tracker issue : CF-4199020

select a category, or use search below
(searches all categories and all time range)
Title:

CF admin errors on Linux VM when CFIDE mounted to Windows host.

| View in Tracker

Status/Resolution/Reason: To Track//PRNeedInfo

Reporter/Name(from Bugbase): Bradley Wood / Bradley Wood ()

Created: 07/07/2017

Components: Language

Versions: 2016,13.0

Failure Type: Incorrectly functioning

Found In Build/Fixed In Build: 2016 U4 /

Priority/Frequency: Normal / Some users will encounter

Locale/System: / Linux All

Vote Count: 0

When I install ColdFusion on a Linux VM running inside of VirtualBox on a case insensitive host (like WIndows) and place the CFIDE folder in a location that's mounted to a folder on the host machine, pages in the administrator such as the Datasources list page in the administrator throw the following exception.  (stack trace trimmed)

coldfusion.security.SecurityManager$UnauthenticatedCredentialsException
	at coldfusion.security.SecurityManager.getAdminHash(SecurityManager.java:2298)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at coldfusion.runtime.StructBean.invoke(StructBean.java:508)
	at coldfusion.runtime.CfJspPage._invoke(CfJspPage.java:3168)
	at coldfusion.runtime.CfJspPage._invoke(CfJspPage.java:3068)
	at cfApplication2ecfm1669273262._factor9(/CFIDE/administrator/Application.cfm:171)
	at cfApplication2ecfm1669273262.runPage(/CFIDE/administrator/Application.cfm:1)
	at coldfusion.runtime.CfJspPage.invoke(CfJspPage.java:251)
	at coldfusion.tagext.lang.IncludeTag.handlePageInvoke(IncludeTag.java:737)
	at coldfusion.tagext.lang.IncludeTag.doStartTag(IncludeTag.java:573)
	at coldfusion.runtime.CfJspPage._emptyTcfTag(CfJspPage.java:3698)
	at cfApplication2ecfm478229027.runPage(/CFIDE/administrator/datasources/Application.cfm:8)

This is a common setup now that we're using Docker for a lot of local development, which makes heavy use of folders mounted to the host machine.

This is a tricky bug and actually not related to the admin at all, but due to mishandling of file case sensitivity (The VM OS is case sensitive, but the mounted folder is not)  The core issue is that the internal canonical path to any CFIncluded file has the file name lowercased in this scenario.  I don't know how or why that is happening, but I know it's causing the above exception in the admin because when the root Application.cfm is cfincluded from datasources/Application.cfm it's canonical name has a lower case "a" which fails the security checks.  

It is possible to reproduce the core bug in a standalone scenario without even messing with the administrator.  Create two files in a folder with the following code:

index.cfm
<cfinclude template="Foo.cfm" >

Foo.cfm (Note the uppercase "F")
<cfscript>
	myPage = getPageContext().getPage();
	myParent = createObject( 'java', 'coldfusion.runtime.CfJspPage' ).getClass().getDeclaredField("parent").get( myPage );
	writeDump( myParent.getCanonicalLocation() );
</cfscript>


Now start ColdFusion on a Linux VM and hit the index.cfm with the code on the local drive.  You will see the correct output on the screen of /path/to/local/folder/Foo.cfm

Now map a folder to the host Windows machine, move the files there, and point ColdFusion's web root to this mounted folder.  The code will run as before, but this time you'll get the following incorrect output of /path/to/mounted/folder/foo.cfm

Even though the file name is "Foo.cfm", the internal canonical name for the include is set to "foo.cfm".

Attachments:

  1. September 14, 2017 00:00:00: hf201600-4199020.jar

Comments:

Just curious... are filenames lower-cased when accessing a Windows mapped folder when "ColdFusion is running on Windows"? Also do CF+Linux CF9, 10, 11 & 2016 all return the same results? (Sometimes bugs are introduced in later versions of ColdFusion. I've been comparing so I can point of the difference in behavior.)
Comment by James Moberg
520 | July 10, 2017 04:43:27 PM GMT
@james, when running ColdFusion on Windows, this does not occur. There must be some check inside of ColdFusion that is performing logic based either on the current operating system or based on whether CF thinks it has detected a case insensitive file system. I did not test on ACF 2016, mostly due to the large amount of time I had already spent testing on 2016.
Comment by Bradley Wood
521 | July 10, 2017 04:50:33 PM GMT
Sorry, I mean to say I did not test on CF 9, 10, or 11! If only I could edit my previous comments...
Comment by Bradley Wood
522 | July 10, 2017 04:53:19 PM GMT
Place the attached jar file under cfusion\lib\updates and add the argument -Dcoldfusion.admin.isbehindvdir=true in jvm.config.Restart the server. It should look as follows after changing jvm.config. java.args=-Dcoldfusion.admin.isbehindvdir=true -server ..... ......... Can be applied on top of Update 5.
Comment by Krishna Reddy P
523 | September 14, 2017 07:37:50 AM GMT
Hi Krishna, can you confirm if the JVM arg is just a temporary workaround or will that be part of the final solution? The reason I ask is because the CF server doesn't always "know" if the location it's running from has been mounted over a mapped folder. Take a Docker container for instance, which was where I first noticed this. The Docker image is very generic and doesn't have any information about the host operating system it's running on nor where the folders the engine is installed to are coming from. And a user should be able to deploy the same Docker container anywhere with no modifications. I'm not sure it's reasonable to expect the something to detect this from inside the VM. Can't the logic in CF be adjusted appropriately to either detect whether or not the filesystem is case sensitive, or remove the dependency on case?
Comment by Bradley Wood
524 | September 14, 2017 01:34:59 PM GMT
Hi Bradley, Can you confirm the solution provided by Krishna Reddy worked for you ?    Regards, Mukesh
Comment by Mukesh Kumar
30013 | December 06, 2018 11:01:25 AM GMT
Hi Mukesh, the solution does not work for all the reasons I listed in my last comment. The solution is misguided and incomplete. Instead of putting in hacky JVM flags that are specific to the administrator, ColdFusion needs to have it's file system detection improved in general so it correct detects whether it is case sensitive or not.
Comment by Bradley Wood
30017 | December 06, 2018 02:55:29 PM GMT