diff -ur nagios/base/config.c work/base/config.c --- nagios/base/config.c 2006-10-27 17:56:00.000000000 -0400 +++ work/base/config.c 2006-11-07 20:13:36.000000000 -0500 @@ -183,6 +183,7 @@ extern host **host_hashlist; extern service **service_hashlist; +extern char *default_permissions; @@ -1523,6 +1524,22 @@ #endif } + else if(!strcmp(variable,"default_permissions")){ + if(default_permissions!=NULL) + free(default_permissions); + default_permissions=(char *)strdup(value); + if(default_permissions==NULL){ + strcpy(error_message,"Could not allocate memory for default permissions string"); + error=TRUE; + break; + } + strip(default_permissions); + +#ifdef DEBUG1 + printf("\t\tdefault_permissions set to '%s'\n",default_permissions); +#endif + } + /* warn about old variables */ else if(!strcmp(variable,"comment_file") || !strcmp(variable,"xcddefault_comment_file")){ asprintf(&temp_buffer,"Warning: comment_file variable ignored. Comments are now stored in the status and retention files."); diff -ur nagios/base/nagios.c work/base/nagios.c --- nagios/base/nagios.c 2006-10-27 17:56:00.000000000 -0400 +++ work/base/nagios.c 2006-11-07 20:13:36.000000000 -0500 @@ -243,6 +243,8 @@ circular_buffer check_result_buffer; pthread_t worker_threads[TOTAL_WORKER_THREADS]; +char *default_permissions; + /* Following main() declaration required by older versions of Perl ut 5.00503 */ diff -ur nagios/base/notifications.c work/base/notifications.c --- nagios/base/notifications.c 2006-07-18 17:34:56.000000000 -0400 +++ work/base/notifications.c 2006-11-07 20:13:36.000000000 -0500 @@ -47,6 +47,8 @@ extern char *generic_summary; +extern char *default_permissions; + /******************************************************************/ @@ -875,6 +877,8 @@ #endif contactsmember *temp_contactsmember=NULL; contact *temp_contact=NULL; + char *temp_contact_name; + char *perms; #ifdef DEBUG0 printf("create_notification_list_from_service() end\n"); @@ -908,9 +912,31 @@ /* find each contact in this escalation entry */ for(temp_contactsmember=temp_se->contacts;temp_contactsmember!=NULL;temp_contactsmember=temp_contactsmember->next){ - if((temp_contact=temp_contactsmember->contact_ptr)==NULL) - continue; - add_notification(temp_contact); + /* Check for permissions */ + temp_contact_name = strdup(temp_contactsmember->contact_name); + perms = strchr(temp_contact_name, ':'); + if (perms) { + perms = strchr(perms, 'n'); + if (! (perms)) { /* permission not found so deny */ + if (temp_contact_name) + free(temp_contact_name); + continue; + } + } + else if (default_permissions) { + /* No permissions defined for service, but default permissions found */ + perms = strchr(default_permissions, 'n'); + if (! (perms)) { /* permission not found so deny */ + if (temp_contact_name) + free(temp_contact_name); + continue; + } + } + + /* No permissions set so defaulting to full access, or user has permission */ + + add_notification(temp_contactsmember->contact_ptr); + } } } @@ -1718,6 +1744,8 @@ #endif contactsmember *temp_contactsmember=NULL; contact *temp_contact=NULL; + char *temp_contact_name; + char *perms; #ifdef DEBUG0 printf("create_notification_list_from_host() start\n"); @@ -1778,12 +1806,34 @@ #endif /* get all contacts for this host */ for(temp_contactsmember=hst->contacts;temp_contactsmember!=NULL;temp_contactsmember=temp_contactsmember->next){ - if((temp_contact=temp_contactsmember->contact_ptr)==NULL) - continue; - add_notification(temp_contact); - } - } + /* Check for permissions */ + temp_contact_name = strdup(temp_contactsmember->contact_name); + perms = strchr(temp_contact_name, ':'); + if (perms) { + perms = strchr(perms, 'n'); + if (! (perms)) { /* permission not found so deny */ + if (temp_contact_name) + free(temp_contact_name); + continue; + } + } + else if (default_permissions) { + /* No permissions defined for service, but default permissions found */ + perms = strchr(default_permissions, 'n'); + if (! (perms)) { /* permission not found so deny */ + if (temp_contact_name) + free(temp_contact_name); + continue; + } + } + + /* No permissions set so defaulting to full access, or user has permission */ + + add_notification(temp_contactsmember->contact_ptr); + } + } + #ifdef DEBUG0 printf("create_notification_list_from_host() end\n"); #endif diff -ur nagios/cgi/cgiauth.c work/cgi/cgiauth.c --- nagios/cgi/cgiauth.c 2006-02-27 15:32:12.000000000 -0500 +++ work/cgi/cgiauth.c 2006-11-10 20:52:52.000000000 -0500 @@ -43,6 +43,7 @@ extern int services_have_been_read; extern int serviceescalations_have_been_read; extern int hostescalations_have_been_read; +extern char *default_permissions; @@ -218,11 +219,11 @@ temp_contact=find_contact(authinfo->username); /* see if this user is a contact for the host */ - if(is_contact_for_host(hst,temp_contact)==TRUE) + if(is_contact_for_host_perm(hst,temp_contact,default_permissions,'r')==TRUE) return TRUE; /* see if this user is an escalated contact for the host */ - if(is_escalated_contact_for_host(hst,temp_contact)==TRUE) + if(is_escalated_contact_for_host_perm(hst,temp_contact,default_permissions,'r')==TRUE) return TRUE; return FALSE; @@ -295,18 +296,18 @@ return FALSE; /* if this user is authorized for this host, they are for all services on it as well... */ - if(is_authorized_for_host(temp_host,authinfo)==TRUE) - return TRUE; + /* if(is_authorized_for_host(temp_host,authinfo)==TRUE) + return TRUE;*/ /* find the contact */ temp_contact=find_contact(authinfo->username); /* see if this user is a contact for the service */ - if(is_contact_for_service(svc,temp_contact)==TRUE) + if(is_contact_for_service_perm(svc,temp_contact,default_permissions,'r')==TRUE) return TRUE; /* see if this user is an escalated contact for the service */ - if(is_escalated_contact_for_service(svc,temp_contact)==TRUE) + if(is_escalated_contact_for_service_perm(svc,temp_contact,default_permissions,'r')==TRUE) return TRUE; return FALSE; @@ -419,20 +420,20 @@ if(temp_contact && temp_contact->can_submit_commands==FALSE) return FALSE; - /* see if this user is a contact for the host */ - if(is_contact_for_host(temp_host,temp_contact)==TRUE) + /* see if this user is a contact for the host with permissions */ + if(is_contact_for_host_perm(temp_host,temp_contact,default_permissions,'x')==TRUE) return TRUE; /* see if this user is an escalated contact for the host */ - if(is_escalated_contact_for_host(temp_host,temp_contact)==TRUE) + if(is_escalated_contact_for_host_perm(temp_host,temp_contact,default_permissions,'x')==TRUE) return TRUE; - /* this user is a contact for the service, so they have permission... */ - if(is_contact_for_service(svc,temp_contact)==TRUE) + /* see if this user is a contact for the service with permissions */ + if(is_contact_for_service_perm(svc,temp_contact,default_permissions,'x')==TRUE) return TRUE; /* this user is an escalated contact for the service, so they have permission... */ - if(is_escalated_contact_for_service(svc,temp_contact)==TRUE) + if(is_escalated_contact_for_service_perm(svc,temp_contact,default_permissions,'x')==TRUE) return TRUE; /* this user is not a contact for the host, so they must have been given explicit permissions to all service commands */ @@ -470,11 +471,11 @@ return FALSE; /* this user is a contact for the host, so they have permission... */ - if(is_contact_for_host(hst,temp_contact)==TRUE) + if(is_contact_for_host_perm(hst,temp_contact,default_permissions,'x')==TRUE) return TRUE; /* this user is an escalated contact for the host, so they have permission... */ - if(is_escalated_contact_for_host(hst,temp_contact)==TRUE) + if(is_escalated_contact_for_host_perm(hst,temp_contact,default_permissions,'x')==TRUE) return TRUE; /* this user is not a contact for the host, so they must have been given explicit permissions to all host commands */ diff -ur nagios/cgi/cgiutils.c work/cgi/cgiutils.c --- nagios/cgi/cgiutils.c 2006-05-20 14:36:54.000000000 -0400 +++ work/cgi/cgiutils.c 2006-11-07 20:13:36.000000000 -0500 @@ -111,6 +111,8 @@ int default_statusmap_layout_method=0; int default_statuswrl_layout_method=0; +char *default_permissions=NULL; + extern hostgroup *hostgroup_list; extern contactgroup *contactgroup_list; extern command *command_list; @@ -457,6 +459,13 @@ ping_syntax=strdup(temp_buffer); } + else if(strstr(input,"default_permissions=")==input){ + temp_buffer=strtok(input,"="); + temp_buffer=strtok(NULL,"\n"); + if(temp_buffer==NULL) + continue; + default_permissions=strdup(temp_buffer); + } } /* free memory and close the file */ diff -ur nagios/common/objects.c work/common/objects.c --- nagios/common/objects.c 2006-09-18 13:03:50.000000000 -0400 +++ work/common/objects.c 2006-11-10 21:01:25.000000000 -0500 @@ -3284,6 +3284,8 @@ /* find a contact from the list in memory */ contact * find_contact(char *name){ contact *temp_contact=NULL; + char *temp_contact_name; + char *perms; #ifdef DEBUG0 printf("find_contact() start\n"); @@ -3292,9 +3294,15 @@ if(name==NULL || contact_hashlist==NULL) return NULL; - for(temp_contact=contact_hashlist[hashfunc(name,NULL,CONTACT_HASHSLOTS)];temp_contact && compare_hashdata(temp_contact->name,NULL,name,NULL)<0;temp_contact=temp_contact->nexthash); + /* Ignore permissions */ + temp_contact_name = strdup(name); + perms = strchr(temp_contact_name, ':'); + if (perms) + *perms = '\0'; + + for(temp_contact=contact_hashlist[hashfunc(temp_contact_name,NULL,CONTACT_HASHSLOTS)];temp_contact && compare_hashdata(temp_contact->name,NULL,temp_contact_name,NULL)<0;temp_contact=temp_contact->nexthash); - if(temp_contact && (compare_hashdata(temp_contact->name,NULL,name,NULL)==0)) + if(temp_contact && (compare_hashdata(temp_contact->name,NULL,temp_contact_name,NULL)==0)) return temp_contact; #ifdef DEBUG0 @@ -3309,6 +3317,8 @@ /* find a contact group from the list in memory */ contactgroup * find_contactgroup(char *name){ contactgroup *temp_contactgroup=NULL; + char *temp_contactgroup_name; + char *perms; #ifdef DEBUG0 printf("find_contactgroup() start\n"); @@ -3317,9 +3327,15 @@ if(name==NULL || contactgroup_hashlist==NULL) return NULL; - for(temp_contactgroup=contactgroup_hashlist[hashfunc(name,NULL,CONTACTGROUP_HASHSLOTS)];temp_contactgroup && compare_hashdata(temp_contactgroup->group_name,NULL,name,NULL)<0;temp_contactgroup=temp_contactgroup->nexthash); + /* Ignore permissions */ + temp_contactgroup_name = strdup(name); + perms = strchr(temp_contactgroup_name, ':'); + if (perms) + *perms = '\0'; - if(temp_contactgroup && (compare_hashdata(temp_contactgroup->group_name,NULL,name,NULL)==0)) + for(temp_contactgroup=contactgroup_hashlist[hashfunc(temp_contactgroup_name,NULL,CONTACTGROUP_HASHSLOTS)];temp_contactgroup && compare_hashdata(temp_contactgroup->group_name,NULL,temp_contactgroup_name,NULL)<0;temp_contactgroup=temp_contactgroup->nexthash); + + if(temp_contactgroup && (compare_hashdata(temp_contactgroup->group_name,NULL,temp_contactgroup_name,NULL)==0)) return temp_contactgroup; #ifdef DEBUG0 @@ -3854,6 +3870,8 @@ #endif contactsmember *temp_contactsmember=NULL; contact *temp_contact=NULL; + char *temp_contact_name; + char *perms; if(hst==NULL || cntct==NULL){ return FALSE; @@ -3882,9 +3900,91 @@ #ifdef NSCORE temp_contact=temp_contactsmember->contact_ptr; #else - temp_contact=find_contact(temp_contactsmember->contact_name); + /* Ignore permissions */ + temp_contact_name = strdup(temp_contactsmember->contact_name); + perms = strchr(temp_contact_name, ':'); + if (perms) + *perms = '\0'; + + temp_contact=find_contact(temp_contactsmember->contact_name); +#endif + + if(temp_contact==cntct) + return TRUE; + } + + return FALSE; + } + + + +/* tests whether a contact is a contact for a particular host with permissions */ +int is_contact_for_host_perm(host *hst, contact *cntct, char *default_perm, char perm){ +#ifdef REMOVED_07182006 + contactgroupsmember *temp_contactgroupsmember=NULL; + contactgroup *temp_contactgroup=NULL; +#endif + contactsmember *temp_contactsmember=NULL; + contact *temp_contact=NULL; + char *temp_contact_name; + char *perms; + + if(hst==NULL || cntct==NULL){ + return FALSE; + } + +#ifdef REMOVED_07182006 + /* search all contact groups of this host */ + for(temp_contactgroupsmember=hst->contact_groups;temp_contactgroupsmember!=NULL;temp_contactgroupsmember=temp_contactgroupsmember->next){ + + /* find the contact group */ +#ifdef NSCORE + temp_contactgroup=temp_contactgroupsmember->group_ptr; +#else + temp_contactgroup=find_contactgroup(temp_contactgroupsmember->group_name); #endif + if(temp_contactgroup==NULL) + continue; + if(is_contact_member_of_contactgroup(temp_contactgroup,cntct)==TRUE) + return TRUE; + } +#endif + + /* search all contacts of this host */ + for(temp_contactsmember=hst->contacts;temp_contactsmember!=NULL;temp_contactsmember=temp_contactsmember->next){ +//#ifdef NSCORE +// temp_contact=temp_contactsmember->contact_ptr; +//#else + /* Check for permissions */ + temp_contact_name = strdup(temp_contactsmember->contact_name); + perms = strchr(temp_contact_name, ':'); + if (perms) { + perms = strchr(perms, perm); + if (! (perms)) { /* permission not found so deny */ + if (temp_contact_name) + free(temp_contact_name); + continue; + } + } + else if (default_perm) { + /* No permissions defined for service, but default permissions found */ + perms = strchr(default_perm, perm); + if (! (perms)) { /* permission not found so deny */ + if (temp_contact_name) + free(temp_contact_name); + continue; + } + } + + /* No permissions set so defaulting to full access, or user has permission */ + + perms = strchr(temp_contact_name, ':'); + if (perms) + *perms = '\0'; /* Remove perms from temp_contact_name */ + temp_contact=find_contact(temp_contact_name); +//#endif + if(temp_contact==cntct) return TRUE; } @@ -3945,6 +4045,86 @@ } + +/* tests whether or not a contact is an escalated contact for a particular host */ +int is_escalated_contact_for_host_perm(host *hst, contact *cntct, char *default_perm, char perm){ +#ifdef REMOVED_07182006 + contactgroupsmember *temp_contactgroupsmember=NULL; + contactgroup *temp_contactgroup=NULL; +#endif + contactsmember *temp_contactsmember=NULL; + contact *temp_contact=NULL; + hostescalation *temp_hostescalation=NULL; + char *temp_contact_name; + char *perms; + + + /* search all host escalations */ + for(temp_hostescalation=get_first_hostescalation_by_host(hst->name);temp_hostescalation!=NULL;temp_hostescalation=get_next_hostescalation_by_host(hst->name,temp_hostescalation)){ + +#ifdef REMOVED_07182006 + /* search all the contact groups in this escalation... */ + for(temp_contactgroupsmember=temp_hostescalation->contact_groups;temp_contactgroupsmember!=NULL;temp_contactgroupsmember=temp_contactgroupsmember->next){ + + /* find the contact group */ +#ifdef NSCORE + temp_contactgroup=temp_contactgroupsmember->group_ptr; +#else + temp_contactgroup=find_contactgroup(temp_contactgroupsmember->group_name); +#endif + if(temp_contactgroup==NULL) + continue; + + /* see if the contact is a member of this contact group */ + if(is_contact_member_of_contactgroup(temp_contactgroup,cntct)==TRUE) + return TRUE; + } +#endif + + /* search all contacts of this host escalation */ + for(temp_contactsmember=temp_hostescalation->contacts;temp_contactsmember!=NULL;temp_contactsmember=temp_contactsmember->next){ +//#ifdef NSCORE +// temp_contact=temp_contactsmember->contact_ptr; +//#else + /* Check for permissions */ + temp_contact_name = strdup(temp_contactsmember->contact_name); + perms = strchr(temp_contact_name, ':'); + if (perms) { + perms = strchr(perms, perm); + if (! (perms)) { /* permission not found so deny */ + if (temp_contact_name) + free(temp_contact_name); + continue; + } + } + else if (default_perm) { + /* No permissions defined for service, but default permissions found */ + perms = strchr(default_perm, perm); + if (! (perms)) { /* permission not found so deny */ + if (temp_contact_name) + free(temp_contact_name); + continue; + } + } + + /* No permissions set so defaulting to full access, or user has permission */ + + perms = strchr(temp_contact_name, ':'); + if (perms) + *perms = '\0'; /* Remove perms from temp_contact_name */ + + temp_contact=find_contact(temp_contact_name); +//#endif + + if(temp_contact==cntct) + return TRUE; + } + } + + return FALSE; + } + + /* tests whether a contact is a contact for a particular service */ int is_contact_for_service(service *svc, contact *cntct){ #ifdef REMOVED_07182006 @@ -3953,6 +4133,8 @@ #endif contactsmember *temp_contactsmember=NULL; contact *temp_contact=NULL; + char *temp_contact_name; + char *perms; if(svc==NULL || cntct==NULL) return FALSE; @@ -3979,9 +4161,16 @@ /* search all contacts of this service */ for(temp_contactsmember=svc->contacts;temp_contactsmember!=NULL;temp_contactsmember=temp_contactsmember->next){ #ifdef NSCORE + temp_contact=temp_contactsmember->contact_ptr; #else - temp_contact=find_contact(temp_contactsmember->contact_name); + /* Ignore permissions */ + temp_contact_name = strdup(temp_contactsmember->contact_name); + perms = strchr(temp_contact_name, ':'); + if (perms) + *perms = '\0'; + + temp_contact=find_contact(temp_contactsmember->contact_name); #endif if(temp_contact==cntct) @@ -3993,6 +4182,84 @@ +/* tests whether a contact is a contact for a particular service with permissions */ +int is_contact_for_service_perm(service *svc, contact *cntct, char *default_perm, char perm){ +#ifdef REMOVED_07182006 + contactgroupsmember *temp_contactgroupsmember=NULL; + contactgroup *temp_contactgroup=NULL; +#endif + contactsmember *temp_contactsmember=NULL; + contact *temp_contact=NULL; + char *temp_contact_name; + char *perms; + + if(svc==NULL || cntct==NULL) + return FALSE; + +#ifdef REMOVED_07182006 + /* search all contact groups of this service */ + for(temp_contactgroupsmember=svc->contact_groups;temp_contactgroupsmember!=NULL;temp_contactgroupsmember=temp_contactgroupsmember->next){ + + /* find the contact group */ +#ifdef NSCORE + temp_contactgroup=temp_contactgroupsmember->group_ptr; +#else + temp_contactgroup=find_contactgroup(temp_contactgroupsmember->group_name); +#endif + if(temp_contactgroup==NULL) + continue; + + if(is_contact_member_of_contactgroup(temp_contactgroup,cntct)==TRUE) + return TRUE; + + } +#endif + + /* search all contacts of this service */ + for(temp_contactsmember=svc->contacts;temp_contactsmember!=NULL;temp_contactsmember=temp_contactsmember->next){ +//#ifdef NSCORE + +// temp_contact=temp_contactsmember->contact_ptr; +//#else + /* Check for permissions */ + temp_contact_name = strdup(temp_contactsmember->contact_name); + perms = strchr(temp_contact_name, ':'); + if (perms) { + perms = strchr(perms, perm); + if (! (perms)) { /* permission not found so deny */ + if (temp_contact_name) + free(temp_contact_name); + continue; + } + } + else if (default_perm) { + /* No permissions defined for service, but default permissions found */ + perms = strchr(default_perm, perm); + if (! (perms)) { /* permission not found so deny */ + if (temp_contact_name) + free(temp_contact_name); + continue; + } + } + + /* No permissions set so defaulting to full access, or user has permission */ + + perms = strchr(temp_contact_name, ':'); + if (perms) + *perms = '\0'; /* Remove perms from temp_contact_name */ + + temp_contact=find_contact(temp_contact_name); +//#endif + if(temp_contact==cntct) + return TRUE; + } + + return FALSE; + } + + + + /* tests whether or not a contact is an escalated contact for a particular service */ int is_escalated_contact_for_service(service *svc, contact *cntct){ serviceescalation *temp_serviceescalation=NULL; @@ -4043,6 +4310,86 @@ } +/* tests whether or not a contact is an escalated contact for a particular service */ +int is_escalated_contact_for_service_perm(service *svc, contact *cntct, char *default_perm, char perm){ + serviceescalation *temp_serviceescalation=NULL; +#ifdef REMOVED_07182006 + contactgroupsmember *temp_contactgroupsmember=NULL; + contactgroup *temp_contactgroup=NULL; +#endif + contactsmember *temp_contactsmember=NULL; + contact *temp_contact=NULL; + char *temp_contact_name; + char *perms; + + /* search all the service escalations */ + for(temp_serviceescalation=get_first_serviceescalation_by_service(svc->host_name,svc->description);temp_serviceescalation!=NULL;temp_serviceescalation=get_next_serviceescalation_by_service(svc->host_name,svc->description,temp_serviceescalation)){ + +#ifdef REMOVED_07182006 + /* search all the contact groups in this escalation... */ + for(temp_contactgroupsmember=temp_serviceescalation->contact_groups;temp_contactgroupsmember!=NULL;temp_contactgroupsmember=temp_contactgroupsmember->next){ + + /* find the contact group */ +#ifdef NSCORE + temp_contactgroup=temp_contactgroupsmember->group_ptr; +#else + temp_contactgroup=find_contactgroup(temp_contactgroupsmember->group_name); +#endif + if(temp_contactgroup==NULL) + continue; + + /* see if the contact is a member of this contact group */ + if(is_contact_member_of_contactgroup(temp_contactgroup,cntct)==TRUE) + return TRUE; + } +#endif + + /* search all contacts of this service escalation */ + for(temp_contactsmember=temp_serviceescalation->contacts;temp_contactsmember!=NULL;temp_contactsmember=temp_contactsmember->next){ +//#ifdef NSCORE +// temp_contact=temp_contactsmember->contact_ptr; +//#else + + /* Check for permissions */ + temp_contact_name = strdup(temp_contactsmember->contact_name); + perms = strchr(temp_contact_name, ':'); + if (perms) { + perms = strchr(perms, perm); + if (! (perms)) { /* permission not found so deny */ + if (temp_contact_name) + free(temp_contact_name); + continue; + } + } + else if (default_perm) { + /* No permissions defined for service, but default permissions found */ + perms = strchr(default_perm, perm); + if (! (perms)) { /* permission not found so deny */ + if (temp_contact_name) + free(temp_contact_name); + continue; + } + } + + /* No permissions set so defaulting to full access, or user has permission */ + + perms = strchr(temp_contact_name, ':'); + if (perms) + *perms = '\0'; /* Remove perms from temp_contact_name */ + + temp_contact=find_contact(temp_contact_name); + +//#endif + + if(temp_contact==cntct) + return TRUE; + } + } + + return FALSE; + } + + #ifdef NSCORE /* checks to see if there exists a circular parent/child path for a host */ diff -ur nagios/sample-config/cgi.cfg.in work/sample-config/cgi.cfg.in --- nagios/sample-config/cgi.cfg.in 2005-05-05 17:37:25.000000000 -0400 +++ work/sample-config/cgi.cfg.in 2006-11-07 20:13:36.000000000 -0500 @@ -170,6 +170,16 @@ +# DEFAULT HOST/SERVICE PERMISSIONS +# This option contains a list of default permissions for hosts and +# services that will be used when permissions are not explicitly +# set on a host or service. When not defined, the default is all +# permissions (rwxn). Note: This option must be set the same in +# both cgi.cfg and nagios.cfg. + +#default_permissions=rwxn + + # STATUSMAP BACKGROUND IMAGE # This option allows you to specify an image to be used as a diff -ur nagios/sample-config/nagios.cfg.in work/sample-config/nagios.cfg.in --- nagios/sample-config/nagios.cfg.in 2006-10-28 00:35:31.000000000 -0400 +++ work/sample-config/nagios.cfg.in 2006-11-07 20:13:36.000000000 -0500 @@ -1037,5 +1037,16 @@ +# DEFAULT HOST/SERVICE PERMISSIONS +# This option contains a list of default permissions for hosts and +# services that will be used when permissions are not explicitly +# set on a host or service. When not defined, the default is all +# permissions (rwxn). Note: This option must be set the same in +# both cgi.cfg and nagios.cfg. + +#default_permissions=rwxn + + + # EOF (End of file) diff -ur nagios/xdata/xodtemplate.c work/xdata/xodtemplate.c --- nagios/xdata/xodtemplate.c 2006-11-06 21:28:28.000000000 -0500 +++ work/xdata/xodtemplate.c 2006-11-10 20:58:09.000000000 -0500 @@ -8312,19 +8312,30 @@ /* finds a specific contactgroup object by its REAL name, not its TEMPLATE name */ xodtemplate_contactgroup *xodtemplate_find_real_contactgroup(char *name){ xodtemplate_contactgroup *temp_contactgroup=NULL; + char *temp_contactgroup_name; + char *perms; if(name==NULL) return NULL; + /* Ignore permissions */ + temp_contactgroup_name = strdup(name); + perms = strchr(temp_contactgroup_name, ':'); + if (perms) + *perms = '\0'; + for(temp_contactgroup=xodtemplate_contactgroup_list;temp_contactgroup!=NULL;temp_contactgroup=temp_contactgroup->next){ if(temp_contactgroup->register_object==FALSE) continue; if(temp_contactgroup->contactgroup_name==NULL) continue; - if(!strcmp(temp_contactgroup->contactgroup_name,name)) + if(!strcmp(temp_contactgroup->contactgroup_name,temp_contactgroup_name)) break; } + if (temp_contactgroup_name) + free (temp_contactgroup_name); + return temp_contactgroup; } @@ -8461,19 +8472,30 @@ /* finds a specific contact object by its REAL name, not its TEMPLATE name */ xodtemplate_contact *xodtemplate_find_real_contact(char *name){ xodtemplate_contact *temp_contact=NULL; + char *temp_contact_name; + char *perms; if(name==NULL) return NULL; + /* Ignore permissions */ + temp_contact_name = strdup(name); + perms = strchr(temp_contact_name, ':'); + if (perms) + *perms = '\0'; + for(temp_contact=xodtemplate_contact_list;temp_contact!=NULL;temp_contact=temp_contact->next){ if(temp_contact->register_object==FALSE) continue; if(temp_contact->contact_name==NULL) continue; - if(!strcmp(temp_contact->contact_name,name)) + if(!strcmp(temp_contact->contact_name,temp_contact_name)) break; } + if (temp_contact_name) + free (temp_contact_name); + return temp_contact; } @@ -11958,6 +11980,8 @@ int found_match=TRUE; int reject_item=FALSE; int use_regexp=FALSE; + char *temp_group_name; + char *perms; #ifdef NSCORE char *temp_buffer=NULL; #endif @@ -11974,13 +11998,16 @@ return ERROR; for(temp_ptr=strtok(contactgroup_names,",");temp_ptr;temp_ptr=strtok(NULL,",")){ - found_match=FALSE; reject_item=FALSE; /* strip trailing spaces */ strip(temp_ptr); + /* Check for permissions on the group. These will be added to each contact */ + temp_group_name = strdup(temp_ptr); + perms = strchr(temp_group_name, ':'); + /* should we use regular expression matching? */ if(use_regexp_matches==TRUE && (use_true_regexp_matching==TRUE || strstr(temp_ptr,"*") || strstr(temp_ptr,"?"))) use_regexp=TRUE; @@ -12013,7 +12040,7 @@ continue; /* add contactgroup members to list */ - xodtemplate_add_contactgroup_members_to_contactlist(list,temp_contactgroup); + xodtemplate_add_contactgroup_members_to_contactlist(list,temp_contactgroup,perms); } /* free memory allocated to compiled regexp */ @@ -12035,7 +12062,7 @@ continue; /* add contactgroup to list */ - xodtemplate_add_contactgroup_members_to_contactlist(list,temp_contactgroup); + xodtemplate_add_contactgroup_members_to_contactlist(list,temp_contactgroup,perms); } } @@ -12055,7 +12082,7 @@ found_match=TRUE; /* add contactgroup members to proper list */ - xodtemplate_add_contactgroup_members_to_contactlist((reject_item==TRUE)?reject_list:list,temp_contactgroup); + xodtemplate_add_contactgroup_members_to_contactlist((reject_item==TRUE)?reject_list:list,temp_contactgroup,perms); } } } @@ -12068,10 +12095,13 @@ #endif break; } + if(temp_group_name) + free (temp_group_name); } /* free memory */ my_free((void **)&contactgroup_names); + #ifdef DEBUG0 printf("xodtemplate_expand_contactgroups() end\n"); @@ -12223,9 +12253,10 @@ /* adds members of a contactgroups to the list of expanded (accepted) or rejected contacts */ -int xodtemplate_add_contactgroup_members_to_contactlist(xodtemplate_contactlist **list, xodtemplate_contactgroup *temp_contactgroup){ +int xodtemplate_add_contactgroup_members_to_contactlist(xodtemplate_contactlist **list, xodtemplate_contactgroup *temp_contactgroup,char *perms){ char *group_members=NULL; char *member_name=NULL; + char *member_name_with_perms=NULL; char *member_ptr=NULL; if(list==NULL || temp_contactgroup==NULL) @@ -12247,8 +12278,17 @@ /* strip trailing spaces from member name */ strip(member_name); + /* add perms to member */ + if (perms) + asprintf(&member_name_with_perms,"%s%s",member_name,perms); + else + member_name_with_perms = strdup(member_name); + /* add contact to the list */ - xodtemplate_add_contact_to_contactlist(list,member_name); + xodtemplate_add_contact_to_contactlist(list,member_name_with_perms); + + if (member_name_with_perms) + free (member_name_with_perms); } my_free((void **)&group_members); @@ -12261,15 +12301,87 @@ int xodtemplate_add_contact_to_contactlist(xodtemplate_contactlist **list, char *contact_name){ xodtemplate_contactlist *temp_item=NULL; xodtemplate_contactlist *new_item=NULL; + char *temp_contact_name_in_list=NULL; + char *temp_contact_name_in_list_perms=NULL; + char *temp_contact_name=NULL; + char *temp_contact_name_perms=NULL; + char *temp_new_contact_name=NULL; + char *perms=NULL; + char *new_perms=NULL; + int found = 0; if(list==NULL || contact_name==NULL) return ERROR; - /* skip this contact if its already in the list */ - for(temp_item=*list;temp_item;temp_item=temp_item->next) - if(!strcmp(temp_item->contact_name,contact_name)) - break; - if(temp_item) + /* merge / replace this contact if its already in the list */ + for(temp_item=*list;temp_item;temp_item=temp_item->next) { + + /* Ignore permissions */ + temp_contact_name_in_list = strdup(temp_item->contact_name); + perms = strchr(temp_contact_name_in_list, ':'); + if (perms) { + temp_contact_name_in_list_perms = strdup(perms); + *perms = '\0'; + } + + temp_contact_name = strdup(contact_name); + perms = strchr(temp_contact_name, ':'); + if (perms) { + temp_contact_name_perms = strdup(perms); + *perms = '\0'; + } + + /* Check for match (ignoring permissions) */ + if(!strcmp(temp_contact_name_in_list,temp_contact_name)) + found=1; + + if (found) { + /* Found match (duplicate) */ + + /* Create new contact name that includes all perm */ + if (temp_contact_name_in_list_perms && temp_contact_name_perms) + asprintf(&temp_new_contact_name,"%s%s%s",temp_contact_name,temp_contact_name_in_list_perms,temp_contact_name_perms); + else if (temp_contact_name_in_list_perms) + asprintf(&temp_new_contact_name,"%s%s",temp_contact_name,temp_contact_name_in_list_perms); + else if (temp_contact_name_perms) + asprintf(&temp_new_contact_name,"%s%s",temp_contact_name,temp_contact_name_perms); + else + temp_new_contact_name = strdup(contact_name); + + if (temp_contact_name_in_list_perms) + free (temp_contact_name_in_list_perms); + if (temp_contact_name_perms) + free (temp_contact_name_perms); + + /* Remove contact from the list */ + xodtemplate_remove_contactlist_item(temp_item,list); + + /* allocate memory for a new list item */ + if((new_item=(xodtemplate_contactlist *)malloc(sizeof(xodtemplate_contactlist)))==NULL) + return ERROR; + + /* save the contact name */ + if((new_item->contact_name=(char *)strdup(temp_new_contact_name))==NULL){ + my_free((void **)&new_item); + return ERROR; + } + + /* add new item to head of list */ + new_item->next=*list; + *list=new_item; + + if (temp_contact_name_in_list) + free (temp_contact_name_in_list); + if (temp_contact_name) + free (temp_contact_name); + if (new_perms) + free (new_perms); + + break; + } + } + + if(found) return OK; /* allocate memory for a new list item */ diff -ur nagios/xdata/xodtemplate.h work/xdata/xodtemplate.h --- nagios/xdata/xodtemplate.h 2006-07-18 17:34:56.000000000 -0400 +++ work/xdata/xodtemplate.h 2006-11-07 20:13:36.000000000 -0500 @@ -719,7 +719,7 @@ xodtemplate_contactlist *xodtemplate_expand_contactgroups_and_contacts(char *,char *); int xodtemplate_expand_contactgroups(xodtemplate_contactlist **,xodtemplate_contactlist **,char *); int xodtemplate_expand_contacts(xodtemplate_contactlist **,xodtemplate_contactlist **,char *); -int xodtemplate_add_contactgroup_members_to_contactlist(xodtemplate_contactlist **,xodtemplate_contactgroup *); +int xodtemplate_add_contactgroup_members_to_contactlist(xodtemplate_contactlist **,xodtemplate_contactgroup *, char *); int xodtemplate_add_contact_to_contactlist(xodtemplate_contactlist **,char *); xodtemplate_hostlist *xodtemplate_expand_hostgroups_and_hosts(char *,char *); int xodtemplate_expand_hostgroups(xodtemplate_hostlist **,xodtemplate_hostlist **,char *);