Module: check_mk
Branch: master
Commit: f5d8f70e0eb84c4e813fbbabce7b1c383d5aadef
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=f5d8f70e0eb84c…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Sun Feb 7 22:35:17 2016 +0100
#3171 FIX Logout in one site will log out of all sites sharing the same auth.secret
Site that share the file <tt>etc/auth.secret</tt> also share the same login.
A user logging in in one of these sites is automatically logged in in all
others. But logging out did only work when the logout was done on the same
site as the login. Now you can log in at one site and log out at the other.
Note: Also <tt>omd cp</tt> creates sites with the same secret.
---
.bugs/2389 | 7 +++++--
.werks/3171 | 13 +++++++++++++
ChangeLog | 1 +
web/htdocs/login.py | 54 +++++++++++++++++++++++++++++++++++----------------
4 files changed, 56 insertions(+), 19 deletions(-)
diff --git a/.bugs/2389 b/.bugs/2389
index f57e5ed..f8093a3 100644
--- a/.bugs/2389
+++ b/.bugs/2389
@@ -1,10 +1,13 @@
Title: Logout problem after site copy
Component: multisite
-State: open
+Class: bug
+State: done
Date: 2015-10-14 14:56:27
Targetversion: 1.2.8
-Class: bug
If one monitoring sites is copied with omd cp, the logout will not work.
After the successful login in one of the sites you can use the other one.
If you do a logout in one sites you are automatically logged in again.
+
+2016-02-07 22:32:51: changed state open -> done
+We now delete all cookies that provide a valid login to our site.
diff --git a/.werks/3171 b/.werks/3171
new file mode 100644
index 0000000..f92ae4c
--- /dev/null
+++ b/.werks/3171
@@ -0,0 +1,13 @@
+Title: Logout in one site will log out of all sites sharing the same auth.secret
+Level: 1
+Component: multisite
+Compatible: compat
+Version: 1.2.7i4
+Date: 1454880775
+Class: fix
+
+Site that share the file <tt>etc/auth.secret</tt> also share the same login.
+A user logging in in one of these sites is automatically logged in in all
+others. But logging out did only work when the logout was done on the same
+site as the login. Now you can log in at one site and log out at the other.
+Note: Also <tt>omd cp</tt> creates sites with the same secret.
diff --git a/ChangeLog b/ChangeLog
index ea88bf5..9cb7829 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -309,6 +309,7 @@
* 3041 FIX: Fixed deselecting view checkbox options like "Always show checkboxes" in dashboard embedded views
* 3046 FIX: Acknowledging all incompatible werks when creating new sites
* 2931 FIX: Do not load bookmarks, reports, view, etc. of non-existing users anymore
+ * 3171 FIX: Logout in one site will log out of all sites sharing the same auth.secret...
WATO:
* 2442 WATO remove host: improved cleanup of obsolete host files...
diff --git a/web/htdocs/login.py b/web/htdocs/login.py
index 94d4da1..658a3ef 100644
--- a/web/htdocs/login.py
+++ b/web/htdocs/login.py
@@ -81,10 +81,17 @@ def generate_hash(username, now, serial):
secret = load_secret()
return md5(username.encode("utf-8") + now + str(serial) + secret).hexdigest()
+
def del_auth_cookie():
- name = site_cookie_name()
- if html.has_cookie(name):
- html.del_cookie(name)
+ # Note: in distributed setups a cookie issued by one site is accepted by
+ # others with the same auth.secret and user serial numbers. When a users
+ # logs out then we need to delete all cookies that are accepted by us -
+ # not just the one that we have issued.
+ for cookie_name in html.get_cookie_names():
+ if cookie_name.startswith("auth_"):
+ if auth_cookie_is_valid(cookie_name):
+ html.del_cookie(cookie_name)
+
def auth_cookie_value(username, serial):
now = str(time.time())
@@ -101,34 +108,47 @@ def renew_cookie(cookie_name, username, serial):
and cookie_name == site_cookie_name():
set_auth_cookie(username, serial)
+
def check_auth_cookie(cookie_name):
+ username, issue_time, cookie_hash = parse_auth_cookie(cookie_name)
+ serial = check_parsed_auth_cookie(username, issue_time, cookie_hash)
+
+ # Once reached this the cookie is a good one. Renew it!
+ renew_cookie(cookie_name, username, serial)
+
+ if html.myfile != 'user_change_pw':
+ result = userdb.need_to_change_pw(username)
+ if result:
+ html.http_redirect('user_change_pw.py?_origtarget=%s&reason=%s' % (html.urlencode(html.makeuri([])), result))
+
+ # Return the authenticated username
+ return username
+
+
+def parse_auth_cookie(cookie_name):
username, issue_time, cookie_hash = html.cookie(cookie_name, '::').split(':', 2)
username = username.decode("utf-8")
+ return username, issue_time, cookie_hash
- # FIXME: Ablauf-Zeit des Cookies testen
- #max_cookie_age = 10
- #if float(issue_time) < time.time() - max_cookie_age:
- # del_auth_cookie()
- # return ''
+def check_parsed_auth_cookie(username, issue_time, cookie_hash):
if not userdb.user_exists(username):
raise MKAuthException(_('Username is unknown'))
- # Validate the hash
serial = load_serial(username)
if cookie_hash != generate_hash(username, issue_time, serial):
raise MKAuthException(_('Invalid credentials'))
- # Once reached this the cookie is a good one. Renew it!
- renew_cookie(cookie_name, username, serial)
+ return serial
- if html.myfile != 'user_change_pw':
- result = userdb.need_to_change_pw(username)
- if result:
- html.http_redirect('user_change_pw.py?_origtarget=%s&reason=%s' % (html.urlencode(html.makeuri([])), result))
- # Return the authenticated username
- return username
+def auth_cookie_is_valid(cookie_name):
+ try:
+ check_parsed_auth_cookie(*parse_auth_cookie(cookie_name))
+ return True
+ except MKAuthException:
+ return False
+
def check_auth_automation():
secret = html.var("_secret").strip()
Module: check_mk
Branch: master
Commit: 5409e4b3931e5606aceaeaefdbcd5841783d7dde
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=5409e4b3931e56…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Sun Feb 7 21:55:03 2016 +0100
#3170 FIX Fix spurious exception while creating the inventory directory for the first time
---
.bugs/2410 | 7 +++++--
.werks/3170 | 9 +++++++++
ChangeLog | 1 +
modules/check_mk_base.py | 13 +++++++++++++
modules/inventory.py | 7 ++-----
5 files changed, 30 insertions(+), 7 deletions(-)
diff --git a/.bugs/2410 b/.bugs/2410
index e7306d3..196d580 100644
--- a/.bugs/2410
+++ b/.bugs/2410
@@ -1,9 +1,12 @@
Title: Check_MK HW/SW Inventory fails because var/check_mk/inventory exists
Component: inv
-State: open
+Class: bug
+State: done
Date: 2015-11-12 14:40:55
Targetversion: 1.2.8
-Class: bug
Goes away by itself. Reason seems: race condition. Several checks at the same
time create the directory.
+
+2016-02-07 21:54:28: changed state open -> done
+New atomar function ensure_directory() does this now.
diff --git a/.werks/3170 b/.werks/3170
new file mode 100644
index 0000000..3952326
--- /dev/null
+++ b/.werks/3170
@@ -0,0 +1,9 @@
+Title: Fix spurious exception while creating the inventory directory for the first time
+Level: 1
+Component: inv
+Compatible: compat
+Version: 1.2.7i4
+Date: 1454878471
+Class: fix
+
+
diff --git a/ChangeLog b/ChangeLog
index 233859b..ea88bf5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -397,6 +397,7 @@
* 2827 FIX: win_disks, win_video: now able to detect multiple instances
* 2828 FIX: win_disks: now able to handle disks with missing size or media type information
* 2906 FIX: Fixed crash in views containing special chars in HW/SW-Inventory based columns
+ * 3170 FIX: Fix spurious exception while creating the inventory directory for the first time
1.2.7i3:
diff --git a/modules/check_mk_base.py b/modules/check_mk_base.py
index 4327f22..1964d75 100644
--- a/modules/check_mk_base.py
+++ b/modules/check_mk_base.py
@@ -2030,6 +2030,19 @@ def set_use_cachefile(state=True):
opt_use_cachefile = state
+# Creates the directory at path if it does not exist. If that path does exist
+# it is assumed that it is a directory. the file type is not being checked.
+# This function is atomar so that no exception can arise if two processes
+# at the same time try to create the directory. Only fails if the directory
+# is not present for any reason after this function call.
+def ensure_directory(path):
+ try:
+ os.makedirs(path)
+ except Exception, e:
+ if os.path.exists(path):
+ return
+ raise
+
#.
# .--Check helpers-------------------------------------------------------.
# | ____ _ _ _ _ |
diff --git a/modules/inventory.py b/modules/inventory.py
index d6ded22..33e5a95 100644
--- a/modules/inventory.py
+++ b/modules/inventory.py
@@ -148,11 +148,8 @@ def inv_cleanup_tree(tree):
def do_inv(hostnames):
-
- if not os.path.exists(inventory_output_dir):
- os.makedirs(inventory_output_dir)
- if not os.path.exists(inventory_archive_dir):
- os.makedirs(inventory_archive_dir)
+ ensure_directory(inventory_output_dir)
+ ensure_directory(inventory_archive_dir)
# No hosts specified: do all hosts and force caching
if hostnames == None:
Module: check_mk
Branch: master
Commit: 28cbeb9cdf68fec24a95b6603cc5d882a9add4e1
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=28cbeb9cdf68fe…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Sun Feb 7 21:30:49 2016 +0100
Updated bug entries #2321
---
.bugs/2321 | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/.bugs/2321 b/.bugs/2321
index b2891a7..2ae9c1a 100644
--- a/.bugs/2321
+++ b/.bugs/2321
@@ -1,10 +1,13 @@
Title: notify.py: subprocess p.communicate() calls may block when plugins output a lot
Component: notifcation
-State: open
+Class: bug
+State: works4me
Date: 2015-11-19 13:38:58
Targetversion: future
-Class: bug
MK: Problem unclear. Is it a problem that a short blocking might occur? Then
that is not the fault of communicate() but of the fact that the execution
of the script may take time.
+
+2016-02-07 21:30:47: changed state open -> works4me
+Seems to be no problem after all.
Module: check_mk
Branch: master
Commit: e8691b0142957c42fa63fe5a3f2209eb4a74519f
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=e8691b0142957c…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Sun Feb 7 21:43:56 2016 +0100
#3169 FIX Permission/Contact group settings for new hosts did show folder options
When creating a new host in WATO the section <i>Permissions</i> would show
settings that are meant for folders. This has been fixed (when editing an
existing host the correct options were displayed).
---
.bugs/2383 | 7 +++++--
.werks/3169 | 11 +++++++++++
ChangeLog | 1 +
web/htdocs/watolib.py | 2 +-
4 files changed, 18 insertions(+), 3 deletions(-)
diff --git a/.bugs/2383 b/.bugs/2383
index 90f7a01..c8fd721 100644
--- a/.bugs/2383
+++ b/.bugs/2383
@@ -1,9 +1,9 @@
Title: WATO dialog for host creation shows folder contact group attributes
Component: wato
-State: open
+Class: bug
+State: done
Date: 2015-10-30 10:16:25
Targetversion: 1.2.8
-Class: bug
Permissions..
@@ -19,3 +19,6 @@ But this was the dialog of a new *host*, not folder.
In *edit*-Mode of a host this is OK and the correct check
boxes are being displayed.
+
+2016-02-07 21:42:17: changed state open -> done
+Fixed.
diff --git a/.werks/3169 b/.werks/3169
new file mode 100644
index 0000000..6884b5c
--- /dev/null
+++ b/.werks/3169
@@ -0,0 +1,11 @@
+Title: Permission/Contact group settings for new hosts did show folder options
+Level: 2
+Component: wato
+Compatible: compat
+Version: 1.2.7i4
+Date: 1454877739
+Class: fix
+
+When creating a new host in WATO the section <i>Permissions</i> would show
+settings that are meant for folders. This has been fixed (when editing an
+existing host the correct options were displayed).
diff --git a/ChangeLog b/ChangeLog
index 8e58929..233859b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -348,6 +348,7 @@
* 3036 FIX: Bulk discovery steps are now timing out short before HTTP request timeout...
* 3038 FIX: Fixed invalid error message when creating service group assignment rule without having service groups
* 3044 FIX: Fixed garbled notifications page on page reload after an action has been performed
+ * 3169 FIX: Permission/Contact group settings for new hosts did show folder options...
Notifications:
* 2811 Mail notifications: Now able to add Host/Service Notes Url...
diff --git a/web/htdocs/watolib.py b/web/htdocs/watolib.py
index e2f036e..007e333 100644
--- a/web/htdocs/watolib.py
+++ b/web/htdocs/watolib.py
@@ -2590,7 +2590,7 @@ class ContactGroupsAttribute(Attribute):
# If we're just editing a host, then some of the checkboxes will be missing.
# This condition is not very clean, but there is no other way to savely determine
# the context.
- is_host = not not html.var("host")
+ is_host = not not html.var("host") or html.var("mode") == "newhost"
is_search = varprefix == "host_search"
# Only show contact groups I'm currently in and contact
Module: check_mk
Branch: master
Commit: 60fa01b5f729be2765c8f055baf843bce2410d07
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=60fa01b5f729be…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Sun Feb 7 21:28:42 2016 +0100
#3168 FIX Fix duplicate loading of check that have a copy in local/share/check_mk/checks.
---
.bugs/2382 | 8 ++++++--
.werks/3168 | 9 +++++++++
ChangeLog | 1 +
modules/check_mk.py | 25 +++++++++++++++----------
4 files changed, 31 insertions(+), 12 deletions(-)
diff --git a/.bugs/2382 b/.bugs/2382
index bc08146..dc8f492 100644
--- a/.bugs/2382
+++ b/.bugs/2382
@@ -1,10 +1,14 @@
Title: If check files are available in local, we must not read in those in share!
Component: core
-State: open
+Class: bug
+State: done
Date: 2015-10-27 17:14:55
Targetversion: 1.2.8
-Class: bug
When creating precompiled Nagios files this is already exactly the implemented
behaviour. But when you run cmk -v or CMC then *both* files are being read.
This can lead to a different (wrong) behaviour.
+
+2016-02-07 21:28:09: changed state open -> done
+We now read first the files from local. The we skip files already
+read.
diff --git a/.werks/3168 b/.werks/3168
new file mode 100644
index 0000000..102487f
--- /dev/null
+++ b/.werks/3168
@@ -0,0 +1,9 @@
+Title: Fix duplicate loading of check that have a copy in local/share/check_mk/checks.
+Level: 1
+Component: core
+Compatible: compat
+Version: 1.2.7i4
+Date: 1454876897
+Class: fix
+
+
diff --git a/ChangeLog b/ChangeLog
index 68e6c7b..8e58929 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -17,6 +17,7 @@
* 2944 FIX: Fixed exception during config activation having clusters with unresolvable node IP addresses
* 3037 FIX: Terminate datasource programs when check timeout occurs...
* 2932 FIX: Removal of duplicate services now also works for hosts that are no longer SNMP+TCP
+ * 3168 FIX: Fix duplicate loading of check that have a copy in local/share/check_mk/checks.
Checks & Agents:
* 2434 NetApp monitoring: Cluster-Mode is now supported, changes in existing 7Mode checks...
diff --git a/modules/check_mk.py b/modules/check_mk.py
index 5b249b9..7c9a77e 100755
--- a/modules/check_mk.py
+++ b/modules/check_mk.py
@@ -382,10 +382,11 @@ special_agent_info = {}
# Now read in all checks. Note: this is done *before* reading the
# configuration, because checks define variables with default
# values user can override those variables in his configuration.
-# Do not read in the checks if check_mk is called as module
+# If a check or check.include is both found in local/ and in the
+# normal structure, then only the file in local/ must be read!
def load_checks():
- filelist = plugin_pathnames_in_directory(checks_dir) \
- + plugin_pathnames_in_directory(local_checks_dir)
+ filelist = plugin_pathnames_in_directory(local_checks_dir) \
+ + plugin_pathnames_in_directory(checks_dir)
# read include files always first, but still in the sorted
# order with local ones last (possibly overriding variables)
@@ -398,15 +399,19 @@ def load_checks():
known_vars = set(globals().keys()) # track new configuration variables
+ loaded_files = set()
for f in filelist:
if not f.endswith("~"): # ignore emacs-like backup files
- try:
- execfile(f, globals())
- except Exception, e:
- sys.stderr.write("Error in plugin file %s: %s\n" % (f, e))
- if opt_debug:
- raise
- sys.exit(5)
+ file_name = f.rsplit("/", 1)[-1]
+ if file_name not in loaded_files:
+ try:
+ loaded_files.add(file_name)
+ execfile(f, globals())
+ except Exception, e:
+ sys.stderr.write("Error in plugin file %s: %s\n" % (f, e))
+ if opt_debug:
+ raise
+ sys.exit(5)
for varname, value in globals().iteritems():
if varname[0] != '_' \