fixed bug with group_authorization strict
Message-ID: <533c1351.ZuoBN8EVT1waNze9%ab(a)mathias-kettner.de>
User-Agent: Heirloom mailx 12.4 7/29/08
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Module: check_mk
Branch: master
Commit: e29b47d102b2b1baf35a3dbc7ce8888403a743b3
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=e29b47d102b2b1…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Wed Apr 2 15:40:06 2014 +0200
FIX livestatus table hostsbygroup: fixed bug with group_authorization strict
On calling the livestatus table hostsbygroup with an AuthUser the table
did not hide the entire hostsgroup in case the group_authorization was set to
<tt>strict</tt>
and one host in the group was not a contact for the AuthUser.
This has been fixed.
With the group_authorization <tt>strict</tt> setting the AuthUser now
needs to be a contact of every host in the hostgroup, otherwise the hostgroup
is not shown at all.
---
.werks/747 | 16 ++++++++++++++++
ChangeLog | 3 +++
livestatus/src/TableHosts.cc | 30 +++++++++++++++++++++++++-----
3 files changed, 44 insertions(+), 5 deletions(-)
diff --git a/.werks/747 b/.werks/747
new file mode 100644
index 0000000..def45a0
--- /dev/null
+++ b/.werks/747
@@ -0,0 +1,16 @@
+Title: livestatus table hostsbygroup: fixed bug with group_authorization strict
+Level: 2
+Component: livestatus
+Version: 1.2.5i3
+Date: 1396445685
+Class: fix
+
+On calling the livestatus table hostsbygroup with an AuthUser the table
+did not hide the entire hostsgroup in case the group_authorization was set to
<tt>strict</tt>
+and one host in the group was not a contact for the AuthUser.
+
+This has been fixed.
+
+With the group_authorization <tt>strict</tt> setting the AuthUser now
+needs to be a contact of every host in the hostgroup, otherwise the hostgroup
+is not shown at all.
diff --git a/ChangeLog b/ChangeLog
index eac789b..4ed1181 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,7 @@
1.2.5i3:
+ Livestatus:
+ * 0747 FIX: livestatus table hostsbygroup: fixed bug with group_authorization
strict...
+
1.2.5i2:
Checks & Agents:
diff --git a/livestatus/src/TableHosts.cc b/livestatus/src/TableHosts.cc
index afc1657..86f5243 100644
--- a/livestatus/src/TableHosts.cc
+++ b/livestatus/src/TableHosts.cc
@@ -362,14 +362,34 @@ void TableHosts::answerQuery(Query *query)
if (_by_group) {
hostgroup *hgroup = hostgroup_list;
hostbygroup hg;
+ bool show_hgroup;
+
+ // When g_group_authorization is set to AUTH_STRICT we need to pre-check
+ // if every host of this group is visible to the _auth_user
+ bool requires_precheck = query->authUser() && g_group_authorization ==
AUTH_STRICT;
+
while (hgroup) {
+ show_hgroup = true;
hg._hostgroup = hgroup;
hostsmember *mem = hgroup->members;
- while (mem) {
- memcpy(&hg._host, mem->host_ptr, sizeof(host));
- if (!query->processDataset(&hg))
- break;
- mem = mem->next;
+ if (requires_precheck) {
+ while (mem) {
+ if (!is_authorized_for(query->authUser(), mem->host_ptr, 0)) {
+ show_hgroup = false;
+ break;
+ }
+ mem = mem->next;
+ }
+ }
+
+ if (show_hgroup) {
+ mem = hgroup->members;
+ while (mem) {
+ memcpy(&hg._host, mem->host_ptr, sizeof(host));
+ if (!query->processDataset(&hg))
+ break;
+ mem = mem->next;
+ }
}
hgroup = hgroup->next;
}