View Issue Details

IDProjectCategoryView StatusLast Update
0001117bareos-coredirectorpublic2024-03-27 17:09
Reporterjoergs Assigned Tobruno-at-bareos  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionwon't fix 
Product Version19.2.1 
Summary0001117: When using multiple ACLs (Console ACL + Profile ACL) all negative ACLs except of the last one will be ignored
DescriptionA Console can contains ACLs and Profiles. The Profiles can also contain ACLs.

The way the Bareos Director evaluates multiple ACL is confusing (or just wrong).

All negative ACLs except of the last one will be ignored.


Steps To ReproduceCreate following resource:

Console {
  name = test
  password = secret
  Pool ACL=!Full
  Profile = operator
}

The operator profile should already exist. If not, create it like this:
Profile {
  name = operator
  Command ACL = *all*
  Pool ACL = *all*
}

Login as Console test. The ".pools" will show you all pool, including "Full".
Additional InformationThe function UaContext::AclAccessOk evaluates the Console ACLs first.
It stop evaluating ACLs, if it got a positive match (with is correct).
However, the function will continue checking the next ACL, if 1. no information about a resource have been found or 2. resource rejected. This is obviously wrong.
TagsNo tags attached.

Activities

bruno-at-bareos

bruno-at-bareos

2024-03-27 15:53

manager   ~0005884

Wasn't that already fixed ?
joergs

joergs

2024-03-27 16:18

developer   ~0005886

No. By patch wasn't accepted.
bruno-at-bareos

bruno-at-bareos

2024-03-27 17:09

manager   ~0005887

a previous attempt was rejected.

Issue History

Date Modified Username Field Change
2019-09-23 13:57 joergs New Issue
2019-11-11 19:00 joergs Status new => confirmed
2024-03-27 15:53 bruno-at-bareos Assigned To => bruno-at-bareos
2024-03-27 15:53 bruno-at-bareos Status confirmed => feedback
2024-03-27 15:53 bruno-at-bareos Note Added: 0005884
2024-03-27 16:18 joergs Note Added: 0005886
2024-03-27 16:18 joergs Status feedback => assigned
2024-03-27 17:09 bruno-at-bareos Status assigned => closed
2024-03-27 17:09 bruno-at-bareos Resolution open => won't fix
2024-03-27 17:09 bruno-at-bareos Note Added: 0005887