This is a multi-part message in MIME format.
--------------000701050606030809080408
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Dear List,
the development of this feature has been finished and it had been=20
tested in 99% of possible cases. The patch is attached to this e-mail.=20
As you can see we work with nagios version 3.2.1.
Kind Regards,
Tibor Vago
2010-05-21 17:06, Vago Tibor wrote:
> Dear Andreas,
>
> Thansk for the quick answer.
> We will start the development for this feature and send patch(es) to
> the ND list.
>
> Kind regards,
> Tibor
>
>
> 2010-05-19 12:15 keltez=C3=A9ssel, Andreas Ericsson =C3=ADrta:
>> On 05/19/2010 11:03 AM, V=C3=A1g=C3=B3 Tibor wrote:
>>> Dear Nagios devel-list,
>>>
>>> We would like to use attribute based authority checking in Nagios.
>>> We use authentication but not SSL-based.
>>>
>>> Our conception is (based nagios-version-3.2.1) the following:
>>>
>>> *Step1*
>>> cgi/status.c:
>>> -------------------------------------------------
>>> //line136:
>>> authdata current_authdata;
>>>
>>> //line244:
>>> get_authentication_information(¤t_authdata);
>>>
>>> Add some char variables to authdata structure.
>>>
>>> include/cgiauth.h
>>> -------------------------------------------------
>>> typedef struct authdata_struct{
>>> char *username;
>>> int authorized_for_all_hosts;
>>> int authorized_for_all_host_commands;
>>> int authorized_for_all_services;
>>> int authorized_for_all_service_commands;
>>> int authorized_for_system_information;
>>> int authorized_for_system_commands;
>>> int authorized_for_configuration_information;
>>> int authorized_for_read_only;
>>> int authenticated;
>>> //TODO
>>> char **host_allow_to_see;
>>> char **service_allow_to_see;
>>> ...
>>> }authdata;
>>>
>>>
>>>
>>>
>>> *Step2*
>>> cgi/cgiauth.c
>>> -------------------------------------------------
>>> line86 /* read in authorization override vars from config file... */
>>> line87 if((thefile=3Dmmap_fopen(get_cgi_config_location()))!=3DNULL){
>>> ...
>>> line95 if((input=3Dmmap_fgets_multiline(thefile))=3D=3DNULL)
>>> line96 break;
>>>
>>> authinfo->username=3D""
>>> authinfo->authenticated=3DFALSE
>>> authinfo->authorized_for_all_hosts=3DFALSE;
>>> authinfo->authorized_for_all_host_commands=3DFALSE;
>>> authinfo->authorized_for_all_services=3DFALSE;
>>> authinfo->authorized_for_all_service_commands=3DFALSE;
>>> authinfo->authorized_for_system_information=3DFALSE;
>>> authinfo->authorized_for_system_commands=3DFALSE;
>>> authinfo->authorized_for_configuration_information=3DFALSE;
>>> authinfo->authorized_for_read_only=3DFALSE;
>>> // TODO:
>>> // newlocal variable:
>>> attribute_server_variable=3D"entitlement";
>>>
>>>
>>>
>>> *Step3*
>>> Check the CGI config file is it contains "attribute_server_variable".
>>> If it not doesn't contain then we can return just like now.
>>> If it contains then read its value otherwise the default value is
>>> "entitlement".
>>> Then split value about ";" and put that pieces into an array.
>>>
>>> Now we can compare the attribute pieces of array from server variable
>>> and attributes from CGI configs.
>>> Theese compares will be placed in the following functions:
>>>
>>> int is_authorized_for_host(){...}
>>> int is_authorized_for_service(){...}
>>> ...
>>> etc.
>>>
>>> Can anyone inform me if this feature is currently under development o=
r
>>> already usable.
>>
>> It's not under development and it's definitely not already usable.
>>
>>> If not, we would like to add this feature to the
>>> Nagios source code cooperate with the developer team. How can I send
>>> patches or modification?
>>>
>>
>> You can send patches in unified diff format to this list, where I, Ton
>> or Ethan will pick them up and put them "somewhere" and evaluate them
>> for a future release. Note that details about the patch may well be
>> altered during the review process. If the patch is crap, we'll tell yo=
u
>> so and give you details about what needs to be changed in order for it
>> to be accepted.
>>
>> Since it's a change to the cgi's, no ne
...[email truncated]...
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]