Module: check_mk
Branch: master
Commit: 174fd8a6e34accc25bbe62969a363bfbcdaef5a2
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=174fd8a6e34acc…
Author: Sven Panne <sp(a)mathias-kettner.de>
Date: Tue Jul 25 14:51:09 2017 +0200
Removed g_service_authorization global variable.
Change-Id: Ibbed01e6db664e56b2e90da0b0098514d8b8aa52
---
livestatus/src/MonitoringCore.h | 3 +++
livestatus/src/auth.cc | 10 ++++++----
livestatus/src/auth.h | 1 -
livestatus/src/module.cc | 10 +++++++---
4 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/livestatus/src/MonitoringCore.h b/livestatus/src/MonitoringCore.h
index dd37922..0a87e70 100644
--- a/livestatus/src/MonitoringCore.h
+++ b/livestatus/src/MonitoringCore.h
@@ -29,6 +29,7 @@
#include <chrono>
#include <string>
#include <vector>
+#include "auth.h"
#include "data_encoding.h"
class Logger;
@@ -92,6 +93,8 @@ public:
virtual size_t maxCachedMessages() = 0;
virtual bool stateHistoryFilteringEnabled() = 0;
+ virtual AuthorizationKind serviceAuthorization() const = 0;
+
virtual Logger *loggerLivestatus() = 0;
// Our escape hatch, this should die in the long run...
diff --git a/livestatus/src/auth.cc b/livestatus/src/auth.cc
index 9e4e7d6..075223d 100644
--- a/livestatus/src/auth.cc
+++ b/livestatus/src/auth.cc
@@ -23,6 +23,7 @@
// Boston, MA 02110-1301 USA.
#include "auth.h"
+#include "MonitoringCore.h"
contact *unknown_auth_user() { return reinterpret_cast<contact *>(0xdeadbeaf); }
@@ -32,17 +33,18 @@ bool host_has_contact(host *hst, contact *ctc) {
is_escalated_contact_for_host(hst, ctc) != 0;
}
-bool service_has_contact(host *hst, service *svc, contact *ctc) {
+bool service_has_contact(MonitoringCore *mc, host *hst, service *svc,
+ contact *ctc) {
return is_contact_for_service(svc, ctc) != 0 ||
is_escalated_contact_for_service(svc, ctc) != 0 ||
- (g_service_authorization == AuthorizationKind::loose &&
+ (mc->serviceAuthorization() == AuthorizationKind::loose &&
host_has_contact(hst, ctc));
}
} // namespace
-bool is_authorized_for(MonitoringCore * /*unused*/, contact *ctc, host *hst,
+bool is_authorized_for(MonitoringCore *mc, contact *ctc, host *hst,
service *svc) {
return ctc != unknown_auth_user() &&
(svc == nullptr ? host_has_contact(hst, ctc)
- : service_has_contact(hst, svc, ctc));
+ : service_has_contact(mc, hst, svc, ctc));
}
diff --git a/livestatus/src/auth.h b/livestatus/src/auth.h
index 74946ae..ae6183a 100644
--- a/livestatus/src/auth.h
+++ b/livestatus/src/auth.h
@@ -40,7 +40,6 @@ inline contact *unknown_auth_user() {
return reinterpret_cast<contact *>(0xdeadbeaf);
}
#else
-extern AuthorizationKind g_service_authorization;
extern AuthorizationKind g_group_authorization;
contact *unknown_auth_user();
diff --git a/livestatus/src/module.cc b/livestatus/src/module.cc
index d0c7a8b..befeb9b 100644
--- a/livestatus/src/module.cc
+++ b/livestatus/src/module.cc
@@ -126,7 +126,7 @@ size_t fl_max_cached_messages = 500000;
static uint32_t fl_max_lines_per_logfile = 1000000;
size_t fl_max_response_size = 100 * 1024 * 1024; // limit answer to 10 MB
int g_thread_running = 0;
-AuthorizationKind g_service_authorization = AuthorizationKind::loose;
+static AuthorizationKind fl_service_authorization = AuthorizationKind::loose;
AuthorizationKind g_group_authorization = AuthorizationKind::strict;
Encoding fl_data_encoding = Encoding::utf8;
@@ -669,6 +669,10 @@ public:
return fl_disable_statehist_filtering == 0;
}
+ AuthorizationKind serviceAuthorization() const override {
+ return fl_service_authorization;
+ }
+
Logger *loggerLivestatus() override { return fl_logger_livestatus; }
private:
@@ -981,9 +985,9 @@ void livestatus_parse_arguments(const char *args_orig) {
}
} else if (strcmp(left, "service_authorization") == 0) {
if (strcmp(right, "strict") == 0) {
- g_service_authorization = AuthorizationKind::strict;
+ fl_service_authorization = AuthorizationKind::strict;
} else if (strcmp(right, "loose") == 0) {
- g_service_authorization = AuthorizationKind::loose;
+ fl_service_authorization = AuthorizationKind::loose;
} else {
Warning(fl_logger_nagios)
<< "invalid service authorization mode, "