Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrity Check Failed when trying to copy password #767

Closed
sivanovie opened this issue Oct 24, 2017 · 14 comments
Closed

Integrity Check Failed when trying to copy password #767

sivanovie opened this issue Oct 24, 2017 · 14 comments
Labels
triage/need-test

Comments

@sivanovie
Copy link

Hi,
I am getting

Integrity Check Failed

when attempting to view or copy passwords. I found that if I duplicate the account the new account (no changes) is working just fine. I then tried to export, delete and import back the accounts with no success.

This is not an update, it is a fresh install:
syspass version

2.1 (2.1.15.17101701)
SERVER_VERSION : 5.7.20
CLIENT_VERSION : mysqlnd 5.0.12-dev - 20150407

database version

SERVER_INFO : Uptime: 213725 Threads: 1 Questions: 20458 Slow queries: 0 Opens: 603 Flush tables: 1 Open tables: 594 Queries per second avg: 0.095
CONNECTION_STATUS : Localhost via UNIX socket

php version

Version: 7.0.24
Extensions: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, session, standard, apache2handler, bz2, calendar, ctype, curl, dom, mbstring, fileinfo, ftp, gd, gettext, iconv, json, ldap, exif, mcrypt, mysqlnd, PDO, Phar, SimpleXML, sockets, sqlite3, tokenizer, xml, xmlwriter, xsl, mysqli, pdo_mysql, pdo_sqlite, wddx, xmlreader
Used Memory: 2048 KB
User: root

syspass.log

2017-10-22 16:54:49 - Error while querying
SQLSTATE[23000]: Integrity constraint violation: 1451 Cannot delete or update a parent row: a foreign key constraint fails (syspass.accHistory, CONSTRAINT fk_accHistory_users_edit_id FOREIGN KEY (acchistory_userEditId) REFERENCES usrData (user_id)) (0)
Caller 1: SP\Storage\DB\logDBException
Caller 2: SP\Storage\DB\getQuery
Caller 3: SP\Mgmt\Users\User\delete
Caller 4: SP\Controller\ItemActionController\userAction
Caller 5: SP\Controller\ItemActionController\doAction
2017-10-22 16:54:49 - SQL : 'DELETE FROM usrData WHERE user_id = ? LIMIT 1'
2017-10-22 22:01:49 - Decryption error
2017-10-22 22:34:21 - Decryption error
2017-10-23 08:12:32 - Integrity check failed.
2017-10-23 08:12:52 - Integrity check failed.
2017-10-23 08:13:08 - Integrity check failed.
2017-10-23 08:15:19 - Integrity check failed.
2017-10-23 08:15:45 - Integrity check failed.
2017-10-23 08:16:48 - Integrity check failed.
2017-10-23 08:16:55 - Integrity check failed.
2017-10-23 08:17:05 - Integrity check failed.
2017-10-23 08:17:12 - Integrity check failed.
2017-10-23 08:17:25 - Integrity check failed.
2017-10-23 08:17:31 - Integrity check failed.
2017-10-23 08:17:36 - Integrity check failed.
2017-10-23 08:17:49 - Integrity check failed.
2017-10-23 08:18:11 - Integrity check failed.
2017-10-23 08:18:19 - Integrity check failed.
2017-10-23 08:18:32 - Integrity check failed.
2017-10-23 08:19:04 - Integrity check failed.
2017-10-23 08:19:08 - Integrity check failed.
2017-10-23 08:21:03 - Integrity check failed.
2017-10-23 08:23:00 - Integrity check failed.
2017-10-23 08:30:19 - Integrity check failed.
2017-10-23 10:39:45 - Integrity check failed.
2017-10-23 10:42:58 - Integrity check failed.
2017-10-23 10:45:08 - Integrity check failed.
2017-10-23 10:45:47 - Integrity check failed.
2017-10-23 10:46:27 - Integrity check failed.
2017-10-24 11:05:58 - Integrity check failed.
2017-10-24 11:07:08 - Integrity check failed.
2017-10-24 11:07:43 - Integrity check failed.
2017-10-24 11:07:54 - Integrity check failed.
2017-10-24 11:09:02 - Integrity check failed.
2017-10-24 11:14:12 - Integrity check failed.
2017-10-24 11:24:01 - Integrity check failed.
2017-10-24 11:24:04 - Integrity check failed.
2017-10-24 11:31:19 - Integrity check failed.
2017-10-24 11:32:39 - Integrity check failed.

I went through all issues with same error message but none of those seem related to me. This was working fine for a day and then just stopped working. The only noticeable change on the system at that time was integration with LDAP.

Greetings!
Stan
@nuxsmin
Copy link
Owner

nuxsmin commented Oct 24, 2017

Hi,

integrity check failed error is triggered when the encryption key is wrong or corrupted, so it seems that your user's master key doesn't match with the one used on the accounts. Did you try it with a non LDAP user?, Did you recently change the master key?.

Newly created accounts work fine since you're encrypting them with the "good" key (but it doesn't need to be the correct one)

Greetings

@sivanovie
Copy link
Author

Thanks for the prompt reply. Yes I am actually using a non-LDAP user (admin) to do this and it fails for existing accounts. Yes the master password (not key) was changed on multiple occasions.

@nuxsmin
Copy link
Owner

nuxsmin commented Oct 25, 2017

Here you have a piece of code that would show the current master password used by the user logged in:

https://gist.github.com/nuxsmin/ca59f3754312fb6d54b2cf45283bf754

This file is placed within inc/themes/material-blue/views/common directory. You need to enable debug mode too.

Debug data will be only displayed to application admin users.

@sivanovie
Copy link
Author

DEBUG showed the same master password (non LDAP admin) as the one currently configured on the system.

@sivanovie
Copy link
Author

syspass.log now I see (although some days old):

2017-10-22 12:19:01 - Setup log file: /var/www/html/syspass/inc/../config/syspass.log
2017-10-22 12:19:01 - initError
2017-10-22 12:19:01 - Required PHP version >= 5.6.0 <= 7.0
2017-10-22 12:19:01 - Please update the PHP version to run sysPass
2017-10-22 12:36:02 - Exception: No es posible conectar con la BD - Compruebe los datos de conexión
2017-10-22 12:36:02 - #0 SP\Storage\DB->prepareQueryData() called at [/var/www/html/syspass/inc/SP/Storage/DB.class.php:150]
#1 SP\Storage\DB->doQuery() called at [/var/www/html/syspass/inc/SP/Storage/DB.class.php:105]
#2 SP\Storage\DB::getResults() called at [/var/www/html/syspass/inc/SP/Storage/DB.class.php:81]
#3 SP\Storage\DB::getResultsArray() called at [/var/www/html/syspass/inc/SP/Mgmt/Plugins/Plugin.class.php:287]
#4 SP\Mgmt\Plugins\Plugin->getEnabled() called at [/var/www/html/syspass/inc/SP/Core/Plugin/PluginUtil.class.php:185]
#5 SP\Core\Plugin\PluginUtil::getEnabledPlugins() called at [/var/www/html/syspass/ajax/ajax_getEnvironment.php:54]

2017-10-22 12:36:02 - Error while querying
No es posible conectar con la BD (0)
Caller 1: SP\Storage\DB\logDBException
Caller 2: SP\Storage\DB\getResults
Caller 3: SP\Storage\DB\getResultsArray
Caller 4: SP\Mgmt\Plugins\Plugin\getEnabled
Caller 5: SP\Core\Plugin\PluginUtil\getEnabledPlugins
2017-10-22 12:36:02 - SQL : SELECT plugin_name FROM plugins WHERE BIN(plugin_enabled) = 1
2017-10-22 12:36:02 - Action: getResultsArray -- Description: Error while querying
No es posible conectar con la BD (0) -- Details: SQL : SELECT plugin_name FROM plugins WHERE BIN(plugin_enabled) = 1
2017-10-22 12:40:41 - Action: Configuration -- Description: Update Configuration -- Details:
2017-10-22 12:40:43 - Action: Configuration -- Description: Update Configuration -- Details: Parameter : version
Value : 211517101701
2017-10-22 12:40:43 - Action: Configuration -- Description: Update Configuration -- Details: Parameter : config_backup
2017-10-22 12:40:43 - Action: Configuration -- Description: Update Configuration -- Details: Parameter : config_backupdate
Value : 1508676043
2017-10-22 12:40:44 - initError
2017-10-22 12:40:44 - The application needs to be updated
2017-10-22 12:40:44 - If you are an administrator, click on the link: Update

@nuxsmin
Copy link
Owner

nuxsmin commented Oct 25, 2017

Ummm, what version was running when the upgrade process took place?. Please let me know the steps you followed before you noticed the passwords were wrong.

Regards.

@sivanovie
Copy link
Author

I didn't do any update. This is why I am surprised to see this in log file. When I initially installed syslog and logged in for the first time I did receive an upgrade message, which I followed. All accounts however have been created after that. Then they worked for about a day. When I came back to the portal to add a few additional ones and integrate with LDAP I noticed the error.

@sivanovie
Copy link
Author

sivanovie commented Oct 25, 2017
edited
Loading

I have just reinstalled syspass. Essentially downgraded to 2.1.6 as I noticed similar fixes in that one. I have then imported the old accounts that were created in 2.1.13. Result is exactly the same.

2017-10-25 21:01:02 - SQLSTATE[HY000] [1045] Access denied for user 'sp_admin'@'localhost' (using password: YES)
2017-10-25 21:01:02 - 0
2017-10-25 21:01:02 - Rollback
2017-10-25 21:02:09 - Action: Configuration -- Description: Update Configuration -- Details:
2017-10-25 21:02:10 - Action: Configuration -- Description: Update Configuration -- Details: Parameter : version
Value : 21617041401
2017-10-25 21:02:10 - Action: Configuration -- Description: Update Configuration -- Details: Parameter : config_backup
2017-10-25 21:02:10 - Action: Configuration -- Description: Update Configuration -- Details: Parameter : config_backupdate
Value : 1508965330
2017-10-25 21:14:06 - Integrity check failed.
2017-10-25 21:14:12 - Integrity check failed.
2017-10-25 21:14:15 - Integrity check failed.
2017-10-25 21:14:19 - Integrity check failed.
2017-10-25 21:14:28 - Integrity check failed.
2017-10-25 21:14:38 - Integrity check failed.
2017-10-25 21:14:44 - Integrity check failed.
2017-10-25 21:15:47 - Integrity check failed.
2017-10-25 21:19:26 - Integrity check failed.
2017-10-25 21:19:29 - Integrity check failed.

@sivanovie
Copy link
Author

I have installed latest version today and recreated all accounts from scratch. Integrated with LDAP. So far it is working fine but I am really not happy about this. I still get sporadic errors that it is unable to copy password when using the button Copy to Clipboard.
Will continue monitor the system and will put it to the test of the masses in the next few days.

@nuxsmin
Copy link
Owner

nuxsmin commented Oct 26, 2017

Hi, I take your points and those "Copy to Clipboard" errors are related to a browser security restriction. See #739

This issue is quite weird, since I've never received those upgrading messages when the application wasn't updated. I think there's something missing on the upgrade process, because the passwords seems to be encrypted with a different master password ("Integrity check failed." messages).

Greetings

@sivanovie
Copy link
Author

Does that mean if I switch off encryption and implement HTTPS (still running on plain HTTP) it will not happen?

@nuxsmin
Copy link
Owner

nuxsmin commented Oct 26, 2017

No, encryption is always performed, so regardless the http protocol used, your data will be always encrypted.

It means that copy to clipboard though the direct icon could fail because a browser security behaviour, since the app will retrieve the data from the server using an Ajax request and browsers don't like to copy data to clipboard from an Ajax request , so if it takes too much time to get the data it could fail.

Greetings

@sivanovie
Copy link
Author

Thanks for info. Is there a way around this or are there any plans to overcome it?

@nuxsmin
Copy link
Owner

nuxsmin commented Nov 2, 2017
edited
Loading

Hmmm, there's a W3C draft in which web browser would implement a trusted asynchronous clipboard API, but currently it isn't implemented yet:

https://www.chromestatus.com/feature/5861289330999296
https://w3c.github.io/clipboard-apis/

@nuxsmin nuxsmin closed this as completed Nov 2, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
triage/need-test
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nuxsmin @sivanovie