11:23 a.m.
AUTH: merging bypasses authorization process
--------------------------------------------
Key: JGRP-1255
URL: https://jira.jboss.org/browse/JGRP-1255
Project: JGroups
Issue Type: Bug
Reporter: Bela Ban
Assignee: Bela Ban
Fix For: 2.12
AUTH checks admission into the group at JOIN time, but *not* at MERGE time !
To reproduce:
- Copy auth.xml from JGroups/conf
- Copy auth.xml to auth1.xml
- Change the password in auth1.xml from "chris" to "chrissie"
- Add <DISCARD use_gui="true"/> just above the transport to *both*
auth.xml and auth1.xml
- Start the instance A: java org.jgroups.demos.Draw -props ./auth.xml -name A
- In the discard dialog box, click on "start discarding"
- Start instance B: java org.jgroups.demos.Draw -props ./auth1.xml -name B
- A and B will form 2 singleton clusters {A} and {B}
- In instance A: click on "stop discarding" in the discard dialog box
- A and B will merge into a cluster {A,B}
SOLUTION: AUTH also needs to hook into the merge process and prevent a merge if
authorization fails
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
9:48 a.m.
New subject: [JBoss JIRA] Commented: (JGRP-1255) AUTH: merging bypasses authorization process
[
https://jira.jboss.org/browse/JGRP-1255?page=com.atlassian.jira.plugin.sy...
]
Bela Ban commented on JGRP-1255:
--------------------------------
Ok, AUTH now intercepts MERGE_REQs too. When a merge ensues, a member who's AUTH was
changed while it was separated from the cluster, won't be able to merge back into the
cluster.
However, since AUTH rejects the merge on behalf of GMS, even other (correct) members
won't merge until the faulty member process is killed. This is because all merge
participants need to agree on the merge, and the merge won't proceed with one or more
members rejecting it...
AUTH: merging bypasses authorization process
--------------------------------------------
Key: JGRP-1255
URL: https://jira.jboss.org/browse/JGRP-1255
Project: JGroups
Issue Type: Bug
Reporter: Bela Ban
Assignee: Bela Ban
Fix For: 2.12
AUTH checks admission into the group at JOIN time, but *not* at MERGE time !
To reproduce:
- Copy auth.xml from JGroups/conf
- Copy auth.xml to auth1.xml
- Change the password in auth1.xml from "chris" to "chrissie"
- Add <DISCARD use_gui="true"/> just above the transport to *both*
auth.xml and auth1.xml
- Start the instance A: java org.jgroups.demos.Draw -props ./auth.xml -name A
- In the discard dialog box, click on "start discarding"
- Start instance B: java org.jgroups.demos.Draw -props ./auth1.xml -name B
- A and B will form 2 singleton clusters {A} and {B}
- In instance A: click on "stop discarding" in the discard dialog box
- A and B will merge into a cluster {A,B}
SOLUTION: AUTH also needs to hook into the merge process and prevent a merge if
authorization fails
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
10:21 a.m.
New subject: [JBoss JIRA] Resolved: (JGRP-1255) AUTH: merging bypasses authorization process
[
https://jira.jboss.org/browse/JGRP-1255?page=com.atlassian.jira.plugin.sy...
]
Bela Ban resolved JGRP-1255.
----------------------------
Resolution: Done
AUTH: merging bypasses authorization process
--------------------------------------------
Key: JGRP-1255
URL: https://jira.jboss.org/browse/JGRP-1255
Project: JGroups
Issue Type: Bug
Reporter: Bela Ban
Assignee: Bela Ban
Fix For: 2.12
AUTH checks admission into the group at JOIN time, but *not* at MERGE time !
To reproduce:
- Copy auth.xml from JGroups/conf
- Copy auth.xml to auth1.xml
- Change the password in auth1.xml from "chris" to "chrissie"
- Add <DISCARD use_gui="true"/> just above the transport to *both*
auth.xml and auth1.xml
- Start the instance A: java org.jgroups.demos.Draw -props ./auth.xml -name A
- In the discard dialog box, click on "start discarding"
- Start instance B: java org.jgroups.demos.Draw -props ./auth1.xml -name B
- A and B will form 2 singleton clusters {A} and {B}
- In instance A: click on "stop discarding" in the discard dialog box
- A and B will merge into a cluster {A,B}
SOLUTION: AUTH also needs to hook into the merge process and prevent a merge if
authorization fails
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
4932
days inactive
4939
days old
2 comments
1 participants
participants (1)
-
Bela Ban (JIRA)