[
https://issues.apache.org/jira/browse/VCL-745?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13894947#comment-13894947
]
ASF subversion and git services commented on VCL-745:
-----------------------------------------------------
Commit 1565780 from [~arkurth] in branch 'vcl/trunk'
[ https://svn.apache.org/r1565780 ]
VCL-745
Added check to Windows.pm::user_logged_in to use the 'Administrator' username
for imaging requests.
VCL-746
Updated Windows.pm::get_service_configuration to copy the reg export text file
from the remote computer to the management node and then retrieve its contents
locally.
Added OS.pm::copy_file_from subroutine. This is called from
get_service_configuration.
Other
Removed duplicate call to update_public_ip_address in Windows.pm::post_load.
> Windows.pm user_logged_in does not check for imaging requests
> -------------------------------------------------------------
>
> Key: VCL-745
> URL: https://issues.apache.org/jira/browse/VCL-745
> Project: VCL
> Issue Type: Bug
> Components: vcld (backend)
> Affects Versions: 2.3.2
> Reporter: Andy Kurth
> Priority: Minor
> Fix For: 2.4
>
>
> During the period when a reservation is in the reserved state, the
> check_connection_on_port subroutine in Windows.pm detects when a connection
> is made on the port corresponding to the conection method (3389 in this
> case). When a connection is detected, check_connection_on_port also checks
> if the connection is from the same IP address which was captured by the
> website when the user clicked Connect. The IP addresses normally match but
> in some cases such as when a VPN is used they may be different. When
> different, an additional step is performed to call the user_logged_in
> subroutine in Windows.pm to retrieve the names of the users logged in to the
> reservation computer. This is necessary because the firewall is open to any
> address during this period. Someone doing a port scan may connect to the
> computer. We need to verify that the connection is from the actual user by
> checking if a user matching the reservation username is logged in. If the
> reservation user is logged in, it is assumed that the the VPN situation
> occured and the IP address the user connected from is assumed to be correct
> and the firewall is configured properly.
> As you know, for imaging requests the "Administrator" user is used to login
> to the reservation instead of the normal username. The user_logged_in
> subroutine uses the normal username if no argument is supplied without
> checking if this is an imaging requests or not. As a result, it never
> detects that Administrator is logged in. After the loop times out, the
> firewall is locked down to the IP address retrieved from the website.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
