42
42
/* get current authentication information */
43
int get_authentication_information(authdata *authinfo){
43
int get_authentication_information(authdata *authinfo) {
46
char *temp_ptr = NULL;
47
contact *temp_contact = NULL;
48
contactgroup *temp_contactgroup = NULL;
51
53
/* initial values... */
52
authinfo->authorized_for_all_hosts=FALSE;
53
authinfo->authorized_for_all_host_commands=FALSE;
54
authinfo->authorized_for_all_services=FALSE;
55
authinfo->authorized_for_all_service_commands=FALSE;
56
authinfo->authorized_for_system_information=FALSE;
57
authinfo->authorized_for_system_commands=FALSE;
58
authinfo->authorized_for_configuration_information=FALSE;
59
authinfo->authorized_for_read_only=FALSE;
54
authinfo->authorized_for_all_hosts = FALSE;
55
authinfo->authorized_for_all_host_commands = FALSE;
56
authinfo->authorized_for_all_services = FALSE;
57
authinfo->authorized_for_all_service_commands = FALSE;
58
authinfo->authorized_for_system_information = FALSE;
59
authinfo->authorized_for_system_commands = FALSE;
60
authinfo->authorized_for_configuration_information = FALSE;
61
authinfo->authorized_for_read_only = FALSE;
61
63
/* grab username from the environment... */
62
64
if(use_ssl_authentication) {
63
65
/* patch by Pawl Zuzelski - 7/22/08 */
64
temp_ptr=getenv("SSL_CLIENT_S_DN_CN");
67
temp_ptr=getenv("REMOTE_USER");
70
authinfo->username="";
71
authinfo->authenticated=FALSE;
74
authinfo->username=(char *)malloc(strlen(temp_ptr)+1);
75
if(authinfo->username==NULL)
76
authinfo->username="";
78
strcpy(authinfo->username,temp_ptr);
79
if(!strcmp(authinfo->username,""))
80
authinfo->authenticated=FALSE;
82
authinfo->authenticated=TRUE;
66
temp_ptr = getenv("SSL_CLIENT_S_DN_CN");
69
temp_ptr = getenv("REMOTE_USER");
71
if(temp_ptr == NULL) {
72
authinfo->username = "";
73
authinfo->authenticated = FALSE;
76
authinfo->username = (char *)malloc(strlen(temp_ptr) + 1);
77
if(authinfo->username == NULL)
78
authinfo->username = "";
80
strcpy(authinfo->username, temp_ptr);
81
if(!strcmp(authinfo->username, ""))
82
authinfo->authenticated = FALSE;
84
authinfo->authenticated = TRUE;
85
87
/* read in authorization override vars from config file... */
86
if((thefile=mmap_fopen(get_cgi_config_location()))!=NULL){
88
if((thefile = mmap_fopen(get_cgi_config_location())) != NULL) {
93
95
/* read the next line */
94
if((input=mmap_fgets_multiline(thefile))==NULL)
96
if((input = mmap_fgets_multiline(thefile)) == NULL)
99
101
/* we don't have a username yet, so fake the authentication if we find a default username defined */
100
if(!strcmp(authinfo->username,"") && strstr(input,"default_user_name=")==input){
101
temp_ptr=strtok(input,"=");
102
temp_ptr=strtok(NULL,",");
103
authinfo->username=(char *)malloc(strlen(temp_ptr)+1);
104
if(authinfo->username==NULL)
105
authinfo->username="";
107
strcpy(authinfo->username,temp_ptr);
108
if(!strcmp(authinfo->username,""))
109
authinfo->authenticated=FALSE;
111
authinfo->authenticated=TRUE;
102
if(!strcmp(authinfo->username, "") && strstr(input, "default_user_name=") == input) {
103
temp_ptr = strtok(input, "=");
104
temp_ptr = strtok(NULL, ",");
105
authinfo->username = (char *)malloc(strlen(temp_ptr) + 1);
106
if(authinfo->username == NULL)
107
authinfo->username = "";
109
strcpy(authinfo->username, temp_ptr);
110
if(!strcmp(authinfo->username, ""))
111
authinfo->authenticated = FALSE;
113
authinfo->authenticated = TRUE;
114
else if(strstr(input,"authorized_for_all_hosts=")==input){
115
temp_ptr=strtok(input,"=");
116
while((temp_ptr=strtok(NULL,","))){
117
if(!strcmp(temp_ptr,authinfo->username) || !strcmp(temp_ptr,"*"))
118
authinfo->authorized_for_all_hosts=TRUE;
121
else if(strstr(input,"authorized_for_all_services=")==input){
122
temp_ptr=strtok(input,"=");
123
while((temp_ptr=strtok(NULL,","))){
124
if(!strcmp(temp_ptr,authinfo->username) || !strcmp(temp_ptr,"*"))
125
authinfo->authorized_for_all_services=TRUE;
128
else if(strstr(input,"authorized_for_system_information=")==input){
129
temp_ptr=strtok(input,"=");
130
while((temp_ptr=strtok(NULL,","))){
131
if(!strcmp(temp_ptr,authinfo->username) || !strcmp(temp_ptr,"*"))
132
authinfo->authorized_for_system_information=TRUE;
135
else if(strstr(input,"authorized_for_configuration_information=")==input){
136
temp_ptr=strtok(input,"=");
137
while((temp_ptr=strtok(NULL,","))){
138
if(!strcmp(temp_ptr,authinfo->username) || !strcmp(temp_ptr,"*"))
139
authinfo->authorized_for_configuration_information=TRUE;
142
else if(strstr(input,"authorized_for_all_host_commands=")==input){
143
temp_ptr=strtok(input,"=");
144
while((temp_ptr=strtok(NULL,","))){
145
if(!strcmp(temp_ptr,authinfo->username) || !strcmp(temp_ptr,"*"))
146
authinfo->authorized_for_all_host_commands=TRUE;
149
else if(strstr(input,"authorized_for_all_service_commands=")==input){
150
temp_ptr=strtok(input,"=");
151
while((temp_ptr=strtok(NULL,","))){
152
if(!strcmp(temp_ptr,authinfo->username) || !strcmp(temp_ptr,"*"))
153
authinfo->authorized_for_all_service_commands=TRUE;
156
else if(strstr(input,"authorized_for_system_commands=")==input){
157
temp_ptr=strtok(input,"=");
158
while((temp_ptr=strtok(NULL,","))){
159
if(!strcmp(temp_ptr,authinfo->username) || !strcmp(temp_ptr,"*"))
160
authinfo->authorized_for_system_commands=TRUE;
163
else if(strstr(input,"authorized_for_read_only=")==input){
164
temp_ptr=strtok(input,"=");
165
while((temp_ptr=strtok(NULL,","))){
166
if(!strcmp(temp_ptr,authinfo->username) || !strcmp(temp_ptr,"*"))
167
authinfo->authorized_for_read_only=TRUE;
116
else if(strstr(input, "authorized_for_all_hosts=") == input) {
117
temp_ptr = strtok(input, "=");
118
while((temp_ptr = strtok(NULL, ","))) {
119
if(!strcmp(temp_ptr, authinfo->username) || !strcmp(temp_ptr, "*"))
120
authinfo->authorized_for_all_hosts = TRUE;
123
else if(strstr(input, "authorized_for_all_services=") == input) {
124
temp_ptr = strtok(input, "=");
125
while((temp_ptr = strtok(NULL, ","))) {
126
if(!strcmp(temp_ptr, authinfo->username) || !strcmp(temp_ptr, "*"))
127
authinfo->authorized_for_all_services = TRUE;
130
else if(strstr(input, "authorized_for_system_information=") == input) {
131
temp_ptr = strtok(input, "=");
132
while((temp_ptr = strtok(NULL, ","))) {
133
if(!strcmp(temp_ptr, authinfo->username) || !strcmp(temp_ptr, "*"))
134
authinfo->authorized_for_system_information = TRUE;
137
else if(strstr(input, "authorized_for_configuration_information=") == input) {
138
temp_ptr = strtok(input, "=");
139
while((temp_ptr = strtok(NULL, ","))) {
140
if(!strcmp(temp_ptr, authinfo->username) || !strcmp(temp_ptr, "*"))
141
authinfo->authorized_for_configuration_information = TRUE;
144
else if(strstr(input, "authorized_for_all_host_commands=") == input) {
145
temp_ptr = strtok(input, "=");
146
while((temp_ptr = strtok(NULL, ","))) {
147
if(!strcmp(temp_ptr, authinfo->username) || !strcmp(temp_ptr, "*"))
148
authinfo->authorized_for_all_host_commands = TRUE;
151
else if(strstr(input, "authorized_for_all_service_commands=") == input) {
152
temp_ptr = strtok(input, "=");
153
while((temp_ptr = strtok(NULL, ","))) {
154
if(!strcmp(temp_ptr, authinfo->username) || !strcmp(temp_ptr, "*"))
155
authinfo->authorized_for_all_service_commands = TRUE;
158
else if(strstr(input, "authorized_for_system_commands=") == input) {
159
temp_ptr = strtok(input, "=");
160
while((temp_ptr = strtok(NULL, ","))) {
161
if(!strcmp(temp_ptr, authinfo->username) || !strcmp(temp_ptr, "*"))
162
authinfo->authorized_for_system_commands = TRUE;
165
else if(strstr(input, "authorized_for_read_only=") == input) {
166
temp_ptr = strtok(input, "=");
167
while((temp_ptr = strtok(NULL, ","))) {
168
if(!strcmp(temp_ptr, authinfo->username) || !strcmp(temp_ptr, "*"))
169
authinfo->authorized_for_read_only = TRUE;
172
else if((temp_contact = find_contact(authinfo->username)) != NULL) {
173
if(strstr(input, "authorized_contactgroup_for_all_hosts=") == input) {
174
temp_ptr = strtok(input, "=");
175
while((temp_ptr = strtok(NULL, ","))) {
176
temp_contactgroup = find_contactgroup(temp_ptr);
177
if(is_contact_member_of_contactgroup(temp_contactgroup, temp_contact))
178
authinfo->authorized_for_all_hosts = TRUE;
181
else if(strstr(input, "authorized_contactgroup_for_all_services=") == input) {
182
temp_ptr = strtok(input, "=");
183
while((temp_ptr = strtok(NULL, ","))) {
184
temp_contactgroup = find_contactgroup(temp_ptr);
185
if(is_contact_member_of_contactgroup(temp_contactgroup, temp_contact))
186
authinfo->authorized_for_all_services = TRUE;
189
else if(strstr(input, "authorized_contactgroup_for_system_information=") == input) {
190
temp_ptr = strtok(input, "=");
191
while((temp_ptr = strtok(NULL, ","))) {
192
temp_contactgroup = find_contactgroup(temp_ptr);
193
if(is_contact_member_of_contactgroup(temp_contactgroup, temp_contact))
194
authinfo->authorized_for_system_information = TRUE;
197
else if(strstr(input, "authorized_contactgroup_for_configuration_information=") == input) {
198
temp_ptr = strtok(input, "=");
199
while((temp_ptr = strtok(NULL, ","))) {
200
temp_contactgroup = find_contactgroup(temp_ptr);
201
if(is_contact_member_of_contactgroup(temp_contactgroup, temp_contact))
202
authinfo->authorized_for_configuration_information = TRUE;
205
else if(strstr(input, "authorized_contactgroup_for_all_host_commands=") == input) {
206
temp_ptr = strtok(input, "=");
207
while((temp_ptr = strtok(NULL, ","))) {
208
temp_contactgroup = find_contactgroup(temp_ptr);
209
if(is_contact_member_of_contactgroup(temp_contactgroup, temp_contact))
210
authinfo->authorized_for_all_host_commands = TRUE;
213
else if(strstr(input, "authorized_contactgroup_for_all_service_commands=") == input) {
214
temp_ptr = strtok(input, "=");
215
while((temp_ptr = strtok(NULL, ","))) {
216
temp_contactgroup = find_contactgroup(temp_ptr);
217
if(is_contact_member_of_contactgroup(temp_contactgroup, temp_contact))
218
authinfo->authorized_for_all_service_commands = TRUE;
221
else if(strstr(input, "authorized_contactgroup_for_system_commands=") == input) {
222
temp_ptr = strtok(input, "=");
223
while((temp_ptr = strtok(NULL, ","))) {
224
temp_contactgroup = find_contactgroup(temp_ptr);
225
if(is_contact_member_of_contactgroup(temp_contactgroup, temp_contact))
226
authinfo->authorized_for_system_commands = TRUE;
229
else if(strstr(input, "authorized_contactgroup_for_read_only=") == input) {
230
temp_ptr = strtok(input, "=");
231
while((temp_ptr = strtok(NULL, ","))) {
232
temp_contactgroup = find_contactgroup(temp_ptr);
233
if(is_contact_member_of_contactgroup(temp_contactgroup, temp_contact))
234
authinfo->authorized_for_read_only = TRUE;
172
240
/* free memory and close the file */
174
242
mmap_fclose(thefile);
177
if(authinfo->authenticated==TRUE)
245
if(authinfo->authenticated == TRUE)
185
253
/* check if user is authorized to view information about a particular host */
186
int is_authorized_for_host(host *hst, authdata *authinfo){
254
int is_authorized_for_host(host *hst, authdata *authinfo) {
187
255
contact *temp_contact;
192
260
/* if we're not using authentication, fake it */
193
if(use_authentication==FALSE)
261
if(use_authentication == FALSE)
196
264
/* if this user has not authenticated return error */
197
if(authinfo->authenticated==FALSE)
265
if(authinfo->authenticated == FALSE)
200
268
/* if this user is authorized for all hosts, they are for this one... */
201
if(is_authorized_for_all_hosts(authinfo)==TRUE)
269
if(is_authorized_for_all_hosts(authinfo) == TRUE)
204
272
/* find the contact */
205
temp_contact=find_contact(authinfo->username);
273
temp_contact = find_contact(authinfo->username);
207
275
/* see if this user is a contact for the host */
208
if(is_contact_for_host(hst,temp_contact)==TRUE)
276
if(is_contact_for_host(hst, temp_contact) == TRUE)
211
279
/* see if this user is an escalated contact for the host */
212
if(is_escalated_contact_for_host(hst,temp_contact)==TRUE)
280
if(is_escalated_contact_for_host(hst, temp_contact) == TRUE)
219
287
/* check if user is authorized to view information about all hosts in a particular hostgroup */
220
int is_authorized_for_hostgroup(hostgroup *hg, authdata *authinfo){
288
int is_authorized_for_hostgroup(hostgroup *hg, authdata *authinfo) {
221
289
hostsmember *temp_hostsmember;
227
295
/* CHANGED in 2.0 - user must be authorized for ALL hosts in a hostgroup, not just one */
228
296
/* see if user is authorized for all hosts in the hostgroup */
229
for(temp_hostsmember=hg->members;temp_hostsmember!=NULL;temp_hostsmember=temp_hostsmember->next){
230
temp_host=find_host(temp_hostsmember->host_name);
231
if(is_authorized_for_host(temp_host,authinfo)==FALSE)
298
for(temp_hostsmember = hg->members; temp_hostsmember != NULL; temp_hostsmember = temp_hostsmember->next) {
299
temp_host = find_host(temp_hostsmember->host_name);
300
if(is_authorized_for_host(temp_host, authinfo) == FALSE)
304
/* Reverted for 3.3.2 - must only be a member of one hostgroup */
305
for(temp_hostsmember = hg->members; temp_hostsmember != NULL; temp_hostsmember = temp_hostsmember->next) {
306
temp_host = find_host(temp_hostsmember->host_name);
307
if(is_authorized_for_host(temp_host, authinfo) == TRUE)
240
317
/* check if user is authorized to view information about all services in a particular servicegroup */
241
int is_authorized_for_servicegroup(servicegroup *sg, authdata *authinfo){
318
int is_authorized_for_servicegroup(servicegroup *sg, authdata *authinfo) {
242
319
servicesmember *temp_servicesmember;
243
320
service *temp_service;
248
325
/* see if user is authorized for all services in the servicegroup */
249
for(temp_servicesmember=sg->members;temp_servicesmember!=NULL;temp_servicesmember=temp_servicesmember->next){
250
temp_service=find_service(temp_servicesmember->host_name,temp_servicesmember->service_description);
251
if(is_authorized_for_service(temp_service,authinfo)==FALSE)
327
for(temp_servicesmember = sg->members; temp_servicesmember != NULL; temp_servicesmember = temp_servicesmember->next) {
328
temp_service = find_service(temp_servicesmember->host_name, temp_servicesmember->service_description);
329
if(is_authorized_for_service(temp_service, authinfo) == FALSE)
333
/* Reverted for 3.3.2 - must only be a member of one hostgroup */
334
for(temp_servicesmember = sg->members; temp_servicesmember != NULL; temp_servicesmember = temp_servicesmember->next) {
335
temp_service = find_service(temp_servicesmember->host_name, temp_servicesmember->service_description);
336
if(is_authorized_for_service(temp_service, authinfo) == TRUE)
258
344
/* check if current user is restricted to read only */
259
int is_authorized_for_read_only(authdata *authinfo){
261
/* if we're not using authentication, fake it */
262
if(use_authentication==FALSE)
265
/* if this user has not authenticated return error */
266
if(authinfo->authenticated==FALSE)
269
return authinfo->authorized_for_read_only;
345
int is_authorized_for_read_only(authdata *authinfo) {
347
/* if we're not using authentication, fake it */
348
if(use_authentication == FALSE)
351
/* if this user has not authenticated return error */
352
if(authinfo->authenticated == FALSE)
355
return authinfo->authorized_for_read_only;
272
358
/* check if user is authorized to view information about a particular service */
273
int is_authorized_for_service(service *svc, authdata *authinfo){
359
int is_authorized_for_service(service *svc, authdata *authinfo) {
275
361
contact *temp_contact;
280
366
/* if we're not using authentication, fake it */
281
if(use_authentication==FALSE)
367
if(use_authentication == FALSE)
284
370
/* if this user has not authenticated return error */
285
if(authinfo->authenticated==FALSE)
371
if(authinfo->authenticated == FALSE)
288
374
/* if this user is authorized for all services, they are for this one... */
289
if(is_authorized_for_all_services(authinfo)==TRUE)
375
if(is_authorized_for_all_services(authinfo) == TRUE)
292
378
/* find the host */
293
temp_host=find_host(svc->host_name);
379
temp_host = find_host(svc->host_name);
380
if(temp_host == NULL)
297
383
/* if this user is authorized for this host, they are for all services on it as well... */
298
if(is_authorized_for_host(temp_host,authinfo)==TRUE)
384
if(is_authorized_for_host(temp_host, authinfo) == TRUE)
301
387
/* find the contact */
302
temp_contact=find_contact(authinfo->username);
388
temp_contact = find_contact(authinfo->username);
304
390
/* see if this user is a contact for the service */
305
if(is_contact_for_service(svc,temp_contact)==TRUE)
391
if(is_contact_for_service(svc, temp_contact) == TRUE)
308
394
/* see if this user is an escalated contact for the service */
309
if(is_escalated_contact_for_service(svc,temp_contact)==TRUE)
395
if(is_escalated_contact_for_service(svc, temp_contact) == TRUE)
316
402
/* check if current user is authorized to view information on all hosts */
317
int is_authorized_for_all_hosts(authdata *authinfo){
403
int is_authorized_for_all_hosts(authdata *authinfo) {
319
405
/* if we're not using authentication, fake it */
320
if(use_authentication==FALSE)
406
if(use_authentication == FALSE)
323
409
/* if this user has not authenticated return error */
324
if(authinfo->authenticated==FALSE)
410
if(authinfo->authenticated == FALSE)
327
413
return authinfo->authorized_for_all_hosts;
331
417
/* check if current user is authorized to view information on all service */
332
int is_authorized_for_all_services(authdata *authinfo){
418
int is_authorized_for_all_services(authdata *authinfo) {
334
420
/* if we're not using authentication, fake it */
335
if(use_authentication==FALSE)
421
if(use_authentication == FALSE)
338
424
/* if this user has not authenticated return error */
339
if(authinfo->authenticated==FALSE)
425
if(authinfo->authenticated == FALSE)
342
428
return authinfo->authorized_for_all_services;
346
432
/* check if current user is authorized to view system information */
347
int is_authorized_for_system_information(authdata *authinfo){
433
int is_authorized_for_system_information(authdata *authinfo) {
349
435
/* if we're not using authentication, fake it */
350
if(use_authentication==FALSE)
436
if(use_authentication == FALSE)
353
439
/* if this user has not authenticated return error */
354
if(authinfo->authenticated==FALSE)
440
if(authinfo->authenticated == FALSE)
357
443
return authinfo->authorized_for_system_information;
361
447
/* check if current user is authorized to view configuration information */
362
int is_authorized_for_configuration_information(authdata *authinfo){
448
int is_authorized_for_configuration_information(authdata *authinfo) {
364
450
/* if we're not using authentication, fake it */
365
if(use_authentication==FALSE)
451
if(use_authentication == FALSE)
368
454
/* if this user has not authenticated return error */
369
if(authinfo->authenticated==FALSE)
455
if(authinfo->authenticated == FALSE)
372
458
return authinfo->authorized_for_configuration_information;
376
462
/* check if current user is authorized to issue system commands */
377
int is_authorized_for_system_commands(authdata *authinfo){
463
int is_authorized_for_system_commands(authdata *authinfo) {
379
465
/* if we're not using authentication, fake it */
380
if(use_authentication==FALSE)
466
if(use_authentication == FALSE)
383
469
/* if this user has not authenticated return error */
384
if(authinfo->authenticated==FALSE)
470
if(authinfo->authenticated == FALSE)
387
473
return authinfo->authorized_for_system_commands;
391
477
/* check is the current user is authorized to issue commands relating to a particular service */
392
int is_authorized_for_service_commands(service *svc, authdata *authinfo){
478
int is_authorized_for_service_commands(service *svc, authdata *authinfo) {
394
480
contact *temp_contact;
399
485
/* if we're not using authentication, fake it */
400
if(use_authentication==FALSE)
486
if(use_authentication == FALSE)
403
489
/* if this user has not authenticated return error */
404
if(authinfo->authenticated==FALSE)
490
if(authinfo->authenticated == FALSE)
407
493
/* the user is authorized if they have rights to the service */
408
if(is_authorized_for_service(svc,authinfo)==TRUE){
494
if(is_authorized_for_service(svc, authinfo) == TRUE) {
410
496
/* find the host */
411
temp_host=find_host(svc->host_name);
497
temp_host = find_host(svc->host_name);
498
if(temp_host == NULL)
415
501
/* find the contact */
416
temp_contact=find_contact(authinfo->username);
502
temp_contact = find_contact(authinfo->username);
418
504
/* reject if contact is not allowed to issue commands */
419
if(temp_contact && temp_contact->can_submit_commands==FALSE)
505
if(temp_contact && temp_contact->can_submit_commands == FALSE)
422
508
/* see if this user is a contact for the host */
423
if(is_contact_for_host(temp_host,temp_contact)==TRUE)
509
if(is_contact_for_host(temp_host, temp_contact) == TRUE)
426
512
/* see if this user is an escalated contact for the host */
427
if(is_escalated_contact_for_host(temp_host,temp_contact)==TRUE)
513
if(is_escalated_contact_for_host(temp_host, temp_contact) == TRUE)
430
516
/* this user is a contact for the service, so they have permission... */
431
if(is_contact_for_service(svc,temp_contact)==TRUE)
517
if(is_contact_for_service(svc, temp_contact) == TRUE)
434
520
/* this user is an escalated contact for the service, so they have permission... */
435
if(is_escalated_contact_for_service(svc,temp_contact)==TRUE)
521
if(is_escalated_contact_for_service(svc, temp_contact) == TRUE)
438
524
/* this user is not a contact for the host, so they must have been given explicit permissions to all service commands */
439
if(authinfo->authorized_for_all_service_commands==TRUE)
525
if(authinfo->authorized_for_all_service_commands == TRUE)
447
533
/* check is the current user is authorized to issue commands relating to a particular host */
448
int is_authorized_for_host_commands(host *hst, authdata *authinfo){
534
int is_authorized_for_host_commands(host *hst, authdata *authinfo) {
449
535
contact *temp_contact;
454
540
/* if we're not using authentication, fake it */
455
if(use_authentication==FALSE)
541
if(use_authentication == FALSE)
458
544
/* if this user has not authenticated return error */
459
if(authinfo->authenticated==FALSE)
545
if(authinfo->authenticated == FALSE)
462
548
/* the user is authorized if they have rights to the host */
463
if(is_authorized_for_host(hst,authinfo)==TRUE){
549
if(is_authorized_for_host(hst, authinfo) == TRUE) {
465
551
/* find the contact */
466
temp_contact=find_contact(authinfo->username);
552
temp_contact = find_contact(authinfo->username);
468
554
/* reject if contact is not allowed to issue commands */
469
if(temp_contact && temp_contact->can_submit_commands==FALSE)
555
if(temp_contact && temp_contact->can_submit_commands == FALSE)
472
558
/* this user is a contact for the host, so they have permission... */
473
if(is_contact_for_host(hst,temp_contact)==TRUE)
559
if(is_contact_for_host(hst, temp_contact) == TRUE)
476
562
/* this user is an escalated contact for the host, so they have permission... */
477
if(is_escalated_contact_for_host(hst,temp_contact)==TRUE)
563
if(is_escalated_contact_for_host(hst, temp_contact) == TRUE)
480
566
/* this user is not a contact for the host, so they must have been given explicit permissions to all host commands */
481
if(authinfo->authorized_for_all_host_commands==TRUE)
567
if(authinfo->authorized_for_all_host_commands == TRUE)
575
/* check is the current user is authorized to issue commands relating to a particular servicegroup */
576
int is_authorized_for_servicegroup_commands(servicegroup *sg, authdata *authinfo) {
577
servicesmember *temp_servicesmember;
578
service *temp_service;
583
/* see if user is authorized for all services commands in the servicegroup */
584
for(temp_servicesmember = sg->members; temp_servicesmember != NULL; temp_servicesmember = temp_servicesmember->next) {
585
temp_service = find_service(temp_servicesmember->host_name, temp_servicesmember->service_description);
586
if(is_authorized_for_service_commands(temp_service, authinfo) == FALSE)
594
/* check is the current user is authorized to issue commands relating to a particular hostgroup */
595
int is_authorized_for_hostgroup_commands(hostgroup *hg, authdata *authinfo) {
596
hostsmember *temp_hostsmember;
602
/* see if user is authorized for all hosts in the hostgroup */
603
for(temp_hostsmember = hg->members; temp_hostsmember != NULL; temp_hostsmember = temp_hostsmember->next) {
604
temp_host = find_host(temp_hostsmember->host_name);
605
if(is_authorized_for_host_commands(temp_host, authinfo) == FALSE)