SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0002028: Broken user management for local authentication - MantisBT
MantisBT - Endian Firewall
View Issue Details
0002028Endian FirewallProxy HTTPpublic2009-07-23 09:292010-11-22 12:04
gm2x 
simon-endian 
normalminoralways
closedfixed 
2.2 
2.3.12.3.1 
0002028: Broken user management for local authentication
Various glitches occur if some username is substring of another username.
- add user "test1"
- add user "test10"
- remove user "test1"

* OR/AND *

- add user "test1"
- add user "test10"
- add user "test"
This bug didn't exist in 2.1.2
purple
png Endian Firewall - Authentication_12.png (87,262) 2009-07-23 11:36
https://bugs.endian.com/file_download.php?file_id=251&type=bug
png
Issue History
2009-07-23 09:29gm2xNew Issue
2009-07-23 09:31gm2xNote Added: 0002772
2009-07-23 09:51luca-endianNote Added: 0002773
2009-07-23 11:19gm2xNote Added: 0002774
2009-07-23 11:36gm2xFile Added: Endian Firewall - Authentication_12.png
2009-07-23 11:37gm2xNote Added: 0002775
2009-07-23 12:48luca-endianStatusnew => confirmed
2009-07-23 12:48luca-endianTag Attached: purple
2009-07-23 12:49luca-endianRelationship addedrelated to 0002030
2009-11-02 10:56gm2xNote Added: 0003208
2009-11-02 13:28luca-endianNote Added: 0003213
2009-11-03 14:48gm2xNote Added: 0003221
2009-11-03 14:57peter-endianStatusconfirmed => new
2009-11-03 14:57peter-endianAssigned To => simon-endian
2009-11-03 14:57peter-endianStatusnew => confirmed
2009-11-03 14:57peter-endianNote Added: 0003222
2009-11-03 15:51gm2xNote Added: 0003223
2009-11-03 16:50peter-endianNote Added: 0003224
2009-11-03 17:05simon-endianNote Added: 0003225
2009-11-25 10:16christian-endianStatusconfirmed => new
2009-11-25 10:16christian-endianStatusnew => confirmed
2009-11-25 10:16christian-endianRelationship addedchild of 0002435
2009-11-25 17:36peter-endianTarget Version => 2.3.1
2009-11-27 11:56simon-endianNote Added: 0003420
2009-11-27 12:03simon-endianNote Added: 0003422
2009-11-27 12:03simon-endianStatusconfirmed => resolved
2009-11-27 12:03simon-endianFixed in Version => 2.3.1
2009-11-27 12:03simon-endianResolutionopen => fixed
2010-11-22 12:04peter-endianStatusresolved => closed

Notes
(0002772)
gm2x   
2009-07-23 09:31   
Steps to reproduce is in advanced view.
(0002773)
luca-endian   
2009-07-23 09:51   
Can you gently give us a more detailed description of the issue and the steps to reproduce it?

Thanks
(0002774)
gm2x   
2009-07-23 11:19   
Ok, i followed like this:
0. I've done clean install of EFW 2.2 Community.
1. Enable HTTP Proxy.
2. Enable authentication in proxy configuration.
3. Go to User Management page (Proxy > HTTP > Authentication > User management button).
4. Add first user with name "abc"
5. Add second user with name "abcd"
6. Remove first user (second user will disappear too).
7. Add another user with name "abc"
8. Add user with name "ab" (first user will disappear).

The same behavior on demo.endian.com site.
(0002775)
gm2x   
2009-07-23 11:37   
Screenshot uploaded.
(0003208)
gm2x   
2009-11-02 10:56   
EFW 2.3 is also affected.
(0003213)
luca-endian   
2009-11-02 13:28   
really? did you restore a 2.2 backup?
because it should be fixed in 2.3..
(0003221)
gm2x   
2009-11-03 14:48   
Clean install of community release in virtual machine. First part...

> 4. Add first user with name "abc"
> 5. Add second user with name "abcd"
> 6. Remove first user (second user will disappear too).

... sometimes works as it should, but when i tryed to repeat those steps, it doesn't. Second part...

> 7. Add another user with name "abc"
> 8. Add user with name "ab" (first user will disappear).

... still doesn't work. Also, can't create proxy users in demo system (demo.endian.com)
(0003222)
peter-endian   
2009-11-03 14:57   
is this bug also fixed but not deployed on the iso?
can you confirm this, simon?
(0003223)
gm2x   
2009-11-03 15:51   
I didn't understand last message. The buggy installation was deployed from ISO, if you mean that. The user management is still broken. What additional information i should provide?
(0003224)
peter-endian   
2009-11-03 16:50   
last message was intended for *simon*, which is the developer of this part, to whom i assigned the ticket.

I think this bug has already been fixed before release of 2.3 (#2030) but has not been deployed in order to have it on the 2.3 iso.
correct, simon?
(0003225)
simon-endian   
2009-11-03 17:05   
i can confirm that it still exist, but is not allways reproduceable :-/ which is the reason i closed #2030 (i could not reproduce when i tested it back then with an development version of 2.3)

will fix it ASAP
(0003420)
simon-endian   
2009-11-27 11:56   
this happens because id for new user is 0 which will overwrite the first user in the user list :-/
(0003422)
simon-endian   
2009-11-27 12:03   
now first user is not deleted when a new user is created