOT}/WEB-INF/classes/conf
chown -R ${unix_user} ${WEBAPP_ROOT}/WEB-INF/classes/conf/
+ fi
if [ ! -d ${WEBAPP_ROOT}/WEB-INF/classes/lib ]; then
log "[I] Creating ${WEBAPP_ROOT}/WEB-INF/classes/lib"
mkdir -p ${WEBAPP_ROOT}/WEB-INF/classes/lib
+ fi
+ if [ -d ${WEBAPP_ROOT}/WEB-INF/classes/lib ]; then
chown -R ${unix_user} ${WEBAPP_ROOT}/WEB-INF/classes/lib
fi
if [ -d /etc/init.d ]; then
log "[I] Setting up init.d"
cp ${INSTALL_DIR}/${RANGER_KMS}-initd /etc/init.d/${RANGER_KMS}
- if [ "${unix_user}" != "kms" ]; then
- sed 's/LINUX_USER=kms/LINUX_USER='${unix_user}'/g' -i /etc/init.d/${RANGER_KMS}
- fi
chmod ug+rx /etc/init.d/${RANGER_KMS}
if [ -d /etc/rc2.d ]
@@ -579,16 +634,20 @@ setup_install_files(){
ln -s /etc/init.d/${RANGER_KMS} $RC_DIR/K90${RANGER_KMS}
fi
fi
+ if [ -f /etc/init.d/${RANGER_KMS} ]; then
+ if [ "${unix_user}" != "" ]; then
+ sed 's/^LINUX_USER=.*$/LINUX_USER='${unix_user}'/g' -i /etc/init.d/${RANGER_KMS}
+ fi
+ fi
if [ ! -d ${KMS_DIR}/ews/logs ]; then
log "[I] ${KMS_DIR}/ews/logs folder"
mkdir -p ${KMS_DIR}/ews/logs
- chown -R ${unix_user} ${KMS_DIR}/ews/logs
fi
-
if [ -d ${KMS_DIR}/ews/logs ]; then
chown -R ${unix_user} ${KMS_DIR}/ews/logs
fi
+
log "[I] Setting up installation files and directory DONE";
if [ ! -f ${INSTALL_DIR}/rpm ]; then
@@ -617,13 +676,17 @@ setup_install_files(){
ln -sf ${INSTALL_DIR}/ranger-kms-initd ${INSTALL_DIR}/ranger-kms-services.sh
chmod ug+rx ${INSTALL_DIR}/ranger-kms-services.sh
fi
-
- if [ ! -d /var/log/ranger/kms ]
- then
+ if [ ! -d /var/log/ranger/kms ]; then
mkdir -p /var/log/ranger/kms
+ if [ -d ews/logs ]; then
+ cp -r ews/logs/* /var/log/ranger/kms
+ fi
+ fi
+ if [ -d /var/log/ranger/kms ]; then
+ chmod 755 /var/log/ranger/kms
+ chown -R $unix_user:$unix_group /var/log/ranger/kms
fi
- chgrp ${unix_group} /var/log/ranger/kms
- chmod g+rwx /var/log/ranger/kms
+
}
init_logfiles
@@ -640,7 +703,12 @@ sanity_check_files
copy_db_connector
check_python_command
run_dba_steps
-$PYTHON_COMMAND_INVOKER db_setup.py
+if [ "$?" == "0" ]
+then
+ $PYTHON_COMMAND_INVOKER db_setup.py
+else
+ exit 1
+fi
if [ "$?" == "0" ]
then
update_properties
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bc4ee643/security-admin/scripts/db_setup.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py
index 1edc628..07a0655 100644
--- a/security-admin/scripts/db_setup.py
+++ b/security-admin/scripts/db_setup.py
@@ -161,9 +161,9 @@ class MysqlConf(BaseDB):
path = RANGER_ADMIN_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,path,self.host,db_name,user,password)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u '%s' -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,path,self.host,db_name,user,password)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
+ jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password)
return jisql_cmd
def check_connection(self, db_name, db_user, db_password):
@@ -939,9 +939,9 @@ class SqlServerConf(BaseDB):
path = RANGER_ADMIN_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password '%s' -driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
+ jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password '%s' -driver mssql -cstring jdbc:sqlserver://%s;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
return jisql_cmd
def check_connection(self, db_name, db_user, db_password):
@@ -1173,9 +1173,9 @@ class SqlAnywhereConf(BaseDB):
path = RANGER_ADMIN_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password,db_name,self.host)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password,db_name,self.host)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password,db_name,self.host)
+ jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password,db_name,self.host)
return jisql_cmd
def check_connection(self, db_name, db_user, db_password):
@@ -1506,6 +1506,8 @@ def main(argv):
audit_patch_file = os.path.join(RANGER_ADMIN_HOME ,oracle_auditdb_patches)
elif XA_DB_FLAVOR == "POSTGRES":
+ db_user=db_user.lower()
+ db_name=db_name.lower()
POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
xa_sqlObj = PostgresConf(xa_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN)
xa_db_version_file = os.path.join(RANGER_ADMIN_HOME , postgres_dbversion_catalog)
@@ -1548,6 +1550,8 @@ def main(argv):
audit_db_file = os.path.join(RANGER_ADMIN_HOME , oracle_audit_file)
elif AUDIT_DB_FLAVOR == "POSTGRES":
+ audit_db_user=audit_db_user.lower()
+ audit_db_name=audit_db_name.lower()
POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
audit_sqlObj = PostgresConf(audit_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN)
audit_db_file = os.path.join(RANGER_ADMIN_HOME , postgres_audit_file)
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bc4ee643/security-admin/scripts/dba_script.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py
index 4fd5593..40a6c49 100644
--- a/security-admin/scripts/dba_script.py
+++ b/security-admin/scripts/dba_script.py
@@ -96,6 +96,17 @@ def logFile(msg):
print("Invalid input! Provide file path to write DBA scripts:")
sys.exit()
+def password_validation(password, userType):
+ if password:
+ if re.search("[\\\`'\"]",password):
+ log("[E] "+userType+" user password contains one of the unsupported special characters like \" ' \ `","error")
+ sys.exit(1)
+ else:
+ log("[I] "+userType+" user password validated","info")
+ else:
+ log("[E] Blank password is not allowed,please enter valid password.","error")
+ sys.exit(1)
+
class BaseDB(object):
def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password,dryMode):
@@ -1085,9 +1096,9 @@ class SqlAnywhereConf(BaseDB):
path = RANGER_ADMIN_HOME
self.JAVA_BIN = self.JAVA_BIN.strip("'")
if os_name == "LINUX":
- jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password,db_name,self.host)
+ jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password,db_name,self.host)
elif os_name == "WINDOWS":
- jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password,db_name,self.host)
+ jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password,db_name,self.host)
return jisql_cmd
def verify_user(self, root_user, db_root_password, db_user,dryMode):
@@ -1270,6 +1281,10 @@ def main(argv):
dryMode=False
is_revoke=False
+ if len(argv) == 3:
+ password_validation(argv[1],argv[2]);
+ return;
+
if len(argv) > 1:
for i in range(len(argv)):
if str(argv[i]) == "-q":
@@ -1503,6 +1518,8 @@ def main(argv):
elif XA_DB_FLAVOR == "POSTGRES":
#POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
#POSTGRES_CONNECTOR_JAR='/usr/share/java/postgresql.jar'
+ db_user=db_user.lower()
+ db_name=db_name.lower()
POSTGRES_CONNECTOR_JAR=CONNECTOR_JAR
xa_sqlObj = PostgresConf(xa_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN)
xa_db_version_file = os.path.join(RANGER_ADMIN_HOME,postgres_dbversion_catalog)
@@ -1553,6 +1570,8 @@ def main(argv):
elif AUDIT_DB_FLAVOR == "POSTGRES":
#POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR']
#POSTGRES_CONNECTOR_JAR='/usr/share/java/postgresql.jar'
+ audit_db_user=audit_db_user.lower()
+ audit_db_name=audit_db_name.lower()
POSTGRES_CONNECTOR_JAR=CONNECTOR_JAR
audit_sqlObj = PostgresConf(audit_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN)
audit_db_file = os.path.join(RANGER_ADMIN_HOME,postgres_audit_file)
@@ -1580,6 +1599,11 @@ def main(argv):
if audit_store is None or audit_store == "":
audit_store = "db"
audit_store=audit_store.lower()
+
+ log("[I] ---------- Verifing Ranger Admin db user password ---------- ","info")
+ password_validation(db_password,"admin");
+ log("[I] ---------- Verifing Ranger Audit db user password ---------- ","info")
+ password_validation(audit_db_password,"audit");
# Methods Begin
if DBA_MODE == "TRUE" :
if (dryMode==True):
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bc4ee643/security-admin/scripts/set_globals.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/set_globals.sh b/security-admin/scripts/set_globals.sh
index 9a4159c..5e985e2 100755
--- a/security-admin/scripts/set_globals.sh
+++ b/security-admin/scripts/set_globals.sh
@@ -21,6 +21,20 @@
#This will also create the ranger linux user and groups if required.
#This script needs to be run as root
+PROPFILE=$PWD/install.properties
+propertyValue=''
+
+if [ ! $? = "0" ];then
+ log "$PROPFILE file not found....!!";
+ exit 1;
+fi
+get_prop(){
+ validateProperty=$(sed '/^\#/d' $2 | grep "^$1\s*=" | tail -n 1) # for validation
+ if test -z "$validateProperty" ; then log "[E] '$1' not found in $2 file while getting....!!"; exit 1; fi
+ value=$(echo $validateProperty | cut -d "=" -f2-)
+ echo $value
+}
+
if [ ! -w /etc/passwd ]; then
echo "ERROR: Please run this script as root"
exit 1
@@ -43,8 +57,8 @@ log() {
}
#Create the ranger users and groups (if needed)
-unix_user=ranger
-unix_group=ranger
+unix_user=$(get_prop 'unix_user' $PROPFILE)
+unix_group=$(get_prop 'unix_group' $PROPFILE)
groupadd ${unix_group}
ret=$?
@@ -88,14 +102,14 @@ if [ ! -d /var/log/ranger/admin ]; then
if [ -d ews/logs ]; then
cp -r ews/logs/* /var/log/ranger/admin
fi
- chmod 755 /var/log/ranger/admin
- chown -R $unix_user:$unix_group /var/log/ranger
fi
if [ -d /var/log/ranger/admin ]; then
- chown -R $unix_user:$unix_group /var/log/ranger/admin
+ chown -R $unix_user:$unix_group /var/log/ranger
+ chown -R $unix_user:$unix_group /var/log/ranger/admin
+ chmod 755 /var/log/ranger
+ chmod 755 /var/log/ranger/admin
fi
-
mv -f ews/logs ews/webapp/logs.$curDt 2> /dev/null
ln -sf /var/log/ranger/admin ews/logs
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bc4ee643/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index cd5d2bf..11b72b4 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -22,14 +22,11 @@
PROPFILE=$PWD/install.properties
propertyValue=''
-. $PROPFILE
+#. $PROPFILE
if [ ! $? = "0" ];then
log "$PROPFILE file not found....!!";
exit 1;
fi
-
-DB_HOST="${db_host}"
-
usage() {
[ "$*" ] && echo "$0: $*"
sed -n '/^##/,/^$/s/^## \{0,1\}//p' "$0"
@@ -41,6 +38,77 @@ log() {
echo "${prefix} $@" >> $LOGFILE
echo "${prefix} $@"
}
+get_prop(){
+ validateProperty=$(sed '/^\#/d' $2 | grep "^$1\s*=" | tail -n 1) # for validation
+ if test -z "$validateProperty" ; then log "[E] '$1' not found in $2 file while getting....!!"; exit 1; fi
+ value=$(echo $validateProperty | cut -d "=" -f2-)
+ echo $value
+}
+
+PYTHON_COMMAND_INVOKER=$(get_prop 'PYTHON_COMMAND_INVOKER' $PROPFILE)
+DB_FLAVOR=$(get_prop 'DB_FLAVOR' $PROPFILE)
+SQL_COMMAND_INVOKER=$(get_prop 'SQL_COMMAND_INVOKER' $PROPFILE)
+SQL_CONNECTOR_JAR=$(get_prop 'SQL_CONNECTOR_JAR' $PROPFILE)
+db_root_user=$(get_prop 'db_root_user' $PROPFILE)
+db_root_password=$(get_prop 'db_root_password' $PROPFILE)
+db_host=$(get_prop 'db_host' $PROPFILE)
+db_name=$(get_prop 'db_name' $PROPFILE)
+db_user=$(get_prop 'db_user' $PROPFILE)
+db_password=$(get_prop 'db_password' $PROPFILE)
+audit_store=$(get_prop 'audit_store' $PROPFILE)
+audit_solr_urls=$(get_prop 'audit_solr_urls' $PROPFILE)
+audit_solr_user=$(get_prop 'audit_solr_user' $PROPFILE)
+audit_solr_password=$(get_prop 'audit_solr_password' $PROPFILE)
+audit_solr_zookeepers=$(get_prop 'audit_solr_zookeepers' $PROPFILE)
+audit_db_name=$(get_prop 'audit_db_name' $PROPFILE)
+audit_db_user=$(get_prop 'audit_db_user' $PROPFILE)
+audit_db_password=$(get_prop 'audit_db_password' $PROPFILE)
+policymgr_external_url=$(get_prop 'policymgr_external_url' $PROPFILE)
+policymgr_http_enabled=$(get_prop 'policymgr_http_enabled' $PROPFILE)
+unix_user=$(get_prop 'unix_user' $PROPFILE)
+unix_group=$(get_prop 'unix_group' $PROPFILE)
+authentication_method=$(get_prop 'authentication_method' $PROPFILE)
+remoteLoginEnabled=$(get_prop 'remoteLoginEnabled' $PROPFILE)
+authServiceHostName=$(get_prop 'authServiceHostName' $PROPFILE)
+authServicePort=$(get_prop 'authServicePort' $PROPFILE)
+xa_ldap_url=$(get_prop 'xa_ldap_url' $PROPFILE)
+xa_ldap_userDNpattern=$(get_prop 'xa_ldap_userDNpattern' $PROPFILE)
+xa_ldap_groupSearchBase=$(get_prop 'xa_ldap_groupSearchBase' $PROPFILE)
+xa_ldap_groupSearchFilter=$(get_prop 'xa_ldap_groupSearchFilter' $PROPFILE)
+xa_ldap_groupRoleAttribute=$(get_prop 'xa_ldap_groupRoleAttribute' $PROPFILE)
+xa_ldap_base_dn=$(get_prop 'xa_ldap_base_dn' $PROPFILE)
+xa_ldap_bind_dn=$(get_prop 'xa_ldap_bind_dn' $PROPFILE)
+xa_ldap_bind_password=$(get_prop 'xa_ldap_bind_password' $PROPFILE)
+xa_ldap_referral=$(get_prop 'xa_ldap_referral' $PROPFILE)
+xa_ldap_userSearchFilter=$(get_prop 'xa_ldap_userSearchFilter' $PROPFILE)
+xa_ldap_ad_domain=$(get_prop 'xa_ldap_ad_domain' $PROPFILE)
+xa_ldap_ad_url=$(get_prop 'xa_ldap_ad_url' $PROPFILE)
+xa_ldap_ad_base_dn=$(get_prop 'xa_ldap_ad_base_dn' $PROPFILE)
+xa_ldap_ad_bind_dn=$(get_prop 'xa_ldap_ad_bind_dn' $PROPFILE)
+xa_ldap_ad_bind_password=$(get_prop 'xa_ldap_ad_bind_password' $PROPFILE)
+xa_ldap_ad_referral=$(get_prop 'xa_ldap_ad_referral' $PROPFILE)
+xa_ldap_ad_userSearchFilter=$(get_prop 'xa_ldap_ad_userSearchFilter' $PROPFILE)
+XAPOLICYMGR_DIR=$(eval echo "$(get_prop 'XAPOLICYMGR_DIR' $PROPFILE)")
+app_home=$(eval echo "$(get_prop 'app_home' $PROPFILE)")
+TMPFILE=$(eval echo "$(get_prop 'TMPFILE' $PROPFILE)")
+LOGFILE=$(eval echo " $(get_prop 'LOGFILE' $PROPFILE)")
+LOGFILES=$(eval echo "$(get_prop 'LOGFILES' $PROPFILE)")
+JAVA_BIN=$(get_prop 'JAVA_BIN' $PROPFILE)
+JAVA_VERSION_REQUIRED=$(get_prop 'JAVA_VERSION_REQUIRED' $PROPFILE)
+JAVA_ORACLE=$(get_prop 'JAVA_ORACLE' $PROPFILE)
+mysql_core_file=$(get_prop 'mysql_core_file' $PROPFILE)
+mysql_audit_file=$(get_prop 'mysql_audit_file' $PROPFILE)
+oracle_core_file=$(get_prop 'oracle_core_file' $PROPFILE)
+oracle_audit_file=$(get_prop 'oracle_audit_file' $PROPFILE)
+postgres_core_file=$(get_prop 'postgres_core_file' $PROPFILE)
+postgres_audit_file=$(get_prop 'postgres_audit_file' $PROPFILE)
+sqlserver_core_file=$(get_prop 'sqlserver_core_file' $PROPFILE)
+sqlserver_audit_file=$(get_prop 'sqlserver_audit_file' $PROPFILE)
+sqlanywhere_core_file=$(get_prop 'sqlanywhere_core_file' $PROPFILE)
+sqlanywhere_audit_file=$(get_prop 'sqlanywhere_audit_file' $PROPFILE)
+cred_keystore_filename=$(eval echo "$(get_prop 'cred_keystore_filename' $PROPFILE)")
+
+DB_HOST="${db_host}"
check_ret_status(){
if [ $1 -ne 0 ]; then
@@ -77,29 +145,25 @@ get_distro(){
#Get Properties from File without erroring out if property is not there
#$1 -> propertyName $2 -> fileName $3 -> variableName $4 -> failIfNotFound
getPropertyFromFileNoExit(){
- validateProperty=$(sed '/^\#/d' $2 | grep "^$1" | tail -n 1) # for validation
+ validateProperty=$(sed '/^\#/d' $2 | grep "^$1\s*=" | tail -n 1) # for validation
if test -z "$validateProperty" ; then
- log "[E] '$1' not found in $2 file while getting....!!";
- if [ $4 == "true" ] ; then
- exit 1;
- else
- value=""
- fi
- else
- value=`sed '/^\#/d' $2 | grep "^$1" | tail -n 1 | cut -d "=" -f2-`
- fi
- #echo 'value:'$value
+ log "[E] '$1' not found in $2 file while getting....!!";
+ if [ $4 == "true" ] ; then
+ exit 1;
+ else
+ value=""
+ fi
+ else
+ value=$(echo $validateProperty | cut -d "=" -f2-)
+ fi
eval $3="'$value'"
}
#Get Properties from File
#$1 -> propertyName $2 -> fileName $3 -> variableName
getPropertyFromFile(){
- validateProperty=$(sed '/^\#/d' $2 | grep "^$1" | tail -n 1) # for validation
+ validateProperty=$(sed '/^\#/d' $2 | grep "^$1\s*=" | tail -n 1) # for validation
if test -z "$validateProperty" ; then log "[E] '$1' not found in $2 file while getting....!!"; exit 1; fi
- value=`sed '/^\#/d' $2 | grep "^$1" | tail -n 1 | cut -d "=" -f2-`
- #echo 'value:'$value
- #validate=$(sed '/^\#/d' $2 | grep "^$1" | tail -n 1 | cut -d "=" -f2-) # for validation
- #if test -z "$validate" ; then log "[E] '$1' not found in $2 file while getting....!!"; exit 1; fi
+ value=$(echo $validateProperty | cut -d "=" -f2-)
eval $3="'$value'"
}
@@ -151,20 +215,20 @@ init_variables(){
fi
log "[I] DB_FLAVOR=${DB_FLAVOR}"
- getPropertyFromFile 'db_root_user' $PROPFILE db_root_user
- getPropertyFromFile 'db_root_password' $PROPFILE db_user
- getPropertyFromFile 'db_user' $PROPFILE db_user
- getPropertyFromFile 'db_password' $PROPFILE db_password
- if [ "${audit_store}" == "solr" ]
- then
- getPropertyFromFile 'audit_solr_urls' $PROPFILE audit_solr_urls
- getPropertyFromFile 'audit_solr_user' $PROPFILE audit_solr_user
- getPropertyFromFile 'audit_solr_password' $PROPFILE audit_solr_password
- getPropertyFromFile 'audit_solr_zookeepers' $PROPFILE audit_solr_zookeepers
- else
- getPropertyFromFile 'audit_db_user' $PROPFILE audit_db_user
- getPropertyFromFile 'audit_db_password' $PROPFILE audit_db_password
- fi
+ #getPropertyFromFile 'db_root_user' $PROPFILE db_root_user
+ #getPropertyFromFile 'db_root_password' $PROPFILE db_user
+ #getPropertyFromFile 'db_user' $PROPFILE db_user
+ #getPropertyFromFile 'db_password' $PROPFILE db_password
+ #if [ "${audit_store}" == "solr" ]
+ #then
+ # getPropertyFromFile 'audit_solr_urls' $PROPFILE audit_solr_urls
+ # getPropertyFromFile 'audit_solr_user' $PROPFILE audit_solr_user
+ # getPropertyFromFile 'audit_solr_password' $PROPFILE audit_solr_password
+ # getPropertyFromFile 'audit_solr_zookeepers' $PROPFILE audit_solr_zookeepers
+ #else
+ # getPropertyFromFile 'audit_db_user' $PROPFILE audit_db_user
+ # getPropertyFromFile 'audit_db_password' $PROPFILE audit_db_password
+ #fi
}
wait_for_tomcat_shutdown() {
@@ -835,6 +899,11 @@ update_properties() {
fi
if [ "${DB_FLAVOR}" == "POSTGRES" ]
then
+ db_name=`echo ${db_name} | tr '[:upper:]' '[:lower:]'`
+ audit_db_name=`echo ${audit_db_name} | tr '[:upper:]' '[:lower:]'`
+ db_user=`echo ${db_user} | tr '[:upper:]' '[:lower:]'`
+ audit_db_user=`echo ${audit_db_user} | tr '[:upper:]' '[:lower:]'`
+
propertyName=ranger.jpa.jdbc.url
newPropertyValue="jdbc:postgresql://${DB_HOST}/${db_name}"
updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger
@@ -952,8 +1021,8 @@ update_properties() {
if [ "${keystore}" != "" ]
then
mkdir -p `dirname "${keystore}"`
-
- $JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$db_password_alias" -value "$db_password" -provider jceks://file$keystore
+ $PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "$db_password_alias" -v "$db_password" -c 1
+ #$JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$db_password_alias" -value "$db_password" -provider jceks://file$keystore
propertyName=ranger.credential.provider.path
newPropertyValue="${keystore}"
@@ -995,7 +1064,8 @@ update_properties() {
if [ "${keystore}" != "" ]
then
- $JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$audit_db_password_alias" -value "$audit_db_password" -provider jceks://file$keystore
+ $PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "$audit_db_password_alias" -v "$audit_db_password" -c 1
+ #$JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$audit_db_password_alias" -value "$audit_db_password" -provider jceks://file$keystore
propertyName=ranger.jpa.audit.jdbc.credential.alias
newPropertyValue="${audit_db_password_alias}"
@@ -1046,7 +1116,8 @@ update_properties() {
mkdir -p `dirname "${keystore}"`
audit_solr_password_alias=ranger.solr.password
- $JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$audit_solr_password_alias" -value "$audit_solr_password" -provider jceks://file$keystore
+ $PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "$audit_solr_password_alias" -v "$audit_solr_password" -c 1
+# $JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$audit_solr_password_alias" -value "$audit_solr_password" -provider jceks://file$keystore
propertyName=ranger.solr.audit.credential.alias
newPropertyValue="${audit_solr_password_alias}"
@@ -1318,6 +1389,12 @@ do_authentication_setup(){
if [ "${xa_ldap_base_dn}" != "" ] && [ "${xa_ldap_bind_dn}" != "" ] && [ "${xa_ldap_bind_password}" != "" ]
then
+ $PYTHON_COMMAND_INVOKER dba_script.py ${xa_ldap_bind_password} 'LDAP'
+ if [ "$?" != "0" ]
+ then
+ exit 1
+ fi
+
propertyName=ranger.ldap.base.dn
newPropertyValue="${xa_ldap_base_dn}"
updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
@@ -1341,7 +1418,8 @@ do_authentication_setup(){
mkdir -p `dirname "${keystore}"`
ldap_password_alias=ranger.ldap.binddn.password
- $JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$ldap_password_alias" -value "$xa_ldap_bind_password" -provider jceks://file$keystore
+ $PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "$ldap_password_alias" -v "$xa_ldap_bind_password" -c 1
+# $JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$ldap_password_alias" -value "$xa_ldap_bind_password" -provider jceks://file$keystore
to_file_default=$app_home/WEB-INF/classes/conf/ranger-admin-default-site.xml
@@ -1403,6 +1481,11 @@ do_authentication_setup(){
if [ "${xa_ldap_ad_base_dn}" != "" ] && [ "${xa_ldap_ad_bind_dn}" != "" ] && [ "${xa_ldap_ad_bind_password}" != "" ]
then
+ $PYTHON_COMMAND_INVOKER dba_script.py ${xa_ldap_ad_bind_password} 'AD'
+ if [ "$?" != "0" ]
+ then
+ exit 1
+ fi
propertyName=ranger.ldap.ad.base.dn
newPropertyValue="${xa_ldap_ad_base_dn}"
updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file
@@ -1426,7 +1509,8 @@ do_authentication_setup(){
mkdir -p `dirname "${keystore}"`
ad_password_alias=ranger.ad.binddn.password
- $JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$ad_password_alias" -value "$xa_ldap_ad_bind_password" -provider jceks://file$keystore
+ $PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "$ad_password_alias" -v "$xa_ldap_ad_bind_password" -c 1
+# $JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$ad_password_alias" -value "$xa_ldap_ad_bind_password" -provider jceks://file$keystore
to_file_default=$app_home/WEB-INF/classes/conf/ranger-admin-default-site.xml
@@ -1568,7 +1652,7 @@ setup_install_files(){
fi
fi
if [ -f /etc/init.d/${RANGER_ADMIN} ]; then
- if [ "${unix_user}" != "ranger" ]; then
+ if [ "${unix_user}" != "" ]; then
sed 's/^LINUX_USER=.*$/LINUX_USER='${unix_user}'/g' -i /etc/init.d/${RANGER_ADMIN}
fi
fi
@@ -1702,17 +1786,27 @@ copy_db_connector
#create_audit_db_user
check_python_command
run_dba_steps
+if [ "$?" == "0" ]
+then
$PYTHON_COMMAND_INVOKER db_setup.py
+else
+ exit 1
+fi
if [ "$?" == "0" ]
then
update_properties
do_authentication_setup
-$PYTHON_COMMAND_INVOKER db_setup.py -javapatch
-#execute_java_patches
else
log "[E] DB schema setup failed! Please contact Administrator."
exit 1
fi
+#execute_java_patches
+$PYTHON_COMMAND_INVOKER db_setup.py -javapatch
+if [ "$?" == "0" ]
+then
echo "ln -sf ${WEBAPP_ROOT}/WEB-INF/classes/conf ${INSTALL_DIR}/conf"
ln -sf ${WEBAPP_ROOT}/WEB-INF/classes/conf ${INSTALL_DIR}/conf
echo "Installation of Ranger PolicyManager Web Application is completed."
+else
+ exit 1
+fi
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bc4ee643/security-admin/src/main/java/org/apache/ranger/common/RESTErrorUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RESTErrorUtil.java b/security-admin/src/main/java/org/apache/ranger/common/RESTErrorUtil.java
index c46964c..3f92d8d 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/RESTErrorUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/RESTErrorUtil.java
@@ -375,4 +375,30 @@ public class RESTErrorUtil {
fieldName, value);
}
}
+
+ public WebApplicationException createRESTException(String errorMessage,
+ MessageEnums messageEnum, Long objectId, String fieldName,
+ String logMessage,int statusCode)
+ {
+ List<VXMessage> messageList = new ArrayList<VXMessage>();
+ messageList.add(messageEnum.getMessage(objectId, fieldName));
+ VXResponse vResponse = new VXResponse();
+ vResponse.setStatusCode(vResponse.STATUS_ERROR);
+ vResponse.setMsgDesc(errorMessage);
+ vResponse.setMessageList(messageList);
+ Response errorResponse = Response.status(statusCode).entity(vResponse).build();
+ WebApplicationException restException = new WebApplicationException(errorResponse);
+ restException.fillInStackTrace();
+ UserSessionBase userSession = ContextUtil.getCurrentUserSession();
+ Long sessionId = null;
+ String loginId = null;
+ if (userSession != null) {
+ loginId = userSession.getLoginId();
+ sessionId = userSession.getSessionId();
+ }
+ logger.info("Request failed. SessionId=" + sessionId + ", loginId="
+ + loginId + ", logMessage=" + vResponse.getMsgDesc(),
+ restException);
+ return restException;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bc4ee643/security-admin/src/main/java/org/apache/ranger/service/AbstractBaseResourceService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/AbstractBaseResourceService.java b/security-admin/src/main/java/org/apache/ranger/service/AbstractBaseResourceService.java
index 0ddfb0e..49f5dde 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/AbstractBaseResourceService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/AbstractBaseResourceService.java
@@ -37,6 +37,7 @@ import javax.persistence.criteria.Expression;
import javax.persistence.criteria.Path;
import javax.persistence.criteria.Predicate;
import javax.persistence.criteria.Root;
+import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.apache.ranger.biz.RangerBizUtil;
@@ -318,10 +319,10 @@ public abstract class AbstractBaseResourceService<T extends XXDBBase, V extends
T resource = getDao().getById(id);
if (resource == null) {
- // Returns code 400 with DATA_NOT_FOUND as the error message
+ // Returns code 404 with DATA_NOT_FOUND as the error message
throw restErrorUtil.createRESTException(getResourceName()
+ " not found", MessageEnums.DATA_NOT_FOUND, id, null,
- "preRead: " + id + " not found.");
+ "preRead: " + id + " not found.",HttpServletResponse.SC_NOT_FOUND);
}
V viewBean = readResource(resource);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bc4ee643/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionCreate.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionCreate.js b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionCreate.js
index 7981d34..3e03d80 100644
--- a/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionCreate.js
+++ b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionCreate.js
@@ -145,7 +145,6 @@ define(function(require){
} ,
error : function(model,resp){
XAUtil.blockUI('unblock');
- console.log('error');
if(!_.isUndefined(resp.responseJSON) && !_.isUndefined(resp.responseJSON.msgDesc)){
XAUtil.notifyError('Error',resp.responseJSON.msgDesc);
}else
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bc4ee643/security-admin/src/main/webapp/scripts/views/users/GroupCreate.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/users/GroupCreate.js b/security-admin/src/main/webapp/scripts/views/users/GroupCreate.js
index 40e6837..dca6b13 100644
--- a/security-admin/src/main/webapp/scripts/views/users/GroupCreate.js
+++ b/security-admin/src/main/webapp/scripts/views/users/GroupCreate.js
@@ -160,8 +160,7 @@ define(function(require){
else
XAUtil.notifyError('Error', response.responseJSON.msgDesc);
}else
- XAUtil.notifyError('Error', 'Error creating Policy!');
- console.log('error');
+ XAUtil.notifyError('Error', 'Error occurred while creating/updating group!');
}
});
},
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bc4ee643/security-admin/src/main/webapp/scripts/views/users/UserCreate.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/users/UserCreate.js b/security-admin/src/main/webapp/scripts/views/users/UserCreate.js
index a37fd88..817831d 100644
--- a/security-admin/src/main/webapp/scripts/views/users/UserCreate.js
+++ b/security-admin/src/main/webapp/scripts/views/users/UserCreate.js
@@ -194,7 +194,6 @@ define(function(require){
} ,
error : function(model,resp){
XAUtil.blockUI('unblock');
- console.log('error');
if(!_.isUndefined(resp.responseJSON) && !_.isUndefined(resp.responseJSON.msgDesc)){
if(resp.responseJSON.msgDesc == "XUser already exists")
XAUtil.notifyError('Error',"User already exists.");
@@ -226,7 +225,6 @@ define(function(require){
XAUtil.notifyError('Error',resp.responseJSON.msgDesc);
}else
XAUtil.notifyError('Error', "Error occurred while creating/updating user.");
- console.log('error');
}
});
},
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bc4ee643/unixauthservice/scripts/set_globals.sh
----------------------------------------------------------------------
diff --git a/unixauthservice/scripts/set_globals.sh b/unixauthservice/scripts/set_globals.sh
index c92dfdc..7774e48 100755
--- a/unixauthservice/scripts/set_globals.sh
+++ b/unixauthservice/scripts/set_globals.sh
@@ -21,6 +21,19 @@
#This will also create the ranger linux user and groups if required.
#This script needs to be run as root
+PROPFILE=$PWD/install.properties
+propertyValue=''
+
+if [ ! $? = "0" ];then
+ log "$PROPFILE file not found....!!";
+ exit 1;
+fi
+get_prop(){
+ validateProperty=$(sed '/^\#/d' $2 | grep "^$1\s*=" | tail -n 1) # for validation
+ if test -z "$validateProperty" ; then log "[E] '$1' not found in $2 file while getting....!!"; exit 1; fi
+ value=$(echo $validateProperty | cut -d "=" -f2-)
+ echo $value
+}
if [ ! -w /etc/passwd ]; then
echo "ERROR: Please run this script as root"
exit 1
@@ -43,8 +56,8 @@ log() {
}
#Create the ranger users and groups (if needed)
-unix_user=ranger
-unix_group=ranger
+unix_user=$(get_prop 'unix_user' $PROPFILE)
+unix_group=$(get_prop 'unix_group' $PROPFILE)
groupadd ${unix_group}
ret=$?
@@ -83,16 +96,16 @@ ln -sf /etc/ranger/usersync/conf conf
#Create the log folder
if [ ! -d /var/log/ranger/usersync ]; then
mkdir -p /var/log/ranger/usersync
- if [ -d logs ]; then
- cp -r logs/* /var/log/ranger/usersync
+ if [ -d ews/logs ]; then
+ cp -r ews/logs/* /var/log/ranger/usersync
fi
- chmod 755 /var/log/ranger/usersync
- chown -R $unix_user:$unix_group /var/log/ranger
fi
if [ -d /var/log/ranger/usersync ]; then
- chown -R $unix_user:$unix_group /var/log/ranger/usersync
+ chown -R $unix_user:$unix_group /var/log/ranger/usersync
+ chmod 755 /var/log/ranger/usersync
fi
+
mv -f logs logs.$curDt 2> /dev/null
ln -sf /var/log/ranger/usersync logs
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/bc4ee643/unixauthservice/scripts/setup.py
----------------------------------------------------------------------
diff --git a/unixauthservice/scripts/setup.py b/unixauthservice/scripts/setup.py
index 31c486e..b35a261 100755
--- a/unixauthservice/scripts/setup.py
+++ b/unixauthservice/scripts/setup.py
@@ -81,7 +81,7 @@ SYNC_INTERVAL_NEW_KEY = 'ranger.usersync.sleeptimeinmillisbetweensynccycle'
SYNC_SOURCE_UNIX = 'unix'
SYNC_SOURCE_LDAP = 'ldap'
SYNC_SOURCE_LIST = [ SYNC_SOURCE_UNIX, SYNC_SOURCE_LDAP ]
-
+SYNC_LDAP_BIND_PASSWORD_KEY = 'ranger.usersync.ldap.ldapbindpassword'
credUpdateClassName = 'org.apache.ranger.credentialapi.buildks'
#credUpdateClassName = 'com.hortonworks.credentialapi.buildks'
@@ -166,6 +166,17 @@ def updateProppertyInJCKSFile(jcksFileName,propName,value):
sys.exit(1)
return ret
+def password_validation(password, userType):
+ if password:
+ if re.search("[\\\`'\"]",password):
+ print "[E] "+userType+" proprty contains one of the unsupported special characters like \" ' \ `"
+ sys.exit(1)
+ else:
+ print "[I] "+userType+" proprty is verified."
+ else:
+ print "[E] Blank password is not allowed for proprty " +userType+ ",please enter valid password."
+ sys.exit(1)
+
def convertInstallPropsToXML(props):
directKeyMap = getPropertiesConfigMap(join(installTemplateDirName,install2xmlMapFileName))
@@ -190,6 +201,8 @@ def convertInstallPropsToXML(props):
# if (key.startswith("ranger.usersync.ldap") or key.startswith("ranger.usersync.group") or key.startswith("ranger.usersync.paged")):
# del ret[key]
elif (syncSource == SYNC_SOURCE_LDAP):
+ ldapPass=ret[SYNC_LDAP_BIND_PASSWORD_KEY]
+ password_validation(ldapPass, SYNC_LDAP_BIND_PASSWORD_KEY)
ret['ranger.usersync.source.impl.class'] = 'org.apache.ranger.ldapusersync.process.LdapUserGroupBuilder'
if (SYNC_INTERVAL_NEW_KEY not in ret or len(str(ret[SYNC_INTERVAL_NEW_KEY])) == 0):
ret[SYNC_INTERVAL_NEW_KEY] = "3600000"
@@ -237,20 +250,18 @@ def initializeInitD(ownerName):
fn = join(installPropDirName,initdProgramName)
initdFn = join(initdDirName,initdProgramName)
shutil.copy(fn, initdFn)
- if (ownerName != 'ranger'):
- f = open(initdFn,'r')
- filedata = f.read()
- f.close()
- find_str = "LINUX_USER=ranger"
- replace_str = "LINUX_USER="+ ownerName
- newdata = filedata.replace(find_str,replace_str)
-
- f = open(initdFn,'w')
- f.write(newdata)
- f.close()
-
- os.chmod(initdFn,0550)
- rcDirList = [ "/etc/rc2.d", "/etc/rc3.d", "/etc/rc.d/rc2.d", "/etc/rc.d/rc3.d" ]
+ if (ownerName != 'ranger'):
+ f = open(initdFn,'r')
+ filedata = f.read()
+ f.close()
+ find_str = "LINUX_USER=ranger"
+ replace_str = "LINUX_USER="+ ownerName
+ newdata = filedata.replace(find_str,replace_str)
+ f = open(initdFn,'w')
+ f.write(newdata)
+ f.close()
+ os.chmod(initdFn,0550)
+ rcDirList = [ "/etc/rc2.d", "/etc/rc3.d", "/etc/rc.d/rc2.d", "/etc/rc.d/rc3.d" ]
for rcDir in rcDirList:
if (os.path.isdir(rcDir)):
for prefix in initPrefixList:
@@ -258,14 +269,13 @@ def initializeInitD(ownerName):
scriptName = join(rcDir, scriptFn)
if isfile(scriptName):
os.remove(scriptName)
- #print "+ ln -sf %s %s" % (initdFn, scriptName)
os.symlink(initdFn,scriptName)
- userSyncScriptName = "ranger-usersync-services.sh"
- localScriptName = os.path.abspath(join(installPropDirName,userSyncScriptName))
- ubinScriptName = join("/usr/bin",initdProgramName)
- if isfile(ubinScriptName):
- os.remove(ubinScriptName)
- os.symlink(localScriptName,ubinScriptName)
+ userSyncScriptName = "ranger-usersync-services.sh"
+ localScriptName = os.path.abspath(join(installPropDirName,userSyncScriptName))
+ ubinScriptName = join("/usr/bin",initdProgramName)
+ if isfile(ubinScriptName):
+ os.remove(ubinScriptName)
+ os.symlink(localScriptName,ubinScriptName)
def createJavaKeystoreForSSL(fn,passwd):