Module: check_mk
Branch: master
Commit: d9f73df0e5778de97a057c4bccacf705b7298b80
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=d9f73df0e5778d…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Fri May 30 16:30:35 2014 +0200
rm wato_include_hosts.mk
---
doc/treasures/wato_include_hosts.mk | 68 -----------------------------------
1 file changed, 68 deletions(-)
diff --git a/doc/treasures/wato_include_hosts.mk b/doc/treasures/wato_include_hosts.mk
deleted file mode 100644
index 9ae3fcb..0000000
--- a/doc/treasures/wato_include_hosts.mk
+++ /dev/null
@@ -1,68 +0,0 @@
-
-# This file needs to be appended to the existing hosts.mk file
-# Upon parsing the hosts.mk file the include dir is evaluated.
-# Within the include dir there are host definition files with the format
-#
-# ipaddress:1.2.3.4
-# tag_agent:cmk-agent
-# tag_criticality:critical
-# tag_networking:lan
-# alias:Alias of Host A
-#
-# If the WATO folder is saved the already existing hosts are merged with
-# the hosts of the included files. After the hosts.mk is newly written this
-# script appendix is removed, too.
-
-_include_dir = ".devops"
-
-import os, inspect
-def add_host_data(_filename):
- global all_hosts, host_attributes, ipaddresses, extra_host_conf
-
- try:
- _host_ip = None
- _tags_plain = []
- _host_attributes = {}
- _alias = None
-
- _lines = file(_filename).readlines()
- _hostname = os.path.basename(_filename)
- for _line in _lines:
- _what, _data = _line.split(":",1)
- _data = _data[:-1]
- if _what.startswith("tag_"):
- _tags_plain.append(_data)
- elif _what == "ipaddress":
- _host_ip = _data
- elif _what == "alias":
- _alias = _data
- _host_attributes.update({_what: _data})
-
-
- all_hosts += [ _hostname + "|" + "|".join(_tags_plain) + "|/" + FOLDER_PATH + "/" ]
- if _host_ip:
- ipaddresses.update({_hostname: _host_ip})
-
- if _alias:
- extra_host_conf.setdefault('alias', []).extend([(_alias, [_hostname])])
-
- host_attributes.update({_hostname: _host_attributes})
- except Exception, e:
- pass
-
-_hosts_mk_path = os.path.dirname(inspect.getsourcefile(lambda _: None))
-for _dirpath, _dirname, _filenames in os.walk(_hosts_mk_path + "/" + _include_dir):
- for _filename in _filenames:
- if _filename.startswith("."):
- continue
- # Host ist bereits im Montoring -> nichts weiter tun
- for _hh in all_hosts:
- if _hh.startswith(_filename + "|"):
- continue
-
- # Host ins monitoring aufnehmen
- add_host_data("%s/%s" % (_dirpath, _filename))
-
-
-# TODO: remove hosts where no include file pendant is available
-# This can be done by evaluating the host tag for the wato folder
Module: check_mk
Branch: master
Commit: c836ddc57e17315cdb7c18aec3fc2ea4c2b61bb8
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=c836ddc57e1731…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Fri May 30 15:16:46 2014 +0200
wato_include_hosts: more comments
---
doc/treasures/wato_include_hosts | 1 +
1 file changed, 1 insertion(+)
diff --git a/doc/treasures/wato_include_hosts b/doc/treasures/wato_include_hosts
index 4a86bf8..32fcf05 100644
--- a/doc/treasures/wato_include_hosts
+++ b/doc/treasures/wato_include_hosts
@@ -20,6 +20,7 @@ _remove_unknown_hosts = True
# TODO: add the complete include dir from a shadow path so they do not
# interfere with the rest of the configuration
+# TODO: exit if this script is appened multiple times to a hosts.mk file
import os, inspect
def add_host_data(_filename):
global all_hosts, host_attributes, ipaddresses, extra_host_conf
Module: check_mk
Branch: master
Commit: 9d8a3ab002aa9774808d7cea8afc49f9e848e3de
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=9d8a3ab002aa97…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Fri May 30 15:02:49 2014 +0200
updated wato_include_hosts
---
doc/treasures/wato_include_hosts | 89 ++++++++++++++++++++++++++++++++++++++
1 file changed, 89 insertions(+)
diff --git a/doc/treasures/wato_include_hosts b/doc/treasures/wato_include_hosts
new file mode 100644
index 0000000..4a86bf8
--- /dev/null
+++ b/doc/treasures/wato_include_hosts
@@ -0,0 +1,89 @@
+
+# This file needs to be appended to the existing hosts.mk file
+# Upon parsing the hosts.mk file the include dir is evaluated.
+# Within the include dir there are host definition files with the format
+#
+# ipaddress:1.2.3.4
+# tag_agent:cmk-agent
+# tag_criticality:critical
+# tag_networking:lan
+# alias:Alias of Host A
+#
+# If the WATO folder is saved the already existing hosts are merged with
+# the hosts of the included files. After the hosts.mk is newly written this
+# script appendix is removed, too.
+
+# Configuration options
+_include_dir = ".devops"
+_remove_unknown_hosts = True
+
+# TODO: add the complete include dir from a shadow path so they do not
+# interfere with the rest of the configuration
+
+import os, inspect
+def add_host_data(_filename):
+ global all_hosts, host_attributes, ipaddresses, extra_host_conf
+
+ try:
+ _host_ip = None
+ _tags_plain = []
+ _host_attributes = {}
+ _alias = None
+
+ _lines = file(_filename).readlines()
+ _hostname = os.path.basename(_filename)
+ # Parse data
+ for _line in _lines:
+ _what, _data = _line.split(":",1)
+ _data = _data[:-1]
+ if _what.startswith("tag_"):
+ _tags_plain.append(_data)
+ elif _what == "ipaddress":
+ _host_ip = _data
+ elif _what == "alias":
+ _alias = _data
+ _host_attributes.update({_what: _data})
+
+ # Add data to config
+ all_hosts += [ _hostname + "|" + "|".join(_tags_plain) + "|/" + FOLDER_PATH + "/" ]
+ if _host_ip:
+ ipaddresses.update({_hostname: _host_ip})
+
+ if _alias:
+ extra_host_conf.setdefault('alias', []).extend([(_alias, [_hostname])])
+
+ host_attributes.update({_hostname: _host_attributes})
+ except Exception, e:
+ pass
+
+_hosts_mk_path = os.path.dirname(inspect.getsourcefile(lambda _: None))
+for _dirpath, _dirname, _filenames in os.walk(_hosts_mk_path + "/" + _include_dir):
+ for _filename in _filenames:
+ if _filename.startswith("."):
+ continue
+ for _hh in all_hosts:
+ if _hh.startswith(_filename + "|"):
+ # Host already in config
+ break
+ else:
+ # Add host to config
+ add_host_data("%s/%s" % (_dirpath, _filename))
+
+
+# Remove any hosts with no avaiable include files
+if _remove_unknown_hosts:
+ _hosts_to_remove = []
+ for _idx, _hh in enumerate(all_hosts):
+ print _idx, _hh
+ if _hh.endswith("|/%s/" % FOLDER_PATH):
+ _hostname = _hh.split("|",1)[0]
+ if _hostname not in _filenames:
+ _hosts_to_remove.append( (_hostname, _idx) )
+
+ for _hostname, _idx in _hosts_to_remove[::-1]:
+ del all_hosts[_idx]
+ if _hostname in ipaddresses:
+ del ipaddresses[_hostname]
+ if _hostname in host_attributes:
+ del host_attributes[_hostname]
+
Module: check_mk
Branch: master
Commit: 056843cfe84c5dec9798db5e596661c619ac5b19
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=056843cfe84c5d…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Fri May 30 13:40:19 2014 +0200
WATO snapshots: disabled upload of legacy snaphots and snapshots with invalid checksums
The upload of insecure snapshots has been disabled per default, because those
snapshots represent a security risk if their content were modified willingly or unwillingly.
Insecure snapshots are all legacy snapshots and snapshots of the newer type, but with an invalid checksum.
You can re-enable the upload of insecure snapshots via the new global setting<br>
<tt>Configuration GUI (WATO) -> Allow upload of insecure WATO snapshots</tt>
---
.werks/930 | 13 ++++++++++++
ChangeLog | 1 +
web/htdocs/wato.py | 18 ++++++++++++++++
web/plugins/config/wato.py | 31 ++++++++++++++--------------
web/plugins/wato/check_mk_configuration.py | 11 ++++++++++
5 files changed, 59 insertions(+), 15 deletions(-)
diff --git a/.werks/930 b/.werks/930
new file mode 100644
index 0000000..58ef00e
--- /dev/null
+++ b/.werks/930
@@ -0,0 +1,13 @@
+Title: WATO snapshots: disabled upload of legacy snaphots and snapshots with invalid checksums
+Level: 2
+Component: wato
+Version: 1.2.5i3
+Date: 1401449745
+Class: feature
+
+The upload of insecure snapshots has been disabled per default, because those
+snapshots represent a security risk if their content were modified willingly or unwillingly.
+Insecure snapshots are all legacy snapshots and snapshots of the newer type, but with an invalid checksum.
+
+You can re-enable the upload of insecure snapshots via the new global setting<br>
+<tt>Configuration GUI (WATO) -> Allow upload of insecure WATO snapshots</tt>
diff --git a/ChangeLog b/ChangeLog
index 2cce4dc..1bbfc65 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -119,6 +119,7 @@
* 0965 Cumulative permissions and contact groups for WATO folders...
* 0973 Renaming of hosts via WATO...
* 0976 Show preview of active and custom checks in WATO services table...
+ * 0930 WATO snapshots: disabled upload of legacy snaphots and snapshots with invalid checksums...
* 0781 FIX: host diag page: fixed problem with update of diagnose subwindows...
* 0904 FIX: Fixed exception in host parameter overview...
* 0971 FIX: Fix missing authentication of PHP addons in D-WATO when activation mode is reload...
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index f1ecc41..d5731d5 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -6780,6 +6780,24 @@ def mode_snapshot(phase):
if status.get("broken"):
raise MKUserError("_upload_file", _("This is not a Check_MK snapshot!<br>%s") % \
status.get("broken_text"))
+ elif not status.get("checksums") and not config.wato_upload_insecure_snapshots:
+ if status["type"] == "legacy":
+ raise MKUserError("_upload_file", _('The integrity of this snapshot could not be verified.<br><br>'
+ 'You are restoring a legacy snapshot which can not be verified. The snapshot contains '
+ 'files which contain code that will be executed during runtime of the monitoring.<br><br>'
+ 'The upload of insecure snapshots is currently disabled in WATO. If you want to allow '
+ 'the upload of insecure snapshots you can activate it in the Global Settings under<br>'
+ '<tt>Configuration GUI (WATO) -> Allow upload of insecure WATO snapshots</tt>'))
+ else:
+ raise MKUserError("_upload_file", _('The integrity of this snapshot could not be verified.<br><br>'
+ 'If you restore a snapshot on the same site as where it was created, the checksum should '
+ 'always be OK. If not, it is likely that something has been modified in the snapshot.<br>'
+ 'When you restore the snapshot on a different site, the checksum check will always fail. '
+ 'The snapshot contains files which contain code that will be executed during runtime '
+ 'of the monitoring.<br><br>'
+ 'The upload of insecure snapshots is currently disabled in WATO. If you want to allow '
+ 'the upload of insecure snapshots you can activate it in the Global Settings under<br>'
+ '<tt>Configuration GUI (WATO) -> Allow upload of insecure WATO snapshots</tt>'))
else:
file(snapshot_dir + filename, "w").write(uploaded_file[2])
html.set_var("_snapshot_name", filename)
diff --git a/web/plugins/config/wato.py b/web/plugins/config/wato.py
index 744dde1..590a145 100644
--- a/web/plugins/config/wato.py
+++ b/web/plugins/config/wato.py
@@ -24,21 +24,22 @@
# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
# Boston, MA 02110-1301 USA.
-wato_enabled = True
-wato_host_tags = []
-wato_aux_tags = []
-wato_hide_filenames = True
-wato_hide_hosttags = False
-wato_hide_varnames = True
-wato_hide_help_in_lists = True
-wato_max_snapshots = 50
-wato_num_hostspecs = 12
-wato_num_itemspecs = 15
-wato_activation_method = 'restart'
-wato_write_nagvis_auth = False
-wato_use_git = False
-wato_hidden_users = []
-wato_user_attrs = []
+wato_enabled = True
+wato_host_tags = []
+wato_aux_tags = []
+wato_hide_filenames = True
+wato_hide_hosttags = False
+wato_upload_insecure_snapshots = False
+wato_hide_varnames = True
+wato_hide_help_in_lists = True
+wato_max_snapshots = 50
+wato_num_hostspecs = 12
+wato_num_itemspecs = 15
+wato_activation_method = 'restart'
+wato_write_nagvis_auth = False
+wato_use_git = False
+wato_hidden_users = []
+wato_user_attrs = []
def tag_alias(tag):
for entry in wato_host_tags:
diff --git a/web/plugins/wato/check_mk_configuration.py b/web/plugins/wato/check_mk_configuration.py
index 43b84da..e5f02b9 100644
--- a/web/plugins/wato/check_mk_configuration.py
+++ b/web/plugins/wato/check_mk_configuration.py
@@ -497,6 +497,17 @@ register_configvar(group,
register_configvar(group,
+ "wato_upload_insecure_snapshots",
+ Checkbox(title = _("Allow upload of insecure WATO snapshots"),
+ label = _("upload insecure snapshots"),
+ help = _("When enabled, insecure snapshots are allowed. Please keep in mind that the upload "
+ "of unverified snapshots represent a security risk, since the content of a snapshot is executed "
+ "during runtime. Any manipulations in the content - either willingly or unwillingly (XSS attack) "
+ "- pose a serious security risk."),
+ default_value = False),
+ domain = "multisite")
+
+register_configvar(group,
"wato_hide_hosttags",
Checkbox(title = _("Hide hosttags in WATO folder view"),
label = _("hide hosttags"),
Module: check_mk
Branch: master
Commit: 27b3c5f6cdbd67dbbd08e92522a593ec0d1abd7c
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=27b3c5f6cdbd67…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Fri May 30 12:23:27 2014 +0200
werk 929: improved wording
---
.werks/929 | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/.werks/929 b/.werks/929
index e988c6f..705f0f2 100644
--- a/.werks/929
+++ b/.werks/929
@@ -7,16 +7,17 @@ Class: feature
In the <tt>[local]</tt> and <tt>[plugin]</tt> sections the new option <tt>include</tt> has been introduced.
With this option you can configure additional local and plugin directories, which should get parsed.
-You can also configure the the scripts in the given directories should be executed as a different user.
+You can also configure that the scripts in the given directories should get executed as a different user.
<br><br>
Example configuration:<br>
F+:check_mk.ini
-[plugin]
+[plugins]
# The scripts in the following folder are executed as user \\ab
include \\ab = C:\users\ab\plugins
- # The scripts in the following folder are executed without any changes to the user permission
- include - = C:\scripts\plugin
+ # The scripts in the following folder are executed without any
+ # changes to the user permission
+ include - = C:\scripts\plugins
F-:
<b>Important:</b> Keep in mind that the agent needs the permission to run
Module: check_mk
Branch: master
Commit: d596ab305b431a1d1e077ef409e914ad61464227
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=d596ab305b431a…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Fri May 30 12:20:03 2014 +0200
windows agent: now able to include and execute additional local and plugin scripts as different user
In the <tt>[local]</tt> and <tt>[plugin]</tt> sections the new option <tt>include</tt> has been introduced.
With this option you can configure additional local and plugin directories, which should get parsed.
You can also configure the the scripts in the given directories should be executed as a different user.
<br><br>
Example configuration:<br>
F+:check_mk.ini
[plugin]
# The scripts in the following folder are executed as user \\ab
include \\ab = C:\users\ab\plugins
# The scripts in the following folder are executed without any changes to the user permission
include - = C:\scripts\plugin
F-:
<b>Important:</b> Keep in mind that the agent needs the permission to run
scripts as other user. Internally it uses the windows command <tt>runas /User:</tt>
which prompts for a password if the windows agent has no permission to change to this user.
---
.werks/929 | 24 ++++++++++++
ChangeLog | 1 +
agents/windows/check_mk_agent-64.exe | Bin 206848 -> 206848 bytes
agents/windows/check_mk_agent.cc | 70 +++++++++++++++++++++++++---------
agents/windows/check_mk_agent.exe | Bin 176640 -> 176640 bytes
agents/windows/install_agent-64.exe | Bin 159073 -> 159303 bytes
agents/windows/install_agent.exe | Bin 156101 -> 156405 bytes
7 files changed, 78 insertions(+), 17 deletions(-)
diff --git a/.werks/929 b/.werks/929
new file mode 100644
index 0000000..e988c6f
--- /dev/null
+++ b/.werks/929
@@ -0,0 +1,24 @@
+Title: windows agent: now able to include and execute additional local and plugin scripts as different user
+Level: 2
+Component: checks
+Version: 1.2.5i3
+Date: 1401444688
+Class: feature
+
+In the <tt>[local]</tt> and <tt>[plugin]</tt> sections the new option <tt>include</tt> has been introduced.
+With this option you can configure additional local and plugin directories, which should get parsed.
+You can also configure the the scripts in the given directories should be executed as a different user.
+<br><br>
+Example configuration:<br>
+
+F+:check_mk.ini
+[plugin]
+ # The scripts in the following folder are executed as user \\ab
+ include \\ab = C:\users\ab\plugins
+ # The scripts in the following folder are executed without any changes to the user permission
+ include - = C:\scripts\plugin
+F-:
+
+<b>Important:</b> Keep in mind that the agent needs the permission to run
+scripts as other user. Internally it uses the windows command <tt>runas /User:</tt>
+which prompts for a password if the windows agent has no permission to change to this user.
diff --git a/ChangeLog b/ChangeLog
index 0bcc9df..2cce4dc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -67,6 +67,7 @@
* 0927 windows agent: now able to evaluate logfiles written in unicode (2 bytes per character)...
* 0165 ups checks now supports also GE devices (Thanks to Andy Taylor)...
* 0928 runas: new plugin script to include and execute mrpe, local and plugin scripts as different user...
+ * 0929 windows agent: now able to include and execute additional local and plugin scripts as different user...
* 0777 FIX: special agent emcvnx: did not work with security file authentication...
* 0786 FIX: zfsget: fixed compatibility with older Solaris agents...
* 0809 FIX: brocade_fcport: Fixed recently introduced problem with port speed detection
diff --git a/agents/windows/check_mk_agent-64.exe b/agents/windows/check_mk_agent-64.exe
index aa78f06..f18a121 100755
Binary files a/agents/windows/check_mk_agent-64.exe and b/agents/windows/check_mk_agent-64.exe differ
diff --git a/agents/windows/check_mk_agent.cc b/agents/windows/check_mk_agent.cc
index e78e261..f4b6ce3 100755
--- a/agents/windows/check_mk_agent.cc
+++ b/agents/windows/check_mk_agent.cc
@@ -170,7 +170,15 @@ enum script_status {
enum script_type {
PLUGIN,
- LOCAL
+ LOCAL,
+ MRPE
+};
+
+// Used by mrpe and local/plugins scripts
+struct runas_include{
+ char path[256];
+ char user[256];
+ script_type type;
};
struct script_container {
@@ -183,6 +191,7 @@ struct script_container {
time_t buffer_time;
char *buffer;
char *buffer_work;
+ char *run_as_user;
script_type type;
script_execution_mode execution_mode;
script_status status;
@@ -223,6 +232,9 @@ execution_mode_configs_t execution_mode_configs_local, execution_mode_configs_pl
typedef map<string, script_container*> script_containers_t;
script_containers_t script_containers;
+typedef vector<runas_include*> script_include_t;
+script_include_t g_script_includes;
+
// Command definitions for MRPE
struct mrpe_entry {
char run_as_user[256];
@@ -231,10 +243,6 @@ struct mrpe_entry {
char service_description[256];
};
-struct mrpe_include{
- char path[256];
- char user[256];
-};
struct process_entry {
unsigned long long process_id;
@@ -349,10 +357,10 @@ winperf_counters_t g_winperf_counters;
// Configuration of mrpe entries
typedef vector<mrpe_entry*> mrpe_entries_t;
-typedef vector<mrpe_include*> mrpe_include_t;
+typedef vector<runas_include*> mrpe_include_t;
mrpe_entries_t g_mrpe_entries;
mrpe_entries_t g_included_mrpe_entries;
-mrpe_include_t g_mrpe_include;
+mrpe_include_t g_mrpe_includes;
// Configuration of execution suffixed
typedef vector<char *> execute_suffixes_t;
@@ -2508,6 +2516,21 @@ bool handle_script_config_variable(char *var, char *value, script_type type)
execution_mode_configs_plugin.push_back(entry);
else
execution_mode_configs_local.push_back(entry);
+ } else if (!strncmp(var, "include", 7)) {
+ char *user = NULL;
+ if (strlen(var) > 7)
+ user = lstrip(var + 7);
+
+ runas_include* tmp = new runas_include();
+ memset(tmp, 0, sizeof(tmp));
+
+ if (user)
+ snprintf(tmp->user, sizeof(tmp->user), user);
+
+ tmp->type = type;
+ snprintf(tmp->path, sizeof(tmp->path), value);
+ g_script_includes.push_back(tmp);
+ return true;
}
return true;
}
@@ -2890,8 +2913,8 @@ void update_mrpe_includes()
FILE *file;
char line[512];
int lineno = 0;
- for (mrpe_include_t::iterator it_include = g_mrpe_include.begin();
- it_include != g_mrpe_include.end(); it_include++)
+ for (mrpe_include_t::iterator it_include = g_mrpe_includes.begin();
+ it_include != g_mrpe_includes.end(); it_include++)
{
char* path = (*it_include)->path;
file = fopen(path, "r");
@@ -3906,13 +3929,13 @@ bool handle_mrpe_config_variable(char *var, char *value)
if (strlen(var) > 7)
user = lstrip(var + 7);
- mrpe_include* tmp = new mrpe_include();
+ runas_include* tmp = new runas_include();
memset(tmp, 0, sizeof(tmp));
if (user)
snprintf(tmp->user, sizeof(tmp->user), user);
snprintf(tmp->path, sizeof(tmp->path), value);
- g_mrpe_include.push_back(tmp);
+ g_mrpe_includes.push_back(tmp);
return true;
}
return false;
@@ -4346,9 +4369,8 @@ DWORD WINAPI DataCollectionThread( LPVOID lpParam )
return 0;
}
-void determine_available_scripts(script_type type)
+void determine_available_scripts(char *dirname, script_type type, char* run_as_user)
{
- char *dirname = type == PLUGIN ? g_plugins_dir : g_local_dir;
DIR *dir = opendir(dirname);
if (dir) {
struct dirent *de;
@@ -4359,6 +4381,7 @@ void determine_available_scripts(script_type type)
char path[512];
snprintf(path, sizeof(path), "%s\\%s", dirname, name);
char newpath[512];
+ char command_with_user[1024];
// If the path in question is a directory -> continue
DWORD dwAttr = GetFileAttributes(path);
if(dwAttr != INVALID_FILE_ATTRIBUTES && (dwAttr & FILE_ATTRIBUTE_DIRECTORY)) {
@@ -4366,19 +4389,25 @@ void determine_available_scripts(script_type type)
}
char *command = add_interpreter(path, newpath);
+ if (run_as_user != NULL && strlen(run_as_user) > 1)
+ snprintf(command_with_user, sizeof(command_with_user), "runas /User:%s %s", run_as_user, command);
+ else
+ snprintf(command_with_user, sizeof(command_with_user), "%s", command);
+
// Look if there is already an script_container available for this program
script_container* cont = NULL;
- script_containers_t::iterator it_cont = script_containers.find(string(command));
+ script_containers_t::iterator it_cont = script_containers.find(string(command_with_user));
if (it_cont == script_containers.end()) {
// create new entry for this program
cont = new script_container();
- cont->path = strdup(command);
+ cont->path = strdup(command_with_user);
cont->script_path = strdup(path);
cont->buffer_time = 0;
cont->buffer = NULL;
cont->buffer_work = NULL;
cont->type = type;
cont->should_terminate = 0;
+ cont->run_as_user = run_as_user;
cont->execution_mode = get_script_execution_mode(name, type);
cont->timeout = get_script_timeout(name, type);
cont->max_retries = get_script_max_retries(name, type);
@@ -4446,9 +4475,16 @@ void output_data(SOCKET &out)
output_crash_log(out);
update_script_statistics();
+
+
// Check if there are new scripts available
- determine_available_scripts(PLUGIN);
- determine_available_scripts(LOCAL);
+ // Scripts in default paths
+ determine_available_scripts(g_plugins_dir, PLUGIN, NULL);
+ determine_available_scripts(g_local_dir, LOCAL, NULL);
+ // Scripts included with user permissions
+ for (script_include_t::iterator it_include = g_script_includes.begin();
+ it_include != g_script_includes.end(); it_include++)
+ determine_available_scripts((*it_include)->path, (*it_include)->type, (*it_include)->user);
if (enabled_sections & SECTION_CHECK_MK)
section_check_mk(out);
diff --git a/agents/windows/check_mk_agent.exe b/agents/windows/check_mk_agent.exe
index 80557de..913fad9 100755
Binary files a/agents/windows/check_mk_agent.exe and b/agents/windows/check_mk_agent.exe differ
diff --git a/agents/windows/install_agent-64.exe b/agents/windows/install_agent-64.exe
index 9d6090e..fb44400 100755
Binary files a/agents/windows/install_agent-64.exe and b/agents/windows/install_agent-64.exe differ
diff --git a/agents/windows/install_agent.exe b/agents/windows/install_agent.exe
index 1583053..6f09170 100755
Binary files a/agents/windows/install_agent.exe and b/agents/windows/install_agent.exe differ
Module: check_mk
Branch: master
Commit: fa65ab798d6b9566890e5b00d0b895bbdef8e744
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=fa65ab798d6b95…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Fri May 30 11:51:13 2014 +0200
improved werk description
---
.werks/928 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.werks/928 b/.werks/928
index 8e733b7..20627ea 100644
--- a/.werks/928
+++ b/.werks/928
@@ -14,7 +14,7 @@ This check is configured with the configuration file <tt>runas.cfg</tt>.
In a default installation this file is located within the Check_MK config directory under <tt>/etc/check_mk/runas.cfg</tt>.
The <tt>runas.cfg</tt> configuration syntax is as follow<br>
-[Script type] [User context] [File / Directory ]
+<tt>[Script type] [User context] [File/Directory]</tt>
The <tt>Script type</tt> can be set to <tt>mrpe</tt>, <tt>local</tt> and <tt>plugin</tt>.<br>
The <tt>User context</tt> represents the user. If you do not want to change the context set this field to "<tt>-</tt>"<br>
Module: check_mk
Branch: master
Commit: 5bfae907244e6ce76f15bad9ac327dd6c6f25509
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=5bfae907244e6c…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Fri May 30 11:50:11 2014 +0200
improved werk description
---
.werks/928 | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/.werks/928 b/.werks/928
index 76d7e0f..8e733b7 100644
--- a/.werks/928
+++ b/.werks/928
@@ -8,16 +8,16 @@ Class: feature
With the new plugin <tt>runas</tt> you can configure additional include files and
directories for mrpe, local and plugin scripts. You can also change the user context
of each of these scripts. It allows non-root users to add additional scripts which might
-get executed with reduced permission.
+get executed with reduced permissions.
This check is configured with the configuration file <tt>runas.cfg</tt>.
In a default installation this file is located within the Check_MK config directory under <tt>/etc/check_mk/runas.cfg</tt>.
-The <tt>runas.cfg</tt> configuration syntax is as follow
+The <tt>runas.cfg</tt> configuration syntax is as follow<br>
[Script type] [User context] [File / Directory ]
-The <tt>Script type</tt> can be set to <tt>mrpe</tt>, <tt>local</tt> and <tt>plugin</tt>.
-The <tt>User context</tt> represents the user. If you do not want to change the context set this field to <tt>-</tt>
+The <tt>Script type</tt> can be set to <tt>mrpe</tt>, <tt>local</tt> and <tt>plugin</tt>.<br>
+The <tt>User context</tt> represents the user. If you do not want to change the context set this field to "<tt>-</tt>"<br>
Depending on the script type the third value points to a file or directory.
The mrpe type requires a target file which contains the mrpe commands.
Local and plugins types require are target folder, which contains the executable local and plugin scripts.<br>
@@ -32,7 +32,7 @@ plugin ab /var/ab/plugins
local ab /var/ab/local
F-:
-<b>Note:</b>You need to set up the local and plugin scripts in different folders, because the line
+<b>Note:</b>You need to set up the local and plugin scripts in different folders, because the line<br>
<tt>plugin ab /var/ab/plugins</tt> indicates that all executable files within this folder are treated as plugins.