mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix unauthenticated graphs via $config['allow_unauth_graphs']

Browse Source 
git-svn-id: http://www.observium.org/svn/observer/trunk@1691 61d68cd4-352d-0410-923a-c4978735b2b8
This commit is contained in:
Adam Amstrong
2010-08-22 22:12:32 +00:00
parent 937fe042a6
commit 1b7829ec51
15 changed files with 17 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
html/includes/graphs/application/auth.inc.php
View File

@ -1,6 +1,6 @@
<?php <?php
if(is_numeric($id) && application_permitted($id)) if(is_numeric($id) && ($config['allow_unauth_graphs'] || application_permitted($id)))
{ {
$app = get_application_by_id($id); $app = get_application_by_id($id);
$device = device_by_id_cache($app['device_id']); $device = device_by_id_cache($app['device_id']);

2
html/includes/graphs/atmvp/auth.inc.php
View File

@ -9,7 +9,7 @@ $sql .= " WHERE J.juniAtmVp_id = '".$atm_vp_id."' AND I.interface_id = J.interfa
$query = mysql_query($sql); $query = mysql_query($sql);
$vp = mysql_fetch_array($query); $vp = mysql_fetch_array($query);
if(port_permitted($vp['interface_id'])) { if($config['allow_unauth_graphs'] || port_permitted($vp['interface_id'])) {
$port = $vp; $port = $vp;
$device = device_by_id_cache($port['device_id']); $device = device_by_id_cache($port['device_id']);

2
html/includes/graphs/bgp/auth.inc.php
View File

@ -5,7 +5,7 @@ if(is_numeric($id))
$data = mysql_fetch_assoc(mysql_query("SELECT * FROM bgpPeers WHERE bgpPeer_id = '".$id."'")); $data = mysql_fetch_assoc(mysql_query("SELECT * FROM bgpPeers WHERE bgpPeer_id = '".$id."'"));
if(is_numeric($data['device_id']) && device_permitted($data['device_id'])) if(is_numeric($data['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($data['device_id'])))
{ {
$device = device_by_id_cache($data['device_id']); $device = device_by_id_cache($data['device_id']);

2
html/includes/graphs/bill/auth.inc.php
View File

@ -2,7 +2,7 @@
### Authorises bill viewing and sets $ports as reference to mysql query containing ports for this bill ### Authorises bill viewing and sets $ports as reference to mysql query containing ports for this bill
if(is_numeric($_GET['id']) && bill_permitted($_GET['id'])) if(is_numeric($_GET['id']) && ($config['allow_unauth_graphs'] || bill_permitted($_GET['id'])))
{ {
$ports = mysql_query("SELECT * FROM `bill_ports` AS B, `ports` AS P, `devices` AS D $ports = mysql_query("SELECT * FROM `bill_ports` AS B, `ports` AS P, `devices` AS D

2
html/includes/graphs/customer/auth.inc.php
View File

@ -1,6 +1,6 @@
<?php <?php
if ($_SESSION['userlevel'] >= "5") if ($_SESSION['userlevel'] >= "5" || $config['allow_unauth_graphs'];)
{ {
$id = mres($_GET['id']); $id = mres($_GET['id']);
$title = generate_device_link($device); $title = generate_device_link($device);

2
html/includes/graphs/device/auth.inc.php
View File

@ -1,6 +1,6 @@
<?php <?php
if(is_numeric($id) && device_permitted($id)) if(is_numeric($id) && ($config['allow_unauth_graphs'] || device_permitted($id)))
{ {
$device = device_by_id_cache($id); $device = device_by_id_cache($id);
$title = generate_device_link($device); $title = generate_device_link($device);

2
html/includes/graphs/diskio/auth.inc.php
View File

@ -6,7 +6,7 @@ if(is_numeric($id))
$query = mysql_query("SELECT * FROM `ucd_diskio` AS U, `devices` AS D WHERE U.diskio_id = '".$id."' AND U.device_id = D.device_id"); $query = mysql_query("SELECT * FROM `ucd_diskio` AS U, `devices` AS D WHERE U.diskio_id = '".$id."' AND U.device_id = D.device_id");
$disk = mysql_fetch_array($query); $disk = mysql_fetch_array($query);
if(is_numeric($disk['device_id']) && device_permitted($disk['device_id'])) if(is_numeric($disk['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($disk['device_id'])))
{ {
$device = device_by_id_cache($disk['device_id']); $device = device_by_id_cache($disk['device_id']);

28
html/includes/graphs/graph.inc.php
View File

@ -30,22 +30,13 @@ if(isset($_GET['debug'])) {
$legend = mres($_GET['legend']); $legend = mres($_GET['legend']);
$id = mres($_GET['id']); $id = mres($_GET['id']);
if(!$config['allow_unauth_graphs']) if($config['allow_unauth_graphs'])
{ {
$allow_unauth = TRUE;
} else {
if(!$_SESSION['authenticated']) { graph_error("Not authenticated"); exit; } if(!$_SESSION['authenticated']) { graph_error("Not authenticated"); exit; }
} }
# if($_GET['device']) {
# $_GET['id'] = $_GET['device'];
# $device_id = $_GET['device'];
# } elseif($_GET['if']) {
# $_GET['id'] = $_GET['if'];
# } elseif($_GET['port']) {
# $_GET['id'] = $_GET['port'];
# } elseif($_GET['peer']) {
# $_GET['id'] = $_GET['peer'];
# }
preg_match('/^(?P<type>[A-Za-z0-9]+)_(?P<subtype>.+)/', mres($_GET['type']), $graphtype); preg_match('/^(?P<type>[A-Za-z0-9]+)_(?P<subtype>.+)/', mres($_GET['type']), $graphtype);
$type = $graphtype['type']; $type = $graphtype['type'];
@ -55,19 +46,6 @@ if(isset($_GET['debug'])) {
$graphfile = $config['temp_dir'] . "/" . strgen() . ".png"; $graphfile = $config['temp_dir'] . "/" . strgen() . ".png";
# $os = gethostosbyid($device_id);
# if($config['os'][$os]['group']) {$os_group = $config['os'][$os]['group'];}
# if(is_file($config['install_dir'] . "/html/includes/graphs/".$type."_".$os.".inc.php")) {
# /// Type + OS Specific
# include($config['install_dir'] . "/html/includes/graphs/".$type."_".$os.".inc.php");
# }elseif($os_group && is_file($config['install_dir'] . "/html/includes/graphs/".$type."_".$os_group.".inc.php")) {
# /// Type + OS Group Specific
# include($config['install_dir'] . "/html/includes/graphs/".$type."_".$os_group.".inc.php");
# } elseif(is_file($config['install_dir'] . "/html/includes/graphs/$type.inc.php")) {
# /// Type Specific
# include($config['install_dir'] . "/html/includes/graphs/$type.inc.php");
# }
if(is_file($config['install_dir'] . "/html/includes/graphs/$type/$subtype.inc.php")) { if(is_file($config['install_dir'] . "/html/includes/graphs/$type/$subtype.inc.php")) {
include($config['install_dir'] . "/html/includes/graphs/$type/auth.inc.php"); include($config['install_dir'] . "/html/includes/graphs/$type/auth.inc.php");
if($auth) { if($auth) {

2
html/includes/graphs/mempool/auth.inc.php
View File

@ -5,7 +5,7 @@ if(is_numeric($id))
$sql = mysql_query("SELECT * FROM `mempools` AS C, `devices` AS D where C.`mempool_id` = '".mres($id)."' AND C.device_id = D.device_id"); $sql = mysql_query("SELECT * FROM `mempools` AS C, `devices` AS D where C.`mempool_id` = '".mres($id)."' AND C.device_id = D.device_id");
$mempool = mysql_fetch_assoc($sql); $mempool = mysql_fetch_assoc($sql);
if(is_numeric($mempool['device_id']) && device_permitted($mempool['device_id'])) if(is_numeric($mempool['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($mempool['device_id'])))
{ {
$device = device_by_id_cache($mempool['device_id']); $device = device_by_id_cache($mempool['device_id']);
$rrd_filename = $config['rrd_dir'] . "/".$device['hostname']."/" . safename("mempool-".$mempool['mempool_type']."-".$mempool['mempool_index'].".rrd"); $rrd_filename = $config['rrd_dir'] . "/".$device['hostname']."/" . safename("mempool-".$mempool['mempool_type']."-".$mempool['mempool_index'].".rrd");

2
html/includes/graphs/multiport/auth.inc.php
View File

@ -3,7 +3,7 @@
$auth = TRUE; $auth = TRUE;
foreach(explode(",", $id) as $ifid) { foreach(explode(",", $id) as $ifid) {
if(!port_permitted($ifid)) if(!$config['allow_unauth_graphs'] && !port_permitted($ifid))
$auth = FALSE; $auth = FALSE;
} }

2
html/includes/graphs/port/auth.inc.php
View File

@ -1,6 +1,6 @@
<?php <?php
if(is_numeric($id) && port_permitted($id)) { if(is_numeric($id) && ($config['allow_unauth_graphs'] || port_permitted($id))) {
$port = get_port_by_id($id); $port = get_port_by_id($id);
$device = device_by_id_cache($port['device_id']); $device = device_by_id_cache($port['device_id']);
$title = generate_device_link($device); $title = generate_device_link($device);

2
html/includes/graphs/processor/auth.inc.php
View File

@ -3,7 +3,7 @@
$sql = mysql_query("SELECT * FROM `processors` where `processor_id` = '".mres($_GET['id'])."'"); $sql = mysql_query("SELECT * FROM `processors` where `processor_id` = '".mres($_GET['id'])."'");
$proc = mysql_fetch_assoc($sql); $proc = mysql_fetch_assoc($sql);
if(is_numeric($proc['device_id']) && device_permitted($proc['device_id'])) if(is_numeric($proc['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($proc['device_id'])))
{ {
$device = device_by_id_cache($proc['device_id']); $device = device_by_id_cache($proc['device_id']);
$rrd_filename = $config['rrd_dir'] . "/".$device['hostname']."/" . safename("processor-" . $proc['processor_type'] . "-" . $proc['processor_index'] . ".rrd"); $rrd_filename = $config['rrd_dir'] . "/".$device['hostname']."/" . safename("processor-" . $proc['processor_type'] . "-" . $proc['processor_index'] . ".rrd");

2
html/includes/graphs/sensor/auth.inc.php
View File

@ -4,7 +4,7 @@ if(is_numeric($id))
{ {
$sensor = mysql_fetch_assoc(mysql_query("SELECT * FROM sensors WHERE sensor_id = '".mres($id)."'")); $sensor = mysql_fetch_assoc(mysql_query("SELECT * FROM sensors WHERE sensor_id = '".mres($id)."'"));
if(is_numeric($sensor['device_id']) && device_permitted($sensor['device_id'])) if(is_numeric($sensor['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($sensor['device_id'])))
{ {
$device = device_by_id_cache($sensor['device_id']); $device = device_by_id_cache($sensor['device_id']);

2
html/includes/graphs/service/auth.inc.php
View File

@ -4,7 +4,7 @@ if(is_numeric($id))
{ {
$service = mysql_fetch_assoc(mysql_query("SELECT * FROM services WHERE service_id = '".mres($id)."'")); $service = mysql_fetch_assoc(mysql_query("SELECT * FROM services WHERE service_id = '".mres($id)."'"));
if(is_numeric($service['device_id']) && device_permitted($service['device_id'])) if(is_numeric($service['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($service['device_id'])))
{ {
$device = device_by_id_cache($service['device_id']); $device = device_by_id_cache($service['device_id']);

2
html/includes/graphs/storage/auth.inc.php
View File

@ -5,7 +5,7 @@ if(is_numeric($id))
$sql = mysql_query("SELECT * FROM `storage` WHERE `storage_id` = '".mres($id)."'"); $sql = mysql_query("SELECT * FROM `storage` WHERE `storage_id` = '".mres($id)."'");
$storage = mysql_fetch_assoc($sql); $storage = mysql_fetch_assoc($sql);
if(is_numeric($storage['device_id']) && device_permitted($storage['device_id'])) if(is_numeric($storage['device_id']) && ($config['allow_unauth_graphs'] || device_permitted($storage['device_id'])))
{ {
$device = device_by_id_cache($storage['device_id']); $device = device_by_id_cache($storage['device_id']);
$rrd_filename = $config['rrd_dir'] . "/" . $device['hostname'] . "/" . safename("storage-" . $storage['storage_mib'] . "-" . $storage['storage_descr'] . ".rrd"); $rrd_filename = $config['rrd_dir'] . "/" . $device['hostname'] . "/" . safename("storage-" . $storage['storage_mib'] . "-" . $storage['storage_descr'] . ".rrd");