Alex Burger wrote:
The more I think about it, the more I think we are looking at this the
wrong way. With file system or application permissions, we would assign
a group to a folder/object, and then pick what rights the group would
have. Why don't we do the same thing with Nagios?
Leave the groups as they are, but modify the host and service
contact_groups command? For example:
define host{
host_name localhost
contact_groups netops:rw, helpdesk:r
}
For backwards compatibility, if no permissions are set, the defaults
would be rw so the following would be the same:
define host{
host_name localhost
contact_groups netops, helpdesk:r
}
If a user was in both the netops and helpdesk group, the user should
have rw access.
This will take a bit more work to implement, but I think it makes more
sense. What do you think?
Alex
Attached is a patch for 2.5 that implements what I described above. It
works on both hosts and services.
The following four lines are are examples of read/write access for
netops and helpdesk:
contact_groups netops, helpdesk
contact_groups netops, helpdesk:rw
contact_groups netops:rw, helpdesk
contact_groups netops:rw, helpdesk:rw
The following two lines are are examples of read/write access for netops
and read only (view only) for helpdesk:
contact_groups netops, helpdesk:r
contact_groups netops:rw, helpdesk:r
Alex
diff -ur nagios-2.5.org/cgi/cgiauth.c nagios-2.5/cgi/cgiauth.c
--- nagios-2.5.org/cgi/cgiauth.c 2006-10-08 19:35:18.000000000 -0400
+++ nagios-2.5/cgi/cgiauth.c 2006-11-04 15:10:58.000000000 -0500
@@ -420,7 +420,7 @@
return FALSE;
/* see if this user is a contact for the host */
- if(is_contact_for_host(temp_host,temp_contact)==TRUE)
+ if(is_contact_for_host_w(temp_host,temp_contact)==TRUE)
return TRUE;
/* see if this user is an escalated contact for the host */
@@ -428,7 +428,7 @@
return TRUE;
/* this user is a contact for the service, so they have
permission... */
- if(is_contact_for_service(svc,temp_contact)==TRUE)
+ if(is_contact_for_service_w(svc,temp_contact)==TRUE)
return TRUE;
/* this user is an escalated contact for the service, so they
have permission... */
@@ -470,7 +470,7 @@
return FALSE;
/* this user is a contact for the host, so they have
permission... */
- if(is_contact_for_host(hst,temp_contact)==TRUE)
+ if(is_contact_for_host_w(hst,temp_contact)==TRUE)
return TRUE;
/* this user is an escalated contact for the host, so they have
permission... */
diff -ur nagios-2.5.org/common/objects.c nagios-2.5/common/objects.c
--- nagios-2.5.org/common/objects.c 2006-10-08 19:35:18.000000000 -0400
+++ nagios-2.5/common/objects.c 2006-11-04 15:48:16.000000000 -0500
@@ -4926,6 +4926,8 @@
/* find a contact group from the list in memory */
contactgroup * find_contactgroup(char *name){
contactgroup *temp_contactgroup;
+ char *temp_contactgroup_name;
+ char *perms;
#ifdef DEBUG0
printf("find_contactgroup() start\n");
@@ -4934,11 +4936,21 @@
if(name==NULL || contactgroup_hashlist==NULL)
return NULL;
-
for(temp_contactgroup=contactgroup_hashlist[hashfunc1(name,CONTACTGROUP_HASHSLOTS)];temp_contactgroup
&&
compare_hashdata1(temp_contactgroup->group_name,name)<0;temp_contactgroup=temp_contactgroup->nexthash);
+ /* Ignore permissions */
+ temp_contactgroup_name = strdup(name);
+ perms = strstr(temp_contactgroup_name, ":");
+ if (perms)
+ *perms = '\0';
- if(temp_contactgroup &&
(compare_hashdata1(temp_contactgroup->group_name,name)==0))
+
for(temp_contactgroup=contactgroup_hashlist[hashfunc1(temp_contactgroup_name,CONTACTGROUP_HASHSLOTS)];temp_contactgroup
&&
compare_hashdata1(temp_contactgroup->group_name,temp_contactgroup_name)<0;temp_contactgroup=temp_contactgroup->nexthash);
+
+ if(temp_contactgroup &&
(compare_hashdata1(temp_contactgroup->group_name,temp_contactgroup_name)==0))
return temp_contactgroup;
+ if(temp_contactgroup_name)
+ free(temp_contactgroup_name);
+
+
#ifdef DEBUG0
printf("find_contactgroup() end\n");
#endif
@@ -5427,7 +5439,9 @@
int is_contact_for_host(host *hst, contact *cntct){
contactgroupsmember *temp_contactgroupsmember;
contactgroup *temp_contactgroup;
-
+ char *temp_contactgroup_name;
+ char *perms;
+
if(hst==NULL || cntct==NULL){
return FALSE;
}
@@ -5435,8 +5449,16 @@
/* search all contact groups of this host */
for(temp_contactgroupsmember=hst->contact_groups;temp_contactgroupsmember!=NULL;temp_contactgroupsmember=temp_contactgroupsmember->next){
+ /* Ignore permissions */
+ temp_contactgroup_name =
strdup(temp_contactgroupsmember->group_name);
+ perms = strstr(temp_contactgroup_name, ":");
+ if (perms)
+ *perms = '\0';
+
/* find the contact group */
-
temp_contactgroup=find_contactgroup(temp_contactgroupsmember->group_name);
+ temp_contactgroup=find_contactgroup(temp_contactgroup_name);
+ if (temp_contactgroup_name)
+ free (temp_contactgroup_name);
if(temp_contactgroup==NULL)
continue;
@@ -5447,6 +5469,48 @@
return FALSE;
}
+/* tests whether a contact is a contact for a particular host with write
permissions */
+int is_contact_for_host_w(host *hst, contact *cntct){
+ contactgroupsmember *temp_contactgroupsmember;
+ contactgroup *temp_contactgroup;
+ char *temp_contactgroup_name;
+ char *perms;
+
+ if(hst==NULL || cntct==NULL){
+ return FALSE;
+ }
+
+ /* search all contact groups of this host */
+
for(temp_contactgroupsmember=hst->contact_groups;temp_contactgroupsmember!=NULL;temp_contactgroupsmember=temp_contactgroupsmember->next){
+
+ /* Check for write permissions */
+ temp_contactgroup_name =
strdup(temp_contactgroupsmember->group_name);
+ perms = strstr(temp_contactgroup_name, ":");
+ if (perms) { /* Permissions set. Need to check */
+ /* Check for :rw */
+ perms = strstr(perms, "w"); /* look for (w)rite permission
*/
+ if (! (perms)) { /* write not found so user does not
have permission */
+ if (temp_contactgroup_name)
+ free(temp_contactgroup_name);
+ continue;
+ }
+ }
+
+ /* No permissions set so defaulting to rw, or user has rw set
*/
+
+ /* find the contact group */
+ temp_contactgroup=find_contactgroup(temp_contactgroup_name);
+ if (temp_contactgroup_name)
+ free(temp_contactgroup_name);
+ if(temp_contactgroup==NULL)
+ continue;
+
+
if(is_contact_member_of_contactgroup(temp_contactgroup,cntct)==TRUE)
+ return TRUE;
+ }
+
+ return FALSE;
+ }
/* tests whether or not a contact is an escalated contact for a particular
host */
@@ -5481,6 +5545,8 @@
int is_contact_for_service(service *svc, contact *cntct){
contactgroupsmember *temp_contactgroupsmember;
contactgroup *temp_contactgroup;
+ char *temp_contactgroup_name;
+ char *perms;
if(svc==NULL || cntct==NULL)
return FALSE;
@@ -5488,8 +5554,16 @@
/* search all contact groups of this service */
for(temp_contactgroupsmember=svc->contact_groups;temp_contactgroupsmember!=NULL;temp_contactgroupsmember=temp_contactgroupsmember->next){
+ /* Ignore permissions */
+ temp_contactgroup_name =
strdup(temp_contactgroupsmember->group_name);
+ perms = strstr(temp_contactgroup_name, ":");
+ if (perms)
+ *perms = '\0';
+
/* find the contact group */
-
temp_contactgroup=find_contactgroup(temp_contactgroupsmember->group_name);
+ temp_contactgroup=find_contactgroup(temp_contactgroup_name);
+ if (temp_contactgroup_name)
+ free (temp_contactgroup_name);
if(temp_contactgroup==NULL)
continue;
@@ -5500,6 +5574,48 @@
return FALSE;
}
+/* tests whether a contact is a contact for a particular service */
+int is_contact_for_service_w(service *svc, contact *cntct){
+ contactgroupsmember *temp_contactgroupsmember;
+ contactgroup *temp_contactgroup;
+ char *temp_contactgroup_name;
+ char *perms;
+
+ if(svc==NULL || cntct==NULL)
+ return FALSE;
+
+ /* search all contact groups of this service */
+
for(temp_contactgroupsmember=svc->contact_groups;temp_contactgroupsmember!=NULL;temp_contactgroupsmember=temp_contactgroupsmember->next){
+
+
+ /* Check for write permissions */
+ temp_contactgroup_name =
strdup(temp_contactgroupsmember->group_name);
+ perms = strstr(temp_contactgroup_name, ":");
+ if (perms) { /* Permissions set. Need to check */
+ /* Check for :rw */
+ perms = strstr(perms, "w"); /* look for (w)rite permission
*/
+ if (! (perms)) { /* write not found so user does not
have permission */
+ if (temp_contactgroup_name)
+ free(temp_contactgroup_name);
+ continue;
+ }
+ }
+
+ /* No permissions set so defaulting to rw, or user has rw set
*/
+
+ /* find the contact group */
+ temp_contactgroup=find_contactgroup(temp_contactgroup_name);
+ if (temp_contactgroup_name)
+ free (temp_contactgroup_name);
+ if(temp_contactgroup==NULL)
+ continue;
+
+
if(is_contact_member_of_contactgroup(temp_contactgroup,cntct)==TRUE)
+ return TRUE;
+ }
+
+ return FALSE;
+ }
/* tests whether or not a contact is an escalated contact for a particular
service */
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting
any issue.
::: Messages without supporting info will risk being sent to /dev/null
