Re: [Bacula-users] Baculum 401 Unauthorized

Thu, 09 Mar 2023 11:16:16 -0800 

Hello Adam,

Thanks for your detailed report.

Described behavior is not dangerous but I agree that it is not too natural.
It will be fixed in the next release.

For now if you want you can try a patch. I am sending it in attachment. It
should help for this problem.

Best regards,
Marcin Haba (gani)

On Tue, 7 Mar 2023 at 14:36, Adam Weremczuk <ad...@matrixscience.com> wrote:

> Hi all,
>
> Bacula 9.6.7
> Baculum 9.6.6
> Debian 11.6
>
> It installed and configured fine:
>
> - Catalog API
> - Console API
> - Config API
> - Actions (start, stop restart Bacula services): skipped
> - Custom SSL cert added for ports 9095 and 9096
>
> Bacula and Bacula Web seem to be working fine (backups, restores, tape
> management, listings etc.).
>
> I've noticed though bursts of 8 x 401 errors
> /var/log/apache2/baculum-api-access.log happening every minute, e.g:
>
> 192.168.x.x - - [06/Mar/2023:16:35:09 +0000] "GET
> /api/v1/pools?director=bacula-dir HTTP/1.1" 401 3597 "-" "-"
> 192.168.x.x - - [06/Mar/2023:16:35:09 +0000] "GET
> /api/v1/jobs/totals?director=bacula-dir HTTP/1.1" 401 3597 "-" "-"
> 192.168.x.x - - [06/Mar/2023:16:35:09 +0000] "GET
> /api/v1/dbsize?director=bacula-dir HTTP/1.1" 401 3597 "-" "-"
> 192.168.x.x - - [06/Mar/2023:16:36:09 +0000] "GET
> /api/v1/jobs?director=bacula-dir HTTP/1.1" 401 3597 "-" "-"
> 192.168.x.x - - [06/Mar/2023:16:36:09 +0000] "GET
> /api/v1/jobs/?jobstatus=CR&director=bacula-dir HTTP/1.1" 401 3597 "-" "-"
> 192.168.x.x - - [06/Mar/2023:16:36:09 +0000] "GET
> /api/v1/clients?director=bacula-dir HTTP/1.1" 401 3597 "-" "-"
> 192.168.x.x - - [06/Mar/2023:16:36:09 +0000] "GET
> /api/v1/pools?director=bacula-dir HTTP/1.1" 401 3597 "-" "-"
>
> 192.168.x.x is the IP of Bacula director.
>
> No clues in error logs from the same day:
>
> cat /var/log/apache2/error.log.1
> [Mon Mar 06 00:00:01.618268 2023] [mpm_prefork:notice] [pid 1881723]
> AH00163: Apache/2.4.54 (Debian) OpenSSL/1.1.1n configured -- resuming
> normal operations
> [Mon Mar 06 00:00:01.618291 2023] [core:notice] [pid 1881723] AH00094:
> Command line: '/usr/sbin/apache2'
> [Tue Mar 07 00:00:02.124967 2023] [mpm_prefork:notice] [pid 1881723]
> AH00171: Graceful restart requested, doing restart
>
> cat /var/log/apache2/baculum-api-error.log.1
> [Mon Mar 06 00:00:01.618032 2023] [ssl:warn] [pid 1881723] AH01909:
> localhost:443:0 server certificate does NOT include an ID which matches
> the server name
>
> cat /var/log/apache2/baculum-web-error.log.1
> [Mon Mar 06 00:00:01.617261 2023] [ssl:warn] [pid 1881723] AH01909:
> localhost:443:0 server certificate does NOT include an ID which matches
> the server name
>
>
> Daily AIDE log digest gives me this:
>
>   --------------------- httpd Begin ------------------------
>
>   64.55 MB transferred in 12133 responses  (1xx 0, 2xx 6639, 3xx 6, 4xx
> 5488, 5xx 0)
>          7 Images (0.03 MB),
>       3553 Content pages (15.71 MB),
>       8573 Other (48.81 MB)
>
>   Requests with error response codes
>      400 Bad Request
>         /: 2 Time(s)
>      401 Unauthorized
>         /api/v1/jobs/?jobstatus=CR&director=bacula-dir: 869 Time(s)
>         /api/v1/clients?director=bacula-dir: 823 Time(s)
>         /api/v1/jobs?director=bacula-dir: 817 Time(s)
>         /api/v1/dbsize?director=bacula-dir: 812 Time(s)
>         /api/v1/jobs/totals?director=bacula-dir: 812 Time(s)
>         /api/v1/pools?director=bacula-dir: 812 Time(s)
>         /api/v1/status/client/?name=client1-fd&type= ...
> ector=bacula-dir: 148 Time(s)
>         /api/v1/clients/4?director=bacula-dir: 74 Time(s)
>         /api/v1/jobs/?name=restore&limit=15000&director=bacula-dir: 50
> Time(s)
>         /api/v1/joblog/64/?show_time=0&director=bacula-dir: 43 Time(s)
>         /api/v1/jobs/64?director=bacula-dir: 42 Time(s)
>         /api/v1/config?director=bacula-dir: 19 Time(s)
> (...)
>
> What authorization is missing and how to fix it?
>
> Regards,
> Adam
>
>
> _______________________________________________
> Bacula-users mailing list
> Bacula-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bacula-users
>


-- 
"Greater love hath no man than this, that a man lay down his life for his
friends." Jesus Christ

"Większej miłości nikt nie ma nad tę, jak gdy kto życie swoje kładzie za
przyjaciół swoich." Jezus Chrystus

diff --git a/gui/baculum/protected/Web/Modules/BaculumAPIClient.php b/gui/baculum/protected/Web/Modules/BaculumAPIClient.php
index 61c19cf877..5c5c2e17d7 100644
--- a/gui/baculum/protected/Web/Modules/BaculumAPIClient.php
+++ b/gui/baculum/protected/Web/Modules/BaculumAPIClient.php
@@ -97,8 +97,8 @@ class BaculumAPIClient extends WebModule {
 		if (count($host_cfg) > 0 && $host_cfg['auth_type'] === 'basic') {
 			$userpwd = sprintf('%s:%s', $host_cfg['login'], $host_cfg['password']);
 			curl_setopt($ch, CURLOPT_USERPWD, $userpwd);
+			curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
 		}
-		curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
 		curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
 		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
 		curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users






















					Reply via email to