hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-13085) Security issue in the implementation of Rest gataway 'doAs' proxy user support
Date Tue, 24 Feb 2015 00:35:12 GMT

    [ https://issues.apache.org/jira/browse/HBASE-13085?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14334163#comment-14334163
] 

Hadoop QA commented on HBASE-13085:
-----------------------------------

{color:red}-1 overall{color}.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12700266/HBASE-13085-0.98.patch
  against 0.98 branch at commit e405017a31a9253e5eecdd5cc2ba43ab182e16a0.
  ATTACHMENT ID: 12700266

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:red}-1 tests included{color}.  The patch doesn't appear to include any new or modified
tests.
                        Please justify why no new tests are needed for this patch.
                        Also please list what manual steps were performed to verify this patch.
    {color:green}+1 hadoop versions{color}. The patch compiles with all supported hadoop versions
(2.4.1 2.5.2 2.6.0)

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of
javac compiler warnings.

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of
javac compiler warnings.

    {color:red}-1 javadoc{color}.  The javadoc tool appears to have generated 25 warning messages.

    {color:green}+1 checkstyle{color}.  The applied patch does not increase the total number
of checkstyle errors

    {color:red}-1 findbugs{color}.  The patch appears to introduce 4 new Findbugs (version
2.0.3) warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number
of release audit warnings.

    {color:green}+1 lineLengths{color}.  The patch does not introduce lines longer than 100

  {color:green}+1 site{color}.  The mvn site goal succeeds with this patch.

    {color:green}+1 core tests{color}.  The patch passed unit tests in .

Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/12942//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/12942//artifact/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/12942//artifact/patchprocess/newPatchFindbugsWarningshbase-examples.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/12942//artifact/patchprocess/newPatchFindbugsWarningshbase-common.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/12942//artifact/patchprocess/newPatchFindbugsWarningshbase-annotations.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/12942//artifact/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/12942//artifact/patchprocess/newPatchFindbugsWarningshbase-rest.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/12942//artifact/patchprocess/newPatchFindbugsWarningshbase-client.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/12942//artifact/patchprocess/newPatchFindbugsWarningshbase-thrift.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/12942//artifact/patchprocess/newPatchFindbugsWarningshbase-protocol.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/12942//artifact/patchprocess/newPatchFindbugsWarningshbase-server.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/12942//artifact/patchprocess/newPatchFindbugsWarningshbase-hadoop2-compat.html
Checkstyle Errors: https://builds.apache.org/job/PreCommit-HBASE-Build/12942//artifact/patchprocess/checkstyle-aggregate.html

  Javadoc warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/12942//artifact/patchprocess/patchJavadocWarnings.txt
Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/12942//console

This message is automatically generated.

> Security issue in the implementation of Rest gataway 'doAs' proxy user support
> ------------------------------------------------------------------------------
>
>                 Key: HBASE-13085
>                 URL: https://issues.apache.org/jira/browse/HBASE-13085
>             Project: HBase
>          Issue Type: Bug
>          Components: REST, security
>    Affects Versions: 1.0.0, 2.0.0, 0.98.10
>            Reporter: Jerry He
>            Assignee: Jerry He
>            Priority: Critical
>             Fix For: 2.0.0, 1.0.1, 1.1.0, 0.98.11
>
>         Attachments: HBASE-13085-0.98.patch
>
>
> When 'hbase.rest.support.proxyuser' is turned on, HBase Rest gateway support 'doAs' proxy
user from the Rest client.
> The current implementation checks to see if the 'rest server user' is authorized to impersonate
the 'doAs' user (the user in the 'doAs' Rest query string).
> {code}
> if (doAsUserFromQuery != null) {
>       Configuration conf = servlet.getConfiguration();
>       if (!servlet.supportsProxyuser()) {
>         throw new ServletException("Support for proxyuser is not configured");
>       }
>       UserGroupInformation ugi = servlet.getRealUser();
>       // create and attempt to authorize a proxy user (the client is attempting
>       // to do proxy user)
>       ugi = UserGroupInformation.createProxyUser(doAsUserFromQuery, ugi);
>       // validate the proxy user authorization
>       try {
>         ProxyUsers.authorize(ugi, request.getRemoteAddr(), conf);
>       } catch(AuthorizationException e) {
>         throw new ServletException(e.getMessage());
>       }
>       servlet.setEffectiveUser(doAsUserFromQuery);
>     } 
> {code}
> The current implementation allows anyone from the rest client side to impersonate another
user by 'doAs'. 
> For example, potentially, 'user1' can 'doAs=admin'
> The correct implementation should check to see if the rest client user is authorized
to do impersonation.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message