Module: check_mk
Branch: master
Commit: cbe4bcbf81f607733adb54420af062372ec937dd
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=cbe4bcbf81f607…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Feb 18 22:02:59 2019 +0100
7090 SEC Automatically lock users after 10 subsequent logon failures
Sites created with Check_MK 1.6 will be configured to automatically lock user
accounts that fail to log in 10 times in a row. Existing sites will not be
affected by this change.
Check_MK already had the option to configure this feature for a long time. It
can be customized using the global setting "Lock user accounts after N logon
failures". If you have configured this in your setup, your setting is left
untouched.
To unlock automatically locked users, you need to login as administrative user
and disable the option "Disable password" for this user. In case your
administrative account was locked out, you will have to reset the password
of your account (using <tt>htpasswd -m ~/etc/htpasswd [user-id]</tt>).
CMK-1083
Change-Id: I2c1f6a5560b0d537acbf3be735ef9d9b2e3a4f0b
---
.werks/7090 | 22 ++++++++++++++++++++++
cmk/gui/watolib/__init__.py | 1 +
2 files changed, 23 insertions(+)
diff --git a/.werks/7090 b/.werks/7090
new file mode 100644
index 0000000..ed13924
--- /dev/null
+++ b/.werks/7090
@@ -0,0 +1,22 @@
+Title: Automatically lock users after 10 subsequent logon failures
+Level: 1
+Component: multisite
+Compatible: compat
+Edition: cre
+Version: 1.6.0i1
+Date: 1550523202
+Class: security
+
+Sites created with Check_MK 1.6 will be configured to automatically lock user
+accounts that fail to log in 10 times in a row. Existing sites will not be
+affected by this change.
+
+Check_MK already had the option to configure this feature for a long time. It
+can be customized using the global setting "Lock user accounts after N logon
+failures". If you have configured this in your setup, your setting is left
+untouched.
+
+To unlock automatically locked users, you need to login as administrative user
+and disable the option "Disable password" for this user. In case your
+administrative account was locked out, you will have to reset the password
+of your account (using <tt>htpasswd -m ~/etc/htpasswd [user-id]</tt>).
diff --git a/cmk/gui/watolib/__init__.py b/cmk/gui/watolib/__init__.py
index 399d214..096d96a 100644
--- a/cmk/gui/watolib/__init__.py
+++ b/cmk/gui/watolib/__init__.py
@@ -422,6 +422,7 @@ def _create_sample_config():
],
"enable_rulebased_notifications": True,
"ui_theme": "facelift",
+ "lock_on_logon_failures": 10,
})
# A contact group for all hosts and services
Module: check_mk
Branch: master
Commit: 15cb695948ba3f3285b537533f312c835aa9fec0
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=15cb695948ba3f…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Feb 18 22:18:50 2019 +0100
Extracted helper function to untie variable scopes
Change-Id: I4ace65cb898bb17857db71a0c66e0cff2afcb050
---
omd/packages/omd/omdlib/main.py | 90 +++++++++++++++++++++--------------------
1 file changed, 46 insertions(+), 44 deletions(-)
diff --git a/omd/packages/omd/omdlib/main.py b/omd/packages/omd/omdlib/main.py
index 1bec114..585362b 100644
--- a/omd/packages/omd/omdlib/main.py
+++ b/omd/packages/omd/omdlib/main.py
@@ -1074,52 +1074,10 @@ def patch_template_file(src, dst, old_site, new_site):
def merge_update_file(site, relpath, old_version, new_version):
fn = tty_bold + relpath + tty_normal
- replacements = site.replacements
user_path = site.dir + "/" + relpath
permissions = os.stat(user_path).st_mode
- def try_merge():
- for version, skelroot in [(old_version, site.version_skel_dir),
- (new_version, "/omd/versions/%s/skel" % version)]:
- p = "%s/%s" % (skelroot, relpath)
- while True:
- try:
- skel_content = file(p).read()
- break
- except:
- # Do not ask the user in non-interactive mode.
- if opt_conflict in ["abort", "install"]:
- bail_out("Skeleton file '%s' of version %s not readable." % (p, version))
- elif opt_conflict == "keepold" or not user_confirms(
- site, "Skeleton file of version %s not readable" % version,
- "The file '%s' is not readable for the site user. "
- "This is most probably due a bug in release 0.42. "
- "You can either fix that problem by making the file "
- "readable with doing as root: chmod +r '%s' "
- "or assume the file as empty. In that case you might "
- "damage your configuration file "
- "in case you have made changes to it in your site. What shall we do?" %
- (p, p), relpath, "retry", "Retry reading the file (after you've fixed it)",
- "ignore", "Assume the file to be empty"):
- skel_content = ""
- break
- file("%s-%s" % (user_path, version), "w").write(
- replace_tags(skel_content, replacements))
- version_patch = os.popen( # nosec
- "diff -u %s-%s %s-%s" % (user_path, old_version, user_path, new_version)).read()
-
- # First try to merge the changes in the version into the users' file
- merge = '--merge' if patch_has_merge() else ''
- f = os.popen( # nosec
- "PATH=/omd/versions/default/bin:$PATH patch --force --backup --forward --silent %s %s >/dev/null"
- % (merge, user_path), "w")
- f.write(version_patch)
- status = f.close()
- if status:
- return status / 256
- return 0
-
- if try_merge() == 0:
+ if _try_merge(site, relpath, old_version, new_version) == 0:
# ACHTUNG: Hier müssen die Dateien $DATEI-alt, $DATEI-neu und $DATEI.orig
# gelöscht werden
sys.stdout.write(StateMarkers.good + " Merged %s\n" % fn)
@@ -1202,7 +1160,7 @@ def merge_update_file(site, relpath, old_version, new_version):
elif choice == "try again":
os.rename(user_path + ".orig", user_path)
os.system("%s '%s'" % (editor, user_path)) # nosec
- if try_merge() == 0:
+ if _try_merge(site, relpath, old_version, new_version) == 0:
sys.stdout.write("Successfully merged changes from %s -> %s into %s\n" %
(old_version, new_version, fn))
return
@@ -1228,6 +1186,50 @@ def merge_update_file(site, relpath, old_version, new_version):
pass
+def _try_merge(site, relpath, old_version, new_version):
+ user_path = site.dir + "/" + relpath
+
+ for version, skelroot in [(old_version, site.version_skel_dir),
+ (new_version, "/omd/versions/%s/skel" % new_version)]:
+ p = "%s/%s" % (skelroot, relpath)
+ while True:
+ try:
+ skel_content = file(p).read()
+ break
+ except:
+ # Do not ask the user in non-interactive mode.
+ if opt_conflict in ["abort", "install"]:
+ bail_out("Skeleton file '%s' of version %s not readable." % (p, version))
+ elif opt_conflict == "keepold" or not user_confirms(
+ site, "Skeleton file of version %s not readable" % version,
+ "The file '%s' is not readable for the site user. "
+ "This is most probably due a bug in release 0.42. "
+ "You can either fix that problem by making the file "
+ "readable with doing as root: chmod +r '%s' "
+ "or assume the file as empty. In that case you might "
+ "damage your configuration file "
+ "in case you have made changes to it in your site. What shall we do?" %
+ (p, p), relpath, "retry", "Retry reading the file (after you've fixed it)",
+ "ignore", "Assume the file to be empty"):
+ skel_content = ""
+ break
+ file("%s-%s" % (user_path, version), "w").write(
+ replace_tags(skel_content, site.replacements))
+ version_patch = os.popen( # nosec
+ "diff -u %s-%s %s-%s" % (user_path, old_version, user_path, new_version)).read()
+
+ # First try to merge the changes in the version into the users' file
+ merge = '--merge' if patch_has_merge() else ''
+ f = os.popen( # nosec
+ "PATH=/omd/versions/default/bin:$PATH patch --force --backup --forward --silent %s %s >/dev/null"
+ % (merge, user_path), "w")
+ f.write(version_patch)
+ status = f.close()
+ if status:
+ return status / 256
+ return 0
+
+
# Compares two files and returns infos wether the file type or contants have changed """
def file_status(site, source_path, target_path):
source_type = filetype(source_path)
Module: check_mk
Branch: master
Commit: 6a0795f352e826430acb2d83eb1701b6ca678dc0
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=6a0795f352e826…
Author: Andreas Umbreit <au(a)mathias-kettner.de>
Date: Mon Feb 18 17:04:53 2019 +0100
CMK-1544: Fix typos in Werk
Change-Id: Ic33424b828fa1d162b53bf4cf2a0c2dee13bec1d
---
.werks/7164 | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/.werks/7164 b/.werks/7164
index 4f950ed..c0c885d 100644
--- a/.werks/7164
+++ b/.werks/7164
@@ -15,9 +15,8 @@ This was particularly noticeable when running the agent updater under Windows,
because the agent updater would fail to start over again, showing an error
like <code>copying plugins\cmk-update-agent.exe to temp\cmk-update-agent.exe failed</code>.
-The agent updater now will cancel the connection if it freezes.<br>
-or if the connection freezes. The timeout limit is set to 120 seconds.<br>
-This timeout handling does not limit the overall connection time.<br>
+The agent updater now will cancel the connection if it freezes. The timeout
+limit is set to 120 seconds. This handling does not limit the overall connection time.<br>
For a detailled explenation have a look at the <i>Timeouts</i> paragraph at the
<a href="http://docs.python-requests.org">requests documentation</a>!
Module: check_mk
Branch: master
Commit: da48b17bc764af50c2e50bcadd0653591515e7d6
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=da48b17bc764af…
Author: Andreas Umbreit <au(a)mathias-kettner.de>
Date: Mon Feb 18 16:33:06 2019 +0100
CMK-1544: Make the meaning of the timeout constant clearer
Change-Id: I03ba5b0e5623596deec428b9b697c1de1573082d
---
.werks/7164 | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/.werks/7164 b/.werks/7164
index be88e4c..4f950ed 100644
--- a/.werks/7164
+++ b/.werks/7164
@@ -15,9 +15,11 @@ This was particularly noticeable when running the agent updater under Windows,
because the agent updater would fail to start over again, showing an error
like <code>copying plugins\cmk-update-agent.exe to temp\cmk-update-agent.exe failed</code>.
-The agent updater now will cancel the connection if there is a connection timeout detected
+The agent updater now will cancel the connection if it freezes.<br>
or if the connection freezes. The timeout limit is set to 120 seconds.<br>
-This timeout handling does not limit the overall connection time.
+This timeout handling does not limit the overall connection time.<br>
+For a detailled explenation have a look at the <i>Timeouts</i> paragraph at the
+<a href="http://docs.python-requests.org">requests documentation</a>!
Please note: This timeout is only active for connections handled by python-requests.<br>
This fix won't apply if you are running the agent updater using cURL.
Module: check_mk
Branch: master
Commit: 840363b569e123166e2924bfb529c36250b8194a
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=840363b569e123…
Author: Sergey Kipnis <sk(a)mathias-kettner.de>
Date: Mon Feb 18 11:53:46 2019 +0100
[CMK-1647] - integration tests should work nice now
- almost all values from WMI now are positive
Change-Id: Iccf1faa762d74cbd4045c61aa78a2c6a135dfddf
---
agents/windows/wmiHelper.cc | 28 +++++++++++++++++++++++++++-
1 file changed, 27 insertions(+), 1 deletion(-)
diff --git a/agents/windows/wmiHelper.cc b/agents/windows/wmiHelper.cc
index fbfc52b..482f8b2 100644
--- a/agents/windows/wmiHelper.cc
+++ b/agents/windows/wmiHelper.cc
@@ -291,6 +291,28 @@ bool Variant::get() const {
}
}
+// this is original and weird function from the Agent.
+// Used to avoid negative numbers in output. Sometimes.
+// And satisfy integration tests.
+// Microsoft is stupid, because VT_I4 must be interpreted as UNSIGNED sometimes.
+// ******************************************************************
+// We will use this function in LA just to satisfy integration tests.
+// #TODO rename this function to something more clear
+template <>
+int64_t Variant::get() const {
+ switch (_value.vt) {
+ case VT_I1: // has a char
+ return _value.iVal; // load short
+ case VT_I2: // has a short
+ return _value.intVal; // load int32
+ case VT_I4: // has a int32
+ return _value.llVal; // load in64
+ default:
+ throw ComTypeException(string("wrong value type requested: ") +
+ to_string(_value.vt));
+ }
+}
+
template <>
int32_t Variant::get() const {
switch (_value.vt) {
@@ -385,7 +407,11 @@ wstring Variant::get() const {
case VT_I1:
case VT_I2:
case VT_I4:
- return std::to_wstring(get<int32_t>());
+ // call of *weird* function:
+ // in fact it is abs(_value) with extremely high probability
+ // We have to use by default uint64_t, because almost all WMI are
+ // defined as unsigned.
+ return std::to_wstring(get<int64_t>());
case VT_UI1:
case VT_UI2:
case VT_UI4:
Module: check_mk
Branch: master
Commit: cffd55a2bb72b2e5159ba7f3fe1e13ed9145a55e
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=cffd55a2bb72b2…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Feb 18 14:35:39 2019 +0100
Cleanup module global state cmk.gui.plugins.views.utils.painter_options
The PainterOptions object deals with view (request) specific information
which should never be stored in module scope. As intermediate solution
we store the object in current_app.g["painter_options"].
A better solution would be to create a "view instance" object that holds
the painter options object as helper. This would need a bigger
restructuring of the views code, which we can not focus on at the
moment.
CMK-1626
Change-Id: I6edd86d7c798417c468b0bca5a5b883249ff9667
---
cmk/gui/mobile.py | 13 +++++++++----
cmk/gui/plugins/dashboard/view.py | 4 +++-
cmk/gui/plugins/views/__init__.py | 2 +-
cmk/gui/plugins/views/bi.py | 3 ++-
cmk/gui/plugins/views/inventory.py | 3 ++-
cmk/gui/plugins/views/layouts.py | 4 +++-
cmk/gui/plugins/views/mobile.py | 5 ++++-
cmk/gui/plugins/views/painters.py | 3 ++-
cmk/gui/plugins/views/utils.py | 21 ++++++++++++---------
cmk/gui/views.py | 22 ++++++++++++++--------
10 files changed, 52 insertions(+), 28 deletions(-)
Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=cffd55a2bb…