[
https://issues.apache.org/jira/browse/HIVE-9934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14364424#comment-14364424
]
Hive QA commented on HIVE-9934:
-------------------------------
{color:red}Overall{color}: -1 at least one tests failed
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12704870/HIVE-9934.2.patch
{color:red}ERROR:{color} -1 due to 2 failed/errored test(s), 7769 tests executed
*Failed tests:*
{noformat}
TestCustomAuthentication - did not produce a TEST-*.xml file
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_udaf_percentile_approx_23
{noformat}
Test results:
http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/3047/testReport
Console output:
http://ec2-174-129-184-35.compute-1.amazonaws.com/jenkins/job/PreCommit-HIVE-TRUNK-Build/3047/console
Test logs:
http://ec2-174-129-184-35.compute-1.amazonaws.com/logs/PreCommit-HIVE-TRUNK-Build-3047/
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
Tests exited with: TestsFailedException: 2 tests failed
{noformat}
This message is automatically generated.
ATTACHMENT ID: 12704870 - PreCommit-HIVE-TRUNK-Build
> Vulnerability in LdapAuthenticationProviderImpl enables HiveServer2 client to
> degrade the authentication mechanism to "none", allowing authentication
> without password
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: HIVE-9934
> URL: https://issues.apache.org/jira/browse/HIVE-9934
> Project: Hive
> Issue Type: Bug
> Components: Security
> Affects Versions: 1.1.0
> Reporter: Chao
> Assignee: Chao
> Attachments: HIVE-9934.1.patch, HIVE-9934.2.patch
>
>
> Vulnerability in LdapAuthenticationProviderImpl enables HiveServer2 client to
> degrade the authentication mechanism to "none", allowing authentication
> without password.
> See: http://docs.oracle.com/javase/jndi/tutorial/ldap/security/simple.html
> “If you supply an empty string, an empty byte/char array, or null to the
> Context.SECURITY_CREDENTIALS environment property, then the authentication
> mechanism will be "none". This is because the LDAP requires the password to
> be nonempty for simple authentication. The protocol automatically converts
> the authentication to "none" if a password is not supplied.”
>
> Since the LdapAuthenticationProviderImpl.Authenticate method is relying on a
> NamingException being thrown during creation of initial context, it does not
> fail when the context result is an “unauthenticated” positive response from
> the LDAP server. The end result is, one can authenticate with HiveServer2
> using the LdapAuthenticationProviderImpl with only a user name and an empty
> password.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
