Context Navigation

Modify ↓

#2790 closed defect (worksforme)

trac-admin doesn't check permission names for validity.

Reported by:	jimb@…	Owned by:	daniel
Priority:	normal	Milestone:
Component:	admin/console	Version:	0.9.4
Severity:	minor	Keywords:	permission
Cc:	jimb@…	Branch:
Release Notes:
API Changes:
Internal Changes:

Description

I tried to give myself TRAC_ADMIN permission, but didn't put the permission name in upper case. trac-admin silently ignored the command.

Trac [/www/trac/minor]> permission add jimb trac_admin
Trac [/www/trac/minor]> permission list jimb

User  Action
---------------------
jimb  BROWSER_VIEW
jimb  CHANGESET_VIEW
jimb  FILE_VIEW
jimb  LOG_VIEW
jimb  MILESTONE_VIEW
jimb  REPORT_SQL_VIEW
jimb  REPORT_VIEW
jimb  ROADMAP_VIEW
jimb  SEARCH_VIEW
jimb  TICKET_APPEND
jimb  TICKET_CHGPROP
jimb  TICKET_CREATE
jimb  TICKET_MODIFY
jimb  TICKET_VIEW
jimb  TIMELINE_VIEW
jimb  WIKI_CREATE
jimb  WIKI_MODIFY
jimb  WIKI_VIEW


Available actions:
 BROWSER_VIEW, CHANGESET_VIEW, CONFIG_VIEW, FILE_VIEW, LOG_VIEW,
 MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE, MILESTONE_MODIFY,
 MILESTONE_VIEW, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE, REPORT_MODIFY,
 REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW, SEARCH_VIEW,
 TICKET_ADMIN, TICKET_APPEND, TICKET_CHGPROP, TICKET_CREATE, TICKET_MODIFY,
 TICKET_VIEW, TIMELINE_VIEW, TRAC_ADMIN, WIKI_ADMIN, WIKI_CREATE,
 WIKI_DELETE, WIKI_MODIFY, WIKI_VIEW

Trac [/www/trac/minor]> permission add jimb TRAC_ADMIN
Trac [/www/trac/minor]> permission list jimb

User  Action
----------------------
jimb  BROWSER_VIEW
jimb  CHANGESET_VIEW
jimb  CONFIG_VIEW
jimb  FILE_VIEW
jimb  LOG_VIEW
jimb  MILESTONE_ADMIN
jimb  MILESTONE_CREATE
jimb  MILESTONE_DELETE
jimb  MILESTONE_MODIFY
jimb  MILESTONE_VIEW
jimb  REPORT_ADMIN
jimb  REPORT_CREATE
jimb  REPORT_DELETE
jimb  REPORT_MODIFY
jimb  REPORT_SQL_VIEW
jimb  REPORT_VIEW
jimb  ROADMAP_ADMIN
jimb  ROADMAP_VIEW
jimb  SEARCH_VIEW
jimb  TICKET_ADMIN
jimb  TICKET_APPEND
jimb  TICKET_CHGPROP
jimb  TICKET_CREATE
jimb  TICKET_MODIFY
jimb  TICKET_VIEW
jimb  TIMELINE_VIEW
jimb  TRAC_ADMIN
jimb  WIKI_ADMIN
jimb  WIKI_CREATE
jimb  WIKI_DELETE
jimb  WIKI_MODIFY
jimb  WIKI_VIEW


Available actions:
 BROWSER_VIEW, CHANGESET_VIEW, CONFIG_VIEW, FILE_VIEW, LOG_VIEW,
 MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE, MILESTONE_MODIFY,
 MILESTONE_VIEW, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE, REPORT_MODIFY,
 REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW, SEARCH_VIEW,
 TICKET_ADMIN, TICKET_APPEND, TICKET_CHGPROP, TICKET_CREATE, TICKET_MODIFY,
 TICKET_VIEW, TIMELINE_VIEW, TRAC_ADMIN, WIKI_ADMIN, WIKI_CREATE,
 WIKI_DELETE, WIKI_MODIFY, WIKI_VIEW

Trac [/www/trac/minor]> help

Attachments (0)

Change History (7)

follow-up: 2 comment:1 by anonymous, 18 years ago

I noticed that today. This can be very anoying, because you can invert user name and privilege, trac will accpet it silently.

sudo trac-admin . permission add WIKI_DELETE test

ser         Action         
----------------------------
WIKI_DELETE  test           
anonymous    BROWSER_VIEW   
anonymous    CHANGESET_VIEW 
anonymous    FILE_VIEW      
anonymous    LOG_VIEW       
anonymous    MILESTONE_VIEW 
anonymous    REPORT_SQL_VIEW
anonymous    REPORT_VIEW    
anonymous    ROADMAP_VIEW   
anonymous    SEARCH_VIEW    
anonymous    TICKET_CREATE  
anonymous    TICKET_MODIFY  
anonymous    TICKET_VIEW    
anonymous    TIMELINE_VIEW  
anonymous    WIKI_CREATE    
anonymous    WIKI_MODIFY    
anonymous    WIKI_VIEW

in reply to: 1 comment:2 by Emmanuel Blot, 18 years ago

Replying to anonymous:

I noticed that today. This can be very anoying, because you can invert user name and privilege, trac will accpet it silently.

Permission are checked using the following rule:

if permission is uppercase, permission is checked against the available permissions (and rejected if no match is found)
in other cases, permission is considered as a group of permissions, and is not checked

comment:4 by anonymous, 18 years ago

Component:	general → trac-admin
Owner:	changed from Jonas Borgström to daniel
Priority:	lowest → normal
Severity:	trivial → minor

comment:5 by Christian Boos, 18 years ago

Milestone:	→ 0.12

trac-admin . permission add WIKI_DELETE test

One could add a check to prevent entirely upper-cased values to be given as the first parameter, as this is always an error.

comment:6 by Christian Boos, 18 years ago

Keywords:	permission added

comment:7 by Remy Blank, 14 years ago

Milestone:	next-major-0.1X
Resolution:	→ worksforme
Status:	new → closed

$ trac-admin env permission add WIKI_DELETE test
Error: All upper-cased tokens are reserved for permission names

worksforme now.

comment:8 by bill.riner@…, 14 years ago

It's not an error if you're using smart cards and your Common Name (CN) is somthing like SMITH.JOHN.1234567890. This will fail:

# trac-admin /path/to/environment/ permission add SMITH.JOHN.1234567890 TRAC_ADMIN

Is there a fix or work around for this?

Modify Ticket

Change Properties

Summary:
Description:	I tried to give myself TRAC_ADMIN permission, but didn't put the permission name in upper case. trac-admin silently ignored the command. {{{ Trac [/www/trac/minor]> permission add jimb trac_admin Trac [/www/trac/minor]> permission list jimb User Action --------------------- jimb BROWSER_VIEW jimb CHANGESET_VIEW jimb FILE_VIEW jimb LOG_VIEW jimb MILESTONE_VIEW jimb REPORT_SQL_VIEW jimb REPORT_VIEW jimb ROADMAP_VIEW jimb SEARCH_VIEW jimb TICKET_APPEND jimb TICKET_CHGPROP jimb TICKET_CREATE jimb TICKET_MODIFY jimb TICKET_VIEW jimb TIMELINE_VIEW jimb WIKI_CREATE jimb WIKI_MODIFY jimb WIKI_VIEW Available actions: BROWSER_VIEW, CHANGESET_VIEW, CONFIG_VIEW, FILE_VIEW, LOG_VIEW, MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE, MILESTONE_MODIFY, MILESTONE_VIEW, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE, REPORT_MODIFY, REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW, SEARCH_VIEW, TICKET_ADMIN, TICKET_APPEND, TICKET_CHGPROP, TICKET_CREATE, TICKET_MODIFY, TICKET_VIEW, TIMELINE_VIEW, TRAC_ADMIN, WIKI_ADMIN, WIKI_CREATE, WIKI_DELETE, WIKI_MODIFY, WIKI_VIEW Trac [/www/trac/minor]> permission add jimb TRAC_ADMIN Trac [/www/trac/minor]> permission list jimb User Action ---------------------- jimb BROWSER_VIEW jimb CHANGESET_VIEW jimb CONFIG_VIEW jimb FILE_VIEW jimb LOG_VIEW jimb MILESTONE_ADMIN jimb MILESTONE_CREATE jimb MILESTONE_DELETE jimb MILESTONE_MODIFY jimb MILESTONE_VIEW jimb REPORT_ADMIN jimb REPORT_CREATE jimb REPORT_DELETE jimb REPORT_MODIFY jimb REPORT_SQL_VIEW jimb REPORT_VIEW jimb ROADMAP_ADMIN jimb ROADMAP_VIEW jimb SEARCH_VIEW jimb TICKET_ADMIN jimb TICKET_APPEND jimb TICKET_CHGPROP jimb TICKET_CREATE jimb TICKET_MODIFY jimb TICKET_VIEW jimb TIMELINE_VIEW jimb TRAC_ADMIN jimb WIKI_ADMIN jimb WIKI_CREATE jimb WIKI_DELETE jimb WIKI_MODIFY jimb WIKI_VIEW Available actions: BROWSER_VIEW, CHANGESET_VIEW, CONFIG_VIEW, FILE_VIEW, LOG_VIEW, MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE, MILESTONE_MODIFY, MILESTONE_VIEW, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE, REPORT_MODIFY, REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW, SEARCH_VIEW, TICKET_ADMIN, TICKET_APPEND, TICKET_CHGPROP, TICKET_CREATE, TICKET_MODIFY, TICKET_VIEW, TIMELINE_VIEW, TRAC_ADMIN, WIKI_ADMIN, WIKI_CREATE, WIKI_DELETE, WIKI_MODIFY, WIKI_VIEW Trac [/www/trac/minor]> help }}} You may use WikiFormatting here.
Type:		Priority:
Milestone:		Component:
Version:		Severity:
Keywords:		Cc:	Set your email in Preferences
Branch:
Release Notes:
API Changes:
Internal Changes:

Action

leave as closed The owner will remain daniel.

reopen The resolution will be deleted. Next status will be 'reopened'.

change ownership to The owner will be changed from daniel to the specified user.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences .

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: