From f768558e7e491ea5ddc21b3a7ad1c35628de5051 Mon Sep 17 00:00:00 2001 From: Adam Amstrong Date: Fri, 11 May 2012 15:21:42 +0000 Subject: [PATCH] fix auth for graphs to allow cidr filter. fix schema 006 git-svn-id: http://www.observium.org/svn/observer/trunk@3169 61d68cd4-352d-0410-923a-c4978735b2b8 --- html/graph.php | 11 ----------- html/includes/functions.inc.php | 7 +++++++ html/includes/graphs/application/auth.inc.php | 2 +- html/includes/graphs/atmvp/auth.inc.php | 2 +- html/includes/graphs/bgp/auth.inc.php | 2 +- html/includes/graphs/bill/auth.inc.php | 2 +- html/includes/graphs/cefswitching/auth.inc.php | 2 +- html/includes/graphs/customer/auth.inc.php | 2 +- html/includes/graphs/device/auth.inc.php | 2 +- html/includes/graphs/diskio/auth.inc.php | 2 +- html/includes/graphs/graph.inc.php | 16 ++++++++-------- html/includes/graphs/ipsectunnel/auth.inc.php | 2 +- html/includes/graphs/location/auth.inc.php | 2 +- html/includes/graphs/mempool/auth.inc.php | 2 +- html/includes/graphs/multiport/auth.inc.php | 2 +- html/includes/graphs/munin/auth.inc.php | 2 +- html/includes/graphs/netscalervsvr/auth.inc.php | 2 +- html/includes/graphs/port/auth.inc.php | 2 +- html/includes/graphs/processor/auth.inc.php | 2 +- html/includes/graphs/rserver/auth.inc.php | 2 +- html/includes/graphs/sensor/auth.inc.php | 2 +- html/includes/graphs/service/auth.inc.php | 2 +- html/includes/graphs/smokeping/auth.inc.php | 2 +- html/includes/graphs/storage/auth.inc.php | 2 +- html/includes/graphs/toner/auth.inc.php | 2 +- html/includes/graphs/vserver/auth.inc.php | 2 +- includes/discovery/ports.inc.php | 1 - includes/functions.php | 6 +++--- sql-schema/006.sql | 4 ++-- 29 files changed, 43 insertions(+), 48 deletions(-) diff --git a/html/graph.php b/html/graph.php index af4c8d69f..ca1a1d595 100755 --- a/html/graph.php +++ b/html/graph.php @@ -51,17 +51,6 @@ include_once("includes/functions.inc.php"); include_once("../includes/rrdtool.inc.php"); include_once("includes/authenticate.inc.php"); -if (isset($config['allow_unauth_graphs']) && $config['allow_unauth_graphs']) -{ - $auth = "1"; ## hardcode auth for all with config function -} else { - if (!$_SESSION['authenticated']) - { - graph_error("Session not authenticated"); - exit; - } -} - include("includes/graphs/graph.inc.php"); $end = utime(); $run = $end - $start;; diff --git a/html/includes/functions.inc.php b/html/includes/functions.inc.php index d035eb13e..e1e46c26d 100644 --- a/html/includes/functions.inc.php +++ b/html/includes/functions.inc.php @@ -1,5 +1,12 @@ = "5" || $config['allow_unauth_graphs']) +if ($_SESSION['userlevel'] >= "5" || $auth) { $id = mres($vars['id']); $title = generate_device_link($device); diff --git a/html/includes/graphs/device/auth.inc.php b/html/includes/graphs/device/auth.inc.php index 8a225c863..063baba3f 100644 --- a/html/includes/graphs/device/auth.inc.php +++ b/html/includes/graphs/device/auth.inc.php @@ -1,6 +1,6 @@ $value) @@ -47,13 +40,20 @@ $subtype = $graphtype['subtype']; if (is_file($config['install_dir'] . "/html/includes/graphs/$type/$subtype.inc.php")) { + + if (isset($config['allow_unauth_graphs']) && $config['allow_unauth_graphs']) + { + $auth = "1"; ## hardcode auth for all with config function + } + if (isset($config['allow_unauth_graphs_cidr']) && count($config['allow_unauth_graphs_cidr']) > 0) { foreach ($config['allow_unauth_graphs_cidr'] as $range) { if (Net_IPv4::ipInNetwork($_SERVER['REMOTE_ADDR'], $range)) { - $auth = "1"; + $auth = "1"; + if($debug) { echo("matched $range"); } break; } } diff --git a/html/includes/graphs/ipsectunnel/auth.inc.php b/html/includes/graphs/ipsectunnel/auth.inc.php index 1f5b4f5e8..f780ac87a 100644 --- a/html/includes/graphs/ipsectunnel/auth.inc.php +++ b/html/includes/graphs/ipsectunnel/auth.inc.php @@ -4,7 +4,7 @@ if (is_numeric($vars['id'])) { $tunnel = dbFetchRow("SELECT * FROM `ipsec_tunnels` AS I, `devices` AS D WHERE I.tunnel_id = ? AND I.device_id = D.device_id", array($vars['id'])); - if (is_numeric($tunnel['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($tunnel['device_id']))) + if (is_numeric($tunnel['device_id']) && ($auth || device_permitted($tunnel['device_id']))) { $device = device_by_id_cache($tunnel['device_id']); diff --git a/html/includes/graphs/location/auth.inc.php b/html/includes/graphs/location/auth.inc.php index e19184a95..1cb224e28 100644 --- a/html/includes/graphs/location/auth.inc.php +++ b/html/includes/graphs/location/auth.inc.php @@ -2,7 +2,7 @@ foreach (dbFetchRows("SELECT * FROM `devices` WHERE `location` = ?", array($vars['id'])) as $device) { - if ($config['allow_unauth_graphs'] || device_permitted($device_id)) + if ($auth || device_permitted($device_id)) { $devices[] = $device; $title = $vars['id']; diff --git a/html/includes/graphs/mempool/auth.inc.php b/html/includes/graphs/mempool/auth.inc.php index 7482e2b47..142952551 100755 --- a/html/includes/graphs/mempool/auth.inc.php +++ b/html/includes/graphs/mempool/auth.inc.php @@ -4,7 +4,7 @@ if (is_numeric($vars['id'])) { $mempool = dbFetchRow("SELECT * FROM `mempools` AS C, `devices` AS D where C.`mempool_id` = ? AND C.device_id = D.device_id", array($vars['id'])); - if (is_numeric($mempool['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($mempool['device_id']))) + if (is_numeric($mempool['device_id']) && ($auth || device_permitted($mempool['device_id']))) { $device = device_by_id_cache($mempool['device_id']); $rrd_filename = $config['rrd_dir'] . "/".$device['hostname']."/" . safename("mempool-".$mempool['mempool_type']."-".$mempool['mempool_index'].".rrd"); diff --git a/html/includes/graphs/multiport/auth.inc.php b/html/includes/graphs/multiport/auth.inc.php index 718f89a73..3ffe44929 100644 --- a/html/includes/graphs/multiport/auth.inc.php +++ b/html/includes/graphs/multiport/auth.inc.php @@ -4,7 +4,7 @@ $auth = TRUE; foreach (explode(",", $vars['id']) as $ifid) { - if (!$config['allow_unauth_graphs'] && !port_permitted($ifid)) + if (!$auth && !port_permitted($ifid)) $auth = FALSE; } diff --git a/html/includes/graphs/munin/auth.inc.php b/html/includes/graphs/munin/auth.inc.php index e8f3dbb52..b9a3faee5 100755 --- a/html/includes/graphs/munin/auth.inc.php +++ b/html/includes/graphs/munin/auth.inc.php @@ -7,7 +7,7 @@ $mplug = dbFetchRow("SELECT * FROM `munin_plugins` AS M, `devices` AS D WHERE M.`device_id` = ? AND `mplug_type` = ? AND D.device_id = M.device_id", array($device['device_id'], $vars['plugin'])); } - if (is_numeric($mplug['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($mplug['device_id']))) + if (is_numeric($mplug['device_id']) && ($auth || device_permitted($mplug['device_id']))) { $device = &$mplug; $title = generate_device_link($device); diff --git a/html/includes/graphs/netscalervsvr/auth.inc.php b/html/includes/graphs/netscalervsvr/auth.inc.php index bc53bcc86..6b90b0632 100644 --- a/html/includes/graphs/netscalervsvr/auth.inc.php +++ b/html/includes/graphs/netscalervsvr/auth.inc.php @@ -5,7 +5,7 @@ if (is_numeric($vars['id'])) $vsvr = dbFetchRow("SELECT * FROM `netscaler_vservers` AS I, `devices` AS D WHERE I.vsvr_id = ? AND I.device_id = D.device_id", array($vars['id'])); - if (is_numeric($vsvr['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($vsvr['device_id']))) + if (is_numeric($vsvr['device_id']) && ($auth || device_permitted($vsvr['device_id']))) { $device = device_by_id_cache($vsvr['device_id']); diff --git a/html/includes/graphs/port/auth.inc.php b/html/includes/graphs/port/auth.inc.php index dc4818e83..74f3ef23c 100644 --- a/html/includes/graphs/port/auth.inc.php +++ b/html/includes/graphs/port/auth.inc.php @@ -1,6 +1,6 @@ $port) { - if (is_port_valid($port, $device)) { if ($device['os'] == "vmware" && preg_match("/Device ([a-z0-9]+) at .*/", $port['ifDescr'], $matches)) { $port['ifDescr'] = $matches[1]; } diff --git a/includes/functions.php b/includes/functions.php index f94650c50..ed91d6210 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -768,8 +768,10 @@ function is_port_valid($port, $device) global $config; - if (!strstr($port['ifDescr'], "irtual")) + if (strstr($port['ifDescr'], "irtual")) { + $valid = 0; + } else { $valid = 1; $if = strtolower($port['ifDescr']); foreach ($config['bad_if'] as $bi) @@ -804,8 +806,6 @@ function is_port_valid($port, $device) } if (empty($port['ifDescr'])) { $valid = 0; } if ($device['os'] == "catos" && strstr($if, "vlan")) { $valid = 0; } - } else { - $valid = 0; } return $valid; diff --git a/sql-schema/006.sql b/sql-schema/006.sql index 8f227fc2f..d3fde2103 100644 --- a/sql-schema/006.sql +++ b/sql-schema/006.sql @@ -1,6 +1,6 @@ ALTER TABLE `bills` CHANGE `bill_cdr` `bill_cdr` BIGINT( 20 ) NULL DEFAULT NULL; -CREATE TABLE IF NOT EXISTS `loadbalancer_rservers` ( `rserver_id` int(11) NOT NULL AUTO_INCREMENT, `farm_id` varchar(128) CHARACTER SET utf8 NOT NULL, `device_id` int(11) NOT NULL, `StateDescr` varchar(64) CHARACTER SET utf8 NOT NULL, PRIMARY KEY (`rserver_id`)) ENGINE=MyISAM AUTO_INCREMENT=514 DEFAULT CHARSET=utf8 -CREATE TABLE IF NOT EXISTS `loadbalancer_vservers` ( `classmap_id` int(11) NOT NULL, `classmap` varchar(128) NOT NULL, `serverstate` varchar(64) NOT NULL, `device_id` int(11) NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8 +CREATE TABLE IF NOT EXISTS `loadbalancer_rservers` ( `rserver_id` int(11) NOT NULL AUTO_INCREMENT, `farm_id` varchar(128) CHARACTER SET utf8 NOT NULL, `device_id` int(11) NOT NULL, `StateDescr` varchar(64) CHARACTER SET utf8 NOT NULL, PRIMARY KEY (`rserver_id`)) ENGINE=MyISAM AUTO_INCREMENT=514 DEFAULT CHARSET=utf8; +CREATE TABLE IF NOT EXISTS `loadbalancer_vservers` ( `classmap_id` int(11) NOT NULL, `classmap` varchar(128) NOT NULL, `serverstate` varchar(64) NOT NULL, `device_id` int(11) NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8; ALTER TABLE `sensors` CHANGE `sensor_index` `sensor_index` VARCHAR( 64 ); CREATE TABLE IF NOT EXISTS `netscaler_vservers` ( `vsvr_id` int(11) NOT NULL AUTO_INCREMENT, `device_id` int(11) NOT NULL, `vsvr_name` varchar(128) COLLATE utf8_unicode_ci NOT NULL, `vsvr_ip` varchar(128) COLLATE utf8_unicode_ci NOT NULL, `vsvr_port` int(8) NOT NULL, `vsvr_type` varchar(64) COLLATE utf8_unicode_ci NOT NULL, `vsvr_state` varchar(32) COLLATE utf8_unicode_ci NOT NULL, `vsvr_clients` int(11) NOT NULL, `vsvr_server` int(11) NOT NULL, `vsvr_req_rate` int(11) NOT NULL, `vsvr_bps_in` int(11) NOT NULL, `vsvr_bps_out` int(11) NOT NULL, PRIMARY KEY (`vsvr_id`)) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci ; ALTER TABLE `dbSchema` ADD `version` INT NOT NULL;