Admin enforced by the kernel library about cloud-server HOT 17 CLOSED

The cloud library doesn't actually do this. However, From kernellib/src/doc/kernel/overview:

10. Backdoor

Even if a different binary connections manager has been installed, the user "admin" can still login on the first binary port. To disable this backdoor, change the file /kernel/data/admin.pwd to contain this line:

    password "*"

This will disable access for "admin". If, at some time in the future, things have gone so thoroughly wrong that nobody can login in the ordinary way anymore, remove the file /kernel/data/admin.pwd and login as "admin" on the first binary port.

from cloud-server.

The condition check is malformed, because I'm trying in the second binary port, not the first one.

Cheers,

from cloud-server.

The condition is in /kernel/sys/userd.c:129, but note there that the other way it can fall back to the kernel user is if no telnet manager has been set for that port. In fact, Cloudlib will fall back all connection types to the a kernel user if they're not configured.

from cloud-server.

Yes, I know and I've tested it. But if you use for example a binary connection manager on the port 1 this remains as with port 0, so the documentation may be wrong.

from cloud-server.

@francipvb Could you please be clear about which git repository this applies to?

I ask because the cloudlib doesn't have a backdoor on any binary port, and the documentation I quoted is from the kernellib.

from cloud-server.

The issue I found in this repo.

from cloud-server.

@francipvb The cloudlib does not have an admin backdoor on a binary port, so this must be something completely different. Could you please describe how to reproduce the problem?

from cloud-server.

I will upload a repro.

from cloud-server.

Here is the attachment.

Telnet.zip

1. Extract the file and place the unique folder into the usr directory.
2. Add a second binary port to the config file.
3. Telnet to it and try to log in as admin.

Cheers,

from cloud-server.

You'll see that my handler is just a test and it returns a custom user object. However if you type admin at the first prompt the lib will clone a kernel user object.

from cloud-server.

> telnet localhost 8081
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
This is a testing server.

Please type a name: admin
Logged in as admin. Unfortunately the system is not available yet.

from cloud-server.

The cloudlib has not supported admin logins on binary ports for 4 years, and even back then only on the first binary port.

from cloud-server.

See this line. This is something you didn't changed from the original kernel library source.

Cheers,

from cloud-server.

> telnet localhost 8081
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
This is a testing server.

Please type a name: admin
Logged in as admin. Unfortunately the system is not available yet.

I will check again, but this is very strange...

from cloud-server.

But the admin user to be logged-in is expected from the first telnet port, right?

from cloud-server.

See this line. This is something you didn't changed from the original kernel library source.

I'm afraid I did change it. It applies to the first telnet port, not to the first binary port. How you manage to get an admin login on the second binary port is a mystery to me.

from cloud-server.

What with the confusion about the name ("kernel library" instead of "cloud library"), malformed condition checks that don't exist and documentation that may be so wrong that it's in the wrong repository, this has been a very unproductive issue.

It also cannot be reproduced and it seems to no longer be of interest. Closing.

from cloud-server.