Command CGI Scheduled Downtime Patch

Submit review Recommend Print Contact Owner

Rating

0 votes

Favoured:

Current Version

3.2.0

Compatible With

Nagios 3.x

Owner

sunflower99

Download URL

kdxxl.111mb.de/download/cmd.c

Hits

92270

Files:

File	Description
cmd.c	cmd.c

Meet The New Nagios Core Services Platform

Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.

Download Now

Monitoring Made Magically Better

Nagios Core on Overdrive
Powerful Monitoring Dashboards
Time-Saving Configuration Wizards
Open Source Powered Monitoring On Steroids
And So Much More!

Problem: customers can see machines from other customers when entering a downtime
Solution: customer can only see his/her own machines when choosing "triggered by"

We have monitoring servers shared by several customers. Problem is that one user can enter a downtime and sees the other user's machines by using the "Triggered by" option. This is a severe security incident for us.
This has been fixed in a way that every customer can only see his own machines.
Concerned file:
cmd.c
Diff:

116 int string_to_time(char *,time_t *);
117
118 //PATCH
119 host *temp_host=NULL;
120 //PATCH END
121
122 int main(void){

1178 if(temp_downtime->type!=HOST_DOWNTIME)
1179 continue;
1180 // PATCH
1181 /* find the host... */
1182 temp_host=find_host(temp_downtime->host_name);
1183
1184 /* make sure user has rights to view this host */
1185
if(is_authorized_for_host(temp_host,¤t_authdata)==FALSE)
1186 continue;
1187 //PATCH END
1188 printf("

Reviews (0)

Be the first to review this listing!

Nagios, the Nagios logo, and Nagios graphics are the servicemarks, trademarks, or registered trademarks owned by Nagios Enterprises. All other servicemarks and trademarks are the property of their respective owner. The files and information on this site are the property of their respective owner(s). Nagios Enterprises makes no claims or warranties as to the fitness of any file or information on this website, for any purpose whatsoever. In fact, we officially disclaim all liability. We do, however, think these community contributions are pretty damn cool. Website Copyright © 2009-2024 Nagios Enterprises, LLC. All rights reserved.