Feature #3151

error 403 for the USER panel of Nethgui

Added by stephane de Labrusse over 4 years ago. Updated over 3 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:-
Target version:~FUTURE
Resolution:REJECTED NEEDINFO:No

Description

I tried to connect a fresh user to the user panel of nethgui and i have had an 403 error with some log noise.

the url is : https://192.168.12.195:980/en/User
and the output is :
Nethgui:

403 - Forbidden
1327681977+1327499272

now I found some logs

FYI i have just created the user 'toto' set a password and tried to connect

[root@nethserver-dev ~]# db accounts show toto 
toto=user
    City=
    Company=
    Department=
    FirstName=toto
    LastName=de labrusse
    PhoneNumber=
    Street=
    Uid=5000
    __state=active

now log

/var/log/secure

Apr  8 15:39:23 nethserver-dev sudo:   srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/sbin/e-smith/db accounts setprop toto FirstName toto LastName de labrusse Company  Department  Street  City  PhoneNumber 
Apr  8 15:39:23 nethserver-dev sudo:   srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/sbin/e-smith/signal-event user-create toto
Apr  8 15:39:28 nethserver-dev sudo:   srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/password-expiration
Apr  8 15:39:59 nethserver-dev sudo:   srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/password-expiration
Apr  8 15:39:59 nethserver-dev sudo:   srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/sbin/e-smith/validate password-strength Users Helene1975!soph,14
Apr  8 15:40:00 nethserver-dev sudo:   srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/sbin/e-smith/signal-event password-modify toto /tmp/ng-wLnD1g
Apr  8 15:40:00 nethserver-dev passwd: pam_unix(passwd:chauthtok): user "toto" does not exist in /etc/passwd
Apr  8 15:40:00 nethserver-dev passwd: pam_unix(passwd:chauthtok): user "toto" does not exist in /etc/passwd
Apr  8 15:40:15 nethserver-dev sudo:   srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/sbin/e-smith/pam-authenticate-pw
Apr  8 15:40:15 nethserver-dev unix_chkpwd[3087]: password check failed for user (toto)
Apr  8 15:40:15 nethserver-dev perl: pam_unix(system-auth:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=toto
Apr  8 15:40:16 nethserver-dev sudo:   srvmgr : TTY=unknown ; PWD=/usr/share/nethesis/nethserver-manager ; USER=root ; COMMAND=/usr/libexec/nethserver/password-expiration

/var/log/message

Apr  8 15:39:23 nethserver-dev esmith::event[3040]: Event: user-create toto
Apr  8 15:39:23 nethserver-dev esmith::event[3040]: Use of uninitialized value in numeric gt (>) at /usr/share/perl5/vendor_perl/Authen/SASL/Perl.pm line 130.
Apr  8 15:39:23 nethserver-dev /etc/e-smith/events/user-create/S04user-create-unix[3041]: /var/lib/nethserver/db/configuration: OLD MinUid=5000
Apr  8 15:39:23 nethserver-dev /etc/e-smith/events/user-create/S04user-create-unix[3041]: /var/lib/nethserver/db/configuration: NEW MinUid=5001
Apr  8 15:39:23 nethserver-dev /etc/e-smith/events/user-create/S04user-create-unix[3041]: /var/lib/nethserver/db/accounts: OLD toto=user|City||Company||Department||FirstName|toto|LastName|de labrusse|PhoneNumber||Street|
Apr  8 15:39:23 nethserver-dev /etc/e-smith/events/user-create/S04user-create-unix[3041]: /var/lib/nethserver/db/accounts: NEW toto=user|City||Company||Department||FirstName|toto|LastName|de labrusse|PhoneNumber||Street||Uid|5000
Apr  8 15:39:24 nethserver-dev /etc/e-smith/events/user-create/S04user-create-unix[3041]: /var/lib/nethserver/db/accounts: OLD toto=user|City||Company||Department||FirstName|toto|LastName|de labrusse|PhoneNumber||Street||Uid|5000
Apr  8 15:39:24 nethserver-dev /etc/e-smith/events/user-create/S04user-create-unix[3041]: /var/lib/nethserver/db/accounts: NEW toto=user|City||Company||Department||FirstName|toto|LastName|de labrusse|PhoneNumber||Street||Uid|5000|__state|new
Apr  8 15:39:24 nethserver-dev esmith::event[3040]: Action: /etc/e-smith/events/user-create/S04user-create-unix SUCCESS [0.889787]
Apr  8 15:39:24 nethserver-dev esmith::event[3040]: Use of uninitialized value in numeric gt (>) at /usr/share/perl5/vendor_perl/Authen/SASL/Perl.pm line 130.
Apr  8 15:39:24 nethserver-dev esmith::event[3040]: Action: /etc/e-smith/events/user-create/S20nethserver-directory-organization-modify SUCCESS [0.138785]
Apr  8 15:39:24 nethserver-dev esmith::event[3040]: Action: /etc/e-smith/events/user-create/S25count-active-user-accounts SUCCESS [0.064452]
Apr  8 15:39:24 nethserver-dev esmith::event[3040]: Action: /etc/e-smith/events/user-create/S25nethserver-directory-user-modify SUCCESS [0.23281]
Apr  8 15:39:24 nethserver-dev esmith::event[3040]: Action: /etc/e-smith/events/user-create/S40nethserver-directory-password-policy SUCCESS [0.159251]
Apr  8 15:39:25 nethserver-dev esmith::event[3040]: Action: /etc/e-smith/events/user-create/S85user-group-modify SUCCESS [0.119673]
Apr  8 15:39:25 nethserver-dev esmith::event[3040]: Event: user-create SUCCESS
Apr  8 15:39:59 nethserver-dev httpd-admin: [NOTICE] NethServer\Tool\ChangePassword: root is changing password to SomeoneElse (toto). Members of the adm group have no restriction (score = 1.00)
Apr  8 15:40:00 nethserver-dev esmith::event[3070]: Event: password-modify toto /tmp/ng-wLnD1g
Apr  8 15:40:00 nethserver-dev esmith::event[3070]: Changing password for user toto.
Apr  8 15:40:00 nethserver-dev esmith::event[3070]: passwd: all authentication tokens updated successfully.
Apr  8 15:40:00 nethserver-dev esmith::event[3070]: Action: /etc/e-smith/events/password-modify/S25password-set SUCCESS [0.514675]
Apr  8 15:40:01 nethserver-dev /sbin/e-smith/db[3076]: /var/lib/nethserver/db/accounts: OLD toto=user|City||Company||Department||FirstName|toto|LastName|de labrusse|PhoneNumber||Street||Uid|5000|__state|new
Apr  8 15:40:01 nethserver-dev /sbin/e-smith/db[3076]: /var/lib/nethserver/db/accounts: NEW toto=user|City||Company||Department||FirstName|toto|LastName|de labrusse|PhoneNumber||Street||Uid|5000|__state|active
Apr  8 15:40:01 nethserver-dev esmith::event[3070]: Action: /etc/e-smith/events/password-modify/S40user-activate SUCCESS [0.060966]
Apr  8 15:40:01 nethserver-dev /etc/e-smith/events/password-modify/S80count-active-user-accounts[3077]: /var/lib/nethserver/db/configuration: OLD ActiveAccounts=0
Apr  8 15:40:01 nethserver-dev /etc/e-smith/events/password-modify/S80count-active-user-accounts[3077]: /var/lib/nethserver/db/configuration: NEW ActiveAccounts=1
Apr  8 15:40:01 nethserver-dev esmith::event[3070]: Action: /etc/e-smith/events/password-modify/S80count-active-user-accounts SUCCESS [0.05882]
Apr  8 15:40:02 nethserver-dev esmith::event[3070]: Action: /etc/e-smith/events/password-modify/S90password-cleanup SUCCESS [1.001873]
Apr  8 15:40:02 nethserver-dev esmith::event[3070]: Event: password-modify SUCCESS
Apr  8 15:40:04 nethserver-dev httpd-admin: [NOTICE] Nethgui\Module\Logout: user root logged out
Apr  8 15:40:16 nethserver-dev httpd-admin: [NOTICE] Nethgui\Authorization\User: user `toto` authenticated
Apr  8 15:40:16 nethserver-dev httpd-admin: [ERROR] Nethgui\Framework: [1327499272] rule#1327570195: Deny access to everyone on everything (score = 0.00) :: AppliedTo :: subject `toto` resource `NethServer\Module\User:User` action `QUERY`
May  7 09:02:05 nethserver-dev ntpd[1068]: 0.0.0.0 c612 02 freq_set kernel 2715137066.615 PPM
May  7 09:02:05 nethserver-dev ntpd[1068]: 0.0.0.0 c61c 0c clock_step +2481635.278886 s
May  7 09:02:06 nethserver-dev ntpd[1068]: 0.0.0.0 c618 08 no_sys_peer

/var/log/httpd-admin/error_log

[Wed Apr 08 15:34:16 2015] [error] [client 192.168.12.25] [ERROR] Nethgui\\Framework: [1327492764] rule#1327570195: Deny access to everyone on everything (score = 0.00) :: AppliedTo :: subject `Anonymous` resource `NethServer\\Module\\Dashboard` action `INSTANTIATE`, referer: https://192.168.12.190:980/en/Dashboard
[Wed Apr 08 15:34:16 2015] [error] [client 192.168.12.25] [ERROR] Nethgui\\Framework: [1327492764] rule#1327570195: Deny access to everyone on everything (score = 0.00) :: AppliedTo :: subject `Anonymous` resource `NethServer\\Module\\AdminTodo` action `INSTANTIATE`, referer: https://192.168.12.190:980/en/Dashboard
[Wed Apr 08 15:36:11 2015] [error] [client 192.168.12.25] File does not exist: /usr/share/nethesis/nethserver-manager/images/favicon.ico
[Wed Apr 08 15:36:11 2015] [error] [client 192.168.12.25] File does not exist: /usr/share/nethesis/nethserver-manager/images/favicon.ico
[Wed Apr 08 15:40:16 2015] [error] [client 192.168.12.25] [ERROR] Nethgui\\Framework: [1327499272] rule#1327570195: Deny access to everyone on everything (score = 0.00) :: AppliedTo :: subject `toto` resource `NethServer\\Module\\User:User` action `QUERY`, referer: https://192.168.12.195:980/en/User

History

#1 Updated by stephane de Labrusse over 4 years ago

Maybe a bad redirection issue

if I use

https://192.168.12.195:980/en/User ---> 403 error

https://192.168.12.195:980/en/UserProfile ----> OK

#2 Updated by stephane de Labrusse over 4 years ago

Well I have just tested with firefox and chrome and I understand the issue

since I have just created or leaved the menu en/User when I disconnect the root user, the url is still written in the browser and when I reconnect the user 'toto' (who is not allowed to use this menu) I have the 403 error.

Maybe when you disconnect the user root or any other users, the url should be rewritten to the root url https://IP:980

#3 Updated by stephane de Labrusse over 4 years ago

Apr 8 15:39:24 nethserver-dev esmith::event3040: Use of uninitialized value in numeric gt (>) at /usr/share/perl5/vendor_perl/Authen/SASL/Perl.pm line 130.

Still here :)

#4 Updated by Giacomo Sanchietti over 4 years ago

  • Target version set to ~FUTURE

#5 Updated by Giacomo Sanchietti over 3 years ago

  • Status changed from NEW to CLOSED
  • % Done changed from 0 to 100
  • Resolution set to REJECTED

This feature will not be implemented in NS 6. If needed, please reopen it for NS 7.

Also available in: Atom PDF