[
https://issues.jenkins-ci.org/browse/JENKINS-13650?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
jacob_robertson updated JENKINS-13650:
--------------------------------------
Labels: plugin security (was: plugin)
Assignee: Kohsuke Kawaguchi
> Upgrading Active Directory plugin from 1.26 to 1.27 causes loss of Jenkins
> admin rights
> ---------------------------------------------------------------------------------------
>
> Key: JENKINS-13650
> URL: https://issues.jenkins-ci.org/browse/JENKINS-13650
> Project: Jenkins
> Issue Type: Bug
> Components: active-directory
> Environment: Windows Server 2003 x86, non-domain, connecting to
> Windows Server 2008 Active Directory. "Domain Name" set to
> ourcompanyname.com, "Domain controller" left blank. Jenkins version=1.450, AD
> plugin version=1.26
> Reporter: Tom Fanning
> Assignee: Kohsuke Kawaguchi
> Labels: plugin, security
>
> I just updated the AD plugin with "install without restarting" turned on to
> attempt to fix bug 12619 which I originally reported.
> It failed:
> INFO: Starting the installation of Active Directory plugin on behalf of
> tfanning
> 01-May-2012 11:23:40 hudson.model.UpdateCenter$UpdateCenterConfiguration
> download
> INFO: Downloading Active Directory plugin
> 01-May-2012 11:23:41 hudson.PluginManager dynamicLoad
> INFO: Attempting to dynamic load C:\Program
> Files\Jenkins\plugins\active-directory.jpi
> 01-May-2012 11:23:41 hudson.model.UpdateCenter$DownloadJob run
> SEVERE: Failed to install Active Directory plugin
> hudson.util.IOException2: Failed to dynamically deploy this plugin
> at
> hudson.model.UpdateCenter$InstallationJob._run(UpdateCenter.java:1137)
> at hudson.model.UpdateCenter$DownloadJob.run(UpdateCenter.java:955)
> at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
> at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
> at java.util.concurrent.FutureTask.run(Unknown Source)
> at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown
> Source)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
> at java.lang.Thread.run(Unknown Source)
> Caused by: java.io.IOException: Unable to delete C:\Program
> Files\Jenkins\plugins\active-directory\WEB-INF\lib\active-directory-1.0.jar
> at hudson.Util.deleteFile(Util.java:237)
> at hudson.Util.deleteRecursive(Util.java:287)
> at hudson.Util.deleteContentsRecursive(Util.java:198)
> at hudson.Util.deleteRecursive(Util.java:278)
> at hudson.Util.deleteContentsRecursive(Util.java:198)
> at hudson.Util.deleteRecursive(Util.java:278)
> at hudson.Util.deleteContentsRecursive(Util.java:198)
> at hudson.ClassicPluginStrategy.explode(ClassicPluginStrategy.java:389)
> at
> hudson.ClassicPluginStrategy.createPluginWrapper(ClassicPluginStrategy.java:113)
> at hudson.PluginManager.dynamicLoad(PluginManager.java:340)
> at
> hudson.model.UpdateCenter$InstallationJob._run(UpdateCenter.java:1133)
> ... 7 more
> I then restarted the Jenkins service, waited, logged in with my AD
> credentials, so this appeared to work.
> However in Jenkins my AD account has now lost all of its admin privileges,
> i.e. I nor any other person configured to have admin rights can now configure
> Jenkins.
> I noticed active-directory.bak left over in the Jenkins plugin folder.
> Stopped the service, deleted active-directory.jpi, renamed
> active-directory.bak to .jpi, restarted, all working (albeit with bug 12619
> still present)
> How should I upgrade to 1.27 safely?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
