Nagios Core

Command CGI Scheduled Downtime Patch

Write a Review

Description:

Problem: customers can see machines from other customers when entering a downtime
Solution: customer can only see his/her own machines when choosing “triggered by”

Current Version

3.2.0

Last Release Date

March 15, 2010

Compatible With

  • Nagios 3.x

Owner

Katharina

Download URL

http://kdxxl.111mb.de/download/cmd.c

Copy Page Link Recommend Contact Owner Login to Add to Favorites
Project Files
FileDescription
cmd.c
Project Notes
We have monitoring servers shared by several customers. Problem is that one user can enter a downtime and sees the other user's machines by using the "Triggered by" option. This is a severe security incident for us. This has been fixed in a way that every customer can only see his own machines. Concerned file: cmd.c Diff: 116 int string_to_time(char *,time_t *); 117 118 //PATCH 119 host *temp_host=NULL; 120 //PATCH END 121 122 int main(void){ 1178 if(temp_downtime->type!=HOST_DOWNTIME) 1179 continue; 1180 // PATCH 1181 /* find the host... */ 1182 temp_host=find_host(temp_downtime->host_name); 1183 1184 /* make sure user has rights to view this host */ 1185 if(is_authorized_for_host(temp_host,¤t_authdata)==FALSE) 1186 continue; 1187 //PATCH END 1188 printf("
Reviews (0) Add a Review
Add a Review

You must be logged in to submit a review.

Thank you for your review!

Your review has been submitted and is pending approval.

Recommend

To:


From:


Thank you for your recommendation!

Your recommendation has been sent.

Page Sections
Project Overview Project Files Project Notes Reviews
Project Stats
Rating
0 (0)
Favorites
0
Views
92,288