Ranger 0.6

DISCLAIMER.txt

@@ -1,15 +1,6 @@
-Apache Ranger is an effort undergoing incubation at the Apache Software 
-Foundation (ASF), sponsored by the Apache Incubator PMC. 
+Apache Ranger is a Top Level Project (TLP) at the Apache Software Foundation (ASF).
 
-Incubation is required of all newly accepted projects until a further review 
-indicates that the infrastructure, communications, and decision making process 
-have stabilized in a manner consistent with other successful ASF projects. 
+This product includes software developed at The Apache Software
+Foundation (http://www.apache.org/).
 
-While incubation status is not necessarily a reflection of the completeness 
-or stability of the code, it does indicate that the project has yet to be 
-fully endorsed by the ASF.
-
-For more information about the incubation status of the Apache Ranger project you
-can go to the following page:
-
-http://ranger.incubator.apache.org
+http://ranger.apache.org

NOTICE.txt

@@ -1,7 +1,7 @@
 Apache Ranger
-Copyright 2014-2016 The Apache Software Foundation
-
-This product includes software developed at The Apache Software
-Foundation (http://www.apache.org/).
-
+Copyright 2014-2017 The Apache Software Foundation
 
+This product includes software developed at The Apache Software Foundation (http://www.apache.org/).
+his product includes json2.js (https://github.com/douglascrockford/JSON-js - Public Domain license) by Douglas Crockford
+This product includes Font Awesome 3.2.1 (http://fontawesome.io/ - SIL Open Font License (OFL) licensee) by Dave Gandy
+This product includes software developed by Spring Security Project (http://www.springframework.org/security)

agents-audit/pom.xml

@@ -27,7 +27,7 @@
     <parent>
         <groupId>org.apache.ranger</groupId>
         <artifactId>ranger</artifactId>
-        <version>0.6.0</version>
+        <version>0.6.4-SNAPSHOT</version>
         <relativePath>..</relativePath>
     </parent>
     <dependencies>

agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java

@@ -54,7 +54,7 @@ public class SolrAuditDestination extends AuditDestination {
 	public static final String DEFAULT_COLLECTION_NAME = "ranger_audits";
 	public static final String PROP_JAVA_SECURITY_AUTH_LOGIN_CONFIG = "java.security.auth.login.config";
 
-	SolrClient solrClient = null;
+	private volatile SolrClient solrClient = null;
 
 	public SolrAuditDestination() {
 	}
@@ -74,77 +74,80 @@ public void stop() {
 	}
 
 	synchronized void connect() {
-		if (solrClient == null) {
-			if (solrClient == null) {
-				String urls = MiscUtil.getStringProperty(props, propPrefix
-						+ "." + PROP_SOLR_URLS);
-				if (urls != null) {
-					urls = urls.trim();
-				}
-				if (urls != null && urls.equalsIgnoreCase("NONE")) {
-					urls = null;
-				}
-
-				List<String> solrURLs = new ArrayList<String>();
-				String zkHosts = null;
-				solrURLs = MiscUtil.toArray(urls, ",");
-				zkHosts = MiscUtil.getStringProperty(props, propPrefix + "."
-						+ PROP_SOLR_ZK);
-				if (zkHosts != null && zkHosts.equalsIgnoreCase("NONE")) {
-					zkHosts = null;
-				}
-
-				String collectionName = MiscUtil.getStringProperty(props,
-						propPrefix + "." + PROP_SOLR_COLLECTION);
-				if (collectionName == null
-						|| collectionName.equalsIgnoreCase("none")) {
-					collectionName = DEFAULT_COLLECTION_NAME;
-				}
-
-				LOG.info("Solr zkHosts=" + zkHosts + ", solrURLs=" + urls
-						+ ", collectionName=" + collectionName);
-
-				if (zkHosts != null && !zkHosts.isEmpty()) {
-					LOG.info("Connecting to solr cloud using zkHosts="
-							+ zkHosts);
-					try {
-						// Instantiate
-						HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer());
-						CloudSolrClient solrCloudClient = new CloudSolrClient(
-								zkHosts);
-						solrCloudClient.setDefaultCollection(collectionName);
-						solrClient = solrCloudClient;
-					} catch (Throwable t) {
-						LOG.fatal("Can't connect to Solr server. ZooKeepers="
-								+ zkHosts, t);
+		SolrClient me = solrClient;
+		if (me == null) {
+			synchronized(SolrAuditDestination.class) {
+				me = solrClient;
+				if (solrClient == null) {
+					String urls = MiscUtil.getStringProperty(props, propPrefix
+							+ "." + PROP_SOLR_URLS);
+					if (urls != null) {
+						urls = urls.trim();
 					}
-					finally {
-						resetInitializerInSOLR() ;
+					if (urls != null && urls.equalsIgnoreCase("NONE")) {
+						urls = null;
 					}
-				} else if (solrURLs != null && !solrURLs.isEmpty()) {
-					try {
-						LOG.info("Connecting to Solr using URLs=" + solrURLs);
-						HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer());
-						LBHttpSolrClient lbSolrClient = new LBHttpSolrClient(
-								solrURLs.get(0));
-						lbSolrClient.setConnectionTimeout(1000);
+					List<String> solrURLs = new ArrayList<String>();
+					String zkHosts = null;
+					solrURLs = MiscUtil.toArray(urls, ",");
+					zkHosts = MiscUtil.getStringProperty(props, propPrefix + "."
+							+ PROP_SOLR_ZK);
+					if (zkHosts != null && zkHosts.equalsIgnoreCase("NONE")) {
+						zkHosts = null;
+					}
+					String collectionName = MiscUtil.getStringProperty(props,
+							propPrefix + "." + PROP_SOLR_COLLECTION);
+					if (collectionName == null
+							|| collectionName.equalsIgnoreCase("none")) {
+						collectionName = DEFAULT_COLLECTION_NAME;
+					}
+
+					LOG.info("Solr zkHosts=" + zkHosts + ", solrURLs=" + urls
+							+ ", collectionName=" + collectionName);
 
-						for (int i = 1; i < solrURLs.size(); i++) {
-							lbSolrClient.addSolrServer(solrURLs.get(i));
+					if (zkHosts != null && !zkHosts.isEmpty()) {
+						LOG.info("Connecting to solr cloud using zkHosts="
+								+ zkHosts);
+						try {
+							// Instantiate
+							HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer());
+							CloudSolrClient solrCloudClient = new CloudSolrClient(
+									zkHosts);
+							solrCloudClient.setDefaultCollection(collectionName);
+							me = solrClient = solrCloudClient;
+						} catch (Throwable t) {
+							LOG.fatal("Can't connect to Solr server. ZooKeepers="
+									+ zkHosts, t);
+						}
+						finally {
+							resetInitializerInSOLR() ;
+						}
+					} else if (solrURLs != null && !solrURLs.isEmpty()) {
+						try {
+							LOG.info("Connecting to Solr using URLs=" + solrURLs);
+							HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer());
+							LBHttpSolrClient lbSolrClient = new LBHttpSolrClient(
+									solrURLs.get(0));
+							lbSolrClient.setConnectionTimeout(1000);
+
+							for (int i = 1; i < solrURLs.size(); i++) {
+								lbSolrClient.addSolrServer(solrURLs.get(i));
+							}
+							me = solrClient = lbSolrClient;
+						} catch (Throwable t) {
+							LOG.fatal("Can't connect to Solr server. URL="
+									+ solrURLs, t);
+						}
+						finally {
+							resetInitializerInSOLR() ;
 						}
-						solrClient = lbSolrClient;
-					} catch (Throwable t) {
-						LOG.fatal("Can't connect to Solr server. URL="
-								+ solrURLs, t);
-					}
-					finally {
-						resetInitializerInSOLR() ;
 					}
 				}
 			}
 		}
 	}
 
+
     private void resetInitializerInSOLR() {
 		javax.security.auth.login.Configuration solrConfig = javax.security.auth.login.Configuration.getConfiguration();
 		String solrConfigClassName = solrConfig.getClass().getName() ;

agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java

@@ -67,7 +67,7 @@ public class AuditProviderFactory {
 
 	private static final int RANGER_AUDIT_SHUTDOWN_HOOK_PRIORITY = 30;
 
-	private static AuditProviderFactory sFactory;
+	private volatile static AuditProviderFactory sFactory = null;
 
 	private AuditHandler mProvider = null;
 	private String componentAppType = "";
@@ -80,15 +80,17 @@ private AuditProviderFactory() {
 	}
 
 	public static AuditProviderFactory getInstance() {
-		if (sFactory == null) {
-			synchronized (AuditProviderFactory.class) {
-				if (sFactory == null) {
-					sFactory = new AuditProviderFactory();
+		AuditProviderFactory ret = sFactory;
+		if(ret == null) {
+			synchronized(AuditProviderFactory.class) {
+				ret = sFactory;
+				if(ret == null) {
+					ret = sFactory = new AuditProviderFactory();
 				}
 			}
 		}
 
-		return sFactory;
+		return ret;
 	}
 
 	public static AuditHandler getAuditProvider() {

agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java

@@ -184,7 +184,9 @@ public static String getApplicationType() {
 	}
 
 	public static String getJvmInstanceId() {
-		String ret = Integer.toString(Math.abs(sJvmID.toString().hashCode()));
+		Integer val  = Integer.valueOf(sJvmID.toString().hashCode());
+		long longVal = val.longValue();
+		String ret 	 = Long.toString(Math.abs(longVal));
 
 		return ret;
 	}
@@ -565,6 +567,10 @@ static public boolean logErrorMessageByInterval(Log useLogger,
 	 */
 	static public boolean logErrorMessageByInterval(Log useLogger,
 			String message, Throwable e) {
+        if (message == null) {
+            return false;
+        }
+
 		LogHistory log = logHistoryList.get(message);
 		if (log == null) {
 			log = new LogHistory();
@@ -636,7 +642,7 @@ public static void authWithConfig(String appName, Configuration config) {
 			}
 		} catch (Throwable t) {
 			logger.fatal("Error logging as appName=" + appName + ", config="
-					+ config.toString());
+					+ config.toString() + ", error=" + t.getMessage());
 		}
 	}
 
@@ -715,7 +721,7 @@ public static void authWithKerberos(String keytab, String principal,
 			}
 
 		} catch (Throwable t) {
-			logger.error("Failed to login as [" + spnegoPrincipals + "]", t);
+			logger.error("Failed to login with given keytab and principal", t);
 		}
 
 	}

agents-audit/src/main/java/org/apache/ranger/audit/provider/hdfs/HdfsLogDestination.java

@@ -471,7 +471,7 @@ private void logException(String msg, IOException excp) {
 			return;
 		}
 
-		String  excpMsgToExclude   = EXCP_MSG_FILESYSTEM_CLOSED;;
+		String  excpMsgToExclude   = EXCP_MSG_FILESYSTEM_CLOSED;
 		String  excpMsg            = excp != null ? excp.getMessage() : null;
 		boolean excpExcludeLogging = (excpMsg != null && excpMsg.contains(excpMsgToExclude));
 

agents-audit/src/main/java/org/apache/ranger/audit/provider/solr/SolrAuditProvider.java

@@ -42,7 +42,7 @@ public class SolrAuditProvider extends AuditDestination {
 	public static final String AUDIT_RETRY_WAIT_PROP = "xasecure.audit.solr.retry.ms";
 
 	static final Object lock = new Object();
-	SolrClient solrClient = null;
+	volatile SolrClient solrClient = null;
 	Date lastConnectTime = null;
 	long lastFailTime = 0;
 
@@ -61,9 +61,11 @@ public void init(Properties props) {
 	}
 
 	void connect() {
-		if (solrClient == null) {
+		SolrClient  me  = solrClient;
+		if (me == null) {
 			synchronized (lock) {
-				if (solrClient == null) {
+				me = solrClient;
+				if (me == null) {
 					String solrURL = MiscUtil.getStringProperty(props,
 							"xasecure.audit.solr.solr_url");
 
@@ -89,7 +91,7 @@ void connect() {
 
 					try {
 						// TODO: Need to support SolrCloud also
-						solrClient = new HttpSolrClient(solrURL);
+						me = solrClient = new HttpSolrClient(solrURL);
 						if (solrClient instanceof HttpSolrClient) {
 							HttpSolrClient httpSolrClient = (HttpSolrClient) solrClient;
 							httpSolrClient.setAllowCompression(true);

agents-audit/src/main/java/org/apache/ranger/audit/queue/AuditFileSpool.java

@@ -663,7 +663,7 @@ public boolean accept(File pathname) {
 				}
 			});
 
-			if (logFiles.length > maxArchiveFiles) {
+			if (logFiles != null && logFiles.length > maxArchiveFiles) {
 				int filesToDelete = logFiles.length - maxArchiveFiles;
 				BufferedReader br = new BufferedReader(new FileReader(
 						indexDoneFile));

agents-audit/src/main/java/org/apache/ranger/audit/utils/InMemoryJAASConfiguration.java

@@ -148,14 +148,15 @@ public static void init(String propFile) throws Exception {
             properties.load(in);
             init(properties);
         } catch (IOException e) {
-            if (in != null) {
-                try {
-                    in.close();
-                } catch (Exception exception) {
-                    // Ignore
-                }
-            }
             throw new Exception("Failed to load JAAS application properties", e);
+        } finally {
+	        if ( in != null) {
+	           try {
+	               in.close();
+	            } catch ( Exception e) {
+	               //Ignore
+	            }
+	        }
         }
         LOG.debug("<== InMemoryJAASConfiguration.init( {} ) ", propFile);
     }

agents-common/pom.xml

@@ -27,7 +27,7 @@
     <parent>
         <groupId>org.apache.ranger</groupId>
         <artifactId>ranger</artifactId>
-        <version>0.6.0</version>
+        <version>0.6.4-SNAPSHOT</version>
         <relativePath>..</relativePath>
     </parent>
     <dependencies>

agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java

@@ -117,9 +117,7 @@ public ClientResponse run() {
 
 		if(response != null && response.getStatus() == 200) {
 			ret = response.getEntity(ServicePolicies.class);
-		} else if(response != null && response.getStatus() == 304) {
-			// no change
-		} else {
+		} else if(!(response != null && response.getStatus() == 304)) {
 			RESTResponse resp = RESTResponse.fromClientResponse(response);
 			LOG.error("Error getting policies. secureMode=" + isSecureMode + ", user=" + user + ", response=" + resp.toString() + ", serviceName=" + serviceName);
 
@@ -278,9 +276,7 @@ public ClientResponse run() {
 
 		if(response != null && response.getStatus() == 200) {
 			ret = response.getEntity(ServiceTags.class);
-		} else if(response != null && response.getStatus() == 304) {
-			// no change
-		} else {
+		} else if(!(response != null && response.getStatus() == 304)) {
 			RESTResponse resp = RESTResponse.fromClientResponse(response);
 			LOG.error("Error getting taggedResources. secureMode=" + isSecureMode + ", user=" + user
 					+ ", response=" + resp.toString() + ", serviceName=" + serviceName

agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java

@@ -67,7 +67,9 @@ public void processResults(Collection<RangerAccessResult> results) {
 
 		Collection<AuthzAuditEvent> events = getAuthzEvents(results);
 
-		logAuthzAudits(events);
+		if (events != null) {
+			logAuthzAudits(events);
+		}
 
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("<== RangerDefaultAuditHandler.processResults(" + results + ")");

agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerHiveResourcesAccessedTogetherCondition.java

@@ -72,7 +72,7 @@ public boolean isMatched(final RangerAccessRequest request) {
 		if (isInitialized && CollectionUtils.isNotEmpty(matchers)) {
 			RangerRequestedResources resources = RangerAccessRequestUtil.getRequestedResourcesFromContext(request.getContext());
 
-			ret = resources == null ? false : !resources.isMutuallyExcluded(matchers);
+			ret = resources == null ? false : !resources.isMutuallyExcluded(matchers, request.getContext());
 		} else {
 			LOG.error("RangerHiveResourcesAccessedTogetherCondition.isMatched() - condition is not initialized correctly and will NOT be enforced");
 		}

agents-common/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerHiveResourcesNotAccessedTogetherCondition.java

@@ -72,7 +72,7 @@ public boolean isMatched(final RangerAccessRequest request) {
 		if (isInitialized && CollectionUtils.isNotEmpty(matchers)) {
 			RangerRequestedResources resources = RangerAccessRequestUtil.getRequestedResourcesFromContext(request.getContext());
 
-			ret = resources == null ? true : resources.isMutuallyExcluded(matchers);
+			ret = resources == null ? true : resources.isMutuallyExcluded(matchers, request.getContext());
 		} else {
 			LOG.error("RangerHiveResourcesNotAccessedTogetherCondition.isMatched() - Enforcer is not initialized correctly, Mutual Exclusion will NOT be enforced");
 		}