Ns8-sogo: "administrator list" field filtering/validation

Bug
, ,
1

ns8-sogo v1.0.5

Advanced → Administrator list field: would be better to be able to add users (or even groups if supported) from a list.

Good example from another module:
image

Otherwise, lousy/malicious admins can mess up sogo.conf file, like below where service is down and a notification pops-up in cluster-admin every few seconds at app instance auto-restart.

image
image539×766 39.4 KB

2024-03-16T10:21:11+01:00 [1:sogo1:sogo-app] <0x0x55908c77de40[SOGoStartupLogger]> Cannot read configuration from '/etc/sogo/sogo.conf'. Aborting
2024-03-16T10:21:12+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:12,585 WARN exited: sogod (exit status 1; not expected)
2024-03-16T10:21:13+01:00 [1:sogo1:sogo-app] [Sat Mar 16 09:21:13.466714 2024] [proxy_http:error] [pid 17:tid 140677509748416] [client 127.0.0.1:41556] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
2024-03-16T10:21:13+01:00 [1:sogo1:sogo1] <h1>Service unavailable!</h1>
2024-03-16T10:21:13+01:00 [1:sogo1:sogo1] <head>
2024-03-16T10:21:13+01:00 [1:sogo1:sogo1] <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
2024-03-16T10:21:13+01:00 [1:sogo1:sogo1] <link rev="made" href="mailto:you@example.com" />
2024-03-16T10:21:14+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:14,470 INFO spawned: 'sogod' with pid 102
2024-03-16T10:21:14+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:14.553 sogod[102:102] File NSDictionary.m: 671. In -[NSDictionary initWithContentsOfFile:] Contents of file '/etc/sogo/sogo.conf' does not contain a dictionary
2024-03-16T10:21:14+01:00 [1:sogo1:sogo-app] <0x0x556fa55b0e40[SOGoStartupLogger]> Cannot read configuration from '/etc/sogo/sogo.conf'. Aborting
2024-03-16T10:21:14+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:14,558 WARN exited: sogod (exit status 1; not expected)
2024-03-16T10:21:16+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:16,560 INFO success: apache entered RUNNING state, process has stayed up for > than 5 seconds (startsecs)
2024-03-16T10:21:16+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:16,561 INFO success: cronie entered RUNNING state, process has stayed up for > than 5 seconds (startsecs)
2024-03-16T10:21:16+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:16,562 INFO spawned: 'sogod' with pid 103
2024-03-16T10:21:16+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:16.625 sogod[103:103] File NSDictionary.m: 671. In -[NSDictionary initWithContentsOfFile:] Contents of file '/etc/sogo/sogo.conf' does not contain a dictionary
2024-03-16T10:21:16+01:00 [1:sogo1:sogo-app] <0x0x5592f255de40[SOGoStartupLogger]> Cannot read configuration from '/etc/sogo/sogo.conf'. Aborting
2024-03-16T10:21:17+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:17,630 WARN exited: sogod (exit status 1; not expected)
2024-03-16T10:21:20+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:20,635 INFO spawned: 'sogod' with pid 104
2024-03-16T10:21:20+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:20.703 sogod[104:104] File NSDictionary.m: 671. In -[NSDictionary initWithContentsOfFile:] Contents of file '/etc/sogo/sogo.conf' does not contain a dictionary
2024-03-16T10:21:20+01:00 [1:sogo1:sogo-app] <0x0x55f77e780e40[SOGoStartupLogger]> Cannot read configuration from '/etc/sogo/sogo.conf'. Aborting
2024-03-16T10:21:20+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:20,705 WARN exited: sogod (exit status 1; not expected)
2024-03-16T10:21:21+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:21,707 INFO success: memcached entered RUNNING state, process has stayed up for > than 10 seconds (startsecs)
2024-03-16T10:21:21+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:21,707 INFO gave up: sogod entered FATAL state, too many start retries too quickly
2024-03-16T10:21:22+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:22,908 INFO waiting for processes, apache, cronie, memcached to die
2024-03-16T10:21:23+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:23,497 INFO stopped: memcached (exit status 0)
2024-03-16T10:21:23+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:23,502 INFO stopped: cronie (exit status 0)
2024-03-16T10:21:23+01:00 [1:sogo1:sogo-app] [Sat Mar 16 09:21:23.519552 2024] [mpm_event:notice] [pid 4:tid 140677751265152] AH00491: caught SIGTERM, shutting down
2024-03-16T10:21:23+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:23,532 INFO stopped: apache (exit status 0)
2024-03-16T10:21:23+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:23,533 WARN stopped: processes (terminated by SIGTERM)
2024-03-16T10:21:24+01:00 [1:sogo1:conmon] conmon 1dc42994ec2a68fe6636 <nwarn>: Failed to open cgroups file: /sys/fs/cgroup/user.slice/user-1011.slice/user@1011.service/user.slice/user-libpod_pod_a938a357b82e0b8619e57b28742893b7050aed51894ed026504e96002a125663.slice/libpod-1dc42994ec2a68fe6636377f498784b642adb5f735f769c869d282d33c123a46.scope/container/memory.events
2024-03-16T10:21:24+01:00 [1:sogo1:systemd] Stopped Podman mariadb-app.service.
2024-03-16T10:21:24+01:00 [1:sogo1:systemd] Starting Podman sogo.service...
2024-03-16T10:21:24+01:00 [1:sogo1:systemd] Started libcrun container.
2024-03-16T10:21:24+01:00 [1:sogo1:systemd] Started Podman sogo.service.
2024-03-16T10:21:24+01:00 [1:sogo1:systemd] Starting Podman mariadb-app.service...
2024-03-16T10:21:24+01:00 [1:sogo1:systemd] Started libcrun container.
2024-03-16T10:21:24+01:00 [1:sogo1:mariadb-app] 2024-03-16 09:21:24+00:00 [Note] [Entrypoint]: Entrypoint script for MariaDB Server 1:10.11.6+maria~ubu2204 started.
2024-03-16T10:21:25+01:00 [1:sogo1:mariadb-app] 2024-03-16 09:21:25+00:00 [Note] [Entrypoint]: Switching to dedicated user 'mysql'
2024-03-16T10:21:25+01:00 [1:sogo1:mariadb-app] 2024-03-16  9:21:25 0 [Note] mariadbd: O_TMPFILE is not supported on /tmp (disabling future attempts)
2024-03-16T10:21:25+01:00 [1:sogo1:mariadb-app] 2024-03-16  9:21:25 0 [Warning] You need to use --log-bin to make --expire-logs-days or --binlog-expire-logs-seconds work.
2024-03-16T10:21:25+01:00 [1:sogo1:mariadb-app] 2024-03-16  9:21:25 0 [Note] Server socket created on IP: '0.0.0.0'.
2024-03-16T10:21:25+01:00 [1:sogo1:mariadb-app] 2024-03-16  9:21:25 0 [Note] mariadbd: ready for connections.
2024-03-16T10:21:26+01:00 [1:sogo1:sogo1] mysqld is alive
2024-03-16T10:21:26+01:00 [1:sogo1:systemd] Started Podman mariadb-app.service.
2024-03-16T10:21:26+01:00 [1:sogo1:systemd] Starting Podman  sogo-app.service...
2024-03-16T10:21:28+01:00 [1:sogo1:sogo1] 2a28a52f22b5ecfa5c9651f051468c189848d53f3ca72cc767e30f29cf3c63ef
2024-03-16T10:21:28+01:00 [1:sogo1:sogo1] curl: (7) Failed to connect to 127.0.0.1 port 20001 after 14 ms: Couldn't connect to server
2024-03-16T10:21:28+01:00 [1:sogo1:sogo-app] /usr/lib/python3.11/site-packages/supervisor/options.py:474: UserWarning: Supervisord is running as root and it is searching for its configuration file in default locations (including its current working directory); you probably want to specify a "-c" argument specifying an absolute path to a configuration file for improved security.
2024-03-16T10:21:28+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:28,901 INFO Included extra file "/etc/supervisor.d/apache.ini" during parsing
2024-03-16T10:21:28+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:28,901 INFO Included extra file "/etc/supervisor.d/memcached.ini" during parsing
2024-03-16T10:21:28+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:28,906 CRIT Server 'inet_http_server' running without any HTTP authentication checking
2024-03-16T10:21:29+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:29,911 INFO spawned: 'processes' with pid 3
2024-03-16T10:21:29+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:29,920 INFO spawned: 'cronie' with pid 5
2024-03-16T10:21:29+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:29,926 INFO spawned: 'sogod' with pid 7
2024-03-16T10:21:29+01:00 [1:sogo1:sogo-app] AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message
2024-03-16T10:21:29+01:00 [1:sogo1:sogo-app] AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message
2024-03-16T10:21:29+01:00 [1:sogo1:sogo-app] [Sat Mar 16 09:21:29.982249 2024] [mpm_event:notice] [pid 4:tid 139985747654528] AH00489: Apache/2.4.58 (Unix) configured -- resuming normal operations
2024-03-16T10:21:31+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:31,016 INFO success: processes entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2024-03-16T10:21:31+01:00 [1:sogo1:sogo-app] [Sat Mar 16 09:21:31.946922 2024] [proxy:error] [pid 17:tid 139985567037120] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:20000 (127.0.0.1:20000) failed
2024-03-16T10:21:31+01:00 [1:sogo1:sogo1]     problems. Please try again later.
2024-03-16T10:21:31+01:00 [1:sogo1:sogo1]   <span>Apache/2.4.58 (Unix)</span>
2024-03-16T10:21:31+01:00 [1:sogo1:sogo1] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
2024-03-16T10:21:31+01:00 [1:sogo1:sogo1] <address>
2024-03-16T10:21:31+01:00 [1:sogo1:sogo1] <p>
2024-03-16T10:21:31+01:00 [1:sogo1:sogo1] <p>
2024-03-16T10:21:34+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:34,036 WARN exited: sogod (exit status 1; not expected)
2024-03-16T10:21:35+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:35,038 INFO success: apache entered RUNNING state, process has stayed up for > than 5 seconds (startsecs)
2024-03-16T10:21:35+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:35,038 INFO success: cronie entered RUNNING state, process has stayed up for > than 5 seconds (startsecs)
2024-03-16T10:21:36+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:36,041 INFO spawned: 'sogod' with pid 103
2024-03-16T10:21:36+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:36.107 sogod[103:103] File NSDictionary.m: 671. In -[NSDictionary initWithContentsOfFile:] Contents of file '/etc/sogo/sogo.conf' does not contain a dictionary
2024-03-16T10:21:36+01:00 [1:sogo1:sogo-app] <0x0x55adfdb94e40[SOGoStartupLogger]> Cannot read configuration from '/etc/sogo/sogo.conf'. Aborting
2024-03-16T10:21:36+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:36,109 WARN exited: sogod (exit status 1; not expected)
2024-03-16T10:21:39+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:39,117 INFO spawned: 'sogod' with pid 104
2024-03-16T10:21:39+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:39.181 sogod[104:104] File NSDictionary.m: 671. In -[NSDictionary initWithContentsOfFile:] Contents of file '/etc/sogo/sogo.conf' does not contain a dictionary
2024-03-16T10:21:39+01:00 [1:sogo1:sogo-app] <0x0x555c05b96e40[SOGoStartupLogger]> Cannot read configuration from '/etc/sogo/sogo.conf'. Aborting
2024-03-16T10:21:39+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:39,183 WARN exited: sogod (exit status 1; not expected)
2024-03-16T10:21:40+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:40,185 INFO success: memcached entered RUNNING state, process has stayed up for > than 10 seconds (startsecs)
2024-03-16T10:21:40+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:40,185 INFO gave up: sogod entered FATAL state, too many start retries too quickly
2024-03-16T10:21:41+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:41,373 WARN processes: bad result line: 'Shut down'
2024-03-16T10:21:41+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:41,373 WARN processes: has entered the UNKNOWN state and will no longer receive events, this usually indicates the process violated the eventlistener protocol
2024-03-16T10:21:41+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:41,972 INFO stopped: memcached (exit status 0)
2024-03-16T10:21:42+01:00 [1:sogo1:sogo-app] 2024-03-16 09:21:42,006 INFO stopped: apache (exit status 0)
2024-03-16T10:21:42+01:00 [1:sogo1:systemd] Stopping Podman mariadb-app.service...
2024-03-16T10:21:42+01:00 [1:sogo1:mariadb-app] 2024-03-16  9:21:42 0 [Note] InnoDB: Dumping buffer pool(s) to /var/lib/mysql/ib_buffer_pool
2024-03-16T10:21:43+01:00 [1:sogo1:systemd] Removed slice cgroup user-libpod_pod_8d4e71ecadc3c500a07445f1e34fff2cb2d007ec505a8b6ab5d39ed19cbdecf6.slice.
2024-03-16T10:21:43+01:00 [1:sogo1:sogo1] 7853ffeeba166c1b4c0b79ef5f3b053a8f299d7d55a5be82f3d15f2e459b0fb2
2024-03-16T10:21:43+01:00 [1:sogo1:mariadb-app] 2024-03-16 09:21:43+00:00 [Note] [Entrypoint]: Entrypoint script for MariaDB Server 1:10.11.6+maria~ubu2204 started.
2024-03-16T10:21:43+01:00 [1:sogo1:sogo1] amysqladmin: connect to server at 'localhost' failed
2024-03-16T10:21:43+01:00 [1:sogo1:mariadb-app] 2024-03-16 09:21:43+00:00 [Note] [Entrypoint]: Entrypoint script for MariaDB Server 1:10.11.6+maria~ubu2204 started.
2024-03-16T10:21:43+01:00 [1:sogo1:mariadb-app] 2024-03-16  9:21:43 0 [Note] InnoDB: Number of transaction pools: 1
2024-03-16T10:21:43+01:00 [1:sogo1:mariadb-app] 2024-03-16  9:21:43 0 [Note] InnoDB: Initializing buffer pool, total size = 128.000MiB, chunk size = 2.000MiB
2024-03-16T10:21:44+01:00 [1:sogo1:sogo1] mysqld is alive
2024-03-16T10:21:44+01:00 [1:sogo1:systemd] Started Podman mariadb-app.service.
2024-03-16T10:21:44+01:00 [1:sogo1:systemd] Starting Podman  sogo-app.service...
2024-03-16T10:21:47+01:00 [1:sogo1:sogo1] 
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0

image
image1151×228 26.3 KB

BTW, are parts of error messages like the above customizable (webmaster mailto link… for instance)? Not that it matters to me personally, and human resources would serve better elsewhere.

2 Likes
2

If people wants to break their server i am ok with that

2 Likes
3

What string did you put inside ?

4

single quotes, double quotes, parenthesis,` ;

input validation, data sanitization

1 Like
5

Yep this could be filtered in the UI

1 Like
6

Me too, generally.
But: A core barfing on a screen isn’t quite as specatular as the ten story drop from a window.
Before opening the window, the betting is opened, how deep the hole in the asphalt will be!
Then the drop!

:slight_smile:

1 Like
7

should be good Add validation message for invalid user by stephdl · Pull Request #12 · NethServer/ns8-sogo · GitHub

2 Likes
8

Sorry for the delay.

Validation works without allowing to “break” sogo.conf file.
Non-existing users can be set but with no negative effect.
Administration option for listed users also works BUT usernames on the list must be an exact match with the one set in the account provider:

  • With internal LDAP provider, administration option for listed users doesn’t work when using a leading capital letter in usernames (or any uppercase letter in any position) like in the prefilled example “Administrator”. On LDAP usernames are restricted to lowercase.
  • With internal Samba provider, usernames can contain mixed uppercase/lowercase letters. The name in the list must be an exact must.

A better example (and UX) used in other parts of NS8 could be this one.
image

  • No extra validation needed (validated once at user creation), no real user input (reduces errors/bugs)
  • downside: more demanding in terms of coding and time (service discovery, etc.), for sure

Unrelated to the OP:
No SOGo logo but default NS logo on app dashboard (not a problem, just commenting it).

Log shows:

sogod [103]: [ERROR] <0x0x7f3b6e3d6700[GCSAdminFolder]> 'OCSAdminURL' is not set

…related to:

OCSAdminURL
Parameter used to set the database URL so that SOGo can use to store all administration elements.

The super-user has an additional view (next to calendar, contacts and mail views). In this view it can create a “Message of the day” that will be shown in login page for everyone. (source)

9

This seems to be a well chosen label for a parameter…
Labeled OCS, but has nothing to do with OCS (Software).
SoGo has a lot of such IMHO misnomers…
Why not “SoGoAdminURL” like they do use for a lot of other parameters?

My Impression of SoGo has just gone from bad to worse!
A minus for using a “bad” protocoll, ActiveSync
Another minus for Bad programming style, the use of misnomer parameters.

My 2 cents
Andy

10

converted to lowercase, for now I do not have time to display the user but who knows…

11

No problem. Just reporting what I find (so others can benefit, as I’m not using SOGo). No pressure from my side. :wink:

2 Likes
12

good shot