Uploaded image for project: 'HPCC'
  1. HPCC
  2. HPCC-18228

If a request structure in ws_workunits.ecm contains a field called "Password" it clashes with the user password and results authentication error.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 7.0.0
    • Fix Version/s: 7.0.0
    • Component/s: ESP
    • Labels:
      None

      Description

      During the implementation of "HPCC-18210 Extend ECL tool with zapgen command." I faced a problem which is not related to my implementation.

      The problem is in the

      ESPrequest [nil_remove] WUCreateZAPInfoRequest

      there is a field:

      [min_ver("1.53")] string Password;

      which is intent to be a ZAP (zip) file password and it clashes with the user password. It seems it works in LDAP enabled and pre-authenticated environment like ECLWatch or via direct HTTP call with "Authorization" header, but it doesn't with

      Owned<IClientWUCreateZAPInfoResponse> zapResp = client->WUCreateZAPInfo(zapReq);

      call.

      It returns with:

      401: Unauthorized Access

      The password problem is not related to ZAP file generation. It is generic.
      If "Password" field moved from WUCreateZAPInfoRequest into

      ESPrequest WUAbortRequest {    
         ESParray<string> Wuids;    
         [min_ver("1.02")] int   BlockTillFinishTimer(0);    
         [depr_ver("1.69")] string Password;
      };

      then, the previously working 'ecl abort ...' returns with:

      abort -wu=W20170830-212651 --username=TheAdmin --password=P@ssw0rd --port=8010 401: Unauthorized Access

      and zapgen is fine:

      ecl zapgen -wu=W20170830-212651 --path=/home/ati/HPCCSystems-regression/zap --problemDescription="Failed in OBT" --incThorSlaveLogs=1 --server=127.0.0.1 --username=TheAdmin --password=P@ssw0rd --port=8010 
      ZAP file written into /home/ati/HPCCSystems-regression/zap/ZAPReport_W20170830-212651_TheAdmin.zip.
      

      It seems during the esprequest creation for Abort (in ws_workuit.esp:68863) the 'userid_' variable  is set by

      esprequest->setUserId(m_userid.str());

      function call to user name, but the 'password_' doesn't independently it has a correct value at

      esprequest->setPassword(m_password.str());

      function call (in ws_workuit.esp:68864). 

      Both of them implemented in soapbind.hpp line 166 and 169. I put break point to each, but only the setUserId() gets a hit during the step-by-step trace for Abort and both of them get hit for other request, e.g. zapgen.

      Anthony Fishbeck, Rodrigo Pastrana any idea?

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                rpastrana Rodrigo Pastrana
                Reporter:
                attilavamos Attila Vamos
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: