Unauthorized agents should be recorded into logs

[bmfmancini]

If you dont have a reverse DNS or IP set for the remote poller to verify the main poller
an error reporting you are not authorized to use this service should appear

However I am seeing it does not

here is the function

	if (get_nfilter_request_var('action') == 'runquery') {
		db_force_remote_cnn();
	}

	$poller_db_cnn_id = $remote_db_cnn_id;
} else {
	$poller_db_cnn_id = false;
}

if (!remote_client_authorized()) {
	print 'FATAL: Client authorization failed.  You are not authorized to use this service';
	exit;
}

set_default_action();


function remote_client_authorized() {
	global $config, $poller_db_cnn_id;

	/* don't allow to run from the command line */
	$client_addr = get_client_addr();
	if ($client_addr === false) {
		return false;
	}

	if (!filter_var($client_addr, FILTER_VALIDATE_IP)) {
		cacti_log('ERROR: Invalid remote agent client IP Address.  Exiting');
		return false;
	}

	$client_name = gethostbyaddr($client_addr);

	if ($client_name == $client_addr) {
		cacti_log('NOTE: Unable to resolve hostname from address ' . $client_addr, false, 'WEBUI', POLLER_VERBOSITY_MEDIUM);
	} else {
		$client_name = remote_agent_strip_domain($client_name);
	}

	$pollers = db_fetch_assoc('SELECT * FROM poller WHERE disabled = ""', true, $poller_db_cnn_id);

	if (cacti_sizeof($pollers) > 1) {
		foreach($pollers as $poller) {
			if (remote_agent_strip_domain($poller['hostname']) == $client_name) {
				return true;
			} elseif ($poller['hostname'] == $client_addr) {
				return true;
			}
		}
	}

	cacti_log("Unauthorized remote agent access attempt from $client_name ($client_addr)");

	return false;
}

``

[bmfmancini]

Viewing device on Master that is located on remote

Remote Poller Log does not record the access attempt

2024-04-13 11:36:05 - SYSTEM MAINT STATS: Time:0.01
2024-04-13 11:36:04 - SYSTEM STATS: Time:1.1237 Method:spine Processes:1 Threads:1 Hosts:1 HostsPerProcess:1 DataSources:1 RRDsProcessed:0
2024-04-13 11:35:05 - SYSTEM MAINT STATS: Time:0.02
2024-04-13 11:35:04 - SYSTEM STATS: Time:1.1288 Method:spine Processes:1 Threads:1 Hosts:1 HostsPerProcess:1 DataSources:1 RRDsProcessed:0
2024-04-13 11:34:05 - SYSTEM MAINT STATS: Time:0.02
2024-04-13 11:34:04 - SYSTEM STATS: Time:1.1233 Method:spine Processes:1 Threads:1 Hosts:1 HostsPerProcess:1 DataSources:1 RRDsProcessed:0

Main poller does not record the error as a unauthorized user but records

024-04-13 11:37:04 - SYSTEM STATS: Time:1.2344 Method:spine Processes:1 Threads:1 Hosts:1 HostsPerProcess:1 DataSources:5 RRDsProcessed:0
2024-04-13 11:36:18 - CMDPHP PHP ERROR WARNING Backtrace: (/host.php[143]:api_device_ping_device(), /lib/api_device.php[1504]:file_get_contents(), CactiErrorHandler())
2024-04-13 11:36:18 - ERROR PHP WARNING: file_get_contents(http://foo.bar.com/cacti/remote_agent.php?action=ping&host_id=2): Failed to open stream: HTTP request failed! in file: /var/www/html/cacti/lib/api_device.php on line: 1504

[TheWitness]

Can you do a pull request @bmfmancini ?

[bmfmancini]

That function is what already there
I'll do some debug haven't spent much time on it yet

[TheWitness]

Can the remote data collector even reach foo.bar.com? If it can not reach it, of course it will error out and the main data collector will never log an issue.

[bmfmancini]

the poller IP is correct but the hostname is differnt
So the main can reach the remote but it will not be authorized to admin any devices on it

[TheWitness]

So, the warning should be at the remote or at the main?

[bmfmancini]

Main you should get an error your not authorized to use this service Remote you should see an error unauthorized attempt or something like that

…

On Sun, Apr 14, 2024, 13:45 TheWitness ***@***.***> wrote: So, the warning should be at the remote or at the main? — Reply to this email directly, view it on GitHub <#5725 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ADGEXTDJPQHPSYNPOQFV4LTY5K6EPAVCNFSM6AAAAABGFRS7G2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANJUGEZTEMBUGA> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[bmfmancini]

To test this Have a remote setup and change the hostname only of the remote poller not the dB hostname just the collector hostname

…

On Sun, Apr 14, 2024, 13:47 Sean Mancini ***@***.***> wrote: Main you should get an error your not authorized to use this service Remote you should see an error unauthorized attempt or something like that On Sun, Apr 14, 2024, 13:45 TheWitness ***@***.***> wrote: > So, the warning should be at the remote or at the main? > > — > Reply to this email directly, view it on GitHub > <#5725 (comment)>, or > unsubscribe > <https://github.com/notifications/unsubscribe-auth/ADGEXTDJPQHPSYNPOQFV4LTY5K6EPAVCNFSM6AAAAABGFRS7G2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANJUGEZTEMBUGA> > . > You are receiving this because you were mentioned.Message ID: > ***@***.***> >

[TheWitness]

So, the current error is not good enough?

[TheWitness]

Or would you like it more meaningful? I would want to de-bounce notification for something like this for sure.

[bmfmancini]

It seems to be a regression

Usually the remote would log that an error has occurred and the main would display an authorization failure not thag it cannot connect to the poller