From ee200369c80df50947571fb04b51684ec19f02be Mon Sep 17 00:00:00 2001 From: interma Date: Wed, 14 Jun 2017 18:22:50 +0800 Subject: [PATCH] HAWQ-1485. fix exception of decryptPassword twice in lookupResource() --- .../hawq/ranger/service/HawqClient.java | 23 +++++++++++++------ .../ranger/service/RangerServiceHawq.java | 9 +++++++- 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java b/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java index bae2d2d3ba..a8ab4c71b1 100644 --- a/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java +++ b/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/HawqClient.java @@ -94,19 +94,25 @@ public HawqClient(String serviceName, Map connectionProperties) /** * clone a new Properties for debug logging: - * 1. remove password field for preventing plain password leak in log - * 2. add a _password_length field for debug + * 1. remove all password fields for preventing plain password leak in log + * 2. add _password_length fields for debug * * @param connectionProperties * @return a new cloned Map for debug logging */ private Map removePassword(Map connectionProperties) { Map new_property = new HashMap(connectionProperties); - if (new_property.containsKey("password")) { - String password = new_property.get("password"); - new_property.remove("password"); - new_property.put("_password_length", Integer.toString(password.length())); + + String pass_fields[] = {"password", "password_jdbc"}; + for (int i = 0; i < pass_fields.length; i++) { + String field = pass_fields[i]; + if (new_property.containsKey(field)) { + String password = new_property.get(field); + new_property.remove(field); + new_property.put("_"+field+"_length", Integer.toString(password.length())); + } } + return new_property; } @@ -130,10 +136,13 @@ private Connection getConnection(Map connectionProperties, Strin props.setProperty("jaasApplicationName", "pgjdbc"); } + String password = connectionProperties.get("password"); + if (connectionProperties.containsKey("password_jdbc")) + password = connectionProperties.get("password_jdbc"); String url = String.format("jdbc:postgresql://%s:%s/%s", connectionProperties.get("hostname"), connectionProperties.get("port"), db); props.setProperty("user", connectionProperties.get("username")); - props.setProperty("password", connectionProperties.get("password")); + props.setProperty("password", password); if (LOG.isDebugEnabled()) { LOG.debug("<== HawqClient.checkConnection Connecting to: (" + url + ") with user: " + connectionProperties.get("username")); diff --git a/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/RangerServiceHawq.java b/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/RangerServiceHawq.java index 967924a53c..8915bc691d 100644 --- a/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/RangerServiceHawq.java +++ b/ranger-plugin/admin-plugin/src/main/java/org/apache/hawq/ranger/service/RangerServiceHawq.java @@ -102,6 +102,13 @@ private HashMap checkConnection(Map configs) thr return result; } + /** + * decrypt password field of configs + * Note: + * the decrypted password is set in a new password_jdbc field + * @param configs + * @throws Exception + */ private void decryptPassword(Map configs) throws Exception { if (configs.containsKey("password")) { String normal_password = configs.get("password"); @@ -112,7 +119,7 @@ private void decryptPassword(Map configs) throws Exception { // when decrypt failed do nothing LOG.warn("decrypt_password failed: " + e); } - configs.put("password", normal_password); + configs.put("password_jdbc", normal_password); } }