Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-10147

"auth" object in "zabbix.status" json-rpc call, to get zabbix server global status etc, is actually ignored

    XMLWordPrintable

    Details

    • Type: Incident report
    • Status: Open
    • Priority: Trivial
    • Resolution: Unresolved
    • Affects Version/s: 2.0.16, 2.2.11, 2.4.6
    • Fix Version/s: None
    • Component/s: Frontend (F)
    • Labels:

      Description

      While frontend sends json data like:

      {"jsonrpc": "2.0", "method": "zabbix.status", "params": {"nocache": true}, "auth": "b5a5f54c05a066a02cefc71cf0f3543f", "id": 2}
      

      But it appeared to be true that cookie "zbx_sessionid=b5a5f54c05a066a02cefc71cf0f3543f" is actually required instead of the "auth" object to authenticate such request.
      Confirmed for 2.0.6 and 2.4.7

      Why do we additionally include "auth" object in json data when we send request to a web server hosting zabbix frontend?
      It misleads users who, for example, wants to perform such calls from own developed applications!

      I suggest to remove unused things from json data.

      Note - the cookie is required only if Guest user is disabled, which is true in most production installations.
      With Guest enable - the cookie is not required at all.

      Working example when Guest disabled:

      # curl -i -X POST -H 'Content-Type:application/json-rpc' -H 'Cookie: zbx_sessionid=b5a5f54c05a066a02cefc71cf0f3543f' -d '{"jsonrpc":"2.0","method":"zabbix.status","params": {"nocache": true},"id":1}' http://localhost/dev/2.4/jsrpc.php?output=json-rpc
      

      result:

      {"jsonrpc":"2.0","result":{"result":false,"message":"Zabbix server is not running: the information displayed may not be current."},"id":1}
      

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            zalex_ua Oleksii Zagorskyi
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: