Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

On larger systems, permissions may need alternative methods #4574

Closed
TheWitness opened this issue Feb 27, 2022 · 0 comments
Closed

On larger systems, permissions may need alternative methods #4574

TheWitness opened this issue Feb 27, 2022 · 0 comments
Labels
enhancement General tag for an enhancement
Milestone

Comments

@TheWitness
Copy link
Member

Describe the bug

Today, Cacti supports the 'Permissive' and the 'Restrictive' permission algorithms for determining access to a Graph and other objects. However, on larger systems, it may be more practical to overlay another set of permission algorithms. The algorithms include:

  • Device Based
  • Graph Template Based

These two new permission algorithms will provide more options for administrators of large Cacti installs that will result in improved performance.

The Device Based permission states that the user needs only access to the Device in order to access the Graph or optionally just the Graph itself.

The Graph Template Based permission states that the user needs only access to the Graph Template in order to access the Graph or optionally just the Graph itself.

Expected behavior

More flexible Cacti performance options.

@TheWitness TheWitness added the enhancement General tag for an enhancement label Feb 27, 2022
@TheWitness TheWitness added this to the v1.2.20 milestone Feb 27, 2022
TheWitness added a commit that referenced this issue Feb 27, 2022
#4578, #4574

-security#4576: Stored XSS Issue in Cacti Device, Graph, Graph Template, and Graph Items callbacks
-security#4579: Cacti account lockout policies are not properly applied to LDAP and Domain Users
-issue#4573: The Cacti permission system does not scale to very large installations
-issue#4575: When you delete a user, their 'remember me' cookie data is not automatically removed
-issue#4576: Stored XSS Issue in Cacti Device, Graph, Graph Template, and Graph Items callbacks
-issue#4577: Cacti allows you to disable the currently logged in administrator disabling the user
-issue#4578: The Cacti login algorithm is complicated to understand due to too much strait line code
-feature#4574: Cacti needs some additional permission methods for larger installations

This change properly documents the file lib/auth.php using phpDocument format, and performed multiple sanity and readability changes such as the renaming of variables commonly used in multiple functions.

The the restructuring of the three authentication files:

- auth_login.php
- include/auth.php
- lib/auth.php

Makes the code more readable, it's not a complete solution, however, it is much easier to follow now.
@netniV netniV changed the title Cacti needs some additional permission methods for larger installations On larger systems, permissions may need alternative methods Apr 3, 2022
@github-actions github-actions bot locked and limited conversation to collaborators Dec 2, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
enhancement General tag for an enhancement
Projects
None yet
Development

No branches or pull requests

1 participant