fusiondirectory issueshttps://gitlab.fusiondirectory.org/groups/fusiondirectory/-/issues2022-02-11T19:08:20Zhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6003Fatal error after using search box filter2022-02-11T19:08:20ZbmortierFatal error after using search box filter### Description
On a fresh install of FD, against an empty OpenLDAP (except for root dc), after setting up the application, users have sometimes an unrecoverable fatal error (they have to log out and back in to revover UI) :
```
Fatal ...### Description
On a fresh install of FD, against an empty OpenLDAP (except for root dc), after setting up the application, users have sometimes an unrecoverable fatal error (they have to log out and back in to revover UI) :
```
Fatal error: Uncaught Exception: Unknown element type specified: ! in /usr/share/fusiondirectory/include/class_filter.inc:420
Stack trace:
#0 /usr/share/fusiondirectory/include/class_listing.inc(486): filter->render()
#1 /usr/share/fusiondirectory/include/simpleplugin/class_simpleManagement.inc(537): listing->render()
#2 /usr/share/fusiondirectory/plugins/admin/users/class_userManagement.inc(119): simpleManagement->renderList()
#3 /usr/share/fusiondirectory/include/simpleplugin/class_simpleManagement.inc(609): userManagement->renderList()
#4 /usr/share/fusiondirectory/include/simpleplugin/class_simpleManagement.inc(1356): simpleManagement->execute()
#5 /usr/share/fusiondirectory/plugins/admin/users/main.inc(21): simpleManagement::mainInc('userManagement')
#6 /usr/share/fusiondirectory/html/main.php(284): require('/usr/share/fusi...')
#7 {main} thrown in /usr/share/fusiondirectory/include/class_filter.inc on line 420
```
We are able to reproduce it each time by filtering with the search box filter in users management, then opening another menu item in "users and groups" section, and then coming back to user management. The error occurs on this last step.
### Distribution Name and Version
Reproduced on Debian Stretch and Ubuntu 16.04
### FusionDirectory Version
1.3-1
### PHP version used
PHP 7.0.33-0+deb9u3
### Origin of php packages
debian
### Steps to Reproduce
1. Open user management
2. Type some text in search box filter
3. Clic on "Apply filter"
4. Navigate to another menu item (such as "Group and roles")
5. Navigate back to user management
6. White page is displayed with following message : "Fatal error: Uncaught Exception: Unknown element type specified: ! in /usr/share/fusiondirectory/include/class_filter.inc:420 ..." (see description for complete message)
7. UI is broken until user log back in.
**Reproduces how often:**
100%; though,
### Additional Information
Do not occur with PHP 5.
Similar issue was found (#5862), but it looks the bug wasn't actually fixed.
Plugins used : ldapdump ldapmanager mail dsa ppolicyFusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/5997Incorrect error message when the mail cannot be sent by recovery2019-06-28T20:53:43ZbmortierIncorrect error message when the mail cannot be sent by recovery### Description
incorrect error message when the mail cannot be send by recovery
### Distribution Name and Version
Debian
### FusionDirectory Version
1.4
### PHP version used
7
### Origin of php packages
Debian
### Steps to Rep...### Description
incorrect error message when the mail cannot be send by recovery
### Distribution Name and Version
Debian
### FusionDirectory Version
1.4
### PHP version used
7
### Origin of php packages
Debian
### Steps to Reproduce
1. Use recovery with a bad configuration for your email server
2. You will see this message after validation " The field 'Contact your administrator, there was a problem with mail server' contains invalid characters! "
**Expected behavior:**
The message must be «Contact your administrator, there was a problem with mail server»
**Actual behavior:**
We have a wrong message " The field 'Contact your administrator, there was a problem with mail server' contains invalid characters! "
**Reproduces how often:**
100%FusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/5995Audit events DN are too long2021-07-30T12:34:23ZbmortierAudit events DN are too longRelated to fd-plugins#5825
Audit events do not include fdAuditId because create_unique_dn only accepts string values.
Also, having the microseconds it the timestamp would be good because it gives more information (especially order of e...Related to fd-plugins#5825
Audit events do not include fdAuditId because create_unique_dn only accepts string values.
Also, having the microseconds it the timestamp would be good because it gives more information (especially order of events) and helps having unique DNs.FusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/5987ImagickException are not catched when showing an ImageAttribute2019-06-28T20:53:43ZbmortierImagickException are not catched when showing an ImageAttribute### Description
<!-- Required -->
<!-- Description of the issue -->
When jpegPhoto contains invalid data, imagick throws an ImagickException which crashes FusionDirectory instead of correctly showing the user edition without the image.
...### Description
<!-- Required -->
<!-- Description of the issue -->
When jpegPhoto contains invalid data, imagick throws an ImagickException which crashes FusionDirectory instead of correctly showing the user edition without the image.
### FusionDirectory Version
<!-- Required -->
1.4
### Steps to Reproduce
<!-- Required -->
1. Edit the LDAP by hand to put invalid data in jpegPhoto
2. Try to edit the user with FD
**Expected behavior:**
<!-- What you expect to happen-->
Being able to edit the user and set its photo to a valid value.
**Actual behavior:**
<!-- What actually happens -->
FD shows the exception and crashes (or at least leaves user edition)
**Reproduces how often:**
<!-- What percentage of the time does it reproduce?-->
100%
### Additional Information
<!-- optional -->
<!-- Any additional information, configuration or data that might be necessary to reproduce the issue. -->FusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/5985We don't have LDAP tab on FusionDirectory configuration2019-06-28T20:53:41ZbmortierWe don't have LDAP tab on FusionDirectory configuration## Descriptive title for this enhancement
We don't have LDAP tab on FusionDirectory configuration
### Actual behavior
After installing ldapdump we don't have LDAP tab on FusionDirectory configuration
### Expected behavior
That we ha...## Descriptive title for this enhancement
We don't have LDAP tab on FusionDirectory configuration
### Actual behavior
After installing ldapdump we don't have LDAP tab on FusionDirectory configuration
### Expected behavior
That we have a LDAP tab to read the configuration
### Step by step description of new behaviour
1. Install ldapdump
2. Go to FD configuration
3. You not see an LDAP tab
### Benefits
Reading the configuration without manual ldapsearchFusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/5983Write ACL on user/userRoles/groupsMembership not working when not having full...2021-01-22T10:41:18ZbmortierWrite ACL on user/userRoles/groupsMembership not working when not having full user/user read right### Description
FD displays a message "You have no permission to modify the field "groupsMembership" of object ... " when editing a user group membership, though the user do have an ACL assigned allowing him to do so.
### Distribution ...### Description
FD displays a message "You have no permission to modify the field "groupsMembership" of object ... " when editing a user group membership, though the user do have an ACL assigned allowing him to do so.
### Distribution Name and Version
Debian jessie
### FusionDirectory Version
1.3
### PHP version used
PHP 5.6.40-0+deb8u2
### Origin of php packages
debian
### Steps to Reproduce
1. Create user A
1. Create an ACL role to read groups and write their member attribute. Assign to user A on the whole tree.
1. Create an ACL role to allow read/edition on some user fields (not all) & their groups/roles membership. This is the setting I currently have :
`0:user/userRoles;cmdrw#groupsMembership;rw#rolesMembership;rw,user/user;#cn;w#sn;rw#givenName;rw#description;rw#jpegPhoto;rw#l;rw#st;rw#postalAddress;rw#telephoneNumber;rw#mobile;rw#pager;rw#facsimileTelephoneNumber;rw#uid;r#preferredLanguage;rw#displayName;r#homePostalAddress;rw#homePhone;rw#title;rw#o;r#ou;rw#departmentNumber;rw#employeeNumber;rw#employeeType;rw#manager;rw#userLock;r`
1. Assign this ACL role to user A on a branch containing user B
1. Log in as user A and edit one of the allowed fields on user B: it works.
1. Still as user A, add a group to user B : when applying change, an error message appear : "You have no permission to modify the field "groupsMembership" of object "uid=userb,ou=users,..."
=> groupsMembership read/write doesn't seem to work properly when there are write restrictions on other user fields.
As a work around, if I manually add a new attribute "gosaAclTemplate" to the ACL role in OpenLDAP with value `1:user/user;#groupsMembership;rw`, after the one set through web interface, then the user B groups can be edited successfully by user A. But this value cannot be set through FD web interface, and will be lost if someone edit this entry through FD, since #groupMembership are set in user/userRoles block, not user/user.
**Expected behavior:**
User A should be able to edit group membership when granted the right within user/userRoles settings.
**Actual behavior:**
User A cannot edit group membership of user B even though the write of the groupsMembership attribute has been granted on user/userRoles.
**Reproduces how often:**
100%. Tried many combinaisons for user/userRoles with same results.FusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/5978when renaming branch aka department roles are not updated correctly2019-06-28T20:53:43Zbmortierwhen renaming branch aka department roles are not updated correctly### Description
when renaming branch aka department roles are not updated correctly
### Distribution Name and Version
Debian 9
### FusionDirectory Version
1.2.3
### PHP version used
PHP 7.0.33-0+deb9u3
### Origin of php packages
...### Description
when renaming branch aka department roles are not updated correctly
### Distribution Name and Version
Debian 9
### FusionDirectory Version
1.2.3
### PHP version used
PHP 7.0.33-0+deb9u3
### Origin of php packages
Debian for php
FusionDirectory officials repository
### Steps to Reproduce
<!-- Required -->
1. rename a depatement where user are in a role
2. open the roles afer moving
3. see that dn of the users are not right anymore
**Expected behavior:**
user should have moved with the correct dn inside the role
**Actual behavior:**
users in the role are broken
**Reproduces how often:**
100%FusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/5974Workflow problem when applying a template to an object triggers errors2019-08-29T13:16:17ZbmortierWorkflow problem when applying a template to an object triggers errors### Description
I tried to apply a template which change some fields ( postal address and add a partage email account
### Distribution Name and Version
Debian 9
### FusionDirectory Version
1.3
### PHP version used
7
### Origin of ph...### Description
I tried to apply a template which change some fields ( postal address and add a partage email account
### Distribution Name and Version
Debian 9
### FusionDirectory Version
1.3
### PHP version used
7
### Origin of php packages
php from debian stretch
### Steps to Reproduce
1. select an account
2. choose a template to apply
3. click on "OK" to apply template
4. an errors occurs because email already exist ( on partage mail system)
5. I acknowledge the error
6. Fd come back on screen width some field ( see attachment ), password is randomly filled
![Sélection_383](/uploads/852e7f5e02fe6ad47774359335d90f9e/Sélection_383.png)
7. I click on OK : errors occurs If I clique on cancel : no errors and I 'll come back to user list
**Expected behavior:**
no Error If I click on "OK", because all field are OK.
**Actual behavior:**
`Fatal error: Uncaught Error: Call to a member function set_acl_base() on null in /usr/share/fusiondirectory/include/simpleplugin/class_simpleManagement.inc:966 Stack trace: #0 /usr/share/fusiondirectory/include/simpleplugin/class_simpleManagement.inc(78): simpleManagement->openTabObject(NULL, 'ou=incoming,dc=...') #1 /usr/share/fusiondirectory/include/simpleplugin/class_simpleManagement.inc(576): templateDialog->save_object() #2 /usr/share/fusiondirectory/include/simpleplugin/class_simpleManagement.inc(1356): simpleManagement->execute() #3 /usr/share/fusiondirectory/plugins/admin/users/main.inc(21): simpleManagement::mainInc('userManagement') #4 /usr/share/fusiondirectory/html/main.php(284): require('/usr/share/fusi...') #5 {main} thrown in /usr/share/fusiondirectory/include/simpleplugin/class_simpleManagement.inc on line 966`
**Reproduces how often:**
100 %FusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/5967Systems dashboard crashes2019-06-28T20:53:43ZbmortierSystems dashboard crashesAn unrecoverable error occurred. Please contact your administator.
```
FusionDirectoryException: Could not find ACL for attribute "argonautProtocol" for type "server" in /usr/share/fusiondirectory/include/class_objects.inc:90
Stack trac...An unrecoverable error occurred. Please contact your administator.
```
FusionDirectoryException: Could not find ACL for attribute "argonautProtocol" for type "server" in /usr/share/fusiondirectory/include/class_objects.inc:90
Stack trace:
#0 /usr/share/fusiondirectory/plugins/addons/dashboard/class_dashBoardSystems.inc(140): objects::ls(Array, Array, 'dc=demo-fusiond...', '(objectClass=ar...', true)
#1 /usr/share/fusiondirectory/plugins/addons/dashboard/class_dashBoardSystems.inc(61): dashboardSystems->argonaut_stats()
#2 /usr/share/fusiondirectory/include/simpleplugin/class_simpleTabs.inc(92): dashboardSystems->__construct('', Object(dashboard), Object(tabs_dashboard), false)
#3 /usr/share/fusiondirectory/plugins/addons/dashboard/tabs_dashBoard.inc(25): simpleTabs->__construct('dashboard', '', NULL)
#4 /usr/share/fusiondirectory/include/class_objects.inc(311): tabs_dashboard->__construct('dashboard', '')
#5 /usr/share/fusiondirectory/include/simpleplugin/class_simplePlugin.inc(2106): objects::open('', 'dashboard')
#6 /usr/share/fusiondirectory/plugins/addons/dashboard/class_dashboard.inc(129): simplePlugin::mainInc('dashboard', '', true, false, 'dashboard')
#7 /usr/share/fusiondirectory/include/class_pluglist.inc(564): dashboard::mainInc()
#8 /usr/share/fusiondirectory/html/main.php(225): pluglist::runMainInc('44')
#9 {main}
```FusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/5942PHP >= 7.2 triggering error when count() is called with invalid countable2019-06-28T20:53:43ZbmortierPHP >= 7.2 triggering error when count() is called with invalid countableWith PHP > 7.2 count() returns a warning when called on an uncountable (https://secure.php.net/manual/en/function.count.php#refsect1-function.count-changelog)
### All credits for finding the problem goes to MCMic_w on #fusiondirectory #...With PHP > 7.2 count() returns a warning when called on an uncountable (https://secure.php.net/manual/en/function.count.php#refsect1-function.count-changelog)
### All credits for finding the problem goes to MCMic_w on #fusiondirectory ###
Traceback:
```=== Error === PHP error: count(): Parameter must be an array or an object that implements Countable (/usr/share/webapps/fusiondirectory/include/class_objects.inc, line 73)
=== /Error ===
=== Trace ===
Trace[1]:class objects / function ls
File : /usr/share/webapps/fusiondirectory/plugins/personal/roles/class_userRoles.inc
Line : 103
Type : static
array("ogroup"),"cn","dc=example,dc=de","(member=uid=aea-fd-admin,ou=people,dc=example,dc=de)"
Trace[2]:class userRoles / function __construct
File : /usr/share/webapps/fusiondirectory/include/simpleplugin/class_simpleTabs.inc
Line : 92
Type : method
"cn=cloud-user,ou=groups,dc=example,dc=de",CLASS: user,CLASS: simpleTabs,""
Trace[3]:class simpleTabs / function __construct
File : /usr/share/webapps/fusiondirectory/include/class_objects.inc
Line : 249
Type : method
"USER","uid=aea-fd-admin,ou=people,dc=example,dc=de"
Trace[4]:class objects / function open
File : /usr/share/webapps/fusiondirectory/include/simpleplugin/class_simpleManagement.inc
Line : 878
Type : static
"uid=aea-fd-admin,ou=people,dc=example,dc=de","USER"
Trace[5]:class simpleManagement / function editEntry
File : /usr/share/webapps/fusiondirectory/include/simpleplugin/class_simpleManagement.inc
Line : 929
Type : method
"edit",array(),array(array("uid=aea-fd-admin,ou=people,dc=example,dc=de"),"edit")
Trace[6]:class simpleManagement / function handleActions
File : /usr/share/webapps/fusiondirectory/include/simpleplugin/class_simpleManagement.inc
Line : 556
Type : method
array(array("uid=aea-fd-admin,ou=people,dc=example,dc=de"),"edit")
Trace[7]:class simpleManagement / function execute
File : /usr/share/webapps/fusiondirectory/include/simpleplugin/class_simpleManagement.inc
Line : 1339
Type : method
-
Trace[8]:class simpleManagement / function mainInc
File : /usr/share/webapps/fusiondirectory/plugins/admin/users/main.inc
Line : 22
Type : static
"userManagement"
Trace[9]:function require
File : /usr/share/webapps/fusiondirectory/html/main.php
Line : 284
Type : -
"/usr/share/webapps/fusiondirectory/plugins/admin/users/main.inc"
=== /Trace ====== Error === PHP error: count(): Parameter must be an array or an object that implements Countable (/usr/share/webapps/fusiondirectory/include/class_objects.inc, line 73)
=== /Error ===
=== Trace ===
Trace[1]:class objects / function ls
File : /usr/share/webapps/fusiondirectory/plugins/personal/roles/class_userRoles.inc
Line : 140
Type : static
array("role"),"cn","dc=example,dc=de","(roleOccupant=uid=aea-fd-admin,ou=people,dc=example,dc=de)"
Trace[2]:class userRoles / function __construct
File : /usr/share/webapps/fusiondirectory/include/simpleplugin/class_simpleTabs.inc
Line : 92
Type : method
"cn=cloud-user,ou=groups,dc=example,dc=de",CLASS: user,CLASS: simpleTabs,""
Trace[3]:class simpleTabs / function __construct
File : /usr/share/webapps/fusiondirectory/include/class_objects.inc
Line : 249
Type : method
"USER","uid=aea-fd-admin,ou=people,dc=example,dc=de"
Trace[4]:class objects / function open
File : /usr/share/webapps/fusiondirectory/include/simpleplugin/class_simpleManagement.inc
Line : 878
Type : static
"uid=aea-fd-admin,ou=people,dc=example,dc=de","USER"
Trace[5]:class simpleManagement / function editEntry
File : /usr/share/webapps/fusiondirectory/include/simpleplugin/class_simpleManagement.inc
Line : 929
Type : method
"edit",array(),array(array("uid=aea-fd-admin,ou=people,dc=example,dc=de"),"edit")
Trace[6]:class simpleManagement / function handleActions
File : /usr/share/webapps/fusiondirectory/include/simpleplugin/class_simpleManagement.inc
Line : 556
Type : method
array(array("uid=aea-fd-admin,ou=people,dc=example,dc=de"),"edit")
Trace[7]:class simpleManagement / function execute
File : /usr/share/webapps/fusiondirectory/include/simpleplugin/class_simpleManagement.inc
Line : 1339
Type : method
-
Trace[8]:class simpleManagement / function mainInc
File : /usr/share/webapps/fusiondirectory/plugins/admin/users/main.inc
Line : 22
Type : static
"userManagement"
Trace[9]:function require
File : /usr/share/webapps/fusiondirectory/html/main.php
Line : 284
Type : -
"/usr/share/webapps/fusiondirectory/plugins/admin/users/main.inc"
=== /Trace ===```FusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/5862filtering and "Unknown element type specified: !"2022-09-01T09:28:58Zbmortierfiltering and "Unknown element type specified: !"### Description
Fatal Error is thrown within a scenario where the search area is used
### Distribution Name and Version
Debian Strech
### FusionDirectory Version
1.2.1-1
### PHP version used
Stock, untouched PHP7 config
### Origi...### Description
Fatal Error is thrown within a scenario where the search area is used
### Distribution Name and Version
Debian Strech
### FusionDirectory Version
1.2.1-1
### PHP version used
Stock, untouched PHP7 config
### Origin of php packages
FD's own repositories
### Steps to Reproduce
Unfortunately, I can only reproduce the following with my specific LDAP content.
It doesn't occur on demo.fusiondirectory.org
1. Navigate to 'users'
2. Use the text area on the right and type a (known) username and click 'apply filter'.
3. Now change to 'systems' section.
4. Navigate back to 'users'
**Expected behavior:**
on step 4, I should get the filtered list of users
**Actual behavior:**
`Fatal error: Uncaught Exception: Unknown element type specified: ! in /usr/share/fusiondirectory/include/class_filter.inc:389 Stack trace: #0 /usr/share/fusiondirectory/include/class_listing.inc(484): filter->render() #1 /usr/share/fusiondirectory/include/simpleplugin/class_simpleManagement.inc(523): listing->render() #2 /usr/share/fusiondirectory/plugins/admin/users/class_userManagement.inc(119): simpleManagement->renderList() #3 /usr/share/fusiondirectory/include/simpleplugin/class_simpleManagement.inc(595): userManagement->renderList() #4 /usr/share/fusiondirectory/include/simpleplugin/class_simpleManagement.inc(1337): simpleManagement->execute() #5 /usr/share/fusiondirectory/plugins/admin/users/main.inc(22): simpleManagement::mainInc('userManagement') #6 /usr/share/fusiondirectory/html/main.php(280): require('/usr/share/fusi...') #7 {main} thrown in /usr/share/fusiondirectory/include/class_filter.inc on line 389`
At this point, if I point the browser to root's FD at /fusiondirectory, I got the red message:
```
Error Fatal error
FATAL: Error when connecting the LDAP. Server said 'Could not bind to (while operating on LDAP server )'.
Please fix the above error and reload the page.
```
If I reload that page, I got the login screen back again where I can login again BUT when I navigate to 'users' section I got the same Fatal Error as before again.
The only way to workaround the problem is to clear the cookie attached to fusiondirectory, and login again.
**Reproduces how often:**
100% but on the said system
### Additional Information
I can provide access to a test instance loaded with this data.FusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6137XSS in management filters2022-09-01T09:02:20ZbmortierXSS in management filtersI found a cross site scripting issue in FusionDirectory. You can
easily reproduce the issue with the following procedures:
1. Launch FusionDirectory 1.2.1
$ git clone https://github.com/hrektts/docker-fusiondirectory.git
$ docker-compo...I found a cross site scripting issue in FusionDirectory. You can
easily reproduce the issue with the following procedures:
1. Launch FusionDirectory 1.2.1
$ git clone https://github.com/hrektts/docker-fusiondirectory.git
$ docker-compose up -d
2. Open http://localhost:10080/fd/ with the Browser
3. Enter fd-admin / fdadminpwd to sign in
4. Go to "users" in the left menu
5. Input "et7s7'onfocus='alert(1)'autofocus='laqnc" to a textfield in
Filter on the right side
This issue might remain in the latest version. For fixing this issue,
the user input must be escaped properly.
Regards,
TakumiFusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6136Weak random generator use in fusiondirectory-setup2022-09-01T08:59:53ZbmortierWeak random generator use in fusiondirectory-setupÀ l'occasion d'une installation de Fusion Directory, j'ai vu qu'on
pouvait chiffrer le mot de passe d'accès au serveur LDAP.
Le script qui fait cela dans fusiondirectory-1.3 est
(contrib/bin/fusiondirectory-setup) tire une clé à l'aide ...À l'occasion d'une installation de Fusion Directory, j'ai vu qu'on
pouvait chiffrer le mot de passe d'accès au serveur LDAP.
Le script qui fait cela dans fusiondirectory-1.3 est
(contrib/bin/fusiondirectory-setup) tire une clé à l'aide de la
fonction get_random_string, définie à partir de la ligne 228 :
```
sub get_random_string {
my ($size) = @_;
$size = 32 if !$size;
my @chars = ("A".."Z", "a".."z", '.', '/', 0..9);
my $string;
$string .= $chars[rand @chars] for 1..$size;
return $string;
}
```
La fonction utilisée pour cela est rand (ligne juste au-dessus du
return). Comme le dit la documentation de rand
(https://perldoc.perl.org/functions/rand.html) :
> rand is not cryptographically secure. You should not rely on it in
> security-sensitive situations. As of this writing, a number of
> third-party CPAN modules offer random number generators intended by
> their authors to be cryptographically secure, including:
> Data::Entropy, Crypt::Random, Math::Random::Secure, and
> Math::TrulyRandom.
Le problème est que le résultat d'une fonction comme rand peuvent
relativement aisément se deviner. La vulnérabilité est ici
relativement mineure mais je vous suggère de corriger car cela n'est
pas très difficile : il suffit de faire appel à la fonction Random du
module Crypt, déjà utilisé dans ce script.
Cela dit :
- Je ne suis pas certain d'avoir bien compris toutes les implications
de ce chiffrement et de l'utilisation du module header d'apache pour
transmettre la clé de chiffrement à l'application. Est-ce que l'idée
est de résister à une faille qui permettrait de faire de la lecture
de fichiers arbitraires avec les droits du serveur mais pas de lire
les entêtes HTTP ?
- Dans tous les cas, stocker le mot de passe LDAP (chiffré ou non)
n'est pas l'idéal en terme de sécurité (c'est plutôt une
vulnérabilité importante) ; idéalement, c'est le mot de passe entré
par l'utilisateur de Fusion Directory qui devrait être utilisé
auprès du serveur LDAP et les droits devraient être gérés au niveau
du serveur LDAP. J'ai l'impression que ce n'est pas ce qui a été
fait mais j'imagine que c'est assez difficile à modifier après coup.
- Merci pour ce projet et merci d'en avoir fait un logiciel libre !
(Je l'ai découvert en aidant une association à monter son serveur
LDAP)
Très cordialement,
Judicaël Courant.FusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6135Security problems uncovered by audit2022-09-08T15:12:31ZbmortierSecurity problems uncovered by audit### Catégorie
<!-- Required -->
<!-- FusionDirectory, LemonLDAP, OpenLDAP, Infrastructure -->
fusiondirectory-security/fd~901
### Séverite
<!-- Required -->
<!-- Basse, Normal, High, Critical -->
fusiondirectory-security/fd~906
...### Catégorie
<!-- Required -->
<!-- FusionDirectory, LemonLDAP, OpenLDAP, Infrastructure -->
fusiondirectory-security/fd~901
### Séverite
<!-- Required -->
<!-- Basse, Normal, High, Critical -->
fusiondirectory-security/fd~906
### Quel est le problème rencontré ?
<!-- Required -->
<!-- Résumé votre problème ici -->
un audit suisse a decouvert quelques problemes de securite sur fusiondirectory
### Comment reproduire le problème ?
<!-- Required -->
<!-- Notez toutes les étapes pour reproduire le problème -->
lire le pdf joint
[FusionDirectory-1.3-Multiple-Flaws.pdf](/uploads/fac6d3ae3cb21985d4840d7f5be95a6f/FusionDirectory-1.3-Multiple-Flaws.pdf)FusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/user-manual/-/issues/202update the documentation for 1.3.12022-11-03T17:25:54Zbmortierupdate the documentation for 1.3.1Hello,
we need to update the documentation for installing 1.3.1
CheersHello,
we need to update the documentation for installing 1.3.1
CheersFusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/user-manual/-/issues/199put the fusiondirectory.conf manpage in the official documentation2023-03-14T22:50:53Zbmortierput the fusiondirectory.conf manpage in the official documentationHello,
we have a man page but no documentation in the online manual of the fusiondirectory.conf man page
This should be a whole section into the menu intitule FusionDirectory conf file
CheersHello,
we have a man page but no documentation in the online manual of the fusiondirectory.conf man page
This should be a whole section into the menu intitule FusionDirectory conf file
CheersFusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/dev-manual/-/issues/67update the certified distribution matrix2022-09-13T13:14:57Zbmortierupdate the certified distribution matrixHello,
due to change in the php support for 1.3.1 the distribution matrix must be updated
CheersHello,
due to change in the php support for 1.3.1 the distribution matrix must be updated
CheersFusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/dev-manual/-/issues/66clarify the php version supported for FusionDirectory 1.3.x2022-09-13T13:15:18Zbmortierclarify the php version supported for FusionDirectory 1.3.xhello,
we need to update our documentation as due to the recnt work FusionDirectory 1.3.1 will be only working on php 7.3
Cheershello,
we need to update our documentation as due to the recnt work FusionDirectory 1.3.1 will be only working on php 7.3
CheersFusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/user-manual/-/issues/194update the certified distribution matrix2023-09-28T18:28:27Zbmortierupdate the certified distribution matrixHello,
due to change in the php support for 1.3.1 the distribution matrix must be updated
CheersHello,
due to change in the php support for 1.3.1 the distribution matrix must be updated
CheersFusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/user-manual/-/issues/193clarify the php version supported for FusionDirectory 1.3.x2022-09-13T12:32:59Zbmortierclarify the php version supported for FusionDirectory 1.3.xhello,
we need to update our documentation as due to the recnt work FusionDirectory 1.3.1 will be only working on php 7.3
Cheershello,
we need to update our documentation as due to the recnt work FusionDirectory 1.3.1 will be only working on php 7.3
CheersFusionDirectory 1.3.1bmortierbmortier