Build precise queries to find exactly what you need
Press ESC to close
Your review has been submitted and is pending approval.
Problem: customers can see machines from other customers when entering a downtime Solution: customer can only see his/her own machines when choosing "triggered by"
Current Version
3.2.0
Last Release Date
March 15, 2010
Owner
Katharina
Download URL
http://kdxxl.111mb.de/download/cmd.c
Compatible With
We have monitoring servers shared by several customers. Problem is that one user can enter a downtime and sees the other user's machines by using the "Triggered by" option. This is a severe security incident for us. This has been fixed in a way that every customer can only see his own machines. Concerned file: cmd.c Diff:
116 int string_to_time(char *,time_t *); 117 118 //PATCH 119 host *temp_host=NULL; 120 //PATCH END 121 122 int main(void){
1178 if(temp_downtime->type!=HOST_DOWNTIME) 1179 continue; 1180 // PATCH 1181 /* find the host... */ 1182 temp_host=find_host(temp_downtime->host_name); 1183 1184 /* make sure user has rights to view this host */ 1185 if(is_authorized_for_host(temp_host,¤t_authdata)==FALSE) 1186 continue; 1187 //PATCH END 1188 printf("<option value='%lu'>",temp_downtime->downtime_id);
I added also the whole file. It would be great if this patch could be integrated into the next version. This would make us update safe.
You must be logged in to submit a review.
To:
From: