Repository: ambari Updated Branches: refs/heads/trunk 423d836d0 -> 7cc5e9e22
AMBARI-20909. Server Error in Ambari UI, when trying to login as a pam user due to user name conflict (Anita Jebaraj via rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/7cc5e9e2 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/7cc5e9e2 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/7cc5e9e2 Branch: refs/heads/trunk Commit: 7cc5e9e220b82052256a352f0e65323f2b1bc962 Parents: 423d836 Author: Anita Jebaraj <[email protected]> Authored: Thu May 4 15:43:33 2017 -0400 Committer: Robert Levas <[email protected]> Committed: Thu May 4 15:43:33 2017 -0400 ---------------------------------------------------------------------- .../authorization/AmbariPamAuthenticationProvider.java | 7 +++++++ .../authorization/AmbariPamAuthenticationProviderTest.java | 3 +++ 2 files changed, 10 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/7cc5e9e2/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java index b3fb861..4c0963d 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java @@ -75,6 +75,13 @@ public class AmbariPamAuthenticationProvider implements AuthenticationProvider { public Authentication authenticate(Authentication authentication) throws AuthenticationException { if(isPamEnabled()){ PAM pam; + String userName = String.valueOf(authentication.getPrincipal()); + UserEntity existingUser = userDAO.findUserByName(userName); + if ((existingUser != null) && (existingUser.getUserType() != UserType.PAM)) { + String errorMsg = String.format("%s user exists with the username %s. Cannot authenticate via PAM", existingUser.getUserType(), userName); + LOG.error(errorMsg); + return null; + } try{ //Set PAM configuration file (found under /etc/pam.d) String pamConfig = configuration.getPamConfigurationFile(); http://git-wip-us.apache.org/repos/asf/ambari/blob/7cc5e9e2/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java index b7272c5..b789470 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java @@ -29,6 +29,7 @@ import org.apache.ambari.server.H2DatabaseCleaner; import org.apache.ambari.server.audit.AuditLoggerModule; import org.apache.ambari.server.configuration.Configuration; import org.apache.ambari.server.orm.GuiceJpaInitializer; +import org.apache.ambari.server.orm.dao.UserDAO; import org.apache.ambari.server.orm.entities.PrincipalEntity; import org.apache.ambari.server.orm.entities.UserEntity; import org.apache.ambari.server.security.ClientSecurityType; @@ -93,6 +94,7 @@ public class AmbariPamAuthenticationProviderTest { UnixUser unixUser = createNiceMock(UnixUser.class); UserEntity userEntity = combineUserEntity(); User user = new User(userEntity); + UserDAO userDAO = createNiceMock(UserDAO.class); Collection<AmbariGrantedAuthority> userAuthorities = Collections.singletonList(createNiceMock(AmbariGrantedAuthority.class)); expect(pam.authenticate(EasyMock.anyObject(String.class), EasyMock.anyObject(String.class))).andReturn(unixUser).atLeastOnce(); expect(unixUser.getGroups()).andReturn(new HashSet<>(Arrays.asList("group"))).atLeastOnce(); @@ -100,6 +102,7 @@ public class AmbariPamAuthenticationProviderTest { EasyMock.replay(pam); Authentication authentication = new AmbariUserAuthentication("userPass", user, userAuthorities); Authentication result = authenticationProvider.authenticateViaPam(pam,authentication); + expect(userDAO.findUserByName("userName")).andReturn(null).once(); Assert.assertNotNull(result); Assert.assertEquals(true, result.isAuthenticated()); Assert.assertTrue(result instanceof AmbariUserAuthentication);
