diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java index b9d51602eb..3892a2de27 100755 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java @@ -155,7 +155,7 @@ public List lookupResource(String serviceName, ResourceLookupContext con return ret; } - + public VXResponse validateConfig(RangerService service, ServiceStore svcStore) throws Exception { VXResponse ret = new VXResponse(); String authType = PropertiesUtil.getProperty(AUTHENTICATION_TYPE); @@ -164,7 +164,7 @@ public VXResponse validateConfig(RangerService service, ServiceStore svcStore) t String nameRules = PropertiesUtil.getProperty(NAME_RULES); String rangerPrincipal = SecureClientLogin.getPrincipal(PropertiesUtil.getProperty(ADMIN_USER_PRINCIPAL), PropertiesUtil.getProperty(HOST_NAME)); String rangerkeytab = PropertiesUtil.getProperty(ADMIN_USER_KEYTAB); - + if(!StringUtils.isEmpty(authType) && KERBEROS_TYPE.equalsIgnoreCase(authType.trim()) && SecureClientLogin.isKerberosCredentialExists(lookupPrincipal, lookupKeytab)){ if(service != null && service.getConfigs() != null){ service.getConfigs().put(HadoopConfigHolder.RANGER_LOOKUP_PRINCIPAL, lookupPrincipal); @@ -178,7 +178,7 @@ public VXResponse validateConfig(RangerService service, ServiceStore svcStore) t service.getConfigs().put(HadoopConfigHolder.RANGER_PRINCIPAL, rangerPrincipal); service.getConfigs().put(HadoopConfigHolder.RANGER_KEYTAB, rangerkeytab); service.getConfigs().put(HadoopConfigHolder.RANGER_NAME_RULES, nameRules); - service.getConfigs().put(HadoopConfigHolder.RANGER_AUTH_TYPE, authType); + service.getConfigs().put(HadoopConfigHolder.RANGER_AUTH_TYPE, authType); } } RangerBaseService svc=null; @@ -191,6 +191,19 @@ public VXResponse validateConfig(RangerService service, ServiceStore svcStore) t LOG.debug("==> ServiceMgr.validateConfig for Service: (" + svc + ")"); } + // check if service configs contains localhost/127.0.0.1 + if (service != null && service.getConfigs() != null) { + for (Map.Entry entry : service.getConfigs().entrySet()) { + if (entry.getValue() != null && StringUtils.containsIgnoreCase(entry.getValue(), "localhost") + || StringUtils.containsIgnoreCase(entry.getValue(), "127.0.0.1")) { + URL url = getValidURL(entry.getValue()); + if ((url != null) && (url.getHost().equalsIgnoreCase("localhost") || url.getHost().equals("127.0.0.1"))) { + throw new Exception("Invalid value for configuration " + entry.getKey() + ": host " + url.getHost() + " is not allowed"); + } + } + } + } + if(svc != null) { try { // Timeout value use during validate config is 10 times that used during lookup @@ -221,7 +234,15 @@ public VXResponse validateConfig(RangerService service, ServiceStore svcStore) t return ret; } - + + private static URL getValidURL(String urlString) { + try { + return new URL(urlString); + } catch (Exception e) { + return null; + } + } + public boolean isZoneAdmin(String zoneName) { boolean isZoneAdmin = false; RangerSecurityZone securityZone = null; diff --git a/security-admin/src/main/webapp/react-webapp/src/views/ServiceManager/TestConnection.jsx b/security-admin/src/main/webapp/react-webapp/src/views/ServiceManager/TestConnection.jsx index 668de52e70..e81b757f1a 100644 --- a/security-admin/src/main/webapp/react-webapp/src/views/ServiceManager/TestConnection.jsx +++ b/security-admin/src/main/webapp/react-webapp/src/views/ServiceManager/TestConnection.jsx @@ -49,7 +49,9 @@ function TestConnection(props) { }; const validateConfig = async () => { - let testConnResp; + let testConnResp = {}, + msgModal = "", + msgListModal = []; try { testConnResp = await fetchApi({ @@ -61,8 +63,6 @@ function TestConnection(props) { let respMsg = testConnResp.data.msgDesc; let respStatusCode = testConnResp.data.statusCode; let respMsgList = testConnResp.data.messageList; - let msgModal, - msgListModal = []; if (respStatusCode !== undefined && respStatusCode === 1) { msgModal = [ @@ -100,6 +100,17 @@ function TestConnection(props) { showMoreModalContent: msgListModal }); } catch (error) { + if (error?.response?.data?.msgDesc) { + msgModal = error.response.data.msgDesc; + } + setModalState({ + showTestConnModal: true, + showMore: true + }); + setModalContent({ + testConnModalContent: msgModal, + showMoreModalContent: msgListModal + }); console.error(`Error occurred while validating the configs! ${error}`); } };