HADOOP-13077. Handle special characters in passwords in httpfs.sh (Xiao Chen via aw)

This commit is contained in:
Allen Wittenauer 2016-05-05 11:32:41 -07:00
parent d0da13229c
commit 35cf503149
4 changed files with 65 additions and 12 deletions

View File

@ -2082,3 +2082,26 @@ function hadoop_parse_args
hadoop_debug "hadoop_parse: asking caller to skip ${HADOOP_PARSE_COUNTER}" hadoop_debug "hadoop_parse: asking caller to skip ${HADOOP_PARSE_COUNTER}"
} }
## @description XML-escapes the characters (&'"<>) in the given parameter.
## @audience private
## @stability evolving
## @replaceable yes
## @param string
## @return XML-escaped string
function hadoop_xml_escape
{
sed -e 's/&/\&amp;/g' -e 's/"/\\\&quot;/g' \
-e "s/'/\\\\\&apos;/g" -e 's/</\\\&lt;/g' -e 's/>/\\\&gt;/g' <<< "$1"
}
## @description sed-escapes the characters (\/&) in the given parameter.
## @audience private
## @stability evolving
## @replaceable yes
## @param string
## @return sed-escaped string
function hadoop_sed_escape
{
sed -e 's/[\/&]/\\&/g' <<< "$1"
}

View File

@ -0,0 +1,32 @@
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
load hadoop-functions_test_helper
@test "hadoop_escape_sed (positive 1)" {
ret="$(hadoop_sed_escape "\pass&&word\0#\$asdf/g ><'\"~\`!@#$%^&*()_+-=")"
expected="\\\\pass\&\&word\\\0#\$asdf\/g ><'\"~\`!@#$%^\&*()_+-="
echo "actual >${ret}<"
echo "expected >${expected}<"
[ "${ret}" = "${expected}" ]
}
@test "hadoop_escape_xml (positive 1)" {
ret="$(hadoop_xml_escape "\pass&&word\0#\$asdf/g ><'\"~\`!@#$%^&*()_+-=")"
expected="\\pass&amp;&amp;word\0#\$asdf/g \&gt;\&lt;\&apos;\&quot;~\`!@#\$%^&amp;*()_+-="
echo "actual >${ret}<"
echo "expected >${expected}<"
[ "${ret}" = "${expected}" ]
}

View File

@ -29,14 +29,6 @@ function hadoop_usage
hadoop_generate_usage "${MYNAME}" false hadoop_generate_usage "${MYNAME}" false
} }
function hadoop_escape() {
# Escape special chars for the later sed which saves the text as xml attribute
local ret
ret=$(sed 's/[\/&]/\\&/g' <<< "$1" | sed 's/&/\&amp;/g' | sed 's/"/\\\&quot;/g' \
| sed "s/'/\\\\\&apos;/g" | sed 's/</\\\&lt;/g' | sed 's/>/\\\&gt;/g')
echo "$ret"
}
# let's locate libexec... # let's locate libexec...
if [[ -n "${HADOOP_HOME}" ]]; then if [[ -n "${HADOOP_HOME}" ]]; then
HADOOP_DEFAULT_LIBEXEC_DIR="${HADOOP_HOME}/libexec" HADOOP_DEFAULT_LIBEXEC_DIR="${HADOOP_HOME}/libexec"
@ -104,8 +96,10 @@ fi
if [[ -f "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" ]]; then if [[ -f "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" ]]; then
if [[ -n "${KMS_SSL_KEYSTORE_PASS+x}" ]] || [[ -n "${KMS_SSL_TRUSTSTORE_PASS}" ]]; then if [[ -n "${KMS_SSL_KEYSTORE_PASS+x}" ]] || [[ -n "${KMS_SSL_TRUSTSTORE_PASS}" ]]; then
export KMS_SSL_KEYSTORE_PASS=${KMS_SSL_KEYSTORE_PASS:-password} export KMS_SSL_KEYSTORE_PASS=${KMS_SSL_KEYSTORE_PASS:-password}
KMS_SSL_KEYSTORE_PASS_ESCAPED=$(hadoop_escape "$KMS_SSL_KEYSTORE_PASS") KMS_SSL_KEYSTORE_PASS_ESCAPED=$(hadoop_xml_escape \
KMS_SSL_TRUSTSTORE_PASS_ESCAPED=$(hadoop_escape "$KMS_SSL_TRUSTSTORE_PASS") "$(hadoop_sed_escape "$KMS_SSL_KEYSTORE_PASS")")
KMS_SSL_TRUSTSTORE_PASS_ESCAPED=$(hadoop_xml_escape \
"$(hadoop_sed_escape "$KMS_SSL_TRUSTSTORE_PASS")")
sed -e 's/"_kms_ssl_keystore_pass_"/'"\"${KMS_SSL_KEYSTORE_PASS_ESCAPED}\""'/g' \ sed -e 's/"_kms_ssl_keystore_pass_"/'"\"${KMS_SSL_KEYSTORE_PASS_ESCAPED}\""'/g' \
-e 's/"_kms_ssl_truststore_pass_"/'"\"${KMS_SSL_TRUSTSTORE_PASS_ESCAPED}\""'/g' \ -e 's/"_kms_ssl_truststore_pass_"/'"\"${KMS_SSL_TRUSTSTORE_PASS_ESCAPED}\""'/g' \
"${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" \ "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" \

View File

@ -96,8 +96,12 @@ fi
if [[ -f "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" ]]; then if [[ -f "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" ]]; then
if [[ -n "${HTTPFS_SSL_KEYSTORE_PASS+x}" ]] || [[ -n "${HTTPFS_SSL_TRUSTSTORE_PASS}" ]]; then if [[ -n "${HTTPFS_SSL_KEYSTORE_PASS+x}" ]] || [[ -n "${HTTPFS_SSL_TRUSTSTORE_PASS}" ]]; then
export HTTPFS_SSL_KEYSTORE_PASS=${HTTPFS_SSL_KEYSTORE_PASS:-password} export HTTPFS_SSL_KEYSTORE_PASS=${HTTPFS_SSL_KEYSTORE_PASS:-password}
sed -e 's/_httpfs_ssl_keystore_pass_/'${HTTPFS_SSL_KEYSTORE_PASS}'/g' \ HTTPFS_SSL_KEYSTORE_PASS_ESCAPED=$(hadoop_xml_escape \
-e 's/_httpfs_ssl_truststore_pass_/'${HTTPFS_SSL_TRUSTSTORE_PASS}'/g' \ "$(hadoop_sed_escape "$HTTPFS_SSL_KEYSTORE_PASS")")
HTTPFS_SSL_TRUSTSTORE_PASS_ESCAPED=$(hadoop_xml_escape \
"$(hadoop_sed_escape "$HTTPFS_SSL_TRUSTSTORE_PASS")")
sed -e 's/"_httpfs_ssl_keystore_pass_"/'"\"${HTTPFS_SSL_KEYSTORE_PASS_ESCAPED}\""'/g' \
-e 's/"_httpfs_ssl_truststore_pass_"/'"\"${HTTPFS_SSL_TRUSTSTORE_PASS_ESCAPED}\""'/g' \
"${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" \ "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" \
> "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml" > "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml"
chmod 700 "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml" >/dev/null 2>&1 chmod 700 "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml" >/dev/null 2>&1