Home Directory Patches Nagios Core Command CGI Scheduled Downtime Patch

Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com

Login

Remember Me

Command CGI Scheduled Downtime Patch

Rating
0 votes
Favoured:
0
Current Version
3.2.0
Compatible With
  • Nagios 3.x
Hits
88527
Files:
FileDescription
cmd.ccmd.c
Network Monitoring Software - Download Nagios XI
Log Management Software - Nagios Log Server - Download
Netflow Analysis Software - Nagios Network Analyzer - Download
Problem: customers can see machines from other customers when entering a downtime
Solution: customer can only see his/her own machines when choosing "triggered by"
We have monitoring servers shared by several customers. Problem is that one user can enter a downtime and sees the other user's machines by using the "Triggered by" option. This is a severe security incident for us.
This has been fixed in a way that every customer can only see his own machines.
Concerned file:
cmd.c
Diff:

116 int string_to_time(char *,time_t *);
117
118 //PATCH
119 host *temp_host=NULL;
120 //PATCH END
121
122 int main(void){

1178 if(temp_downtime->type!=HOST_DOWNTIME)
1179 continue;
1180 // PATCH
1181 /* find the host... */
1182 temp_host=find_host(temp_downtime->host_name);
1183
1184 /* make sure user has rights to view this host */
1185
if(is_authorized_for_host(temp_host,¤t_authdata)==FALSE)
1186 continue;
1187 //PATCH END
1188 printf("