Bug #4396

Authentication is OK and new account are created when using a wildcard caracter “*” and/or “?” in login

Added by EOLE Team over 4 years ago. Updated over 3 years ago.

Status:ClosedStart date:04/08/2016
Priority:NormalDue date:
Assignee:Jaime Melis% Done:

0%

Category:Sunstone
Target version:Release 5.0
Resolution:fixed Pull request:
Affected Versions:OpenNebula 4.14

Description

Hello,

A user made a typo when login on Sunstone and add a * to her login:

  • the authentication was successful, which shouldn't
  • a new account named user* was registered

I made some test and the * characters can be used anywhere in the login, but the ? character works only at the end of the login

Login Authentication
*testuser OK
test*user OK
testuser? OK
*test*user? OK
?testuser NOK
test?user NOK

Associated revisions

Revision 50c1e52b
Added by Jaime Melis about 4 years ago

Bug #4396: Escape filtering symbols when looking for a user

History

#1 Updated by EOLE Team over 4 years ago

To complete the report, the authentication is ldap.

#2 Updated by Ruben S. Montero over 4 years ago

  • Status changed from Pending to New
  • Target version set to Release 5.0

#3 Updated by Carlos Martín about 4 years ago

  • Assignee set to Jaime Melis

#4 Updated by Carlos Martín about 4 years ago

  • Status changed from New to Closed
  • Resolution set to fixed

#5 Updated by Rolandas Naujikas over 3 years ago

There also we have problem with space (blank) characters before or after username.
We found some users in our opennebula db as %20user or user%20.
After investigation we found this bug report and incomplete fix.
I'm not sure, but FILTER_ESCAPES could contain this to fix space/blank character:

      '\ ' => '20',

I'm not sure if it is correct fix, but at least in our LDAP there are no users with space/blank characters in username (as uid).
There could be problems with LDAP authentification if for e.g. cn is used, which usually have spaces inside (for e.g. Last name + First name).

Also available in: Atom PDF