Checkmk git commits July 2015

checkmk-commits@lists.checkmk.com

8 participants
287 discussions

Check_MK Git: check_mk: #2471 User IDs are now allowed to contain special characters ( like German umlauts)

by Lars Michelsen

Module: check_mk Branch: master Commit: 9a18cfe49f32da9a5a5f07c564e511c35643e6c2 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=9a18cfe49f32da… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Tue Jul 21 09:39:10 2015 +0200 #2471 User IDs are now allowed to contain special characters (like German umlauts) Using the GUI it was not possible to create users having user IDs containing special characters like e.g. German umlauts. But in environments where user synchronizations with LDAP directories is used it might happen that users with sucht user IDs need to be synchronized into Check_MK. This was in possible in earlier versions, which lead to some kind of inconsistencies. To have a consistent situation for all users independent of their source, Check_MK now allows you to create users which user IDs contain special characters. If you already have configured a LDAP synchronization and set the option "Translate Umlauts in User-IDs" to "replace", your already synchronized users will be left untouched for the moment. But it is recommended to set this option to "Keep special characters" now to allow your users to use their normal user IDs for logging in. But please note, if you change this option, your users having special characters in user IDs are deleted and re-created with the new name during next LDAP sync. You will need to migrate the users profile (<tt>var/check_mk/web/[user_id]</tt>) to make them able to use their custom views, dashboards, bookmarks etc. again after renaming. --- .werks/2471 | 26 ++++++++++++++++++++++++++ ChangeLog | 1 + 2 files changed, 27 insertions(+) diff --git a/.werks/2471 b/.werks/2471 new file mode 100644 index 0000000..075ebb5 --- /dev/null +++ b/.werks/2471 @@ -0,0 +1,26 @@ +Title: User IDs are now allowed to contain special characters (like German umlauts) +Level: 2 +Component: multisite +Compatible: compat +Version: 1.2.7i3 +Date: 1437463798 +Class: feature + +Using the GUI it was not possible to create users having user IDs containing special +characters like e.g. German umlauts. But in environments where user synchronizations +with LDAP directories is used it might happen that users with sucht user IDs need +to be synchronized into Check_MK. This was in possible in earlier versions, +which lead to some kind of inconsistencies. + +To have a consistent situation for all users independent of their source, Check_MK +now allows you to create users which user IDs contain special characters. + +If you already have configured a LDAP synchronization and set the option +"Translate Umlauts in User-IDs" to "replace", your already synchronized users will +be left untouched for the moment. But it is recommended to set this option to +"Keep special characters" now to allow your users to use their normal user IDs for +logging in. But please note, if you change this option, your users having special +characters in user IDs are deleted and re-created with the new name during next +LDAP sync. You will need to migrate the users profile (<tt>var/check_mk/web/[user_id]</tt>) +to make them able to use their custom views, dashboards, bookmarks etc. again after +renaming. diff --git a/ChangeLog b/ChangeLog index d9db870..6bedd92 100644 --- a/ChangeLog +++ b/ChangeLog @@ -75,6 +75,7 @@ * 2392 SEC: Auth cookie is always using "httponly" flag... * 1268 The Snapins "Folders" and "Tree of Folders" can now be used by users without wato permission * 1270 Multsite site Hostfilters for views can now be negated + * 2471 User IDs are now allowed to contain special characters (like German umlauts)... * 2314 FIX: Availability: fixed exception when grouping by host or service group * 2361 FIX: Fix exception for missing key 'title' in certain cases of older customized views * 2379 FIX: Plugin-Output: Fixed handling of URLs within output of check_http...

8 years, 11 months

Check_MK Git: check_mk: Some user login handling cleanups

by Lars Michelsen

Module: check_mk Branch: master Commit: b45723a3191a3418ae33b8494215b9c90e1f4a33 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=b45723a3191a34… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Tue Jul 21 09:19:02 2015 +0200 Some user login handling cleanups --- web/htdocs/config.py | 5 +++ web/htdocs/html_mod_python.py | 15 +++++++-- web/htdocs/index.py | 4 +-- web/htdocs/login.py | 70 ++++++++++++++++++++++++----------------- 4 files changed, 60 insertions(+), 34 deletions(-) diff --git a/web/htdocs/config.py b/web/htdocs/config.py index 36d1ee5..c0333b9 100644 --- a/web/htdocs/config.py +++ b/web/htdocs/config.py @@ -43,6 +43,11 @@ try: except NameError: from sets import Set as set +# FIXME: Make clear whether or not user related values should be part +# of the "config" module. Maybe move to dedicated module (userdb?). Then +# move all user related stuff there. e.g. html.user should also be moved +# there. + #. # .--Declarations--------------------------------------------------------. # | ____ _ _ _ | diff --git a/web/htdocs/html_mod_python.py b/web/htdocs/html_mod_python.py index 7c3f3c3..e65b7e8 100644 --- a/web/htdocs/html_mod_python.py +++ b/web/htdocs/html_mod_python.py @@ -60,8 +60,11 @@ class html_mod_python(htmllib.html): else: return self.site_status + def login(self, user_id): + self.user = user_id + def is_logged_in(self): - return self.user and type(self.user) in [ str, unicode ] + return self.user and type(self.user) == unicode def load_help_visible(self): try: @@ -69,8 +72,14 @@ class html_mod_python(htmllib.html): except: pass + + def get_request_header(self, key, deflt=None): + return self.req.headers_in.get(key, deflt) + + def is_ssl_request(self): - return self.req.headers_in.get('X-Forwarded-Proto') == 'https' + return self.get_request_header('X-Forwarded-Proto') == 'https' + def set_cookie(self, varname, value, expires = None): # httponly tells the browser not to make this cookie available to Javascript @@ -111,7 +120,7 @@ class html_mod_python(htmllib.html): return config.load_user_file("buttoncounts", {}) def top_heading(self, title): - if type(self.user) in [ str, unicode ]: + if self.is_logged_in(): login_text = "<b>%s</b> (%s" % (config.user_id, "+".join(config.user_role_ids)) if self.enable_debug: if config.get_language(): diff --git a/web/htdocs/index.py b/web/htdocs/index.py index b8b6f3d..22497ac 100644 --- a/web/htdocs/index.py +++ b/web/htdocs/index.py @@ -196,8 +196,8 @@ def handler(req, fields = None, profiling = True): if not html.is_logged_in(): config.auth_type = 'cookie' # When not authed tell the browser to ask for the password - html.user = login.check_auth() - if html.user == '': + html.login(login.check_auth()) + if not html.is_logged_in(): if fail_silently: # While api call don't show the login dialog raise MKUnauthenticatedException(_('You are not authenticated.')) diff --git a/web/htdocs/login.py b/web/htdocs/login.py index 738a39a..639a9ae 100644 --- a/web/htdocs/login.py +++ b/web/htdocs/login.py @@ -132,42 +132,54 @@ def check_auth_cookie(cookie_name): def check_auth_automation(): secret = html.var("_secret").strip() - user = html.var_utf8("_username").strip() + user_id = html.var_utf8("_username").strip() html.del_var('_username') html.del_var('_secret') - if secret and user and "/" not in user: - path = defaults.var_dir + "/web/" + user.encode("utf-8") + "/automation.secret" + if secret and user_id and "/" not in user_id: + path = defaults.var_dir + "/web/" + user_id.encode("utf-8") + "/automation.secret" if os.path.isfile(path) and file(path).read().strip() == secret: # Auth with automation secret succeeded - mark transid as unneeded in this case html.set_ignore_transids() - return user - raise MKAuthException(_("Invalid automation secret for user %s") % html.attrencode(user)) + return user_id + raise MKAuthException(_("Invalid automation secret for user %s") % html.attrencode(user_id)) + +# When http header auth is enabled, try to read the user_id from the var +# and when there is some available, set the auth cookie (for other addons) and proceed. +def check_auth_http_header(): + user_id = html.get_request_header(config.auth_by_http_header) + if user_id: + user_id = user_id.decode("utf-8") + serial = load_serial(user_id) + renew_cookie(site_cookie_name(), user_id, serial) + else: + user_id = None + return user_id def check_auth(): + user_id = None if html.var("_secret"): - return check_auth_automation() - - # When http header auth is enabled, try to read the username from the var - # and when there is some available, set the auth cookie (for other addons) and proceed. - if config.auth_by_http_header: - username = html.req.headers_in.get(config.auth_by_http_header, None).decode("utf-8") - if username: - serial = load_serial(username) - renew_cookie(site_cookie_name(), username, serial) - return username - - for cookie_name in html.get_cookie_names(): - if cookie_name.startswith('auth_'): - try: - return check_auth_cookie(cookie_name) - except Exception, e: - #if html.enable_debug: - # html.write('Exception occured while checking cookie %s' % cookie_name) - # raise - #else: - pass - - return '' + user_id = check_auth_automation() + + elif config.auth_by_http_header: + user_id = check_auth_http_header() + + if user_id == None: + for cookie_name in html.get_cookie_names(): + if cookie_name.startswith('auth_'): + try: + user_id = check_auth_cookie(cookie_name) + break + except Exception, e: + #if html.enable_debug: + # html.write('Exception occured while checking cookie %s' % cookie_name) + # raise + #else: + pass + + if (user_id != None and type(user_id) != unicode) or user_id == u'': + raise MKInternalError(_("Invalid user authentication")) + + return user_id def do_login(): @@ -256,7 +268,7 @@ def normal_login_page(called_directly = True): }''') # When someone calls the login page directly and is already authed redirect to main page - if html.myfile == 'login' and check_auth() != '': + if html.myfile == 'login' and check_auth(): html.immediate_browser_redirect(0.5, origtarget and origtarget or 'index.py') return apache.OK

8 years, 11 months

Check_MK Git: check_mk: First big step to transform user id handling to unicode internally

by Lars Michelsen

Module: check_mk Branch: master Commit: 7685adc83675d539b273c4aa6e26417eb70c9b91 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=7685adc83675d5… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Jul 20 16:22:49 2015 +0200 First big step to transform user id handling to unicode internally --- web/htdocs/config.py | 2 +- web/htdocs/html_mod_python.py | 7 ++-- web/htdocs/htmllib.py | 1 + web/htdocs/index.py | 2 +- web/htdocs/lib.py | 16 +++++++++ web/htdocs/login.py | 11 ++++--- web/htdocs/userdb.py | 40 +++++++++++------------ web/htdocs/valuespec.py | 6 ++++ web/htdocs/wato.py | 70 +++++++++++++++++++++++----------------- web/plugins/userdb/htpasswd.py | 4 +-- web/plugins/userdb/ldap.py | 59 +++++++++++---------------------- 11 files changed, 117 insertions(+), 101 deletions(-) Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=7685adc836…

8 years, 11 months

Check_MK Git: check_mk: New graph definition for check_icmp with rtmin and rtmax

by Mathias Kettner

Module: check_mk Branch: master Commit: 7c0a1efdb2352898b22b9e3366e1f6ad36c7f3d6 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=7c0a1efdb23528… Author: Mathias Kettner <mk(a)mathias-kettner.de> Date: Tue Jul 21 14:29:52 2015 +0200 New graph definition for check_icmp with rtmin and rtmax --- web/plugins/metrics/check_mk.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/web/plugins/metrics/check_mk.py b/web/plugins/metrics/check_mk.py index c84811a..48df421 100644 --- a/web/plugins/metrics/check_mk.py +++ b/web/plugins/metrics/check_mk.py @@ -5253,3 +5253,11 @@ graph_info.append({ ] }) +graph_info.append({ + "title" : _("Round trip average"), + "metrics" : [ + ( "rtmax", "area" ), + ( "rtmin", "area" ), + ( "rta", "line" ), + ], +})

8 years, 11 months

Check_MK Git: check_mk: #2376 FIX Fix parsing of performance data from MRPE based checks

by Mathias Kettner

Module: check_mk Branch: master Commit: 5fc0bf3411153290a2597e767647439ea38a0c51 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=5fc0bf34111532… Author: Mathias Kettner <mk(a)mathias-kettner.de> Date: Tue Jul 21 14:29:22 2015 +0200 #2376 FIX Fix parsing of performance data from MRPE based checks --- .werks/2376 | 10 ++++++++++ ChangeLog | 1 + checks/mrpe | 2 +- modules/check_mk_base.py | 2 +- 4 files changed, 13 insertions(+), 2 deletions(-) diff --git a/.werks/2376 b/.werks/2376 new file mode 100644 index 0000000..c196f57 --- /dev/null +++ b/.werks/2376 @@ -0,0 +1,10 @@ +Title: Fix parsing of performance data from MRPE based checks +Level: 2 +Component: checks +Class: fix +Compatible: compat +State: unknown +Version: 1.2.7i3 +Date: 1437481734 + + diff --git a/ChangeLog b/ChangeLog index a4be315..48441d5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -64,6 +64,7 @@ * 2408 FIX: ibm_imm_fan: fixed exception while parsing fan percentage values * 2469 FIX: Fixed service discovery on SNMP host having no system description OID * 2480 FIX: Fixed exception when configuring predictive levels for network interfaces + * 2376 FIX: Fix parsing of performance data from MRPE based checks Multisite: * 2385 SEC: Fixed possible reflected XSS on all GUI pages where users can produce unhandled exceptions... diff --git a/checks/mrpe b/checks/mrpe index c649f92..c4ab43c 100644 --- a/checks/mrpe +++ b/checks/mrpe @@ -40,7 +40,7 @@ def inventory_mrpe(info): def mrpe_parse_perfdata(perfinfo): varname, valuetxt = perfinfo.split("=", 1) values = valuetxt.split(";") - return tuple( [varname] + values) + return tuple([varname] + values) def check_mrpe(item, params, info): diff --git a/modules/check_mk_base.py b/modules/check_mk_base.py index 9da1d48..e018968 100644 --- a/modules/check_mk_base.py +++ b/modules/check_mk_base.py @@ -1717,7 +1717,7 @@ def submit_check_result(host, servicedesc, result, sa, cached_at=None, cache_int # list of perfdata. It is of type string. And it might be # needed by the graphing tool in order to choose the correct # template. Currently this is used only by mrpe. - if len(perfdata) > 0 and type(perfdata[-1]) == str: + if len(perfdata) > 0 and type(perfdata[-1]) in (str, unicode): check_command = perfdata[-1] del perfdata[-1] else:

8 years, 11 months

Check_MK Git: check_mk: Fixed permission of AIX agent

by Mathias Kettner

Module: check_mk Branch: master Commit: 515c069a63876b093178a3fe4334663cadf93466 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=515c069a63876b… Author: Mathias Kettner <mk(a)mathias-kettner.de> Date: Tue Jul 21 13:52:05 2015 +0200 Fixed permission of AIX agent --- 0 files changed diff --git a/agents/check_mk_agent.aix b/agents/check_mk_agent.aix old mode 100644 new mode 100755

8 years, 11 months

Check_MK Git: check_mk: aix_hacmp_nodes, aix_hacmp_resources,

by Mathias Kettner

aix_hacmp_services: new checks for AIX HACMP Message-ID: <55ae322b.6XVOoci3qLm/ou7h%mk(a)mathias-kettner.de> User-Agent: Heirloom mailx 12.5 6/20/10 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Module: check_mk Branch: master Commit: 2e43eab479f9ef964799cba4102375133129d376 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=2e43eab479f9ef… Author: Mathias Kettner <mk(a)mathias-kettner.de> Date: Tue Jul 21 13:49:52 2015 +0200 aix_hacmp_nodes, aix_hacmp_resources, aix_hacmp_services: new checks for AIX HACMP --- agents/check_mk_agent.aix | 33 +++++++++++ checks/aix_hacmp_nodes | 108 ++++++++++++++++++++++++++++++++++ checks/aix_hacmp_resources | 95 ++++++++++++++++++++++++++++++ checks/aix_hacmp_services | 139 ++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 375 insertions(+) Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=2e43eab479…

8 years, 11 months

Check_MK Git: check_mk: bvip_fans: Fixed include file

by Bastian Kuhn

Module: check_mk Branch: master Commit: f204c8565e78bbd64501cdf9dfc1c1d28b0e5b96 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=f204c8565e78bb… Author: Bastian Kuhn <bk(a)mathias-kettner.de> Date: Tue Jul 21 10:35:50 2015 +0200 bvip_fans: Fixed include file --- checks/bvip_fans | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/checks/bvip_fans b/checks/bvip_fans index 510f196..c39b144 100644 --- a/checks/bvip_fans +++ b/checks/bvip_fans @@ -43,8 +43,8 @@ check_info["bvip_fans"] = { "service_description" : "Fan %s", "snmp_scan_function" : bvip_scan_function, "snmp_info" : (".1.3.6.1.4.1.3967.1.1.8.1", [OID_END, 1 ]), - "includes" : [ 'bvip.include', 'fanserature.include' ], + "includes" : [ 'bvip.include', 'fan.include' ], "has_perfdata" : True, - "group" : "fanserature", + "group" : "fan", }

8 years, 11 months

Check_MK Git: check_mk: A few minor fixes in bvip checks

by Mathias Kettner

Module: check_mk Branch: master Commit: 41e70abde06ebc06bf71dd596dc595fcd9a0bf73 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=41e70abde06ebc… Author: Mathias Kettner <mk(a)mathias-kettner.de> Date: Tue Jul 21 09:51:42 2015 +0200 A few minor fixes in bvip checks --- checks/bvip_link | 4 ++++ checks/bvip_poe | 5 ++++- checks/bvip_temp | 2 +- checks/bvip_util | 6 +++++- checks/bvip_video_alerts | 3 ++- 5 files changed, 16 insertions(+), 4 deletions(-) diff --git a/checks/bvip_link b/checks/bvip_link index 3f11aaa..7a491e1 100644 --- a/checks/bvip_link +++ b/checks/bvip_link @@ -23,15 +23,19 @@ # License along with GNU Make; see the file COPYING. If not, write # to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, # Boston, MA 02110-1301 USA. + + factory_settings["bvip_link_default_levels"] = { 'ok_states' : [ 0, 4, 5], 'warn_states' : [7], 'crit_states' : [1, 2, 3], } + def inventory_bvip_link(info): return [(None, {})] + def check_bvip_link(_no_item, params, info): count = 0 states = { diff --git a/checks/bvip_poe b/checks/bvip_poe index 31e803d..f798340 100644 --- a/checks/bvip_poe +++ b/checks/bvip_poe @@ -26,10 +26,12 @@ bvip_poe_default_levels = (50, 60) + def inventory_bvip_poe(info): if info[0][0] != '0': return [(None, 'bvip_poe_default_levels')] + def check_bvip_poe(_no_item, params, info): warn, crit = params watt = float(info[0][0]) / 10 @@ -39,7 +41,8 @@ def check_bvip_poe(_no_item, params, info): state = 1 else: state = 0 - return state, "Currently: %s watt" % watt, [ ('watt', watt )] + return state, "%.3f W" % watt, [ ('power', watt )] + check_info["bvip_poe"] = { "check_function" : check_bvip_poe, diff --git a/checks/bvip_temp b/checks/bvip_temp index 31dd83c..53116ca 100644 --- a/checks/bvip_temp +++ b/checks/bvip_temp @@ -33,7 +33,7 @@ def inventory_bvip_temp(info): def check_bvip_temp(item, params, info): for nr, value in info: if nr == item: - degree_celsius = float(value)/10 + degree_celsius = float(value) / 10 return check_temperature(degree_celsius, params) check_info["bvip_temp"] = { diff --git a/checks/bvip_util b/checks/bvip_util index b198de9..57d8cdb 100644 --- a/checks/bvip_util +++ b/checks/bvip_util @@ -24,12 +24,15 @@ # to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, # Boston, MA 02110-1301 USA. + bvip_util_default_levels = (90, 95) + def inventory_bvip_util(info): for name in ["Total", "Coder", "VCA"]: yield name, 'bvip_util_default_levels' + def check_bvip_util(item, params, info): items = { "Total" : 0, @@ -41,10 +44,11 @@ def check_bvip_util(item, params, info): usage = 100 - usage return check_cpu_util(usage, params) + check_info["bvip_util"] = { "check_function" : check_bvip_util, "inventory_function" : inventory_bvip_util, - "service_description" : "CPU util %s", + "service_description" : "CPU utilization %s", "snmp_scan_function" : bvip_scan_function, "snmp_info" : (".1.3.6.1.4.1.3967.1.1.9.1", [ 1,2,3 ]), "includes" : [ 'bvip.include', 'cpu_util.include' ], diff --git a/checks/bvip_video_alerts b/checks/bvip_video_alerts index 5b2ee12..2df8a12 100644 --- a/checks/bvip_video_alerts +++ b/checks/bvip_video_alerts @@ -27,7 +27,8 @@ def inventory_bvip_video_alerts(info): for cam, alerts in info: - yield cam.replace('\x00',""), None + yield cam.replace('\x00', ""), None + def check_bvip_video_alerts(item, _no_params, info): for cam, alerts in info:

8 years, 11 months

Check_MK Git: check_mk: bvip_temp: fix missing %s in service description

by Mathias Kettner

Module: check_mk Branch: master Commit: 29405cf06bc61048e68e4c7ac1ce15d7ec1036ee URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=29405cf06bc610… Author: Mathias Kettner <mk(a)mathias-kettner.de> Date: Tue Jul 21 09:43:02 2015 +0200 bvip_temp: fix missing %s in service description --- checks/bvip_temp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checks/bvip_temp b/checks/bvip_temp index 0414dd8..31dd83c 100644 --- a/checks/bvip_temp +++ b/checks/bvip_temp @@ -39,7 +39,7 @@ def check_bvip_temp(item, params, info): check_info["bvip_temp"] = { "check_function" : check_bvip_temp, "inventory_function" : inventory_bvip_temp, - "service_description" : "Temperature", + "service_description" : "Temperature %s", "snmp_scan_function" : bvip_scan_function, "snmp_info" : (".1.3.6.1.4.1.3967.1.1.7.1", [OID_END, 1 ]), "includes" : [ 'bvip.include', 'temperature.include' ],

8 years, 11 months

← Newer
1
...
9
10
11
12
13
14
15
...
29
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Checkmk git commits July 2015