[horde] alarms - permission denied

Michael Redinger Michael.Redinger at uibk.ac.at
Mon Mar 17 21:00:18 UTC 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Jan Schneider wrote:
> Zitat von Michael Redinger <Michael.Redinger at uibk.ac.at>:
> 
>> ok, I tried to track this down:
>>
>> I call the alarm script eg. as root like this:
>>
>> /usr/bin/php /var/www/html/horde/admin/alarms.php
>>
>> alarms.php checks if the user has admin permissions:
>> if (!Auth::isAdmin()) {
>>     Horde::authenticationFailureRedirect();
>> }
> 
> These lines don't exist in alarms.php.

Oops, sorry, at some point I got the file wrong (admin/alarms.php
instead of scripts/alarm.php).
However, the problem is real, "only" the description was wrong ... And
if I read the code correctly, the question stays the same:
How should the session be set correctly by the alarm script if called
from the command line?
Back to scripts/alarms.php:

I tracked the problem down to kronolith/lib/api.php, function
_kronolith_listAlarms($time, $user = null) (same for nag):

$current_user = Auth::getAuth();
if ((empty($user) || $user != $current_user) && !Auth::isAdmin()) {

If I read the code correctly, scripts/alarms.php calls the alarm notify
function with the user set to null (first parameter). This function then
calls notify, which calls listAlarms, which calls load. Next,
$registry->callByPackage actually switches to the kronolith api
(listAlarms).

All the time the $user value set in alarms.php (null) is used. I tried
to set it to eg. 'root' manually. The user value is then set to root
even in _kronolith_listAlarms . However, Auth::getAuth() sets
$current_user to null, so it is different from $user. Auth::isAdmin
calls Auth::getAuth too, so $user is not used there.
I then set the session parameters, too
($_SESSION['__auth']['authenticated'] and
$_SESSION['__auth']['userId']). Now the script runs - at least it passes
this test in _kronolith_listAlarms (I  do not know yet if it works).

But I suppose I am just playing around with the symptons and do not
really fix the problem ...

Thanks,
Michael

- --
Michael Redinger
Zentraler Informatikdienst (Central IT Services)
Universitaet Innsbruck
Technikerstrasse 13                    Tel.: ++43 512 507 2335
6020 Innsbruck                         Fax.: ++43 512 507 949 02335
Austria                                Mail: Michael.Redinger at uibk.ac.at
BB98 D2FE 0F2C 2658 3780  3CB1 0FD7 A9D9 65C2 C11D
http://homepage.uibk.ac.at/~c102mr/mred-pubkey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFH3tvhD9ep2WXCwR0RAhHxAJ9HV8qVOJOmHH+RfyBoSjd8UYl6agCgthOn
8j4F4rGOBBL4b/A3me3n9cc=
=7PEy
-----END PGP SIGNATURE-----


More information about the horde mailing list