Icingaweb_rememberme not working, cannot login after set "remember me"

Icinga Web
1

HI there, get following error:

SQLSTATE[42000]: Syntax error or access violation: 1142 DELETE command denied to user 'icinga_user'@'localhost' for table 'icingaweb_rememberme'

i createt the schema with this:

the user has “full access”… but the table stay’s empty after i use the switch “remember me”. after reopen the Browser the following error apears:

SQLSTATE[42000]: Syntax error or access violation: 1142 DELETE command denied to user 'icinga_user'@'localhost' for table 'icingaweb_rememberme'

#0 /usr/share/icinga-php/ipl/vendor/ipl/sql/src/Connection.php(401): PDO->prepare(String)
#1 /usr/share/icinga-php/ipl/vendor/ipl/sql/src/Connection.php(489): ipl\Sql\Connection->prepexec(String)
#2 /usr/share/php/Icinga/Web/RememberMe.php(293): ipl\Sql\Connection->delete(String, Array)
#3 /usr/share/php/Icinga/Web/RememberMe.php(84): Icinga\Web\RememberMe->remove(String)
#4 /usr/share/icingaweb2/application/controllers/AuthenticationController.php(63): Icinga\Web\RememberMe::forget()
#5 /usr/share/icingaweb2/library/vendor/Zend/Controller/Action.php(507): Icinga\Controllers\AuthenticationController->loginAction()
#6 /usr/share/php/Icinga/Web/Controller/Dispatcher.php(76): Zend_Controller_Action->dispatch(String)
#7 /usr/share/icingaweb2/library/vendor/Zend/Controller/Front.php(937): Icinga\Web\Controller\Dispatcher->dispatch(Object(Icinga\Web\Request), Object(Icinga\Web\Response))
#8 /usr/share/php/Icinga/Application/Web.php(304): Zend_Controller_Front->dispatch(Object(Icinga\Web\Request), Object(Icinga\Web\Response))
#9 /usr/share/php/Icinga/Application/webrouter.php(107): Icinga\Application\Web->dispatch()
#10 /usr/share/icingaweb2/public/index.php(4): require_once(String)
#11 {main}

some Infos:


root@icinga:/home/dani# icinga2 feature list
Disabled features: compatlog debuglog elasticsearch gelf graphite icingadb influxdb2 livestatus opentsdb perfdata statusdata syslog
Enabled features: api checker command ido-mysql influxdb mainlog notification

Web browser used -> all

root@icinga:/home/dani# cat /etc/os-release 
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster

r

oot@icinga:/home/dani# php --version
PHP 7.3.29-1~deb10u1 (cli) (built: Jul  2 2021 04:04:33) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.29, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.3.29-1~deb10u1, Copyright (c) 1999-2018, by Zend Technologies

icingaweb2/icinga-buster,now 2.9.3-1.buster

icinga2 - The Icinga 2 network monitoring daemon (version: r2.13.1-1)

Can you help me?

edit:

Database changed
MariaDB [icinga_users]> show tables;
+----------------------------+
| Tables_in_icinga_users     |
+----------------------------+
| icingaweb_group            |
| icingaweb_group_membership |
| icingaweb_rememberme       |
| icingaweb_user             |
| icingaweb_user_preference  |
+----------------------------+
5 rows in set (0.000 sec)

MariaDB [icinga_users]> SHOW GRANTS FOR icinga_user;
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `icinga_users`.* TO `icinga_user`@`localhost`
1 Like
2

problem is missing access right for icinga_user on icingaweb_rememberme

i made it in my environment like that:
GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE, ALTER ON icingaweb.* TO ‘icinga_user’@‘localhost’ IDENTIFIED BY ‘[Yourpassword]’;

replace the icingaweb with your icingaweb database

imho DOKU or schema should be updated here as i also had this issue but could fix it

3

HI

I got similar issue on CentOS 7 and PostgreSQL database. After enabling “Stay log in” at the login page, the following error show up when trying to re-login.

image
image2918×984 180 KB 

SQLSTATE[42P01]: Undefined table: 7 ERROR: relation "icingaweb_rememberme" does not exist
LINE 1: DELETE FROM icingaweb_rememberme WHERE random_iv = $1

I had to create the relation based on 2.9.0.sql.

The 2.9.0.sql script is not present on my system. I’m wondering if it is packaging issue.

$ ll /usr/share/icinga2-ido-pgsql/schema/upgrade/
total 56
-rw-r--r--. 1 root root   490 Aug  3 04:10 2.0.2.sql
-rw-r--r--. 1 root root   510 Aug  3 04:10 2.1.0.sql
-rw-r--r--. 1 root root   665 Aug  3 04:10 2.2.0.sql
-rw-r--r--. 1 root root  1144 Aug  3 04:10 2.3.0.sql
-rw-r--r--. 1 root root 10890 Aug  3 04:10 2.4.0.sql
-rw-r--r--. 1 root root  4136 Aug  3 04:10 2.5.0.sql
-rw-r--r--. 1 root root  9031 Aug  3 04:10 2.6.0.sql
-rw-r--r--. 1 root root  1415 Aug  3 04:10 2.8.0.sql
-rw-r--r--. 1 root root   797 Aug  3 04:10 2.8.1.sql

Then I updated permissions for the Icinga IDO DB user to allow SELECT,INSERT,UPDATE,DELETEon the new table.

After that, I managed to login again.

My system information for your information:

$ icinga2 --version
icinga2 - The Icinga 2 network monitoring daemon (version: 2.13.0-1)

Copyright (c) 2012-2021 Icinga GmbH (https://icinga.com/)
License GPLv2+: GNU GPL version 2 or later <https://gnu.org/licenses/gpl2.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

System information:
  Platform: CentOS Linux
  Platform version: 7 (Core)
  Kernel: Linux
  Kernel version: 3.10.0-1127.18.2.el7.x86_64
  Architecture: x86_64

Build information:
  Compiler: GNU 4.8.5
  Build host: runner-hh8q3bz2-project-322-concurrent-0
  OpenSSL version: OpenSSL 1.0.2k-fips  26 Jan 2017

Application information:

General paths:
  Config directory: /etc/icinga2
  Data directory: /var/lib/icinga2
  Log directory: /var/log/icinga2
  Cache directory: /var/cache/icinga2
  Spool directory: /var/spool/icinga2
  Run directory: /run/icinga2

Old paths (deprecated):
  Installation root: /usr
  Sysconf directory: /etc
  Run directory (base): /run
  Local state directory: /var

Internal paths:
  Package data directory: /usr/share/icinga2
  State path: /var/lib/icinga2/icinga2.state
  Modified attributes path: /var/lib/icinga2/modified-attributes.conf
  Objects path: /var/cache/icinga2/icinga2.debug
  Vars path: /var/cache/icinga2/icinga2.vars
  PID path: /run/icinga2/icinga2.pid


$ icingacli --version
Icinga Web 2  2.9.3     
Git Commit    c757a17530c326c7d6daebd6171486cb8167a8a1 
PHP Version   7.3.20    
MODULE       VERSION   
aws          1.1.0     
director     1.8.1     
grafana      1.4.2     
incubator    0.6.0     
ipl          v0.5.0    
monitoring   2.9.3     
pnp          1.0.1     
reactbundle  dev-master

Cheers

1 Like
4

@Mickael
Hi and welcome to the forum. Tomabg already postet a solution that should fix your problem, if I understand your issue correctly. Did you try running the GRANT yet?

@icingianer did you get around to try it yet? If so, we would love to hear an update - and have the solution marked as one if it worked for you.

5

Hi @theFeu

As I described above, I fixed my problem on CentOS7/Postgres. I posted what did to help others.

Cheers

6

i try’d to manage the access like as described from tomabg, but it did not work. so i go with phpmyadmin and get the needed right’s for the user, now it’s working for me.

7

my only solution was to grant rights without password like the other grants for icingaweb@localhost

GRANT SELECT, INSERT, UPDATE, DELETE ON icingaweb_db.icingaweb_rememberme TO icingaweb@localhost;

1 Like
8

Adding to the list of solutions - I renamed the icingaweb2 database and its owner, but did not rename the table owner afterwards, which is apparently a thing in PGSQL.