rewrite from / to @ formats overwrites usernames

Bug #2078247 reported by Jean-Baptiste Lallement
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
adsys (Ubuntu)
Fix Released
Undecided
Unassigned
Jammy
Fix Released
Undecided
Unassigned
Noble
Fix Released
Undecided
Unassigned

Bug Description

tracking bug https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2078245

[ Impact ]

In this code, the string was not zero terminated properly when overwritten resulting in extra characters:

static char *slash_to_at_username(const char *username) {
    char *backslash = strchr(username, '\\');
    if (backslash != NULL) {
        char *ret = malloc((strlen(username) + 1) * sizeof(char));
        strcpy(ret, backslash + 1);
        strcat(ret, "@");
        strncpy(ret + strlen(ret), username, backslash - username);
        return ret;
    }
    return strdup(username);

For instance:
domain.tld\\user was changed to <email address hidden>

So se user cannot login with the domain\user format

[ Test Plan ]

1. On a machine joined to an AD domain with ADsys installed, login with domain\user

=> Without the patch the user cannot log in
=> With the patch the user can log in

[ Where problems could occur ]

Worst case the user still cannot log in

summary: - username overwritten during rewrite from / to @
+ rewrite from / to @ formats overwrites usernames
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package adsys - 0.15.1

---------------
adsys (0.15.1) oracular; urgency=medium

  * Fix version based tests on released version

adsys (0.15) oracular; urgency=medium

  * Fix DCONF policy manager removing user DB on empty policy (LP: #2078245)
  * Ignore casing in domain/ section of sssd.conf (LP: #2078246)
  * Fix parsing of slash usernames (i.e. domain\user) (LP: #2078247)
  * Fix errno in get_ticket_path(LP: #2078473)
  * Remove XML declaration from glib schemas
  * Bump Go version to 1.23
  * CI and quality of life changes not impacting package functionality:
    - Integrate repo with TiCS quality assessment
    - Switch documentation spellchecking to en-GB
    - Add text version of certificates tutorial
    - Additional code coverage through more testing
    - Improvements to the e2e test environment
  * Bump dependencies to latest:
    - jidicula/clang-format-action
    - github.com/charmbracelet/bubbles
    - github.com/charmbracelet/bubbletea
    - github.com/charmbracelet/glamour
    - github.com/charmbracelet/lipgloss
    - github.com/fatih/color
    - github.com/leonelquinteros/gotext
    - github.com/spf13/cobra
    - github.com/spf13/viper
    - golang.org/x/crypto
    - golang.org/x/net
    - golang.org/x/sync
    - golang.org/x/sys
    - golang.org/x/text
    - google.golang.org/grpc/cmd/protoc-gen-go-grpc
    - google.golang.org/grpc
    - google.golang.org/protobuf
    - github.com/golangci/golangci-lint

 -- Didier Roche-Tolomelli <email address hidden> Mon, 02 Sep 2024 14:05:22 +0200

Changed in adsys (Ubuntu):
status: New → Fix Released
description: updated
description: updated
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Please test proposed package

Hello Jean-Baptiste, or anyone else affected,

Accepted adsys into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/adsys/0.14.2~24.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in adsys (Ubuntu Noble):
status: New → Fix Committed
tags: added: verification-needed verification-needed-noble
Changed in adsys (Ubuntu Jammy):
status: New → Fix Committed
tags: added: verification-needed-jammy
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Hello Jean-Baptiste, or anyone else affected,

Accepted adsys into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/adsys/0.14.2~22.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

tags: added: verification-done verification-done-jammy verification-done-noble
removed: verification-needed verification-needed-jammy verification-needed-noble
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Please follow the instructions from comments #2 and #3 above and only change the verification tags to done after successfully completing the test plan with the package in proposed for the affected ubuntu releases.

tags: added: verification-needed-jammy verification-needed-noble
removed: verification-done-jammy verification-done-noble
Revision history for this message
Denison Barbosa (justdenis) wrote :

I'm sorry for not commenting about the executed test plan. Let's fix this!

The test plan was executed for Jammy (22.04) and I confirm it was successful. The package version used for the tests is the one proposed, as can be seen by the output of apt-cache policy:
adsys:
  Installed: 0.14.2~22.04
  Candidate: 0.14.2~22.04
  Version table:
 *** 0.14.2~22.04 500
        500 http://archive.ubuntu.com/ubuntu jammy-proposed/main amd64 Packages

The following steps were executed:

1) Create a fresh VM with Ubuntu 22.04;
2) Join an active directory domain (created for test purposes);
3) Install adsys;
4) Authenticate with an AD user using the \\ format (e.g. domain.com\\user)

After step 4, the user was authenticated, the username format was correctly parsed and all domain-related settings were applied.

Revision history for this message
Denison Barbosa (justdenis) wrote :

The test plan was executed for Noble (24.04) and I confirm it was successful. The package version used for the tests is the one proposed, as can be seen by the output of apt-cache policy:
adsys:
  Installed: 0.14.2~24.04
  Candidate: 0.14.2~24.04
  Version table:
 *** 0.14.2~24.04 500
        500 http://archive.ubuntu.com/ubuntu noble-proposed/main amd64 Packages

The following steps were executed:

1) Create a fresh VM with Ubuntu 24.04;
2) Join an active directory domain (created for test purposes);
3) Install adsys;
4) Authenticate with an AD user using the \\ format (e.g. domain.com\\user)

After step 4, the user was authenticated, the username format was correctly parsed and all domain-related settings were applied.

tags: added: verification-done-jammy verification-done-noble
removed: verification-needed-jammy verification-needed-noble
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package adsys - 0.14.2~24.04

---------------
adsys (0.14.2~24.04) noble; urgency=medium

  * Fix DCONF policy manager removing user DB on empty policy (LP: #2078245)
  * Ignore casing in domain/ section of sssd.conf (LP: #2078246)
  * Fix parsing of slash usernames (i.e. domain\user) (LP: #2078247)
  * Fix errno in get_ticket_path() (LP: #2078473)

 -- Denison Barbosa <email address hidden> Fri, 30 Aug 2024 10:28:07 -0400

Changed in adsys (Ubuntu Noble):
status: Fix Committed → Fix Released
Revision history for this message
Andreas Hasenack (ahasenack) wrote : Update Released

The verification of the Stable Release Update for adsys has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package adsys - 0.14.2~22.04

---------------
adsys (0.14.2~22.04) jammy; urgency=medium

  * Fix DCONF policy manager removing user DB on empty policy (LP: #2078245)
  * Ignore casing in domain/ section of sssd.conf (LP: #2078246)
  * Fix parsing of slash usernames (i.e. domain\user) (LP: #2078247)
  * Fix errno in get_ticket_path() (LP: #2078473)

 -- Denison Barbosa <email address hidden> Fri, 30 Aug 2024 10:33:56 -0400

Changed in adsys (Ubuntu Jammy):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.