public function testIncorrectHashCausesAuthFailure() { $this->cookie_data['token'] = 'xxxxxxx'; $_COOKIE['ganglia_auth'] = serialize($this->cookie_data); $auth = GangliaAuth::getInstance(); $this->assertFalse($auth->isAuthenticated()); $this->assertNull($auth->getUser()); }
} $max_graphs_values = "<option value=0>all</option>"; foreach ($max_graphs_options as $key => $value) { if ($max_graphs == $value) { $max_graphs_values .= "<option selected>" . $value . "</option>"; } else { $max_graphs_values .= "<option>" . $value . "</option>"; } } $data->assign("additional_filter_options", 'Show only nodes matching <input name=host_regex ' . $set_host_regex_value . '>' . '<input class="header_btn" type="SUBMIT" VALUE="Filter">' . ' <span class="nobr">Max graphs to show <select onChange="ganglia_submit();" name="max_graphs">' . $max_graphs_values . '</select></span>'); } else { $data->assign("additional_filter_options", ''); } if ($conf['auth_system'] == 'enabled') { $data->assign('auth_system_enabled', true); $username = sanitize(GangliaAuth::getInstance()->getUser()); $data->assign('username', $username); } else { $data->assign('auth_system_enabled', false); $data->assign('username', null); } if ($conf['overlay_events'] == true) { $data->assign('overlay_events', true); } $data->assign('selected_tab', $user['selected_tab']); $data->assign('view_name', $user['viewname']); $additional_buttons = ""; if ($context == 'views' || $context == 'decompose_graph' || $context == 'host') { $additional_buttons = '<input title="Hide/Show Events" type="checkbox" id="show_all_events" onclick="showAllEvents(this.checked)"/><label for="show_all_events">Hide/Show Events</label>'; } $data->assign('additional_buttons', $additional_buttons);
/** * Check if current user has a privilege (view, edit, etc) on a resource. * If resource is unspecified, we assume GangliaAcl::ALL. * * Examples * checkAccess( GangliaAcl::ALL_CLUSTERS, GangliaAcl::EDIT, $conf ); // user has global edit? * checkAccess( GangliaAcl::ALL_CLUSTERS, GangliaAcl::VIEW, $conf ); // user has global view? * checkAccess( $cluster, GangliaAcl::EDIT, $conf ); // user can edit current cluster? * checkAccess( 'cluster1', GangliaAcl::EDIT, $conf ); // user has edit privilege on cluster1? * checkAccess( 'cluster1', GangliaAcl::VIEW, $conf ); // user has view privilege on cluster1? */ function checkAccess($resource, $privilege, $conf) { if (!is_array($conf)) { trigger_error('checkAccess: $conf is not an array.', E_USER_ERROR); } if (!isset($conf['auth_system'])) { trigger_error("checkAccess: \$conf['auth_system'] is not defined.", E_USER_ERROR); } switch ($conf['auth_system']) { case 'readonly': $out = $privilege == GangliaAcl::VIEW; break; case 'enabled': // TODO: 'edit' needs to check for writeability of data directory. error log if edit is allowed but we're unable to due to fs problems. $acl = GangliaAcl::getInstance(); $auth = GangliaAuth::getInstance(); if (!$auth->isAuthenticated()) { $user = GangliaAcl::GUEST; } else { $user = $auth->getUser(); } if (!$acl->has($resource)) { $resource = GangliaAcl::ALL_CLUSTERS; } $out = false; if ($acl->hasRole($user)) { $out = (bool) $acl->isAllowed($user, $resource, $privilege); } // error_log("checkAccess() user=$user, resource=$resource, priv=$privilege == $out"); break; case 'disabled': $out = true; break; default: trigger_error("Invalid value '" . $conf['auth_system'] . "' for \$conf['auth_system'].", E_USER_ERROR); return false; } return $out; }
public function destroyAuthCookie() { setcookie('ganglia_auth', '', time()); self::$auth = null; }
<?php require_once 'eval_conf.php'; $auth = GangliaAuth::getInstance(); $auth->destroyAuthCookie(); $redirect_to = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'index.php'; header("Location: {$redirect_to}");