[SOLVED] Tab shows even for users that don't have access?

Howie · Post by **Howie** » Wed Dec 19, 2007 6:54 am

Cacti 0.8.7a, Thold 0.3.8

When a user has no access to THold (even to view), the tab still shows up.

Looks like thold_show_tab calls this new-fangled api_user_realm_auth() function, to decide whether or not to show it, which presumably is returning the wrong thing.

monitor has the same problem, incidentally.

chrisgapske · Post by **chrisgapske** » Wed Dec 19, 2007 8:35 am

I have noticed I have limited users with access to thold & syslog TAB.
They do not have access to thold or syslog but just the TAB.

I am also having what might be a related issue where Issues with limited access to hosts are able to see almost all hosts in the monitor plugin?

mcutting · Post by **mcutting** » Wed Dec 19, 2007 8:37 am

Either of you guys have UP and DOWN notifications working with your version of THOLD ? Sorry it's a bit off topic, but I was curious.

Thanks

Howie · Post by **Howie** » Wed Dec 19, 2007 8:41 am

mcutting wrote:Either of you guys have UP and DOWN notifications working with your version of THOLD ? Sorry it's a bit off topic, but I was curious.

Thanks

I don't know, because it doesn't go down

It's on a customer site with only 5 switches, as a test before we move our main Cacti to 0.8.7

I don't seem to have gotten any thold-breach mails either though, and I have certainly had breaches for error rate on a couple of ports.

Howie · Post by **Howie** » Sat Jan 26, 2008 6:29 am

I've just been looking at this some more, and it seems that the api_user_realm_auth() function in plugins.php only works if a cacti setting called global_auth is set to 'on'. That setting doesn't exist at all in my 0.8.7a install.

When it doesn't exist (or isn't 'on'), then api_user_realm_auth only checks if the permission for that file has been defined, not whether the current user actually has it - it doesn't use the sess_user_id at all.

Since I don't know what global_auth does, I don't really know what the solution is, except to say that in my Cacti 0.8.7a install, nothing refers to global_auth apart from thold, monitor and plugins.php, and the database conversion scripts for upgrades. The database upgrade scripts appear to be deleting the setting during the move from 0.8.6x to 0.8.7x, so I guess it's an obsolete setting. Looks like it should really be using auth_method, if anything.

Howie · Post by **Howie** » Sat Jan 26, 2008 6:39 am

Changing line 68 of include/plugins.php to

Code: Select all

if (read_config_option('global_auth') == 'on' || read_config_option('auth_method') == 1) {

appears to resolve this for me.

chrisgapske · Post by **chrisgapske** » Mon Jan 28, 2008 10:26 am

That fixed my TAB issue as well.

chrisgapske · Post by **chrisgapske** » Mon Jan 28, 2008 11:53 am

Do the same thing for the monitor plugin to work in monitor.php to fix view permissions.

line 760 and 823

lard · Post by **lard** » Tue Jan 29, 2008 6:13 am

Excellent - thanks guys that solved it for

mkeadle · Post by **mkeadle** » Mon Jun 16, 2008 5:42 pm

Howie wrote:Changing line 68 of include/plugins.php to
Code: Select all
if (read_config_option('global_auth') == 'on' || read_config_option('auth_method') == 1) {
appears to resolve this for me.

This still leaves it broke when using LDAP auth, which has an auth_method = 3. The easiest/dirtiest way to fix is to just continue what Howie mentioned:

Code: Select all

if (read_config_option('global_auth') == 'on' || read_config_option('auth_method') == 1) || read_config_option)'auth_method') == 3) {

Hope that helps.

Cacti

[SOLVED] Tab shows even for users that don't have access?

[SOLVED] Tab shows even for users that don't have access?

Still broke for LDAP auth

Who is online