Repository: ambari Updated Branches: refs/heads/branch-2.5 3023419de -> f8f8abbbb
AMBARI-20909. Server Error in Ambari UI, when trying to login as a pam user due to user name conflict (Anita Jebaraj via rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/f8f8abbb Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/f8f8abbb Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/f8f8abbb Branch: refs/heads/branch-2.5 Commit: f8f8abbbbad230c574d8bcdb971ea59900a8dc7a Parents: 3023419 Author: Anita Jebaraj <[email protected]> Authored: Thu May 4 15:45:37 2017 -0400 Committer: Robert Levas <[email protected]> Committed: Thu May 4 15:45:37 2017 -0400 ---------------------------------------------------------------------- .../authorization/AmbariPamAuthenticationProvider.java | 7 +++++++ .../authorization/AmbariPamAuthenticationProviderTest.java | 3 +++ 2 files changed, 10 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/f8f8abbb/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java index 2179e05..1626cd8 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProvider.java @@ -75,6 +75,13 @@ public class AmbariPamAuthenticationProvider implements AuthenticationProvider { public Authentication authenticate(Authentication authentication) throws AuthenticationException { if(isPamEnabled()){ PAM pam; + String userName = String.valueOf(authentication.getPrincipal()); + UserEntity existingUser = userDAO.findUserByName(userName); + if ((existingUser != null) && (existingUser.getUserType() != UserType.PAM)) { + String errorMsg = String.format("%s user exists with the username %s. Cannot authenticate via PAM", existingUser.getUserType(), userName); + LOG.error(errorMsg); + return null; + } try{ //Set PAM configuration file (found under /etc/pam.d) String pamConfig = configuration.getPamConfigurationFile(); http://git-wip-us.apache.org/repos/asf/ambari/blob/f8f8abbb/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java index adfec3d..59a0c7a 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariPamAuthenticationProviderTest.java @@ -29,6 +29,7 @@ import org.apache.ambari.server.H2DatabaseCleaner; import org.apache.ambari.server.audit.AuditLoggerModule; import org.apache.ambari.server.configuration.Configuration; import org.apache.ambari.server.orm.GuiceJpaInitializer; +import org.apache.ambari.server.orm.dao.UserDAO; import org.apache.ambari.server.orm.entities.PrincipalEntity; import org.apache.ambari.server.orm.entities.UserEntity; import org.apache.ambari.server.security.ClientSecurityType; @@ -92,6 +93,7 @@ public class AmbariPamAuthenticationProviderTest { UnixUser unixUser = createNiceMock(UnixUser.class); UserEntity userEntity = combineUserEntity(); User user = new User(userEntity); + UserDAO userDAO = createNiceMock(UserDAO.class); Collection<AmbariGrantedAuthority> userAuthorities = Collections.singletonList(createNiceMock(AmbariGrantedAuthority.class)); expect(pam.authenticate(EasyMock.anyObject(String.class), EasyMock.anyObject(String.class))).andReturn(unixUser).atLeastOnce(); expect(unixUser.getGroups()).andReturn(new HashSet<String>(Arrays.asList("group"))).atLeastOnce(); @@ -99,6 +101,7 @@ public class AmbariPamAuthenticationProviderTest { EasyMock.replay(pam); Authentication authentication = new AmbariUserAuthentication("userPass", user, userAuthorities); Authentication result = authenticationProvider.authenticateViaPam(pam,authentication); + expect(userDAO.findUserByName("userName")).andReturn(null).once(); Assert.assertNotNull(result); Assert.assertEquals(true, result.isAuthenticated()); Assert.assertTrue(result instanceof AmbariUserAuthentication);
