Module: check_mk
Branch: master
Commit: 9a18cfe49f32da9a5a5f07c564e511c35643e6c2
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=9a18cfe49f32da…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Jul 21 09:39:10 2015 +0200
#2471 User IDs are now allowed to contain special characters (like German umlauts)
Using the GUI it was not possible to create users having user IDs containing special
characters like e.g. German umlauts. But in environments where user synchronizations
with LDAP directories is used it might happen that users with sucht user IDs need
to be synchronized into Check_MK. This was in possible in earlier versions,
which lead to some kind of inconsistencies.
To have a consistent situation for all users independent of their source, Check_MK
now allows you to create users which user IDs contain special characters.
If you already have configured a LDAP synchronization and set the option
"Translate Umlauts in User-IDs" to "replace", your already synchronized users will
be left untouched for the moment. But it is recommended to set this option to
"Keep special characters" now to allow your users to use their normal user IDs for
logging in. But please note, if you change this option, your users having special
characters in user IDs are deleted and re-created with the new name during next
LDAP sync. You will need to migrate the users profile (<tt>var/check_mk/web/[user_id]</tt>)
to make them able to use their custom views, dashboards, bookmarks etc. again after
renaming.
---
.werks/2471 | 26 ++++++++++++++++++++++++++
ChangeLog | 1 +
2 files changed, 27 insertions(+)
diff --git a/.werks/2471 b/.werks/2471
new file mode 100644
index 0000000..075ebb5
--- /dev/null
+++ b/.werks/2471
@@ -0,0 +1,26 @@
+Title: User IDs are now allowed to contain special characters (like German umlauts)
+Level: 2
+Component: multisite
+Compatible: compat
+Version: 1.2.7i3
+Date: 1437463798
+Class: feature
+
+Using the GUI it was not possible to create users having user IDs containing special
+characters like e.g. German umlauts. But in environments where user synchronizations
+with LDAP directories is used it might happen that users with sucht user IDs need
+to be synchronized into Check_MK. This was in possible in earlier versions,
+which lead to some kind of inconsistencies.
+
+To have a consistent situation for all users independent of their source, Check_MK
+now allows you to create users which user IDs contain special characters.
+
+If you already have configured a LDAP synchronization and set the option
+"Translate Umlauts in User-IDs" to "replace", your already synchronized users will
+be left untouched for the moment. But it is recommended to set this option to
+"Keep special characters" now to allow your users to use their normal user IDs for
+logging in. But please note, if you change this option, your users having special
+characters in user IDs are deleted and re-created with the new name during next
+LDAP sync. You will need to migrate the users profile (<tt>var/check_mk/web/[user_id]</tt>)
+to make them able to use their custom views, dashboards, bookmarks etc. again after
+renaming.
diff --git a/ChangeLog b/ChangeLog
index d9db870..6bedd92 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -75,6 +75,7 @@
* 2392 SEC: Auth cookie is always using "httponly" flag...
* 1268 The Snapins "Folders" and "Tree of Folders" can now be used by users without wato permission
* 1270 Multsite site Hostfilters for views can now be negated
+ * 2471 User IDs are now allowed to contain special characters (like German umlauts)...
* 2314 FIX: Availability: fixed exception when grouping by host or service group
* 2361 FIX: Fix exception for missing key 'title' in certain cases of older customized views
* 2379 FIX: Plugin-Output: Fixed handling of URLs within output of check_http...
Module: check_mk
Branch: master
Commit: b45723a3191a3418ae33b8494215b9c90e1f4a33
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=b45723a3191a34…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Jul 21 09:19:02 2015 +0200
Some user login handling cleanups
---
web/htdocs/config.py | 5 +++
web/htdocs/html_mod_python.py | 15 +++++++--
web/htdocs/index.py | 4 +--
web/htdocs/login.py | 70 ++++++++++++++++++++++++-----------------
4 files changed, 60 insertions(+), 34 deletions(-)
diff --git a/web/htdocs/config.py b/web/htdocs/config.py
index 36d1ee5..c0333b9 100644
--- a/web/htdocs/config.py
+++ b/web/htdocs/config.py
@@ -43,6 +43,11 @@ try:
except NameError:
from sets import Set as set
+# FIXME: Make clear whether or not user related values should be part
+# of the "config" module. Maybe move to dedicated module (userdb?). Then
+# move all user related stuff there. e.g. html.user should also be moved
+# there.
+
#.
# .--Declarations--------------------------------------------------------.
# | ____ _ _ _ |
diff --git a/web/htdocs/html_mod_python.py b/web/htdocs/html_mod_python.py
index 7c3f3c3..e65b7e8 100644
--- a/web/htdocs/html_mod_python.py
+++ b/web/htdocs/html_mod_python.py
@@ -60,8 +60,11 @@ class html_mod_python(htmllib.html):
else:
return self.site_status
+ def login(self, user_id):
+ self.user = user_id
+
def is_logged_in(self):
- return self.user and type(self.user) in [ str, unicode ]
+ return self.user and type(self.user) == unicode
def load_help_visible(self):
try:
@@ -69,8 +72,14 @@ class html_mod_python(htmllib.html):
except:
pass
+
+ def get_request_header(self, key, deflt=None):
+ return self.req.headers_in.get(key, deflt)
+
+
def is_ssl_request(self):
- return self.req.headers_in.get('X-Forwarded-Proto') == 'https'
+ return self.get_request_header('X-Forwarded-Proto') == 'https'
+
def set_cookie(self, varname, value, expires = None):
# httponly tells the browser not to make this cookie available to Javascript
@@ -111,7 +120,7 @@ class html_mod_python(htmllib.html):
return config.load_user_file("buttoncounts", {})
def top_heading(self, title):
- if type(self.user) in [ str, unicode ]:
+ if self.is_logged_in():
login_text = "<b>%s</b> (%s" % (config.user_id, "+".join(config.user_role_ids))
if self.enable_debug:
if config.get_language():
diff --git a/web/htdocs/index.py b/web/htdocs/index.py
index b8b6f3d..22497ac 100644
--- a/web/htdocs/index.py
+++ b/web/htdocs/index.py
@@ -196,8 +196,8 @@ def handler(req, fields = None, profiling = True):
if not html.is_logged_in():
config.auth_type = 'cookie'
# When not authed tell the browser to ask for the password
- html.user = login.check_auth()
- if html.user == '':
+ html.login(login.check_auth())
+ if not html.is_logged_in():
if fail_silently:
# While api call don't show the login dialog
raise MKUnauthenticatedException(_('You are not authenticated.'))
diff --git a/web/htdocs/login.py b/web/htdocs/login.py
index 738a39a..639a9ae 100644
--- a/web/htdocs/login.py
+++ b/web/htdocs/login.py
@@ -132,42 +132,54 @@ def check_auth_cookie(cookie_name):
def check_auth_automation():
secret = html.var("_secret").strip()
- user = html.var_utf8("_username").strip()
+ user_id = html.var_utf8("_username").strip()
html.del_var('_username')
html.del_var('_secret')
- if secret and user and "/" not in user:
- path = defaults.var_dir + "/web/" + user.encode("utf-8") + "/automation.secret"
+ if secret and user_id and "/" not in user_id:
+ path = defaults.var_dir + "/web/" + user_id.encode("utf-8") + "/automation.secret"
if os.path.isfile(path) and file(path).read().strip() == secret:
# Auth with automation secret succeeded - mark transid as unneeded in this case
html.set_ignore_transids()
- return user
- raise MKAuthException(_("Invalid automation secret for user %s") % html.attrencode(user))
+ return user_id
+ raise MKAuthException(_("Invalid automation secret for user %s") % html.attrencode(user_id))
+
+# When http header auth is enabled, try to read the user_id from the var
+# and when there is some available, set the auth cookie (for other addons) and proceed.
+def check_auth_http_header():
+ user_id = html.get_request_header(config.auth_by_http_header)
+ if user_id:
+ user_id = user_id.decode("utf-8")
+ serial = load_serial(user_id)
+ renew_cookie(site_cookie_name(), user_id, serial)
+ else:
+ user_id = None
+ return user_id
def check_auth():
+ user_id = None
if html.var("_secret"):
- return check_auth_automation()
-
- # When http header auth is enabled, try to read the username from the var
- # and when there is some available, set the auth cookie (for other addons) and proceed.
- if config.auth_by_http_header:
- username = html.req.headers_in.get(config.auth_by_http_header, None).decode("utf-8")
- if username:
- serial = load_serial(username)
- renew_cookie(site_cookie_name(), username, serial)
- return username
-
- for cookie_name in html.get_cookie_names():
- if cookie_name.startswith('auth_'):
- try:
- return check_auth_cookie(cookie_name)
- except Exception, e:
- #if html.enable_debug:
- # html.write('Exception occured while checking cookie %s' % cookie_name)
- # raise
- #else:
- pass
-
- return ''
+ user_id = check_auth_automation()
+
+ elif config.auth_by_http_header:
+ user_id = check_auth_http_header()
+
+ if user_id == None:
+ for cookie_name in html.get_cookie_names():
+ if cookie_name.startswith('auth_'):
+ try:
+ user_id = check_auth_cookie(cookie_name)
+ break
+ except Exception, e:
+ #if html.enable_debug:
+ # html.write('Exception occured while checking cookie %s' % cookie_name)
+ # raise
+ #else:
+ pass
+
+ if (user_id != None and type(user_id) != unicode) or user_id == u'':
+ raise MKInternalError(_("Invalid user authentication"))
+
+ return user_id
def do_login():
@@ -256,7 +268,7 @@ def normal_login_page(called_directly = True):
}''')
# When someone calls the login page directly and is already authed redirect to main page
- if html.myfile == 'login' and check_auth() != '':
+ if html.myfile == 'login' and check_auth():
html.immediate_browser_redirect(0.5, origtarget and origtarget or 'index.py')
return apache.OK
Module: check_mk
Branch: master
Commit: 5fc0bf3411153290a2597e767647439ea38a0c51
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=5fc0bf34111532…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Tue Jul 21 14:29:22 2015 +0200
#2376 FIX Fix parsing of performance data from MRPE based checks
---
.werks/2376 | 10 ++++++++++
ChangeLog | 1 +
checks/mrpe | 2 +-
modules/check_mk_base.py | 2 +-
4 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/.werks/2376 b/.werks/2376
new file mode 100644
index 0000000..c196f57
--- /dev/null
+++ b/.werks/2376
@@ -0,0 +1,10 @@
+Title: Fix parsing of performance data from MRPE based checks
+Level: 2
+Component: checks
+Class: fix
+Compatible: compat
+State: unknown
+Version: 1.2.7i3
+Date: 1437481734
+
+
diff --git a/ChangeLog b/ChangeLog
index a4be315..48441d5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -64,6 +64,7 @@
* 2408 FIX: ibm_imm_fan: fixed exception while parsing fan percentage values
* 2469 FIX: Fixed service discovery on SNMP host having no system description OID
* 2480 FIX: Fixed exception when configuring predictive levels for network interfaces
+ * 2376 FIX: Fix parsing of performance data from MRPE based checks
Multisite:
* 2385 SEC: Fixed possible reflected XSS on all GUI pages where users can produce unhandled exceptions...
diff --git a/checks/mrpe b/checks/mrpe
index c649f92..c4ab43c 100644
--- a/checks/mrpe
+++ b/checks/mrpe
@@ -40,7 +40,7 @@ def inventory_mrpe(info):
def mrpe_parse_perfdata(perfinfo):
varname, valuetxt = perfinfo.split("=", 1)
values = valuetxt.split(";")
- return tuple( [varname] + values)
+ return tuple([varname] + values)
def check_mrpe(item, params, info):
diff --git a/modules/check_mk_base.py b/modules/check_mk_base.py
index 9da1d48..e018968 100644
--- a/modules/check_mk_base.py
+++ b/modules/check_mk_base.py
@@ -1717,7 +1717,7 @@ def submit_check_result(host, servicedesc, result, sa, cached_at=None, cache_int
# list of perfdata. It is of type string. And it might be
# needed by the graphing tool in order to choose the correct
# template. Currently this is used only by mrpe.
- if len(perfdata) > 0 and type(perfdata[-1]) == str:
+ if len(perfdata) > 0 and type(perfdata[-1]) in (str, unicode):
check_command = perfdata[-1]
del perfdata[-1]
else: