You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@vcl.apache.org by "Andy Kurth (JIRA)" <ji...@apache.org> on 2014/02/07 21:08:20 UTC

[jira] [Assigned] (VCL-745) Windows.pm user_logged_in does not check for imaging requests

     [ https://issues.apache.org/jira/browse/VCL-745?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andy Kurth reassigned VCL-745:
------------------------------

    Assignee: Andy Kurth

> Windows.pm user_logged_in does not check for imaging requests
> -------------------------------------------------------------
>
>                 Key: VCL-745
>                 URL: https://issues.apache.org/jira/browse/VCL-745
>             Project: VCL
>          Issue Type: Bug
>          Components: vcld (backend)
>    Affects Versions: 2.3.2
>            Reporter: Andy Kurth
>            Assignee: Andy Kurth
>            Priority: Minor
>             Fix For: 2.4
>
>
> During the period when a reservation is in the reserved state, the check_connection_on_port subroutine in Windows.pm detects when a connection is made on the port corresponding to the conection method (3389 in this case).  When a connection is detected, check_connection_on_port also checks if the connection is from the same IP address which was captured by the website when the user clicked Connect.  The IP addresses normally match but in some cases such as when a VPN is used they may be different.  When different, an additional step is performed to call the user_logged_in subroutine in Windows.pm to retrieve the names of the users logged in to the reservation computer.  This is necessary because the firewall is open to any address during this period.  Someone doing a port scan may connect to the computer.  We need to verify that the connection is from the actual user by checking if a user matching the reservation username is logged in.  If the reservation user is logged in, it is assumed that the the VPN situation occured and the IP address the user connected from is assumed to be correct and the firewall is configured properly.
> As you know, for imaging requests the "Administrator" user is used to login to the reservation instead of the normal username.  The user_logged_in subroutine uses the normal username if no argument is supplied without checking if this is an imaging requests or not.  As a result, it never detects that Administrator is logged in.  After the loop times out, the firewall is locked down to the IP address retrieved from the website.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)