https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162016-03-19T07:52:43ZpfSense bugtrackerpfSense - Bug #6012: Groups with spaces in names not handled correctly in group filehttps://redmine.pfsense.org/issues/6012?journal_id=257872016-03-19T07:52:43ZAnonymous
<ul></ul><p>Space removed from chars allowed in group name</p> pfSense - Bug #6012: Groups with spaces in names not handled correctly in group filehttps://redmine.pfsense.org/issues/6012?journal_id=257882016-03-19T08:00:05ZAnonymous
<ul><li><strong>Status</strong> changed from <i>Confirmed</i> to <i>Feedback</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Applied in changeset <a class="changeset" title="Partially fixed #6012 by removing space from chars allowed in group names" href="https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/78d168ceccff8a45da76df2a8487d0f1b1910779">78d168ceccff8a45da76df2a8487d0f1b1910779</a>.</p> pfSense - Bug #6012: Groups with spaces in names not handled correctly in group filehttps://redmine.pfsense.org/issues/6012?journal_id=257892016-03-19T08:59:07ZAnonymous
<ul></ul><p>Config upgrade function added to replace spaces with underscores in group names</p>
<p>This has been tested from the cmd line, but not as part of a real upgrade.</p> pfSense - Bug #6012: Groups with spaces in names not handled correctly in group filehttps://redmine.pfsense.org/issues/6012?journal_id=257912016-03-19T16:25:09ZChris Buechlercbuechler@gmail.com
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Resolved</i></li></ul><p>fixed after e5ef7ae26b32d18b7aa1a117605ccbbfafefca14</p> pfSense - Bug #6012: Groups with spaces in names not handled correctly in group filehttps://redmine.pfsense.org/issues/6012?journal_id=257942016-03-19T17:28:20ZChris Buechlercbuechler@gmail.com
<ul><li><strong>Status</strong> changed from <i>Resolved</i> to <i>Feedback</i></li><li><strong>Assignee</strong> set to <i>Chris Buechler</i></li></ul><p>still need to verify in the 2.2.x->2.3 upgrade situation once that makes it to a snapshot.</p> pfSense - Bug #6012: Groups with spaces in names not handled correctly in group filehttps://redmine.pfsense.org/issues/6012?journal_id=258032016-03-20T00:18:35ZChris Buechlercbuechler@gmail.com
<ul></ul><p>That wasn't enough to prevent the problem post-upgrade as pw hits the never-ending loop when modifying users before it gets to fixing the groups. Fix for that pushed.</p> pfSense - Bug #6012: Groups with spaces in names not handled correctly in group filehttps://redmine.pfsense.org/issues/6012?journal_id=258082016-03-21T16:20:52ZChris Buechlercbuechler@gmail.com
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Resolved</i></li></ul><p>post-upgrade fixed too.</p> pfSense - Bug #6012: Groups with spaces in names not handled correctly in group filehttps://redmine.pfsense.org/issues/6012?journal_id=258332016-03-24T11:10:55ZJim Pingle
<ul></ul><p>Changing the group names with spaces to underscores breaks some working setups that relied on the groups to match external authentication sources such as LDAP (e.g. "Domain Admins" group in AD), without caring how it was handled at the OS level. We might want to consider changing the group matching code for LDAP/RADIUS to treat the underscores the same as spaces to avoid breaking too many setups.</p> pfSense - Bug #6012: Groups with spaces in names not handled correctly in group filehttps://redmine.pfsense.org/issues/6012?journal_id=258372016-03-24T15:56:28ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>Resolved</i> to <i>New</i></li></ul><p>Kicking this back open due to the problem above.</p>
<p>I'm tempted to make the LDAP/RADIUS group check both _ and ' ' when testing remote groups, but there is a small chance that would allow something it shouldn't if someone had two groups, one "Group_Name" and one "Group Name" but with different permissions, which seems like it might be sufficiently rare/inadvisable to not care about.</p>
<p>Line 1517 of src/etc/inc/auth.inc could be changed to this, which works:<br /><pre>
if (in_array($group['name'], $allowed_groups) || in_array(str_replace("_", " ", $group['name']), $allowed_groups)) {
</pre></p>
<p>I have a test setup available if needed.</p> pfSense - Bug #6012: Groups with spaces in names not handled correctly in group filehttps://redmine.pfsense.org/issues/6012?journal_id=259122016-03-29T01:08:19ZChris Buechlercbuechler@gmail.com
<ul></ul><p>We already have <scope> on groups for system groups. It'd be best to extend that to user-defined groups so they're configurable as Local or Remote. That scope needs to be forced static for system groups.</p> pfSense - Bug #6012: Groups with spaces in names not handled correctly in group filehttps://redmine.pfsense.org/issues/6012?journal_id=259232016-03-29T16:23:28ZChris Buechlercbuechler@gmail.com
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Resolved</i></li></ul><p>All good. Group scope "remote" is omitted from /etc/group, group names containing spaces are config upgraded to remote rather than renamed, and the input validation changed accordingly.</p>