Missing Server Configuration variable for CAS allowed proxies & Char Buffer for Principal ID too small

[fbuehrmann]

Dear developer team,

I am currently using and testing NetXMS with CAS authentication and while setting it up, I came across the following two issues, both of which are related to the file src/server/core/cas_validator.cpp.

The first one is related to the Character buffer char netid[14] in line 161, which is used as target buffer when extracting the username from the <cas:user> XML field of the service ticket validation response. With an array length of 14, it allows for an effective username length of 13 characters. As my CAS server uses the e-mail address as the principal ID/username, this length is insufficient.
Is there a specific reason, why the array length has been set to 14 or could it be increased?

The second issue is related to the validation of CAS Proxy Tickets and the string array char *m_proxies[] in line 56. During proxy ticket validation, it is checked, whether the value of the XML field cas:proxy or cas:proxies is present in the *m_proxies array. This corresponds to line 258 in cas_validator.cpp. However, the value of the array is initialized with { NULL } and I did not find any location in the code, where additional values are added to it, causing the proxy ticket validation to always fail and return the error CAS: bad proxy (...). To solve this issue you could introduce a new server configuration parameter (e.g. CASAllowedProxies) to be used in the method void CASReadSettings (line 62), which then extracts a string array of URLs that are to be used as allowed proxies.

Hopefully, this can help you get rid of these problems.

Kind regards,
fbuehrmann

(Using NetXMS version 3.0-2357, sourcecode was checked both in stable-3.1 as well as master branch)

[2128506]

Fixed by commit a19a074

[fbuehrmann]

Cool, thank you for the quick commit 👍