Tranquil IT Forum

Published: **June 5, 2019 - 09:39**

Hi, hello, good evening, I'm back after tearing out what little hair I have left.
So I have some news.
I finally managed to decrypt the key without a password; it's not particularly secure, but it's a demo. So I modified my PHP code to include the line
sudo -u wapt /opt/wapt/bin/python /opt/wapt/testarg.py 0019ECDE-E109-DE11-AEAF-0025111B87F7add remove
(command I created to automate everything)
The problem is, the command returns nothing and doesn't work, so I took the initiative and discovered that for some reason, no matter what rights I grant it, nginx cannot do sudo.
The solution I used was to modify the user in php-fpm using wapt.
If I run the `whoami` command on the PHP script, it returns `wapt`, so I'm using the correct user. I also modified my command by..
/opt/wapt/bin/python /opt/wapt/testarg.py 0019ECDE-E109-DE11-AEAF-0025111B87F7add remove
since sudo is supposed to be unnecessary.
And surprisingly, it still doesn't work.
So I modified the /etc/passwd file to allow the connection with the wapt user so that I could connect and test the command directly on the console.
And surprisingly, it works!
So I assumed that something in Python was blocking PHP.
So I added print statements to each line of my code:

Code: Select all

from waptpackage import PackageEntry,WaptLocalRepo
from waptcrypto import SSLCABundle,SSLPrivateKey,SSLCertificate
import sys
arg=""
#Configuration
certpub="/opt/wapt/wapt.crt"
privatekey="/opt/wapt/wapt.pem"

if len(sys.argv)>2:
        for i in sys.argv:
                if not i==sys.argv[0]:
                        arg=arg+i+" "
        arg=arg.split("add")
        print("1")
        option=arg[1].split("remove")
        print("2")
        uuid_machine=arg[0]
        print("3")
        adddepend=option[0].split(" ")
        print("4")
        removedepend=option[1].split(" ")
        print("5")
        adddepend.remove("")
        print("6")
        removedepend.remove("")
        print("7")
        adddepend.remove("")
        print("8")
        removedepend.remove("")
        print("9")
        ca_bundle = SSLCABundle()
        print("10")
        signers_bundle = SSLCABundle()
        print("11")
        signers_bundle.add_certificates_from_pem(pem_filename=certpub)
        print("12")
        key = SSLPrivateKey(privatekey)
        print("13")
        pe = PackageEntry(waptfile = "/var/www/html/wapt-host/%s.wapt" % uuid_machine)
        print("14")
        depends = pe.depends.split(',')
        print("15")
        if len(adddepend)>0:
                print("16")
                for dep in adddepend:
                         if not dep in depends:
                                depends.append(dep)

        if not len(removedepend)<=0:
                print("17")
                for dep in removedepend:
                        if dep in depends:
                                depends.remove(dep)
        print("18")
        pe.depends = ','.join(depends)
        print("19")
        pe.inc_build()
        print("20")
        pe.sign_package(private_key=key,certificate = signers_bundle.certificates())
        print("21")
        print("Modification reussite")
else:
        print("Erreur pas assez d arguments ont ete saisis")

And PHP returns:
/opt/wapt/bin/python /opt/wapt/testarg.py 0019ECDE-E109-DE11-AEAF-0025111B87F7add remove1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 18 19 20
Which means it's stuck here:

Code: Select all

pe.sign_package(private_key=key,certificate = signers_bundle.certificates())

Any idea why PHP is blocking as a WAPT user here?

System: CentOS 7
Wapt version: 1.7.4
PHP version: 7.2.19

Published: **June 11, 2019 - 3:10 PM**

Hello! I've solved my problem:
1) Selinux blocks PHP
2) I changed the script execution method, so it works now. There's more info on what I did here: (https://github.com/jojojojojota/waptwebpanel)

But I'm encountering a problem.
On my website (on the pc.php page) I use the API to display the packages installed or not installed on a machine (/api/v1/hosts)
However, I'm encountering a problem; sometimes the API doesn't update, as in this case:

: waptbug.PNG (56.19 KB) Viewed 3861 times

So after 25 minutes the API still hasn't changed and displays 3 dependent packages while the machine has 5.
There you go.
Have a good rest of the day

Published: **June 11, 2019 - 5:08 PM**

When you create a machine package, it is up to you to populate the dependency table

Tranquil IT Forum

Wapt API for web interface

Re: Wapt API for web interface

Re: Wapt API for web interface

Re: Wapt API for web interface