Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-2030

Matrix security configuration - Build scheduler not working for non-administrators

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Critical Critical
    • _unsorted
    • None
    • Platform: All, OS: All

      Hudson ver. 1.232-SNAPSHOT (private-07/07/2008 04:20-tomas)

      STEPS to reproduce:
      1) Launch fresh instance of Hudson with fresh home
      2) enable security; set LDAP, configure LDAP server
      3) select matrix based security, for Anonymous grant all permissions except
      Administer
      4) add some LDAP user, grant all permissions (incl. Administer)
      5) under Anonymous, create new job (here are first security clash..see [1])
      6) try to set "Build periodically", you get [2]
      7) User with Administer permissions has no such problems during new job setup...

      SOLUTION:
      Seems like on e.g.
      hudson.triggers.TimerTrigger$DescriptorImpl.doCheck(TimerTrigger.java:62)

      is used
      new FormFieldValidator(req,rsp,true)
      while there should be probably only
      new FormFieldValidator(req,rsp,false) //no need to check for admin here

      It would be good to search Hudson's code for
      new FormFieldValidator(req,rsp,true)
      and reevaluate, where are administrator permission really necessary. I found at
      least two other places, where is no need to check for admin.

      [1]
      Caused by: org.acegisecurity.AccessDeniedException:
      org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@7ce80b5d:
      Username: anonymous; Password: [PROTECTED]; Authenticated: true; Details:
      org.acegisecurity.ui.WebAuthenticationDetails@380f4: RemoteIpAddress: 127.0.0.1;
      SessionId: 04b81c34b294b3b4c27ef6f131b77452; Granted Authorities: is missing
      Administer
      at hudson.security.ACL.checkPermission(ACL.java:30)
      at hudson.model.View.checkPermission(View.java:99)
      at hudson.util.FormFieldValidator.process(FormFieldValidator.java:75)
      at hudson.model.Hudson.doItemExistsCheck(Hudson.java:2159)
      ... 43 more

      [2]
      Caused by: org.acegisecurity.AccessDeniedException:
      org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@7ce80b5d:
      Username: anonymous; Password: [PROTECTED]; Authenticated: true; Details:
      org.acegisecurity.ui.WebAuthenticationDetails@380f4: RemoteIpAddress: 127.0.0.1;
      SessionId: 04b81c34b294b3b4c27ef6f131b77452; Granted Authorities: is missing
      Administer
      at hudson.security.ACL.checkPermission(ACL.java:30)
      at hudson.model.View.checkPermission(View.java:99)
      at hudson.util.FormFieldValidator.process(FormFieldValidator.java:75)
      at hudson.triggers.TimerTrigger$DescriptorImpl.doCheck(TimerTrigger.java:62)

          [JENKINS-2030] Matrix security configuration - Build scheduler not working for non-administrators

          musilt2 added a comment -

          Created an attachment (id=326)
          patch

          musilt2 added a comment - Created an attachment (id=326) patch

          musilt2 added a comment -

          created patch which should solve most visible problems for common usecases such
          as creating jobs.
          Basically what I did is that i set up matrix based security and tried to create
          jobs (as non admin) and tried to eliminate all exceptions that came during jobs
          setup. Please review...

          musilt2 added a comment - created patch which should solve most visible problems for common usecases such as creating jobs. Basically what I did is that i set up matrix based security and tried to create jobs (as non admin) and tried to eliminate all exceptions that came during jobs setup. Please review...

          Thanks for the patch.

          As I noted in the comment in the source code, most of those form-field
          validation check deals with potentially sensitive information. So we should
          require a permission to perform that check.

          The fix should be:

          1) identify the permission and subject that needs to be checked
          2) use the 4-arg constructor of FormFieldValidator.

          Kohsuke Kawaguchi added a comment - Thanks for the patch. As I noted in the comment in the source code, most of those form-field validation check deals with potentially sensitive information. So we should require a permission to perform that check. The fix should be: 1) identify the permission and subject that needs to be checked 2) use the 4-arg constructor of FormFieldValidator.

          musilt2 added a comment -

          OK, i can take try to create more safe patch.
          I've tried to search for usages of FormFieldValidator, the only constructor that
          is used in hudson-core is the FormFieldValidator(req, resp, boolean). so I have
          no idea how should proper usage of 4-arg cons look like
          Could you give me hint, let's say for example in
          Hudson.java in public void doItemExistsCheck(StaplerRequest req, StaplerResponse
          rsp)? This one is called during job creation, to check if job doesn't exist yet.
          What are permissons and subject that are needed to be checked in this case?
          Is the
          subject = Hudson.getInstance()
          and
          permissions - somehow obtain User.current() permissions?
          approach correct?
          Thanks in advance for hint..

          musilt2 added a comment - OK, i can take try to create more safe patch. I've tried to search for usages of FormFieldValidator, the only constructor that is used in hudson-core is the FormFieldValidator(req, resp, boolean). so I have no idea how should proper usage of 4-arg cons look like Could you give me hint, let's say for example in Hudson.java in public void doItemExistsCheck(StaplerRequest req, StaplerResponse rsp)? This one is called during job creation, to check if job doesn't exist yet. What are permissons and subject that are needed to be checked in this case? Is the subject = Hudson.getInstance() and permissions - somehow obtain User.current() permissions? approach correct? Thanks in advance for hint..

          Alan Harder added a comment -

          Fixed as issue #2715.

              • This issue has been marked as a duplicate of 2715 ***

          Alan Harder added a comment - Fixed as issue #2715. This issue has been marked as a duplicate of 2715 ***

            Unassigned Unassigned
            musilt2 musilt2
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: