search

FreeTAKTeam / FreeTAKServer-Docker

Official Docker Image for FreeTAKServer
Eclipse Public License 2.0
42 stars 26 forks source link

FTS Working with certs exception #30

Open acastval opened 2 years ago

acastval commented 2 years ago

Hi, I run docker with standard config, all works well up to new user with certs should be created. After submit action the FTS doesn’t update any user. On the other hand I can create admin user without it. 1.7.5 version.

Any help could be useful, thanks in advance.

sajith0481 commented 2 years ago

Same issue for me too

lonewaffle commented 1 year ago

This issue was first reported approaching a year ago, and it's pretty difficult to use any of this if you can't even create new users, so I'm starting to suspect this project is dead.

Anyway, this is what you find in the /data/logs/supervisor/FTS_stdout.log when trying to create a user with certs:

/usr/local/lib/python3.8/dist-packages/urllib3/connectionpool.py:1013: InsecureRequestWarning: Unverified HTTPS request is being made to host '172.17.0.4'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  warnings.warn(
Exception in thread Thread-33:
Traceback (most recent call last):
  File "/usr/lib/python3.8/threading.py", line 932, in _bootstrap_inner
    self.run()
  File "/usr/lib/python3.8/threading.py", line 870, in run
    self._target(*self._args, **self._kwargs)
  File "/usr/local/lib/python3.8/dist-packages/socketio/server.py", line 682, in _handle_event_internal
    r = server._trigger_event(data[0], namespace, sid, *data[1:])
  File "/usr/local/lib/python3.8/dist-packages/socketio/server.py", line 711, in _trigger_event
    return self.handlers[namespace][event](*args)
  File "/usr/local/lib/python3.8/dist-packages/flask_socketio/__init__.py", line 282, in _handler
    return self._handle_event(handler, message, namespace, sid,
  File "/usr/local/lib/python3.8/dist-packages/flask_socketio/__init__.py", line 713, in _handle_event
    ret = handler(*args)
  File "/usr/local/lib/python3.8/dist-packages/FreeTAKServer/controllers/services/RestAPI.py", line 92, in wrapper
    x(*args, **kwargs)
  File "/usr/local/lib/python3.8/dist-packages/FreeTAKServer/controllers/services/RestAPI.py", line 275, in addSystemUser
    certificate_generation.AtakOfTheCerts().bake(cn=systemuser["Name"])
  File "/usr/local/lib/python3.8/dist-packages/FreeTAKServer/controllers/certificate_generation.py", line 247, in bake
    self._generate_key(keypath)
  File "/usr/local/lib/python3.8/dist-packages/FreeTAKServer/controllers/certificate_generation.py", line 194, in _generate_key
    f = open(keypath, "wb")
PermissionError: [Errno 13] Permission denied: './test.key'

Since it's a permission issue, I'm guessing it's something to do with the fts user. Using pwdx, I can see that the FTS using / as the working directory, which the fts user doesn't have write access to. I changed the FTS processes to run as root by commenting out the user=fts line in /etc/supervisor/conf.d/supervisord.conf (I see in the repo, it's changed to "user=root" but that's not what's in the latest release [1.7.5] on dockerhub). Changing it to root allows it to create the certs (I see them at /) but then I get the following:

Exception in thread Thread-35:
Traceback (most recent call last):
  File "/usr/lib/python3.8/threading.py", line 932, in _bootstrap_inner
    self.run()
  File "/usr/lib/python3.8/threading.py", line 870, in run
    self._target(*self._args, **self._kwargs)
  File "/usr/local/lib/python3.8/dist-packages/socketio/server.py", line 682, in _handle_event_internal
    r = server._trigger_event(data[0], namespace, sid, *data[1:])
  File "/usr/local/lib/python3.8/dist-packages/socketio/server.py", line 711, in _trigger_event
    return self.handlers[namespace][event](*args)
  File "/usr/local/lib/python3.8/dist-packages/flask_socketio/__init__.py", line 282, in _handler
    return self._handle_event(handler, message, namespace, sid,
  File "/usr/local/lib/python3.8/dist-packages/flask_socketio/__init__.py", line 713, in _handle_event
    ret = handler(*args)
  File "/usr/local/lib/python3.8/dist-packages/FreeTAKServer/controllers/services/RestAPI.py", line 92, in wrapper
    x(*args, **kwargs)
  File "/usr/local/lib/python3.8/dist-packages/FreeTAKServer/controllers/services/RestAPI.py", line 276, in addSystemUser
    certificate_generation.generate_zip(user_filename=systemuser["Name"] + '.p12')
  File "/usr/local/lib/python3.8/dist-packages/FreeTAKServer/controllers/certificate_generation.py", line 120, in generate_zip
    zipp = zipfile.ZipFile(str(pathlib.PurePath(pathlib.Path(MainConfig.clientPackages), pathlib.Path(f"{username}.zip"))), 'w', zipfile.ZIP_DEFLATED)
  File "/usr/lib/python3.8/zipfile.py", line 1251, in __init__
    self.fp = io.open(file, filemode)
FileNotFoundError: [Errno 2] No such file or directory: '/data/certs/ClientPackages/test.zip'

This is because this directory doesn't exist. I manually created the directory ClientPackages above and, what do you know, it works.