Andy Kurth created VCL-745:
------------------------------
Summary: Windows.pm user_logged_in does not check for imaging
requests
Key: VCL-745
URL: https://issues.apache.org/jira/browse/VCL-745
Project: VCL
Issue Type: Bug
Components: vcld (backend)
Affects Versions: 2.3.2
Reporter: Andy Kurth
Priority: Minor
Fix For: 2.4
During the period when a reservation is in the reserved state, the
check_connection_on_port subroutine in Windows.pm detects when a connection is
made on the port corresponding to the conection method (3389 in this case).
When a connection is detected, check_connection_on_port also checks if the
connection is from the same IP address which was captured by the website when
the user clicked Connect. The IP addresses normally match but in some cases
such as when a VPN is used they may be different. When different, an
additional step is performed to call the user_logged_in subroutine in
Windows.pm to retrieve the names of the users logged in to the reservation
computer. This is necessary because the firewall is open to any address during
this period. Someone doing a port scan may connect to the computer. We need
to verify that the connection is from the actual user by checking if a user
matching the reservation username is logged in. If the reservation user is
logged in, it is assumed that the the VPN situation occured and the IP address
the user connected from is assumed to be correct and the firewall is configured
properly.
As you know, for imaging requests the "Administrator" user is used to login to
the reservation instead of the normal username. The user_logged_in subroutine
uses the normal username if no argument is supplied without checking if this is
an imaging requests or not. As a result, it never detects that Administrator
is logged in. After the loop times out, the firewall is locked down to the IP
address retrieved from the website.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
