servicegroups tables in NEB
Message-ID: <591180ba.OCHVwdkyTvWRbebu%sp(a)mathias-kettner.de>
User-Agent: Heirloom mailx 12.5 6/20/10
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Module: check_mk
Branch: master
Commit: df707d7cdff5915d49f32ae691228c9da64b7391
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=df707d7cdff591…
Author: Sven Panne <sp(a)mathias-kettner.de>
Date: Tue May 9 10:34:26 2017 +0200
4686 FIX FIX Fixed "loose" authorization for hostgroups/servicegroups tables in
NEB
The "loose" authorization mode for hostgroups/servicegroups tables was
effectively non-existent: It always authorized all contacts. This has been
fixed, so you see only the intended rows now. Note that this only affected
the NEB, not the Check_MK Micro Core.
Change-Id: I51cea655c5851478624cabeea3b39666ddc52fa8
---
.werks/4686 | 13 +++++++++++++
livestatus/src/TableHostGroups.cc | 28 +++++++++++++++++++---------
livestatus/src/TableServiceGroups.cc | 27 +++++++++++++++++++--------
3 files changed, 51 insertions(+), 17 deletions(-)
diff --git a/.werks/4686 b/.werks/4686
new file mode 100644
index 0000000..7c314df
--- /dev/null
+++ b/.werks/4686
@@ -0,0 +1,13 @@
+Title: FIX Fixed "loose" authorization for hostgroups/servicegroups tables in
NEB
+Level: 1
+Component: livestatus
+Compatible: compat
+Edition: cre
+Version: 1.5.0i1
+Date: 1494318466
+Class: fix
+
+The "loose" authorization mode for hostgroups/servicegroups tables was
+effectively non-existent: It always authorized all contacts. This has been
+fixed, so you see only the intended rows now. Note that this only affected
+the NEB, not the Check_MK Micro Core.
diff --git a/livestatus/src/TableHostGroups.cc b/livestatus/src/TableHostGroups.cc
index f6786ac..8ec8fe5 100644
--- a/livestatus/src/TableHostGroups.cc
+++ b/livestatus/src/TableHostGroups.cc
@@ -190,16 +190,26 @@ bool TableHostGroups::isAuthorized(Row row, contact *ctc) {
return false;
}
- auto hg = rowData<hostgroup>(row);
- for (hostsmember *mem = hg->members; mem != nullptr; mem = mem->next) {
- host *hst = mem->host_ptr;
- bool is = is_authorized_for(ctc, hst, nullptr);
- if (is && g_group_authorization == AuthorizationKind::loose) {
- return true;
+ auto has_contact = [=](hostsmember *mem) {
+ return is_authorized_for(ctc, mem->host_ptr, nullptr);
+ };
+ if (g_group_authorization == AuthorizationKind::loose) {
+ // TODO(sp) Need an iterator here, "loose" means "any_of"
+ for (hostsmember *mem = rowData<hostgroup>(row)->members;
+ mem != nullptr; mem = mem->next) {
+ if (has_contact(mem)) {
+ return true;
+ }
}
- if (!is && g_group_authorization == AuthorizationKind::strict) {
- return false;
+ return false;
+ } else {
+ // TODO(sp) Need an iterator here, "strict" means "all_of"
+ for (hostsmember *mem = rowData<hostgroup>(row)->members;
+ mem != nullptr; mem = mem->next) {
+ if (!has_contact(mem)) {
+ return false;
+ }
}
+ return true;
}
- return true;
}
diff --git a/livestatus/src/TableServiceGroups.cc b/livestatus/src/TableServiceGroups.cc
index 8392319..b4598fc 100644
--- a/livestatus/src/TableServiceGroups.cc
+++ b/livestatus/src/TableServiceGroups.cc
@@ -152,16 +152,27 @@ bool TableServiceGroups::isAuthorized(Row row, contact *ctc) {
return false;
}
- auto sg = rowData<servicegroup>(row);
- for (servicesmember *mem = sg->members; mem != nullptr; mem = mem->next) {
+ auto has_contact = [=](servicesmember *mem) {
service *svc = mem->service_ptr;
- bool is = is_authorized_for(ctc, svc->host_ptr, svc);
- if (is && g_group_authorization == AuthorizationKind::loose) {
- return true;
+ return is_authorized_for(ctc, svc->host_ptr, svc);
+ };
+ if (g_group_authorization == AuthorizationKind::loose) {
+ // TODO(sp) Need an iterator here, "loose" means "any_of"
+ for (servicesmember *mem = rowData<servicegroup>(row)->members;
+ mem != nullptr; mem = mem->next) {
+ if (has_contact(mem)) {
+ return true;
+ }
}
- if (!is && g_group_authorization == AuthorizationKind::strict) {
- return false;
+ return false;
+ } else {
+ // TODO(sp) Need an iterator here, "strict" means "all_of"
+ for (servicesmember *mem = rowData<servicegroup>(row)->members;
+ mem != nullptr; mem = mem->next) {
+ if (!has_contact(mem)) {
+ return false;
+ }
}
+ return true;
}
- return true;
}