Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When retrieving database / table / column information, schema name is not always applied #2360

Closed
dbrummer opened this issue Jan 30, 2019 · 17 comments
Assignees
Labels
blocker Blocking release bug Undesired behaviour

Comments

@dbrummer
Copy link

Hello,
I just upgraded to 1.2.1 from 1.1.38 and ran into an interesting issue. When first attempting to login I receive the following error message:

Failed to alter password field length, can not continue as may corrupt password

After investigating the code I saw that it was die'ng at lib/database.php db_check_password_length(). I put in a few echo statements to investigate the length that was being returned and the value was always '50'. I tried recreating the 'admin' username in MySQL but it still was only '50'. I eventually pulled the INSERT statement for username 'admin' from a fresh install and it still died. I eventually just commented out line 1416 in lib/database.php and it allowed me to login and then requested my password be changed.

Is '80' the right length to be checking for because it seems to always die on my length '50' passwords.

Thanks.

@netniV
Copy link
Member

netniV commented Jan 30, 2019

Sounds more like the password field length isn't right in the DB on the user_auth table or you have a minimum length specified within your settings table.

@dbrummer
Copy link
Author

dbrummer commented Jan 31, 2019

Here's a look at the current user_auth schema:

MariaDB [cacti]> describe user_auth;
+------------------------+-----------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+------------------------+-----------------------+------+-----+---------+----------------+
| id | mediumint(8) unsigned | NO | PRI | NULL | auto_increment |
| username | varchar(50) | NO | MUL | 0 | |
| password | varchar(256) | NO | | | |

Do you know which setting value I should check for minimum length?

Thanks!

@netniV
Copy link
Member

netniV commented Jan 31, 2019

Try secpass_minlen

@cigamit
Copy link
Member

cigamit commented Feb 1, 2019

Any update? This sounds significant.

@dbrummer
Copy link
Author

dbrummer commented Feb 1, 2019

secpass_minlen is set to '8' and my password was 8 characters in length before being forced to change.

@cigamit
Copy link
Member

cigamit commented Feb 1, 2019

So, then is this issue resolved?

@dbrummer
Copy link
Author

dbrummer commented Feb 1, 2019

For me it's not - I have a workaround in place that comments out the 'die' in lib/database.php. If I remove my workaround I still receive the "Failed to alter password field length, can not continue as may corrupt password" error message.

@cigamit
Copy link
Member

cigamit commented Feb 1, 2019

Figured it out. 'password' is a reserved word now.

@cigamit
Copy link
Member

cigamit commented Feb 2, 2019

Take that back. Works fine.

@netniV
Copy link
Member

netniV commented Feb 2, 2019

As your cacti DB user, can you run the following?

SELECT COLUMN_NAME,CHARACTER_MAXIMUM_LENGTH FROM information_schema.columns WHERE table_name = 'user_auth' and column_name IN ('password');
+-------------+--------------------------+
| COLUMN_NAME | CHARACTER_MAXIMUM_LENGTH |
+-------------+--------------------------+
| password    |                     2048 |
+-------------+--------------------------+
1 row in set (0.00 sec)

@dbrummer
Copy link
Author

dbrummer commented Feb 4, 2019

MariaDB [cacti]> SELECT COLUMN_NAME,CHARACTER_MAXIMUM_LENGTH FROM information_schema.columns WHERE table_name = 'user_auth' and column_name IN ('password');
+-------------+--------------------------+
| COLUMN_NAME | CHARACTER_MAXIMUM_LENGTH |
+-------------+--------------------------+
| password | 256 |
| password | 50 |
| password | 50 |
+-------------+--------------------------+
3 rows in set (0.12 sec)

I think I see the problem there...

@netniV
Copy link
Member

netniV commented Feb 4, 2019

That can't be right... three columns called password???

@dbrummer
Copy link
Author

dbrummer commented Feb 4, 2019

Looks like the user_auth table is triplicated:

MariaDB [cacti]> SELECT COLUMN_NAME,CHARACTER_MAXIMUM_LENGTH FROM information_schema.columns WHERE table_name = 'user_auth';
+------------------------+--------------------------+
| COLUMN_NAME | CHARACTER_MAXIMUM_LENGTH |
+------------------------+--------------------------+
| id | NULL |
| username | 50 |
| password | 256 |
| realm | NULL |
| full_name | 100 |
| email_address | 128 |
| must_change_password | 2 |
| password_change | 2 |
| show_tree | 2 |
| show_list | 2 |
| show_preview | 2 |
| graph_settings | 2 |
| login_opts | NULL |
| policy_graphs | NULL |
| policy_trees | NULL |
| policy_hosts | NULL |
| policy_graph_templates | NULL |
| enabled | 2 |
| lastchange | NULL |
| lastlogin | NULL |
| password_history | 4096 |
| locked | 3 |
| failed_attempts | NULL |
| lastfail | NULL |
| reset_perms | NULL |
| id | NULL |
| username | 50 |
| password | 50 |
| realm | NULL |
| full_name | 100 |
| must_change_password | 2 |
| show_tree | 2 |
| show_list | 2 |
| show_preview | 2 |
| graph_settings | 2 |
| login_opts | NULL |
| policy_graphs | NULL |
| policy_trees | NULL |
| policy_hosts | NULL |
| policy_graph_templates | NULL |
| enabled | 2 |
| id | NULL |
| username | 50 |
| password | 50 |
| realm | NULL |
| full_name | 100 |
| must_change_password | 2 |
| show_tree | 2 |
| show_list | 2 |
| show_preview | 2 |
| graph_settings | 2 |
| login_opts | NULL |
| policy_graphs | NULL |
| policy_trees | NULL |
| policy_hosts | NULL |
| policy_graph_templates | NULL |
| enabled | 2 |
+------------------------+--------------------------+

Should I try blowing it out and recreating it?

@netniV
Copy link
Member

netniV commented Feb 5, 2019

Multiple databases?

@dbrummer
Copy link
Author

dbrummer commented Feb 5, 2019

I did have a few old backed up cacti databases. After dropping them and re-running the query it appears correct:

MariaDB [(none)]> SELECT COLUMN_NAME,CHARACTER_MAXIMUM_LENGTH FROM information_schema.columns WHERE table_name = 'user_auth' and column_name IN ('password');
+-------------+--------------------------+
| COLUMN_NAME | CHARACTER_MAXIMUM_LENGTH |
+-------------+--------------------------+
| password | 256 |
+-------------+--------------------------+
1 row in set (0.00 sec)

@netniV
Copy link
Member

netniV commented Feb 5, 2019

I wonder if the code is including the schema name... maybe it isn't and that would be why you had the issue. Let me check...

@netniV netniV changed the title After upgrade to 1.2.1 (from 1.1.38) db_check_password_length() errors When retrieving database / table / column information, schema name is not always applied Feb 6, 2019
@cigamit cigamit added bug Undesired behaviour blocker Blocking release labels Feb 8, 2019
netniV added a commit that referenced this issue Feb 8, 2019
When retrieving database / table / column information, schema name is not always applied.
@netniV netniV closed this as completed Feb 8, 2019
@dbrummer
Copy link
Author

dbrummer commented Feb 8, 2019

You guys rock, thanks!

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 30, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
blocker Blocking release bug Undesired behaviour
Projects
None yet
Development

No branches or pull requests

3 participants