View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001117 | bareos-core | director | public | 2019-09-23 13:57 | 2024-03-27 17:09 |
Reporter | joergs | Assigned To | bruno-at-bareos | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | won't fix | ||
Product Version | 19.2.1 | ||||
Summary | 0001117: When using multiple ACLs (Console ACL + Profile ACL) all negative ACLs except of the last one will be ignored | ||||
Description | A Console can contains ACLs and Profiles. The Profiles can also contain ACLs. The way the Bareos Director evaluates multiple ACL is confusing (or just wrong). All negative ACLs except of the last one will be ignored. | ||||
Steps To Reproduce | Create following resource: Console { name = test password = secret Pool ACL=!Full Profile = operator } The operator profile should already exist. If not, create it like this: Profile { name = operator Command ACL = *all* Pool ACL = *all* } Login as Console test. The ".pools" will show you all pool, including "Full". | ||||
Additional Information | The function UaContext::AclAccessOk evaluates the Console ACLs first. It stop evaluating ACLs, if it got a positive match (with is correct). However, the function will continue checking the next ACL, if 1. no information about a resource have been found or 2. resource rejected. This is obviously wrong. | ||||
Tags | No tags attached. | ||||
Date Modified | Username | Field | Change |
---|---|---|---|
2019-09-23 13:57 | joergs | New Issue | |
2019-11-11 19:00 | joergs | Status | new => confirmed |
2024-03-27 15:53 | bruno-at-bareos | Assigned To | => bruno-at-bareos |
2024-03-27 15:53 | bruno-at-bareos | Status | confirmed => feedback |
2024-03-27 15:53 | bruno-at-bareos | Note Added: 0005884 | |
2024-03-27 16:18 | joergs | Note Added: 0005886 | |
2024-03-27 16:18 | joergs | Status | feedback => assigned |
2024-03-27 17:09 | bruno-at-bareos | Status | assigned => closed |
2024-03-27 17:09 | bruno-at-bareos | Resolution | open => won't fix |
2024-03-27 17:09 | bruno-at-bareos | Note Added: 0005887 |