You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 15, 2019. It is now read-only.
Created by mfriedrich on 2010-10-18 14:05:40 +00:00
Assignee: mfriedrich
Status: Resolved (closed on 2010-12-17 17:38:30 +00:00)
Target Version: 1.3
Last Update: 2014-12-08 09:34:23 +00:00 (in Redmine)
-------- Original Message --------
Subject: Re: [Nagios-devel] Nagios - Attribute based authorization
Date: Mon, 18 Oct 2010 11:05:36 +0200
From: Vágó Tibor
Reply-To: Nagios Developers List
To: Nagios Developers List
CC: crm@niif.hu, Gabor ROCZEI
Dear List,
the development of this feature has been finished and it had been
tested in 99% of possible cases. The patch is attached to this e-mail.
As you can see we work with nagios version 3.2.1.
Kind Regards,
Tibor Vago
2010-05-21 17:06, Vago Tibor wrote:
> Dear Andreas,
>
> Thansk for the quick answer.
> We will start the development for this feature and send patch(es) to
> the ND list.
>
> Kind regards,
> Tibor
>
>
> 2010-05-19 12:15 keltezéssel, Andreas Ericsson írta:
>> On 05/19/2010 11:03 AM, Vágó Tibor wrote:
>>> Dear Nagios devel-list,
>>>
>>> We would like to use attribute based authority checking in Nagios.
>>> We use authentication but not SSL-based.
>>>
>>> Our conception is (based nagios-version-3.2.1) the following:
>>>
>>> *Step1*
>>> cgi/status.c:
>>> -------------------------------------------------
>>> //line136:
>>> authdata current_authdata;
>>>
>>> //line244:
>>> get_authentication_information(¤t_authdata);
>>>
>>> Add some char variables to authdata structure.
>>>
>>> include/cgiauth.h
>>> -------------------------------------------------
>>> typedef struct authdata_struct{
>>> char *username;
>>> int authorized_for_all_hosts;
>>> int authorized_for_all_host_commands;
>>> int authorized_for_all_services;
>>> int authorized_for_all_service_commands;
>>> int authorized_for_system_information;
>>> int authorized_for_system_commands;
>>> int authorized_for_configuration_information;
>>> int authorized_for_read_only;
>>> int authenticated;
>>> //TODO
>>> char **host_allow_to_see;
>>> char **service_allow_to_see;
>>> ...
>>> }authdata;
>>>
>>>
>>>
>>>
>>> *Step2*
>>> cgi/cgiauth.c
>>> -------------------------------------------------
>>> line86 /* read in authorization override vars from config file... */
>>> line87 if((thefile=mmap_fopen(get_cgi_config_location()))!=NULL){
>>> ...
>>> line95 if((input=mmap_fgets_multiline(thefile))==NULL)
>>> line96 break;
>>>
>>> authinfo->username=""
>>> authinfo->authenticated=FALSE
>>> authinfo->authorized_for_all_hosts=FALSE;
>>> authinfo->authorized_for_all_host_commands=FALSE;
>>> authinfo->authorized_for_all_services=FALSE;
>>> authinfo->authorized_for_all_service_commands=FALSE;
>>> authinfo->authorized_for_system_information=FALSE;
>>> authinfo->authorized_for_system_commands=FALSE;
>>> authinfo->authorized_for_configuration_information=FALSE;
>>> authinfo->authorized_for_read_only=FALSE;
>>> // TODO:
>>> // newlocal variable:
>>> attribute_server_variable="entitlement";
>>>
>>>
>>>
>>> *Step3*
>>> Check the CGI config file is it contains "attribute_server_variable".
>>> If it not doesn't contain then we can return just like now.
>>> If it contains then read its value otherwise the default value is
>>> "entitlement".
>>> Then split value about ";" and put that pieces into an array.
>>>
>>> Now we can compare the attribute pieces of array from server variable
>>> and attributes from CGI configs.
>>> Theese compares will be placed in the following functions:
>>>
>>> int is_authorized_for_host(){...}
>>> int is_authorized_for_service(){...}
>>> ...
>>> etc.
>>>
>>> Can anyone inform me if this feature is currently under development or
>>> already usable.
>>
>> It's not under development and it's definitely not already usable.
>>
>>> If not, we would like to add this feature to the
>>> Nagios source code cooperate with the developer team. How can I send
>>> patches or modification?
>>>
>>
>> You can send patches in unified diff format to this list, where I, Ton
>> or Ethan will pick them up and put them "somewhere" and evaluate them
>> for a future release. Note that details about the patch may well be
>> altered during the review process. If the patch is crap, we'll tell you
>> so and give you details about what needs to be changed in order for it
>> to be accepted.
>>
>> Since it's a change to the cgi's, no new major release has to be done.
>>
>
This issue has been migrated from Redmine: https://dev.icinga.com/issues/909
Created by mfriedrich on 2010-10-18 14:05:40 +00:00
Assignee: mfriedrich
Status: Resolved (closed on 2010-12-17 17:38:30 +00:00)
Target Version: 1.3
Last Update: 2014-12-08 09:34:23 +00:00 (in Redmine)
Attachments
Changesets
2010-11-05 16:36:40 +00:00 by mfriedrich 71e9bc8
The text was updated successfully, but these errors were encountered: