Bug #2974

creating a vpn user corrupts the system user with the same name

Added by Nicola Rauso over 6 years ago. Updated over 6 years ago.

Status:CLOSEDStart date:
Priority:HighDue date:
Assignee:-% Done:

100%

Category:nethserver-vpn
Target version:v6.5
Security class: Resolution:
Affected version:v6.5 NEEDINFO:No

Description

Create a system user, i.e. "goofy"

# db accounts show goofy
goofy=user
    City=
    Company=
    Department=
    FirstName=Goofy
    LastName=Test
    PhoneNumber=
    Samba=disabled
    Street=
    Uid=5028
    __state=new

# id goofy
uid=5028(goofy) gid=5028(goofy) groups=5028(goofy),502(locals)

then create an "only vpn" user with the same username, "goofy": the related "db account" record will be changed

# db accounts show goofy
goofy=vpn
    VPNRemoteNetmask=
    VPNRemoteNetwork=

# id goofy
uid=5028(goofy) gid=5028(goofy) groups=5028(goofy),502(locals)

here is the messages log:

Dec  5 15:38:19 firewall /sbin/e-smith/db[5848]: /var/lib/nethserver/db/accounts: OLD goofy=user|City||Company||Department||FirstName|Goofy|LastName|Test|PhoneNumber||Samba|disabled|Street||Uid|5028|__state|new
Dec  5 15:38:19 firewall /sbin/e-smith/db[5848]: /var/lib/nethserver/db/accounts: NEW goofy=vpn
Dec  5 15:38:19 firewall /sbin/e-smith/db[5848]: /var/lib/nethserver/db/accounts: OLD goofy=vpn
Dec  5 15:38:19 firewall /sbin/e-smith/db[5848]: /var/lib/nethserver/db/accounts: NEW goofy=vpn|VPNRemoteNetmask|
Dec  5 15:38:19 firewall /sbin/e-smith/db[5848]: /var/lib/nethserver/db/accounts: OLD goofy=vpn|VPNRemoteNetmask|
Dec  5 15:38:19 firewall /sbin/e-smith/db[5848]: /var/lib/nethserver/db/accounts: NEW goofy=vpn|VPNRemoteNetmask||VPNRemoteNetwork|
Dec  5 15:38:20 firewall esmith::event[5856]: Event: nethserver-vpn-save

System should check if tehat user already exists!

Installed packages:

  • nethserver-directory-2.0.4-1.ns6.noarch
  • nethserver-openvpn-1.1.1-1.ns6.noarch
  • nethserver-vpn-1.1.3-1.ns6.noarch

Associated revisions

Revision 20e3fa9b
Added by Davide Principi over 6 years ago

Avoid overwriting existing keys in accounts DB. Refs #2974

  • Added platform 'vpn-create' validator
  • Disabled textInput in "update" view, to avoid "name" form field
    re-submission

History

#1 Updated by Nicola Rauso over 6 years ago

  • Subject changed from vpn user definition corrupts system user to vpn user creation corrupts system user

#2 Updated by Nicola Rauso over 6 years ago

  • Subject changed from vpn user creation corrupts system user to creating a vpn user corrupts the system user with the same name

#3 Updated by Giacomo Sanchietti over 6 years ago

  • Category set to nethserver-vpn
  • Status changed from NEW to TRIAGED
  • Target version set to v6.5
  • % Done changed from 0 to 20

#4 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#5 Updated by Giacomo Sanchietti over 6 years ago

  • Assignee deleted (Giacomo Sanchietti)

We can reuse the uniq-account action from user-create validator.

Here is the patch for createlinks:

diff --git a/createlinks b/createlinks
index 770a047..d7ded3d 100755
--- a/createlinks
+++ b/createlinks
@@ -66,3 +66,8 @@ event_actions($event,
     'firewall-adjust' => '80',
 );

+# actions for user-create validator
+validator_actions('vpn-create', qw(
+                  uniq-account 20
+));
+

The username inside the PHP module, should have a validator like this:

$name_validator = $this->createValidator(Validate::USERNAME)->platform('vpn-create');

#6 Updated by Davide Principi over 6 years ago

  • Assignee set to Davide Principi

#7 Updated by Davide Principi over 6 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 30 to 60

MODIFIED

#8 Updated by Davide Principi over 6 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

In nethserver-testing (6.5):
nethserver-vpn-1.1.3-1.0git20e3fa9b.ns6.noarch.rpm

#9 Updated by Giacomo Sanchietti over 6 years ago

  • Assignee set to Giacomo Sanchietti

#10 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 70 to 90

Validator from web UI works ok.

Validator from command line:

[root@localhost ~]# validate vpn-create admin
A user account with the same name already exists
vpn-create,uniq-account,3
[root@localhost ~]# validate vpn-create myuser

#11 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Released in nethserver-updates:
  • nethserver-vpn-1.1.4-1.ns6.noarch.rpm

Also available in: Atom PDF