Checkmk git commits July 2015

checkmk-commits@lists.checkmk.com

8 participants
287 discussions

Check_MK Git: check_mk: #2286 hp_procurve_cpu, hp_procurve_mem, hp_procurve_sensors: now can monitor HP 2920 Switch Stack

by Simon Betz

Module: check_mk Branch: master Commit: 960889291afa1954e9fb3e6c9d1e17d33d6e093e URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=960889291afa19… Author: Simon Betz <si(a)mathias-kettner.de> Date: Tue Jul 21 16:42:04 2015 +0200 #2286 hp_procurve_cpu, hp_procurve_mem, hp_procurve_sensors: now can monitor HP 2920 Switch Stack --- .werks/2286 | 9 +++++++++ ChangeLog | 1 + checks/hp_procurve_cpu | 3 ++- checks/hp_procurve_mem | 3 ++- checks/hp_procurve_sensors | 3 ++- 5 files changed, 16 insertions(+), 3 deletions(-) diff --git a/.werks/2286 b/.werks/2286 new file mode 100644 index 0000000..8b0fa25 --- /dev/null +++ b/.werks/2286 @@ -0,0 +1,9 @@ +Title: hp_procurve_cpu, hp_procurve_mem, hp_procurve_sensors: now can monitor HP 2920 Switch Stack +Level: 1 +Component: checks +Compatible: compat +Version: 1.2.7i3 +Date: 1437488829 +Class: feature + +Now the checks hp_procurce_cpu, hp_procurve_mem and hp_procurve_sensors monitor HP 2920 Switches. diff --git a/ChangeLog b/ChangeLog index 98b6d9f..607b33c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -24,6 +24,7 @@ * 2451 wut_webtherm.humidity, wut_webtherm.pressure: Two new checks for humidity and air pressure sensors for WuT devices... NOTE: Please refer to the migration notes! * 2472 MSSQL Agent Plugin: Can now be configured to auth as database user... + * 2286 hp_procurve_cpu, hp_procurve_mem, hp_procurve_sensors: now can monitor HP 2920 Switch Stack... * 2315 FIX: windows agent: BOM replacement, fixed incorrect byte offset... * 2316 FIX: windows agent: fix garbled output of cached agent plugins... * 2358 FIX: check_mk_agent.solaris: more correct computation of zfs used space... diff --git a/checks/hp_procurve_cpu b/checks/hp_procurve_cpu index 1b98af6..22668c8 100644 --- a/checks/hp_procurve_cpu +++ b/checks/hp_procurve_cpu @@ -61,5 +61,6 @@ check_info["hp_procurve_cpu"] = { 'group': "cpu_utilization", 'snmp_info': ('.1.3.6.1.4.1.11.2.14.11.5.1.9.6', ['1']), 'snmp_scan_function': \ - lambda oid: ".11.2.3.7.11" in oid(".1.3.6.1.2.1.1.2.0"), + lambda oid: ".11.2.3.7.11" in oid(".1.3.6.1.2.1.1.2.0") \ + or ".11.2.3.7.8" in oid(".1.3.6.1.2.1.1.2.0"), } diff --git a/checks/hp_procurve_mem b/checks/hp_procurve_mem index 27bd55d..2acebdc 100644 --- a/checks/hp_procurve_mem +++ b/checks/hp_procurve_mem @@ -53,6 +53,7 @@ check_info["hp_procurve_mem"] = { 'default_levels_variable' : 'hp_procurve_mem_default_levels', 'has_perfdata' : True, 'snmp_info' : ('.1.3.6.1.4.1.11.2.14.11.5.1.1.2.1.1.1', ['5', '7']), - 'snmp_scan_function' : lambda oid: ".11.2.3.7.11" in oid(".1.3.6.1.2.1.1.2.0"), + 'snmp_scan_function' : lambda oid: ".11.2.3.7.11" in oid(".1.3.6.1.2.1.1.2.0") \ + or ".11.2.3.7.8" in oid(".1.3.6.1.2.1.1.2.0"), 'includes' : [ "memory.include" ], } diff --git a/checks/hp_procurve_sensors b/checks/hp_procurve_sensors index e4a0c55..8ec7183 100644 --- a/checks/hp_procurve_sensors +++ b/checks/hp_procurve_sensors @@ -105,5 +105,6 @@ check_info["hp_procurve_sensors"] = { 'service_description': 'Sensor %s', 'snmp_info': ('.1.3.6.1.4.1.11.2.14.11.1.2.6.1', ['1', '2', '4', '7']), 'snmp_scan_function': \ - lambda oid: ".11.2.3.7.11" in oid(".1.3.6.1.2.1.1.2.0"), + lambda oid: ".11.2.3.7.11" in oid(".1.3.6.1.2.1.1.2.0") \ + or ".11.2.3.7.8" in oid(".1.3.6.1.2.1.1.2.0"), }

8 years, 11 months

Check_MK Git: check_mk: Updated comment

by Lars Michelsen

Module: check_mk Branch: master Commit: 7451745486f88bbf449890e72c33afd067a59812 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=7451745486f88b… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Tue Jul 21 15:41:57 2015 +0200 Updated comment --- agents/windows/plugins/mssql.vbs | 1 + 1 file changed, 1 insertion(+) diff --git a/agents/windows/plugins/mssql.vbs b/agents/windows/plugins/mssql.vbs index 20892fe..0838f6f 100644 --- a/agents/windows/plugins/mssql.vbs +++ b/agents/windows/plugins/mssql.vbs @@ -13,6 +13,7 @@ ' credentials of a database user to it which shal be used for monitoring: ' ' [auth] +' type = db ' username = monitoring ' password = secret-pw '

8 years, 11 months

Check_MK Git: check_mk: #2472 MSSQL Agent Plugin: Can now be configured to auth as database user

by Lars Michelsen

Module: check_mk Branch: master Commit: dc768d1a43216a6b680d061b7c5ea4fb09a81a14 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=dc768d1a43216a… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Tue Jul 21 15:41:39 2015 +0200 #2472 MSSQL Agent Plugin: Can now be configured to auth as database user The mssql.vbs script can now be configured to authenticate as database user using a configured username / password combination. Previously it was only possible to authenticate using the system privileges of the user the agent is running with. This is still the default. If you need to authenticate as database user, you need to create a file named <tt>mssql.ini</tt>, or if you need it instance specific, <tt>mssql_[instance-id].ini</tt>. You need to write the following content into this file: F+:mssql.ini [auth] type = db username = monitoring-user password = mysecretpw F-: --- .werks/2472 | 24 +++++++++++ ChangeLog | 1 + agents/windows/plugins/mssql.vbs | 81 +++++++++++++++++++++++++++++++++----- 3 files changed, 96 insertions(+), 10 deletions(-) diff --git a/.werks/2472 b/.werks/2472 new file mode 100644 index 0000000..c693ea3 --- /dev/null +++ b/.werks/2472 @@ -0,0 +1,24 @@ +Title: MSSQL Agent Plugin: Can now be configured to auth as database user +Level: 1 +Component: checks +Compatible: compat +Version: 1.2.7i3 +Date: 1437485882 +Class: feature + +The mssql.vbs script can now be configured to authenticate as database user +using a configured username / password combination. Previously it was only +possible to authenticate using the system privileges of the user the agent +is running with. This is still the default. + +If you need to authenticate as database user, you need to create a file +named <tt>mssql.ini</tt>, or if you need it instance specific, +<tt>mssql_[instance-id].ini</tt>. You need to write the following content +into this file: + +F+:mssql.ini +[auth] +type = db +username = monitoring-user +password = mysecretpw +F-: diff --git a/ChangeLog b/ChangeLog index 2cc3802..5b75aad 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,7 @@ * 2405 New checks for UCS bladecenter: ucs_bladecenter_topsystem, ucs_bladecenter_faulinst... * 2451 wut_webtherm.humidity, wut_webtherm.pressure: Two new checks for humidity and air pressure sensors for WuT devices... NOTE: Please refer to the migration notes! + * 2472 MSSQL Agent Plugin: Can now be configured to auth as database user... * 2315 FIX: windows agent: BOM replacement, fixed incorrect byte offset... * 2316 FIX: windows agent: fix garbled output of cached agent plugins... * 2358 FIX: check_mk_agent.solaris: more correct computation of zfs used space... diff --git a/agents/windows/plugins/mssql.vbs b/agents/windows/plugins/mssql.vbs index 834eb7c..20892fe 100644 --- a/agents/windows/plugins/mssql.vbs +++ b/agents/windows/plugins/mssql.vbs @@ -5,9 +5,16 @@ ' on the local system. ' ' The current implementation of the check uses the "trusted authentication" -' where no user/password needs to be created in the MSSQL server instance. It -' is only needed to grant the user as which the Check_MK windows agent service -' is running access to the MSSQL database. +' where no user/password needs to be created in the MSSQL server instance by +' default. It is only needed to grant the user as which the Check_MK windows +' agent service is running access to the MSSQL database. +' +' Another option is to create a mssql.ini file in MK_CONFDIR and write the +' credentials of a database user to it which shal be used for monitoring: +' +' [auth] +' username = monitoring +' password = secret-pw ' ' The following sources are asked: ' 1. WMI - to gather a list of local MSSQL-Server instances @@ -21,19 +28,49 @@ Option Explicit -Dim WMI, prop, instId, instIdx, instVersion, instIds, instName, output, WMIservice, colRunningServices, objService +Dim WMI, FSO, SHO, prop, instId, instIdx, instVersion, instIds, instName, output +Dim WMIservice, colRunningServices, objService, cfg_dir, cfg_file, hostname WScript.Timeout = 10 ' Directory of all database instance names Set instIds = CreateObject("Scripting.Dictionary") +Set FSO = CreateObject("Scripting.FileSystemObject") +Set SHO = CreateObject("WScript.Shell") +hostname = SHO.ExpandEnvironmentStrings("%COMPUTERNAME%") +cfg_dir = "C:\check_mk_agent" 'SHO.ExpandEnvironmentStrings("%MK_CONFDIR%") output = "" Sub addOutput(text) output = output & text & vbLf End Sub +Function readIniFile(path) + Dim parsed : Set parsed = CreateObject("Scripting.Dictionary") + If path <> "" Then + Dim FH + Set FH = FSO.OpenTextFile(path) + Dim line, sec, pair + Do Until FH.AtEndOfStream + line = Trim(FH.ReadLine()) + If Left(line, 1) = "[" Then + sec = Mid(line, 2, Len(line) - 2) + Set parsed(sec) = CreateObject("Scripting.Dictionary") + Else + If line <> "" Then + pair = Split(line, "=") + If 1 = UBound(pair) Then + parsed(sec)(Trim(pair(0))) = Trim(pair(1)) + End If + End If + End If + Loop + FH.Close + End If + Set readIniFile = parsed +End Function + ' Dummy empty output. ' Contains timeout error if this scripts runtime exceeds the timeout WScript.echo "<<<mssql_versions>>>" @@ -91,9 +128,7 @@ Next Set WMI = nothing -Dim CONN, RS, hostname - -hostname = WScript.CreateObject("WScript.Shell").ExpandEnvironmentStrings("%COMPUTERNAME%") +Dim CONN, RS, CFG, AUTH ' Initialize connection objects Set CONN = CreateObject("ADODB.Connection") @@ -106,8 +141,31 @@ CONN.Provider = "sqloledb" ' Loop all found server instances and connect to them ' In my tests only the connect using the "named instance" string worked For Each instId In instIds.Keys + ' Use either an instance specific config file named mssql_<instance-id>.ini + ' or the default mysql.ini file. + cfg_file = cfg_dir & "\mssql_" & instId & ".ini" + If Not FSO.FileExists(cfg_file) Then + cfg_file = cfg_dir & "\mssql.ini" + If Not FSO.FileExists(cfg_file) Then + cfg_file = "" + End If + End If + + Set CFG = readIniFile(cfg_file) + If Not CFG.Exists("auth") Then + Set AUTH = CreateObject("Scripting.Dictionary") + Else + Set AUTH = CFG("auth") + End If + ' At this place one could implement to use other authentication mechanism - CONN.Properties("Integrated Security").Value = "SSPI" + If Not AUTH.Exists("type") or AUTH("type") = "system" Then + CONN.Properties("Integrated Security").Value = "SSPI" + Else + CONN.Properties("User ID").Value = AUTH("username") + CONN.Properties("Password").Value = AUTH("password") + End If + wscript.echo instId If InStr(instId, "__") <> 0 Then instName = Split(instId, "__")(1) @@ -115,6 +173,7 @@ For Each instId In instIds.Keys Else instName = instId End If + wscript.echo instId ' In case of instance name "MSSQLSERVER" always use (local) as connect string If instName = "MSSQLSERVER" Then @@ -122,10 +181,10 @@ For Each instId In instIds.Keys Else CONN.Properties("Data Source").Value = hostname & "\" & instName End If - 'WScript.echo (CONN) + WScript.echo (CONN) CONN.Open - + ' Get counter data for the whole instance RS.Open "SELECT counter_name, object_name, instance_name, cntr_value " & _ "FROM sys.dm_os_performance_counters " & _ @@ -219,6 +278,8 @@ Next Set RS = nothing Set CONN = nothing +Set FSO = nothing +Set SHO = nothing ' finally output collected data WScript.echo output

8 years, 11 months

Check_MK Git: check_mk: cpu.loads: output load per core in check output

by Mathias Kettner

Module: check_mk Branch: master Commit: 49469bfbb0370d300aebfab199f11b1962d69575 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=49469bfbb0370d… Author: Mathias Kettner <mk(a)mathias-kettner.de> Date: Tue Jul 21 15:15:29 2015 +0200 cpu.loads: output load per core in check output --- checks/cpu | 43 ++++++++++++++++++++++++++++++++++--------- checks/cpu_load.include | 2 +- 2 files changed, 35 insertions(+), 10 deletions(-) diff --git a/checks/cpu b/checks/cpu index 3fdd7c0..8523fff 100644 --- a/checks/cpu +++ b/checks/cpu @@ -28,13 +28,24 @@ # 0.26 0.47 0.52 2/459 19531 4 +# .--Load----------------------------------------------------------------. +# | _ _ | +# | | | ___ __ _ __| | | +# | | | / _ \ / _` |/ _` | | +# | | |__| (_) | (_| | (_| | | +# | |_____\___/ \__,_|\__,_| | +# | | +# '----------------------------------------------------------------------' + + cpuload_default_levels = (5, 10) -threads_default_levels = (2000, 4000) + def inventory_cpu_load(info): if len(info) == 1 and len(info[0]) >= 5: return [(None, "cpuload_default_levels")] + def check_cpu_load(item, params, info): if len(info[0]) >= 6: num_cpus = int(info[0][5]) @@ -45,6 +56,28 @@ def check_cpu_load(item, params, info): return check_cpu_load_generic(params, load, num_cpus) +check_info["cpu.loads"] = { + "check_function" : check_cpu_load, + "inventory_function" : inventory_cpu_load, + "service_description" : "CPU load", + "has_perfdata" : True, + "group" : "cpu_load", + "includes" : ["cpu_load.include"], +} + + +#. +# .--Threads-------------------------------------------------------------. +# | _____ _ _ | +# | |_ _| |__ _ __ ___ __ _ __| |___ | +# | | | | '_ \| '__/ _ \/ _` |/ _` / __| | +# | | | | | | | | | __/ (_| | (_| \__ \ | +# | |_| |_| |_|_| \___|\__,_|\__,_|___/ | +# | | +# '----------------------------------------------------------------------' + +threads_default_levels = (2000, 4000) + def inventory_cpu_threads(info): if len(info) == 1 and len(info[0]) >= 5: return [(None, "", "threads_default_levels")] @@ -63,14 +96,6 @@ def check_cpu_threads(item, params, info): else: return (0, "%d threads" % (nthreads,), perfdata) -check_info["cpu.loads"] = { - "check_function" : check_cpu_load, - "inventory_function" : inventory_cpu_load, - "service_description" : "CPU load", - "has_perfdata" : True, - "group" : "cpu_load", - "includes" : ["cpu_load.include"], -} check_info["cpu.threads"] = { "check_function" : check_cpu_threads, diff --git a/checks/cpu_load.include b/checks/cpu_load.include index ac92a9f..9401a31 100644 --- a/checks/cpu_load.include +++ b/checks/cpu_load.include @@ -46,7 +46,7 @@ def check_cpu_load_generic(params, load, num_cpus=1): perfdata += perf infotext = "15min load %.2f" % load[2] if num_cpus > 1: - infotext += " at %d CPUs" % num_cpus + infotext += " at %d Cores (%.2f per Core)" % (num_cpus, load[2]/num_cpus) if text: infotext += ", " + text return state, infotext, perfdata

8 years, 11 months

Check_MK Git: check_mk: #2377 FIX cpu.loads: Fix output of reference for predition ( was scaled wrongly by number of cores)

by Mathias Kettner

Module: check_mk Branch: master Commit: 2c0d692964a0e2508c0ec067f0c475d84d945861 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=2c0d692964a0e2… Author: Mathias Kettner <mk(a)mathias-kettner.de> Date: Tue Jul 21 15:16:36 2015 +0200 #2377 FIX cpu.loads: Fix output of reference for predition (was scaled wrongly by number of cores) --- .werks/2377 | 10 ++++++++++ ChangeLog | 1 + modules/check_mk_base.py | 3 ++- 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/.werks/2377 b/.werks/2377 new file mode 100644 index 0000000..f010a33 --- /dev/null +++ b/.werks/2377 @@ -0,0 +1,10 @@ +Title: cpu.loads: Fix output of reference for predition (was scaled wrongly by number of cores) +Level: 1 +Component: checks +Class: fix +Compatible: compat +State: unknown +Version: 1.2.7i3 +Date: 1437484563 + + diff --git a/ChangeLog b/ChangeLog index 2cc3802..43b7797 100644 --- a/ChangeLog +++ b/ChangeLog @@ -65,6 +65,7 @@ * 2469 FIX: Fixed service discovery on SNMP host having no system description OID * 2480 FIX: Fixed exception when configuring predictive levels for network interfaces * 2376 FIX: Fix parsing of performance data from MRPE based checks + * 2377 FIX: cpu.loads: Fix output of reference for predition (was scaled wrongly by number of cores) Multisite: * 2385 SEC: Fixed possible reflected XSS on all GUI pages where users can produce unhandled exceptions... diff --git a/modules/check_mk_base.py b/modules/check_mk_base.py index e018968..63bb080 100644 --- a/modules/check_mk_base.py +++ b/modules/check_mk_base.py @@ -1900,8 +1900,9 @@ def check_levels(value, dsname, params, unit="", factor=1.0, scale=1.0, statemar try: ref_value, ((warn_upper, crit_upper), (warn_lower, crit_lower)) = \ get_predictive_levels(dsname, params, "MAX", levels_factor=factor * scale) + if ref_value: - infotexts.append("predicted reference: %.2f%s" % (ref_value * factor / scale, unit)) + infotexts.append("predicted reference: %.2f%s" % (ref_value / scale, unit)) else: infotexts.append("no reference for prediction yet") except Exception, e:

8 years, 11 months

Check_MK Git: check_mk: #2471 User IDs are now allowed to contain special characters ( like German umlauts)

by Lars Michelsen

Module: check_mk Branch: master Commit: 8118c334b6dfe8ac1590bd2131347c23a16b0f2c URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=8118c334b6dfe8… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Tue Jul 21 09:39:10 2015 +0200 #2471 User IDs are now allowed to contain special characters (like German umlauts) Using the GUI it was not possible to create users having user IDs containing special characters like e.g. German umlauts. But in environments where user synchronizations with LDAP directories is used it might happen that users with sucht user IDs need to be synchronized into Check_MK. This was in possible in earlier versions, which lead to some kind of inconsistencies. To have a consistent situation for all users independent of their source, Check_MK now allows you to create users which user IDs contain special characters. If you already have configured a LDAP synchronization and set the option "Translate Umlauts in User-IDs" to "replace", your already synchronized users will be left untouched for the moment. But it is recommended to set this option to "Keep special characters" now to allow your users to use their normal user IDs for logging in. But please note, if you change this option, your users having special characters in user IDs are deleted and re-created with the new name during next LDAP sync. You will need to migrate the users profile (<tt>var/check_mk/web/[user_id]</tt>) to make them able to use their custom views, dashboards, bookmarks etc. again after renaming. --- .werks/2471 | 26 ++++++++++++++++++++++++++ ChangeLog | 1 + 2 files changed, 27 insertions(+) diff --git a/.werks/2471 b/.werks/2471 new file mode 100644 index 0000000..075ebb5 --- /dev/null +++ b/.werks/2471 @@ -0,0 +1,26 @@ +Title: User IDs are now allowed to contain special characters (like German umlauts) +Level: 2 +Component: multisite +Compatible: compat +Version: 1.2.7i3 +Date: 1437463798 +Class: feature + +Using the GUI it was not possible to create users having user IDs containing special +characters like e.g. German umlauts. But in environments where user synchronizations +with LDAP directories is used it might happen that users with sucht user IDs need +to be synchronized into Check_MK. This was in possible in earlier versions, +which lead to some kind of inconsistencies. + +To have a consistent situation for all users independent of their source, Check_MK +now allows you to create users which user IDs contain special characters. + +If you already have configured a LDAP synchronization and set the option +"Translate Umlauts in User-IDs" to "replace", your already synchronized users will +be left untouched for the moment. But it is recommended to set this option to +"Keep special characters" now to allow your users to use their normal user IDs for +logging in. But please note, if you change this option, your users having special +characters in user IDs are deleted and re-created with the new name during next +LDAP sync. You will need to migrate the users profile (<tt>var/check_mk/web/[user_id]</tt>) +to make them able to use their custom views, dashboards, bookmarks etc. again after +renaming. diff --git a/ChangeLog b/ChangeLog index 48441d5..2cc3802 100644 --- a/ChangeLog +++ b/ChangeLog @@ -76,6 +76,7 @@ * 2392 SEC: Auth cookie is always using "httponly" flag... * 1268 The Snapins "Folders" and "Tree of Folders" can now be used by users without wato permission * 1270 Multsite site Hostfilters for views can now be negated + * 2471 User IDs are now allowed to contain special characters (like German umlauts)... * 2314 FIX: Availability: fixed exception when grouping by host or service group * 2361 FIX: Fix exception for missing key 'title' in certain cases of older customized views * 2379 FIX: Plugin-Output: Fixed handling of URLs within output of check_http...

8 years, 11 months

Check_MK Git: check_mk: LDAP: Fixed default page size

by Lars Michelsen

Module: check_mk Branch: master Commit: 2977faf0f6b5f82f8cc401fba18a5a5252f38ec7 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=2977faf0f6b5f8… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Tue Jul 21 09:47:34 2015 +0200 LDAP: Fixed default page size --- web/htdocs/wato.py | 1 - web/plugins/userdb/ldap.py | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py index 419cd2a..78f1185 100644 --- a/web/htdocs/wato.py +++ b/web/htdocs/wato.py @@ -7633,7 +7633,6 @@ def vs_ldap_connection(new): 'user_filter', 'user_filter_group', 'user_id', 'lower_user_ids', 'connect_timeout', 'version', 'group_filter', 'group_member', ], - default_keys = ['page_size'], ) diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py index 7258e0e..82bd495 100644 --- a/web/plugins/userdb/ldap.py +++ b/web/plugins/userdb/ldap.py @@ -357,7 +357,7 @@ class LDAPUserConnector(UserConnector): def ldap_paged_async_search(self, base, scope, filt, columns): self.log(' PAGED ASYNC SEARCH') - page_size = self._config.get('page_size', 100) + page_size = self._config.get('page_size', 1000) if ldap_compat: lc = SimplePagedResultsControl(size = page_size, cookie = '')

8 years, 11 months

Check_MK Git: check_mk: First big step to transform user id handling to unicode internally

by Lars Michelsen

Module: check_mk Branch: master Commit: 386f0e3418fb38d1449df01828e59acc40d5cd6f URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=386f0e3418fb38… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Jul 20 16:22:49 2015 +0200 First big step to transform user id handling to unicode internally --- web/htdocs/config.py | 2 +- web/htdocs/html_mod_python.py | 7 ++-- web/htdocs/htmllib.py | 1 + web/htdocs/index.py | 2 +- web/htdocs/lib.py | 16 +++++++++ web/htdocs/login.py | 11 ++++--- web/htdocs/userdb.py | 40 +++++++++++------------ web/htdocs/valuespec.py | 6 ++++ web/htdocs/wato.py | 70 +++++++++++++++++++++++----------------- web/plugins/userdb/htpasswd.py | 4 +-- web/plugins/userdb/ldap.py | 59 +++++++++++---------------------- 11 files changed, 117 insertions(+), 101 deletions(-) Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=386f0e3418…

8 years, 11 months

Check_MK Git: check_mk: Some user login handling cleanups

by Lars Michelsen

Module: check_mk Branch: master Commit: 60ea727d1864f836d3897b88216fe18be03202fd URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=60ea727d1864f8… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Tue Jul 21 09:19:02 2015 +0200 Some user login handling cleanups --- web/htdocs/config.py | 5 +++ web/htdocs/html_mod_python.py | 15 +++++++-- web/htdocs/index.py | 4 +-- web/htdocs/login.py | 70 ++++++++++++++++++++++++----------------- 4 files changed, 60 insertions(+), 34 deletions(-) diff --git a/web/htdocs/config.py b/web/htdocs/config.py index 36d1ee5..c0333b9 100644 --- a/web/htdocs/config.py +++ b/web/htdocs/config.py @@ -43,6 +43,11 @@ try: except NameError: from sets import Set as set +# FIXME: Make clear whether or not user related values should be part +# of the "config" module. Maybe move to dedicated module (userdb?). Then +# move all user related stuff there. e.g. html.user should also be moved +# there. + #. # .--Declarations--------------------------------------------------------. # | ____ _ _ _ | diff --git a/web/htdocs/html_mod_python.py b/web/htdocs/html_mod_python.py index 7c3f3c3..e65b7e8 100644 --- a/web/htdocs/html_mod_python.py +++ b/web/htdocs/html_mod_python.py @@ -60,8 +60,11 @@ class html_mod_python(htmllib.html): else: return self.site_status + def login(self, user_id): + self.user = user_id + def is_logged_in(self): - return self.user and type(self.user) in [ str, unicode ] + return self.user and type(self.user) == unicode def load_help_visible(self): try: @@ -69,8 +72,14 @@ class html_mod_python(htmllib.html): except: pass + + def get_request_header(self, key, deflt=None): + return self.req.headers_in.get(key, deflt) + + def is_ssl_request(self): - return self.req.headers_in.get('X-Forwarded-Proto') == 'https' + return self.get_request_header('X-Forwarded-Proto') == 'https' + def set_cookie(self, varname, value, expires = None): # httponly tells the browser not to make this cookie available to Javascript @@ -111,7 +120,7 @@ class html_mod_python(htmllib.html): return config.load_user_file("buttoncounts", {}) def top_heading(self, title): - if type(self.user) in [ str, unicode ]: + if self.is_logged_in(): login_text = "<b>%s</b> (%s" % (config.user_id, "+".join(config.user_role_ids)) if self.enable_debug: if config.get_language(): diff --git a/web/htdocs/index.py b/web/htdocs/index.py index b8b6f3d..22497ac 100644 --- a/web/htdocs/index.py +++ b/web/htdocs/index.py @@ -196,8 +196,8 @@ def handler(req, fields = None, profiling = True): if not html.is_logged_in(): config.auth_type = 'cookie' # When not authed tell the browser to ask for the password - html.user = login.check_auth() - if html.user == '': + html.login(login.check_auth()) + if not html.is_logged_in(): if fail_silently: # While api call don't show the login dialog raise MKUnauthenticatedException(_('You are not authenticated.')) diff --git a/web/htdocs/login.py b/web/htdocs/login.py index 738a39a..639a9ae 100644 --- a/web/htdocs/login.py +++ b/web/htdocs/login.py @@ -132,42 +132,54 @@ def check_auth_cookie(cookie_name): def check_auth_automation(): secret = html.var("_secret").strip() - user = html.var_utf8("_username").strip() + user_id = html.var_utf8("_username").strip() html.del_var('_username') html.del_var('_secret') - if secret and user and "/" not in user: - path = defaults.var_dir + "/web/" + user.encode("utf-8") + "/automation.secret" + if secret and user_id and "/" not in user_id: + path = defaults.var_dir + "/web/" + user_id.encode("utf-8") + "/automation.secret" if os.path.isfile(path) and file(path).read().strip() == secret: # Auth with automation secret succeeded - mark transid as unneeded in this case html.set_ignore_transids() - return user - raise MKAuthException(_("Invalid automation secret for user %s") % html.attrencode(user)) + return user_id + raise MKAuthException(_("Invalid automation secret for user %s") % html.attrencode(user_id)) + +# When http header auth is enabled, try to read the user_id from the var +# and when there is some available, set the auth cookie (for other addons) and proceed. +def check_auth_http_header(): + user_id = html.get_request_header(config.auth_by_http_header) + if user_id: + user_id = user_id.decode("utf-8") + serial = load_serial(user_id) + renew_cookie(site_cookie_name(), user_id, serial) + else: + user_id = None + return user_id def check_auth(): + user_id = None if html.var("_secret"): - return check_auth_automation() - - # When http header auth is enabled, try to read the username from the var - # and when there is some available, set the auth cookie (for other addons) and proceed. - if config.auth_by_http_header: - username = html.req.headers_in.get(config.auth_by_http_header, None).decode("utf-8") - if username: - serial = load_serial(username) - renew_cookie(site_cookie_name(), username, serial) - return username - - for cookie_name in html.get_cookie_names(): - if cookie_name.startswith('auth_'): - try: - return check_auth_cookie(cookie_name) - except Exception, e: - #if html.enable_debug: - # html.write('Exception occured while checking cookie %s' % cookie_name) - # raise - #else: - pass - - return '' + user_id = check_auth_automation() + + elif config.auth_by_http_header: + user_id = check_auth_http_header() + + if user_id == None: + for cookie_name in html.get_cookie_names(): + if cookie_name.startswith('auth_'): + try: + user_id = check_auth_cookie(cookie_name) + break + except Exception, e: + #if html.enable_debug: + # html.write('Exception occured while checking cookie %s' % cookie_name) + # raise + #else: + pass + + if (user_id != None and type(user_id) != unicode) or user_id == u'': + raise MKInternalError(_("Invalid user authentication")) + + return user_id def do_login(): @@ -256,7 +268,7 @@ def normal_login_page(called_directly = True): }''') # When someone calls the login page directly and is already authed redirect to main page - if html.myfile == 'login' and check_auth() != '': + if html.myfile == 'login' and check_auth(): html.immediate_browser_redirect(0.5, origtarget and origtarget or 'index.py') return apache.OK

8 years, 11 months

Check_MK Git: check_mk: LDAP: Fixed default page size

by Lars Michelsen

Module: check_mk Branch: master Commit: 701629132599ddb246bc0902f971a14282e77bc3 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=701629132599dd… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Tue Jul 21 09:47:34 2015 +0200 LDAP: Fixed default page size --- web/htdocs/wato.py | 1 - web/plugins/userdb/ldap.py | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py index 419cd2a..78f1185 100644 --- a/web/htdocs/wato.py +++ b/web/htdocs/wato.py @@ -7633,7 +7633,6 @@ def vs_ldap_connection(new): 'user_filter', 'user_filter_group', 'user_id', 'lower_user_ids', 'connect_timeout', 'version', 'group_filter', 'group_member', ], - default_keys = ['page_size'], ) diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py index 7258e0e..82bd495 100644 --- a/web/plugins/userdb/ldap.py +++ b/web/plugins/userdb/ldap.py @@ -357,7 +357,7 @@ class LDAPUserConnector(UserConnector): def ldap_paged_async_search(self, base, scope, filt, columns): self.log(' PAGED ASYNC SEARCH') - page_size = self._config.get('page_size', 100) + page_size = self._config.get('page_size', 1000) if ldap_compat: lc = SimplePagedResultsControl(size = page_size, cookie = '')

8 years, 11 months

← Newer
1
...
8
9
10
11
12
13
14
...
29
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Checkmk git commits July 2015