Checkmk git commits July 2016

checkmk-commits@lists.checkmk.com

10 participants
213 discussions

by Mathias Kettner

Module: check_mk Branch: master Commit: bd6e134466cd61b51f52bfdfbd3d857398fcc821 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=bd6e134466cd61… Author: Mathias Kettner <mk(a)mathias-kettner.de> Date: Wed Jul 27 15:44:13 2016 +0200 Updated bug entries #2500 --- .bugs/2500 | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.bugs/2500 b/.bugs/2500 new file mode 100644 index 0000000..71220ac --- /dev/null +++ b/.bugs/2500 @@ -0,0 +1,7 @@ +Title: Bogus exception "Invalid credentials" when logging in with invalid credentials +Component: multisite +State: open +Date: 2016-07-27 15:39:35 +Targetversion: 1.2.8 +Class: nastiness +

8 years, 1 month

Consolidated common crash reporting code

by Lars Michelsen

Module: check_mk Branch: master Commit: f8f9cd266073259bf18f9c1e7bb755311d94d7cf URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=f8f9cd26607325… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Wed Jul 27 15:37:25 2016 +0200 Consolidated common crash reporting code --- lib/crash_reporting.py | 143 +++++++++++++++++++++++++++++++++++++++++ modules/check_mk_base.py | 118 +++++----------------------------- web/htdocs/crash_reporting.py | 114 ++++---------------------------- 3 files changed, 171 insertions(+), 204 deletions(-) Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=f8f9cd2660…

8 years, 1 month

Limit local vars in crash reports to a total size of 5 MB

by Lars Michelsen

Module: check_mk Branch: master Commit: e63e4e56cbddc9182e2fb6ac664fcddda7e32348 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=e63e4e56cbddc9… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Wed Jul 27 14:33:00 2016 +0200 Limit local vars in crash reports to a total size of 5 MB --- modules/check_mk_base.py | 18 ++++++++++-------- web/htdocs/crash_reporting.py | 9 ++++----- 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/modules/check_mk_base.py b/modules/check_mk_base.py index bf064a9..7e25665 100644 --- a/modules/check_mk_base.py +++ b/modules/check_mk_base.py @@ -1581,27 +1581,29 @@ def is_manual_check(hostname, check_type, item): return (check_type, item) in manual_checks -def format_var_for_export(val): +def format_var_for_export(val, maxdepth=4, maxsize=1024*1024): + if maxdepth == 0: + return "Max recursion depth reached" + if isinstance(val, dict): for item_key, item_val in val.items(): - val[item_key] = format_var_for_export(item_val) + val[item_key] = format_var_for_export(item_val, maxdepth-1) elif isinstance(val, list): for index, item in enumerate(val): - val[index] = format_var_for_export(item) + val[index] = format_var_for_export(item, maxdepth-1) elif isinstance(val, tuple): new_val = () for item in val: - new_val += (format_var_for_export(item),) + new_val += (format_var_for_export(item, maxdepth-1),) val = new_val # Check and limit size if type(val) in (str, unicode): - size_limit = 1024*1024 size = len(val) - if size > size_limit: - val = val[:size_limit] + "... (%d bytes stripped)" % (size - size_limit) + if size > maxsize: + val = val[:maxsize] + "... (%d bytes stripped)" % (size - maxsize) return val @@ -1614,7 +1616,7 @@ def get_local_vars_of_last_exception(): # This needs to be encoded as the local vars might contain binary data which can not be # transported using JSON. - return base64.b64encode(pprint.pformat(local_vars)) + return base64.b64encode(format_var_for_export(pprint.pformat(local_vars), maxsize=5*1024*1024)) def create_crash_dump_info_file(crash_dir, hostname, check_type, item, params, description, info, text): diff --git a/web/htdocs/crash_reporting.py b/web/htdocs/crash_reporting.py index 6509267..caa0416 100644 --- a/web/htdocs/crash_reporting.py +++ b/web/htdocs/crash_reporting.py @@ -404,10 +404,10 @@ def get_local_vars_of_last_exception(): # This needs to be encoded as the local vars might contain binary data which can not be # transported using JSON. - return base64.b64encode(pprint.pformat(local_vars)) + return base64.b64encode(format_var_for_export(pprint.pformat(local_vars), maxsize=5*1024*1024)) -def format_var_for_export(val, maxdepth=4): +def format_var_for_export(val, maxdepth=4, maxsize=1024*1024): if maxdepth == 0: return "Max recursion depth reached" @@ -427,10 +427,9 @@ def format_var_for_export(val, maxdepth=4): # Check and limit size if type(val) in (str, unicode): - size_limit = 1024*1024 size = len(val) - if size > size_limit: - val = val[:size_limit] + "... (%d bytes stripped)" % (size - size_limit) + if size > maxsize: + val = val[:maxsize] + "... (%d bytes stripped)" % (size - maxsize) return val

8 years, 1 month

3724 Password input fields: Added note about plain text storing ( if done so)

by Lars Michelsen

Module: check_mk Branch: master Commit: 958ad48ebc1227ca384893c34bc9daf8a4d90311 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=958ad48ebc1227… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Wed Jul 27 13:47:37 2016 +0200 3724 Password input fields: Added note about plain text storing (if done so) --- .werks/3724 | 9 +++++++++ ChangeLog | 1 + web/htdocs/key_mgmt.py | 3 +++ web/htdocs/valuespec.py | 24 ++++++++++++++++++++++-- 4 files changed, 35 insertions(+), 2 deletions(-) diff --git a/.werks/3724 b/.werks/3724 new file mode 100644 index 0000000..f6f9590 --- /dev/null +++ b/.werks/3724 @@ -0,0 +1,9 @@ +Title: Password input fields: Added note about plain text storing (if done so) +Level: 1 +Component: wato +Compatible: compat +Version: 1.4.0i1 +Date: 1469620027 +Class: feature + + diff --git a/ChangeLog b/ChangeLog index ac16e0c..3326528 100644 --- a/ChangeLog +++ b/ChangeLog @@ -428,6 +428,7 @@ * 3553 SNMPv3 noAuthNoPriv: Fixed diagnostic page * 3154 added ability to retrieve passwords for active checks from a password store * 3667 Search expressions in host search can now be given as regexes... + * 3724 Password input fields: Added note about plain text storing (if done so) * 3060 FIX: Folder properties: Fixed exception when a user has no alias set... * 3062 FIX: Git integration: Fixed not adding files in WATO folders to git control * 3203 FIX: Distributed WATO: Fixed exception in remote host service discovery... diff --git a/web/htdocs/key_mgmt.py b/web/htdocs/key_mgmt.py index e35023d..203d623 100644 --- a/web/htdocs/key_mgmt.py +++ b/web/htdocs/key_mgmt.py @@ -253,6 +253,7 @@ class PageEditKey(object): title = _("Passphrase"), help = self._passphrase_help(), allow_empty = False, + is_stored_plain = False, )), ], optional_keys = False, @@ -376,6 +377,7 @@ class PageUploadKey(object): title = _("Passphrase"), help = self._passphrase_help(), allow_empty = False, + is_stored_plain = False, )), ("key_file", CascadingDropdown( title = _("Key"), @@ -468,6 +470,7 @@ class PageDownloadKey(object): Password( title = _("Passphrase"), allow_empty = False, + is_stored_plain = False, )), ], optional_keys = False, diff --git a/web/htdocs/valuespec.py b/web/htdocs/valuespec.py index 28779f6..1f9096c 100644 --- a/web/htdocs/valuespec.py +++ b/web/htdocs/valuespec.py @@ -3346,6 +3346,19 @@ class LDAPDistinguishedName(TextUnicode): class Password(TextAscii): def __init__(self, **kwargs): + self._is_stored_plain = kwargs.get("is_stored_plain", True) + + if self._is_stored_plain: + plain_help = _("The password entered here is stored in plain text within the " + "monitoring site. This usually needed because the monitoring " + "process needs to have access to the unencrypted password " + "because it needs to submit it to authenticate with remote systems. ") + + if "help" in kwargs: + kwargs["help"] += " " + plain_help + else: + kwargs["help"] = plain_help + TextAscii.__init__(self, attrencode = True, **kwargs) def render_input(self, varprefix, value): @@ -3356,6 +3369,10 @@ class Password(TextAscii): html.write(self._label) html.write(" ") html.password_input(varprefix, str(value), size = self._size) + if self._is_stored_plain: + html.write("%s" % _("Please note that this password is stored in plain " + "text.")) + def value_to_text(self, value): if value == None: @@ -3365,12 +3382,12 @@ class Password(TextAscii): -class PasswordSpec(TextAscii): +class PasswordSpec(Password): def __init__(self, **kwargs): self._hidden = kwargs.get('hidden', False) if self._hidden: kwargs["type"] = "password" - TextAscii.__init__(self, **kwargs) + Password.__init__(self, **kwargs) def render_input(self, varprefix, value): @@ -3381,6 +3398,9 @@ class PasswordSpec(TextAscii): if self._hidden: html.icon_button("#", _(u"Show/Hide password"), "showhide", onclick="vs_toggle_hidden(this);") + if self._is_stored_plain: + html.write("%s" % _("Please note that this password is stored in plain " + "text."))

8 years, 1 month

check_sql now supports using passwords from store

by Lars Michelsen

Module: check_mk Branch: master Commit: 795bdde23910e347685c4f06b3fc2027cc9505c5 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=795bdde23910e3… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Wed Jul 27 13:32:12 2016 +0200 check_sql now supports using passwords from store --- checks/check_sql | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/checks/check_sql b/checks/check_sql index d3c6ceb..b7d2cff 100644 --- a/checks/check_sql +++ b/checks/check_sql @@ -34,21 +34,22 @@ def check_sql_arguments(params): - args = " --hostname '$HOSTADDRESS$'" - args += " --dbms %s" % quote_shell_string(params["dbms"]) - args += " --name %s" % quote_shell_string(params["name"]) - args += " --user %s" % quote_shell_string(params["user"]) - args += passwordstore_get_cmdline(" --password=%s", params["password"]) + args = [] + + args += [ "--hostname='$HOSTADDRESS$'" ] + args += [ "--dbms=%s" % params["dbms"] ] + args += [ "--name=%s" % params["name"] ] + args += [ "--user=%s" % params["user"] ] + args += [ passwordstore_get_cmdline("--password=%s", params["password"]) ] if "port" in params: - args += " --port %s" % params["port"] + args += [ "--port=%s" % params["port"] ] if "procedure" in params: if "procedure" in params and "useprocs" in params["procedure"]: - args += " --procedure" + args += [ "--procedure" ] if "input" in params["procedure"]: - args += " --inputvars %s" \ - % quote_shell_string(params["procedure"]["input"]) + args += [ "--inputvars=%s" % params["procedure"]["input"] ] if "levels" in params: upper = params["levels"] @@ -61,15 +62,15 @@ def check_sql_arguments(params): lower = "", "" if "levels" in params or "levels_low" in params: - args += " -w %s:%s" % (lower[0], upper[0]) - args += " -c %s:%s" % (lower[1], upper[1]) + args += [ "-w", "%s:%s" % (lower[0], upper[0]) ] + args += [ "-c", "%s:%s" % (lower[1], upper[1]) ] if type(params["sql"]) == tuple: sql_tmp = params["sql"][-1] else: sql_tmp = params["sql"] - args += " %s" % quote_shell_string(sql_tmp.replace("\n", r"\n").replace(";", "\;")) + args += [ "%s" % sql_tmp.replace("\n", r"\n").replace(";", "\;") ] return args

8 years, 1 month

check_mailboxes now supports using passwords from store

by Lars Michelsen

Module: check_mk Branch: master Commit: ee0ed4cdc1d432930abf9b277fc14e82f58151c2 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=ee0ed4cdc1d432… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Wed Jul 27 13:24:57 2016 +0200 check_mailboxes now supports using passwords from store --- checks/check_mailboxes | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/checks/check_mailboxes b/checks/check_mailboxes index 38212cc..ff8e1d5 100644 --- a/checks/check_mailboxes +++ b/checks/check_mailboxes @@ -30,7 +30,7 @@ def check_mailboxes_arguments(params): fetch_params = params['imap_parameters'] if 'server' in fetch_params: - args.append('--server=%s' % quote_shell_string(fetch_params['server'])) + args.append('--server=%s' % fetch_params['server']) else: args.append('--server=$HOSTADDRESS$') @@ -43,7 +43,7 @@ def check_mailboxes_arguments(params): username, password = fetch_params['auth'] - args.append('--username=%s' % quote_shell_string(username)) + args.append('--username=%s' % username) args.append(passwordstore_get_cmdline("--password=%s", password)) if 'connect_timeout' in params: @@ -68,7 +68,7 @@ def check_mailboxes_arguments(params): for mb in params['mailboxes']: args.append('--mailbox=%s' % mb) - return " ".join(args) + return args active_check_info['mailboxes'] = {

8 years, 1 month

check_mail_loop now supports using passwords from store

by Lars Michelsen

Module: check_mk Branch: master Commit: 8a8575461f1bd2fab24520899e653e737b55abd1 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=8a8575461f1bd2… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Wed Jul 27 13:27:48 2016 +0200 check_mail_loop now supports using passwords from store --- checks/check_mail_loop | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/checks/check_mail_loop b/checks/check_mail_loop index bd7ba6a..6121d49 100644 --- a/checks/check_mail_loop +++ b/checks/check_mail_loop @@ -25,57 +25,57 @@ # Boston, MA 02110-1301 USA. def check_mail_loop_arguments(params): - args = '' + args = [] if 'smtp_server' in params: - args += ' --smtp-server=%s' % quote_shell_string(params['smtp_server']) + args += [ '--smtp-server=%s' % params['smtp_server'] ] else: - args += ' --smtp-server=$HOSTADDRESS$' + args += [ '--smtp-server=$HOSTADDRESS$' ] if 'imap_tls' in params: - args += ' --imap-tls' + args += [ '--imap-tls' ] if 'smtp_tls' in params: - args += ' --smtp-tls' + args += [ '--smtp-tls' ] if 'smtp_port' in params: - args += ' --smtp-port=%d' % params['smtp_port'] + args += [ '--smtp-port=%d' % params['smtp_port'] ] if 'smtp_auth' in params: - args += ' --smtp-username=%s' % quote_shell_string(params['smtp_auth'][0]) - args += passwordstore_get_cmdline(" --smtp-password=%s", params['smtp_auth'][1]) + args += [ '--smtp-username=%s' % params['smtp_auth'][0] ] + args += [ passwordstore_get_cmdline("--smtp-password=%s", params['smtp_auth'][1]) ] fetch_proto, fetch_params = params['fetch'] - args += ' --fetch-protocol=%s' % quote_shell_string(fetch_proto) + args += [ '--fetch-protocol=%s' % fetch_proto ] if 'server' in fetch_params: - args += ' --fetch-server=%s' % quote_shell_string(fetch_params['server']) + args += [ '--fetch-server=%s' % fetch_params['server'] ] else: - args += ' --fetch-server=$HOSTADDRESS$' + args += [ '--fetch-server=$HOSTADDRESS$' ] fetch_use_ssl, fetch_port = fetch_params['ssl'] if fetch_use_ssl: - args += ' --fetch-ssl' + args += [ '--fetch-ssl' ] if fetch_port != None: - args += ' --fetch-port=%d' % fetch_port + args += [ '--fetch-port=%d' % fetch_port ] - args += ' --fetch-username=%s' % quote_shell_string(fetch_params['auth'][0]) - args += passwordstore_get_cmdline(" --fetch-password=%s", fetch_params['auth'][1]) + args += [ '--fetch-username=%s' % fetch_params['auth'][0] ] + args += [ passwordstore_get_cmdline("--fetch-password=%s", fetch_params['auth'][1]) ] - args += ' --mail-from=%s' % quote_shell_string(params['mail_from']) - args += ' --mail-to=%s' % quote_shell_string(params['mail_to']) + args += [ '--mail-from=%s' % params['mail_from'] ] + args += [ '--mail-to=%s' % params['mail_to'] ] if 'connect_timeout' in params: - args += ' --connect-timeout=%d' % params['connect_timeout'] + args += [ '--connect-timeout=%d' % params['connect_timeout'] ] if 'delete_messages' in params: - args += ' --delete-messages' + args += [ '--delete-messages' ] - args += ' --status-suffix=%s' % quote_shell_string(g_hostname + '-' + params['item']) + args += [ '--status-suffix=%s' % (g_hostname + '-' + params['item']) ] if 'duration' in params: - args += ' --warning=%d' % params['duration'][0] - args += ' --critical=%d' % params['duration'][1] + args += [ '--warning=%d' % params['duration'][0] ] + args += [ '--critical=%d' % params['duration'][1] ] return args

8 years, 1 month

Fixed password deletion and improved confirm message

by Lars Michelsen

Module: check_mk Branch: master Commit: 96b56b6ace8ae2d1cdb7737060003e5b0546bb6f URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=96b56b6ace8ae2… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Wed Jul 27 13:23:24 2016 +0200 Fixed password deletion and improved confirm message --- web/htdocs/wato.py | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py index c608063..c469f7c 100644 --- a/web/htdocs/wato.py +++ b/web/htdocs/wato.py @@ -15243,20 +15243,26 @@ class ModePasswords(WatoMode, PasswordStore): if not html.transaction_valid(): return - if action == "delete": - if wato_confirm(_("Do you really want to delete this password?")): - html.check_transaction() # invalidate transid + confirm = wato_confirm(_("Confirm deletion of password"), + _("The password may be used in checks. If you delete the password, the " + "checks won't be able to authenticate with this password anymore." + " Do you really want to delete this password?")) + if confirm == False: + return False + + elif confirm: + html.check_transaction() # invalidate transid - passwords = self._load_for_modification() + passwords = self._load_for_modification() - ident = html.var("_delete") - if ident not in passwords: - raise MKUserError("ident", _("This password does not exist.")) + ident = html.var("_delete") + if ident not in passwords: + raise MKUserError("ident", _("This password does not exist.")) - del passwords[ident] - self._save(passwords) + del passwords[ident] + self._save(passwords) - return None, _("The password has been deleted.") + return None, _("The password has been deleted.") def page(self):

8 years, 1 month

check_email can now also use stored passwords

by Lars Michelsen

Module: check_mk Branch: master Commit: 84f0a3533bd7bf8feca9c11345d93f122a57c9a1 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=84f0a3533bd7bf… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Wed Jul 27 13:17:12 2016 +0200 check_email can now also use stored passwords --- checks/check_mail | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/checks/check_mail b/checks/check_mail index a76aa11..e6c6faf 100644 --- a/checks/check_mail +++ b/checks/check_mail @@ -25,54 +25,54 @@ # Boston, MA 02110-1301 USA. def check_mail_arguments(params): - args = '' + args = [] fetch_proto, fetch_params = params['fetch'] - args += ' --protocol=%s' % quote_shell_string(fetch_proto) + args += [ '--protocol=%s' % fetch_proto ] if 'server' in fetch_params: - args += ' --server=%s' % quote_shell_string(fetch_params['server']) + args += [ '--server=%s' % fetch_params['server'] ] else: - args += ' --server=$HOSTADDRESS$' + args += [ '--server=$HOSTADDRESS$' ] fetch_use_ssl, fetch_port = fetch_params['ssl'] if fetch_use_ssl: - args += ' --ssl' + args += [ '--ssl' ] if fetch_port != None: - args += ' --port=%d' % fetch_port + args += [ '--port=%d' % fetch_port ] - args += ' --username=%s' % quote_shell_string(fetch_params['auth'][0]) - args += passwordstore_get_cmdline(" --password=%s", fetch_params['auth'][1]) + args += [ '--username=%s' % fetch_params['auth'][0] ] + args += [ passwordstore_get_cmdline("--password=%s", fetch_params['auth'][1]) ] if 'connect_timeout' in params: - args += ' --connect-timeout=%d' % params['connect_timeout'] + args += [ '--connect-timeout=%d' % params['connect_timeout'] ] if 'forward' in params: forward = params['forward'] - args += ' --forward-ec' + args += [ '--forward-ec' ] if 'method' in forward: - args += ' --forward-method=%s' % quote_shell_string(forward['method']) + args += [ '--forward-method=%s' % forward['method'] ] if 'match_subject' in forward: - args += ' --match-subject=%s' % quote_shell_string(forward['match_subject']) + args += [ '--match-subject=%s' % forward['match_subject'] ] if 'facility' in forward: - args += ' --forward-facility=%d' % forward['facility'] + args += [ '--forward-facility=%d' % forward['facility'] ] if 'host' in forward: - args += ' --forward-host=%s' % quote_shell_string(forward['host']) + args += [ '--forward-host=%s' % forward['host'] ] if forward.get('application'): - args += ' --forward-app=%s' % quote_shell_string(forward['application']) + args += [ '--forward-app=%s' % forward['application'] ] if 'body_limit' in forward: - args += ' --body-limit=%d' % forward['body_limit'] + args += [ '--body-limit=%d' % forward['body_limit'] ] if 'cleanup' in forward: if forward['cleanup'] == True: - args += ' --cleanup=delete' + args += [ '--cleanup=delete' ] else: - args += ' --cleanup=%s' % quote_shell_string(forward['cleanup']) + args += [ '--cleanup=%s' % forward['cleanup'] ] return args

8 years, 1 month

Added password start index to pwstore arguments

by Lars Michelsen

Module: check_mk Branch: master Commit: a1311422a35a207a2b8d450cec0597ffaf2ad284 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=a1311422a35a20… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Wed Jul 27 13:19:28 2016 +0200 Added password start index to pwstore arguments --- modules/check_mk.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/check_mk.py b/modules/check_mk.py index aaa4b69..b6a3143 100755 --- a/modules/check_mk.py +++ b/modules/check_mk.py @@ -557,8 +557,9 @@ def active_check_arguments(hostname, description, args): (pw_ident, description, hostname)) password = "%%%" + pw_start_index = str(preformated_arg.index("%s")) formated.append(quote_shell_string(preformated_arg % ("*" * len(password)))) - passwords.append((str(len(formated)), pw_ident)) + passwords.append((str(len(formated)), pw_start_index, pw_ident)) else: raise MKGeneralException("Invalid argument for command line: %s" % arg)

8 years, 1 month

← Newer
1
2
3
4
5
6
7
...
22
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Checkmk git commits July 2016