From 6f26b665874f923d50087f68357ac822fa9fe709 Mon Sep 17 00:00:00 2001 From: Andrew Wang Date: Wed, 27 Apr 2016 15:56:16 -0700 Subject: [PATCH] HADOOP-13030. Handle special characters in passwords in KMS startup script. Contributed by Xiao Chen. --- .../hadoop-kms/src/main/sbin/kms.sh | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh b/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh index 6708cd917d..1de19f55b0 100755 --- a/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh +++ b/hadoop-common-project/hadoop-kms/src/main/sbin/kms.sh @@ -29,6 +29,14 @@ function hadoop_usage hadoop_generate_usage "${MYNAME}" false } +function hadoop_escape() { + # Escape special chars for the later sed which saves the text as xml attribute + local ret + ret=$(sed 's/[\/&]/\\&/g' <<< "$1" | sed 's/&/\&/g' | sed 's/"/\\\"/g' \ + | sed "s/'/\\\\\'/g" | sed 's//\\\>/g') + echo "$ret" +} + # let's locate libexec... if [[ -n "${HADOOP_HOME}" ]]; then HADOOP_DEFAULT_LIBEXEC_DIR="${HADOOP_HOME}/libexec" @@ -96,8 +104,10 @@ fi if [[ -f "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" ]]; then if [[ -n "${KMS_SSL_KEYSTORE_PASS+x}" ]] || [[ -n "${KMS_SSL_TRUSTSTORE_PASS}" ]]; then export KMS_SSL_KEYSTORE_PASS=${KMS_SSL_KEYSTORE_PASS:-password} - sed -e 's/_kms_ssl_keystore_pass_/'${KMS_SSL_KEYSTORE_PASS}'/g' \ - -e 's/_kms_ssl_truststore_pass_/'${KMS_SSL_TRUSTSTORE_PASS}'/g' \ + KMS_SSL_KEYSTORE_PASS_ESCAPED=$(hadoop_escape "$KMS_SSL_KEYSTORE_PASS") + KMS_SSL_TRUSTSTORE_PASS_ESCAPED=$(hadoop_escape "$KMS_SSL_TRUSTSTORE_PASS") + sed -e 's/"_kms_ssl_keystore_pass_"/'"\"${KMS_SSL_KEYSTORE_PASS_ESCAPED}\""'/g' \ + -e 's/"_kms_ssl_truststore_pass_"/'"\"${KMS_SSL_TRUSTSTORE_PASS_ESCAPED}\""'/g' \ "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml.conf" \ > "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml" chmod 700 "${HADOOP_CATALINA_HOME}/conf/ssl-server.xml" >/dev/null 2>&1