Ad Widget

Collapse

Login redirects to jsrpc.php on 10.8.5

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • thtux
    Junior Member
    • Apr 2011
    • 14
    #1

    Login redirects to jsrpc.php on 10.8.5

    Hi there

    I'm using Zabbix since about 6 months for monitoring 140 Linux and Solaris Servers. Except for some problems with passive proxies it worked great. As 10.8.5 resolved some proxy related issues I upgraded the server, webgui and all proxies yesterday.

    Since then all users logging in on the webgui get redirected to jsrpc.php. This happens only once, so when the user corrects the url (removes jsrpc.php) he gets the "welcome to zabbix" screen and everything works until the next login.

    Does anyone else have this problem?

    There is a small patch applied to index.php to allow negotiate authentication:
    Code:
    --- /home/xxxx/src/zabbix-1.8.5/frontends/php/index.php 2011-04-15 21:17:31.000000000 +0200
+++ index.php   2011-04-18 09:55:29.000000000 +0200
@@ -65,6 +65,14 @@
                        $_REQUEST['name'] = $_SERVER['PHP_AUTH_USER'];
                        $_REQUEST['password'] = 'zabbix';//$_SERVER['PHP_AUTH_PW'];
                }
+// BEGIN added by xxxx
+                elseif(isset($_SERVER['AUTH_TYPE']) && $_SERVER['AUTH_TYPE']=='Negotiate'){
+                        if(!isset($sessionid)) $_REQUEST['enter'] = 'Enter';
+                        $user_parts = explode('@',$_SERVER['REMOTE_USER']);
+                        $_REQUEST['name'] = strtoupper($user_parts[0]);
+                        $_REQUEST['password'] = 'zabbix';//$_SERVER["PHP_AUTH_PW"];
+                }
+// END added by xxxx
                else{
                        access_deny();
                }
@@ -128,4 +136,4 @@

 include_once('include/page_footer.php');

-?>
\ No newline at end of file
+?>
    Thanks for this great piece of software!
    Tags: None
    • thtux
      Junior Member
      • Apr 2011
      • 14
      #2
      additional infos

      The redirect happens because index.php only returns this html.

      Code:
      <script text="Text/javascript">// <![CDATA[
window.location.replace("jsrpc.php");
// ]]></script>

        Comment

        • thtux
          Junior Member
          • Apr 2011
          • 14
          #3
          Workaround

          Looks like I'm solving this out myself ;-)

          It's clearly not related to my negothiate-patch. The problem is in this block:

          Code:
                  $request = get_request('request');
        if(isset($_REQUEST['enter'])&&($_REQUEST['enter']=='Enter')){
                global $USER_DETAILS;
                $name = get_request('name','');
                $passwd = get_request('password','');


                $login = CUser::authenticate(array('user'=>$name, 'password'=>$passwd, 'auth_type'=>$authentication_type));

                if($login){
                        $url = is_null($request)?$USER_DETAILS['url']:$request;

                        add_audit_ext(AUDIT_ACTION_LOGIN, AUDIT_RESOURCE_USER, $USER_DETAILS['userid'], '', null,null,null);

                        jsRedirect($url);
                        exit();
                }
        }
          The variable $USER_DETAILS['url'] contains jsrpc.php sind 1.8.5. So I replaced this line:
          Code:
          $url = is_null($request)?$USER_DETAILS['url']:$request;
          with this one:
          Code:
          $url = is_null($request)?"index.php":$request;
          Now the problem is solved. But this is only a workaround of course. I'll investigate further.

          Maybe this thread helps someone else but as long as I'm the only one with this problem I'll not file a bug report.

            Comment

            • thtux
              Junior Member
              • Apr 2011
              • 14
              #4
              Problem source identified

              It's the call to:
              Code:
              CProfile::get('web.menu.view.last','index.php');
              in "api/classes/class.cuser.php" which returns "jsrpc.php". This function gets its values from the db table profiles. But not one of my users has jsrpc.php in there.

              I don't have time to investigate further and stick with the above workaround.

                Comment

                • nleaman
                  Member
                  • May 2010
                  • 35
                  #5
                  I had this same problem... the edited index.php file with the above work around is working, but would be curious to know more as to why this happens.

                    Comment

                    • Yello
                      Senior Member
                      • Apr 2011
                      • 309
                      #6
                      You should report this as an issue.


                      Regards,
                      David

                        Comment

                        Previous template Next
                        Working...