Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

non-admin users can't see sessions in Firewall: Diagnostics: Sessions #5692

Closed
2 tasks done
teawithbrownsugar opened this issue Apr 9, 2022 · 0 comments
Closed
2 tasks done

non-admin users can't see sessions in Firewall: Diagnostics: Sessions #5692

teawithbrownsugar opened this issue Apr 9, 2022 · 0 comments
Assignees
@AdSchellevis
Labels
bug Production bug
Milestone
22.7

Comments

@teawithbrownsugar
Copy link

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

Describe the bug

"Firewall: Diagnostics: Sessions" provides a list of current connections. It's similar to "Firewall: Diagnostics: States", but showing more details.

A non-admin user should only have access to this list, if the "Effective Privileges" of that user contain "Diagnostics: Firewall sessions". Adding the required privilege does activate the menu entry, so the user can open "Firewall: Diagnostics: Sessions". This is the expected behavior.

The unexpected behavior here is, that the list is always empty for a non-admin user, even if he has the privilege. Instead of seeing the current connections/sessions, there is only a message being displayed: "No results found!".

Last known working version? Unknown. But it's safe to say, that this bug existed before version 22.1.

To Reproduce

Steps to reproduce the behavior:

  1. Edit the "Effective Privileges" of a non-admin user. Activate the privilege "Diagnostics: Firewall sessions".
  2. Log in the previously edited user.
  3. Make sure the firewall is currently handling at least 1 connection. Using the web GUI should do that.
  4. Go to Firewall - Diagnostics - Sessions. URL path: /ui/diagnostics/firewall/pf_top
  5. Notice that there are no session listed in this table, there is only the message "No results found!".

Expected behavior

"Firewall: Diagnostics: Sessions" should contain the same (amount of) connections, no matter which user, no matter if admin or non-admin. The only relevant factor should be, if the user has the privilege "Diagnostics: Firewall sessions".

Describe alternatives you considered

I have manually edited the file "/usr/local/opnsense/mvc/app/models/OPNsense/Core/ACL/ACL.xml". I searched for "pf_top" and added a line <pattern>api/diagnostics/firewall/query_pf_top</pattern>

This workaround didn't survive an update.

Environment

OPNsense 22.1.5-amd64
@teawithbrownsugar teawithbrownsugar mentioned this issue Apr 12, 2022
Closed
2 tasks
@AdSchellevis AdSchellevis self-assigned this Apr 12, 2022
@AdSchellevis AdSchellevis added the bug Production bug label Apr 12, 2022
@fichtner fichtner added this to the 22.7 milestone Apr 12, 2022
fichtner pushed a commit that referenced this issue Apr 12, 2022
@AdSchellevis @fichtner
Firewall: Diagnostics: Sessions - fix ACL for used api's. closes #5692
4673124 
(cherry picked from commit 43777a5)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AdSchellevis AdSchellevis

Labels
bug Production bug
Milestone
22.7
Development

No branches or pull requests
3 participants
@fichtner @AdSchellevis @teawithbrownsugar