diff --git a/hadoop-common-project/hadoop-common/src/main/bin/hadoop-functions.sh b/hadoop-common-project/hadoop-common/src/main/bin/hadoop-functions.sh index 48ad1e203f3..99c47384bd2 100755 --- a/hadoop-common-project/hadoop-common/src/main/bin/hadoop-functions.sh +++ b/hadoop-common-project/hadoop-common/src/main/bin/hadoop-functions.sh @@ -2082,3 +2082,26 @@ function hadoop_parse_args hadoop_debug "hadoop_parse: asking caller to skip ${HADOOP_PARSE_COUNTER}" } + +## @description XML-escapes the characters (&'"<>) in the given parameter. +## @audience private +## @stability evolving +## @replaceable yes +## @param string +## @return XML-escaped string +function hadoop_xml_escape +{ + sed -e 's/&/\&/g' -e 's/"/\\\"/g' \ + -e "s/'/\\\\\'/g" -e 's//\\\>/g' <<< "$1" +} + +## @description sed-escapes the characters (\/&) in the given parameter. +## @audience private +## @stability evolving +## @replaceable yes +## @param string +## @return sed-escaped string +function hadoop_sed_escape +{ + sed -e 's/[\/&]/\\&/g' <<< "$1" +} \ No newline at end of file diff --git a/hadoop-common-project/hadoop-common/src/test/scripts/hadoop_escape_chars.bats b/hadoop-common-project/hadoop-common/src/test/scripts/hadoop_escape_chars.bats new file mode 100755 index 00000000000..9b031f254fb --- /dev/null +++ b/hadoop-common-project/hadoop-common/src/test/scripts/hadoop_escape_chars.bats @@ -0,0 +1,32 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +load hadoop-functions_test_helper + +@test "hadoop_escape_sed (positive 1)" { + ret="$(hadoop_sed_escape "\pass&&word\0#\$asdf/g ><'\"~\`!@#$%^&*()_+-=")" + expected="\\\\pass\&\&word\\\0#\$asdf\/g ><'\"~\`!@#$%^\&*()_+-=" + echo "actual >${ret}<" + echo "expected >${expected}<" + [ "${ret}" = "${expected}" ] +} + +@test "hadoop_escape_xml (positive 1)" { + ret="$(hadoop_xml_escape "\pass&&word\0#\$asdf/g ><'\"~\`!@#$%^&*()_+-=")" + expected="\\pass&&word\0#\$asdf/g \>\<\'\"~\`!@#\$%^&*()_+-=" + echo "actual >${ret}<" + echo "expected >${expected}<" + [ "${ret}" = "${expected}" ] +} \ No newline at end of file diff --git a/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh b/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh index 1de19f55b09..1d3c948ac14 100755 --- a/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh +++ b/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh @@ -29,14 +29,6 @@ function hadoop_usage hadoop_generate_usage "${MYNAME}" false } -function hadoop_escape() { - # Escape special chars for the later sed which saves the text as xml attribute - local ret - ret=$(sed 's/[\/&]/\\&/g' <<< "$1" | sed 's/&/\&/g' | sed 's/"/\\\"/g' \ - | sed "s/'/\\\\\'/g" | sed 's//\\\>/g') - echo "$ret" -} - # let's locate libexec... if [[ -n "${HADOOP_HOME}" ]]; then HADOOP_DEFAULT_LIBEXEC_DIR="${HADOOP_HOME}/libexec" @@ -104,8 +96,10 @@ fi if [[ -f "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" ]]; then if [[ -n "${KMS_SSL_KEYSTORE_PASS+x}" ]] || [[ -n "${KMS_SSL_TRUSTSTORE_PASS}" ]]; then export KMS_SSL_KEYSTORE_PASS=${KMS_SSL_KEYSTORE_PASS:-password} - KMS_SSL_KEYSTORE_PASS_ESCAPED=$(hadoop_escape "$KMS_SSL_KEYSTORE_PASS") - KMS_SSL_TRUSTSTORE_PASS_ESCAPED=$(hadoop_escape "$KMS_SSL_TRUSTSTORE_PASS") + KMS_SSL_KEYSTORE_PASS_ESCAPED=$(hadoop_xml_escape \ + "$(hadoop_sed_escape "$KMS_SSL_KEYSTORE_PASS")") + KMS_SSL_TRUSTSTORE_PASS_ESCAPED=$(hadoop_xml_escape \ + "$(hadoop_sed_escape "$KMS_SSL_TRUSTSTORE_PASS")") sed -e 's/"_kms_ssl_keystore_pass_"/'"\"${KMS_SSL_KEYSTORE_PASS_ESCAPED}\""'/g' \ -e 's/"_kms_ssl_truststore_pass_"/'"\"${KMS_SSL_TRUSTSTORE_PASS_ESCAPED}\""'/g' \ "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" \ diff --git a/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/sbin/httpfs.sh b/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/sbin/httpfs.sh index 3e7cdf8d698..a6c9f03ec7a 100755 --- a/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/sbin/httpfs.sh +++ b/hadoop-hdfs-project/hadoop-hdfs-httpfs/src/main/sbin/httpfs.sh @@ -96,8 +96,12 @@ fi if [[ -f "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" ]]; then if [[ -n "${HTTPFS_SSL_KEYSTORE_PASS+x}" ]] || [[ -n "${HTTPFS_SSL_TRUSTSTORE_PASS}" ]]; then export HTTPFS_SSL_KEYSTORE_PASS=${HTTPFS_SSL_KEYSTORE_PASS:-password} - sed -e 's/_httpfs_ssl_keystore_pass_/'${HTTPFS_SSL_KEYSTORE_PASS}'/g' \ - -e 's/_httpfs_ssl_truststore_pass_/'${HTTPFS_SSL_TRUSTSTORE_PASS}'/g' \ + HTTPFS_SSL_KEYSTORE_PASS_ESCAPED=$(hadoop_xml_escape \ + "$(hadoop_sed_escape "$HTTPFS_SSL_KEYSTORE_PASS")") + HTTPFS_SSL_TRUSTSTORE_PASS_ESCAPED=$(hadoop_xml_escape \ + "$(hadoop_sed_escape "$HTTPFS_SSL_TRUSTSTORE_PASS")") + sed -e 's/"_httpfs_ssl_keystore_pass_"/'"\"${HTTPFS_SSL_KEYSTORE_PASS_ESCAPED}\""'/g' \ + -e 's/"_httpfs_ssl_truststore_pass_"/'"\"${HTTPFS_SSL_TRUSTSTORE_PASS_ESCAPED}\""'/g' \ "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" \ > "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml" chmod 700 "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml" >/dev/null 2>&1