First Last Prev Next    This bug is not in your last search results.
Bug 45058 - No join possible if domain administrator has a zero in its username
No join possible if domain administrator has a zero in its username
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC - Setup wizard
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 5.0-2-errata
Assigned To: Mika Westphal
Florian Best
https://git.knut.univention.de/univen...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-24 14:20 CEST by Jürn Brodersen
Modified: 2023-01-25 12:47 CET (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 6: Setup Problem: Issue for the setup process
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.069
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): bitesize, Cleanup
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jürn Brodersen univentionstaff 2017-07-24 14:20:31 CEST 
Line:
base/univention-system-setup/umc/python/setup/util.py:618

'''
# sanitize username
reg = re.compile('[^ a-zA-Z_1-9-]')
username = reg.sub('_', _username)
'''

According to that regex zeros aren't valid in usernames?

Anyway I think we should show an error instead of silently replacing characters from the username.
Comment 1 Florian Best univentionstaff 2017-07-24 14:22:49 CEST 
Can you say more about the context? What is the variable username used for?
Comment 2 Jürn Brodersen univentionstaff 2017-07-24 14:39:18 CEST 
(In reply to Florian Best from comment #1)
> Can you say more about the context? What is the variable username used for?

Afaik the username is the domain admin which is used for setup-join.sh.

Earlier during the setup then the credentials are checked the username is not modified.
(base/univention-system-setup/umc/python/setup/util.py def check_credentials_nonmaster)
Comment 3 Jannik Ahlers univentionstaff 2018-04-06 16:49:51 CEST 
While this may be wrong, the only user created during system setup is 'Administrator'.
Thus, it is very unlikely that a username with a zero gets passed to the script.
Comment 4 Jürn Brodersen univentionstaff 2018-04-06 17:19:20 CEST 
(In reply to Jannik Ahlers from comment #3)
> While this may be wrong, the only user created during system setup is
> 'Administrator'.
> Thus, it is very unlikely that a username with a zero gets passed to the
> script.

Unlikely yes :) But it is possible to add users to the "Domain Admins" group and use such a user for the join...
Comment 5 Mika Westphal univentionstaff 2023-01-19 14:33:42 CET 
I changed the regex for the username validation to also allow a zero.

univention-system-setup.yaml
6f7c86605347 | Bug #45058: Domain join now also works when the username has a zero in it

univention-system-setup (13.0.3-38)
6f7c86605347 | Bug #45058: Domain join now also works when the username has a zero in it
Comment 6 Florian Best univentionstaff 2023-01-25 11:28:50 CET 
OK: join possible with domain administrator account having "0" in its username
OK: YAML
First Last Prev Next    This bug is not in your last search results.