Home Directory Patches Nagios Core Command CGI Scheduled Downtime Patch

Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com

Login

Remember Me

Directory Tree

Command CGI Scheduled Downtime Patch

Rating
0 votes
Favoured:
0
Current Version
3.2.0
Compatible With
  • Nagios 3.x
Hits
92229
Files:
FileDescription
cmd.ccmd.c
Nagios CSP

Meet The New Nagios Core Services Platform

Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.

Monitoring Made Magically Better

  • Nagios Core on Overdrive
  • Powerful Monitoring Dashboards
  • Time-Saving Configuration Wizards
  • Open Source Powered Monitoring On Steroids
  • And So Much More!
Problem: customers can see machines from other customers when entering a downtime
Solution: customer can only see his/her own machines when choosing "triggered by"
We have monitoring servers shared by several customers. Problem is that one user can enter a downtime and sees the other user's machines by using the "Triggered by" option. This is a severe security incident for us.
This has been fixed in a way that every customer can only see his own machines.
Concerned file:
cmd.c
Diff:

116 int string_to_time(char *,time_t *);
117
118 //PATCH
119 host *temp_host=NULL;
120 //PATCH END
121
122 int main(void){

1178 if(temp_downtime->type!=HOST_DOWNTIME)
1179 continue;
1180 // PATCH
1181 /* find the host... */
1182 temp_host=find_host(temp_downtime->host_name);
1183
1184 /* make sure user has rights to view this host */
1185
if(is_authorized_for_host(temp_host,¤t_authdata)==FALSE)
1186 continue;
1187 //PATCH END
1188 printf("