[OpenSIPS-Users] OpenSIPS Control Panel 8.2.4 was released

Bogdan-Andrei Iancu bogdan at opensips.org
Tue Nov 6 16:16:46 EST 2018 

Hi Arto,

Indeed, there is an issue: a newly created access user can got receive 
permissions to manage the access users. Basically only the initial 
"admin" has the ability to create new access users.
We are working on a solution to this issue, thanks for the report.

Best regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   http://www.opensips-solutions.com
OpenSIPS Bootcamp 2018
   http://opensips.org/training/OpenSIPS_Bootcamp_2018/

On 11/06/2018 01:29 PM, Arto Kuiri wrote:
> Hi,
>
> I think there is still something at control panel's user management. You cannot create another admin user from UI. Even
> if you select read-write permission to all modules for new user, it cannot access to Users (at top panel).  If you change manually
> permissions field at database from "read-write, read-wri...." to "all" it will work.
>
> I think there should be own permission settings for "Control Panel Users" ?
>
> Best regards,
> Arto Kuiri
>
>
> Lähettäjä: Users <users-bounces at lists.opensips.org> käyttäjän Bogdan-Andrei Iancu <bogdan at opensips.org> puolesta
> Lähetetty: maanantai 5. marraskuuta 2018 19.10
> Vastaanottaja: john.quick at smartvox.co.uk; users at lists.opensips.org
> Aihe: Re: [OpenSIPS-Users] OpenSIPS Control Panel 8.2.4 was released
>  
> Hi John,
>
> Thanks for all your testing - this is something that we so most
> appreciate ;).
>
> To help us even more, could you please split the report (you have in the
> email) as individual issues and create corresponding tickets on github:
>          https://github.com/OpenSIPS/opensips-cp/issues
>
> Best regards,
>
> Bogdan-Andrei Iancu
>
> OpenSIPS Founder and Developer
>    http://www.opensips-solutions.com
> OpenSIPS Bootcamp 2018
>    http://opensips.org/training/OpenSIPS_Bootcamp_2018/
>
> On 11/05/2018 04:59 PM, John Quick wrote:
> > Hello Bogdan,
> >
> > Thanks for releasing a new version of the Control Panel. There are some
> > great new features in this version that I want to try.
> >
> > I have been testing OCP v8 on a CentOS 6 server. I'm finding quite a lot of
> > errors - it is possible some of these are associated with the operating
> > system or the version of PHP I am using. PHP is v 5.3.3
> >
> > The most critical problem for me concerns administrator access: I am unable
> > to change the password for the admin user.
> > As a precaution, I created a new admin user with a different name and then
> > tried to revoke the key privileges of the original admin user, but this made
> > no difference until I edited the source code and changed the tool name
> > passed to the get_priv() function as detailed below.
> >
> > Here are my full notes on the problems encountered so far and code
> > adjustments I have made:
> > In login.php: Warns me "It is not safe to rely on the systems timezone
> > settings. You are required to use date.timezone or
> > date_default_timezone_set() function".   As a work-around, I added calls to
> > date_default_timezone_set("Europe/London") in a couple of places to stop
> > these warnings being written.
> >
> > Many of the tabs display a blank page. In the httpd log file; the httpd log
> > files shows errors about "unexpected [".  When I look up the file and line
> > number shown in the httpd log message, it's always a line that calls the
> > die() function to handle failure of an SQL request.
> > I found it was due to the use of "errorInfo()[2]".  If you remove the [2],
> > it doesn't give an error and the page is rendered too.
> >
> > Used grep to find every case like this:
> >        # grep -rl "errorInfo()\[" .
> >        ./users/user_management/template/user_management.main.php
> >        ./users/acl_management/template/acl_management.main.php
> >        ./system/dialplan/template/dialplan.main.php
> >        ./system/dialplan/dialplan.php
> >        ./system/siptrace/template/tracer.main.php
> >        ./system/drouting/template/groups.main.php
> >        ./system/drouting/template/rules.main.php
> >        ./system/drouting/template/carriers.main.php
> >        ./system/drouting/template/gateways.main.php
> >        ./system/drouting/lib/carriers.test.inc.php
> >        ./system/drouting/lib/carriers.functions.inc.php
> >        ./system/tls_mgm/lib/data_loader.php
> >        ./system/loadbalancer/template/loadbalancer.main.php
> >        ./system/dispatcher/template/dispatcher.main.php
> >        ./system/dispatcher/template/dispatcher.form.php
> >        ./system/tviewer/lib/data_loader.php
> >        ./system/callcenter/lib/data_loader.php
> >        ./admin/list_admins/template/list_admins.main.php
> >
> > Admin Access Control
> > I cannot find a way to change the admin password. It always accepts the
> > password of "opensips" even after resetting it in the Admin User editing
> > form and also deleting it from the field "password" in the
> > ocp_admin_privileges table. On further testing, I then found that none of
> > the changes I make to the admin user get saved to the DB - not just the
> > password, but also the first name and last name fields.
> >
> > Access privileges were not working to restrict whether the logged-in user
> > could change their own (and other people's) admin privileges.
> > Found this was because the get_priv() function was being called with the
> > argument set to "list_admins" and that the arrays used to store access
> > privileges only have a key called "user_management" and do not have one for
> > "list_admins".  There are no lines of code to act as a "catch-all" in the
> > get_priv() function so if the tool name passed to the function does not
> > match any of the known tab names, then it fails to set the session variable
> > read_only. The absence of any value is then treated as "grant full access"
> > in the corresponding module so it is not very safe.
> > As a work-around, I edited web/tools/admin/list_admins/index.php and changed
> > the following line:
> > << get_priv("list_admins");
> >>> get_priv("user_management");
> > John Quick
> > Smartvox Limited
> >
> >
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> </bogdan at opensips.org></users-bounces at lists.opensips.org>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

More information about the Users mailing list