Change Nagvis User password not possible

nagvis
(Monitor Junkie) #1

Hello,
I created a Nagvis User with Role Users (Read-Only)
After logging in I wanted to change password but it does not work:

grafik

Does anyone know the solution?

Nagvis – 1.9
Icinga2 – r2.10.2-1
Icingaweb2 – 2.6

THx

#2

Hi,

Do you have any update, or were you able to solve it?
We faced similar issue…

Br,

Taki

#3

Please check the Apache logs for messages and the permissions on the database.

#4

Hi,

There isn’t any error in httpd logs.
After I enabled debug in Nagvis, there was the following line in nagvis-debug.log:
Action access denied (Mod: ChangePassword Act: view Object:

I also changed db permissions temporarily to 777, but is didn’t help.
Password change menu is visible for users, once we set:
Module: ChangePassword
Action: change
Object: *
Permitted: enabled (ticked)

But we get the error when users are trying to open it:
ERROR: You are not permitted to access this page (ChangePassword/view/).

Password change works only for admins, so when we enable everything for a user:
Module: *
Action: *
Object: *
Permitted: enabled (ticked)

Any other idea?

Thanks in advance!

(Monitor Junkie) #5

OK. Thanks.
I will test.

#6

Owner of the files should be the webserver process and group should be the group of the monitoring process.

Looking at server/core/classes/CoreModChangePassword.php it says for both view and change

    // Check if user is already authenticated
    // Change password must be denied when using trusted mode
    if($AUTH->isAuthenticated() && !$AUTH->authedTrusted()) {

Can you verify whether the conditions are met?

#7

Hi,
I’ve checked CoreModule.php, which initialize ERROR popup, and modified it a little bit to get more info which condition is not OK:

    if($authorized && !$AUTHORISATION->isPermitted($this->sName, $action, $this->sObject)) {
		
		$auth_test=true;
		$auth_test=$AUTHORISATION->isPermitted($this->sName, $action, $this->sObject);
		throw new NagVisException(l('ERROR,'.
		'authorized: '.$authorized.' * '.
		'auth_test: '.$auth_test.' * '.
		'sName: '.$this->sName.' * '.
		'Action: '.$action.' * '.
		'sObject: '.$this->sObject.' * '
		,Array('PAGE' => $this->sName.'/'.$this->sObject)));

		$authorized = false;
	}
	
    if(!$authorized)
        throw new NagVisException(l('You are not permitted to access this page ([PAGE]).',
                                    Array('PAGE' => $this->sName.'/'.$action.'/'.$this->sObject)));

Then Popup shows:
ERROR,authorized: 1 * auth_test: * sName: ChangePassword * Action: view * sObject: * Opts: {“PAGE”:“ChangePassword/”}

So condition “if($authorized && !$AUTHORISATION->isPermitted($this->sName, $action, $this->sObject))” returns with true && true…
So why $AUTHORISATION->isPermitted(‘ChangePassword’, ‘View’, $this->sObject) return with false???

#8

Debugging server/core/classes/CoreModChangePassword.php also:

class CoreModChangePassword extends CoreModule {
public function __construct($CORE) {
    $this->sName = 'ChangePassword';
	
	global $AUTH;
	$takitest = '';
	if($AUTH->isAuthenticated() && !$AUTH->authedTrusted()) {
                    
                    $takitest = 'TRUE';
                } else {
                    $takitest = 'FALSE';
                }
	throw new NagVisException(l('OUTPUT: '.$takitest.' ***).', Array('PAGE' => $this->sName.'/'.$this->sObject)));

    $this->aActions = Array(
        'view'   => REQUIRES_AUTHORISATION,
    );
}

Then POPUP shows:
OUTPUT: TRUE ***).Opts: {"PAGE":"ChangePassword\/"}

So condition if($AUTH->isAuthenticated() && !$AUTH->authedTrusted()) should be OK.
After this poput it shows the following error also:
Javascript error occured: NotFoundError: Node was not found https://mona-test/nagvis/frontend/nagvis-js/js/NagVisCompressed.js?v=1.9.14 (1799)

Btw, file permissions are:
nagios@iumg135> ll
total 422
-rw-rw-r-- 1 nagios nagiosgp 2338 Oct 28 2013 apache2-nagvis.conf-sample
-rw-r–r-- 1 nagios nagiosgp 0 Oct 28 2013 auth-backup
-rw-rw-r-- 1 apache nagiosgp 82944 Oct 4 07:31 auth.db
-rw-rw-r-- 1 nagios nagiosgp 82944 Nov 6 2018 auth.db.20181106
-rw-rw-r-- 1 nagios nagiosgp 34816 Oct 28 2013 auth.db.bak-2013-05-14_10:05:26
-rw-rw-r-- 1 nagios nagiosgp 34816 Oct 28 2013 auth.db.bak-2013-05-14_10:06:04
-rw-rw-r-- 1 nagios nagiosgp 33792 Oct 28 2013 auth.db.bak-2013-05-14_10:06:06
-rw-rw-r-- 1 nagios nagiosgp 82944 Nov 6 2018 auth.db-old
drwxrwxr-x 2 nagios nagiosgp 96 Oct 28 2013 conf.d
drwxrwxr-x 2 nagios nagiosgp 1024 Oct 28 2013 geomap
drwxrwxr-x 5 nagios nagiosgp 9216 Oct 3 11:30 maps
-rw-rw---- 1 nagios nagiosgp 16930 Oct 3 14:01 nagvis.ini.php
-rw-rw---- 1 nagios nagiosgp 16929 Oct 3 13:21 nagvis.ini.php.20191003
-rw-rw-r-- 1 nagios nagiosgp 21926 Oct 28 2013 nagvis.ini.php-sample
drwxrwxr-x 2 nagios nagiosgp 1024 Nov 6 2018 profiles
/nagios/nagvis/nagvis-1.9.14/etc

Br,

Taki

#9

Hi,

I guess here could be the problem in source code:
/core/classes/CoreModChangePassword.php

 class CoreModChangePassword extends CoreModule {
public function __construct($CORE) {
    $this->sName = 'ChangePassword';

    $this->aActions = Array(
        //'view'   => REQUIRES_AUTHORISATION,
		'view'   => 'change',
    );
}

Changing value for ‘view’ solved the issue!!!

#10

The file hasn’t been changed for quite a long time so I’d say that’s not the source of the problem. Your change seems to be a workaround, though…

#11

Hi,

Yes, I’ve checked and it is really was the same in older versions (for example: 1.9.3).
I’ve tried also to:

  • delete db
  • then can use default admin/guest
  • create a new user (autogenerate new db file)
  • test it with new user, but the same error

If I will have time, I will try to install a fresh Nagvis on a virtual server, and test it there…
Until then this workaround could be used in our Live env.

Do you have maybe other idea, what else should I try or change?

#12

Hi,

In our TEST server, I found a very old 1.8.4 version, with the following config:

 class CoreModChangePassword extends CoreModule {
protected $CORE;
protected $FHANDLER;
protected $SHANDLER;

public function __construct($CORE) {
    $this->sName = 'ChangePassword';
    $this->CORE = $CORE;

    $this->aActions = Array(
        'view'   => 'change',
        'change' => REQUIRES_AUTHORISATION
    );

So long long time age (far far away), it was configured as I suggested now!!!

#13

Due to the GitHub ticket the error was introduced during a version change (1.8 => 1.9 [?]) but I have no idea what might have happened.

#14

Could you please link the related Github Ticket!

Do you know how can I inform Developers about this issue?
Is it enough if I raise a ticket on Github also?

#15

Sorry, I mixed the tickets :frowning :-(((

~It should be sufficient to add your findings to the open ticket.~

#16

Hi,

Thanks a lot mate!
Your help was really useful for Me!!!

Br,

Taki

#17

I see, those ticket was not related to this issue :S
Waiting for the right one :wink:

#18

Sorry, Gabor. After a quick search the only one related to DB issues (root / other users) seems to be issue 204 which you already know :-/.

#19

Ok, no prob.
I will raise a new Ticket :wink: