[
https://issues.apache.org/jira/browse/KNOX-2574?focusedWorklogId=635042&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-635042
]
ASF GitHub Bot logged work on KNOX-2574:
----------------------------------------
Author: ASF GitHub Bot
Created on: 06/Aug/21 10:37
Start Date: 06/Aug/21 10:37
Worklog Time Spent: 10m
Work Description: zeroflag commented on pull request #478:
URL: https://github.com/apache/knox/pull/478#issuecomment-894170676
cc: @moresandeep @smolnar82 @pzampino @lmccay
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 635042)
Time Spent: 40m (was: 0.5h)
> Missing proper logging when hmac secret is short (misconfigured)
> ----------------------------------------------------------------
>
> Key: KNOX-2574
> URL: https://issues.apache.org/jira/browse/KNOX-2574
> Project: Apache Knox
> Issue Type: New Feature
> Components: Server
> Reporter: Sandeep More
> Assignee: Attila Magyar
> Priority: Major
> Time Spent: 40m
> Remaining Estimate: 0h
>
> I was testing out creating tokens with HMAC and created a secret which was
> less than 256 bits. When I tried to create tokens the operation failed with
> no meaningful message, even the gateway logs were not logging the error. If
> this happens in prod it would be extremely painful to track down.
> This is what I get when I try to create tokens
> {code}
> (base) ➜ ~ curl -iku admin:admin-password
> 'https://localhost:8443/gateway/sandbox/knoxtoken/api/v1/token'
> HTTP/1.1 200 OK
> Date: Wed, 07 Apr 2021 19:27:42 GMT
> Set-Cookie: KNOXSESSIONID=node01hfs7ly3arqcelcoiofnz3de0.node0;
> Path=/gateway/sandbox; Secure; HttpOnly
> Expires: Thu, 01 Jan 1970 00:00:00 GMT
> Set-Cookie: rememberMe=deleteMe; Path=/gateway/sandbox; Max-Age=0;
> Expires=Tue, 06-Apr-2021 19:27:42 GMT; SameSite=lax
> Content-Type: application/json
> Content-Length: 30
> { "Unable to acquire token." }
> {code}
>
> And this is what I see in the logs
> {code}
> 2021-04-07 15:27:42,405 INFO knox.gateway
> (KnoxLdapRealm.java:getUserDn(688)) - Computed userDn:
> uid=admin,ou=people,dc=hadoop,dc=apache,dc=org using dnTemplate for
> principal: admin
> 2021-04-07 15:29:25,667 INFO service.knoxtoken
> (TokenResource.java:getAuthenticationToken(453)) - toString
> 2021-04-07 15:29:28,125 INFO service.knoxtoken
> (TokenResource.java:getAuthenticationToken(454)) - toString
> 2021-04-07 15:29:29,671 ERROR service.knoxtoken
> (TokenResource.java:getAuthenticationToken(454)) - Unable to issue token.
> 2021-04-07 15:29:29,863 INFO service.knoxtoken
> (TokenResource.java:getAuthenticationToken(456)) - toString
> {code}
> There were few issues I noticed that needs some attention:
> 1. Should we even allow creating secrets less than 256 bits? how do we
> validate it?
> 2.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
