Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shorten hostname to relative domain name in status.php #32425

Merged
merged 7 commits into from
Feb 12, 2019
Merged

Shorten hostname to relative domain name in status.php #32425

merged 7 commits into from
Feb 12, 2019

Conversation

MariusTimmer
Copy link
Contributor

@MariusTimmer MariusTimmer commented Aug 23, 2018
edited
Loading

Description

This pull request introduces the new configuration option use_relative_domain_name which defaults to false. If set to true the hostname will be shorten to the relative domain name.

Related Issue

Motivation and Context

It provides the new option use_relative_domain_name to shorten the FQDN to the relative domain name to hide our backend servers from the users.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Technical debt
  • Tests

Checklist:

  • Code changes
  • Unit tests added
  • Acceptance tests added
  • Documentation ticket raised:

@MariusTimmer
Feature
3e2357b 
Added a switch to the status.php to shorten the hostname to the relative domain name using the new 'use_server_shortname' option in the config.sample.php.
@MariusTimmer
Labeling improvement
c3c5f5f 
Renamed the configuration option 'use_server_shortname' to 'use_relative_domain_name'.
@patrickjahns
Copy link
Contributor

@MariusTimmer

Can you please provide Context / Motivation behind this change.
If agreed upon - please provide also test cases covering this change - so we can ensure it is working in the future.

@MariusTimmer
Testing
be0c1ce 
Added test case which makes sure the hostname can be shorten (if the FQDN contains a dot which will be used as separator between node and domain).
@codecov
Copy link

codecov bot commented Sep 4, 2018
edited
Loading

Codecov Report

Merging #32425 into master will decrease coverage by 0.64%.
The diff coverage is 77.77%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master   #32425      +/-   ##
============================================
- Coverage     64.77%   64.13%   -0.65%     
- Complexity    18372    18722     +350     
============================================
  Files          1199     1184      -15     
  Lines         69566    70442     +876     
  Branches       1282     1270      -12     
============================================
+ Hits          45063    45176     +113     
- Misses        24130    24896     +766     
+ Partials        373      370       -3
Flag Coverage Δ Complexity Δ
#javascript 52.89% <ø> (-0.19%) 0 <ø> (ø)
#phpunit 65.4% <77.77%> (-0.73%) 18722 <9> (+350)
Impacted Files Coverage Δ Complexity Δ
status.php 0% <0%> (ø) 0 <0> (ø) ⬇️
lib/public/Util.php 58.85% <100%> (+3.23%) 81 <9> (+2) ⬆️
apps/files/lib/ActivityHelper.php 0% <0%> (-100%) 8% <0%> (ø)
lib/private/DB/MySqlTools.php 0% <0%> (-88.47%) 4% <0%> (-7%)
apps/files_external/lib/Command/Config.php 0% <0%> (-80%) 0% <0%> (ø)
apps/comments/lib/Activity/Listener.php 25.58% <0%> (-69.77%) 11% <0%> (ø)
apps/systemtags/lib/Activity/Listener.php 0% <0%> (-62.89%) 29% <0%> (-3%)
lib/public/SystemTag/MapperEvent.php 38.46% <0%> (-61.54%) 5% <0%> (ø)
lib/private/DB/MySQLMigrator.php 57.69% <0%> (-42.31%) 7% <0%> (+2%)
core/templates/internalaltmail.php 60% <0%> (-40%) 0% <0%> (ø)
... and 217 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c354962...e7cdbc5. Read the comment docs.

@MariusTimmer
Copy link
Contributor Author

@patrickjahns
Sorry that I missed our motivation and a the context in my opening message. According to the colleague who requested this feature it is a security issue.

Motivation

Since we are using owncloud in a cluster we want to allow our customers to call status.php so they can find out which node of the cluster may have caused problems.

When calling status.php without our modification, the users will see e.g. machine01.uni-muenster.de as hostname. But we do not want to reveal the domain, because in some cases you could reach machine01.uni-muenster.de from the internet, when the firewall isn't correctly configured - Okay; In that case you'll have other problems too. (We're having security audits from people in our security team, so I'll hope, they'd find these kind of misconfiguration!) But users can be motivated trying to 'hack' our systems (beginning with ping, tracert and nmap), when the name is a worldwide valid system name. This can produce lots of load on firewall systems (DOS). It's kinda security by obscurity.
We are lucky, because our web-servers don't use official IP addresses. So, a defective firewall config won't make a problem in our installation. But on the other hand, we can't guarantee, that we will have this "security-feature" of private IP-addresses, when IPv6 will come to sciebo(our cluster) /owncloud.

Test case

In commit be0c1ce I added a new assertion in UnitTest::testGetStatusInfo(). In case the original hostname contains a dot it will be used as separator and the test will make sure the full qualified domain name is not equals the relative domain name.

@MariusTimmer
Merge branch 'master' of github.com:owncloud/core
347a86c
@MariusTimmer
Bugfix
cd2c01a 
If the option 'use_relative_domain_name' is set to true in the configuration, we do not want to tell '\OCP\Util::getStatusInfo()' it is false.
Often the small things do matter.
@MariusTimmer
Copy link
Contributor Author

Tests in our system showed that the Boolean value (third argument for \OCP\Util::getStatusInfo()) within the status.php file was flipped. That caused showing the FQDN when setting the option use_relative_domain_name to true and vice versa. Commit cd2c01a fixes this trivial problem.

PVince81
PVince81 reviewed Feb 8, 2019
View reviewed changes
config/config.sample.php Outdated Show resolved Hide resolved
PVince81
PVince81 approved these changes Feb 12, 2019
View reviewed changes
Copy link
Contributor

@PVince81 PVince81 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@PVince81 PVince81 merged commit 1fe1e27 into owncloud:master Feb 12, 2019
@PVince81
Copy link
Contributor

damn, should have asked for squashing the commits.

I'll backport all into a single one then

@PVince81 PVince81 mentioned this pull request Feb 12, 2019
Merged
@PVince81
Copy link
Contributor

stable10: #34469

@lock lock bot locked as resolved and limited conversation to collaborators Feb 12, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@PVince81 PVince81 PVince81 approved these changes

@DeepDiver1975 DeepDiver1975 Awaiting requested review from DeepDiver1975

@butonic butonic Awaiting requested review from butonic

@cdamken cdamken Awaiting requested review from cdamken

Assignees
No one assigned
Labels
enhancement junior job
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Shorten hostname to relative domain name in status.php
4 participants
@MariusTimmer @patrickjahns @PVince81 @ownclouders