[ZBX-14496] Operation cannot be performed due to unauthorized request. ( Filtering of LLD prototypes ) Created: 2018 Jun 18  Updated: 2024 Apr 10  Resolved: 2018 Sep 13

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: Frontend (F)
Affects Version/s: 4.0.0alpha8
Fix Version/s: 3.0.22rc1, 3.4.14rc1, 4.0.0beta2, 4.0 (plan)

Type: Incident report Priority: Trivial
Reporter: Dmitrijs Lamberts Assignee: Andrejs Griščenko
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: File change-status-and-group.mp4    
Issue Links:
Duplicate
is duplicated by ZBX-11030 Error "Operation cannot be performed ... Closed
Sub-task
depends on ZBX-14805 Unauthorized request error when reset... Closed
Team: Team B
Team: Team B
Sprint: Sprint 37, Sprint 38, Sprint 39, Sprint 40, Sprint 41, Sprint 42
Story Points: 2

 Description   

Open any Low level discovery rule with prototypes.
Open page with prototypes.
Enable/Disable one of the prototypes
Click on Group by Status

Details Zabbix has received an incorrect request.
Operation cannot be performed due to unauthorized request.

 Comments   
Comment by Aigars Kadikis [ 2018 Jun 19 ]

This can be reproduced on 3.0.18 and 3.4.10.

change-status-and-group.mp4

Here the debug log:

******************** Script profiler ********************
Total time: 0.031745
Total SQL time: 0.006173
SQL count: 16 (selects: 12 | executes: 4)
Peak memory usage: 6.5M
Memory limit: 128M


SQL (7.4E-5): SET NAMES utf8
host_discovery.php:22 → require_once() → ZBase->run() → ZBase->initDB() → DBconnect() → DBexecute() in include/db.inc.php:63

SQL (0.000618): SHOW TABLES LIKE 'dbversion'
host_discovery.php:22 → require_once() → ZBase->run() → ZBase->initDB() → DBconnect() → DbBackend->checkDbVersion() → MysqlDbBackend->checkDbVersionTable() → DBselect() in include/classes/db/MysqlDbBackend.php:32

SQL (0.000178): SELECT dv.mandatory,dv.optional FROM dbversion dv
host_discovery.php:22 → require_once() → ZBase->run() → ZBase->initDB() → DBconnect() → DbBackend->checkDbVersion() → DBselect() in include/classes/db/DbBackend.php:46

SQL (0.000116): SELECT NULL FROM config c
host_discovery.php:22 → require_once() → ZBase->run() → ZBase->initDB() → DBconnect() → DbBackend->checkConfig() → DBselect() in include/classes/db/DbBackend.php:62

SQL (0.000125): BEGIN
host_discovery.php:22 → require_once() → ZBase->run() → ZBase->authenticateUser() → CWebUser::checkAuthentication() → CFrontendApiWrapper->checkAuthentication() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → DBstart() → DBexecute() in include/db.inc.php:250

SQL (0.000379): SELECT u.userid,u.autologout,s.lastaccess FROM sessions s,users u WHERE s.sessionid='7b2ceba293b639d73c21bc69187e2910' AND s.status=0 AND s.userid=u.userid AND (s.lastaccess+u.autologout>1529390060 OR u.autologout=0)
host_discovery.php:22 → require_once() → ZBase->run() → ZBase->authenticateUser() → CWebUser::checkAuthentication() → CFrontendApiWrapper->checkAuthentication() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CUser->checkAuthentication() → DBselect() in include/classes/api/services/CUser.php:1205

SQL (0.000413): SELECT g.usrgrpid FROM usrgrp g,users_groups ug WHERE ug.userid='1' AND g.usrgrpid=ug.usrgrpid AND g.users_status=1 LIMIT 1 OFFSET 0
host_discovery.php:22 → require_once() → ZBase->run() → ZBase->authenticateUser() → CWebUser::checkAuthentication() → CFrontendApiWrapper->checkAuthentication() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CUser->checkAuthentication() → check_perm2system() → DBselect() in include/perm.inc.php:75

SQL (0.000282): UPDATE sessions SET lastaccess=1529390060 WHERE userid='1' AND sessionid='7b2ceba293b639d73c21bc69187e2910'
host_discovery.php:22 → require_once() → ZBase->run() → ZBase->authenticateUser() → CWebUser::checkAuthentication() → CFrontendApiWrapper->checkAuthentication() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CUser->checkAuthentication() → DBexecute() in include/classes/api/services/CUser.php:1230

SQL (0.000293): SELECT MAX(g.gui_access) AS gui_access FROM usrgrp g,users_groups ug WHERE ug.userid='1' AND g.usrgrpid=ug.usrgrpid
host_discovery.php:22 → require_once() → ZBase->run() → ZBase->authenticateUser() → CWebUser::checkAuthentication() → CFrontendApiWrapper->checkAuthentication() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CUser->checkAuthentication() → DBselect() in include/classes/api/services/CUser.php:1238

SQL (0.000227): SELECT u.userid,u.alias,u.name,u.surname,u.url,u.autologin,u.autologout,u.lang,u.refresh,u.type, u.theme,u.attempt_failed,u.attempt_ip,u.attempt_clock,u.rows_per_page FROM users u WHERE u.userid='1'
host_discovery.php:22 → require_once() → ZBase->run() → ZBase->authenticateUser() → CWebUser::checkAuthentication() → CFrontendApiWrapper->checkAuthentication() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CUser->checkAuthentication() → CUser->_getUserData() → DBselect() in include/classes/api/services/CUser.php:1262

SQL (0.00031): SELECT ug.userid FROM usrgrp g,users_groups ug WHERE ug.userid='1' AND g.usrgrpid=ug.usrgrpid AND g.debug_mode=1
host_discovery.php:22 → require_once() → ZBase->run() → ZBase->authenticateUser() → CWebUser::checkAuthentication() → CFrontendApiWrapper->checkAuthentication() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → call_user_func_array() → CUser->checkAuthentication() → CUser->_getUserData() → DBselect() in include/classes/api/services/CUser.php:1270

SQL (0.001204): COMMIT
host_discovery.php:22 → require_once() → ZBase->run() → ZBase->authenticateUser() → CWebUser::checkAuthentication() → CFrontendApiWrapper->checkAuthentication() → CApiWrapper->__call() → CFrontendApiWrapper->callMethod() → CApiWrapper->callMethod() → CFrontendApiWrapper->callClientMethod() → CLocalApiClient->callMethod() → DBend() → DBcommit() → DBexecute() in include/db.inc.php:311

SQL (0.000856): SELECT type,value_id,value_int,value_str,idx2 FROM profiles WHERE userid=1 AND idx='web.menu.config.last'
host_discovery.php:31 → require_once() → zbx_construct_menu() → CProfile::update() → CProfile::get() → DBselect() in include/classes/user/CProfile.php:107

SQL (0.000465): SELECT c.* FROM config c
host_discovery.php:31 → require_once() → select_config() → DBselect() in include/profiles.inc.php:33

SQL (0.000361): SELECT type,value_id,value_int,value_str,idx2 FROM profiles WHERE userid=1 AND idx='web.login.attempt.failed'
host_discovery.php:31 → require_once() → CProfile::get() → DBselect() in include/classes/user/CProfile.php:107

SQL (0.000272): SELECT type,value_id,value_int,value_str,idx2 FROM profiles WHERE userid=1 AND idx='web.paging.lastpage'
host_discovery.php:122 → check_fields() → invalid_url() → require_once() → CProfile::update() → CProfile::get() → DBselect() in include/classes/user/CProfile.php:107
Comment by Andrejs Griščenko [ 2018 Aug 27 ]

Fixed in development branch svn://svn.zabbix.com/branches/dev/ZBX-14496

Comment by Andrejs Griščenko [ 2018 Sep 04 ]

Fixed in:

  • 3.0.22rc1 r84483
  • 3.4.14rc1 r84538
  • 4.0.0beta2 (trunk) r84555
Generated at Sat Apr 20 15:49:11 EEST 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.