Koha/etc/zebradb
Mason James f2196a2e4f Bug 17035 - Koha allows system-wide 'read' access to all Koha zebra databases, by default
to test bug...
 1/ make a random user
 2/ change to random user
 3/ access any zebra database with random user and no authentication
 4/ read zebra database

here is a transcript of the bug...
---------------------------
root@xen1:~# adduser bob
root@xen1:~# su -l bob

bob@xen1:~$ cd /var/lib/koha
bob@xen1:/var/lib/koha$ ls
topsecret

bob@xen1:/var/lib/koha$ yaz-client  unix:/var/run/koha/topsecret/bibliosocket
Connecting...OK.
Sent initrequest.
Connection accepted by v3 target.
ID     : 81
Name   : Zebra Information Server/GFS/YAZ
Version: 4.2.30 98864b44c654645bc16b2c54f822dc2e45a93031
Options: search present delSet triggerResourceCtrl scan sort extendedServices namedResultSets
Elapsed: 0.001002

Z> base biblios;

Z> find the
Sent searchRequest.
Received SearchResponse.
Search was a success.
Number of hits: 1130, setno 2
SearchResult-1: term=the cnt=1130
records returned: 0
Elapsed: 0.005518

Z> show
Sent presentRequest (1+1).
Records: 1
[biblios]Record type: USmarc
01824cam a2200397 a 4500
001 000045782309
003 AuCNLKIN
005 20111013213222.0
008 100707s2011    maua          001 0 e
...
---------------------------

5/ apply changes to a Koha instance's config files, that you plan to test

6/ restart zebra for instance
 # sudo koha-restart-zebra topsecret

7/ repeat steps 2 and 3, but receive a 'bad user/passwd ' error from zebra

bob@xen1:~$ yaz-client unix:/var/run/koha/topsecret/bibliosocket
Connecting...OK.
Sent initrequest.
Connection rejected by v3 target.
    1: code=1011 (Init/AC: Bad Userid and/or Password),

NOTE: this patch currently will only fixes newly created instances, it wont fix existing instances
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Good catch Mason

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-10-10 12:20:12 +00:00
..
authorities/etc Bug 9612: (follow-up) restore elementSetName in Context.pm 2014-05-19 16:46:57 +00:00
biblios/etc Bug 6499: [QA Follow-up] Trivial adjustments 2016-08-09 10:13:11 +00:00
etc Bug 14542: Transliterate rule for all single quote forms 2015-11-16 15:45:21 -03:00
lang_defs Bug 14824: Fix sorting of Norwegian vowels 2015-10-26 11:19:03 -03:00
marc_defs Bug 6499: [QA Follow-up] Trivial adjustments 2016-08-09 10:13:11 +00:00
xsl Bug 14332: Skip articles in MARC21 using indicator n.2 of field 245 2016-01-27 06:17:16 +00:00
ccl.properties Bug 6499: [QA Follow-up] Trivial adjustments 2016-08-09 10:13:11 +00:00
cql.properties
explain-authorities.xml
explain-biblios.xml
pqf.properties
retrieval-info-auth-dom.xml Bug 9612: fix SRU response for DOM indexing 2014-05-05 20:28:04 +00:00
retrieval-info-auth-grs1.xml
retrieval-info-bib-dom.xml Bug 11232: Add new syntax for facets definition on koha-indexdefs-to-zebra.xsl 2014-10-15 12:55:33 -03:00
retrieval-info-bib-grs1.xml
zebra-authorities-dom.cfg Bug 17035 - Koha allows system-wide 'read' access to all Koha zebra databases, by default 2016-10-10 12:20:12 +00:00
zebra-authorities.cfg Bug 17035 - Koha allows system-wide 'read' access to all Koha zebra databases, by default 2016-10-10 12:20:12 +00:00
zebra-biblios-dom.cfg Bug 17035 - Koha allows system-wide 'read' access to all Koha zebra databases, by default 2016-10-10 12:20:12 +00:00
zebra-biblios.cfg Bug 17035 - Koha allows system-wide 'read' access to all Koha zebra databases, by default 2016-10-10 12:20:12 +00:00