Encryption error when clicking on "list hosts", just set AD password.
-
Yep, sorry didn’t see the version on the big button. 1.5.7
-
@vangrimoire I have not found the time to replicate and look into the issue but I will do so soon.
-
Just enter an @ sign in the password field of the “Active Directory” page and save.
https://stackoverflow.com/questions/19934422/encrypt-string-in-php-and-decrypt-in-node-js
-
@vangrimoire Ok, I played with it for a bit but can’t actually reproduce the error. I did as you said, opened the settings of one host, went to the AD tab, entered a password that includes an @ symbol (tried different combinations - somewhere in the middle, at the end, as a single character), saved,went back to the host listing and don’t get an error on the web UI.
Here is what I have in the DB for this host now:
mysql> SELECT hostName,hostUseAD,hostADDomain,hostADUser,hostADPass,hostEnforce FROM hosts; +----------+-----------+--------------+---------------+-------------+-------------+ | hostName | hostUseAD | hostADDomain | hostADUser | hostADPass | hostEnforce | +----------+-----------+--------------+---------------+-------------+-------------+ | ws228732 | 1 | MYDOM | Administrator | test123@123 | 1 | +----------+-----------+--------------+---------------+-------------+-------------+ 1 row in set (0.000 sec)
As well, nothing in the apache and PHP error logs.
Where do you see the error? Can you post a picture?
-
when I click on “list hosts”, “tasks”, and “export hosts” the page is replaced with the error.
php is version 7.2.23 on CentOS Linux release 7.7.1908 (core)
-
@vangrimoire My test was on a Fedora 30 system using PHP 7.3.10
@Moderators Anyone else able to replicate this issue?
-
Tested on Centos 7 PHP 7.2 FOG 1.5.7
No problem with @ in password on my end.
@vangrimoire what’s in your PHP/apache error logs?
-
Password was: |-|@11ow33n
Maybe try the bars and hyphen?
-
@vangrimoire Indeed that did the trick. I will see why this happens.
-
@Sebastian-Roth it’s the double pipes.
We used to store the encrypted form of the password in such a way that it was
IV|encryprtedpassword|key
It needed all three to decrypt
-
@Tom-Elliott Yeah right! Can we solve this in the code by not allowing the pipes in passwords at all? But I am sure there are people out there using those in their passwords.
-
@Sebastian-Roth I think we just need to refine the code a bit more. I don’t know why it’s getting the error, I just know what we did int he past for the passwords. I’m sure we can make a more proper fix without limiting what passwords an admin can use.
-
I found and believe I may have fixed the issue. It was actually pretty simple. The error was coming from the unpacking of information.
Hopefully it helps. Just repull the dev-branch and install and all should be back to normal.