Nagios - Attribute based authorization

Vágó Tibor oreggin at niif.hu
Mon Oct 18 11:05:36 CEST 2010
Previous message: [core] config file parsing: check end of definition patch
Next message: Errors while testing Nagios
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dear List,

the development of this feature has been finished and it had been 
tested in 99% of possible cases. The patch is attached to this e-mail. 
As you can see we work with nagios version 3.2.1.

Kind Regards,
Tibor Vago


2010-05-21 17:06, Vago Tibor wrote:
> Dear Andreas,
>
> Thansk for the quick answer.
> We will start the development for this feature and send patch(es) to
> the ND list.
>
> Kind regards,
> Tibor
>
>
> 2010-05-19 12:15 keltezéssel, Andreas Ericsson írta:
>> On 05/19/2010 11:03 AM, Vágó Tibor wrote:
>>> Dear Nagios devel-list,
>>>
>>> We would like to use attribute based authority checking in Nagios.
>>> We use authentication but not SSL-based.
>>>
>>> Our conception is (based nagios-version-3.2.1) the following:
>>>
>>> *Step1*
>>> cgi/status.c:
>>> -------------------------------------------------
>>> //line136:
>>> authdata current_authdata;
>>>
>>> //line244:
>>> get_authentication_information(&current_authdata);
>>>
>>> Add some char variables to authdata structure.
>>>
>>> include/cgiauth.h
>>> -------------------------------------------------
>>> typedef struct authdata_struct{
>>> char *username;
>>> int authorized_for_all_hosts;
>>> int authorized_for_all_host_commands;
>>> int authorized_for_all_services;
>>> int authorized_for_all_service_commands;
>>> int authorized_for_system_information;
>>> int authorized_for_system_commands;
>>> int authorized_for_configuration_information;
>>> int authorized_for_read_only;
>>> int authenticated;
>>> //TODO
>>> char **host_allow_to_see;
>>> char **service_allow_to_see;
>>> ...
>>> }authdata;
>>>
>>>
>>>
>>>
>>> *Step2*
>>> cgi/cgiauth.c
>>> -------------------------------------------------
>>> line86 /* read in authorization override vars from config file... */
>>> line87 if((thefile=mmap_fopen(get_cgi_config_location()))!=NULL){
>>> ...
>>> line95 if((input=mmap_fgets_multiline(thefile))==NULL)
>>> line96 break;
>>>
>>> authinfo->username=""
>>> authinfo->authenticated=FALSE
>>> authinfo->authorized_for_all_hosts=FALSE;
>>> authinfo->authorized_for_all_host_commands=FALSE;
>>> authinfo->authorized_for_all_services=FALSE;
>>> authinfo->authorized_for_all_service_commands=FALSE;
>>> authinfo->authorized_for_system_information=FALSE;
>>> authinfo->authorized_for_system_commands=FALSE;
>>> authinfo->authorized_for_configuration_information=FALSE;
>>> authinfo->authorized_for_read_only=FALSE;
>>> // TODO:
>>> // newlocal variable:
>>> attribute_server_variable="entitlement";
>>>
>>>
>>>
>>> *Step3*
>>> Check the CGI config file is it contains "attribute_server_variable".
>>> If it not doesn't contain then we can return just like now.
>>> If it contains then read its value otherwise the default value is
>>> "entitlement".
>>> Then split value about ";" and put that pieces into an array.
>>>
>>> Now we can compare the attribute pieces of array from server variable
>>> and attributes from CGI configs.
>>> Theese compares will be placed in the following functions:
>>>
>>> int is_authorized_for_host(){...}
>>> int is_authorized_for_service(){...}
>>> ...
>>> etc.
>>>
>>> Can anyone inform me if this feature is currently under development or
>>> already usable.
>>
>> It's not under development and it's definitely not already usable.
>>
>>> If not, we would like to add this feature to the
>>> Nagios source code cooperate with the developer team. How can I send
>>> patches or modification?
>>>
>>
>> You can send patches in unified diff format to this list, where I, Ton
>> or Ethan will pick them up and put them "somewhere" and evaluate them
>> for a future release. Note that details about the patch may well be
>> altered during the review process. If the patch is crap, we'll tell you
>> so and give you details about what needs to be changed in order for it
>> to be accepted.
>>
>> Since it's a change to the cgi's, no new major release has to be done.
>>
>

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: nagios-authorization.diff
URL: <https://www.monitoring-lists.org/archive/developers/attachments/20101018/a2840f54/attachment.ksh>
-------------- next part --------------
------------------------------------------------------------------------------
Download new Adobe(R) Flash(R) Builder(TM) 4
The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly 
Flex(R) Builder(TM)) enable the development of rich applications that run
across multiple browsers and platforms. Download your free trials today!
http://p.sf.net/sfu/adobe-dev2dev
-------------- next part --------------
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel
Previous message: [core] config file parsing: check end of definition patch
Next message: Errors while testing Nagios
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Developers mailing list