Module: check_mk
Branch: master
Commit: 12fc3ab57e7f24681c23860ce8d617e652557913
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=12fc3ab57e7f24…
Author: Sven Panne <sp(a)mathias-kettner.de>
Date: Tue Jul 25 15:00:40 2017 +0200
Removed g_group_authorization global variable.
Change-Id: I8693bff2e7e05777aeb59190d93e50cc17aa62b0
---
livestatus/src/MonitoringCore.h | 1 +
livestatus/src/TableHostGroups.cc | 3 ++-
livestatus/src/TableHostsByGroup.cc | 8 +++++---
livestatus/src/TableServiceGroups.cc | 3 ++-
livestatus/src/TableServicesByGroup.cc | 8 +++++---
livestatus/src/auth.h | 2 --
livestatus/src/module.cc | 10 +++++++---
7 files changed, 22 insertions(+), 13 deletions(-)
diff --git a/livestatus/src/MonitoringCore.h b/livestatus/src/MonitoringCore.h
index 0a87e70..7e3a6b8 100644
--- a/livestatus/src/MonitoringCore.h
+++ b/livestatus/src/MonitoringCore.h
@@ -94,6 +94,7 @@ public:
virtual bool stateHistoryFilteringEnabled() = 0;
virtual AuthorizationKind serviceAuthorization() const = 0;
+ virtual AuthorizationKind groupAuthorization() const = 0;
virtual Logger *loggerLivestatus() = 0;
diff --git a/livestatus/src/TableHostGroups.cc b/livestatus/src/TableHostGroups.cc
index fdf2ecc..66b7f4d 100644
--- a/livestatus/src/TableHostGroups.cc
+++ b/livestatus/src/TableHostGroups.cc
@@ -27,6 +27,7 @@
#include "Column.h"
#include "HostListColumn.h"
#include "HostListStateColumn.h"
+#include "MonitoringCore.h"
#include "OffsetStringColumn.h"
#include "Query.h"
#include "auth.h"
@@ -194,7 +195,7 @@ bool TableHostGroups::isAuthorized(Row row, contact *ctc) {
auto has_contact = [=](hostsmember *mem) {
return is_authorized_for(core(), ctc, mem->host_ptr, nullptr);
};
- if (g_group_authorization == AuthorizationKind::loose) {
+ if (core()->groupAuthorization() == AuthorizationKind::loose) {
// TODO(sp) Need an iterator here, "loose" means "any_of"
for (hostsmember *mem = rowData<hostgroup>(row)->members;
mem != nullptr; mem = mem->next) {
diff --git a/livestatus/src/TableHostsByGroup.cc b/livestatus/src/TableHostsByGroup.cc
index 08b5681..d69ba5d 100644
--- a/livestatus/src/TableHostsByGroup.cc
+++ b/livestatus/src/TableHostsByGroup.cc
@@ -23,6 +23,7 @@
// Boston, MA 02110-1301 USA.
#include "TableHostsByGroup.h"
+#include "MonitoringCore.h"
#include "Query.h"
#include "TableHostGroups.h"
#include "TableHosts.h"
@@ -52,10 +53,11 @@ string TableHostsByGroup::name() const { return
"hostsbygroup"; }
string TableHostsByGroup::namePrefix() const { return "host_"; }
void TableHostsByGroup::answerQuery(Query *query) {
- // When g_group_authorization is set to AuthorizationKind::strict we need to
+ // When groupAuthorization() is set to AuthorizationKind::strict we need to
// pre-check if every host of this group is visible to the _auth_user
- bool requires_precheck = query->authUser() != nullptr &&
- g_group_authorization == AuthorizationKind::strict;
+ bool requires_precheck =
+ query->authUser() != nullptr &&
+ core()->groupAuthorization() == AuthorizationKind::strict;
for (hostgroup *hg = hostgroup_list; hg != nullptr; hg = hg->next) {
bool show_host_group = true;
diff --git a/livestatus/src/TableServiceGroups.cc b/livestatus/src/TableServiceGroups.cc
index 97987fd..bcc07d7 100644
--- a/livestatus/src/TableServiceGroups.cc
+++ b/livestatus/src/TableServiceGroups.cc
@@ -25,6 +25,7 @@
#include "TableServiceGroups.h"
#include <memory>
#include "Column.h"
+#include "MonitoringCore.h"
#include "OffsetStringColumn.h"
#include "Query.h"
#include "ServiceListColumn.h"
@@ -156,7 +157,7 @@ bool TableServiceGroups::isAuthorized(Row row, contact *ctc) {
service *svc = mem->service_ptr;
return is_authorized_for(core(), ctc, svc->host_ptr, svc);
};
- if (g_group_authorization == AuthorizationKind::loose) {
+ if (core()->groupAuthorization() == AuthorizationKind::loose) {
// TODO(sp) Need an iterator here, "loose" means "any_of"
for (servicesmember *mem = rowData<servicegroup>(row)->members;
mem != nullptr; mem = mem->next) {
diff --git a/livestatus/src/TableServicesByGroup.cc
b/livestatus/src/TableServicesByGroup.cc
index 57f56e2..32ed8f2 100644
--- a/livestatus/src/TableServicesByGroup.cc
+++ b/livestatus/src/TableServicesByGroup.cc
@@ -23,6 +23,7 @@
// Boston, MA 02110-1301 USA.
#include "TableServicesByGroup.h"
+#include "MonitoringCore.h"
#include "Query.h"
#include "TableServiceGroups.h"
#include "TableServices.h"
@@ -53,10 +54,11 @@ string TableServicesByGroup::name() const { return
"servicesbygroup"; }
string TableServicesByGroup::namePrefix() const { return "service_"; }
void TableServicesByGroup::answerQuery(Query *query) {
- // When g_group_authorization is set to AuthorizationKind::strict we need to
+ // When groupAuthorization() is set to AuthorizationKind::strict we need to
// pre-check if every service of this group is visible to the _auth_user
- bool requires_precheck = (query->authUser() != nullptr) &&
- g_group_authorization == AuthorizationKind::strict;
+ bool requires_precheck =
+ query->authUser() != nullptr &&
+ core()->groupAuthorization() == AuthorizationKind::strict;
for (servicegroup *sg = servicegroup_list; sg != nullptr; sg = sg->next) {
bool show_service_group = true;
diff --git a/livestatus/src/auth.h b/livestatus/src/auth.h
index ae6183a..834a49d 100644
--- a/livestatus/src/auth.h
+++ b/livestatus/src/auth.h
@@ -40,8 +40,6 @@ inline contact *unknown_auth_user() {
return reinterpret_cast<contact *>(0xdeadbeaf);
}
#else
-extern AuthorizationKind g_group_authorization;
-
contact *unknown_auth_user();
class MonitoringCore;
bool is_authorized_for(MonitoringCore *mc, contact *ctc, host *hst,
diff --git a/livestatus/src/module.cc b/livestatus/src/module.cc
index befeb9b..3b88f66 100644
--- a/livestatus/src/module.cc
+++ b/livestatus/src/module.cc
@@ -127,7 +127,7 @@ static uint32_t fl_max_lines_per_logfile = 1000000;
size_t fl_max_response_size = 100 * 1024 * 1024; // limit answer to 10 MB
int g_thread_running = 0;
static AuthorizationKind fl_service_authorization = AuthorizationKind::loose;
-AuthorizationKind g_group_authorization = AuthorizationKind::strict;
+static AuthorizationKind fl_group_authorization = AuthorizationKind::strict;
Encoding fl_data_encoding = Encoding::utf8;
// Map to speed up access via name/alias/address
@@ -673,6 +673,10 @@ public:
return fl_service_authorization;
}
+ AuthorizationKind groupAuthorization() const override {
+ return fl_group_authorization;
+ }
+
Logger *loggerLivestatus() override { return fl_logger_livestatus; }
private:
@@ -995,9 +999,9 @@ void livestatus_parse_arguments(const char *args_orig) {
}
} else if (strcmp(left, "group_authorization") == 0) {
if (strcmp(right, "strict") == 0) {
- g_group_authorization = AuthorizationKind::strict;
+ fl_group_authorization = AuthorizationKind::strict;
} else if (strcmp(right, "loose") == 0) {
- g_group_authorization = AuthorizationKind::loose;
+ fl_group_authorization = AuthorizationKind::loose;
} else {
Warning(fl_logger_nagios)
<< "invalid group authorization mode, "