Navigation Menu

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authentication can fail when using Web Basic Authentication and Template User #3551

Closed
TheWitness opened this issue May 11, 2020 · 4 comments
Labels
bug Undesired behaviour resolved A fixed issue
Milestone

Comments

@TheWitness
Copy link
Member

TheWitness commented May 11, 2020

Describe the bug

There are two issues related to basic authentication in Cacti 1.2.12. They are:

  • Create user from Template is not function. You get an undefined function call in auth_login.php
  • For some Single Signon environments, in conjunction with Basic Authentication like OpenIDT or SAML2, the redirect portion of the single sign on does not properly function if the redirect from the SSL provider goes to index.php.

To Reproduce

Steps to reproduce the behavior:

  1. Enable OpenIDT on Apache

  2. Point your OpenIDT configuration to Azure

  3. Enable Web Basic

  4. Setup a Template Account

  5. Attempt to have a new user sign in who will not have console access.

  6. Note that the redirect from the Auth provider does not follow Cacti rules, and instead the user receives a permission denied message.

Expected behavior

Permissions and default redirect should work as expected.

@TheWitness TheWitness added bug Undesired behaviour unverified Some days we don't have a clue labels May 11, 2020
@TheWitness
Copy link
Member Author

The first part of this was a regression from a user contribution. The second is a new bug observed putting Cacti into practice with the OpenIDT Apache Module.

@TheWitness TheWitness added this to the 1.2.13 milestone May 11, 2020
TheWitness added a commit that referenced this issue May 11, 2020
Web Basic Authentication and Template User broken in 1.2.12
@TheWitness TheWitness added resolved A fixed issue and removed unverified Some days we don't have a clue labels May 11, 2020
@ddb4github
Copy link
Contributor

2020/05/15 11:33:58 - CMDPHP PHP ERROR NOTICE Backtrace: (/index.php[25]:unknown(), /include/auth.php[169]:unknown(), /auth_login.php[372]:auth_login_redirect(), /lib/auth.php[2753]:CactiErrorHandler())
2020/05/15 11:33:58 - ERROR PHP NOTICE: Undefined variable: newtheme in file: /opt/IBM/cacti/lib/auth.php on line: 2753

--- cacti/auth_login.php   2020-05-12 18:56:08.000000000 +0800
+++ cacti/auth_login.php   2020-05-15 12:43:45.208648441 +0800
@@ -359,12 +359,6 @@
                        }
                }

-               $newtheme = false;
-               if (user_setting_exists('selected_theme', $_SESSION['sess_user_id']) && read_config_option('selected_theme') != read_user_setting('selected_theme')) {
-                       unset($_SESSION['selected_theme']);
-                       $newtheme = true;
-               }
-
                if (user_setting_exists('user_language', $_SESSION['sess_user_id'])) {
                        $_SESSION['sess_user_language'] = read_user_setting('user_language');
                }


diff -ruEbwB cacti/lib/auth.php cacti/lib/auth.php
--- cacti/lib/auth.php     2020-05-12 18:56:08.000000000 +0800
+++ cacti/lib/auth.php     2020-05-15 12:38:16.228015758 +0800
@@ -2715,6 +2715,12 @@
 function auth_login_redirect($login_opts = '') {
        global $config;

+       $newtheme = false;
+       if (user_setting_exists('selected_theme', $_SESSION['sess_user_id']) && read_config_option('selected_theme') != read_user_setting('selected_theme')) {
+               unset($_SESSION['selected_theme']);
+               $newtheme = true;
+       }
+
        if ($login_opts == '') {
                $login_opts = db_fetch_cell_prepared('SELECT login_opts
                        FROM user_auth

netniV added a commit that referenced this issue May 19, 2020
@netniV
Copy link
Member

netniV commented May 19, 2020

Does my fix work for you @ddb4github ?

@ddb4github
Copy link
Contributor

Does my fix work for you @ddb4github ?

Yes, workable

@netniV netniV changed the title Web Basic Authentication and Template User broken in 1.2.12 Authentication can fail when using Web Basic Authentication and Template User Jul 12, 2020
@github-actions github-actions bot locked and limited conversation to collaborators Oct 11, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Undesired behaviour resolved A fixed issue
Projects
None yet
Development

No branches or pull requests

3 participants