public function testIncorrectHashCausesAuthFailure()
{
$this->cookie_data['token'] = 'xxxxxxx';
$_COOKIE['ganglia_auth'] = serialize($this->cookie_data);
$auth = GangliaAuth::getInstance();
$this->assertFalse($auth->isAuthenticated());
$this->assertNull($auth->getUser());
}
}
$max_graphs_values = "<option value=0>all</option>";
foreach ($max_graphs_options as $key => $value) {
if ($max_graphs == $value) {
$max_graphs_values .= "<option selected>" . $value . "</option>";
} else {
$max_graphs_values .= "<option>" . $value . "</option>";
}
}
$data->assign("additional_filter_options", 'Show only nodes matching <input name=host_regex ' . $set_host_regex_value . '>' . '<input class="header_btn" type="SUBMIT" VALUE="Filter">' . ' <span class="nobr">Max graphs to show <select onChange="ganglia_submit();" name="max_graphs">' . $max_graphs_values . '</select></span>');
} else {
$data->assign("additional_filter_options", '');
}
if ($conf['auth_system'] == 'enabled') {
$data->assign('auth_system_enabled', true);
$username = sanitize(GangliaAuth::getInstance()->getUser());
$data->assign('username', $username);
} else {
$data->assign('auth_system_enabled', false);
$data->assign('username', null);
}
if ($conf['overlay_events'] == true) {
$data->assign('overlay_events', true);
}
$data->assign('selected_tab', $user['selected_tab']);
$data->assign('view_name', $user['viewname']);
$additional_buttons = "";
if ($context == 'views' || $context == 'decompose_graph' || $context == 'host') {
$additional_buttons = '<input title="Hide/Show Events" type="checkbox" id="show_all_events" onclick="showAllEvents(this.checked)"/><label for="show_all_events">Hide/Show Events</label>';
}
$data->assign('additional_buttons', $additional_buttons);
/**
* Check if current user has a privilege (view, edit, etc) on a resource.
* If resource is unspecified, we assume GangliaAcl::ALL.
*
* Examples
* checkAccess( GangliaAcl::ALL_CLUSTERS, GangliaAcl::EDIT, $conf ); // user has global edit?
* checkAccess( GangliaAcl::ALL_CLUSTERS, GangliaAcl::VIEW, $conf ); // user has global view?
* checkAccess( $cluster, GangliaAcl::EDIT, $conf ); // user can edit current cluster?
* checkAccess( 'cluster1', GangliaAcl::EDIT, $conf ); // user has edit privilege on cluster1?
* checkAccess( 'cluster1', GangliaAcl::VIEW, $conf ); // user has view privilege on cluster1?
*/
function checkAccess($resource, $privilege, $conf)
{
if (!is_array($conf)) {
trigger_error('checkAccess: $conf is not an array.', E_USER_ERROR);
}
if (!isset($conf['auth_system'])) {
trigger_error("checkAccess: \$conf['auth_system'] is not defined.", E_USER_ERROR);
}
switch ($conf['auth_system']) {
case 'readonly':
$out = $privilege == GangliaAcl::VIEW;
break;
case 'enabled':
// TODO: 'edit' needs to check for writeability of data directory. error log if edit is allowed but we're unable to due to fs problems.
$acl = GangliaAcl::getInstance();
$auth = GangliaAuth::getInstance();
if (!$auth->isAuthenticated()) {
$user = GangliaAcl::GUEST;
} else {
$user = $auth->getUser();
}
if (!$acl->has($resource)) {
$resource = GangliaAcl::ALL_CLUSTERS;
}
$out = false;
if ($acl->hasRole($user)) {
$out = (bool) $acl->isAllowed($user, $resource, $privilege);
}
// error_log("checkAccess() user=$user, resource=$resource, priv=$privilege == $out");
break;
case 'disabled':
$out = true;
break;
default:
trigger_error("Invalid value '" . $conf['auth_system'] . "' for \$conf['auth_system'].", E_USER_ERROR);
return false;
}
return $out;
}
public function destroyAuthCookie()
{
setcookie('ganglia_auth', '', time());
self::$auth = null;
}
<?php
require_once 'eval_conf.php';
$auth = GangliaAuth::getInstance();
$auth->destroyAuthCookie();
$redirect_to = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'index.php';
header("Location: {$redirect_to}");
