Search in sources :

Example 1 with PasswordUtils

use of org.apache.ranger.plugin.util.PasswordUtils in project ranger by apache.

the class ServiceDBStore method updateService.

@Override
public RangerService updateService(RangerService service, Map<String, Object> options) throws Exception {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceDBStore.updateService()");
    }
    XXService existing = daoMgr.getXXService().getById(service.getId());
    if (existing == null) {
        throw restErrorUtil.createRESTException("no service exists with ID=" + service.getId(), MessageEnums.DATA_NOT_FOUND);
    }
    String existingName = existing.getName();
    boolean renamed = !StringUtils.equalsIgnoreCase(service.getName(), existingName);
    if (renamed) {
        XXService newNameService = daoMgr.getXXService().findByName(service.getName());
        if (newNameService != null) {
            throw restErrorUtil.createRESTException("another service already exists with name '" + service.getName() + "'. ID=" + newNameService.getId(), MessageEnums.DATA_NOT_UPDATABLE);
        }
        long countOfTaggedResources = daoMgr.getXXServiceResource().countTaggedResourcesInServiceId(existing.getId());
        Boolean isForceRename = options != null && options.get(ServiceStore.OPTION_FORCE_RENAME) != null ? (Boolean) options.get(ServiceStore.OPTION_FORCE_RENAME) : Boolean.FALSE;
        if (countOfTaggedResources != 0L) {
            if (isForceRename) {
                LOG.warn("Forcing the renaming of service from " + existingName + " to " + service.getName() + " although it is associated with " + countOfTaggedResources + " service-resources!");
            } else {
                throw restErrorUtil.createRESTException("Service " + existingName + " cannot be renamed, as it has associated service-resources", MessageEnums.DATA_NOT_UPDATABLE);
            }
        }
    }
    Map<String, String> configs = service.getConfigs();
    Map<String, String> validConfigs = validateRequiredConfigParams(service, configs);
    if (validConfigs == null) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ConfigParams cannot be null, ServiceDBStore.createService(" + service + ")");
        }
        throw restErrorUtil.createRESTException("ConfigParams cannot be null.", MessageEnums.ERROR_CREATING_OBJECT);
    }
    boolean hasTagServiceValueChanged = false;
    Long existingTagServiceId = existing.getTagService();
    // null for old clients; empty string to remove existing association
    String newTagServiceName = service.getTagService();
    Long newTagServiceId = null;
    if (newTagServiceName == null) {
        // old client; don't update existing tagService
        if (existingTagServiceId != null) {
            newTagServiceName = getServiceName(existingTagServiceId);
            service.setTagService(newTagServiceName);
            LOG.info("ServiceDBStore.updateService(id=" + service.getId() + "; name=" + service.getName() + "): tagService is null; using existing tagService '" + newTagServiceName + "'");
        }
    }
    if (StringUtils.isNotBlank(newTagServiceName)) {
        RangerService tmp = getServiceByName(newTagServiceName);
        if (tmp == null || !EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME.equals(tmp.getType())) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("ServiceDBStore.updateService() - " + newTagServiceName + " does not refer to a valid tag service.(" + service + ")");
            }
            throw restErrorUtil.createRESTException("Invalid tag service name " + newTagServiceName, MessageEnums.ERROR_CREATING_OBJECT);
        } else {
            newTagServiceId = tmp.getId();
        }
    }
    if (existingTagServiceId == null) {
        if (newTagServiceId != null) {
            hasTagServiceValueChanged = true;
        }
    } else if (!existingTagServiceId.equals(newTagServiceId)) {
        hasTagServiceValueChanged = true;
    }
    boolean hasIsEnabledChanged = !existing.getIsenabled().equals(service.getIsEnabled());
    List<XXServiceConfigMap> dbConfigMaps = daoMgr.getXXServiceConfigMap().findByServiceId(service.getId());
    boolean hasServiceConfigForPluginChanged = hasServiceConfigForPluginChanged(dbConfigMaps, validConfigs);
    List<XXTrxLog> trxLogList = svcService.getTransactionLog(service, existing, RangerServiceService.OPERATION_UPDATE_CONTEXT);
    if (populateExistingBaseFields) {
        svcServiceWithAssignedId.setPopulateExistingBaseFields(true);
        service = svcServiceWithAssignedId.update(service);
        svcServiceWithAssignedId.setPopulateExistingBaseFields(false);
    } else {
        service.setCreateTime(existing.getCreateTime());
        service.setGuid(existing.getGuid());
        service.setVersion(existing.getVersion());
        service = svcService.update(service);
        if (hasTagServiceValueChanged || hasIsEnabledChanged || hasServiceConfigForPluginChanged) {
            updatePolicyVersion(service, RangerPolicyDelta.CHANGE_TYPE_SERVICE_CHANGE, null, false);
        }
    }
    XXService xUpdService = daoMgr.getXXService().getById(service.getId());
    String oldPassword = null;
    for (XXServiceConfigMap dbConfigMap : dbConfigMaps) {
        if (StringUtils.equalsIgnoreCase(dbConfigMap.getConfigkey(), CONFIG_KEY_PASSWORD)) {
            oldPassword = dbConfigMap.getConfigvalue();
        }
        daoMgr.getXXServiceConfigMap().remove(dbConfigMap);
    }
    VXUser vXUser = null;
    XXServiceConfigMapDao xConfMapDao = daoMgr.getXXServiceConfigMap();
    for (Entry<String, String> configMap : validConfigs.entrySet()) {
        String configKey = configMap.getKey();
        String configValue = configMap.getValue();
        if (StringUtils.equalsIgnoreCase(configKey, "username")) {
            String userName = stringUtil.getValidUserName(configValue);
            XXUser xxUser = daoMgr.getXXUser().findByUserName(userName);
            if (xxUser != null) {
                vXUser = xUserService.populateViewBean(xxUser);
            } else {
                UserSessionBase usb = ContextUtil.getCurrentUserSession();
                if (usb != null && !usb.isUserAdmin()) {
                    throw restErrorUtil.createRESTException("User does not exist with given username: [" + userName + "] please use existing user", MessageEnums.OPER_NO_PERMISSION);
                }
                vXUser = xUserMgr.createServiceConfigUser(userName);
            }
        }
        if (StringUtils.equalsIgnoreCase(configKey, CONFIG_KEY_PASSWORD)) {
            if (StringUtils.equalsIgnoreCase(configValue, HIDDEN_PASSWORD_STR)) {
                if (oldPassword != null && oldPassword.contains(",")) {
                    PasswordUtils util = PasswordUtils.build(oldPassword);
                    if (!util.getCryptAlgo().equalsIgnoreCase(CRYPT_ALGO)) {
                        String decryptedPwd = PasswordUtils.decryptPassword(oldPassword);
                        String paddingString = Joiner.on(",").skipNulls().join(CRYPT_ALGO, new String(util.getEncryptKey()), new String(util.getSalt()), util.getIterationCount(), PasswordUtils.generateIvIfNeeded(CRYPT_ALGO));
                        String encryptedPwd = PasswordUtils.encryptPassword(paddingString + "," + decryptedPwd);
                        String newDecryptedPwd = PasswordUtils.decryptPassword(paddingString + "," + encryptedPwd);
                        if (StringUtils.equals(newDecryptedPwd, decryptedPwd)) {
                            configValue = paddingString + "," + encryptedPwd;
                        }
                    } else {
                        configValue = oldPassword;
                    }
                } else {
                    configValue = oldPassword;
                }
            } else {
                String paddingString = Joiner.on(",").skipNulls().join(CRYPT_ALGO, ENCRYPT_KEY, SALT, ITERATION_COUNT, PasswordUtils.generateIvIfNeeded(CRYPT_ALGO));
                String encryptedPwd = PasswordUtils.encryptPassword(paddingString + "," + configValue);
                String decryptedPwd = PasswordUtils.decryptPassword(paddingString + "," + encryptedPwd);
                if (StringUtils.equals(decryptedPwd, configValue)) {
                    configValue = paddingString + "," + encryptedPwd;
                }
            }
        }
        XXServiceConfigMap xConfMap = new XXServiceConfigMap();
        xConfMap = (XXServiceConfigMap) rangerAuditFields.populateAuditFields(xConfMap, xUpdService);
        xConfMap.setServiceId(service.getId());
        xConfMap.setConfigkey(configKey);
        xConfMap.setConfigvalue(configValue);
        xConfMapDao.create(xConfMap);
    }
    updateTabPermissions(service.getType(), validConfigs);
    if (LOG.isDebugEnabled()) {
        LOG.debug("vXUser:[" + vXUser + "]");
    }
    RangerService updService = svcService.getPopulatedViewObject(xUpdService);
    dataHistService.createObjectDataHistory(updService, RangerDataHistService.ACTION_UPDATE);
    bizUtil.createTrxLog(trxLogList);
    return updService;
}
Also used : XXUser(org.apache.ranger.entity.XXUser) PasswordUtils(org.apache.ranger.plugin.util.PasswordUtils) VXString(org.apache.ranger.view.VXString) XXTrxLog(org.apache.ranger.entity.XXTrxLog) VXUser(org.apache.ranger.view.VXUser) XXServiceConfigMapDao(org.apache.ranger.db.XXServiceConfigMapDao) UserSessionBase(org.apache.ranger.common.UserSessionBase) XXServiceConfigMap(org.apache.ranger.entity.XXServiceConfigMap) RangerService(org.apache.ranger.plugin.model.RangerService) XXService(org.apache.ranger.entity.XXService)

Example 2 with PasswordUtils

use of org.apache.ranger.plugin.util.PasswordUtils in project ranger by apache.

the class RangerServiceService method getConfigsWithDecryptedPassword.

public Map<String, String> getConfigsWithDecryptedPassword(RangerService service) throws Exception {
    Map<String, String> configs = service.getConfigs();
    String pwd = configs.get(ServiceDBStore.CONFIG_KEY_PASSWORD);
    if (!stringUtil.isEmpty(pwd) && ServiceDBStore.HIDDEN_PASSWORD_STR.equalsIgnoreCase(pwd)) {
        XXServiceConfigMap pwdConfig = daoMgr.getXXServiceConfigMap().findByServiceAndConfigKey(service.getId(), ServiceDBStore.CONFIG_KEY_PASSWORD);
        if (pwdConfig != null) {
            String encryptedPwd = pwdConfig.getConfigvalue();
            if (encryptedPwd.contains(",")) {
                PasswordUtils util = PasswordUtils.build(encryptedPwd);
                String freeTextPasswordMetaData = Joiner.on(",").skipNulls().join(util.getCryptAlgo(), new String(util.getEncryptKey()), new String(util.getSalt()), util.getIterationCount(), PasswordUtils.needsIv(util.getCryptAlgo()) ? util.getIvAsString() : null);
                String decryptedPwd = PasswordUtils.decryptPassword(encryptedPwd);
                if (StringUtils.equalsIgnoreCase(freeTextPasswordMetaData + "," + PasswordUtils.encryptPassword(freeTextPasswordMetaData + "," + decryptedPwd), encryptedPwd)) {
                    // XXX: method name is
                    configs.put(ServiceDBStore.CONFIG_KEY_PASSWORD, encryptedPwd);
                // getConfigsWithDecryptedPassword,
                // then why do we store the
                // encryptedPwd?
                }
            } else {
                String decryptedPwd = PasswordUtils.decryptPassword(encryptedPwd);
                if (StringUtils.equalsIgnoreCase(PasswordUtils.encryptPassword(decryptedPwd), encryptedPwd)) {
                    // XXX: method name is
                    configs.put(ServiceDBStore.CONFIG_KEY_PASSWORD, encryptedPwd);
                // getConfigsWithDecryptedPassword,
                // then why do we store the
                // encryptedPwd?
                }
            }
        }
    }
    return configs;
}
Also used : XXServiceConfigMap(org.apache.ranger.entity.XXServiceConfigMap) PasswordUtils(org.apache.ranger.plugin.util.PasswordUtils)

Aggregations

XXServiceConfigMap (org.apache.ranger.entity.XXServiceConfigMap)2 PasswordUtils (org.apache.ranger.plugin.util.PasswordUtils)2 UserSessionBase (org.apache.ranger.common.UserSessionBase)1 XXServiceConfigMapDao (org.apache.ranger.db.XXServiceConfigMapDao)1 XXService (org.apache.ranger.entity.XXService)1 XXTrxLog (org.apache.ranger.entity.XXTrxLog)1 XXUser (org.apache.ranger.entity.XXUser)1 RangerService (org.apache.ranger.plugin.model.RangerService)1 VXString (org.apache.ranger.view.VXString)1 VXUser (org.apache.ranger.view.VXUser)1