Module: check_mk
Branch: master
Commit: 0b0935c844365f55630dc3fe9923e579a88a585b
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=0b0935c844365f…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Jul 17 08:35:14 2018 +0200
Fixed possible broken GUI cron jobs when no user is authenticated
The cron job page handler, which is a "not authenticated" call, is
now being initialized with the super user context which means that
the following code is permitted for all GUI permissions.
Single jobs may change the user contexts as before, depending on
their needs.
Change-Id: I33b111d28584d452a125f18c7730215071c087d9
---
cmk/gui/cron.py | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/cmk/gui/cron.py b/cmk/gui/cron.py
index 9565d5d..4996aef 100644
--- a/cmk/gui/cron.py
+++ b/cmk/gui/cron.py
@@ -34,6 +34,7 @@ import cmk.store as store
import cmk.gui.utils as utils
import cmk.gui.i18n
import cmk.gui.pages
+import cmk.gui.config as config
from cmk.gui.globals import html
from cmk.gui.log import logger
from cmk.gui.exceptions import MKGeneralException
@@ -75,6 +76,13 @@ def page_run_cron():
file(lock_file, "w") # touches the file
store.aquire_lock(lock_file)
+ # The cron page is accessed unauthenticated. After leaving the page_run_cron area
+ # into the job functions we always want to have a user context initialized to keep
+ # the code free from special cases (if no user logged in, then...).
+ # The jobs need to be run in privileged mode in general. Some jobs, like the network
+ # scan, switch the user context to a specific other user during execution.
+ config.set_super_user()
+
logger.debug("Starting cron jobs")
for cron_job in multisite_cronjobs: