View Issue Details

IDProjectCategoryView StatusLast Update
0001039bareos-core[All Projects] webuipublic2019-08-06 13:21
Reporteralex-dvvAssigned Tofrank 
PriorityhighSeveritymajorReproducibilityalways
Status assignedResolutionopen 
PlatformLinuxOSDebianOS Version9
Product Version18.2.4-rc2 
Target VersionFixed in Version 
Summary0001039: Cant login in webui
DescriptionHi!Cant login in webui
Error: Sorry, can not authenticate. Wrong username and/or password.
TagsNo tags attached.
bareos-master: impact
bareos-master: action
bareos-18.2: impact
bareos-18.2: action
bareos-17.2: impact
bareos-17.2: action
bareos-16.2: impact
bareos-16.2: action
bareos-15.2: impact
bareos-15.2: action
bareos-14.2: impact
bareos-14.2: action
bareos-13.2: impact
bareos-13.2: action
bareos-12.4: impact
bareos-12.4: action

Activities

noone

noone

2019-01-31 15:44

reporter   ~0003228

Hello,

The same problem on my SLES 12.3, Version 18.2.5-136.1 (SUSE Repository).

I tracked the problem down to the following log messages (debug mode 100 and gdb running with breakpoint at lib/try_tls_handshake_as_a_server.cc:69):

"""
uranus.mcservice.eu-dir (100): lib/bsock.cc:81-0 Construct BareosSocket
[New Thread 0x7fffe3fff700 (LWP 19998)]
uranus.mcservice.eu-dir (100): include/jcr.h:320-0 Construct JobControlRecord
uranus.mcservice.eu-dir (200): lib/bsock.cc:631-0 Identified from Bareos handshake: admin-R_CONSOLE recognized version: 18.2
[Switching to Thread 0x7fffe3fff700 (LWP 19998)]

Thread 16 "bareos-dir" hit Breakpoint 1, GetHandshakeMode (config=0x6f4530, bs=0x7fffec001fe8, bs@entry=0x6d63a0 <std::string::_Rep::_S_empty_rep_storage>)
    at /usr/src/debug/bareos-18.2.5/src/lib/try_tls_handshake_as_a_server.cc:69
69 Dmsg1(200, "Connection to %s will be denied due to configuration mismatch\n", client_name.c_str());
(gdb) c
Continuing.
uranus.mcservice.eu-dir (200): lib/try_tls_handshake_as_a_server.cc:69-0 Connection to admin will be denied due to configuration mismatch
uranus.mcservice.eu-dir (100): lib/bsock.cc:129-0 Destruct BareosSocket
uranus.mcservice.eu-dir (100): include/jcr.h:324-0 Destruct JobControlRecord
[Thread 0x7fffe3fff700 (LWP 19998) exited]
"""

the relevant part of the code is giving for Bareos >=18.2 only a "ConnectionHandshakeMode::PerformCleartextHandshake" if "tls_policy == kBnetTlsNone".
noone

noone

2019-01-31 16:03

reporter   ~0003230

I could resolve the problem by following the suggestion in "/etc/bareos/bareos-dir.d/console/admin.conf.example" to disable TLS or use Certificates. (It should only be disabled if the director is only listening on localhost, because otherwise passwords might be transferred nonencrypted over the network.)

So for me it looks like a configuration problem resulting from non adapted old configurations.
teka74

teka74

2019-02-01 07:20

reporter   ~0003232

Same Problem here after updating from 17.4 to 18.2.5, solved it with adding "TLS Enable = No" in the console config

But now I can't access to webui, gui is reporting:

Sorry, it seems you are not authorized to run this module. If you think this is an error, please contact your local administrator.
Please read the Bareos documentation for any additional information on how to configure the Command ACL directive of your Console/Profile resources. Following is a list of required commands which need to be in your Command ACL to run this module properly:

list
llist


I checked up my webui-admin profile, it containes the lines from 18.2.5 documentation....

Unbenannt.png (122,585 bytes)
Unbenannt.png (122,585 bytes)
alex-dvv

alex-dvv

2019-02-01 07:25

reporter   ~0003233

Doesn't come anyway, here's the config:
onsole {
  Name = admin
  Password = ******
  Profile = webui-admin
  TLS Enable = No
}
alex-dvv

alex-dvv

2019-02-01 07:31

reporter   ~0003234

I went in !!! But the error is the same:Sorry, it seems you are not authorized to run this module. If you think this is an error, please contact your local administrator.
alex-dvv

alex-dvv

2019-02-01 12:44

reporter   ~0003238

It worked!I do not really like!
teka74

teka74

2019-02-01 23:05

reporter   ~0003240

alex, it is working on your server? what did you change?
teka74

teka74

2019-02-01 23:59

reporter   ~0003241

uhh, just looked at my system, and webui is now working without any changes! nice self-healing!!
murrdyn

murrdyn

2019-02-04 18:27

reporter   ~0003244

I have the blank page after login like teka74 did. It did self heal eventually, but then closing the webui window and trying to log back in returned the issue.

httpd error log shows:
[Mon Feb 04 11:20:53.319812 2019] [:error] [pid 3414] [client x.x.x.x:52713] PHP Notice: Undefined variable: form in /usr/share/bareos-webui/module/Auth/view/auth/auth/login.phtml on line 45, referer: http://x.x.x.x/bareos-webui/auth/login
[Mon Feb 04 11:20:53.319849 2019] [:error] [pid 3414] [client x.x.x.x:52713] PHP Fatal error: Call to a member function prepare() on a non-object in /usr/share/bareos-webui/module/Auth/view/auth/auth/login.phtml on line 45, referer: http://x.x.x.x/bareos-webui/auth/login

When it works correctly, those errors do not show up.
teka74

teka74

2019-02-04 23:24

reporter   ~0003245

agree with murrdyn, partially I can login in webui, sometimes blank window appears...
c0r3dump3d

c0r3dump3d

2019-02-07 16:07

reporter   ~0003254

Hi, same problem in Centos 7.6.1810 fresh install bareos-dir version 18.2.5:

[Thu Feb 07 15:27:29.244019 2019] [:error] [pid 25046] [client 10.141.1.90:37769] admin, referer: http://bareosdir00.mgmt/bareos-webui/
[Thu Feb 07 15:27:29.244068 2019] [:error] [pid 25046] [client 10.141.1.90:37769] console_name: admin, referer: http://bareosdir00.mgmt/bareos-webui/
[Thu Feb 07 15:27:29.245627 2019] [:error] [pid 25046] [client 10.141.1.90:37769] PHP Notice: fwrite(): send of 26 bytes failed with errno=104 Connection reset by peer in /usr/share/bareos-webui/vendor/Bareos/library/Bareos/BSock/BareosBSock.php on line 219, referer: http://bareosdir00.mgmt/bareos-webui/
IvanBayan

IvanBayan

2019-02-12 14:02

reporter  

webuiproblem.png (95,893 bytes)
webuiproblem.png (95,893 bytes)
IvanBayan

IvanBayan

2019-02-12 14:02

reporter   ~0003257

I have similar problem, if I try to login, I get next message:
c0r3dump3d

c0r3dump3d

2019-02-13 10:57

reporter  

c0r3dump3d

c0r3dump3d

2019-02-13 10:57

reporter   ~0003258

This issue It seems to be the same to issue number 0001033 (https://bugs.bareos.org/view.php?id=1033) that's it's close and resolve in version 18.2.4rc2-76.1.

In my Centos 7.6 installations with php verison 7.2.15 with bareos 18.2.5 the error persist ...

[Wed Feb 13 10:35:08.142474 2019] [php7:notice] [pid 9012] [client 10.141.1.90:21152] PHP Notice: fwrite(): send of 26 bytes failed with errno=104 Connection reset by peer
in /usr/share/bareos-webui/vendor/Bareos/library/Bareos/BSock/BareosBSock.php on line 219

I'm sure that the credential are correct.
xyros

xyros

2019-02-13 19:00

reporter   ~0003259

A possibly helpful observation I have made concerning this bug:

Typically, if you remain logged in and your session expires by the time you try to perform an action, you have to log back in. This is when you encounter this bug.

Following a long idle period, if you avoid performing any action, so as to avoid being notified that your session has expired, and instead click your username and properly logout from the drop-down, you can log back in successfully without triggering this bug.

In fact, I have found that if I always deliberately logout, such that I avoid triggering the session expiry notice, I can always successfully login on the next attempt.

I have not tested a scenario of closing all browser windows then trying to login. But so far it seems that deliberately logging out -- even after session expiry (but without doing anything to trigger a session expiry notification) -- avoids triggering this bug.

Hope that helps with figuring out where the bug resides.
c0r3dump3d

c0r3dump3d

2019-02-14 09:46

reporter   ~0003261

In my case the errot occurs in a fresh install and I have no previous sessions ..., otherwise I have test in a Debian 9 fresh install and I have the same problem!!
c0r3dump3d

c0r3dump3d

2019-02-15 10:32

reporter   ~0003263

From a similar issue that previously happen in the docker version of bareos jukito show me that putting the options TLS Enable = No in /etc/bareos/bareos-dir.d/console/admin.conf file:

Console {
  Name = admin
  Password = *****
  Profile = webui-admin
  TLS Enable = No
}

correct the problem.
c0r3dump3d

c0r3dump3d

2019-02-15 10:35

reporter   ~0003264

Sorry, I've forgotten to include the link for bareos docker same issue:
https://github.com/barcus/bareos/issues/24
gslongo

gslongo

2019-03-14 10:31

reporter   ~0003291

Hi,

The error remains even with the "TLS Enable = No" setting here

PHP Notice: fwrite(): send of 26 bytes failed with errno=104 Connection reset by peer in /usr/share/bareos-webui/vendor/Bareos/library/Bareos/BSock/BareosBSock.php on line 219, referer: http://XX/bareos-webui/


[root@baloo bareos]# grep -rn webui
bareos-dir.d/console/admin.conf:2:# Restricted console used by bareos-webui
bareos-dir.d/console/admin.conf:7: Profile = "webui-admin"
bareos-dir.d/profile/webui-admin.conf:2:# bareos-webui webui-admin profile resource
bareos-dir.d/profile/webui-admin.conf:5: Name = "webui-admin"
bareos-dir.d/profile/webui-admin.conf:18:# bareos-webui default profile resource
bareos-dir.d/profile/webui-admin.conf:21: Name = webui

[root@baloo bareos]# cat bareos-dir.d/console/admin.conf
#
# Restricted console used by bareos-webui
#
Console {
  Name = admin
  Password = "********"
  Profile = "webui-admin"


  # As php does not support TLS-PSK,
  # and the director has TLS enabled by default,
  # we need to either disable TLS or setup
  # TLS with certificates.
  #
  # For testing purposes we disable it here
  TLS Enable = No
}


[root@baloo bareos]# cat bareos-dir.d/profile/webui-admin.conf
#
# bareos-webui webui-admin profile resource
#
Profile {
  Name = "webui-admin"
  CommandACL = !.bvfs_clear_cache, !.exit, !.sql, !configure, !create, !delete, !purge, !prune, !sqlquery, !umount, !unmount, *all*
  Job ACL = *all*
  Schedule ACL = *all*
  Catalog ACL = *all*
  Pool ACL = *all*
  Storage ACL = *all*
  Client ACL = *all*
  FileSet ACL = *all*
  Where ACL = *all*
}

#
# bareos-webui default profile resource
#
Profile {
  Name = webui
  CommandACL = status, messages, show, version, run, rerun, cancel, .api, .bvfs_*, list, llist, use, restore, .jobs, .filesets, .clients
  Job ACL = *all*
  Schedule ACL = *all*
  Catalog ACL = *all*
  Pool ACL = *all*
  Storage ACL = *all*
  Client ACL = *all*
  FileSet ACL = *all*
  Where ACL = *all*
}


Any idea ?

Thank you !
Schroeffu

Schroeffu

2019-04-23 15:14

reporter   ~0003343

I have had the same issue after upgrade from 17.2.4 to 18.2.5 and the best result for me was editing this two files:

/etc/bareos-webui/directors.ini
tls_verify_peer = false
server_can_do_tls = true # it was false before
server_requires_tls = false
client_can_do_tls = false (with true, login in webui is not possible for me)

and in /etc/bareos/bareos-dir.d/console/admin.conf add
TLS Enable = No

Now WebUI (running on localhost, so, ignore TLS is ok for me) login is okay, plus, all backup-fd 18.2.5 clients are reachable by TLS-PSK according Log ( WebUI > Clients > Status Icon > first 2lines in logwindow says 'Handshake: Immediate TLS, Encryption: ECDHE-PSK-CHACHA20-POLY1305')

with "client_can_do_tls" i have a similar php error, this one:

Exception
File:
/usr/share/bareos-webui/vendor/Bareos/library/Bareos/BSock/BareosBSock.php:542
Message:
Error in TLS handshake
Stack trace:
#0 /usr/share/bareos-webui/vendor/Bareos/library/Bareos/BSock/BareosBSock.php(101): Bareos\BSock\BareosBSock->connect()
0000001 /usr/share/bareos-webui/module/Auth/src/Auth/Controller/AuthController.php(93): Bareos\BSock\BareosBSock->connect_and_authenticate()
0000002 /usr/share/bareos-webui/vendor/zendframework/zend-mvc/src/Controller/AbstractActionController.php(82): Auth\Controller\AuthController->loginAction()
0000003 [internal function]: Zend\Mvc\Controller\AbstractActionController->onDispatch(Object(Zend\Mvc\MvcEvent))
0000004 /usr/share/bareos-webui/vendor/zendframework/zend-eventmanager/src/EventManager.php(444): call_user_func(Array, Object(Zend\Mvc\MvcEvent))
0000005 /usr/share/bareos-webui/vendor/zendframework/zend-eventmanager/src/EventManager.php(205): Zend\EventManager\EventManager->triggerListeners('dispatch', Object(Zend\Mvc\MvcEvent), Object(Closure))
0000006 /usr/share/bareos-webui/vendor/zendframework/zend-mvc/src/Controller/AbstractController.php(118): Zend\EventManager\EventManager->trigger('dispatch', Object(Zend\Mvc\MvcEvent), Object(Closure))
0000007 /usr/share/bareos-webui/vendor/zendframework/zend-mvc/src/DispatchListener.php(93): Zend\Mvc\Controller\AbstractController->dispatch(Object(Zend\Http\PhpEnvironment\Request), Object(Zend\Http\PhpEnvironment\Response))
0000008 [internal function]: Zend\Mvc\DispatchListener->onDispatch(Object(Zend\Mvc\MvcEvent))
0000009 /usr/share/bareos-webui/vendor/zendframework/zend-eventmanager/src/EventManager.php(444): call_user_func(Array, Object(Zend\Mvc\MvcEvent))
0000010 /usr/share/bareos-webui/vendor/zendframework/zend-eventmanager/src/EventManager.php(205): Zend\EventManager\EventManager->triggerListeners('dispatch', Object(Zend\Mvc\MvcEvent), Object(Closure))
0000011 /usr/share/bareos-webui/vendor/zendframework/zend-mvc/src/Application.php(314): Zend\EventManager\EventManager->trigger('dispatch', Object(Zend\Mvc\MvcEvent), Object(Closure))
0000012 /usr/share/bareos-webui/public/index.php(24): Zend\Mvc\Application->run()
0000013 {main}
gslongo

gslongo

2019-05-23 16:15

reporter   ~0003380

Hi,

Even with fix you suggest, we still have same issue but not same line in code :


[Thu May 23 16:13:23.853505 2019] [:error] [pid 16836] [client 172.16.38.128:42814] PHP Notice: fwrite(): send of 26 bytes failed with errno=104 Connection reset by peer in /usr/share/bareos-webui/vendor/Bareos/library/Bareos/BSock/BareosBSock.php on line 219, referer: http://baloo/bareos-webui/auth/login?req=/bareos-webui/dashboard/
gslongo

gslongo

2019-08-06 09:07

reporter   ~0003556

Hi,

Any update on this issue ?

Thank you
gslongo

gslongo

2019-08-06 13:21

reporter   ~0003557

Additional information when setting : setdebug level=200 trace=1 dir


bareos-dir (100): lib/bsock.cc:81-0 Construct BareosSocket
bareos-dir (100): include/jcr.h:320-0 Construct JobControlRecord
bareos-dir (200): lib/bsock.cc:631-0 Identified from Bareos handshake: webui-admin-R_CONSOLE recognized version: 18.2
bareos-dir (100): lib/parse_conf.cc:1056-0 Could not find foreign tls resource: R_CONSOLE-webui-admin
bareos-dir (100): lib/parse_conf.cc:1076-0 Could not find foreign tls resource: R_CONSOLE-webui-admin
bareos-dir (200): lib/try_tls_handshake_as_a_server.cc:54-0 Could not read out cleartext configuration
bareos-dir (100): lib/bsock.cc:129-0 Destruct BareosSocket
bareos-dir (100): include/jcr.h:324-0 Destruct JobControlRecord

Issue History

Date Modified Username Field Change
2019-01-30 07:40 alex-dvv New Issue
2019-01-31 15:44 noone Note Added: 0003228
2019-01-31 16:03 noone Note Added: 0003230
2019-02-01 07:20 teka74 File Added: Unbenannt.png
2019-02-01 07:20 teka74 Note Added: 0003232
2019-02-01 07:25 alex-dvv Note Added: 0003233
2019-02-01 07:31 alex-dvv Note Added: 0003234
2019-02-01 12:44 alex-dvv Note Added: 0003238
2019-02-01 23:05 teka74 Note Added: 0003240
2019-02-01 23:59 teka74 Note Added: 0003241
2019-02-04 18:27 murrdyn Note Added: 0003244
2019-02-04 23:24 teka74 Note Added: 0003245
2019-02-07 16:08 c0r3dump3d Note Added: 0003254
2019-02-12 14:02 IvanBayan File Added: webuiproblem.png
2019-02-12 14:02 IvanBayan Note Added: 0003257
2019-02-13 10:57 c0r3dump3d File Added: Captura de pantalla de 2019-02-13 10-56-37.png
2019-02-13 10:57 c0r3dump3d Note Added: 0003258
2019-02-13 19:00 xyros Note Added: 0003259
2019-02-14 09:46 c0r3dump3d Note Added: 0003261
2019-02-15 10:32 c0r3dump3d Note Added: 0003263
2019-02-15 10:35 c0r3dump3d Note Added: 0003264
2019-03-14 10:31 gslongo Note Added: 0003291
2019-04-23 15:14 Schroeffu Note Added: 0003343
2019-05-23 16:15 gslongo Note Added: 0003380
2019-07-02 16:26 joergs Assigned To => frank
2019-07-02 16:26 joergs Status new => assigned
2019-08-06 09:07 gslongo Note Added: 0003556
2019-08-06 13:21 gslongo Note Added: 0003557