- Now that we have a mechanism for properly collecting, transmitting, and display
the stdout and stderr. There is no reason not to collect all of the stdin and
stderr.
- Also, the stdin/stderr=subprocess.PIPE is redundant and prevents the output
from getting collected for debugging. So, remove it.
Tests:
- Ran functional tests on backups, calibre, ejabberd, email, gitweb, ikiwiki,
infinoted, kiwix, mediawiki, mumble, nextcloud,, openvpn, samba, wireguard,
zoph. 2-3 issues were found but did not seem like new errors.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- This is to capture stdout and stderr and transmit that from privileged daemon
back to the service to be displayed in HTML.
Tests:
- Unit tests and code checks pass.
- Some of the modified actions work as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- This is to capture stdout and stderr and transmit that from privileged daemon
back to the service to be displayed in HTML.
Tests:
- Unit tests and code checks pass.
- Some of the modified actions work as expected.
- systemd daemon-reload is performed during infinoted setup.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- This is to capture stdout and stderr and transmit that from privileged daemon
back to the service to be displayed in HTML.
Tests:
- Unit tests and code checks pass.
- Some of the modified actions work as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Fixes an issue where the nslcd configuration option pam_authz_search is not
in effect after the users module setup.
Tests:
- Remove the pam_authz_search configuration option from /etc/nslcd.conf,
restart nslcd service, delete plinth.sqlite database to run first setup
after plinth start, start plinth. Do it twice:
1) before applying patch, users::test_user_states functional test fails.
2) after applying patch, users::test_user_states functional test pass.
- After applying patch, the nslcd service is restarted during module
upgrade.
- All the users module tests pass.
Relates to
https://salsa.debian.org/freedombox-team/freedombox/-/merge_requests/2594#note_565614.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
On user deletion, user's home folder is also deleted. Admins have an
option to avoid deleting user's home by inactivating the user instead.
This commit also removes user deletion buttons from the user's list
page and adds this option to the user edit page. The user's edit form
asks for a confirmation if the user deletion is requested. This change
also means that the confirmation password is now required to delete a user.
Also:
- Add a simple username validation to the privileged actions.
- Functional tests: Create a fixture to login as an admin before every test.
- Functional tests: Add a test to check that SSH passwordless login works
after user is renamed to validate correct SSH related path permissions.
- Privileged tests: Add `test_` prefix to the generated random string which
makes easier to check and cleanup created home folders.
- Minor quote fixes.
Tests performed in stable and testing containers:
- Run all the users module tests twice, no failures in tests.
- When user is the last admin, both "Active" and "Delete user"
checkboxes are disabled.
Closes#2451.
[sunil]
- Refactor the JS code:
- Ensure that DOM elements are lookup after DOM content is loaded.
- Styling changes. Reduce the number of globals, name the global names
somewhat more unique.
- Click the button instead of submitting the form to disable the button.
- Template changes:
- Add a body for the confirmation dialog to talk about disabling the user and
deleting the home directory.
- Change the label of the confirm button to make it more
explicit (recommendation from many UX guides).
- Styling.
- Functional tests:
- Fix visibility checking of an element to use the correct splinter API.
- Simplify clicking the edit user link.
- Minor update to form checkbox help text.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- This was supposed to removed in MR #2309 in the commit
253540fb3d12254c920b632cc484be6a79d27229. It was overlooked.
- Version number of users app has not been incremented as it has already been
incremented in this release.
Tests:
- There is no directory /etc/security/access.conf.d.
- There are not directives in /etc/security/access.conf that are not commented
out.
- After applying the patch (assuming previously setup version is 24.20) and
manually removing the destination file, app setup for users app runs. It
succeeds. /etc/pam.d/common-account no longer contains the line 'account
required pam_access.so'.
- After the upgrade, users who are root and non-root are able to login via SSH
and Cockpit. After a reboot, users are able to login via SSH and Cockpit.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Some trivial refactoring.
Tests:
- The default password policy works. Inactive users are unable to login via
console, SSH and cockpit.
- After the app is setup freshly and after it is upgraded from previous version,
the namedobject.schema has been ingested into the OpenLDAP configuration.
- Rerunning setup for users app works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Previously, users were inactivated only in plinth users database. This change
adds ability to inactivate users in LDAP database.
Changes:
- Inactive users in plinth users database are also inactivated in LDAP
during app upgrade.
- Inactivated users can't login using LDAP password.
- Apache2 single-sign-on module now requires LDAP connection. SSO
sessions are now invalidated when users are inactivated.
- PAM/nslcd now performs authorization checks against LDAP, which means
inactivated users can't do passwordless ssh logins and running their
crontabs are blocked.
- When inactivating a user, all user's processes are killed.
Also, update LDAP diagnostics:
- Fix LDAP checks returned always passed results.
- Fix `ou=people` entry doesn't exist in LDAP.
- Add diagnostics checks for `ou=policies` and `cn=DefaultPPolicy`.
Tests performed:
- App upgrade works.
- App upgrade with previously disabled user works, user is inactivated
also in LDAP.
- App upgrade with disabled user that doesn't exists in LDAP database works.
- Increment app version again, to 7, app upgrade works second time.
- Inactivate user and test logins:
- can't login using direct LDAP (nextcloud, ejabberd, matrixsynapse)
- can't login using Apache2 LDAP module (gitweb, ikiwiki, rssbridge,
transmission)
- can't login using apache sso module (featherwiki, gitweb, rssbridge,
sharing, syncthing, tiddlywiki, transmission, wordpress).
- can't login using ssh with password or passwordless
- Inactivate user and test exsisting sessions:
- ssh, cockpit and samba sessions are killed.
- Configure crontab, configured crontab is failing to run after user
is inactivated.
- All the users app tests pass.
Notes:
- Only Apache2 SSO sessions are disabled. Apps that create their own
sessions keep working, like nextcloud, ejabberd, matrix-synapse,
ikiwiki. In the future, we could add a feature that apps can implement
their own users locking functions.
- When testing inactivated users, users and IP-s can be banned by the system,
banned IP-s/users can be viewed with commands `fail2ban-client banned` and
`pam_abl`.
- Existing sessions keep working when deleting a user or removing
a user from an access group.
- I didn't test e-mail app.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
nscd daemon caches queries made to NSS via glibc. In our case queries to passwd
and group databases are cached. But this leads to many problems.
See: https://salsa.debian.org/freedombox-team/freedombox/-/merge_requests/2520
The bug that this MR fixes, that is, the inaccuracy of the authentication data,
is horrible and only acceptable if the caching provides very important
functionality. Already, having to purge nscd caches after modifying user
accounts is not nice.
I believe that we have encountered this bug before and blamed libpam-abl due to
the time sensitive nature of the problem.
nscd itself recommends that it should be used if NSS lookup are expensive (such
as in case of NIS, NIS+ queries according to /etc/init.d/nscd). In case of
FreedomBox, LDAP queries are unlikely to be made using network. LDAP server is
likely always local. I believe we can safely remove nscd by masking and stopping
nscd.service and unscd.service.
Tests:
- After applying the patches, users app setup is re-run. Service nscd is stopped
and masked. unscd is also masked.
- Running 'id tester' shows expected value 'uid=10001(tester) gid=100(users)
groups=100(users),10002(admin)'.
- Adding, removing, renaming a user immediately reflects in 'id <user>'.
- Adding and removing a user from groups immediately reflects in 'id <user>'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests:
- Run affected privileged actions through UI and notice that secret strings are
not logged (except deleting the last admin user).
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Helps: #2410.
- Ensure that diagnostics methods and parameters are type checked so that we can
catch any potential issues.
- Move plinth/modules/diagnostics/check.py to plinth/diagnostic_check.py to
avoid many circular dependencies created. This is due to
plinth.modules.diagnostics automatically imported when
plinth.modules.diagnostics.check is imported. Also app.py is already (type)
dependent on diagnostic_check due to diagnose() method. To make the Check
classes independent of diagnostic module is okay.
Tests:
- Run make check-type.
- Run full diagnostics with following apps installed: torproxy, tor.
- Test to netcat to 9051 in tor works.
- Test 'port available for internal/external networks' in firewall works.
- Test 'Package is latest' works.
- Test 'Access url with proxy' in privoxy works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
[jvalleroy: Also move tests for diagnostic_check]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- mypy does not show any errors.
- Installing ejabberd app works. Privileged actions run fine.
- Unit tests work.
- No additional testing was done as type annotations don't have any effect at
runtime.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Change the values of uri, base, and sasl_mech in /etc/nslcd.conf.
Confirm that the diagnostics are failing.
- Change the values back to the original. Confirm that the diagnostics
are passed.
- Remove the uri, base, and sasl_mech lines from /etc/nslcd.conf.
Confirm that the diagnostics are failing.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Use augeas Nslcd lens]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Functional tests work (failing already)
- DONE: Showing front page shortcuts according to user groups works
- DONE: Only user who is party of syncthing group is shown syncthing
- DONE: Admin users are always shown all the apps
- DONE: Syncthing:
- Not tested: When upgrading from version 2 or below, renaming group works
- DONE: Syncthing is added to freedombox-share group
- DONE: Initial setup of users app works
- DONE: freedombox-share group is created
- DONE: Retriving last admin user works
- DONE: Last admin is not allowed to delete account
- DONE: Creating a new user works
- DONE: Password is set properly (user can login with 'su - user' after)
- DONE: Incorrect confirmation password leads to error
- DONE: Adding the user to groups works (edit page shows correct list of groups)
- DONE: Editing a user works
- DONE: User is renamed properly
- DONE: Removing user from groups works
- DONE: Adding user to new groups works
- DONE: Providing incorrect auth password results in error message
- DONE: Enabling/disabling account work (confirm with 'su - user'). See #2277.
- DONE: Updating user password works
- DONE: New password is set (confirm with 'su - user')
- DONE: Providing incorrect auth password results in error message
- DONE: Initial user account creation works
- DONE: User account can be used (confirm with 'su - user')
- DONE: User is added to admin group
- DONE: Exception while getting SSH keys results in showing empty field
- DONE: Removing a user works
- DONE: Command provided in a message in users_firstboot.html works for
deleting users.
- DONE: If an admin users exists when running first wizard, list of admin users
is shown.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
