osiktech
commented
1 year ago Same here
Closed sniff122 closed 1 year ago
osiktech
commented
1 year ago Same here
osiktech
commented
1 year ago I did some debugging, and it seems to be this commit: 68d73740d7d40aee77cfda3fb8199d58bf04f48b
I commented line 25 to 34 in /var/www/html/fog/status/getfiles.php and voila creating snapins is working again.
sniff122
commented
1 year ago interesting, thanks for digging into that, i would if i knew PHP
osiktech
commented
1 year ago I get the idea why it was introduced because otherwise you would be able to enumarate files/directories in a path (e.g.) http://your-fog-server/fog/status/getfiles.php?path=%2Ftmp%2F will list the content of /tmp.
The real problem seems to be !$currentUser->isValid() which results in
Got error 'PHP message: PHP Fatal error: Uncaught Error: Call to a member function isValid() on null in /var/www/html/fog/status/getfiles.php:27\nStack trace:\n#0 {main}\n thrown in /var/www/html/fog/status/getfiles.php on line 27'maybe @0x41c could elaborate a little more what this is about.
sniff122
commented
1 year ago Yeah it's definitely a needed thing
Sebastian-Roth
commented
1 year ago @sniff122 Thanks for bringing this up and also thanks to @osiktech for digging up why this is failing.
I've had a look as well. Although the request should be authenticated it's not. This is caused by a special case in the databasemanager code ref which will cause the initialization of $currentUser to be skipped code ref.
@mastacontrola From what I can see this is the only place status/getfiles.php is being called. Though the caller function _getData() is used to retrieve names of Logfiles, Snapins and Images. Do you know if all those calls are authenticated (called by a logged in user) or otherwise called from one of the services?
0x41c
commented
1 year ago I get the idea why it was introduced because otherwise you would be able to enumarate files/directories in a path (e.g.) http://your-fog-server/fog/status/getfiles.php?path=%2Ftmp%2F will list the content of /tmp.
The real problem seems to be
!$currentUser->isValid()which results inGot error 'PHP message: PHP Fatal error: Uncaught Error: Call to a member function isValid() on null in /var/www/html/fog/status/getfiles.php:27\nStack trace:\n#0 {main}\n thrown in /var/www/html/fog/status/getfiles.php on line 27'maybe @0x41c could elaborate a little more what this is about.
I made a change in a #540 that deals with this exact thing. It's not a solution, but a workaround for this issue where it will instead return Unauthenticated until a resolve is met. I came across this issue and I think the solution would be to repurpose authentication to be more use agnostic. Currently authentication is only used for database and management access which is why when determining whether the user needs database access the global authenticity is invalidated (because it presumes there's no use for it).
I can make a PR soon that addresses this issue separately. From there I can re-submit #540 without the workaround
Sebastian-Roth
commented
1 year ago @sniff122 @osiktech Sorry for the delay. We've somehow lost track of this issue. I just pushed a fix to make snapin creation work again. Please update.
sniff122
commented
1 year ago No worries! I'll test it tomorrow
sniff122
commented
1 year ago Just tested and it appears to be working!
Sebastian-Roth
commented
1 year ago @sniff122 Thanks for testing. Closing as fixed.
When attempting to create a new snapin from the snapin management page, upon clicking the
Create New Snapinthe page is blank and in the dev console the server responds with a 500 error.To Reproduce
Create New Snapin/var/log/apache2/error.log:Expected behavior The create new snapin page is displayed, allowing you to create a new snapin
Screenshots See screen recording: https://user-images.githubusercontent.com/8513053/217208581-24e2c446-3b1c-4601-8502-ddcb023ab0b7.mp4
Software (please complete the following information):
1.5.9.239Ubuntu 22.04Additional context Fresh install of FOG with no changes to configuration. Latest pull from the dev branch