HADOOP-13077. Handle special characters in passwords in httpfs.sh (Xiao Chen via aw)
This commit is contained in:
parent
d0da13229c
commit
35cf503149
@ -2082,3 +2082,26 @@ function hadoop_parse_args
|
||||
|
||||
hadoop_debug "hadoop_parse: asking caller to skip ${HADOOP_PARSE_COUNTER}"
|
||||
}
|
||||
|
||||
## @description XML-escapes the characters (&'"<>) in the given parameter.
|
||||
## @audience private
|
||||
## @stability evolving
|
||||
## @replaceable yes
|
||||
## @param string
|
||||
## @return XML-escaped string
|
||||
function hadoop_xml_escape
|
||||
{
|
||||
sed -e 's/&/\&/g' -e 's/"/\\\"/g' \
|
||||
-e "s/'/\\\\\'/g" -e 's/</\\\</g' -e 's/>/\\\>/g' <<< "$1"
|
||||
}
|
||||
|
||||
## @description sed-escapes the characters (\/&) in the given parameter.
|
||||
## @audience private
|
||||
## @stability evolving
|
||||
## @replaceable yes
|
||||
## @param string
|
||||
## @return sed-escaped string
|
||||
function hadoop_sed_escape
|
||||
{
|
||||
sed -e 's/[\/&]/\\&/g' <<< "$1"
|
||||
}
|
@ -0,0 +1,32 @@
|
||||
# Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
# contributor license agreements. See the NOTICE file distributed with
|
||||
# this work for additional information regarding copyright ownership.
|
||||
# The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
# (the "License"); you may not use this file except in compliance with
|
||||
# the License. You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
load hadoop-functions_test_helper
|
||||
|
||||
@test "hadoop_escape_sed (positive 1)" {
|
||||
ret="$(hadoop_sed_escape "\pass&&word\0#\$asdf/g ><'\"~\`!@#$%^&*()_+-=")"
|
||||
expected="\\\\pass\&\&word\\\0#\$asdf\/g ><'\"~\`!@#$%^\&*()_+-="
|
||||
echo "actual >${ret}<"
|
||||
echo "expected >${expected}<"
|
||||
[ "${ret}" = "${expected}" ]
|
||||
}
|
||||
|
||||
@test "hadoop_escape_xml (positive 1)" {
|
||||
ret="$(hadoop_xml_escape "\pass&&word\0#\$asdf/g ><'\"~\`!@#$%^&*()_+-=")"
|
||||
expected="\\pass&&word\0#\$asdf/g \>\<\'\"~\`!@#\$%^&*()_+-="
|
||||
echo "actual >${ret}<"
|
||||
echo "expected >${expected}<"
|
||||
[ "${ret}" = "${expected}" ]
|
||||
}
|
@ -29,14 +29,6 @@ function hadoop_usage
|
||||
hadoop_generate_usage "${MYNAME}" false
|
||||
}
|
||||
|
||||
function hadoop_escape() {
|
||||
# Escape special chars for the later sed which saves the text as xml attribute
|
||||
local ret
|
||||
ret=$(sed 's/[\/&]/\\&/g' <<< "$1" | sed 's/&/\&/g' | sed 's/"/\\\"/g' \
|
||||
| sed "s/'/\\\\\'/g" | sed 's/</\\\</g' | sed 's/>/\\\>/g')
|
||||
echo "$ret"
|
||||
}
|
||||
|
||||
# let's locate libexec...
|
||||
if [[ -n "${HADOOP_HOME}" ]]; then
|
||||
HADOOP_DEFAULT_LIBEXEC_DIR="${HADOOP_HOME}/libexec"
|
||||
@ -104,8 +96,10 @@ fi
|
||||
if [[ -f "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" ]]; then
|
||||
if [[ -n "${KMS_SSL_KEYSTORE_PASS+x}" ]] || [[ -n "${KMS_SSL_TRUSTSTORE_PASS}" ]]; then
|
||||
export KMS_SSL_KEYSTORE_PASS=${KMS_SSL_KEYSTORE_PASS:-password}
|
||||
KMS_SSL_KEYSTORE_PASS_ESCAPED=$(hadoop_escape "$KMS_SSL_KEYSTORE_PASS")
|
||||
KMS_SSL_TRUSTSTORE_PASS_ESCAPED=$(hadoop_escape "$KMS_SSL_TRUSTSTORE_PASS")
|
||||
KMS_SSL_KEYSTORE_PASS_ESCAPED=$(hadoop_xml_escape \
|
||||
"$(hadoop_sed_escape "$KMS_SSL_KEYSTORE_PASS")")
|
||||
KMS_SSL_TRUSTSTORE_PASS_ESCAPED=$(hadoop_xml_escape \
|
||||
"$(hadoop_sed_escape "$KMS_SSL_TRUSTSTORE_PASS")")
|
||||
sed -e 's/"_kms_ssl_keystore_pass_"/'"\"${KMS_SSL_KEYSTORE_PASS_ESCAPED}\""'/g' \
|
||||
-e 's/"_kms_ssl_truststore_pass_"/'"\"${KMS_SSL_TRUSTSTORE_PASS_ESCAPED}\""'/g' \
|
||||
"${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" \
|
||||
|
@ -96,8 +96,12 @@ fi
|
||||
if [[ -f "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" ]]; then
|
||||
if [[ -n "${HTTPFS_SSL_KEYSTORE_PASS+x}" ]] || [[ -n "${HTTPFS_SSL_TRUSTSTORE_PASS}" ]]; then
|
||||
export HTTPFS_SSL_KEYSTORE_PASS=${HTTPFS_SSL_KEYSTORE_PASS:-password}
|
||||
sed -e 's/_httpfs_ssl_keystore_pass_/'${HTTPFS_SSL_KEYSTORE_PASS}'/g' \
|
||||
-e 's/_httpfs_ssl_truststore_pass_/'${HTTPFS_SSL_TRUSTSTORE_PASS}'/g' \
|
||||
HTTPFS_SSL_KEYSTORE_PASS_ESCAPED=$(hadoop_xml_escape \
|
||||
"$(hadoop_sed_escape "$HTTPFS_SSL_KEYSTORE_PASS")")
|
||||
HTTPFS_SSL_TRUSTSTORE_PASS_ESCAPED=$(hadoop_xml_escape \
|
||||
"$(hadoop_sed_escape "$HTTPFS_SSL_TRUSTSTORE_PASS")")
|
||||
sed -e 's/"_httpfs_ssl_keystore_pass_"/'"\"${HTTPFS_SSL_KEYSTORE_PASS_ESCAPED}\""'/g' \
|
||||
-e 's/"_httpfs_ssl_truststore_pass_"/'"\"${HTTPFS_SSL_TRUSTSTORE_PASS_ESCAPED}\""'/g' \
|
||||
"${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" \
|
||||
> "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml"
|
||||
chmod 700 "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml" >/dev/null 2>&1
|
||||
|
Loading…
Reference in New Issue
Block a user