Repository: kudu Updated Branches: refs/heads/branch-1.3.x 27b850469 -> 4f02c9204
Fix Webserver option 'password_file' to pass correct Squeasel option 'global_auth_file' for enabling HTTP authorization. Also add test case for web UI .htpasswd support. Change-Id: I2d30f450abfb3d0addc0eef39bcf78c87e4298c5 Reviewed-on: http://gerrit.cloudera.org:8080/6300 Tested-by: Kudu Jenkins Reviewed-by: Dan Burkert <[email protected]> (cherry picked from commit 937064f9187e07d2d1880d61cf67792eefe9a82d) Reviewed-on: http://gerrit.cloudera.org:8080/6323 Reviewed-by: Jean-Daniel Cryans <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/kudu/repo Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/4f02c920 Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/4f02c920 Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/4f02c920 Branch: refs/heads/branch-1.3.x Commit: 4f02c9204ea80917900e5b36de81c44016bd9f0d Parents: 27b8504 Author: hahao <[email protected]> Authored: Tue Mar 7 13:11:37 2017 -0800 Committer: Jean-Daniel Cryans <[email protected]> Committed: Thu Mar 9 00:15:14 2017 +0000 ---------------------------------------------------------------------- src/kudu/security/CMakeLists.txt | 2 +- src/kudu/security/test/test_pass.cc | 40 ++++++++++++++++++++++++++++++++ src/kudu/security/test/test_pass.h | 33 ++++++++++++++++++++++++++ src/kudu/server/webserver-test.cc | 21 +++++++++++++++++ src/kudu/server/webserver.cc | 2 +- 5 files changed, 96 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/kudu/blob/4f02c920/src/kudu/security/CMakeLists.txt ---------------------------------------------------------------------- diff --git a/src/kudu/security/CMakeLists.txt b/src/kudu/security/CMakeLists.txt index c24deef..0dc7d0f 100644 --- a/src/kudu/security/CMakeLists.txt +++ b/src/kudu/security/CMakeLists.txt @@ -93,7 +93,7 @@ if (NOT NO_TESTS) set(SECURITY_TEST_SRCS security-test-util.cc test/mini_kdc.cc - test/test_certs.cc) + test/test_certs.cc test/test_pass.cc) add_library(security-test ${SECURITY_TEST_SRCS}) target_link_libraries(security-test http://git-wip-us.apache.org/repos/asf/kudu/blob/4f02c920/src/kudu/security/test/test_pass.cc ---------------------------------------------------------------------- diff --git a/src/kudu/security/test/test_pass.cc b/src/kudu/security/test/test_pass.cc new file mode 100644 index 0000000..9a0ab46 --- /dev/null +++ b/src/kudu/security/test/test_pass.cc @@ -0,0 +1,40 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +#include "kudu/security/test/test_pass.h" + +#include "kudu/util/env.h" +#include "kudu/util/path_util.h" + +using std::string; + +namespace kudu { +namespace security { + +Status CreateTestHTPasswd(const string& dir, + string* passwd_file) { + + // In the format of user:realm:digest. Digest is generated bases on + // password 'test'. + const char *kHTPasswd = "test:0.0.0.0:e4c02fbc8e89377a942ffc6b1bc3a566"; + *passwd_file = JoinPathSegments(dir, "test.passwd"); + RETURN_NOT_OK(WriteStringToFile(Env::Default(), kHTPasswd, *passwd_file)); + return Status::OK(); +} + +} // namespace security +} // namespace kudu http://git-wip-us.apache.org/repos/asf/kudu/blob/4f02c920/src/kudu/security/test/test_pass.h ---------------------------------------------------------------------- diff --git a/src/kudu/security/test/test_pass.h b/src/kudu/security/test/test_pass.h new file mode 100644 index 0000000..c0974d0 --- /dev/null +++ b/src/kudu/security/test/test_pass.h @@ -0,0 +1,33 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +#pragma once + +#include <string> + +#include "kudu/util/status.h" + +namespace kudu { +namespace security { + +// Creates .htpasswd for HTTP basic authentication in the format +// of 'user:realm:digest', returning the path in '*passwd_file'. +Status CreateTestHTPasswd(const std::string &dir, + std::string *passwd_file); + +} // namespace security +} // namespace kudu http://git-wip-us.apache.org/repos/asf/kudu/blob/4f02c920/src/kudu/server/webserver-test.cc ---------------------------------------------------------------------- diff --git a/src/kudu/server/webserver-test.cc b/src/kudu/server/webserver-test.cc index 82f68e2..6142319 100644 --- a/src/kudu/server/webserver-test.cc +++ b/src/kudu/server/webserver-test.cc @@ -24,6 +24,7 @@ #include "kudu/gutil/strings/util.h" #include "kudu/gutil/stringprintf.h" #include "kudu/security/test/test_certs.h" +#include "kudu/security/test/test_pass.h" #include "kudu/server/default-path-handlers.h" #include "kudu/server/webserver.h" #include "kudu/util/curl_util.h" @@ -50,6 +51,11 @@ void SetSslOptions(WebserverOptions* opts) { &password)); opts->private_key_password_cmd = strings::Substitute("echo $0", password); } + +void SetHTPasswdOptions(WebserverOptions* opts) { + CHECK_OK(security::CreateTestHTPasswd(GetTestDataDirectory(), + &opts->password_file)); +} } // anonymous namespace class WebserverTest : public KuduTest { @@ -66,6 +72,7 @@ class WebserverTest : public KuduTest { opts.port = 0; opts.doc_root = static_dir_; if (use_ssl()) SetSslOptions(&opts); + if (use_htpasswd()) SetHTPasswdOptions(&opts); server_.reset(new Webserver(opts)); AddDefaultPathHandlers(server_.get()); @@ -80,6 +87,7 @@ class WebserverTest : public KuduTest { protected: // Overridden by subclasses. virtual bool use_ssl() const { return false; } + virtual bool use_htpasswd() const { return false; } EasyCurl curl_; faststring buf_; @@ -94,6 +102,19 @@ class SslWebserverTest : public WebserverTest { bool use_ssl() const override { return true; } }; +class PasswdWebserverTest : public WebserverTest { + protected: + bool use_htpasswd() const override { return true; } +}; + +// Send a HTTP request with no username and password. It should reject +// the request as the .htpasswd is presented to webserver. +TEST_F(PasswdWebserverTest, TestPasswd) { + Status status = curl_.FetchURL(strings::Substitute("http://$0/";, addr_.ToString()), + &buf_); + ASSERT_EQ("Remote error: HTTP 401", status.ToString()); +} + TEST_F(WebserverTest, TestIndexPage) { curl_.set_return_headers(true); ASSERT_OK(curl_.FetchURL(strings::Substitute("http://$0/";, addr_.ToString()), http://git-wip-us.apache.org/repos/asf/kudu/blob/4f02c920/src/kudu/server/webserver.cc ---------------------------------------------------------------------- diff --git a/src/kudu/server/webserver.cc b/src/kudu/server/webserver.cc index 6d493b5..743eee8 100644 --- a/src/kudu/server/webserver.cc +++ b/src/kudu/server/webserver.cc @@ -193,7 +193,7 @@ Status Webserver::Start() { return Status::InvalidArgument(ss.str()); } LOG(INFO) << "Webserver: Password file is " << opts_.password_file; - options.push_back("global_passwords_file"); + options.push_back("global_auth_file"); options.push_back(opts_.password_file); }
