search

nilsteampassnet / TeamPass

Collaborative Passwords Manager
https://www.teampass.net
1.67k stars 545 forks source link

Cannot login with any user in AD after upgrade to 3.0.0.7 #3689

Open calebgcooper opened 1 year ago

calebgcooper commented 1 year ago

Steps to reproduce

  1. Issue started after upgrade from 2.1.27.x to 3.0.0.7 - No LDAP users can log in.
  2. Reconfigure LDAP after upgrade
  3. Test and validate LDAP config successfully
  4. Configure a local user and confirm login is successful
  5. LDAP Synchronization shows user list as expected
  6. Switch user to be LDAP integrated
  7. Attempt login with that user

Expected behaviour

Users should have been authenticated

Actual behaviour

Browser shows 500 error from identify.php

Logs show php fatal error:

[27-Apr-2023 19:59:16] WARNING: [pool www] child 53 said into stderr: "NOTICE: PHP message: PHP Fatal error:  Uncaught TypeError: Carbon\Carbon::setLastErrors(): Argument #1 ($lastErrors) must be of type array, bool given, called in /var/www/html/includes/libraries/Carbon/Traits/Creator.php on line 96 and defined in /var/www/html/includes/libraries/Carbon/Traits/Creator.php:894"
[27-Apr-2023 19:59:16] WARNING: [pool www] child 53 said into stderr: "Stack trace:"
[27-Apr-2023 19:59:16] WARNING: [pool www] child 53 said into stderr: "#0 /var/www/html/includes/libraries/Carbon/Traits/Creator.php(96): Carbon\Carbon::setLastErrors(false)"
[27-Apr-2023 19:59:16] WARNING: [pool www] child 53 said into stderr: "#1 /var/www/html/includes/libraries/Carbon/Traits/Creator.php(250): Carbon\Carbon->__construct(NULL, NULL)"
[27-Apr-2023 19:59:16] WARNING: [pool www] child 53 said into stderr: "#2 /var/www/html/includes/libraries/LdapRecord/Connection.php(495): Carbon\Carbon::now()"
[27-Apr-2023 19:59:16] WARNING: [pool www] child 53 said into stderr: "#3 /var/www/html/includes/libraries/LdapRecord/Connection.php(268): LdapRecord\Connection->retryOnNextHost(Object(LdapRecord\Auth\BindException), Object(Closure))"
[27-Apr-2023 19:59:16] WARNING: [pool www] child 53 said into stderr: "#4 /var/www/html/sources/identify.php(1194): LdapRecord\Connection->connect()"
[27-Apr-2023 19:59:16] WARNING: [pool www] child 53 said into stderr: "#5 /var/www/html/sources/identify.php(2417): authenticateThroughAD('caleb_cooper', Array, 'REMOVED', Array)"
[27-Apr-2023 19:59:16] WARNING: [pool www] child 53 said into stderr: "#6 /var/www/html/sources/identify.php(310): ide..."
172.18.0.2 - - [27/Apr/2023:19:59:32 +0000] "POST /sources/identify.php HTTP/1.1" 200 993 "https://passwords.cwd.supportlabs.dell/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36"
172.18.0.2 - - [27/Apr/2023:19:59:32 +0000] "POST /sources/checks.php HTTP/1.1" 200 25 "https://passwords.cwd.supportlabs.dell/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36"
172.18.0.2 - - [27/Apr/2023:19:59:33 +0000] "POST /sources/identify.php HTTP/1.1" 200 1160 "https://passwords.cwd.supportlabs.dell/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36"
2023-04-27 20:00:01,209 INFO reaped unknown pid 61 (exit status 0)
2023-04-27 20:00:01,209 INFO reaped unknown pid 63 (exit status 0)
2023-04-27 20:00:02,213 INFO reaped unknown pid 65 (exit status 0)
2023-04-27 20:00:21,240 INFO reaped unknown pid 69 (exit status 0)
2023-04-27 20:00:21,240 INFO reaped unknown pid 71 (exit status 0)
2023-04-27 20:00:22,242 INFO reaped unknown pid 73 (exit status 0)

Server configuration

Operating system: Linux 02e3f251b1a6 4.18.0-348.20.1.el8_5.x86_64 #1 SMP Thu Mar 10 20:59:28 UTC 2022 x86_64

Web server: nginx/1.22.1

Database: 10.11.2-MariaDB-1:10.11.2+maria~ubu2204

PHP version: 8.2.5

Teampass version: 3.0.7

Teampass configuration file:

'max_latest_items' => '10',
'enable_favourites' => '1',
'show_last_items' => '1',
'enable_pf_feature' => '0',
'log_connections' => '0',
'log_accessed' => '1',
'time_format' => 'H:i:s',
'date_format' => 'd/m/Y',
'duplicate_folder' => '1',
'item_duplicate_in_same_folder' => '1',
'duplicate_item' => '1',
'number_of_used_pw' => '3',
'manager_edit' => '1',
'cpassman_dir' => '/var/www/html',
'cpassman_url' => 'https://<anonym_url>
'favicon' => 'https://<anonym_url>/favicon.ico',
'path_to_upload_folder' => '/var/www/html/upload',
'url_to_upload_folder' => 'https://<anonym_url>/upload',
'path_to_files_folder' => '/var/www/html/files',
'url_to_files_folder' => 'https://<anonym_url>/files',
'activate_expiration' => '0',
'pw_life_duration' => '0',
'maintenance_mode' => '0',
'enable_sts' => '1',
'encryptClientServer' => '1',
'teampass_version' => '3.0.7',
'ldap_mode' => '1',
'ldap_type' => 'ActiveDirectory',
'ldap_suffix' => '@supportlabs.dell',
'ldap_domain_dn' => 'DC=SUPPORTLABS,DC=DELL',
'ldap_domain_controler' => 'dc2.supportlabs.dell',
'ldap_user_attribute' => 'samaccountname',
'ldap_ssl' => '1',
'ldap_tls' => '1',
'ldap_search_base' => '0',
'ldap_port' => '636',
'richtext' => '0',
'allow_print' => '1',
'roles_allowed_to_print' => '["["["["1","5"]"]"]"]',
'show_description' => '1',
'anyone_can_modify' => '0',
'anyone_can_modify_bydefault' => '0',
'nb_bad_authentication' => '0',
'utf8_enabled' => '1',
'restricted_to' => '0',
'restricted_to_roles' => '0',
'enable_send_email_on_user_login' => '0',
'enable_user_can_create_folders' => '0',
'insert_manual_entry_item_history' => '0',
'enable_kb' => '0',
'enable_email_notification_on_item_shown' => '0',
'enable_email_notification_on_user_pw_change' => '0',
'custom_logo' => '',
'custom_login_text' => 'Username (supportlabs.dell)',
'default_language' => 'english',
'send_stats' => '0',
'send_statistics_items' => 'stat_country;stat_users;stat_items;stat_items_shared;stat_folders;stat_folders_shared;stat_admins;stat_managers;stat_ro;stat_mysqlversion;stat_phpversion;stat_teampassversion;stat_languages;stat_kb;stat_suggestion;stat_customfields;stat_api;stat_2fa;stat_agses;stat_duo;stat_ldap;stat_syslog;stat_stricthttps;stat_fav;stat_pf;',
'send_stats_time' => '1586863107',
'get_tp_info' => '1',
'send_mail_on_user_login' => '0',
'nb_items_by_query' => 'auto',
'enable_delete_after_consultation' => '0',
'enable_personal_saltkey_cookie' => '0',
'personal_saltkey_cookie_duration' => '31',
'email_smtp_server' => '<removed>'
'email_smtp_auth' => '',
'email_auth_username' => '<removed>'
'email_auth_pwd' => '<removed>'
'email_port' => '25',
'email_security' => '',
'email_server_url' => '',
'email_from' => '<removed>'
'email_from' => '<removed>'
'pwd_maximum_length' => '73',
'google_authentication' => '0',
'delay_item_edition' => '0',
'allow_import' => '1',
'proxy_ip' => '<removed>'
'proxy_port' => '',
'upload_maxfilesize' => '10mb',
'upload_docext' => 'doc,docx,dotx,xls,xlsx,xltx,rtf,csv,txt,pdf,ppt,pptx,pot,dotx,xltx',
'upload_imagesext' => 'jpg,jpeg,gif,png',
'upload_pkgext' => '7z,rar,tar,zip',
'upload_otherext' => 'sql,xml',
'upload_imageresize_options' => '1',
'upload_imageresize_width' => '800',
'upload_imageresize_height' => '600',
'upload_imageresize_quality' => '90',
'use_md5_password_as_salt' => '0',
'ga_website_name' => 'TeamPass for ChangeMe',
'api' => '0',
'subfolder_rights_as_parent' => '0',
'show_only_accessible_folders' => '0',
'enable_suggestion' => '0',
'otv_expiration_period' => '7',
'default_session_expiration_time' => '240',
'duo' => '0',
'enable_server_password_change' => '0',
'ldap_object_class' => '0',
'bck_script_path' => '/var/www/html/backups',
'bck_script_filename' => 'bck_teampass',
'syslog_enable' => '0',
'syslog_host' => '<removed>'
'syslog_port' => '514',
'manager_move_item' => '0',
'create_item_without_password' => '0',
'otv_is_enabled' => '0',
'agses_authentication_enabled' => '0',
'item_extra_fields' => '0',
'saltkey_ante_2127' => 'none',
'migration_to_2127' => 'done',
'files_with_defuse' => 'done',
'timezone' => 'UTC',
'enable_attachment_encryption' => '1',
'personal_saltkey_security_level' => '50',
'ldap_new_user_is_administrated_by' => '0',
'disable_show_forgot_pwd_link' => '1',
'offline_key_level' => '0',
'enable_http_request_login' => '0',
'ldap_and_local_authentication' => '1',
'secure_display_image' => '1',
'upload_zero_byte_file' => '0',
'upload_all_extensions_file' => '0',
'bck_script_passkey' => '<removed>'
'admin_2fa_required' => '1',
'ldap_allowed_usergroup' => '',
'password_overview_delay' => '4',
'roles_allowed_to_print_select' => '',
'clipboard_life_duration' => '30',
'mfa_for_roles' => '',
'tree_counters' => '0',
'settings_offline_mode' => '0',
'settings_tree_counters' => '0',
'copy_to_clipboard_small_icons' => '1',
'enable_massive_move_delete' => '0',
'email_debug_level' => '0',
'ga_reset_by_user' => '',
'onthefly-backup-key' => '<removed>'
'onthefly-restore-key' => '<removed>'
'ldap_user_dn_attribute' => 'distinguishedname',
'ldap_dn_additional_user_dn' => '',
'ldap_user_object_filter' => '',
'ldap_bdn' => 'CN=Users,DC=supportlabs,DC=dell',
'ldap_hosts' => '<removed>'
'ldap_password' => '<removed>'
'ldap_username' => 'CN=phpipam service,CN=Users,DC=supportlabs,DC=dell',
'api_token_duration' => '60',
'enable_tasks_manager' => '1',
'task_maximum_run_time' => '300',
'maximum_number_of_items_to_treat' => '300',
'tasks_manager_refreshing_period' => '100',
'ldap_tls_certifacte_check' => 'LDAP_OPT_X_TLS_NEVER',
'enable_tasks_log' => '1',
'enable_ad_users_with_ad_groups' => '0',
'enable_ad_user_auto_creation' => '0',
'ldap_group_object_filter' => '',
'ldap_guid_attibute' => 'objectguid',
'sending_emails_job_frequency' => '2',
'user_keys_job_frequency' => '1',
'items_statistics_job_frequency' => '5',
'upgrade_timestamp' => '1682366252',
'duo_ikey' => '<removed>'

Client configuration

Tried Edge and Firefox.

Windows 10 - 21H2

Logs

Web server error log

[27-Apr-2023 19:59:16] WARNING: [pool www] child 53 said into stderr: "NOTICE: PHP message: PHP Fatal error:  Uncaught TypeError: Carbon\Carbon::setLastErrors(): Argument #1 ($lastErrors) must be of type array, bool given, called in /var/www/html/includes/libraries/Carbon/Traits/Creator.php on line 96 and defined in /var/www/html/includes/libraries/Carbon/Traits/Creator.php:894"
[27-Apr-2023 19:59:16] WARNING: [pool www] child 53 said into stderr: "Stack trace:"
[27-Apr-2023 19:59:16] WARNING: [pool www] child 53 said into stderr: "#0 /var/www/html/includes/libraries/Carbon/Traits/Creator.php(96): Carbon\Carbon::setLastErrors(false)"
[27-Apr-2023 19:59:16] WARNING: [pool www] child 53 said into stderr: "#1 /var/www/html/includes/libraries/Carbon/Traits/Creator.php(250): Carbon\Carbon->__construct(NULL, NULL)"
[27-Apr-2023 19:59:16] WARNING: [pool www] child 53 said into stderr: "#2 /var/www/html/includes/libraries/LdapRecord/Connection.php(495): Carbon\Carbon::now()"
[27-Apr-2023 19:59:16] WARNING: [pool www] child 53 said into stderr: "#3 /var/www/html/includes/libraries/LdapRecord/Connection.php(268): LdapRecord\Connection->retryOnNextHost(Object(LdapRecord\Auth\BindException), Object(Closure))"
[27-Apr-2023 19:59:16] WARNING: [pool www] child 53 said into stderr: "#4 /var/www/html/sources/identify.php(1194): LdapRecord\Connection->connect()"
[27-Apr-2023 19:59:16] WARNING: [pool www] child 53 said into stderr: "#5 /var/www/html/sources/identify.php(2417): authenticateThroughAD('caleb_cooper', Array, 'REMOVED', Array)"
[27-Apr-2023 19:59:16] WARNING: [pool www] child 53 said into stderr: "#6 /var/www/html/sources/identify.php(310): ide..."
172.18.0.2 - - [27/Apr/2023:19:59:32 +0000] "POST /sources/identify.php HTTP/1.1" 200 993 "https://passwords.cwd.supportlabs.dell/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36"
172.18.0.2 - - [27/Apr/2023:19:59:32 +0000] "POST /sources/checks.php HTTP/1.1" 200 25 "https://passwords.cwd.supportlabs.dell/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36"
172.18.0.2 - - [27/Apr/2023:19:59:33 +0000] "POST /sources/identify.php HTTP/1.1" 200 1160 "https://passwords.cwd.supportlabs.dell/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36"
2023-04-27 20:00:01,209 INFO reaped unknown pid 61 (exit status 0)
2023-04-27 20:00:01,209 INFO reaped unknown pid 63 (exit status 0)
2023-04-27 20:00:02,213 INFO reaped unknown pid 65 (exit status 0)
2023-04-27 20:00:21,240 INFO reaped unknown pid 69 (exit status 0)
2023-04-27 20:00:21,240 INFO reaped unknown pid 71 (exit status 0)
2023-04-27 20:00:22,242 INFO reaped unknown pid 73 (exit status 0)

Log from the web-browser developer console (CTRL + SHIFT + i)

(index):1663 Loading settings result:
(index):1664 {enable_favourites: '1', enable_pf_feature: '0', ldap_user_attribute: 'samaccountname', google_authentication: '0', duo: '0', …}
(index):2544 Get 2FA Methods answer:
(index):2545 {agses: false, google: false, yubico: false, duo: false}
(index):2609 Data submitted to identifyUser:
(index):2610 {login: 'caleb_cooper', pw: 'REMOVED', duree_session: '240', screenHeight: 594.969, randomstring: 'JNWkVb9MCT', …}
(index):2632 Session existance check:
(index):2633 {status: true}
jquery.min.js:2     POST https://passwords.cwd.supportlabs.dell/sources/identify.php 500
send @ jquery.min.js:2
ajax @ jquery.min.js:2
S.<computed> @ jquery.min.js:2
(anonymous) @ (index):2637
c @ jquery.min.js:2
fireWith @ jquery.min.js:2
l @ jquery.min.js:2
(anonymous) @ jquery.min.js:2
load (async)
send @ jquery.min.js:2
ajax @ jquery.min.js:2
S.<computed> @ jquery.min.js:2
identifyUser @ (index):2622
(anonymous) @ (index):2613
c @ jquery.min.js:2
fireWith @ jquery.min.js:2
l @ jquery.min.js:2
(anonymous) @ jquery.min.js:2
load (async)
send @ jquery.min.js:2
ajax @ jquery.min.js:2
S.<computed> @ jquery.min.js:2
launchIdentify @ (index):2497
(anonymous) @ (index):2090
dispatch @ jquery.min.js:2
v.handle @ jquery.min.js:2
(index):2544 Get 2FA Methods answer:
(index):2545 {agses: false, google: false, yubico: false, duo: false}
(index):2609 Data submitted to identifyUser:
(index):2610 {login: 'joe_soap', pw: 'REMOVED', duree_session: '240', screenHeight: 594.969, randomstring: 'Po1zxoNNu2', …}
(index):2632 Session existance check:
(index):2633 {status: true}
(index):2668 Identification answer:
(index):2669 SESSION KEY is: d2eF3EZNedkTQ6vBsjHwea4u3gq6m4XBpp99gh3ULwrG9hHQvx
(index):2670 {value: 'bruteforce_wait', user_admin: 0, initial_url: '', pwd_attempts: 4, error: true, …}
calebgcooper commented 1 year ago

searching for a bit brought me to: https://stackoverflow.com/questions/74749564/laravel-carbon-carbonsetlasterrors

Looks like a similar failure between versions 2.58 and 2.62 of carbon

xavierlaviolette commented 1 year ago

Hi ,i have the same issue :(