Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-31256

hudson.Remoting.Engine#waitForServerToBack does not use credentials for connection




      We have a jenkins instance running behind Apache web server, which forces basic authentication for accessing Jenkins.

      When using jnlp from a slave machine, then it works initially, because it uses provided basic authentication credentials. However at some point it stops working and in jenkins-slave.err.log this line is printed over and over again:
      Oct 29, 2015 12:38:23 PM hudson.remoting.Engine waitForServerToBack
      INFO: Master isn't ready to talk to us. Will retry again: response code=401

      Looking at the Engine#waitForServerToBack (https://github.com/jenkinsci/remoting/blob/master/src/main/java/hudson/remoting/Engine.java#L365) code, I can see that it does not provide credentials to path /tcpSlaveAgentListener.

      Although there's a comment at #run method (https://github.com/jenkinsci/remoting/blob/master/src/main/java/hudson/remoting/Engine.java#L185):
      // TODO /tcpSlaveAgentListener is unprotected so why do we need to pass any credentials?

      Reading this, It seems that Engine assumes that Jenkins is never placed behind firewalls and served directly to the public, which is not always the case, especially when Jenkins slaves are involved - they might be outside of Jenkins own network, thus firewalls/proxies are probably between them.

      In other words - Engine should always provide credentials to every request, if they exist, because assumption of something being unprotected might be wrong.

      PS! Same thing applies to proxy credentials, which are not provided in the #waitForServerToBack, but are provided in #run.



          jarm0 Jarmo Pertman created issue -
          wiizzard Tim Pambor made changes -
          Field Original Value New Value
          Assignee Tim Pambor [ wiizzard ]
          wiizzard Tim Pambor made changes -
          Status Open [ 1 ] In Progress [ 3 ]
          wiizzard Tim Pambor made changes -
          Resolution Fixed [ 1 ]
          Status In Progress [ 3 ] Closed [ 6 ]
          rtyler R. Tyler Croy made changes -
          Workflow JNJira [ 166506 ] JNJira + In-Review [ 209383 ]
          olivergondza Oliver Gond┼ża made changes -
          Labels 2.7.2-fixed


            wiizzard Tim Pambor
            jarm0 Jarmo Pertman
            0 Vote for this issue
            5 Start watching this issue