Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
New ListingsDirectory Tree
Command CGI Scheduled Downtime Patch
Current Version
3.2.0
Compatible With
- Nagios 3.x
Owner
Download URL
Hits
91921
Files:
| File | Description |
|---|---|
| cmd.c | cmd.c |
Solution: customer can only see his/her own machines when choosing "triggered by"
We have monitoring servers shared by several customers. Problem is that one user can enter a downtime and sees the other user's machines by using the "Triggered by" option. This is a severe security incident for us.
This has been fixed in a way that every customer can only see his own machines.
Concerned file:
cmd.c
Diff:
116 int string_to_time(char *,time_t *);
117
118 //PATCH
119 host *temp_host=NULL;
120 //PATCH END
121
122 int main(void){
1178 if(temp_downtime->type!=HOST_DOWNTIME)
1179 continue;
1180 // PATCH
1181 /* find the host... */
1182 temp_host=find_host(temp_downtime->host_name);
1183
1184 /* make sure user has rights to view this host */
1185
if(is_authorized_for_host(temp_host,¤t_authdata)==FALSE)
1186 continue;
1187 //PATCH END
1188 printf("
This has been fixed in a way that every customer can only see his own machines.
Concerned file:
cmd.c
Diff:
116 int string_to_time(char *,time_t *);
117
118 //PATCH
119 host *temp_host=NULL;
120 //PATCH END
121
122 int main(void){
1178 if(temp_downtime->type!=HOST_DOWNTIME)
1179 continue;
1180 // PATCH
1181 /* find the host... */
1182 temp_host=find_host(temp_downtime->host_name);
1183
1184 /* make sure user has rights to view this host */
1185
if(is_authorized_for_host(temp_host,¤t_authdata)==FALSE)
1186 continue;
1187 //PATCH END
1188 printf("
Reviews (0)
Be the first to review this listing!
