Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-33304

LegacySecurityRealm does not handle "special" characters in usernames

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Duplicate
    • Component/s: core
    • Labels:
      None
    • Similar Issues:

      Description

      Depending on your environment Jenkins could be passed usernames such as EXAMPLE\joe if the underlying container is doing SSO in a windows domain.

      This causes several things not to work correctly.

      the link in the top right goes to a user that is not the logged in user (example_joe vs example\joe")
      my views does not work correctly - similar to above.

      Jenkins will store the users config.xml as ${JENKINS_HOME}\users\example\joe which seems like an accident waiting to happen.

      There are several other things where this is not quite right.

      Rather than trying to chase down everything that doesn't work the LegacySecurityRealm should sanitize the passed in username to make sure it is actually safe to use first.

      steps to reproduce.

      1. install tomcat 8 on a machine conencted to a windows domain.
      2. install Jenkins in the root of tomcat
      3. install waffle Waffle
        1. Download waffle 1.7
        2. unpack waffle-distro-1.7.4-distro.zip to a temporary location
        3. copy the following files to ${TOMCAT_INSTALL_DIR}\lib
          1. guava-18.0.jar
          2. jna-4.2.1.jar
          3. jna-platform-4.2.1.jar
          4. slf4j-api-1.7.12.jar
          5. waffle-jna-1.7.5.jar
          6. waffle-tomcat8-1.7.5.jar
        4. Create ${TOMCAT_INSTALL_DIR}\conf\Catalina\localhost\ROOT.xml with the following content:
          <?xml version='1.0' encoding='utf-8'?> 
          <Context> 
              <Valve className="waffle.apache.NegotiateAuthenticator" principalFormat="fqn" roleFormat="both" /> 
              <Realm className="waffle.apache.WindowsRealm" /> 
          </Context>
          
      4. start Jenkins
      5. login to jenkins and try to create things like views etc

      Expected results

      it all works.

      Actual results

      you get a mix of things that work, don;t quite work, and just plain blow up in your face with 404 errors etc.

        Attachments

          Issue Links

            Activity

            teilo James Nord created issue -
            teilo James Nord made changes -
            Field Original Value New Value
            Assignee James Nord [ teilo ]
            teilo James Nord made changes -
            Remote Link This issue links to "PR #2081 (Web Link)" [ 14024 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "PR 2081 (Web Link)" [ 14025 ]
            jglick Jesse Glick made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "PR 2081 (Web Link)" [ 14025 ]
            teilo James Nord made changes -
            Link This issue is related to JENKINS-32623 [ JENKINS-32623 ]
            teilo James Nord made changes -
            Link This issue is related to JENKINS-32844 [ JENKINS-32844 ]
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 169204 ] JNJira + In-Review [ 185695 ]
            teilo James Nord made changes -
            Assignee James Nord [ teilo ]
            teilo James Nord made changes -
            Status In Progress [ 3 ] Open [ 1 ]
            danielbeck Daniel Beck made changes -
            Link This issue duplicates SECURITY-499 [ SECURITY-499 ]
            danielbeck Daniel Beck made changes -
            Status Open [ 1 ] Closed [ 6 ]
            Resolution Duplicate [ 3 ]
            cloudbees CloudBees Inc. made changes -
            Remote Link This issue links to "CloudBees Internal OSS-636 (Web Link)" [ 18853 ]

              People

              • Assignee:
                Unassigned
                Reporter:
                teilo James Nord
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: