getSecretKey() in euca_conf uses unanchored regex to find admin credentials
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Eucalyptus |
New
|
Undecided
|
Mitch Garnaat | ||
| 2.0 |
New
|
Medium
|
graziano obertelli | ||
| eucalyptus (Ubuntu) |
Triaged
|
Low
|
Unassigned | ||
Bug Description
When the function getSecretKey() in euca_conf tries to set SKEY and AKEY it uses an unanchored regex with awk that can cause it to select the credentials of any user with the word admin in their login name. I imagine the intent was to select the 'admin' user but the way the code is written the regex could match 'sadminer' for instance, who may or may not have admin credentials.
This problem manifested when we created some accounts named jdoe_admin. Even through jdoe_admin was marked as an Administrator since there were no credentials in the database (the user had not retrieved their credentials.zip) euca_conf requests started to fail on the machine.
The offending lines seem to be:
SKEY=$(eval echo $(awk -v field=${FIELD} -F, '/INSERT INTO AUTH_USERS.*admin/ {print $field}' ${DBDIR}/*auth* | head -n 1))
AKEY=$(eval echo $(awk -v field=${FIELD} -F, '/INSERT INTO AUTH_USERS.*admin/ {print $field}' ${DBDIR}/*auth* | head -n 1))
Since the usernames in the files are surrounded by single quotes the following fix seemed to work for us:
Replace: '/INSERT INTO AUTH_USERS.*admin/ {print $field}'
With: "/INSERT INTO AUTH_USERS.
Not sure if that is the best solution.
Thanks!
| Changed in eucalyptus (Ubuntu): | |
| importance: | Undecided → Low |
| status: | New → Triaged |
| Changed in eucalyptus: | |
| assignee: | nobody → Mitch Garnaat (mitch-garnaat) |
| Andy Grimm (agrimm) wrote | #1 |
This issue is now being tracked upstream at http://
Please watch that issue for further updates.