Module: check_mk
Branch: master
Commit: ce645d08724a1751c4f44593092021e8568a173e
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=ce645d08724a17…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Jan 14 15:56:18 2013 +0100
ldap: improved filtering of unwanted ldap_search() responses
---
ChangeLog | 1 +
web/plugins/userdb/ldap.py | 3 ++-
2 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 2ebd6a7..06a6832 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -22,6 +22,7 @@
* Add: New user_options to limit seen nagios objects even the role is set to see all
* FIX: LDAP: Fixed problem with special chars in LDAP queries when having
contactgroup sync plugin enabled
+ * LDAP: Role sync plugin validates the given group DNs with the group base dn now
1.2.1i4:
Core:
diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py
index dffc276..cecafc7 100644
--- a/web/plugins/userdb/ldap.py
+++ b/web/plugins/userdb/ldap.py
@@ -194,6 +194,8 @@ def ldap_search(base, filt = '(objectclass=*)', columns = [], scope = None):
result = []
try:
for dn, obj in ldap_connection.search_s(base, scope, filt, columns):
+ if dn is None:
+ continue # skip unwanted answers
new_obj = {}
for key, val in obj.iteritems():
new_obj[key.lower().decode('utf-8')] = [ i.decode('utf-8') for i in val ]
@@ -282,7 +284,6 @@ def ldap_user_groups(username, attr = 'cn'):
# Apply configured group ldap filter and only reply with groups
# having the current user as member
filt = '(&%s(member=%s))' % (ldap_filter('groups'), ldap.filter.escape_filter_chars(user_dn))
-
# First get all groups
groups = []
for dn, group in ldap_search(ldap_replace_macros(config.ldap_groupspec['dn']),
Module: check_mk
Branch: master
Commit: 9e26de7e394be74fd03c3ab315f773e7b8cd677d
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=9e26de7e394be7…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Jan 14 15:42:28 2013 +0100
LDAP: Role sync plugin validates the given group DNs with the group base dn now
---
web/htdocs/valuespec.py | 6 ++++++
web/plugins/userdb/ldap.py | 5 ++++-
2 files changed, 10 insertions(+), 1 deletions(-)
diff --git a/web/htdocs/valuespec.py b/web/htdocs/valuespec.py
index 030b553..0b985db 100644
--- a/web/htdocs/valuespec.py
+++ b/web/htdocs/valuespec.py
@@ -2144,6 +2144,7 @@ class Transform(ValueSpec):
class LDAPDistinguishedName(TextAscii):
def __init__(self, **kwargs):
TextAscii.__init__(self, **kwargs)
+ self.enforce_suffix = kwargs.get('enforce_suffix')
def validate_value(self, value, varprefix):
TextAscii.validate_value(self, value, varprefix)
@@ -2152,6 +2153,11 @@ class LDAPDistinguishedName(TextAscii):
if value and 'dc=' not in value.lower():
raise MKUserError(varprefix, _('Found no "dc=" (Domain Component).'))
+ # Check wether or not the given DN is below a base DN
+ if self.enforce_suffix and value and not value.lower().endswith(self.enforce_suffix.lower()):
+ raise MKUserError(varprefix, _('Does not ends with "%s".') % self.enforce_suffix)
+
+
class Password(TextAscii):
def __init__(self, **kwargs):
TextAscii.__init__(self, attrencode = True, **kwargs)
diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py
index 612ded4..dffc276 100644
--- a/web/plugins/userdb/ldap.py
+++ b/web/plugins/userdb/ldap.py
@@ -500,8 +500,11 @@ def ldap_list_roles_with_group_dn():
for role_id, role in load_roles().items():
elements.append((role_id, LDAPDistinguishedName(
title = role['alias'] + ' - ' + _("Specify the Group DN"),
- help = _("Distinguished Name of the LDAP group to add users this role."),
+ help = _("Distinguished Name of the LDAP group to add users this role. This group must "
+ "be defined within the scope of the "
+ "<a href=\"wato.py?mode=edit_configvar&varname=ldap_groupspec\">LDAP Group Settings</a>."),
size = 80,
+ enforce_suffix = ldap_replace_macros(config.ldap_groupspec['dn']),
)))
return elements
Module: check_mk
Branch: master
Commit: 2925b76af056dee608ac1cf6a1c737f181b8faab
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=2925b76af056de…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Jan 14 16:43:03 2013 +0100
Fixed exception in case of non existing rowselection directory
---
web/htdocs/weblib.py | 13 ++++++++-----
1 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/web/htdocs/weblib.py b/web/htdocs/weblib.py
index b36874a..e2db673 100644
--- a/web/htdocs/weblib.py
+++ b/web/htdocs/weblib.py
@@ -104,11 +104,14 @@ def cleanup_old_selections():
# the current time and delete the selection file when it is older than
# the livetime.
path = config.user_confdir + '/rowselection'
- for f in os.listdir(path):
- if f[1] != '.' and f.endswith('.mk'):
- p = path + '/' + f
- if time.time() - os.stat(p).st_mtime > config.selection_livetime:
- os.unlink(p)
+ try:
+ for f in os.listdir(path):
+ if f[1] != '.' and f.endswith('.mk'):
+ p = path + '/' + f
+ if time.time() - os.stat(p).st_mtime > config.selection_livetime:
+ os.unlink(p)
+ except OSError:
+ pass # no directory -> no cleanup
# Generates a selection id or uses the given one
def selection_id():
Module: check_mk
Branch: master
Commit: f217fed3ef723dcc4d802e2ba81c8e10bbe002b2
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=f217fed3ef723d…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Jan 14 16:29:31 2013 +0100
LDAP: Improved error handling in case of misconfigurations
---
ChangeLog | 1 +
web/plugins/userdb/ldap.py | 9 +++++++++
2 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 06a6832..0239d36 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,6 +23,7 @@
* FIX: LDAP: Fixed problem with special chars in LDAP queries when having
contactgroup sync plugin enabled
* LDAP: Role sync plugin validates the given group DNs with the group base dn now
+ * LDAP: Improved error handling in case of misconfigurations
1.2.1i4:
Core:
diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py
index cecafc7..0742ee2 100644
--- a/web/plugins/userdb/ldap.py
+++ b/web/plugins/userdb/ldap.py
@@ -200,6 +200,12 @@ def ldap_search(base, filt = '(objectclass=*)', columns = [], scope = None):
for key, val in obj.iteritems():
new_obj[key.lower().decode('utf-8')] = [ i.decode('utf-8') for i in val ]
result.append((dn, new_obj))
+ except ldap.NO_SUCH_OBJECT, e:
+ raise MKLDAPException(_('The given base object "%s" does not exist in LDAP (%s))') % (base, e))
+
+ except ldap.FILTER_ERROR, e:
+ raise MKLDAPException(_('The given ldap filter "%s" is invalid (%s)') % (filt, e))
+
except ldap.SIZELIMIT_EXCEEDED:
raise MKLDAPException(_('The response reached a size limit. This could be due to '
'a sizelimit configuration on the LDAP server.<br />Throwing away the '
@@ -271,6 +277,9 @@ def ldap_get_users(add_filter = None):
result = {}
for dn, ldap_user in ldap_search(ldap_replace_macros(config.ldap_userspec['dn']),
filt, columns = columns):
+ if ldap_user_id_attr() not in ldap_user:
+ raise MKLDAPException(_('The configured User-ID attribute "%s" does not '
+ 'exist for the user "%s"') % (ldap_user_id_attr(), dn))
user_id = ldap_user[ldap_user_id_attr()][0]
result[user_id] = ldap_user
Module: check_mk
Branch: master
Commit: deb303f30c6d1d302d2efa15498612165c617036
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=deb303f30c6d1d…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Jan 14 15:29:25 2013 +0100
LDAP: Fixed problem with special chars in LDAP queries when having contactgroup sync plugin enabled
---
ChangeLog | 2 ++
web/plugins/userdb/ldap.py | 2 +-
2 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 7d8a0c5..2ebd6a7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,8 @@
* Storing row selections in user files, cleaned up row selection
handling to single files. Cleaned up GET/POST mixups in confirm dialogs
* Add: New user_options to limit seen nagios objects even the role is set to see all
+ * FIX: LDAP: Fixed problem with special chars in LDAP queries when having
+ contactgroup sync plugin enabled
1.2.1i4:
Core:
diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py
index 3c99af3..612ded4 100644
--- a/web/plugins/userdb/ldap.py
+++ b/web/plugins/userdb/ldap.py
@@ -281,7 +281,7 @@ def ldap_user_groups(username, attr = 'cn'):
# Apply configured group ldap filter and only reply with groups
# having the current user as member
- filt = '(&%s(member=%s))' % (ldap_filter('groups'), user_dn)
+ filt = '(&%s(member=%s))' % (ldap_filter('groups'), ldap.filter.escape_filter_chars(user_dn))
# First get all groups
groups = []
Module: check_mk
Branch: master
Commit: c08aef3b4eaec08e1ddcb5a09ba6ae95bd960a7b
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=c08aef3b4eaec0…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Mon Jan 14 10:15:27 2013 +0100
should_show_command_form returns false if nothing found
---
web/htdocs/views.py | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/web/htdocs/views.py b/web/htdocs/views.py
index c4b7774..5151c4d 100644
--- a/web/htdocs/views.py
+++ b/web/htdocs/views.py
@@ -2038,6 +2038,8 @@ def should_show_command_form(display_options, datasource):
if what in command["tables"] and config.may(command["permission"]):
return True
+ return False
+
def show_command_form(is_open, datasource):
# What commands are available depends on the Livestatus table we
# deal with. If a data source provides information about more
Module: check_mk
Branch: master
Commit: 2af2c964e30ade9a521c8418b47617f998444178
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=2af2c964e30ade…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Fri Jan 11 12:29:49 2013 +0100
Updated bug entries #0868
---
.bugs/868 | 18 ++++++++++++++++--
1 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/.bugs/868 b/.bugs/868
index 2dc3f25..7ba73b4 100644
--- a/.bugs/868
+++ b/.bugs/868
@@ -1,10 +1,24 @@
Title: Distributed WATO setup - error message during setting up slaves
Component: wato
-State: open
+Class: bug
+State: works4me
Date: 2012-10-26 08:38:47
Targetversion: 1.2.2
-Class: bug
In current version, when setting up the local site and a slave site in the main site,
the main site reports that it is not the "preferred peer" while there is no peer setup.
Seems like the naming of the site is somewhat relevant here.
+
+2013-01-11 12:29:43: changed state open -> works4me
+Just tested - works
+Creating a site setup:
+ - add local site
+ Connection: connect to the local site
+ URL Prefix: http://localhost/heute
+ - add slave site
+ Connection: unixsocket
+ URL Prefix: http://localhost/sklave
+
+ Set slave site replication method to "slave"
+
+-> works like a charm