Bug 17035 - Koha allows system-wide 'read' access to all Koha zebra databases, by default

to test bug... 1/ make a random user 2/ change to random user 3/ access any zebra database with random user and no authentication 4/ read zebra database here is a transcript of the bug... --------------------------- root@xen1:~# adduser bob root@xen1:~# su -l bob bob@xen1:~$ cd /var/lib/koha bob@xen1:/var/lib/koha$ ls topsecret bob@xen1:/var/lib/koha$ yaz-client unix:/var/run/koha/topsecret/bibliosocket Connecting...OK. Sent initrequest. Connection accepted by v3 target. ID : 81 Name : Zebra Information Server/GFS/YAZ Version: 4.2.30 98864b44c654645bc16b2c54f822dc2e45a93031 Options: search present delSet triggerResourceCtrl scan sort extendedServices namedResultSets Elapsed: 0.001002 Z> base biblios; Z> find the Sent searchRequest. Received SearchResponse. Search was a success. Number of hits: 1130, setno 2 SearchResult-1: term=the cnt=1130 records returned: 0 Elapsed: 0.005518 Z> show Sent presentRequest (1+1). Records: 1 [biblios]Record type: USmarc 01824cam a2200397 a 4500 001 000045782309 003 AuCNLKIN 005 20111013213222.0 008 100707s2011 maua 001 0 e ... --------------------------- 5/ apply changes to a Koha instance's config files, that you plan to test 6/ restart zebra for instance # sudo koha-restart-zebra topsecret 7/ repeat steps 2 and 3, but receive a 'bad user/passwd ' error from zebra bob@xen1:~$ yaz-client unix:/var/run/koha/topsecret/bibliosocket Connecting...OK. Sent initrequest. Connection rejected by v3 target. 1: code=1011 (Init/AC: Bad Userid and/or Password), NOTE: this patch currently will only fixes newly created instances, it wont fix existing instances Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Good catch Mason Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-08-03 16:32:00 +12:00 · 2016-08-03 16:32:00 +12:00 · f2196a2e4f
commit f2196a2e4f
parent 421bc4523f
4 changed files with 4 additions and 4 deletions
--- a/etc/zebradb/zebra-authorities-dom.cfg
+++ b/etc/zebradb/zebra-authorities-dom.cfg
@ -33,7 +33,7 @@ storeData:1

 # Lock File Area
 lockDir: __ZEBRA_LOCK_DIR__/authorities
-perm.anonymous:ar
+#perm.anonymous:ar
 perm.__ZEBRA_USER__:rw
 register: __ZEBRA_DATA_DIR__/authorities/register:20G
 shadow: __ZEBRA_DATA_DIR__/authorities/shadow:20G
--- a/etc/zebradb/zebra-authorities.cfg
+++ b/etc/zebradb/zebra-authorities.cfg
@ -43,7 +43,7 @@ storeData:1

 # Lock File Area
 lockDir: __ZEBRA_LOCK_DIR__/authorities
-perm.anonymous:ar
+#perm.anonymous:ar
 perm.__ZEBRA_USER__:rw
 passwd: __ZEBRA_CONF_DIR__/etc/passwd
 register: __ZEBRA_DATA_DIR__/authorities/register:20G
--- a/etc/zebradb/zebra-biblios-dom.cfg
+++ b/etc/zebradb/zebra-biblios-dom.cfg
@ -33,7 +33,7 @@ facetNumRecs:1000

 # Lock File Area
 lockDir: __ZEBRA_LOCK_DIR__/biblios
-perm.anonymous:ar
+#perm.anonymous:ar
 perm.__ZEBRA_USER__:rw
 passwd: __ZEBRA_CONF_DIR__/etc/passwd
 register: __ZEBRA_DATA_DIR__/biblios/register:20G
--- a/etc/zebradb/zebra-biblios.cfg
+++ b/etc/zebradb/zebra-biblios.cfg
@ -41,7 +41,7 @@ storeData:1

 # Lock File Area
 lockDir: __ZEBRA_LOCK_DIR__/biblios
-perm.anonymous:ar
+#perm.anonymous:ar
 perm.__ZEBRA_USER__:rw
 passwd: __ZEBRA_CONF_DIR__/etc/passwd
 register: __ZEBRA_DATA_DIR__/biblios/register:20G