hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-1354: Prevent removal of last admin account

Browse Source 
Removing the last admin account is now forbidden. This should prevent most
cases where users could lock themselves out of the administrative
interface.

This change does allow a non-root network user to be the last admin
account. In practice this does not prevent the root user from gaining
access to maxadmin. Access can be gained by removing the users file and
restarting MaxScale or by editing the users file by hand.
This commit is contained in:
Markus Mäkelä
2017-08-17 09:59:30 +03:00
parent 828649ba99
commit 6cc3986db5
5 changed files with 34 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
server/modules/routing/debugcli/debugcmd.c
View File

@ -2343,17 +2343,19 @@ static void telnetdRemoveUser(DCB *dcb, char *user)
if (!admin_inet_user_exists(user))
{
dcb_printf(dcb, "Account %s for remote (network) usage does not exist.\n", user);
return;
dcb_printf(dcb, "Account '%s' for remote usage does not exist.\n", user);
}
if ((err = admin_remove_inet_user(user)) == NULL)
else if (admin_is_last_admin(user))
{
dcb_printf(dcb, "Account %s for remote (network) usage has been successfully removed.\n", user);
dcb_printf(dcb, "Cannot remove the last admin account '%s'.\n", user);
}
else if ((err = admin_remove_inet_user(user)))
{
dcb_printf(dcb, "Failed to remove remote account '%s': %s\n", user, err);
}
else
{
dcb_printf(dcb, "Failed to remove remote account %s: %s\n", user, err);
dcb_printf(dcb, "Account '%s' for remote usage has been successfully removed.\n", user);
}
}
@ -2674,16 +2676,19 @@ disable_account(DCB *dcb, char *user)
if (!admin_linux_account_enabled(user))
{
dcb_printf(dcb, "The Linux user %s has not been enabled.\n", user);
dcb_printf(dcb, "The Linux user '%s' has not been enabled.\n", user);
return;
}
if ((err = admin_disable_linux_account(user)) == NULL)
else if (admin_is_last_admin(user))
{
dcb_printf(dcb, "The Linux user %s has successfully been disabled.\n", user);
dcb_printf(dcb, "Cannot remove the last admin account '%s'.\n", user);
}
else if ((err = admin_disable_linux_account(user)))
{
dcb_printf(dcb, "Failed to disable the Linux user '%s': %s\n", user, err);
}
else
{
dcb_printf(dcb, "Failed to disable the Linux user %s: %s\n", user, err);
dcb_printf(dcb, "The Linux user '%s' has successfully been disabled.\n", user);
}
}