NTFS permission on uploaded files (IIS + Windows Authentication) NTFS permission on uploaded files (IIS + Windows Authentication)
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

NTFS permission on uploaded files (IIS + Windows Authentication)

Started by mimmic, August 25, 2011, 08:34:38 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

mimmic

Using CPG 1.4x I did not have this problem.  This is not an issue setting up CPG.  This is an issue of when I upload a file through the flash uploader, a user is presented with a Login prompt from Windows Media Player to access the wmv or asx file.

We are using CPG to host videos on our school district network.  In our IIS config we use windows authentication to verify the users are domain members.  When I upload a file to an album the ntfs permissions assigned to the file do not include the IIS_IUsr account.  I've set the album folder to push it's ntfs ACL to files in it's directory but it is a one time thing.  Any new file that is uploaded through the CPG website must have the permissions reapplied to it. 

Is this something to do with the new flash based uploaded?  Again, I did not have this problem with CPG 1.4x, only once I went to 1.5x. 

I can set IIS to use anonymous authentication instead of Windows authentication and the users can then access the files without a problem.  The odd thing is, not all users are prompted when WA is enabled in IIS.  Only some. Assigning the NTFS permissions is the only way I've been able to get past the credential prompt while keeping WA enabled.

Is there a way to configure PHP or CPG to assign these permissions?  We currently have 16 of these video hosts up and running (we have about 55 schools, about 16 of which use these servers.)

mimmic

Forgot to add:

The only permissions applied to files uploaded are:

SYSTEM -Full Control
Administrators -Full Control

Joe Carver

Please clarify, I probably can not help specifically, but if someone else can, these answers might help.

Quote from: mimmic on August 25, 2011, 08:34:38 PM
a user is presented with a Login prompt from Windows Media Player to access the wmv or asx file.
Where is the message from - server or user?

Quote from: mimmic on August 25, 2011, 08:34:38 PM
Is this something to do with the new flash based uploaded?
Does it occur when not using flash based upload?

Quote from: mimmic on August 25, 2011, 08:34:38 PM
The odd thing is, not all users are prompted when WA is enabled in IIS.
Are all of those clients configured the same way? Routed, connected the same way?

Quote from: mimmic on August 25, 2011, 08:34:38 PM
In our IIS config we use windows authentication to verify the users are domain members.

I can set IIS to use anonymous authentication instead of Windows authentication and the users can then access the files without a problem.

Is there a way to configure PHP or CPG to assign these permissions?
CPG could probably be modified to allow login / access / upload permissions by IP if that would help. Unfortunately I can no further.

If you can, also please read the sections of the docs about
Upload Troubleshooting and Support.

mimmic

Okay... sorry about that it's a little hard to explain. 

If a teacher goes to the CPG host for their campus they get into the website just fine.  It is configured to not require login, no user's are created, all access is given to guests.  No one can upload except for the CPG administrator (me - I manage all campus' servers).  We broadcast live announcements, Live TV, and recorded events through Windows Media Services and IIS/Coppermine.

Back on topic..  When a teacher clicks on one of our albums and selects a file, say TV Channel A, which is an ASX file that is directed to our WMS stream for Live TV.  The teacher will then be prompted by the embedded Windows media player to login (of which is incorrect because the realm/domain is not specified in this prompt). 

I am the admin of the server so I can get to the ASX file just fine through the website.

If I disable Windows Authentication on IIS and use Anonymous Authentication, everyone can get to the files on CPG without issue. 

I have not used the single file upload method as I get this error when I try:
Critical error
There was an error while processing a database query

The flash uploader works fine if the user is an admin on the server, or if I manually set the NTFS permission on uploaded files. 

When I used CPG 1.4x I had no problems uploading with the HTTP uploader.  I've only had this problem since upgrading our servers to 1.5x

I cannot guarantee clients are all configured the same way, however they should be with out intranet set as trusted zones etc inside IE and Firefox.

Again, this is an issue with a client/user getting a login prompt from WMP while trying to access the file inside CPG.  They can directly link to the ASX file (bypass CPG, link directly to the file) and get to it fine.  I can disable the domain authentication and use anonymous and not have this problem as well.

ΑndrĂ©

Quote from: mimmic on August 26, 2011, 11:30:22 PM
I have not used the single file upload method as I get this error when I try:
Critical error
There was an error while processing a database query
Please enable debug mode and try again. You'll get a more detailed error message which might help us further or at least fix that uploader.

mimmic

Okay.  I got the permission problem fixed.  Since I was setting these servers up at my office I was just unzipping the file on the server into the inetpub/wwwroot folder.  I was able to resolve the issue by uploading the files through ftp.  I'm not sure why this fixed it, but it did.  I still had to set the permissions on the albums folder etc, but uploading through ftp somehow made it work.  The files now obtain permissions correctly when uploaded through the site.  It's weird, but it works.

On to the single file upload.  Here is the error from the debug mode you requested.

While executing query 'INSERT INTO cpg15x_pictures (aid, filepath, filename, filesize, total_filesize, pwidth, pheight, ctime, owner_id, title, caption, keywords, approved, user1, user2, user3, user4, pic_raw_ip, pic_hdr_ip, position, guest_token) VALUES ('3', 'userpics/10001/', 'cha~0.asx', '312', '312', '', '', '1315330524', '1', 'test', '', '', 'YES', '', '', '', '', '10.202.198.209', '10.202.198.209', '0', '')' in include\picmgmt.inc.php on line 172

mySQL error: Incorrect integer value: '' for column 'pwidth' at row 1