Public bug reported:
When the function getSecretKey() in euca_conf tries to set SKEY and AKEY
it uses an unanchored regex with awk that can cause it to select the
credentials of any user with the word admin in their login name. I
imagine the intent was to select the 'admin' user but the way the code
is written the regex could match 'sadminer' for instance, who may or may
not have admin credentials.
This problem manifested when we created some accounts named jdoe_admin.
Even through jdoe_admin was marked as an Administrator since there were
no credentials in the database (the user had not retrieved their
credentials.zip) euca_conf requests started to fail on the machine.
The offending lines seem to be:
SKEY=$(eval echo $(awk -v field=${FIELD} -F, '/INSERT INTO AUTH_USERS.*admin/
{print $field}' ${DBDIR}/*auth* | head -n 1))
AKEY=$(eval echo $(awk -v field=${FIELD} -F, '/INSERT INTO
AUTH_USERS.*admin/ {print $field}' ${DBDIR}/*auth* | head -n 1))
Since the usernames in the files are surrounded by single quotes the
following fix seemed to work for us:
Replace: '/INSERT INTO AUTH_USERS.*admin/ {print $field}'
With: "/INSERT INTO AUTH_USERS.*'admin'/ {print \$field}"
Not sure if that is the best solution.
Thanks!
** Affects: eucalyptus (Ubuntu)
Importance: Undecided
Status: New
--
getSecretKey() in euca_conf uses unanchored regex to find admin credentials
https://bugs.launchpad.net/bugs/568108
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to eucalyptus in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
