Can't login anymore in the GUI

[flapane]

Device Model: DGA4132 Gui Version: 8.10.86 2018 (Italian language)

Description of problem: Hi, since the last reboot a couple of days ago it is not possible anymore to login on the GUI. Luci (:9080), however, works flawlessy. If I use random access data I get a "user is wrong" message. However, if I use the correct data, the jQuery button "Verify" spins undefinitely, and I can't get anymore info from Firefox Developer Tools.

nginx.log reports for every login the following couple of lines (localhost being me abroad via ssh, and 192. being a local client):

2019/01/10 21:02:17 [error] 11732#0: *228 [lua] session.lua:217: POST without CSRF token, client: 127.0.0.1, server: localhost, request: "POST /authenticate HTTP/1.1", host: "localhost:8080", referrer: "http://localhost:8080/cards.lp"
2019/01/10 21:02:27 [alert] 5536#0: worker process 11732 exited on signal 11 (core dumped)
2019/01/10 21:15:27 [error] 12805#0: *247 [lua] session.lua:217: POST without CSRF token, client: 192.168.0.19, server: localhost, request: "POST /authenticate HTTP/1.1", host: "192.168.0.1", referrer: "http://192.168.0.1/cards.lp"
2019/01/10 21:15:38 [alert] 5536#0: worker process 12805 exited on signal 11 (core dumped)

It smells like a problem with curl or wget, or better said with something concerning security, as I can't even download as a test the GUI again (segfault).

curl -k https://repository.ilpuntotecnico.com/files/Ansuel/AGTEF/GUI.tar.bz2 --
output /tmp/GUI_test.tar.bz2
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0Segmentation fault (core dumped)

wget https://repository.ilpuntotecnico.com/files/roleo/public/agtef/1.1.0/br
cm63xx-tch/packages/management/Packages.gz
--2019-01-10 21:44:15--  https://repository.ilpuntotecnico.com/files/roleo/public/agtef/1.1.0/brcm63xx-tch/packages/management/Packages.gz
Resolving repository.ilpuntotecnico.com... 2606:4700:30::681f:4d3a, 104.31.76.58, 104.31.77.58
Connecting to repository.ilpuntotecnico.com|2606:4700:30::681f:4d3a|:443... failed: Operation not permitted.
Connecting to repository.ilpuntotecnico.com|104.31.76.58|:443... connected.
Segmentation fault (core dumped)

Could you please give me hints? Thanks in advance

[kevdagoat]

This is most likely due to the luci library

Sent from my iPhone

On 11 Jan 2019, at 4:23 am, flapane notifications@github.com wrote:

Device Model: DGA4132 Gui Version: 8.10.86 2018 (Italian language)

Description of problem: Hi, since the last reboot a couple of days ago it is not possible anymore to login on the GUI. Luci (:9080), however, works flawlessy. If I use random access data I get a "user is wrong" message. However, if I use the correct data, the jQuery button "Verify" spins undefinitely, and I can't get anymore info from Firefox Developer Tools.

nginx.log reports for every login the following couple of lines (localhost being me abroad via ssh, and 192. being a local client):

2019/01/10 21:02:17 [error] 11732#0: 228 [lua] session.lua:217: POST without CSRF token, client: 127.0.0.1, server: localhost, request: "POST /authenticate HTTP/1.1", host: "localhost:8080", referrer: "http://localhost:8080/cards.lp" 2019/01/10 21:02:27 [alert] 5536#0: worker process 11732 exited on signal 11 (core dumped) 2019/01/10 21:15:27 [error] 12805#0: 247 [lua] session.lua:217: POST without CSRF token, client: 192.168.0.19, server: localhost, request: "POST /authenticate HTTP/1.1", host: "192.168.0.1", referrer: "http://192.168.0.1/cards.lp" 2019/01/10 21:15:38 [alert] 5536#0: worker process 12805 exited on signal 11 (core dumped) Could you please give me hints? Thanks in advance

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[flapane]

I reinstalled it already, together with nginx. Now I get a "Not valid password" for apparently unknown reasons. I even uncommented the "lost password" html line and inserted the access code beneath the router, without luck. I also tried with "root" username I use on ssh, without luck. Could you please tell me how can I debug it? https://i.imgur.com/5ruKia5.png

[FrancYescO]

try to post logread -l 30 just a few seconds after the "spins undefinitely" status

[flapane]

Hey, sorry for the late answer, somehow the post ended up in the spam folder. Unfortunately there is nothing else useful other than what nginix spitted out in the first post, which left me puzzled as well. As I'll be in Italy next month, I will reflash the router after having saved the required configuration files. I have the feeling that the SEGFAULT started at some point while switching from the default 4130 repository to that of 4132 (though the router is a 4132), and now so many packets have been "corrupted", that now reflashing is probably a faster approach.

[FrancYescO]

any news on this? could you test with the latest version of the GUI (just issue upgradegui from ssh to upgrade)

[kevdagoat]

I am going to assume it would be fixed. If not, factory reset your gateway and reflash the firmware

Sent from my iPhone

On 17 Mar 2019, at 4:53 am, Francesco M notifications@github.com wrote:

any news on this? could you test with the latest version of the GUI (just issue upgradegui from ssh to upgrade)

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[flapane]

I eventually landed right yesterday evening. Give me a short break and I will provide feedback.

[flapane]

No luck by upgrading the GUI via CLI. I was eventually forced to flash the new v2 firmware via Luci GUI, given that I could not even access anymore via AutoflashGUI.