/nagioscore

Permalink
Browse files

Fix permissions for Host Groups reports (status.cgi) 

Fix for issue http://tracker.nagios.org/view.php?id=619
  • Loading branch information...
1 parent bc521dc commit d1b3a07ff72ece0d296b153d4d5c8c4543ed96c1 John C. Frickson committed Sep 7, 2016
Unified Split
Showing with 22 additions and 0 deletions.
  1. +5 −0 Changelog
  2. +1 −0 THANKS
  3. +16 −0 cgi/status.c
View
5 Changelog
@@ -3,6 +3,11 @@ Nagios Core 4 Change Log
########################
+4.2.x - xxxx-xx-xx
+------------------
+* Fix permissions for Host Groups reports (status.cgi) (Patrik Halfar)
+
+
4.2.1 - 2016-09-06
------------------
FIXES
View
1 THANKS
@@ -314,6 +314,7 @@ since 1999. If I missed your name, let me know.
* Greg Woods
* Cliff Woolley
* Mitch Wright
+* Patrik Halfar
* Volkan Yazici
* Michal Zimen
* Pawel Zuzelski
View
16 cgi/status.c
@@ -3602,6 +3602,10 @@ void show_hostgroup_overview(hostgroup *hstgrp) {
if(temp_host == NULL)
continue;
+ /* make sure user has rights to view this host */
+ if(is_authorized_for_host(temp_host, &current_authdata) == FALSE)
+ continue;
+
/* find the host status */
temp_hoststatus = find_hoststatus(temp_host->name);
if(temp_hoststatus == NULL)
@@ -3985,6 +3989,10 @@ void show_hostgroup_host_totals_summary(hostgroup *temp_hostgroup) {
if(temp_host == NULL)
continue;
+ /* make sure user has rights to view this host */
+ if(is_authorized_for_host(temp_host, &current_authdata) == FALSE)
+ continue;
+
/* find the host status */
temp_hoststatus = find_hoststatus(temp_host->name);
if(temp_hoststatus == NULL)
@@ -4156,6 +4164,10 @@ void show_hostgroup_service_totals_summary(hostgroup *temp_hostgroup) {
if(temp_host == NULL)
continue;
+ /* make sure user has rights to view this host */
+ if(is_authorized_for_host(temp_host, &current_authdata) == FALSE)
+ continue;
+
/* see if this service is associated with a host in the specified hostgroup */
if(is_host_member_of_hostgroup(temp_hostgroup, temp_host) == FALSE)
continue;
@@ -4511,6 +4523,10 @@ void show_hostgroup_grid(hostgroup *temp_hostgroup) {
if(temp_host == NULL)
continue;
+ /* make sure user has rights to view this host */
+ if(is_authorized_for_host(temp_host, &current_authdata) == FALSE)
+ continue;
+
/* grab macros */
grab_host_macros_r(mac, temp_host);

0 comments on commit d1b3a07

Please sign in to comment.