hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-16314) Make sure all end point URL is covered by the same AuthenticationFilter
Date Sat, 18 May 2019 01:47:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-16314?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16842844#comment-16842844
] 

Hadoop QA commented on HADOOP-16314:
------------------------------------

| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue}  0m 18s{color} | {color:blue}
Docker mode activated. {color} |
|| || || || {color:brown} Prechecks {color} ||
| {color:green}+1{color} | {color:green} @author {color} | {color:green}  0m  0s{color} |
{color:green} The patch does not contain any @author tags. {color} |
| {color:green}+1{color} | {color:green} test4tests {color} | {color:green}  0m  0s{color}
| {color:green} The patch appears to include 3 new or modified test files. {color} |
|| || || || {color:brown} trunk Compile Tests {color} ||
| {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue}  1m 12s{color} | {color:blue}
Maven dependency ordering for branch {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 19m 22s{color}
| {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 16m 41s{color} |
{color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green}  2m 18s{color}
| {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} mvnsite {color} | {color:green}  4m 43s{color} |
{color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 19m 37s{color}
| {color:green} branch has no errors when building and testing our client artifacts. {color}
|
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green}  7m 14s{color} |
{color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green}  3m 55s{color} |
{color:green} trunk passed {color} |
|| || || || {color:brown} Patch Compile Tests {color} ||
| {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue}  0m 24s{color} | {color:blue}
Maven dependency ordering for patch {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green}  3m 19s{color}
| {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 15m 21s{color} |
{color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green} 15m 21s{color} | {color:green}
the patch passed {color} |
| {color:orange}-0{color} | {color:orange} checkstyle {color} | {color:orange}  2m 17s{color}
| {color:orange} root: The patch generated 1 new + 65 unchanged - 5 fixed = 66 total (was
70) {color} |
| {color:green}+1{color} | {color:green} mvnsite {color} | {color:green}  4m 35s{color} |
{color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} whitespace {color} | {color:green}  0m  0s{color}
| {color:green} The patch has no whitespace issues. {color} |
| {color:green}+1{color} | {color:green} xml {color} | {color:green}  0m  1s{color} | {color:green}
The patch has no ill-formed XML file. {color} |
| {color:green}+1{color} | {color:green} shadedclient {color} | {color:green} 11m 38s{color}
| {color:green} patch has no errors when building and testing our client artifacts. {color}
|
| {color:red}-1{color} | {color:red} findbugs {color} | {color:red}  1m 50s{color} | {color:red}
hadoop-common-project/hadoop-common generated 3 new + 0 unchanged - 0 fixed = 3 total (was
0) {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green}  3m 54s{color} |
{color:green} the patch passed {color} |
|| || || || {color:brown} Other Tests {color} ||
| {color:red}-1{color} | {color:red} unit {color} | {color:red}  8m 48s{color} | {color:red}
hadoop-common in the patch failed. {color} |
| {color:red}-1{color} | {color:red} unit {color} | {color:red}103m  8s{color} | {color:red}
hadoop-hdfs in the patch failed. {color} |
| {color:green}+1{color} | {color:green} unit {color} | {color:green}  4m  2s{color} | {color:green}
hadoop-yarn-common in the patch passed. {color} |
| {color:green}+1{color} | {color:green} unit {color} | {color:green}  2m 57s{color} | {color:green}
hadoop-yarn-server-common in the patch passed. {color} |
| {color:red}-1{color} | {color:red} unit {color} | {color:red}  1m 14s{color} | {color:red}
hadoop-yarn-server-web-proxy in the patch failed. {color} |
| {color:green}+1{color} | {color:green} asflicense {color} | {color:green}  1m  1s{color}
| {color:green} The patch does not generate ASF License warnings. {color} |
| {color:black}{color} | {color:black} {color} | {color:black}242m 22s{color} | {color:black}
{color} |
\\
\\
|| Reason || Tests ||
| FindBugs | module:hadoop-common-project/hadoop-common |
|  |  Unread field:HttpServer2.java:[line 331] |
|  |  Unread field:HttpServer2.java:[line 202] |
|  |  Unread field:HttpServer2.java:[line 326] |
| Failed junit tests | hadoop.http.TestGlobalFilter |
|   | hadoop.http.TestPathFilter |
|   | hadoop.http.TestServletFilter |
|   | hadoop.log.TestLogLevel |
|   | hadoop.hdfs.tools.TestDFSZKFailoverController |
|   | hadoop.hdfs.TestDFSInotifyEventInputStreamKerberized |
|   | hadoop.hdfs.web.TestWebHdfsTokens |
|   | hadoop.hdfs.web.TestWebHdfsWithAuthenticationFilter |
|   | hadoop.hdfs.web.TestWebHdfsTimeouts |
|   | hadoop.hdfs.qjournal.TestSecureNNWithQJM |
|   | hadoop.yarn.server.webproxy.amfilter.TestAmFilterInitializer |
|   | hadoop.yarn.server.webproxy.amfilter.TestSecureAmFilter |
\\
\\
|| Subsystem || Report/Notes ||
| Docker | Client=17.05.0-ce Server=17.05.0-ce Image:yetus/hadoop:bdbca0e |
| JIRA Issue | HADOOP-16314 |
| JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12969047/HADOOP-16314-001.patch
|
| Optional Tests |  dupname  asflicense  compile  javac  javadoc  mvninstall  mvnsite  unit
 shadedclient  xml  findbugs  checkstyle  |
| uname | Linux 3689938cd28b 4.4.0-144-generic #170~14.04.1-Ubuntu SMP Mon Mar 18 15:02:05
UTC 2019 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | /testptch/patchprocess/precommit/personality/provided.sh |
| git revision | trunk / 12c8161 |
| maven | version: Apache Maven 3.3.9 |
| Default Java | 1.8.0_212 |
| findbugs | v3.1.0-RC1 |
| checkstyle | https://builds.apache.org/job/PreCommit-HADOOP-Build/16256/artifact/out/diff-checkstyle-root.txt
|
| findbugs | https://builds.apache.org/job/PreCommit-HADOOP-Build/16256/artifact/out/new-findbugs-hadoop-common-project_hadoop-common.html
|
| unit | https://builds.apache.org/job/PreCommit-HADOOP-Build/16256/artifact/out/patch-unit-hadoop-common-project_hadoop-common.txt
|
| unit | https://builds.apache.org/job/PreCommit-HADOOP-Build/16256/artifact/out/patch-unit-hadoop-hdfs-project_hadoop-hdfs.txt
|
| unit | https://builds.apache.org/job/PreCommit-HADOOP-Build/16256/artifact/out/patch-unit-hadoop-yarn-project_hadoop-yarn_hadoop-yarn-server_hadoop-yarn-server-web-proxy.txt
|
|  Test Results | https://builds.apache.org/job/PreCommit-HADOOP-Build/16256/testReport/ |
| Max. process+thread count | 2928 (vs. ulimit of 10000) |
| modules | C: hadoop-common-project/hadoop-common hadoop-hdfs-project/hadoop-hdfs hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy
U: . |
| Console output | https://builds.apache.org/job/PreCommit-HADOOP-Build/16256/console |
| Powered by | Apache Yetus 0.8.0   http://yetus.apache.org |


This message was automatically generated.



> Make sure all end point URL is covered by the same AuthenticationFilter
> -----------------------------------------------------------------------
>
>                 Key: HADOOP-16314
>                 URL: https://issues.apache.org/jira/browse/HADOOP-16314
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Eric Yang
>            Assignee: Prabhu Joseph
>            Priority: Major
>         Attachments: HADOOP-16314-001.patch, Hadoop Web Security.xlsx, scan.txt
>
>
> In the enclosed spreadsheet, it shows the list of web applications deployed by Hadoop,
and filters applied to each entry point.
> Hadoop web protocol impersonation has been inconsistent.  Most of entry point do not
support ?doAs parameter.  This creates problem for secure gateway like Knox to proxy Hadoop
web interface on behave of the end user.  When the receiving end does not check for ?doAs
flag, web interface would be accessed using proxy user credential.  This can lead to all
kind of security holes using path traversal to exploit Hadoop. 
> In HADOOP-16287, ProxyUserAuthenticationFilter is proposed as solution to solve the web
impersonation problem.  This task is to track changes required in Hadoop code base to apply
authentication filter globally for each of the web service port.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message