Module: check_mk
Branch: master
Commit: ae877c5a469a4a25e205a95ddf15da6bd580049d
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=ae877c5a469a4a…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Fri Jul 11 12:48:45 2014 +0200
windows agent: now also available as msi installer
The new msi install check_mk_agent.msi packages contains the 32 and 64 bit version of the check_mk_agent.exe.
Upon install the msi package will determine the os architecture and install the matching agent accordingly.
The installed 32/64 Bit Agent is always named check_mk_agent.exe.
Note: The msi installer always installs into the 32 bit program files folder. This is by design.
---
.werks/1082 | 12 ++
ChangeLog | 1 +
Makefile | 2 +
agents/windows/Makefile | 6 +-
agents/windows/check_mk_agent-64.exe | Bin 207360 -> 207360 bytes
agents/windows/check_mk_agent-64.unversioned.exe | Bin 207360 -> 207360 bytes
agents/windows/check_mk_agent.exe | Bin 176640 -> 176640 bytes
agents/windows/check_mk_agent.unversioned.exe | Bin 176640 -> 176640 bytes
agents/windows/install_agent-64.exe | Bin 159344 -> 159343 bytes
agents/windows/install_agent.exe | Bin 156401 -> 156400 bytes
agents/windows/msibuild/Makefile | 47 ++++++++
agents/windows/msibuild/msi_container.msi | Bin 0 -> 612864 bytes
agents/windows/msibuild/msibuild | 1 +
agents/windows/msibuild/msiinfo | 1 +
agents/windows/msibuild/msitools-0.93.tar.xz | Bin 0 -> 613856 bytes
.../windows/msibuild/patches/msibuild_argc_fix.dif | 11 ++
agents/windows/msibuild/update_msi_file.py | 118 ++++++++++++++++++++
17 files changed, 197 insertions(+), 2 deletions(-)
Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=ae877c5a46…
Module: check_mk
Branch: master
Commit: f4c6bcca424c52d889e2c0dc9e4f276ee7843325
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=f4c6bcca424c52…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Thu Jul 10 16:56:39 2014 +0200
Added AIX support for HW/SW-Inventory
Check_MK now ships the new agent plugin <tt>mk_inventory.aix</tt>, which retrieves
inventory data on AIX hosts. This includes the list of software packages and
service packs, information about the system and cpu.
---
.werks/1046 | 10 ++++
ChangeLog | 3 +-
agents/plugins/mk_inventory.aix | 46 +++++++++++++++++
inventory/aix_baselevel | 38 ++++++++++++++
inventory/aix_packages | 72 ++++++++++++++++++++++++++
inventory/aix_service_packs | 34 +++++++++++++
inventory/prtconf | 106 +++++++++++++++++++++++++++++++++++++++
web/plugins/views/inventory.py | 6 +++
8 files changed, 314 insertions(+), 1 deletion(-)
Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=f4c6bcca42…
Module: check_mk
Branch: master
Commit: 76b29d95d0f4899f29796bbb7a468ffdec822302
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=76b29d95d0f489…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Thu Jul 10 14:11:48 2014 +0200
FIX table servicegroups: fixed service visibility when using group_authorization AUTH_STRICT
This only applies with the setting group_authorization = AUTH_STRICT
When an auth user was given the livestatus table servicegroups did not check if the auth
user had permissions to all objects of the servicegroup.
As a result the user was able to view servicegroups, even if he was not a contact for every object in it.
However, the "forbidden" object itself was not returned, just a subset of the group.
This was incorrect. The user needs to be contact of every element in this group.
Otherwise he should not see the group at all..
---
.werks/951 | 16 ++++++++++++++++
ChangeLog | 1 +
livestatus/src/TableServices.cc | 30 +++++++++++++++++++++++++-----
3 files changed, 42 insertions(+), 5 deletions(-)
diff --git a/.werks/951 b/.werks/951
new file mode 100644
index 0000000..413602e
--- /dev/null
+++ b/.werks/951
@@ -0,0 +1,16 @@
+Title: table servicegroups: fixed service visibility when using group_authorization AUTH_STRICT
+Level: 1
+Component: livestatus
+Version: 1.2.5i5
+Date: 1404994147
+Class: fix
+
+This only applies with the setting group_authorization = AUTH_STRICT
+
+When an auth user was given the livestatus table servicegroups did not check if the auth
+user had permissions to all objects of the servicegroup.
+As a result the user was able to view servicegroups, even if he was not a contact for every object in it.
+However, the "forbidden" object itself was not returned, just a subset of the group.
+This was incorrect. The user needs to be contact of every element in this group.
+Otherwise he should not see the group at all..
+
diff --git a/ChangeLog b/ChangeLog
index e7312ec..bd991b5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -71,6 +71,7 @@
Livestatus:
* 0988 FIX: livedump: Fix exception in case no contact groups are defined for a service
+ * 0951 FIX: table servicegroups: fixed service visibility when using AUTH_STRICT...
HW/SW-Inventory:
* 0625 hw/sw inventory now reads the kernel version and architecture for linux and windows
diff --git a/livestatus/src/TableServices.cc b/livestatus/src/TableServices.cc
index a21a8ac..781e30b 100644
--- a/livestatus/src/TableServices.cc
+++ b/livestatus/src/TableServices.cc
@@ -68,14 +68,34 @@ void TableServices::answerQuery(Query *query)
if (_by_group) {
servicegroup *sgroup = servicegroup_list;
servicebygroup sg;
+ bool show_sgroup;
+
+ // When g_group_authorization is set to AUTH_STRICT we need to pre-check
+ // if every service of this group is visible to the _auth_user
+ bool requires_precheck = query->authUser() && g_group_authorization == AUTH_STRICT;
+
while (sgroup) {
+ show_sgroup = true;
sg._servicegroup = sgroup;
servicesmember *mem = sgroup->members;
- while (mem) {
- memcpy(&sg._service, mem->service_ptr, sizeof(service));
- if (!query->processDataset(&sg))
- break;
- mem = mem->next;
+ if (requires_precheck) {
+ while (mem) {
+ if (!is_authorized_for(query->authUser(), mem->service_ptr->host_ptr, mem->service_ptr)) {
+ show_sgroup = false;
+ break;
+ }
+ mem = mem->next;
+ }
+ }
+
+ if (show_sgroup) {
+ mem = sgroup->members;
+ while (mem) {
+ memcpy(&sg._service, mem->service_ptr, sizeof(service));
+ if (!query->processDataset(&sg))
+ break;
+ mem = mem->next;
+ }
}
sgroup = sgroup->next;
}