Proposed patch for status.c (3.5.0)

jeffm · Post by **jeffm** » Wed Jan 08, 2014 11:22 am

It seems that status.c doesn't check for permission to view a host when using "navbarsearch", this proposed patch fixes that problem:

Code: Select all

--- status.c.orig       2013-03-09 16:46:35.000000000 -0500
+++ status.c    2014-01-08 10:27:42.000000000 -0500
@@ -1537,6 +1537,10 @@
                /* find the host */
                temp_host = find_host(temp_service->host_name);
 
+               /* make sure user has rights to view this host */
+               if(is_authorized_for_host(temp_host, &current_authdata) == FALSE)
+                       continue;
+
                /* make sure user has rights to see this... */
                if(is_authorized_for_service(temp_service, &current_authdata) == FALSE)
                        continue;

tmcdonald · Post by **tmcdonald** » Wed Jan 08, 2014 11:38 am

Thanks for the submission! Have you created a bug report or shall I take care of this?

jeffm · Post by **jeffm** » Wed Jan 08, 2014 11:52 am

I haven't created a bug report. If you create it this time, I'll file one if there's a next time

tmcdonald · Post by **tmcdonald** » Wed Jan 08, 2014 12:08 pm

That sounds more than fair. Tracker link here: http://tracker.nagios.org/view.php?id=556

Going to close this up now. Thanks again!

Nagios Support Forum

Proposed patch for status.c (3.5.0)

Proposed patch for status.c (3.5.0)

Re: Proposed patch for status.c (3.5.0)

Re: Proposed patch for status.c (3.5.0)

Re: Proposed patch for status.c (3.5.0)