This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.5
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit ccb008f3c4ebba50021adde04c124268cb56f3fe
Author: RakeshGuptaDev <rakesh.gupta.dev...@gmail.com>
AuthorDate: Thu Jun 6 14:33:55 2024 +0530
RANGER-4782: Implement best coding practices for validating service configs
Signed-off-by: Dineshkumar Yadav <dineshkumar.ya...@outlook.com>
(cherry picked from commit 73409bfb6d7241a6ce51f19d5b84575a177508ed)
---
.../java/org/apache/ranger/biz/ServiceMgr.java | 29 +++++++++++++++++++---
.../src/views/ServiceManager/TestConnection.jsx | 17 ++++++++++---
2 files changed, 39 insertions(+), 7 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
index b9d51602e..3892a2de2 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
@@ -155,7 +155,7 @@ public class ServiceMgr {
return ret;
}
-
+
public VXResponse validateConfig(RangerService service, ServiceStore
svcStore) throws Exception {
VXResponse ret = new VXResponse();
String authType =
PropertiesUtil.getProperty(AUTHENTICATION_TYPE);
@@ -164,7 +164,7 @@ public class ServiceMgr {
String nameRules = PropertiesUtil.getProperty(NAME_RULES);
String rangerPrincipal =
SecureClientLogin.getPrincipal(PropertiesUtil.getProperty(ADMIN_USER_PRINCIPAL),
PropertiesUtil.getProperty(HOST_NAME));
String rangerkeytab =
PropertiesUtil.getProperty(ADMIN_USER_KEYTAB);
-
+
if(!StringUtils.isEmpty(authType) &&
KERBEROS_TYPE.equalsIgnoreCase(authType.trim()) &&
SecureClientLogin.isKerberosCredentialExists(lookupPrincipal, lookupKeytab)){
if(service != null && service.getConfigs() != null){
service.getConfigs().put(HadoopConfigHolder.RANGER_LOOKUP_PRINCIPAL,
lookupPrincipal);
@@ -178,7 +178,7 @@ public class ServiceMgr {
service.getConfigs().put(HadoopConfigHolder.RANGER_PRINCIPAL, rangerPrincipal);
service.getConfigs().put(HadoopConfigHolder.RANGER_KEYTAB, rangerkeytab);
service.getConfigs().put(HadoopConfigHolder.RANGER_NAME_RULES, nameRules);
-
service.getConfigs().put(HadoopConfigHolder.RANGER_AUTH_TYPE, authType);
+
service.getConfigs().put(HadoopConfigHolder.RANGER_AUTH_TYPE, authType);
}
}
RangerBaseService svc=null;
@@ -191,6 +191,19 @@ public class ServiceMgr {
LOG.debug("==> ServiceMgr.validateConfig for Service:
(" + svc + ")");
}
+ // check if service configs contains localhost/127.0.0.1
+ if (service != null && service.getConfigs() != null) {
+ for (Map.Entry<String, String> entry :
service.getConfigs().entrySet()) {
+ if (entry.getValue() != null &&
StringUtils.containsIgnoreCase(entry.getValue(), "localhost")
+ ||
StringUtils.containsIgnoreCase(entry.getValue(), "127.0.0.1")) {
+ URL url = getValidURL(entry.getValue());
+ if ((url != null) &&
(url.getHost().equalsIgnoreCase("localhost") ||
url.getHost().equals("127.0.0.1"))) {
+ throw new Exception("Invalid
value for configuration " + entry.getKey() + ": host " + url.getHost() + " is
not allowed");
+ }
+ }
+ }
+ }
+
if(svc != null) {
try {
// Timeout value use during validate config is
10 times that used during lookup
@@ -221,7 +234,15 @@ public class ServiceMgr {
return ret;
}
-
+
+ private static URL getValidURL(String urlString) {
+ try {
+ return new URL(urlString);
+ } catch (Exception e) {
+ return null;
+ }
+ }
+
public boolean isZoneAdmin(String zoneName) {
boolean isZoneAdmin = false;
RangerSecurityZone securityZone = null;
diff --git
a/security-admin/src/main/webapp/react-webapp/src/views/ServiceManager/TestConnection.jsx
b/security-admin/src/main/webapp/react-webapp/src/views/ServiceManager/TestConnection.jsx
index 668de52e7..e81b757f1 100644
---
a/security-admin/src/main/webapp/react-webapp/src/views/ServiceManager/TestConnection.jsx
+++
b/security-admin/src/main/webapp/react-webapp/src/views/ServiceManager/TestConnection.jsx
@@ -49,7 +49,9 @@ function TestConnection(props) {
};
const validateConfig = async () => {
- let testConnResp;
+ let testConnResp = {},
+ msgModal = "",
+ msgListModal = [];
try {
testConnResp = await fetchApi({
@@ -61,8 +63,6 @@ function TestConnection(props) {
let respMsg = testConnResp.data.msgDesc;
let respStatusCode = testConnResp.data.statusCode;
let respMsgList = testConnResp.data.messageList;
- let msgModal,
- msgListModal = [];
if (respStatusCode !== undefined && respStatusCode === 1) {
msgModal = [
@@ -100,6 +100,17 @@ function TestConnection(props) {
showMoreModalContent: msgListModal
});
} catch (error) {
+ if (error?.response?.data?.msgDesc) {
+ msgModal = error.response.data.msgDesc;
+ }
+ setModalState({
+ showTestConnModal: true,
+ showMore: true
+ });
+ setModalContent({
+ testConnModalContent: msgModal,
+ showMoreModalContent: msgListModal
+ });
console.error(`Error occurred while validating the configs! ${error}`);
}
};
