zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rakesh Kumar Singh (JIRA)" <j...@apache.org>
Subject [jira] [Created] (ZOOKEEPER-2582) When addauth twice for same user but different password, it is adding 2 digest corresponding to both username, password and so we can able to access znode with user and any of these password which does not seem to be correct
Date Wed, 14 Sep 2016 13:39:20 GMT
Rakesh Kumar Singh created ZOOKEEPER-2582:
---------------------------------------------

             Summary: When addauth twice for same user but different password, it is adding
2 digest corresponding to both username, password and so we can able to access znode with
user and any of these password which does not seem to be correct
                 Key: ZOOKEEPER-2582
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2582
             Project: ZooKeeper
          Issue Type: Bug
          Components: server
    Affects Versions: 3.5.1
            Reporter: Rakesh Kumar Singh


When addauth twice for same user but different password, it is adding 2 digest corresponding
to both username, password and so we can able to access znode with user and any of these password
which does not seem to be correct

Steps:-
[zk: localhost:2181(CONNECTED) 0] addauth digest user1:pass1
[zk: localhost:2181(CONNECTED) 1] addauth digest user1:pass

[zk: localhost:2181(CONNECTED) 9] create /user_test5 hello
Created /user_test5
[zk: localhost:2181(CONNECTED) 10] setAcl /user_test5 auth:user1:pass1:crdwa
[zk: localhost:2181(CONNECTED) 11] getAcl /user_test5
'digest,'user1:+7K83PhyQ3ijGj0ADmljf0quVwQ=
: cdrwa
'digest,'user1:UZIsvOKp29j8vAahJzjgpA1VTOk=
: cdrwa


Here we can see 2 entries for same user (user1) with different password

Now disconnect the client and connect again using zkCli.sh
addauth digest user1:<any of 2 password>, we can able to access the znode.

[zk: localhost:2181(CONNECTED) 0] get /user_test5
Authentication is not valid : /user_test5
[zk: localhost:2181(CONNECTED) 1] addauth digest user1:pass
[zk: localhost:2181(CONNECTED) 2] get /user_test5
hello

Same way, it will allow n number of entry if we addauth for same user with n number of password




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message