Module: check_mk Branch: master Commit: 367e01890c767d48d286cfbb858631ca7ec79c18 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=367e01890c767d… Author: Andreas Boesl <ab(a)mathias-kettner.de> Date: Fri Apr 4 13:56:24 2014 +0200 Improved security of WATO bulk inventory by using transaction ids --- .werks/784 | 8 ++++++++ ChangeLog | 3 ++- web/htdocs/js/wato.js | 7 +++++-- web/htdocs/wato.py | 18 ++++++++++++++++-- 4 files changed, 31 insertions(+), 5 deletions(-) diff --git a/.werks/784 b/.werks/784 new file mode 100644 index 0000000..3e38fb9 --- /dev/null +++ b/.werks/784 @@ -0,0 +1,8 @@ +Title: Improved security of WATO bulk inventory by using transaction ids +Level: 2 +Component: wato +Class: feature +State: unknown +Version: 1.2.5i3 +Date: 1396612529 + diff --git a/ChangeLog b/ChangeLog index cb9b6ba..e90c32c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,14 +7,15 @@ NOTE: Please refer to the migration notes! * 0799 ibm_svc_systemstats.cpu_util: New check for CPU Utilization of an IBM SVC / V7000 device in total * 0800 ibm_svc_nodestats.cache, ibm_svc_systemstats.cache: New checks for Cache Usage of IBM SVC / V7000 devices - * 0801 ibm_svc_eventlog: New Check for Messages in Event log of IBM SVC / V7000 devices * 0150 printer_suply: New option to upturn toner levels... + * 0801 ibm_svc_eventlog: New Check for Messages in Event log of IBM SVC / V7000 devices * 0777 FIX: special agent emcvnx: did not work with security file authentication... Multisite: * 0779 Hostgroups (Summary): Empty hostgroups are no longer shown (can be re-enabled by filter) WATO: + * 0784 Improved security of WATO bulk inventory by using transaction ids * 0781 FIX: host diag page: fixed problem with update of diagnose subwindows... Notifications: diff --git a/web/htdocs/js/wato.js b/web/htdocs/js/wato.js index 7cbafc6..2d5843d 100644 --- a/web/htdocs/js/wato.js +++ b/web/htdocs/js/wato.js @@ -342,6 +342,7 @@ function progress_retry() { document.getElementById('progress_abort').style.display = ''; progress_clean_log(); clear_progress_stats(); + // Note: no bulksize limit is applied here progress_items = failed_items; failed_items = Array(); progress_scheduler(progress_mode, progress_url, progress_timeout, [], "", ""); @@ -432,12 +433,13 @@ function progress_clean_log() { log = null; } -function progress_scheduler(mode, url_prefix, timeout, items, end_url, success_stats, fail_stats, term_url, finished_txt) { +function progress_scheduler(mode, url_prefix, timeout, items, transids, end_url, success_stats, fail_stats, term_url, finished_txt) { // Initialize if (progress_items === null) { total_num_items = items.length; progress_items = items; failed_items = Array(); + progress_transids = transids; progress_total_num = items.length; progress_end_url = end_url; progress_term_url = term_url; @@ -465,7 +467,8 @@ function progress_scheduler(mode, url_prefix, timeout, items, end_url, success_s // Remove leading pipe signs (when having no folder set) // update_progress_title(percentage + "%"); update_progress_title(title); - get_url(url_prefix + '&_transid=-1&_item=' + escape(progress_items[0]), + use_transid = progress_transids.shift(); + get_url(url_prefix + '&_transid=' + use_transid + '&_item=' + escape(progress_items[0]), progress_handle_response, // regular handler (http code 200) [ mode, progress_items[0] ], // data to hand over to handlers progress_handle_error // error handler diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py index f15f138..37ddb04 100644 --- a/web/htdocs/wato.py +++ b/web/htdocs/wato.py @@ -3373,6 +3373,12 @@ def mode_bulk_inventory(phase): elif phase == "action": if html.var("_item"): + if not html.check_transaction(): + html.write(repr([ 'failed', 0, 0, 0, 0, 0, 0, ]) + "\n") + html.write(_("Error during inventory: Maximum number of retries reached. " + "You need to restart the bulk inventory")) + return "" + how = html.var("how") try: site_id, folderpath, hostnamesstring = html.var("_item").split("|") @@ -5102,8 +5108,16 @@ def interactive_progress(items, title, stats, finishvars, timewait, success_stat finish_url = make_link([("mode", "folder")] + finishvars) term_url = make_link([("mode", "folder")] + termvars) - html.javascript(('progress_scheduler("%s", "%s", 50, %s, "%s", %s, %s, "%s", "' + _("FINISHED.") + '");') % - (html.var('mode'), base_url, json_items, finish_url, + # Reserve a certain amount of transids for the progress scheduler + # Each json item requires one transid. Additionally, each "Retry failed hosts" eats + # up another one. We reserve 20 additional transids for the retry function + # Note: The "retry option" ignores the bulk size + transids = [] + for i in range(len(items) + 20): + transids.append(html.fresh_transid()) + json_transids = '[ %s ]' % ',\n'.join([ "'" + h + "'" for h in transids]) + html.javascript(('progress_scheduler("%s", "%s", 50, %s, %s, "%s", %s, %s, "%s", "' + _("FINISHED.") + '");') % + (html.var('mode'), base_url, json_items, json_transids, finish_url, success_stats, fail_stats, term_url))