You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2020/11/15 21:28:00 UTC

[jira] [Work logged] (KNOX-2469) Knox keystore directory creation fails when following a symlink

     [ https://issues.apache.org/jira/browse/KNOX-2469?focusedWorklogId=512051&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-512051 ]

ASF GitHub Bot logged work on KNOX-2469:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 15/Nov/20 21:27
            Start Date: 15/Nov/20 21:27
    Worklog Time Spent: 10m 
      Work Description: lmccay commented on a change in pull request #383:
URL: https://github.com/apache/knox/pull/383#discussion_r523816161



##########
File path: gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/DefaultKeystoreService.java
##########
@@ -513,12 +513,14 @@ private synchronized boolean isKeyStoreAvailable(final Path keyStoreFilePath, St
   // Package private for unit test access
   // We need this to be synchronized to prevent multiple threads from using at once
   synchronized KeyStore createKeyStore(Path keystoreFilePath, String keystoreType, char[] password) throws KeystoreServiceException {
-    if (Files.notExists(keystoreFilePath)) {
-      // Ensure the parent directory exists...
-      try {
+    // Ensure the parent directory exists...
+    // This is symlink safe.
+    Path parentPath = keystoreFilePath.getParent();

Review comment:
       @jameschen1519 - it is possible for this method to return null, I believe.
   I am not sure what the implications on the next line would be in that case,
   I think that you should extend the existing test cases in DefaultKeystoreServiceTest to provide proper assurances here.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


Issue Time Tracking
-------------------

            Worklog Id:     (was: 512051)
    Remaining Estimate: 167h 50m  (was: 168h)
            Time Spent: 10m

> Knox keystore directory creation fails when following a symlink
> ---------------------------------------------------------------
>
>                 Key: KNOX-2469
>                 URL: https://issues.apache.org/jira/browse/KNOX-2469
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 1.4.0, 1.5.0
>            Reporter: James Chen
>            Priority: Minor
>              Labels: easy-fix, patch-available
>             Fix For: 1.4.0, 1.5.0
>
>         Attachments: 0001-Fixing-Knox-symlink.patch
>
>   Original Estimate: 168h
>          Time Spent: 10m
>  Remaining Estimate: 167h 50m
>
> At the moment, if the keystore path does not exist, Knox attempts to create the parent directories of the keystore path recursively. However, there is an edge case, as described in JDK-8130464, where the directory creation fails if the final, parent directory of the keystore path is a symlink. This causes a failure during startup.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)