bWAPP on my live webserver is tossing me an sql error - apache

I am trying to put bWAPP on my spare webserver for me and my friends to use.
It's locked by a password and stuff, so only people who know it can use it.
Here's the configuration I have right now.
$db_server = "atroxis.net";
$db_username = "ethereal_atrox";
$db_password = "(redacted)";
$db_name = "ethereal_bwapp";
The password is right, I just redacted it.
I keep getting this SQL error.
Connection failed: Access denied for user 'ethereal_atrox'#'51.38.85.24' (using password: YES)
Anyone have any ideas?

Try to put:
$db_server = "localhost";
and reload apache.
If it doesn't work, verify the file connect.php and change myql_ for mysqli_

Related

Using Ansible on windows with domain user

I'm starting to learn Ansible but the documentation is not too helpful.
I have installed the control machine on RHEL and created the necessary hosts file and windows.yml.
But when trying to connect to the remote Windows server to get a pong back I get the following error:
[root#myd666 ansible_test]# ansible windows -i hosts -m win_ping
hostname | UNREACHABLE! => {
"changed": false,
"msg": "ssl: the specified credentials were rejected by the server",
"unreachable": true
}
After Installing python-kerberos dependencies,
I now get this Error:
hostname | UNREACHABLE! => {
"changed": false,
"msg": "Kerberos auth failure: kinit: KDC reply did not match expectations while getting initial credentials",
"unreachable": true
}
My windows.yml file contains:
# it is suggested that these be encrypted with ansible-vault:
# ansible-vault edit group_vars/windows.yml
ansible_ssh_user: user#MYDOMAIN.NET
ansible_ssh_pass: password
ansible_ssh_port: 5986
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
Am I doing anything wrong with the syntax of Domain\user? Maybe I forgot to install something on the Windows machine? I only ran the ConfigureRemotingForAnsible.ps1 script, and Python is not installed there.
This is my krb5.conf file:
[libdefaults]
default_realm = MYDOMAIN.NET
#dns_lookup_realm = true
#dns_lookup_kdc = true
[realms]
MYDOMAIN.NET = {
kdc = dc1.mydomain.net
default_domain = hpeswlab.net
}
[domain_realm]
.mydomain.net = MYDOMAIN.NET
mydomain.net = MYDOMAIN.NET
And I do get a token using Kinit:
kinit -C user#MYDOMAIN.NET
klist
Klist output:
Valid starting Expires Service principal
01/31/2017 11:25:33 01/31/2017 21:25:33 krbtgt/MYDOMAIN.NET#MYDOMAIN.NET
renew until 02/01/2017 11:25:29
In windows.yml, please double-check and ensure that the ansible_ssh_user: user#MYDOMAIN.NET line does indeed have the realm MYDOMAIN.NET in upper case. Somewhere, the realm request to the KDC is being sent in lower case instead of upper case causing the 'KDC reply did not match expectations..' error.
In krb5.conf, case-sensitivity is also important. First I'll note that since the KDC name is the name of an IP host, so it needs to be specified as a fully-qualified host name, like in the example shown below. It assumes your KDC is named "dc1.mydomain.net". Next, the domain name should only be in lower case. On the other hand, Kerberos Realm names need be in upper case - if the realm name is incorrectly specified in lower case in this file that is another reason you may get this error message. Please modify your entire krb5.conf to look like that shown below (changing only "dc1" to the actual name) and it should work. Side note: You do not necessarily need the two dns_lookup_ lines in your krb5.conf, so please comment them out per the below. Those are fallback mechanisms only as per the MIT Kerberos Documentation and may actually cause issues in your simple use case. After modifying either configuration file, make sure to restart the Ansible engine before testing again.
[libdefaults]
default_realm = MYDOMAIN.NET
#dns_lookup_realm = true
#dns_lookup_kdc = true
[realms]
MYDOMAIN.NET = {
kdc = dc1.mydomain.net
default_domain = mydomain.net
}
[domain_realm]
.mydomain.net = MYDOMAIN.NET
mydomain.net = MYDOMAIN.NET
Please refer to this MIT reference for how to properly set up the krb5.conf: Sample krb5.conf File
In the Hosts file, check to ensure your IP to name mappings are correct. Per the RFCs, Kerberos requires a properly functioning DNS, and you are at risk of shortchanging that if your Hosts file has outdated entries in it.
Finally, though I wasn't able to tell which version of Ansible you were using, I did some research and found that "Ansible 2.0 has deprecated the “ssh” from ansible_ssh_user, ansible_ssh_host, and ansible_ssh_port to become ansible_user, ansible_host, and ansible_port." This could certainly be part of the problem. See: Ansible on Windows Documentation

nginx: not ask password for localnet + satisfy any cause 403

I try to solve problem similar to described here:
Nginx authentication except those on local network
I protect all my site with ldap auth,
but I want one "location" to make available without
auth for localnet, so I have config like this:
server {
auth_ldap "LDAP Authentication";
auth_ldap_servers auth1;
location /for_localnet/ {
satisfy any;
allow 192.168.0.0/16;
deny all;
#I try with and without lines bellow
auth_ldap "LDAP Authentication";
auth_ldap_servers auth1;
}
}
It works as expected for "localnet(192.168.x.x)", but for
access from internet it shows error 403, if I open http://site/for_localnet/.
So I have to open "http://site" it ask password, and after that I can open
http://site/for_localnet/, so question how to force nginx to ask password
when I open "http://site/for_localnet/" from internet?
The problem was in bug in nginx 1.4.6 (default for Ubuntu 14.04.2 LTS).
It is described here: http://trac.nginx.org/nginx/ticket/285

LDAP configuration for Gerrit?

Since google has stopped the openID support for gerrit, i am trying to use LDAP for the same now. I have IP and port number of the LDAP server. But i don't know how to start now.
I also need help to update my etc/gerrit_config file:
[auth]
type = ldap
[ldap]
server = ldap://[IP]
accountBase = ou=people,dc=domain,dc=com
groupBase = ou=groups,dc=domain,dc=com
referral = follow
accountPattern = (uid=${username})
groupPattern = (cn=${groupname})
accountFullName = cn
accountMemberField = memberOf
accountEmailAddress = mail
Since i am a newbie for ldap, could someone please help me in the same.
Thanks!!
At work I am running a gerrit instance that uses one of our work LDAPs for authentication. I use a configuration like this:
[ldap]
server = ldap://xxx.OurDomain.com
username = CN=ldapread,DC=OurDomain,DC=com
password = NotShownHere
accountBase = DC=OurDomain,DC=com
groupBase = DC=OurDomain,DC=com
The key point is that you need an LDAP user that is permitted to read from the LDAP and put the coordinates of that user into the config.
In our case, I obtained these coordinates from a know to work Apache httpd config file. In your case, you may have to ask your LDAP admin for suitable credentials.

Cant connect to database pymysql using a .my.cnf file

This function should connect to database because I've used an exception I'll get my own created message, when incorrect input is found. But when I remove try and except I get : "Acces denied for /'user/'#'/'localhost' (using password : NO).
It seems that it doesnt read my password I have no clue why a little help will be appreciated. Without this file connection to the database works fine without any errors.
try:
self.conn = pymysql.connect(read_default_file="~/my.cnf")
self.curr = self.conn.cursor()
except pymysql.err.OperationalError :
sys.exit("Invalid Input: Wrong username/database or password found, please try again")
Information found in the .my.cnf file is :
[client]
host = 'localhost'
port = 3306
user = myusername
password = "mypassword"
You used:
pymysql.connect(read_default_file="~/my.cnf")
You should have used:
pymysql.connect(read_default_file='~/.my.cnf')
-------------------------------------^
Note the missing dot in the filename. You were just loading a different or non existent file.
The ~ is being expanded as shown here:
https://github.com/PyMySQL/PyMySQL/blob/18b62f6e1d6f65b403c9e8b650f4c3bb27b665e7/pymysql/connections.py#L619
Also I can confirm that no quotes or spaces are required in the .my.cnf file:
echo -e "[client]\nuser=root\npassword=defaultrootpwd" > ~/.my.cnf
First off, can you connect to your database using the following command.
import pymysql
conn = pymysql.connect(host='localhost',
port=3306,
user='myusername',
passwd='mypasswd')
If that doesn't work, then you might have some other problem (for instance, your database may be configured to only connect via socket for local clients)
As for the config file, I think this will work if you remove the quotation marks, like this:
[client]
host = localhost
port = 3306
user = myusername
password = mypassword
I saved your config file as test.cnf and ran the following code
# test.cnf
[client]
host = 'localhost'
port = 3306
user = myusername
password = "mypassword"
$ python3
>>> import configparser
>>> reader = configparser.RawConfigParser()
>>> reader.read('test.cnf')
>>> reader.get('client', 'host')
"'localhost'"
>>> reader.get('client', 'user')
'myusername'
As you can see, the config parser is treating quotes as part of the value.
Update: Workaround
The OP mentioned the provided solution (i.e. removal of quotes did not solve the problem he was facing). Here's a workaround that achieves separation of configuration / connection properties from program logic.
Save the configuration in a python file called dbsettings.py.
# dbsettings.py
connection_properties = {
'host': 'localhost',
'port': 3306,
'user': 'myusername',
'passwd': 'mypassword'
}
And then in your main program use the following lines for setting up the connection.
try:
from dbsettings import connection_properties
self.conn = pymysql.connect(**connection_properties)
self.curr = self.conn.cursor()
except pymysql.err.OperationalError :
sys.exit("Invalid Input: Wrong username/database or password found, please try again")
If your entire program is written in python, then this allows the same separation of connection / config info from program logic as using the my.cnf method, and it is just as flexible if not mroe so. However, if other non python scripts need to reference the my.cnf file, then you'll have to maintain two separate mysql config files.

Only show repos in gitweb that user has access to via Gitolite

I have gitolite setup and working with SSH key based auth. I can control access to repos via the gitolite-admin.git repo and the conf file. All of this works great over SSH but I would like to use GitWeb as a quick way to view the repos.
GitWeb is working great now but shows all repositories via the web interface. So my goal here is to:
Authenticate users in apache2 via PAM, I already have the Ubuntu server authenticating aginst AD and all the users are available. This should not be an issue.
Use the user name logged in with the check gitolite permissions
Display apropriate REPOS in the web interface.
Does anyone have a starting point for this? The Apache part shouldn't be difficult, and I'll set it to auth all fo the /gitweb/ url. I dont know how to pass that username around and authorize it against gitolite. Any ideas?
Thanks,
Nathan
Yes, it is possible, but you need to complete the gitweb config scripts in order to call gitolite.
The key is in the gitweb_config.perl: if that file exists, gitweb will include and call it.
See my gitweb/gitweb_config.perl file:
our $home_link_str = "ITSVC projects";
our $site_name = "ITSVC Gitweb";
use lib (".");
require "gitweb.conf.pl";
In gitweb/gitweb.conf.pl (custom script), I define the official callback function called by gitweb: export_auth_hook: that function will call gitolite.
use Gitolite::Common;
use Gitolite::Conf::Load;
#$ENV{GL_USER} = $cgi->remote_user || "gitweb";
$export_auth_hook = sub {
my $repo = shift;
my $user = $ENV{GL_USER};
# gitweb passes us the full repo path; so we strip the beginning
# and the end, to get the repo name as it is specified in gitolite conf
return unless $repo =~ s/^\Q$projectroot\E\/?(.+)\.git$/$1/;
# check for (at least) "R" permission
my $ret = &access( $repo, $user, 'R', 'any' );
my $res = $ret !~ /DENIED/;
return ($ret !~ /DENIED/);
};
From the comments:
GL_USER is set because of the line:
$ENV{GL_USER} = $cgi->remote_user || "gitweb";
$cgi->remote_user will pick the environment REMOTE_USER set by any Apache Auth module which has completed the authentication (like in this Apache configuration file).
You can print it with a 'die' line.
"Could not find Gitolite/Rc.pm" means the INC variable used by perl doesn't contain $ENV{GL_LIBDIR}; (set to ~/gitolite/lib or <any_place_where_gitolite_was_installed>/lib).
That is why there is a line in the same gitweb/gitweb.conf.pl file which adds that to INC:
unshift #INC, $ENV{GL_LIBDIR};
use lib $ENV{GL_LIBDIR};
use Gitolite::Rc;
Edit from Nat45928: in my case I needed to insert my home path into all the '#H#' entries. That solved all of my issues right away.