RE: FOG 1.5.10.1604 ldap plugin

@Tom-Elliott though I deployed it on our production server (from my fork), of course when you push the changes I can test it on the staging server. Just let us know.

@Tom-Elliott Hello!

We wanted to integrate the ldap plugin on our OpenLDAP server and after some debug sessions we finally managed to integrate it.

I opened a pull request https://github.com/FOGProject/fogproject/pull/635 with the changes we made. I believe the filter should be dynamic to match more attributes instead of having hard-coded the name=.

Please review it and check if it can be merged. Thank you.

@Tom-Elliott glad to hear it.

Where can I check - read other events in order to get more notifications? For example the creation of a snapin task, or the creation of a multicast image tasks? (so I can create new events on slack plugin)

Thank you once more the time and effort.

Hello all,

I searched the forums and found various posts for the slack plugin not properly working. I managed to get it to work by modifying some files to match the new slack api.

I pushed the changes on my fork and requested a merge with the dev-branch of fogproject https://github.com/FOGProject/fogproject/pull/631. I tested all the events (except image fail) on our staging server.

Waiting for you review.
Thank you.

@Tom-Elliott if the directory nfs.conf.d exists the fog-nfs.conf isn’t created.

I believe the code should be:

configureNFS() {
    dots "Setting up NFS configuration file"
    if [[ -f "/etc/nfs.conf" ]]; then
        # Fix all set port=20048 back to default values
        sed -i '/^port=20048/ {s/^port=20048/# port=0/}' /etc/nfs.conf >>$error_log 2>&1
    fi
    # set port in nfs.conf.d directory
    if [[ -f "/etc/nfs.conf" && ! -d "/etc/nfs.conf.d/" ]]; then
        mkdir /etc/nfs.conf.d/
    elif [[ -f "/etc/nfs.conf" &&  -d "/etc/nfs.conf.d/" ]]; then
        cat > /etc/nfs.conf.d/fog-nfs.conf <<EOF
[mountd]
port=20048
EOF
    elif [[ -f "/usr/etc/nfs.conf" && ! -d "/usr/etc/nfs.conf.d/" ]]; then
        mkdir /usr/etc/nfs.conf.d/
    elif [[ -f "/usr/etc/nfs.conf" &&  -d "/usr/etc/nfs.conf.d/" ]]; then
        cat > /usr/etc/nfs.conf.d/fog-nfs.conf <<EOF
[mountd]
port=20048
EOF
    fi
    errorStat $?

@Tom-Elliott just a friendly reminder. The dev-branch doesn’t have the new code in functions.sh for the nfs mount.

Thank you for all your help.

@fogcloud we have an ansible playbook to handle FOG firewall rules (firewalld) and the ports used are:

   allow_icmp:
      - echo-request
      - echo-reply
    services:
      - ftp
      - http
      - mountd
      - nfs
      - rpc-bind
      - tftp
    ports:
      - { port: 20048, proto: tcp }  # nfs
      - { port: 20048, proto: udp }  # nfs
      - { port: "35350-36350", proto: udp }  # tftp
      - { port: "49512-65532", proto: udp }  # multicast

the port 20048 is added on nfs.conf
the range 35350-36350 is added on tftp options
and the 49512-65532 is for all the dynamic ports

@Tom-Elliott

tested on staging server and it works.

OS: Ubuntu 22.04
FOG Server: 1.5.10.1577

Export of images and hosts now is successful

I believe the problem you are facing is the way the new export.php (https://github.com/FOGProject/fogproject/compare/1.5.10...1.5.10.41?diff=split&w=#diff-ff9e620c45c9b82140dffca512e6417f03cc4972a20a6659a4f4a248ffa56082) validates the export.

I have the same problem on a newly installed server OS: Ubuntu 22.04, FOG Server: 1.5.10.48. I changed the if statement with

echo $currentUser;
echo '<br>';
echo strtolower($_SERVER['HTTP_X_REQUESTED_WITH']);
echo '<br>';
echo _('Unauthorized');
exit;

on export.php and as it shows

User ID: 1 Name: fog

Unauthorized

the blank line is the empty variable which then forces the Unauthorized exit.

@AUTH-IT-Center with the dev-branch the created folder after the image capture has the correct permissions.

will wait for the update on stable branch to deploy to the production server.

Thank you!

@Tom-Elliott since this is the production server I will try it on a staging one and notify you.

@Tom-Elliott

unfortunately the same result.

also the permissions of the init.xz and init_32.xz on /var/www/html/fog/service/ipxe/ got 755 instead of 644 and the group www-data (just mentioning)

the system is 64bit

Server
FOG Version: 1.5.10.48
OS: Ubuntu 22.04

Hello first post so please forgive me if it’s in the wrong section.

Since the storage permissions of /images are 775 (https://forums.fogproject.org/topic/17486/fog-1-5-10-and-earlier-nfs-privilege-escalation-vulnerability) shouldn’t the capture image create the files with the same permisssions?

While testing a new image capture the permissions are 777 and the owner:group is fogproject.