Re: [Nagios-devel] Reduce some code duplication

[Guest]

--jRHKVT23PllUwdXP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi,

On Thu, Jan 13, 2011 at 02:58:01PM +0100, Andreas Ericsson said:
> On 01/13/2011 01:43 PM, Stephen Gran wrote:
> > Hi,
> >=20
> > I'm looking slightly longer term at extending cgi.cfg to support using
> > contact_group names in the authorized_for* settings, and this is step
> > one on the road. If someone thinks the above is a bad idea (or if reuse
> > of code is a bad idea) let me know and I'll stop.
>=20
> There's one problem with this approach;
> The users in cgi.cfg don't have to be contacts. They only have to be able
> to log in to Nagios.

I think the code fails gracefully for that case - it just doesn't add
any permissions.

> With that in light, I wonder what happens when eu-admins is both a user
> (from the apache view of things) as well as a contactgroup, but not a
> contact. That's one of the things that absolutely has to keep working,
> or a lot of people's setups will break.

I was planning to use a marker to specify that it is a group, whether %
like sudo or @ like many other things, I don't know (or particularly
mind). So with that in mind, eu-admins and @eu-admins would be parsed
differently.

My rough idea for the cgiauth.c patch would be something like:

if(strstr(input,"authorized_for_all_hosts=3D")=3D=3Dinput){
temp_ptr=3Dstrtok(input,"=3D");
while((temp_ptr=3Dstrtok(NULL,","))){
if(!strcmp(temp_ptr,authinfo->username) || !strcmp(temp_ptr=
,"*"))
authinfo->authorized_for_all_hosts=3DTRUE;
}
+ if(!strcmp(temp_ptr,"@")){
+ if(is_contact_member_of_contactgroup(temp_ptr + 1,a=
uthinfo->username)){
+ authinfo->authorized_for_all_hosts=3DTRUE;
+ }
+ }
}

This patch is of course a nonsense patch, as
is_contact_member_of_contactgroup() takes a pair of structs and not
strings, and this function doesn't have access to the structs at
this point. I hope it gives you a rough sense of how I'm hoping to
introduce it, though - preserve existing usage and only extend it if the
name matches a certain marker.

That being said, are you happy enough for the existing patch to go in as
is?

Cheers,
--=20
--------------------------------------------------------------------------
| Stephen Gran | Batteries not included. |
| [email protected] | |
| http://www.lobefin.net/~steve | |
--------------------------------------------------------------------------

--jRHKVT23PllUwdXP
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJNLx/IAAoJELMRjO+K6o/uG4AQANSD4akQll3BIzjDIJWJIzNk
8l60UqhnBlnBvKqyi+Fy1ob+pZz2Myb8EtCbtEpJJyStPvgzl8Cy6DbK4afxOl8J
UlVW2iXaZYV2zJeDPxL+wLUkiC3oR93OtXiX84b+Bm1bUdeFjbZ8I0w+8VnSTRGi
5WcGQ7OfJXaULxvRGUFjbXaD2jGsZYOLM9qEmqdYwEA5K0t5cJTZ/40mBSffBIcz
66ReyIg43lvTLcQAqWFyveYarucXqdntah+SOcJzKn8Czu29RWjKLC8Iv/I6DgtZ
SFnEtfWJiGOYV16RDImTGKlcp2tW4UpFjiTS6fu63tQ7gE6WBWHBCMMPq2VY1DKM
ueIdsmmhrihFy/sHLzApeU3H/TGqUEdGDtamh8mVaMNqcGgz1OX0fV6Zah1knbGa
LYD+fcaFqrx0cgMfnPWVp5QWkKvZ98Y64aARvF9EMiqWpsV4dKo4Jj+CNQnNVtRF
DtSLbi89Oa8KFMR0oVsrWPBpJySa0sauu4CWHQq1+vfi9JPBQIvXZUHrcWSIKwwi
iNibdvlMq82pX4fK6VrPpTfyCe02MCWkhnhWQUHPDmhf6faij5BSY/eU8pcac6ji
bJqga4RArjhWeFEQEWyR5OmyR+YRqdkOW0Twj19nR0ximboItuNn8Y7DDfn/R/MX
BXyRFN5a1l0fDXx9H4TS
=bx/Y
-----END PGP SIGNATURE-----

--jRHKVT23PllUwdXP--





This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]