Repository: incubator-ranger Updated Branches: refs/heads/master a3089d1f0 -> f9300ca97
RANGER-1005 : Add command line utility to change Ranger user password Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/f9300ca9 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/f9300ca9 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/f9300ca9 Branch: refs/heads/master Commit: f9300ca972cdeda4ec6bb0fe25fbb55853566c3c Parents: a3089d1 Author: pradeep agrawal <[email protected]> Authored: Tue May 31 20:50:50 2016 +0530 Committer: Velmurugan Periasamy <[email protected]> Committed: Thu Jun 2 01:04:38 2016 -0400 ---------------------------------------------------------------------- security-admin/scripts/changepasswordutil.py | 121 ++++++++++++++++++ .../patch/cliutil/ChangePasswordUtil.java | 127 +++++++++++++++++++ src/main/assembly/admin-web.xml | 1 + 3 files changed, 249 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f9300ca9/security-admin/scripts/changepasswordutil.py ---------------------------------------------------------------------- diff --git a/security-admin/scripts/changepasswordutil.py b/security-admin/scripts/changepasswordutil.py new file mode 100644 index 0000000..c6025f3 --- /dev/null +++ b/security-admin/scripts/changepasswordutil.py @@ -0,0 +1,121 @@ +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. See accompanying LICENSE file. +# + +import os +import re +import sys +import errno +import shlex +import logging +import subprocess +import platform +import fileinput +import getpass +import shutil +from xml.etree import ElementTree as ET +from os.path import basename +from subprocess import Popen,PIPE +from datetime import date +from datetime import datetime + +os_name = platform.system() +os_name = os_name.upper() + +if os_name == "LINUX": + RANGER_ADMIN_HOME = os.getenv("RANGER_ADMIN_HOME") + if RANGER_ADMIN_HOME is None: + RANGER_ADMIN_HOME = os.getcwd() +elif os_name == "WINDOWS": + RANGER_ADMIN_HOME = os.getenv("RANGER_ADMIN_HOME") + +def log(msg,type): + if type == 'info': + logging.info(" %s",msg) + if type == 'debug': + logging.debug(" %s",msg) + if type == 'warning': + logging.warning(" %s",msg) + if type == 'exception': + logging.exception(" %s",msg) + if type == 'error': + logging.error(" %s",msg) + + +def main(argv): + FORMAT = '%(asctime)-15s %(message)s' + logging.basicConfig(format=FORMAT, level=logging.DEBUG) + + app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp") + ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs") + + if os.environ['JAVA_HOME'] == "": + log("[E] ---------- JAVA_HOME environment property not defined, aborting installation. ----------", "error") + sys.exit(1) + JAVA_BIN=os.path.join(os.environ['JAVA_HOME'],'bin','java') + if os_name == "WINDOWS" : + JAVA_BIN = JAVA_BIN+'.exe' + if os.path.isfile(JAVA_BIN): + pass + else: + while os.path.isfile(JAVA_BIN) == False: + log("Enter java executable path: :","info") + JAVA_BIN=raw_input() + log("[I] Using Java:" + str(JAVA_BIN),"info") + + USERNAME = '' + OLD_PASSWORD = '' + NEW_PASSWORD='' + + if len(argv)==4: + userName=argv[1] + oldPassword=argv[2] + newPassword=argv[3] + else: + log("[E] Invalid argument list.", "error") + log("[I] Usage : python changepasswordutil.py <loginID> <currentPassword> <newPassword>","info") + sys.exit(1) + + while userName == "": + print "Enter user name:" + userName=raw_input() + + while oldPassword == "": + oldPassword=getpass.getpass("Enter current password:") + + while newPassword == "": + newPassword=getpass.getpass("Enter new password:") + + if oldPassword==newPassword: + log("[E] Old Password and New Password argument are same. Exiting!!", "error") + sys.exit(1) + + if userName != "" and oldPassword != "" and newPassword != "": + if os_name == "LINUX": + path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home) + elif os_name == "WINDOWS": + path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home) + get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s"%(JAVA_BIN,ranger_log,path,'ChangePasswordUtil',userName,oldPassword,newPassword) + if os_name == "LINUX": + ret = subprocess.call(shlex.split(get_java_cmd)) + elif os_name == "WINDOWS": + ret = subprocess.call(get_java_cmd) + if ret == 0: + log("[I] Password updated successfully","info") + else: + log("[E] Unable to update password of user:"+userName,"error") + sys.exit(1) + else: + log("[E] Input Error","error") + +main(sys.argv) http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f9300ca9/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java new file mode 100644 index 0000000..fd72e97 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/ChangePasswordUtil.java @@ -0,0 +1,127 @@ +/*<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +-->*/ + +package org.apache.ranger.patch.cliutil; + +import org.apache.log4j.Logger; +import org.apache.ranger.biz.UserMgr; +import org.apache.ranger.db.RangerDaoManager; +import org.apache.ranger.entity.XXPortalUser; +import org.apache.ranger.patch.BaseLoader; +import org.apache.ranger.util.CLIUtil; +import org.apache.solr.common.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +@Component +public class ChangePasswordUtil extends BaseLoader { + private static Logger logger = Logger.getLogger(ChangePasswordUtil.class); + + @Autowired + RangerDaoManager daoMgr; + + @Autowired + UserMgr userMgr; + + public static String userLoginId; + public static String currentPassword; + public static String newPassword; + + public static void main(String[] args) { + logger.info("main()"); + try { + ChangePasswordUtil loader = (ChangePasswordUtil) CLIUtil.getBean(ChangePasswordUtil.class); + loader.init(); + if (args.length == 3) { + userLoginId = args[0]; + currentPassword = args[1]; + newPassword = args[2]; + if(StringUtils.isEmpty(userLoginId)){ + System.out.println("Invalid login ID. Exiting!!!"); + logger.info("Invalid login ID. Exiting!!!"); + System.exit(1); + } + if(StringUtils.isEmpty(currentPassword)){ + System.out.println("Invalid current password. Exiting!!!"); + logger.info("Invalid current password. Exiting!!!"); + System.exit(1); + } + if(StringUtils.isEmpty(newPassword)){ + System.out.println("Invalid new password. Exiting!!!"); + logger.info("Invalid new password. Exiting!!!"); + System.exit(1); + } + while (loader.isMoreToProcess()) { + loader.load(); + } + logger.info("Load complete. Exiting!!!"); + System.exit(0); + }else{ + System.out.println("ChangePasswordUtil: Incorrect Arguments \n Usage: \n <loginId> <current-password> <new-password>"); + logger.error("ChangePasswordUtil: Incorrect Arguments \n Usage: \n <loginId> <current-password> <new-password>"); + System.exit(1); + } + } + catch (Exception e) { + logger.error("Error loading", e); + System.exit(1); + } + } + + @Override + public void init() throws Exception { + } + + @Override + public void printStats() { + } + + @Override + public void execLoad() { + logger.info("==> ChangePasswordUtil.execLoad()"); + updateAdminPassword(); + logger.info("<== ChangePasswordUtil.execLoad()"); + } + + public void updateAdminPassword() { + XXPortalUser xPortalUser=daoMgr.getXXPortalUser().findByLoginId(userLoginId); + if (xPortalUser!=null){ + String dbPassword=xPortalUser.getPassword(); + String currentEncryptedPassword=null; + try { + currentEncryptedPassword=userMgr.encrypt(userLoginId, currentPassword); + if (currentEncryptedPassword.equals(dbPassword)){ + userMgr.updatePasswordInSHA256(userLoginId,newPassword); + logger.info("User '"+userLoginId+"' Password updated sucessfully."); + } + else{ + System.out.println("Invalid user password"); + logger.error("Invalid user password"); + System.exit(1); + } + } catch (Exception e) { + e.printStackTrace(); + } + } + else{ + System.out.println("User does not exist in DB!!"); + logger.error("User does not exist in DB"); + System.exit(1); + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f9300ca9/src/main/assembly/admin-web.xml ---------------------------------------------------------------------- diff --git a/src/main/assembly/admin-web.xml b/src/main/assembly/admin-web.xml index 7fd2abf..7395add 100644 --- a/src/main/assembly/admin-web.xml +++ b/src/main/assembly/admin-web.xml @@ -357,6 +357,7 @@ <include>update_property.py</include> <include>ranger_credential_helper.py</include> <include>deleteUserGroupUtil.py</include> + <include>changepasswordutil.py</include> </includes> <fileMode>544</fileMode> </fileSet>
