Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Some Aggregate graphs can be denied access incorrectly #4921

Closed
densenator opened this issue Sep 7, 2022 · 19 comments
Closed

Some Aggregate graphs can be denied access incorrectly #4921

densenator opened this issue Sep 7, 2022 · 19 comments
Labels
bug Undesired behaviour confirmed Bug is confirm by dev team resolved A fixed issue
Milestone

Comments

@densenator
Copy link

Describe the bug

My device have only 5 graphs.
But in tree i see this:
image

In tree i have only device.
In device i see 5 graphs

Also i don't able to change some aggregate graph items
And users don't see some graphs in preview mode

@densenator densenator added bug Undesired behaviour unverified Some days we don't have a clue labels Sep 7, 2022
@TheWitness
Copy link
Member

Got into Debug mode for the two graphs and output the RRDtool syntax and it's result.

@densenator
Copy link
Author

In device i see only 5 graphs
It's tree mode bug. I don't know where is debug mode for this.

Also i don't able to change some aggregate graph items
And users don't see some graphs in preview mode.

@densenator
Copy link
Author

Ok, I'm found =, that is bug with aggregate graph
RRDtool Command:
GRAPH ACCESS DENIED RRDtool Says:
GRAPH ACCESS DENIED
My cacti dir is chown -R www-data:www-data cacti

@TheWitness
Copy link
Member

That's a Cacti error. Check permissions from the User page. Report back.

@densenator
Copy link
Author

My permission is full because i go from admin.
I tried create another user with full permission. It's the same. Maybe i need to create my aggregate graph again? But I have seen them before.

@TheWitness
Copy link
Member

You should be able to edit the user in question and see this graph from the graph permissions tab, and then if you hover over the effective permission, you can see where and how the access is blocked.

@j66h
Copy link

j66h commented Sep 21, 2022

Hi,
I have the same problem.
Cacti Version is 1.2.23
Running on Debian.
Updated cacti by using "git clone -b 1.2.x https://github.com/Cacti/cacti.git" on 09/12/2022.
Did "chown www-data:www-data -R /var/www/html/cacti/" after update.

I get the following for all aggregate graphs:
image

This is shown in Graph preview with debug turned on.
image

Happens, regardless which user I use. Permissions below are from builtin local admin account:
image

Just for reference, this is shown for another admin account, who inherits all settings from Admin Gourp:
image

Please tell me, If I can show further things to help analyze this.
Best Regards, JHH

@TheWitness
Copy link
Member

I would need a database dump to make a call on this. Also, under Console > Settings > General let me know your Graph Permission Method.

image

@j66h
Copy link

j66h commented Sep 26, 2022

Graph Permission Mode is set tp "Permissive". I now have tested the three other options too. All four behave in the same way.

Do you have some hints to anonymize a database dump (exchange Hostnames, IP Adresses, Credentials and the like with anonymized values)? If I can anonymize, I can share without asking data security departement...

Do you have some private upload area? Or a way to privately send a link for you to download? I cannot share the dump in github...

@TheWitness
Copy link
Member

Best thing is email. If too big, then we will have to use box or eauiv.

@j66h
Copy link

j66h commented Sep 27, 2022

Tried to send mail to address of your profile.
Got a return to sender, that our mailserver is open relay with a link to spamhaus webpage. At that webpage it says, that our server does not have an issue but that the server of the recipient is misconfigured.

I involved our mail admins. maybe you can elaborate too?

I'll resend later that week. Maybe it just was a spamhaus hickup...

@j66h
Copy link

j66h commented Sep 28, 2022

No SPAM problems anymore, but now "message too big". The zipped dump is approximately 5 MByte in Size.
I can provide it on a onedrive share, if you like?

@TheWitness TheWitness changed the title Strange graphs in tree mode Aggregate Graph Permissions not working as expected Sep 29, 2022
@TheWitness TheWitness added confirmed Bug is confirm by dev team and removed unverified Some days we don't have a clue labels Sep 29, 2022
TheWitness added a commit that referenced this issue Sep 29, 2022
Aggregate Graph Permissions not working as expected
@TheWitness TheWitness added the resolved A fixed issue label Sep 29, 2022
@TheWitness TheWitness added this to the v1.2.23 milestone Sep 29, 2022
@TheWitness
Copy link
Member

Fixed now. Just download lib/auth.php from the 1.2.x branch.

@j66h
Copy link

j66h commented Sep 29, 2022

as built in admin I now see only aggregates.
as other admin authenticated by active directory I still have the same problem
image
image

@TheWitness
Copy link
Member

View that other graph in debug mode as the user.

@j66h
Copy link

j66h commented Sep 29, 2022

image

@j66h
Copy link

j66h commented Sep 29, 2022

image

TheWitness added a commit that referenced this issue Oct 5, 2022
Aggregate Graph Permissions
@TheWitness
Copy link
Member

Okay, all fixed up now.

@TheWitness
Copy link
Member

Thanks again for reporting!!!

@netniV netniV changed the title Aggregate Graph Permissions not working as expected Some Aggregate graphs can be denied access incorrectly Dec 31, 2022
@github-actions github-actions bot locked and limited conversation to collaborators Apr 1, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Undesired behaviour confirmed Bug is confirm by dev team resolved A fixed issue
Projects
None yet
Development

No branches or pull requests

3 participants