Re: Review Request 64323: RANGER-1915:Optimize the code and keep the code style consistent in the RangerAdminRESTClient class

2017-12-04 Thread Alejandro Fernandez 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64323/#review192807
---


Ship it!




Ship It!

- Alejandro Fernandez


On Dec. 5, 2017, 2:39 a.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64323/
> ---
> 
> (Updated Dec. 5, 2017, 2:39 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1915
> https://issues.apache.org/jira/browse/RANGER-1915
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Default constructors didn't need to display declarations and Most of the 
> places using HttpServletResponse status code in RangerAdminRESTClient class.
> HttpServletResponse.SC_UNAUTHORIZED Replaces 401 to keep the code style 
> consistent.
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
>  0aa400f 
> 
> 
> Diff: https://reviews.apache.org/r/64323/diff/1/
> 
> 
> Testing
> ---
> 
> Tested it.
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

Re: Review Request 62495: RANGER-1797:Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.82.

2017-12-04 Thread pengjianhua 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62495/
---

(Updated 十二月 5, 2017, 2:59 a.m.)


Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Bugs: RANGER-1797
https://issues.apache.org/jira/browse/RANGER-1797


Repository: ranger


Description
---

[Security Vulnerability Alert] Tomcat Information leakage and remote code 
execution vulnerabilities.

CVE ID:
CVE-2017-12615\CVE-2017-12616

Description
CVE-2017-12615:When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP 
PUTs enabled, it was possible to upload a JSP file to the server via a 
specially crafted request. This JSP could then be requested and any code it 
contained would be executed by the server.
CVE-2017-12616:When using a VirtualDirContext with Apache Tomcat 7.0.0 to 
7.0.80, it was possible to use a specially crafted request, bypass security 
constraints, or get the source code of JSPs for resources served by the 
VirtualDirContext, thereby cased code disclosure.

Scope
CVE-2017-12615:Apache Tomcat 7.0.0 - 7.0.79
CVE-2017-12616:Apache Tomcat 7.0.0 - 7.0.80

Solution
The official release of the Apache Tomcat 7.0.81 version has fixed the two 
vulnerabilities and recommends upgrading to the latest version.

Reference
https://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.82


Diffs (updated)
-

  embeddedwebserver/pom.xml 81699573 
  pom.xml 589cd6ac 
  src/main/assembly/admin-web.xml aa37426f 
  src/main/assembly/kms.xml 7c40ce4e 


Diff: https://reviews.apache.org/r/62495/diff/5/

Changes: https://reviews.apache.org/r/62495/diff/4-5/


Testing
---


Thanks,

pengjianhua

[jira] [Updated] (RANGER-1915) Optimize the code and keep the code style consistent in the RangerAdminRESTClient class

2017-12-04 Thread peng.jianhua (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1915?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

peng.jianhua updated RANGER-1915:
-
Attachment: (was: 
0001-RANGER-1915-Optimize-the-code-and-keep-the-code-styl.patch)

> Optimize the code and keep the code style consistent in the 
> RangerAdminRESTClient class
> ---
>
> Key: RANGER-1915
> URL: https://issues.apache.org/jira/browse/RANGER-1915
> Project: Ranger
>  Issue Type: Improvement
>  Components: admin
>Affects Versions: master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
> Fix For: master
>
> Attachments: 
> 0001-RANGER-1915-Optimize-the-code-and-keep-the-code-styl.patch
>
>
> Default constructors didn't need to display declarations and Most of the 
> places using HttpServletResponse status code in RangerAdminRESTClient class,
> HttpServletResponse.SC_UNAUTHORIZED Replaces 401 to keep the code style 
> consistent.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Review Request 64323: RANGER-1915:Optimize the code and keep the code style consistent in the RangerAdminRESTClient class

2017-12-04 Thread pengjianhua 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64323/
---

Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Bugs: RANGER-1915
https://issues.apache.org/jira/browse/RANGER-1915


Repository: ranger


Description
---

Default constructors didn't need to display declarations and Most of the places 
using HttpServletResponse status code in RangerAdminRESTClient class.
HttpServletResponse.SC_UNAUTHORIZED Replaces 401 to keep the code style 
consistent.


Diffs
-

  
agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java
 0aa400f 


Diff: https://reviews.apache.org/r/64323/diff/1/


Testing
---

Tested it.


Thanks,

pengjianhua

[jira] [Updated] (RANGER-1915) Optimize the code and keep the code style consistent in the RangerAdminRESTClient class

2017-12-04 Thread peng.jianhua (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1915?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

peng.jianhua updated RANGER-1915:
-
Attachment: 0001-RANGER-1915-Optimize-the-code-and-keep-the-code-styl.patch

> Optimize the code and keep the code style consistent in the 
> RangerAdminRESTClient class
> ---
>
> Key: RANGER-1915
> URL: https://issues.apache.org/jira/browse/RANGER-1915
> Project: Ranger
>  Issue Type: Improvement
>  Components: admin
>Affects Versions: master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
> Fix For: master
>
> Attachments: 
> 0001-RANGER-1915-Optimize-the-code-and-keep-the-code-styl.patch
>
>
> Default constructors didn't need to display declarations and Most of the 
> places using HttpServletResponse status code in RangerAdminRESTClient class,
> HttpServletResponse.SC_UNAUTHORIZED Replaces 401 to keep the code style 
> consistent.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (RANGER-1915) Optimize the code and keep the code style consistent in the RangerAdminRESTClient class

2017-12-04 Thread peng.jianhua (JIRA) 
peng.jianhua created RANGER-1915:


 Summary: Optimize the code and keep the code style consistent in 
the RangerAdminRESTClient class
 Key: RANGER-1915
 URL: https://issues.apache.org/jira/browse/RANGER-1915
 Project: Ranger
  Issue Type: Improvement
  Components: admin
Affects Versions: master
Reporter: peng.jianhua
Assignee: peng.jianhua
 Fix For: master


Default constructors didn't need to display declarations and Most of the places 
using HttpServletResponse status code in RangerAdminRESTClient class,
HttpServletResponse.SC_UNAUTHORIZED Replaces 401 to keep the code style 
consistent.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Re: Review Request 64293: RANGER-1914:Modify crypt_algo_array.length to avoid java.lang.ArrayIndexOutOfBoundsException in PasswordUtils.class

2017-12-04 Thread Qiang Zhang 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64293/#review192797
---


Ship it!




Ship It!

- Qiang Zhang


On Dec. 4, 2017, 8:30 a.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64293/
> ---
> 
> (Updated Dec. 4, 2017, 8:30 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1914
> https://issues.apache.org/jira/browse/RANGER-1914
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Code: if (crypt_algo_array != null && crypt_algo_array.length > 1)
>  when crypt_algo_array.length<5   password = crypt_algo_array[4]; will case 
> java.lang.ArrayIndexOutOfBoundsException.
>  Change from "if (crypt_algo_array != null && crypt_algo_array.length > 1)"  
> to "if (crypt_algo_array != null && crypt_algo_array.length > 4)".
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java 
> 58cdd35 
> 
> 
> Diff: https://reviews.apache.org/r/64293/diff/1/
> 
> 
> Testing
> ---
> 
> Tested it.
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

Re: Review Request 62495: RANGER-1797:Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.82.

2017-12-04 Thread pengjianhua 


> On 十一月 30, 2017, 9:38 a.m., Vishal Suvagia wrote:
> > pom.xml
> > Line 212 (original), 212 (patched)
> > 
> >
> > @PengJianhua,
> > I used attached patch and did a build on  my local machine 
> > using mvn clean compile package.
> > After that, I ran the setup for Ranger-Admin. Then I did a 
> > ranger-admin-services start. I am getting error in catalina.out file as the 
> > Tomcat server start itself is failing(PS: attached log file on apache jira).
> > 
> > To resolve the issue I had to add a dependency for javax.annotation-api.
> > 
> > Did the attached patch work for you without adding this dependency ? If 
> > yes Kindly share how did this work for you !
> 
> pengjianhua wrote:
> Ok. I didn't add this dependency. My compiling is ok. Please delete your 
> local maven repository. Then compile the ranger project using the following 
> command:
> sudo mvn clean compile package assembly:assembly install -DskipTests
> 
> Vishal Suvagia wrote:
> Pengjianhua, the compile goes through fine. But did Ranger-Admin service 
> start using the compiled packaged bits. Are you able to access Ranger UI ?
> 
> pengjianhua wrote:
> I can access ranger UI. Your question should have nothing to do with this 
> issue. If I guess good, you should be more in-depth understanding of how to 
> use ranger, please refer to the manual to configure your ranger.
> If you encounter problems during use, you can email me or the community.
> 
> bhavik patel wrote:
> @Pengjianhua : When I try to start Ranger-Admin and Ranger-KMS services, 
> the service start itself is failing and also got the same error in 
> catalina.out which Vishal has attached on jira. 
> 
> Not sure how it's working for you!!!
> 
> Colm O hEigeartaigh wrote:
> It also fails for me with errors in catalina.out like:
> 
> INFO: validateJarFile(../lib/javax.servlet-api-3.1.0.jar) - jar not 
> loaded. See Servlet Spec 3.0, section 10.7.2. Offending class: 
> javax/servlet/Servlet.class
> 
> pengjianhua wrote:
> I compiled the source that I built the patch.Based on the compiling's 
> version I've been testing and verify whether the issue effected the ranger's 
> function. Maybe our lastest modifications introduced new issues. I will also 
> compile the lastest source to further verify the problem you mentioned.
> 
> pengjianhua wrote:
> I'm sorry. In this patch I lacked the tomcat-annotations-api dependency 
> package. I had fixed this patch. Thanks!

Hi Colm and bhavik patel, Is there any problem now, if there is no problem, I 
will merge this issue.


- pengjianhua


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62495/#review192253
---


On 十二月 4, 2017, 8:47 a.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62495/
> ---
> 
> (Updated 十二月 4, 2017, 8:47 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1797
> https://issues.apache.org/jira/browse/RANGER-1797
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> [Security Vulnerability Alert] Tomcat Information leakage and remote code 
> execution vulnerabilities.
> 
> CVE ID:
> CVE-2017-12615\CVE-2017-12616
> 
> Description
> CVE-2017-12615:When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with 
> HTTP PUTs enabled, it was possible to upload a JSP file to the server via a 
> specially crafted request. This JSP could then be requested and any code it 
> contained would be executed by the server.
> CVE-2017-12616:When using a VirtualDirContext with Apache Tomcat 7.0.0 to 
> 7.0.80, it was possible to use a specially crafted request, bypass security 
> constraints, or get the source code of JSPs for resources served by the 
> VirtualDirContext, thereby cased code disclosure.
> 
> Scope
> CVE-2017-12615:Apache Tomcat 7.0.0 - 7.0.79
> CVE-2017-12616:Apache Tomcat 7.0.0 - 7.0.80
> 
> Solution
> The official release of the Apache Tomcat 7.0.81 version has fixed the two 
> vulnerabilities and recommends upgrading to the latest version.
> 
> Reference
> https://tomcat.apache.org/security-7.html
> http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81
> https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.82
> 
> 
> Diffs
> -
> 
>   embeddedwebserver/pom.xml 81699573 
>   pom.xml 589cd6ac 
> 
> 
> Diff: https://reviews.apache.org/r/62495/diff/4/
> 
> 
> Testing
> ---
> 
> 
>

Re: Review Request 63949: RANGER-1898 - Simplify Knox plugin dependency management

2017-12-04 Thread Colm O hEigeartaigh 


> On Nov. 28, 2017, 6:39 a.m., bhavik patel wrote:
> > @Colm : Can you please confirm that audit to solr is working as expected? 
> > because you are also removing the ranger-plugins-audit dependency.
> 
> Colm O hEigeartaigh wrote:
> The ranger-plugins-audit dependency is on the classpath via the 
> agents-common module. However, I've removed that change just to make things 
> easier to review - as my main goal is to simplify third-party dependencies in 
> the poms.

For the record, I have verified that auditing to Solr works correctly.


- Colm


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/63949/#review191998
---


On Nov. 28, 2017, 10:47 a.m., Colm O hEigeartaigh wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/63949/
> ---
> 
> (Updated Nov. 28, 2017, 10:47 a.m.)
> 
> 
> Review request for ranger.
> 
> 
> Bugs: RANGER-1898
> https://issues.apache.org/jira/browse/RANGER-1898
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> This task is to simplify the dependency management for the Knox plugin for 
> Ranger.
> 
> 
> Diffs
> -
> 
>   knox-agent/pom.xml 52f15cd0 
> 
> 
> Diff: https://reviews.apache.org/r/63949/diff/3/
> 
> 
> Testing
> ---
> 
> Tested that the distribution ships the same jars as before. Also tested a 
> use-case involving Ranger + Knox.
> 
> 
> Thanks,
> 
> Colm O hEigeartaigh
> 
>

Re: Review Request 64228: Traverse check in RangerHdfsAuthorizer works incorrectly

2017-12-04 Thread Colm O hEigeartaigh 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64228/#review192712
---


Ship it!




Ship It!

- Colm O hEigeartaigh


On Dec. 2, 2017, 1:25 a.m., Abhay Kulkarni wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64228/
> ---
> 
> (Updated Dec. 2, 2017, 1:25 a.m.)
> 
> 
> Review request for ranger, Colm O hEigeartaigh, Zsombor Gegesy, Madhan 
> Neethiraj, Ramesh Mani, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-1707
> https://issues.apache.org/jira/browse/RANGER-1707
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Traversal check in RangerHdfsAuthorizer works incorrectly, when it is asked 
> for access to /a/b/c.txt, it only checks that if there are a policy which 
> grants EXEC to /a/b, but if it there aren't any, then it doesn't check, if 
> there is a policy which grants READ, WRITE or EXEC to /a/b/c.txt explicitly, 
> which would mean, that the path is accessible to the user.
> This hasn't noticed by the current unit tests, because HDFS before 2.8.0 
> doesn't called the traversal check before reading or writing a file, however 
> it will cause problem with 2.8.0, where FSDirectory.resolvePath will perform 
> a mandatory traversal check.
> 
> This patch is based on the patch submitted for review 
> (https://reviews.apache.org/r/61062/) with following modifications.
> 1. If traversal check (check for EXECUTE on the parent/ancestor if resource 
> is a file) does not fail with explicit DENY by Ranger Authorizer, then it is 
> presumed to have succeeded without any further checks and no audit record 
> created. If it fails with DENY, then the authorization fails and an audit 
> record is created.
> 2. Test policies in hdfs-policies.json and test cases 
> (RangerHdfsAuthorizerTest) are modified to test for explicit DENY case.
> 
> 
> Diffs
> -
> 
>   hdfs-agent/pom.xml 87ba777 
>   
> hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java
>  af4d9b5 
>   
> hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/RangerAdminClientImpl.java
>  75d73aa 
>   
> hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/RangerHdfsAuthorizerTest.java
>  PRE-CREATION 
>   hdfs-agent/src/test/resources/hdfs_version_3.0/hdfs-policies-tag.json 
> PRE-CREATION 
>   hdfs-agent/src/test/resources/hdfs_version_3.0/hdfs-policies.json 
> PRE-CREATION 
> 
> 
> Diff: https://reviews.apache.org/r/64228/diff/2/
> 
> 
> Testing
> ---
> 
> Unit tested with HDFS versions 2.7.1 and 3.0.0.
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

[jira] [Resolved] (RANGER-1913) build fail with JDK 9

2017-12-04 Thread Ronald van de Kuil (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1913?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ronald van de Kuil resolved RANGER-1913.

Resolution: Not A Problem

> build fail with JDK 9
> -
>
> Key: RANGER-1913
> URL: https://issues.apache.org/jira/browse/RANGER-1913
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 0.7.1
> Environment: Ubuntu 16.04
> mvn -version
> Apache Maven 3.3.9
> Maven home: /usr/share/maven
> Java version: 9.0.1, vendor: Oracle Corporation
> Java home: /usr/lib/jvm/java-9-oracle
> Default locale: en_US, platform encoding: UTF-8
> OS name: "linux", version: "4.10.0-40-generic", arch: "amd64", family: "unix"
>Reporter: Ronald van de Kuil
>Priority: Minor
>
> [ERROR] Failed to execute goal on project ranger-hbase-plugin-shim: Could not 
> resolve dependencies for project 
> org.apache.ranger:ranger-hbase-plugin-shim:jar:0.7.1: Could not find artifact 
> jdk.tools:jdk.tools:jar:1.7 at specified path 
> /usr/lib/jvm/java-9-oracle/../lib/tools.jar -> [Help 1



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (RANGER-1913) build fail with JDK 9

2017-12-04 Thread Ronald van de Kuil (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1913?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16276978#comment-16276978
 ] 

Ronald van de Kuil commented on RANGER-1913:


OK. It build with JDK8. Thank you.

> build fail with JDK 9
> -
>
> Key: RANGER-1913
> URL: https://issues.apache.org/jira/browse/RANGER-1913
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 0.7.1
> Environment: Ubuntu 16.04
> mvn -version
> Apache Maven 3.3.9
> Maven home: /usr/share/maven
> Java version: 9.0.1, vendor: Oracle Corporation
> Java home: /usr/lib/jvm/java-9-oracle
> Default locale: en_US, platform encoding: UTF-8
> OS name: "linux", version: "4.10.0-40-generic", arch: "amd64", family: "unix"
>Reporter: Ronald van de Kuil
>Priority: Minor
>
> [ERROR] Failed to execute goal on project ranger-hbase-plugin-shim: Could not 
> resolve dependencies for project 
> org.apache.ranger:ranger-hbase-plugin-shim:jar:0.7.1: Could not find artifact 
> jdk.tools:jdk.tools:jar:1.7 at specified path 
> /usr/lib/jvm/java-9-oracle/../lib/tools.jar -> [Help 1



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Re: Review Request 64293: RANGER-1914:Modify crypt_algo_array.length to avoid java.lang.ArrayIndexOutOfBoundsException in PasswordUtils.class

2017-12-04 Thread Colm O hEigeartaigh 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64293/#review192692
---


Ship it!




Ship It!

- Colm O hEigeartaigh


On Dec. 4, 2017, 8:30 a.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64293/
> ---
> 
> (Updated Dec. 4, 2017, 8:30 a.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1914
> https://issues.apache.org/jira/browse/RANGER-1914
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> Code: if (crypt_algo_array != null && crypt_algo_array.length > 1)
>  when crypt_algo_array.length<5   password = crypt_algo_array[4]; will case 
> java.lang.ArrayIndexOutOfBoundsException.
>  Change from "if (crypt_algo_array != null && crypt_algo_array.length > 1)"  
> to "if (crypt_algo_array != null && crypt_algo_array.length > 4)".
> 
> 
> Diffs
> -
> 
>   
> agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java 
> 58cdd35 
> 
> 
> Diff: https://reviews.apache.org/r/64293/diff/1/
> 
> 
> Testing
> ---
> 
> Tested it.
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

Review Request 64295: RANGER-1912: Ranger setup fails with mariadb/mysql when binary logging is enabled

2017-12-04 Thread Pradeep Agrawal 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64295/
---

Review request for ranger, Ankita Sinha, Don Bosco Durai, bhavik patel, Gautam 
Borad, Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan 
Neethiraj, Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-1912
https://issues.apache.org/jira/browse/RANGER-1912


Repository: ranger


Description
---

**Problem Statement:** Ranger Admin installation fails when using MariaDB/MySQL 
with binary logging enabled.
The install should work even if binary logging is enabled.

**Proposed Solution:** We can remove usage of stored function and it can be 
replaced with the stored procedure.


Diffs
-

  security-admin/db/mysql/patches/007-updateBlankPolicyName.sql d251bc2 
  security-admin/db/mysql/patches/008-removeTrailingSlash.sql c29a786 


Diff: https://reviews.apache.org/r/64295/diff/1/


Testing
---

**Steps Performed (with patch) :**
1. Enabled binary logging in mysql and restarted mysql service.
2. After mvn Build; untar the Ranger module and updated install.properties for 
MySQL DB flavor.
2. Called setup.sh to install Ranger.

**Expected Behavior :**
1. Ranger installation should finish successfully and db patch 007 and 008 
should get applied successfully. 
2. Ranger UI should work.

**Actual Behavior :**
1. Ranger Installtion finished successfully and db patch 007 and 008 was 
applied successfully.
2. Started Ranger Admin and was able to login in Ranger UI.


Thanks,

Pradeep Agrawal

[jira] [Commented] (RANGER-1913) build fail with JDK 9

2017-12-04 Thread Colm O hEigeartaigh (JIRA) 

[ 
https://issues.apache.org/jira/browse/RANGER-1913?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16276559#comment-16276559
 ] 

Colm O hEigeartaigh commented on RANGER-1913:
-

Ranger doesn't currently build with JDK9. Either JDK 8 or 7 should be fine.

> build fail with JDK 9
> -
>
> Key: RANGER-1913
> URL: https://issues.apache.org/jira/browse/RANGER-1913
> Project: Ranger
>  Issue Type: Improvement
>  Components: plugins
>Affects Versions: 0.7.1
> Environment: Ubuntu 16.04
> mvn -version
> Apache Maven 3.3.9
> Maven home: /usr/share/maven
> Java version: 9.0.1, vendor: Oracle Corporation
> Java home: /usr/lib/jvm/java-9-oracle
> Default locale: en_US, platform encoding: UTF-8
> OS name: "linux", version: "4.10.0-40-generic", arch: "amd64", family: "unix"
>Reporter: Ronald van de Kuil
>Priority: Minor
>
> [ERROR] Failed to execute goal on project ranger-hbase-plugin-shim: Could not 
> resolve dependencies for project 
> org.apache.ranger:ranger-hbase-plugin-shim:jar:0.7.1: Could not find artifact 
> jdk.tools:jdk.tools:jar:1.7 at specified path 
> /usr/lib/jvm/java-9-oracle/../lib/tools.jar -> [Help 1



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Re: Review Request 62495: RANGER-1797:Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.82.

2017-12-04 Thread pengjianhua 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62495/
---

(Updated 十二月 4, 2017, 8:47 a.m.)


Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Bugs: RANGER-1797
https://issues.apache.org/jira/browse/RANGER-1797


Repository: ranger


Description
---

[Security Vulnerability Alert] Tomcat Information leakage and remote code 
execution vulnerabilities.

CVE ID:
CVE-2017-12615\CVE-2017-12616

Description
CVE-2017-12615:When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP 
PUTs enabled, it was possible to upload a JSP file to the server via a 
specially crafted request. This JSP could then be requested and any code it 
contained would be executed by the server.
CVE-2017-12616:When using a VirtualDirContext with Apache Tomcat 7.0.0 to 
7.0.80, it was possible to use a specially crafted request, bypass security 
constraints, or get the source code of JSPs for resources served by the 
VirtualDirContext, thereby cased code disclosure.

Scope
CVE-2017-12615:Apache Tomcat 7.0.0 - 7.0.79
CVE-2017-12616:Apache Tomcat 7.0.0 - 7.0.80

Solution
The official release of the Apache Tomcat 7.0.81 version has fixed the two 
vulnerabilities and recommends upgrading to the latest version.

Reference
https://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.82


Diffs (updated)
-

  embeddedwebserver/pom.xml 81699573 
  pom.xml 589cd6ac 


Diff: https://reviews.apache.org/r/62495/diff/4/

Changes: https://reviews.apache.org/r/62495/diff/3-4/


Testing
---


Thanks,

pengjianhua

Re: Review Request 62495: RANGER-1797:Tomcat Security Vulnerability Alert. The version of the tomcat for ranger should upgrade to 7.0.82.

2017-12-04 Thread pengjianhua 


> On 十一月 30, 2017, 9:38 a.m., Vishal Suvagia wrote:
> > pom.xml
> > Line 212 (original), 212 (patched)
> > 
> >
> > @PengJianhua,
> > I used attached patch and did a build on  my local machine 
> > using mvn clean compile package.
> > After that, I ran the setup for Ranger-Admin. Then I did a 
> > ranger-admin-services start. I am getting error in catalina.out file as the 
> > Tomcat server start itself is failing(PS: attached log file on apache jira).
> > 
> > To resolve the issue I had to add a dependency for javax.annotation-api.
> > 
> > Did the attached patch work for you without adding this dependency ? If 
> > yes Kindly share how did this work for you !
> 
> pengjianhua wrote:
> Ok. I didn't add this dependency. My compiling is ok. Please delete your 
> local maven repository. Then compile the ranger project using the following 
> command:
> sudo mvn clean compile package assembly:assembly install -DskipTests
> 
> Vishal Suvagia wrote:
> Pengjianhua, the compile goes through fine. But did Ranger-Admin service 
> start using the compiled packaged bits. Are you able to access Ranger UI ?
> 
> pengjianhua wrote:
> I can access ranger UI. Your question should have nothing to do with this 
> issue. If I guess good, you should be more in-depth understanding of how to 
> use ranger, please refer to the manual to configure your ranger.
> If you encounter problems during use, you can email me or the community.
> 
> bhavik patel wrote:
> @Pengjianhua : When I try to start Ranger-Admin and Ranger-KMS services, 
> the service start itself is failing and also got the same error in 
> catalina.out which Vishal has attached on jira. 
> 
> Not sure how it's working for you!!!
> 
> Colm O hEigeartaigh wrote:
> It also fails for me with errors in catalina.out like:
> 
> INFO: validateJarFile(../lib/javax.servlet-api-3.1.0.jar) - jar not 
> loaded. See Servlet Spec 3.0, section 10.7.2. Offending class: 
> javax/servlet/Servlet.class
> 
> pengjianhua wrote:
> I compiled the source that I built the patch.Based on the compiling's 
> version I've been testing and verify whether the issue effected the ranger's 
> function. Maybe our lastest modifications introduced new issues. I will also 
> compile the lastest source to further verify the problem you mentioned.

I'm sorry. In this patch I lacked the tomcat-annotations-api dependency 
package. I had fixed this patch. Thanks!


- pengjianhua


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62495/#review192253
---


On 十一月 30, 2017, 1:55 p.m., pengjianhua wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62495/
> ---
> 
> (Updated 十一月 30, 2017, 1:55 p.m.)
> 
> 
> Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
> hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
> Neethiraj, Velmurugan Periasamy, and Qiang Zhang.
> 
> 
> Bugs: RANGER-1797
> https://issues.apache.org/jira/browse/RANGER-1797
> 
> 
> Repository: ranger
> 
> 
> Description
> ---
> 
> [Security Vulnerability Alert] Tomcat Information leakage and remote code 
> execution vulnerabilities.
> 
> CVE ID:
> CVE-2017-12615\CVE-2017-12616
> 
> Description
> CVE-2017-12615:When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with 
> HTTP PUTs enabled, it was possible to upload a JSP file to the server via a 
> specially crafted request. This JSP could then be requested and any code it 
> contained would be executed by the server.
> CVE-2017-12616:When using a VirtualDirContext with Apache Tomcat 7.0.0 to 
> 7.0.80, it was possible to use a specially crafted request, bypass security 
> constraints, or get the source code of JSPs for resources served by the 
> VirtualDirContext, thereby cased code disclosure.
> 
> Scope
> CVE-2017-12615:Apache Tomcat 7.0.0 - 7.0.79
> CVE-2017-12616:Apache Tomcat 7.0.0 - 7.0.80
> 
> Solution
> The official release of the Apache Tomcat 7.0.81 version has fixed the two 
> vulnerabilities and recommends upgrading to the latest version.
> 
> Reference
> https://tomcat.apache.org/security-7.html
> http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81
> https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.82
> 
> 
> Diffs
> -
> 
>   pom.xml 589cd6ac 
> 
> 
> Diff: https://reviews.apache.org/r/62495/diff/3/
> 
> 
> Testing
> ---
> 
> 
> Thanks,
> 
> pengjianhua
> 
>

Review Request 64293: RANGER-1914:Modify crypt_algo_array.length to avoid java.lang.ArrayIndexOutOfBoundsException in PasswordUtils.class

2017-12-04 Thread pengjianhua 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64293/
---

Review request for ranger, Alok Lal, Ankita Sinha, Don Bosco Durai, Colm O 
hEigeartaigh, Gautam Borad, Madhan Neethiraj, Ramesh Mani, Selvamohan 
Neethiraj, Velmurugan Periasamy, and Qiang Zhang.


Bugs: RANGER-1914
https://issues.apache.org/jira/browse/RANGER-1914


Repository: ranger


Description
---

Code: if (crypt_algo_array != null && crypt_algo_array.length > 1)
 when crypt_algo_array.length<5   password = crypt_algo_array[4]; will case 
java.lang.ArrayIndexOutOfBoundsException.
 Change from "if (crypt_algo_array != null && crypt_algo_array.length > 1)"  to 
"if (crypt_algo_array != null && crypt_algo_array.length > 4)".


Diffs
-

  agents-common/src/main/java/org/apache/ranger/plugin/util/PasswordUtils.java 
58cdd35 


Diff: https://reviews.apache.org/r/64293/diff/1/


Testing
---

Tested it.


Thanks,

pengjianhua

[jira] [Updated] (RANGER-1914) Modify crypt_algo_array.length to avoid java.lang.ArrayIndexOutOfBoundsException in PasswordUtils.class

2017-12-04 Thread peng.jianhua (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1914?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

peng.jianhua updated RANGER-1914:
-
Description: 
Modify crypt_algo_array.length to avoid 
java.lang.ArrayIndexOutOfBoundsException in PasswordUtils.class
if (crypt_algo_array != null && crypt_algo_array.length > 1)
 when crypt_algo_array.length<5   password = crypt_algo_array[4]; will case 
java.lang.ArrayIndexOutOfBoundsException.
 Change from "if (crypt_algo_array != null && crypt_algo_array.length > 1)"  
to"if (crypt_algo_array != null && crypt_algo_array.length > 4)"

  was:
Modify crypt_algo_array.length to avoid 
java.lang.ArrayIndexOutOfBoundsException in PasswordUtils.class
if (crypt_algo_array != null && crypt_algo_array.length > 1)
 when crypt_algo_array.length<5   password = crypt_algo_array[4]; will case  
password = crypt_algo_array[4];
 Change from "if (crypt_algo_array != null && crypt_algo_array.length > 1)"  
to"if (crypt_algo_array != null && crypt_algo_array.length > 4)"


> Modify crypt_algo_array.length to avoid 
> java.lang.ArrayIndexOutOfBoundsException in PasswordUtils.class
> ---
>
> Key: RANGER-1914
> URL: https://issues.apache.org/jira/browse/RANGER-1914
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>Priority: Minor
> Fix For: master
>
> Attachments: 
> 0001-RANGER-1914-Modify-crypt_algo_array.length-to-avoid-.patch
>
>
> Modify crypt_algo_array.length to avoid 
> java.lang.ArrayIndexOutOfBoundsException in PasswordUtils.class
> if (crypt_algo_array != null && crypt_algo_array.length > 1)
>  when crypt_algo_array.length<5   password = crypt_algo_array[4]; will case 
> java.lang.ArrayIndexOutOfBoundsException.
>  Change from "if (crypt_algo_array != null && crypt_algo_array.length > 1)"  
> to"if (crypt_algo_array != null && crypt_algo_array.length > 4)"



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (RANGER-1914) Modify crypt_algo_array.length to avoid java.lang.ArrayIndexOutOfBoundsException in PasswordUtils.class

2017-12-04 Thread peng.jianhua (JIRA) 

 [ 
https://issues.apache.org/jira/browse/RANGER-1914?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

peng.jianhua updated RANGER-1914:
-
Attachment: 0001-RANGER-1914-Modify-crypt_algo_array.length-to-avoid-.patch

> Modify crypt_algo_array.length to avoid 
> java.lang.ArrayIndexOutOfBoundsException in PasswordUtils.class
> ---
>
> Key: RANGER-1914
> URL: https://issues.apache.org/jira/browse/RANGER-1914
> Project: Ranger
>  Issue Type: Bug
>  Components: Ranger
>Affects Versions: master
>Reporter: peng.jianhua
>Assignee: peng.jianhua
>Priority: Minor
> Fix For: master
>
> Attachments: 
> 0001-RANGER-1914-Modify-crypt_algo_array.length-to-avoid-.patch
>
>
> Modify crypt_algo_array.length to avoid 
> java.lang.ArrayIndexOutOfBoundsException in PasswordUtils.class
> if (crypt_algo_array != null && crypt_algo_array.length > 1)
>  when crypt_algo_array.length<5   password = crypt_algo_array[4]; will case  
> password = crypt_algo_array[4];
>  Change from "if (crypt_algo_array != null && crypt_algo_array.length > 1)"  
> to"if (crypt_algo_array != null && crypt_algo_array.length > 4)"



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (RANGER-1914) Modify crypt_algo_array.length to avoid java.lang.ArrayIndexOutOfBoundsException in PasswordUtils.class

2017-12-04 Thread peng.jianhua (JIRA) 
peng.jianhua created RANGER-1914:


 Summary: Modify crypt_algo_array.length to avoid 
java.lang.ArrayIndexOutOfBoundsException in PasswordUtils.class
 Key: RANGER-1914
 URL: https://issues.apache.org/jira/browse/RANGER-1914
 Project: Ranger
  Issue Type: Bug
  Components: Ranger
Affects Versions: master
Reporter: peng.jianhua
Assignee: peng.jianhua
Priority: Minor
 Fix For: master


Modify crypt_algo_array.length to avoid 
java.lang.ArrayIndexOutOfBoundsException in PasswordUtils.class
if (crypt_algo_array != null && crypt_algo_array.length > 1)
 when crypt_algo_array.length<5   password = crypt_algo_array[4]; will case  
password = crypt_algo_array[4];
 Change from "if (crypt_algo_array != null && crypt_algo_array.length > 1)"  
to"if (crypt_algo_array != null && crypt_algo_array.length > 4)"



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)