Bug #2974
creating a vpn user corrupts the system user with the same name
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | High | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-vpn | |||
Target version: | v6.5 | |||
Security class: | Resolution: | |||
Affected version: | v6.5 | NEEDINFO: | No |
Description
Create a system user, i.e. "goofy"
# db accounts show goofy goofy=user City= Company= Department= FirstName=Goofy LastName=Test PhoneNumber= Samba=disabled Street= Uid=5028 __state=new # id goofy uid=5028(goofy) gid=5028(goofy) groups=5028(goofy),502(locals)
then create an "only vpn" user with the same username, "goofy": the related "db account"
record will be changed
# db accounts show goofy goofy=vpn VPNRemoteNetmask= VPNRemoteNetwork= # id goofy uid=5028(goofy) gid=5028(goofy) groups=5028(goofy),502(locals)
here is the messages
log:
Dec 5 15:38:19 firewall /sbin/e-smith/db[5848]: /var/lib/nethserver/db/accounts: OLD goofy=user|City||Company||Department||FirstName|Goofy|LastName|Test|PhoneNumber||Samba|disabled|Street||Uid|5028|__state|new Dec 5 15:38:19 firewall /sbin/e-smith/db[5848]: /var/lib/nethserver/db/accounts: NEW goofy=vpn Dec 5 15:38:19 firewall /sbin/e-smith/db[5848]: /var/lib/nethserver/db/accounts: OLD goofy=vpn Dec 5 15:38:19 firewall /sbin/e-smith/db[5848]: /var/lib/nethserver/db/accounts: NEW goofy=vpn|VPNRemoteNetmask| Dec 5 15:38:19 firewall /sbin/e-smith/db[5848]: /var/lib/nethserver/db/accounts: OLD goofy=vpn|VPNRemoteNetmask| Dec 5 15:38:19 firewall /sbin/e-smith/db[5848]: /var/lib/nethserver/db/accounts: NEW goofy=vpn|VPNRemoteNetmask||VPNRemoteNetwork| Dec 5 15:38:20 firewall esmith::event[5856]: Event: nethserver-vpn-save
System should check if tehat user already exists!
Installed packages:
- nethserver-directory-2.0.4-1.ns6.noarch
- nethserver-openvpn-1.1.1-1.ns6.noarch
- nethserver-vpn-1.1.3-1.ns6.noarch
Associated revisions
Avoid overwriting existing keys in accounts DB. Refs #2974
- Added platform 'vpn-create' validator
- Disabled textInput in "update" view, to avoid "name" form field
re-submission
History
#1 Updated by Nicola Rauso over 6 years ago
- Subject changed from vpn user definition corrupts system user to vpn user creation corrupts system user
#2 Updated by Nicola Rauso over 6 years ago
- Subject changed from vpn user creation corrupts system user to creating a vpn user corrupts the system user with the same name
#3 Updated by Giacomo Sanchietti over 6 years ago
- Category set to nethserver-vpn
- Status changed from NEW to TRIAGED
- Target version set to v6.5
- % Done changed from 0 to 20
#4 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#5 Updated by Giacomo Sanchietti over 6 years ago
- Assignee deleted (
Giacomo Sanchietti)
We can reuse the uniq-account
action from user-create
validator.
Here is the patch for createlinks
:
diff --git a/createlinks b/createlinks index 770a047..d7ded3d 100755 --- a/createlinks +++ b/createlinks @@ -66,3 +66,8 @@ event_actions($event, 'firewall-adjust' => '80', ); +# actions for user-create validator +validator_actions('vpn-create', qw( + uniq-account 20 +)); +
The username inside the PHP module, should have a validator like this:
$name_validator = $this->createValidator(Validate::USERNAME)->platform('vpn-create');
#6 Updated by Davide Principi over 6 years ago
- Assignee set to Davide Principi
#7 Updated by Davide Principi over 6 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 30 to 60
MODIFIED
#8 Updated by Davide Principi over 6 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
In nethserver-testing (6.5):
nethserver-vpn-1.1.3-1.0git20e3fa9b.ns6.noarch.rpm
#9 Updated by Giacomo Sanchietti over 6 years ago
- Assignee set to Giacomo Sanchietti
#10 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 70 to 90
Validator from web UI works ok.
Validator from command line:
[root@localhost ~]# validate vpn-create admin A user account with the same name already exists vpn-create,uniq-account,3 [root@localhost ~]# validate vpn-create myuser
#11 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
Released in nethserver-updates:
- nethserver-vpn-1.1.4-1.ns6.noarch.rpm