View Issue Details

IDProjectCategoryView StatusLast Update
0001191bareos-core[All Projects] webuipublic2021-09-29 18:22
ReporterkhvaleraAssigned Tofrank 
PriorityhighSeveritycrashReproducibilityalways
Status resolvedResolutionfixed 
PlatformLinuxOSArch LinuxOS Versionx64
Product Version19.2.6 
Fixed in Version 
Summary0001191: The web interface runs under any login and password
DescriptionTo enter the web interface starts under any arbitrary username and password.
How to fix it?
Steps To Reproduce/etc/bareos/bareos-dir.d/console/web-admin.conf

Console {
  Name = web-admin
  Password = "123"
  Profile = "webui-admin"
}

/etc/bareos/bareos-dir.d/profile/webui-admin.conf

Profile {
  Name = "webui-admin"
  CommandACL = !.bvfs_clear_cache, !.exit, !.sql, !configure, !create, !delete, !purge, !prune, !sqlquery, !umount, !unmount, *all*
  Job ACL = *all*
  Schedule ACL = *all*
  Catalog ACL = *all*
  Pool ACL = *all*
  Storage ACL = *all*
  Client ACL = *all*
  FileSet ACL = *all*
  Where ACL = *all*
}

/etc/bareos-webui/directors.ini

[bareos_dir]
enabled = "yes"
diraddress = "localhost"
dirport>= 9101
;UsePamAuthentication = yes
pam_console_name = "web-admin"
pam_console_password = "123"
Tagswebui
bareos-master: impact
bareos-master: action
bareos-19.2: impact
bareos-19.2: action
bareos-18.2: impact
bareos-18.2: action
bareos-17.2: impact
bareos-17.2: action
bareos-16.2: impact
bareos-16.2: action
bareos-15.2: impact
bareos-15.2: action
bareos-14.2: impact
bareos-14.2: action
bareos-13.2: impact
bareos-13.2: action
bareos-12.4: impact
bareos-12.4: action

Activities

khvalera

khvalera

2020-04-10 00:10

reporter   ~0003936

UsePamAuthentication = yes
#pam_console_name = "web-admin"
#pam_console_password = "123"
frank

frank

2021-09-29 18:22

manager   ~0004289

Fix committed to bareos master branch with changesetid 15252.

Related Changesets

bareos: master 4378c528

2021-09-27 16:26:23

frank

Ported: N/A

Details Diff
webui: fix possible issues due to PAM misconfiguration

Check if UsePAMAuthentication is enabled on configured console
in DIR, if not do not proceed with authentication.

Fixes 0001191: The web interface runs under any login and password
Affected Issues
0001191
mod - webui/config/autoload/global.php.in Diff File
mod - webui/install/directors.ini.in Diff File
mod - webui/vendor/Bareos/library/Bareos/BSock/BareosBSock.php Diff File

Issue History

Date Modified Username Field Change
2020-02-12 15:40 khvalera New Issue
2020-02-12 15:40 khvalera Tag Attached: webui
2020-04-10 00:10 khvalera Note Added: 0003936
2021-04-29 10:46 frank Assigned To => frank
2021-04-29 10:46 frank Status new => assigned
2021-09-23 16:56 joergs Status assigned => confirmed
2021-09-29 18:22 frank Changeset attached => bareos master 4378c528
2021-09-29 18:22 frank Note Added: 0004289
2021-09-29 18:22 frank Status confirmed => resolved
2021-09-29 18:22 frank Resolution open => fixed