[omd-commits] OMD Git: omd: nagios: fix groups cgiauth permission bug

Sat Jun 25 17:00:07 CEST 2011

Module:   omd
Branch:   master
Commit:   101d5d95c6de8938bd3a31578bd2f0e37d46635b
URL:      http://omdistro.org/projects/omd/repository/revisions/101d5d95c6de8938bd3a31578bd2f0e37d46635b

Author:   Sven Nierlein <sven at nierlein.de>
Date:     Mon Jun 20 16:06:50 2011 +0200
Commiter: Sven Nierlein <sven at nierlein.de>
Date:     Sat Jun 25 16:59:33 2011 +0200

nagios: fix groups cgiauth permission bug

Signed-off-by: Sven Nierlein <sven at nierlein.de>

---

 .../patches/0015-host_servicegroup_auth_fix.dif    |   80 ++++++++++++++++++++
 1 files changed, 80 insertions(+), 0 deletions(-)

diff --git a/packages/nagios/patches/0015-host_servicegroup_auth_fix.dif b/packages/nagios/patches/0015-host_servicegroup_auth_fix.dif
new file mode 100644
index 0000000..03f7c39
--- /dev/null
+++ b/packages/nagios/patches/0015-host_servicegroup_auth_fix.dif
@@ -0,0 +1,80 @@
+Index: trunk/cgi/cmd.c
+===================================================================
+--- trunk/cgi/cmd.c	(revision 1749)
++++ trunk/cgi/cmd.c	(working copy)
+@@ -1735,7 +1735,7 @@
+ 
+ 		/* see if the user is authorized to issue a command... */
+ 		temp_hostgroup=find_hostgroup(hostgroup_name);
+-		if(is_authorized_for_hostgroup(temp_hostgroup,&current_authdata)==TRUE)
++		if(is_authorized_for_hostgroup_commands(temp_hostgroup,&current_authdata)==TRUE)
+ 			authorized=TRUE;
+ 
+ 		/* clean up the comment data if scheduling downtime */
+@@ -1776,7 +1776,7 @@
+ 		/* see if the user is authorized to issue a command... */
+ 
+ 		temp_servicegroup=find_servicegroup(servicegroup_name);
+-		if(is_authorized_for_servicegroup(temp_servicegroup,&current_authdata)==TRUE)
++		if(is_authorized_for_servicegroup_commands(temp_servicegroup,&current_authdata)==TRUE)
+ 			authorized=TRUE;
+ 
+ 		break;
+Index: trunk/cgi/cgiauth.c
+===================================================================
+--- trunk/cgi/cgiauth.c	(revision 1749)
++++ trunk/cgi/cgiauth.c	(working copy)
+@@ -486,3 +486,39 @@
+         }
+ 
+ 
++/* check is the current user is authorized to issue commands relating to a particular servicegroup */
++int is_authorized_for_servicegroup_commands(servicegroup *sg, authdata *authinfo){
++	servicesmember *temp_servicesmember;
++	service *temp_service;
++
++	if(sg==NULL)
++		return FALSE;
++
++	/* see if user is authorized for all services commands in the servicegroup */
++	for(temp_servicesmember=sg->members;temp_servicesmember!=NULL;temp_servicesmember=temp_servicesmember->next){
++		temp_service=find_service(temp_servicesmember->host_name,temp_servicesmember->service_description);
++		if(is_authorized_for_service_commands(temp_service,authinfo)==FALSE)
++			return FALSE;
++	        }
++
++	return TRUE;
++        }
++
++
++/* check is the current user is authorized to issue commands relating to a particular hostgroup */
++int is_authorized_for_hostgroup_commands(hostgroup *hg, authdata *authinfo){
++	hostsmember *temp_hostsmember;
++	host *temp_host;
++
++	if(hg==NULL)
++		return FALSE;
++
++	/* see if user is authorized for all hosts in the hostgroup */
++	for(temp_hostsmember=hg->members;temp_hostsmember!=NULL;temp_hostsmember=temp_hostsmember->next){
++		temp_host=find_host(temp_hostsmember->host_name);
++		if(is_authorized_for_host_commands(temp_host,authinfo)==FALSE)
++			return FALSE;
++	        }
++
++	return TRUE;
++        }
+Index: trunk/include/cgiauth.h
+===================================================================
+--- trunk/include/cgiauth.h	(revision 1749)
++++ trunk/include/cgiauth.h	(working copy)
+@@ -63,6 +63,9 @@
+ int is_authorized_for_hostgroup(hostgroup *,authdata *);
+ int is_authorized_for_servicegroup(servicegroup *,authdata *);
+ 
++int is_authorized_for_hostgroup_commands(hostgroup *,authdata *);
++int is_authorized_for_servicegroup_commands(servicegroup *,authdata *);
++
+ int is_authorized_for_configuration_information(authdata *);
+ 
+ int is_authorized_for_read_only(authdata *);

