← Back to branch summary

~yolanda.robla/ubuntu/saucy/nagios3/dep-8-tests

« back to all changes in this revision

Viewing changes to cgi/cgiauth.c

  • Committer: Package Import Robot
  • Author(s): Alexander Wirt
  • Date: 2012-06-16 09:05:19 UTC
  • mfrom: (1.1.7)
  • Revision ID: package-import@ubuntu.com-20120616090519-ne14zejkhhyboolc
Tags: 3.4.1-1
http://bugs.debian.org/662441
http://bugs.debian.org/654855
http://bugs.debian.org/626854
* [28e077b] Imported Upstream version 3.3.1
* [d5314e0] don't call updatepo in clean target
* [45b3eb9] Don't remove config foo
* [54e3dff] Don't fix permissions in cgi postinst
* [d7be9db] Build-depend on libpng-dev (Closes: #662441)
* [4c47006] Add dutch po translation (Closes: #654855)
* [2b6573b] Refresh 10_p1_pl_shebang.dpatch
* [316fd7a] Update 40_fix_spurious_dollar_signs_added_to_command_lines
* [5ff2780] Refresh 55_strip_logarchivepath.dpatch
* [811d269] Refresh 60_fix_p1.pl_patch_mini_epn.dpatch
* [39a1e9c] Remove now unneeded patch 98_fix_XSS_CVE-2011-2179
* [785a4e8] Remove unneded patch 99_fix_XSS_CVE-2011-1523
* [6ce98ef] Remove unneeded patchs from 00list
* [1d18266] Imported Upstream version 3.4.0
* [05584c8] Refresh patches
* [58098cd] Imported Upstream version 3.4.1
* [3e9e07a] Bump standards version
* [fe991e2] wrap-and-sort
* [1ba78f7] Also create /var/run/nagios in cgi package (Closes: #626854)

Show diffs side-by-side

added added

removed removed

Lines of Context:
cgi/cgiauth.c
22
22
 *
23
23
 *****************************************************************************/
24
24
 
 
25
#include "../include/config.h"
25
26
#include "../include/common.h"
26
 
#include "../include/config.h"
27
27
#include "../include/objects.h"
28
28
 
29
29
#include "../include/cgiutils.h"
40
40
 
41
41
 
42
42
/* get current authentication information */
43
 
int get_authentication_information(authdata *authinfo){
 
43
int get_authentication_information(authdata *authinfo) {
44
44
        mmapfile *thefile;
45
 
        char *input=NULL;
46
 
        char *temp_ptr;
 
45
        char *input = NULL;
 
46
        char *temp_ptr = NULL;
 
47
        contact *temp_contact = NULL;
 
48
        contactgroup *temp_contactgroup = NULL;
47
49
 
48
 
        if(authinfo==NULL)
 
50
        if(authinfo == NULL)
49
51
                return ERROR;
50
52
 
51
53
        /* initial values... */
52
 
        authinfo->authorized_for_all_hosts=FALSE;
53
 
        authinfo->authorized_for_all_host_commands=FALSE;
54
 
        authinfo->authorized_for_all_services=FALSE;
55
 
        authinfo->authorized_for_all_service_commands=FALSE;
56
 
        authinfo->authorized_for_system_information=FALSE;
57
 
        authinfo->authorized_for_system_commands=FALSE;
58
 
        authinfo->authorized_for_configuration_information=FALSE;
59
 
        authinfo->authorized_for_read_only=FALSE;
 
54
        authinfo->authorized_for_all_hosts = FALSE;
 
55
        authinfo->authorized_for_all_host_commands = FALSE;
 
56
        authinfo->authorized_for_all_services = FALSE;
 
57
        authinfo->authorized_for_all_service_commands = FALSE;
 
58
        authinfo->authorized_for_system_information = FALSE;
 
59
        authinfo->authorized_for_system_commands = FALSE;
 
60
        authinfo->authorized_for_configuration_information = FALSE;
 
61
        authinfo->authorized_for_read_only = FALSE;
60
62
 
61
63
        /* grab username from the environment... */
62
64
        if(use_ssl_authentication) {
63
65
                /* patch by Pawl Zuzelski - 7/22/08 */
64
 
                temp_ptr=getenv("SSL_CLIENT_S_DN_CN");
65
 
                }
66
 
        else{
67
 
                temp_ptr=getenv("REMOTE_USER");
68
 
                }
69
 
        if(temp_ptr==NULL){
70
 
                authinfo->username="";
71
 
                authinfo->authenticated=FALSE;
72
 
                }
73
 
        else{
74
 
                authinfo->username=(char *)malloc(strlen(temp_ptr)+1);
75
 
                if(authinfo->username==NULL)
76
 
                        authinfo->username="";
77
 
                else
78
 
                        strcpy(authinfo->username,temp_ptr);
79
 
                if(!strcmp(authinfo->username,""))
80
 
                        authinfo->authenticated=FALSE;
81
 
                else
82
 
                        authinfo->authenticated=TRUE;
83
 
                }
 
66
                temp_ptr = getenv("SSL_CLIENT_S_DN_CN");
 
67
                }
 
68
        else {
 
69
                temp_ptr = getenv("REMOTE_USER");
 
70
                }
 
71
        if(temp_ptr == NULL) {
 
72
                authinfo->username = "";
 
73
                authinfo->authenticated = FALSE;
 
74
                }
 
75
        else {
 
76
                authinfo->username = (char *)malloc(strlen(temp_ptr) + 1);
 
77
                if(authinfo->username == NULL)
 
78
                        authinfo->username = "";
 
79
                else
 
80
                        strcpy(authinfo->username, temp_ptr);
 
81
                if(!strcmp(authinfo->username, ""))
 
82
                        authinfo->authenticated = FALSE;
 
83
                else
 
84
                        authinfo->authenticated = TRUE;
 
85
                }
84
86
 
85
87
        /* read in authorization override vars from config file... */
86
 
        if((thefile=mmap_fopen(get_cgi_config_location()))!=NULL){
 
88
        if((thefile = mmap_fopen(get_cgi_config_location())) != NULL) {
87
89
 
88
 
                while(1){
 
90
                while(1) {
89
91
 
90
92
                        /* free memory */
91
93
                        free(input);
92
94
 
93
95
                        /* read the next line */
94
 
                        if((input=mmap_fgets_multiline(thefile))==NULL)
 
96
                        if((input = mmap_fgets_multiline(thefile)) == NULL)
95
97
                                break;
96
98
 
97
99
                        strip(input);
98
100
 
99
101
                        /* we don't have a username yet, so fake the authentication if we find a default username defined */
100
 
                        if(!strcmp(authinfo->username,"") && strstr(input,"default_user_name=")==input){
101
 
                                temp_ptr=strtok(input,"=");
102
 
                                temp_ptr=strtok(NULL,",");
103
 
                                authinfo->username=(char *)malloc(strlen(temp_ptr)+1);
104
 
                                if(authinfo->username==NULL)
105
 
                                        authinfo->username="";
106
 
                                else
107
 
                                        strcpy(authinfo->username,temp_ptr);
108
 
                                if(!strcmp(authinfo->username,""))
109
 
                                        authinfo->authenticated=FALSE;
110
 
                                else
111
 
                                        authinfo->authenticated=TRUE;
112
 
                                }
 
102
                        if(!strcmp(authinfo->username, "") && strstr(input, "default_user_name=") == input) {
 
103
                                temp_ptr = strtok(input, "=");
 
104
                                temp_ptr = strtok(NULL, ",");
 
105
                                authinfo->username = (char *)malloc(strlen(temp_ptr) + 1);
 
106
                                if(authinfo->username == NULL)
 
107
                                        authinfo->username = "";
 
108
                                else
 
109
                                        strcpy(authinfo->username, temp_ptr);
 
110
                                if(!strcmp(authinfo->username, ""))
 
111
                                        authinfo->authenticated = FALSE;
 
112
                                else
 
113
                                        authinfo->authenticated = TRUE;
 
114
                                }
113
115
 
114
 
                        else if(strstr(input,"authorized_for_all_hosts=")==input){
115
 
                                temp_ptr=strtok(input,"=");
116
 
                                while((temp_ptr=strtok(NULL,","))){
117
 
                                        if(!strcmp(temp_ptr,authinfo->username) || !strcmp(temp_ptr,"*"))
118
 
                                                authinfo->authorized_for_all_hosts=TRUE;
119
 
                                        }
120
 
                                }
121
 
                        else if(strstr(input,"authorized_for_all_services=")==input){
122
 
                                temp_ptr=strtok(input,"=");
123
 
                                while((temp_ptr=strtok(NULL,","))){
124
 
                                        if(!strcmp(temp_ptr,authinfo->username) || !strcmp(temp_ptr,"*"))
125
 
                                                authinfo->authorized_for_all_services=TRUE;
126
 
                                        }
127
 
                                }
128
 
                        else if(strstr(input,"authorized_for_system_information=")==input){
129
 
                                temp_ptr=strtok(input,"=");
130
 
                                while((temp_ptr=strtok(NULL,","))){
131
 
                                        if(!strcmp(temp_ptr,authinfo->username) || !strcmp(temp_ptr,"*"))
132
 
                                                authinfo->authorized_for_system_information=TRUE;
133
 
                                        }
134
 
                                }
135
 
                        else if(strstr(input,"authorized_for_configuration_information=")==input){
136
 
                                temp_ptr=strtok(input,"=");
137
 
                                while((temp_ptr=strtok(NULL,","))){
138
 
                                        if(!strcmp(temp_ptr,authinfo->username) || !strcmp(temp_ptr,"*"))
139
 
                                                authinfo->authorized_for_configuration_information=TRUE;
140
 
                                        }
141
 
                                }
142
 
                        else if(strstr(input,"authorized_for_all_host_commands=")==input){
143
 
                                temp_ptr=strtok(input,"=");
144
 
                                while((temp_ptr=strtok(NULL,","))){
145
 
                                        if(!strcmp(temp_ptr,authinfo->username) || !strcmp(temp_ptr,"*"))
146
 
                                                authinfo->authorized_for_all_host_commands=TRUE;
147
 
                                        }
148
 
                                }
149
 
                        else if(strstr(input,"authorized_for_all_service_commands=")==input){
150
 
                                temp_ptr=strtok(input,"=");
151
 
                                while((temp_ptr=strtok(NULL,","))){
152
 
                                        if(!strcmp(temp_ptr,authinfo->username) || !strcmp(temp_ptr,"*"))
153
 
                                                authinfo->authorized_for_all_service_commands=TRUE;
154
 
                                        }
155
 
                                }
156
 
                        else if(strstr(input,"authorized_for_system_commands=")==input){
157
 
                                temp_ptr=strtok(input,"=");
158
 
                                while((temp_ptr=strtok(NULL,","))){
159
 
                                        if(!strcmp(temp_ptr,authinfo->username) || !strcmp(temp_ptr,"*"))
160
 
                                                authinfo->authorized_for_system_commands=TRUE;
161
 
                                        }
162
 
                                }
163
 
                        else if(strstr(input,"authorized_for_read_only=")==input){
164
 
                                temp_ptr=strtok(input,"=");
165
 
                                while((temp_ptr=strtok(NULL,","))){
166
 
                                        if(!strcmp(temp_ptr,authinfo->username) || !strcmp(temp_ptr,"*"))
167
 
                                                authinfo->authorized_for_read_only=TRUE;
168
 
                                        }
169
 
                                }
170
 
                        }
 
116
                        else if(strstr(input, "authorized_for_all_hosts=") == input) {
 
117
                                temp_ptr = strtok(input, "=");
 
118
                                while((temp_ptr = strtok(NULL, ","))) {
 
119
                                        if(!strcmp(temp_ptr, authinfo->username) || !strcmp(temp_ptr, "*"))
 
120
                                                authinfo->authorized_for_all_hosts = TRUE;
 
121
                                        }
 
122
                                }
 
123
                        else if(strstr(input, "authorized_for_all_services=") == input) {
 
124
                                temp_ptr = strtok(input, "=");
 
125
                                while((temp_ptr = strtok(NULL, ","))) {
 
126
                                        if(!strcmp(temp_ptr, authinfo->username) || !strcmp(temp_ptr, "*"))
 
127
                                                authinfo->authorized_for_all_services = TRUE;
 
128
                                        }
 
129
                                }
 
130
                        else if(strstr(input, "authorized_for_system_information=") == input) {
 
131
                                temp_ptr = strtok(input, "=");
 
132
                                while((temp_ptr = strtok(NULL, ","))) {
 
133
                                        if(!strcmp(temp_ptr, authinfo->username) || !strcmp(temp_ptr, "*"))
 
134
                                                authinfo->authorized_for_system_information = TRUE;
 
135
                                        }
 
136
                                }
 
137
                        else if(strstr(input, "authorized_for_configuration_information=") == input) {
 
138
                                temp_ptr = strtok(input, "=");
 
139
                                while((temp_ptr = strtok(NULL, ","))) {
 
140
                                        if(!strcmp(temp_ptr, authinfo->username) || !strcmp(temp_ptr, "*"))
 
141
                                                authinfo->authorized_for_configuration_information = TRUE;
 
142
                                        }
 
143
                                }
 
144
                        else if(strstr(input, "authorized_for_all_host_commands=") == input) {
 
145
                                temp_ptr = strtok(input, "=");
 
146
                                while((temp_ptr = strtok(NULL, ","))) {
 
147
                                        if(!strcmp(temp_ptr, authinfo->username) || !strcmp(temp_ptr, "*"))
 
148
                                                authinfo->authorized_for_all_host_commands = TRUE;
 
149
                                        }
 
150
                                }
 
151
                        else if(strstr(input, "authorized_for_all_service_commands=") == input) {
 
152
                                temp_ptr = strtok(input, "=");
 
153
                                while((temp_ptr = strtok(NULL, ","))) {
 
154
                                        if(!strcmp(temp_ptr, authinfo->username) || !strcmp(temp_ptr, "*"))
 
155
                                                authinfo->authorized_for_all_service_commands = TRUE;
 
156
                                        }
 
157
                                }
 
158
                        else if(strstr(input, "authorized_for_system_commands=") == input) {
 
159
                                temp_ptr = strtok(input, "=");
 
160
                                while((temp_ptr = strtok(NULL, ","))) {
 
161
                                        if(!strcmp(temp_ptr, authinfo->username) || !strcmp(temp_ptr, "*"))
 
162
                                                authinfo->authorized_for_system_commands = TRUE;
 
163
                                        }
 
164
                                }
 
165
                        else if(strstr(input, "authorized_for_read_only=") == input) {
 
166
                                temp_ptr = strtok(input, "=");
 
167
                                while((temp_ptr = strtok(NULL, ","))) {
 
168
                                        if(!strcmp(temp_ptr, authinfo->username) || !strcmp(temp_ptr, "*"))
 
169
                                                authinfo->authorized_for_read_only = TRUE;
 
170
                                        }
 
171
                                }
 
172
                        else if((temp_contact = find_contact(authinfo->username)) != NULL) {
 
173
                                if(strstr(input, "authorized_contactgroup_for_all_hosts=") == input) {
 
174
                                        temp_ptr = strtok(input, "=");
 
175
                                        while((temp_ptr = strtok(NULL, ","))) {
 
176
                                                temp_contactgroup = find_contactgroup(temp_ptr);
 
177
                                                if(is_contact_member_of_contactgroup(temp_contactgroup, temp_contact))
 
178
                                                        authinfo->authorized_for_all_hosts = TRUE;
 
179
                                                }
 
180
                                        }
 
181
                                else if(strstr(input, "authorized_contactgroup_for_all_services=") == input) {
 
182
                                        temp_ptr = strtok(input, "=");
 
183
                                        while((temp_ptr = strtok(NULL, ","))) {
 
184
                                                temp_contactgroup = find_contactgroup(temp_ptr);
 
185
                                                if(is_contact_member_of_contactgroup(temp_contactgroup, temp_contact))
 
186
                                                        authinfo->authorized_for_all_services = TRUE;
 
187
                                                }
 
188
                                        }
 
189
                                else if(strstr(input, "authorized_contactgroup_for_system_information=") == input) {
 
190
                                        temp_ptr = strtok(input, "=");
 
191
                                        while((temp_ptr = strtok(NULL, ","))) {
 
192
                                                temp_contactgroup = find_contactgroup(temp_ptr);
 
193
                                                if(is_contact_member_of_contactgroup(temp_contactgroup, temp_contact))
 
194
                                                        authinfo->authorized_for_system_information = TRUE;
 
195
                                                }
 
196
                                        }
 
197
                                else if(strstr(input, "authorized_contactgroup_for_configuration_information=") == input) {
 
198
                                        temp_ptr = strtok(input, "=");
 
199
                                        while((temp_ptr = strtok(NULL, ","))) {
 
200
                                                temp_contactgroup = find_contactgroup(temp_ptr);
 
201
                                                if(is_contact_member_of_contactgroup(temp_contactgroup, temp_contact))
 
202
                                                        authinfo->authorized_for_configuration_information = TRUE;
 
203
                                                }
 
204
                                        }
 
205
                                else if(strstr(input, "authorized_contactgroup_for_all_host_commands=") == input) {
 
206
                                        temp_ptr = strtok(input, "=");
 
207
                                        while((temp_ptr = strtok(NULL, ","))) {
 
208
                                                temp_contactgroup = find_contactgroup(temp_ptr);
 
209
                                                if(is_contact_member_of_contactgroup(temp_contactgroup, temp_contact))
 
210
                                                        authinfo->authorized_for_all_host_commands = TRUE;
 
211
                                                }
 
212
                                        }
 
213
                                else if(strstr(input, "authorized_contactgroup_for_all_service_commands=") == input) {
 
214
                                        temp_ptr = strtok(input, "=");
 
215
                                        while((temp_ptr = strtok(NULL, ","))) {
 
216
                                                temp_contactgroup = find_contactgroup(temp_ptr);
 
217
                                                if(is_contact_member_of_contactgroup(temp_contactgroup, temp_contact))
 
218
                                                        authinfo->authorized_for_all_service_commands = TRUE;
 
219
                                                }
 
220
                                        }
 
221
                                else if(strstr(input, "authorized_contactgroup_for_system_commands=") == input) {
 
222
                                        temp_ptr = strtok(input, "=");
 
223
                                        while((temp_ptr = strtok(NULL, ","))) {
 
224
                                                temp_contactgroup = find_contactgroup(temp_ptr);
 
225
                                                if(is_contact_member_of_contactgroup(temp_contactgroup, temp_contact))
 
226
                                                        authinfo->authorized_for_system_commands = TRUE;
 
227
                                                }
 
228
                                        }
 
229
                                else if(strstr(input, "authorized_contactgroup_for_read_only=") == input) {
 
230
                                        temp_ptr = strtok(input, "=");
 
231
                                        while((temp_ptr = strtok(NULL, ","))) {
 
232
                                                temp_contactgroup = find_contactgroup(temp_ptr);
 
233
                                                if(is_contact_member_of_contactgroup(temp_contactgroup, temp_contact))
 
234
                                                        authinfo->authorized_for_read_only = TRUE;
 
235
                                                }
 
236
                                        }
 
237
                                }
 
238
                        }
171
239
 
172
240
                /* free memory and close the file */
173
241
                free(input);
174
242
                mmap_fclose(thefile);
175
 
                }
 
243
                }
176
244
 
177
 
        if(authinfo->authenticated==TRUE)
 
245
        if(authinfo->authenticated == TRUE)
178
246
                return OK;
179
247
        else
180
248
                return ERROR;
181
 
        }
 
249
        }
182
250
 
183
251
 
184
252
 
185
253
/* check if user is authorized to view information about a particular host */
186
 
int is_authorized_for_host(host *hst, authdata *authinfo){
 
254
int is_authorized_for_host(host *hst, authdata *authinfo) {
187
255
        contact *temp_contact;
188
256
 
189
 
        if(hst==NULL)
 
257
        if(hst == NULL)
190
258
                return FALSE;
191
259
 
192
260
        /* if we're not using authentication, fake it */
193
 
        if(use_authentication==FALSE)
 
261
        if(use_authentication == FALSE)
194
262
                return TRUE;
195
263
 
196
264
        /* if this user has not authenticated return error */
197
 
        if(authinfo->authenticated==FALSE)
 
265
        if(authinfo->authenticated == FALSE)
198
266
                return FALSE;
199
267
 
200
268
        /* if this user is authorized for all hosts, they are for this one... */
201
 
        if(is_authorized_for_all_hosts(authinfo)==TRUE)
 
269
        if(is_authorized_for_all_hosts(authinfo) == TRUE)
202
270
                return TRUE;
203
271
 
204
272
        /* find the contact */
205
 
        temp_contact=find_contact(authinfo->username);
 
273
        temp_contact = find_contact(authinfo->username);
206
274
 
207
275
        /* see if this user is a contact for the host */
208
 
        if(is_contact_for_host(hst,temp_contact)==TRUE)
 
276
        if(is_contact_for_host(hst, temp_contact) == TRUE)
209
277
                return TRUE;
210
278
 
211
279
        /* see if this user is an escalated contact for the host */
212
 
        if(is_escalated_contact_for_host(hst,temp_contact)==TRUE)
 
280
        if(is_escalated_contact_for_host(hst, temp_contact) == TRUE)
213
281
                return TRUE;
214
282
 
215
283
        return FALSE;
216
 
        }
 
284
        }
217
285
 
218
286
 
219
287
/* check if user is authorized to view information about all hosts in a particular hostgroup */
220
 
int is_authorized_for_hostgroup(hostgroup *hg, authdata *authinfo){
 
288
int is_authorized_for_hostgroup(hostgroup *hg, authdata *authinfo) {
221
289
        hostsmember *temp_hostsmember;
222
290
        host *temp_host;
223
291
 
224
 
        if(hg==NULL)
 
292
        if(hg == NULL)
225
293
                return FALSE;
226
294
 
227
295
        /* CHANGED in 2.0 - user must be authorized for ALL hosts in a hostgroup, not just one */
228
296
        /* see if user is authorized for all hosts in the hostgroup */
229
 
        for(temp_hostsmember=hg->members;temp_hostsmember!=NULL;temp_hostsmember=temp_hostsmember->next){
230
 
                temp_host=find_host(temp_hostsmember->host_name);
231
 
                if(is_authorized_for_host(temp_host,authinfo)==FALSE)
 
297
        /*
 
298
        for(temp_hostsmember = hg->members; temp_hostsmember != NULL; temp_hostsmember = temp_hostsmember->next) {
 
299
                temp_host = find_host(temp_hostsmember->host_name);
 
300
                if(is_authorized_for_host(temp_host, authinfo) == FALSE)
232
301
                        return FALSE;
233
 
                }
 
302
                }
 
303
        */
 
304
        /* Reverted for 3.3.2 - must only be a member of one hostgroup */
 
305
        for(temp_hostsmember = hg->members; temp_hostsmember != NULL; temp_hostsmember = temp_hostsmember->next) {
 
306
                temp_host = find_host(temp_hostsmember->host_name);
 
307
                if(is_authorized_for_host(temp_host, authinfo) == TRUE)
 
308
                        return TRUE;
 
309
                }
234
310
 
235
 
        return TRUE;
236
 
        }
 
311
        /*return TRUE;*/
 
312
        return FALSE;
 
313
        }
237
314
 
238
315
 
239
316
 
240
317
/* check if user is authorized to view information about all services in a particular servicegroup */
241
 
int is_authorized_for_servicegroup(servicegroup *sg, authdata *authinfo){
 
318
int is_authorized_for_servicegroup(servicegroup *sg, authdata *authinfo) {
242
319
        servicesmember *temp_servicesmember;
243
320
        service *temp_service;
244
321
 
245
 
        if(sg==NULL)
 
322
        if(sg == NULL)
246
323
                return FALSE;
247
324
 
248
325
        /* see if user is authorized for all services in the servicegroup */
249
 
        for(temp_servicesmember=sg->members;temp_servicesmember!=NULL;temp_servicesmember=temp_servicesmember->next){
250
 
                temp_service=find_service(temp_servicesmember->host_name,temp_servicesmember->service_description);
251
 
                if(is_authorized_for_service(temp_service,authinfo)==FALSE)
 
326
        /*
 
327
        for(temp_servicesmember = sg->members; temp_servicesmember != NULL; temp_servicesmember = temp_servicesmember->next) {
 
328
                temp_service = find_service(temp_servicesmember->host_name, temp_servicesmember->service_description);
 
329
                if(is_authorized_for_service(temp_service, authinfo) == FALSE)
252
330
                        return FALSE;
253
 
                }
254
 
 
255
 
        return TRUE;
256
 
        }
 
331
                }
 
332
        */
 
333
        /* Reverted for 3.3.2 - must only be a member of one hostgroup */
 
334
        for(temp_servicesmember = sg->members; temp_servicesmember != NULL; temp_servicesmember = temp_servicesmember->next) {
 
335
                temp_service = find_service(temp_servicesmember->host_name, temp_servicesmember->service_description);
 
336
                if(is_authorized_for_service(temp_service, authinfo) == TRUE)
 
337
                        return TRUE;
 
338
                }
 
339
                
 
340
        /*return TRUE*/;
 
341
        return FALSE;
 
342
        }
257
343
 
258
344
/* check if current user is restricted to read only */
259
 
int is_authorized_for_read_only(authdata *authinfo){
260
 
 
261
 
        /* if we're not using authentication, fake it */
262
 
        if(use_authentication==FALSE)
263
 
                return FALSE;
264
 
 
265
 
        /* if this user has not authenticated return error */
266
 
        if(authinfo->authenticated==FALSE)
267
 
                return FALSE;
268
 
 
269
 
        return authinfo->authorized_for_read_only;
270
 
        }
 
345
int is_authorized_for_read_only(authdata *authinfo) {
 
346
 
 
347
        /* if we're not using authentication, fake it */
 
348
        if(use_authentication == FALSE)
 
349
                return FALSE;
 
350
 
 
351
        /* if this user has not authenticated return error */
 
352
        if(authinfo->authenticated == FALSE)
 
353
                return FALSE;
 
354
 
 
355
        return authinfo->authorized_for_read_only;
 
356
        }
271
357
 
272
358
/* check if user is authorized to view information about a particular service */
273
 
int is_authorized_for_service(service *svc, authdata *authinfo){
 
359
int is_authorized_for_service(service *svc, authdata *authinfo) {
274
360
        host *temp_host;
275
361
        contact *temp_contact;
276
362
 
277
 
        if(svc==NULL)
 
363
        if(svc == NULL)
278
364
                return FALSE;
279
365
 
280
366
        /* if we're not using authentication, fake it */
281
 
        if(use_authentication==FALSE)
 
367
        if(use_authentication == FALSE)
282
368
                return TRUE;
283
369
 
284
370
        /* if this user has not authenticated return error */
285
 
        if(authinfo->authenticated==FALSE)
 
371
        if(authinfo->authenticated == FALSE)
286
372
                return FALSE;
287
373
 
288
374
        /* if this user is authorized for all services, they are for this one... */
289
 
        if(is_authorized_for_all_services(authinfo)==TRUE)
 
375
        if(is_authorized_for_all_services(authinfo) == TRUE)
290
376
                return TRUE;
291
377
 
292
378
        /* find the host */
293
 
        temp_host=find_host(svc->host_name);
294
 
        if(temp_host==NULL)
 
379
        temp_host = find_host(svc->host_name);
 
380
        if(temp_host == NULL)
295
381
                return FALSE;
296
382
 
297
383
        /* if this user is authorized for this host, they are for all services on it as well... */
298
 
        if(is_authorized_for_host(temp_host,authinfo)==TRUE)
 
384
        if(is_authorized_for_host(temp_host, authinfo) == TRUE)
299
385
                return TRUE;
300
386
 
301
387
        /* find the contact */
302
 
        temp_contact=find_contact(authinfo->username);
 
388
        temp_contact = find_contact(authinfo->username);
303
389
 
304
390
        /* see if this user is a contact for the service */
305
 
        if(is_contact_for_service(svc,temp_contact)==TRUE)
 
391
        if(is_contact_for_service(svc, temp_contact) == TRUE)
306
392
                return TRUE;
307
393
 
308
394
        /* see if this user is an escalated contact for the service */
309
 
        if(is_escalated_contact_for_service(svc,temp_contact)==TRUE)
 
395
        if(is_escalated_contact_for_service(svc, temp_contact) == TRUE)
310
396
                return TRUE;
311
397
 
312
398
        return FALSE;
313
 
        }
 
399
        }
314
400
 
315
401
 
316
402
/* check if current user is authorized to view information on all hosts */
317
 
int is_authorized_for_all_hosts(authdata *authinfo){
 
403
int is_authorized_for_all_hosts(authdata *authinfo) {
318
404
 
319
405
        /* if we're not using authentication, fake it */
320
 
        if(use_authentication==FALSE)
 
406
        if(use_authentication == FALSE)
321
407
                return TRUE;
322
408
 
323
409
        /* if this user has not authenticated return error */
324
 
        if(authinfo->authenticated==FALSE)
 
410
        if(authinfo->authenticated == FALSE)
325
411
                return FALSE;
326
412
 
327
413
        return authinfo->authorized_for_all_hosts;
328
 
        }
 
414
        }
329
415
 
330
416
 
331
417
/* check if current user is authorized to view information on all service */
332
 
int is_authorized_for_all_services(authdata *authinfo){
 
418
int is_authorized_for_all_services(authdata *authinfo) {
333
419
 
334
420
        /* if we're not using authentication, fake it */
335
 
        if(use_authentication==FALSE)
 
421
        if(use_authentication == FALSE)
336
422
                return TRUE;
337
423
 
338
424
        /* if this user has not authenticated return error */
339
 
        if(authinfo->authenticated==FALSE)
 
425
        if(authinfo->authenticated == FALSE)
340
426
                return FALSE;
341
427
 
342
428
        return authinfo->authorized_for_all_services;
343
 
        }
 
429
        }
344
430
 
345
431
 
346
432
/* check if current user is authorized to view system information */
347
 
int is_authorized_for_system_information(authdata *authinfo){
 
433
int is_authorized_for_system_information(authdata *authinfo) {
348
434
 
349
435
        /* if we're not using authentication, fake it */
350
 
        if(use_authentication==FALSE)
 
436
        if(use_authentication == FALSE)
351
437
                return TRUE;
352
438
 
353
439
        /* if this user has not authenticated return error */
354
 
        if(authinfo->authenticated==FALSE)
 
440
        if(authinfo->authenticated == FALSE)
355
441
                return FALSE;
356
442
 
357
443
        return authinfo->authorized_for_system_information;
358
 
        }
 
444
        }
359
445
 
360
446
 
361
447
/* check if current user is authorized to view configuration information */
362
 
int is_authorized_for_configuration_information(authdata *authinfo){
 
448
int is_authorized_for_configuration_information(authdata *authinfo) {
363
449
 
364
450
        /* if we're not using authentication, fake it */
365
 
        if(use_authentication==FALSE)
 
451
        if(use_authentication == FALSE)
366
452
                return TRUE;
367
453
 
368
454
        /* if this user has not authenticated return error */
369
 
        if(authinfo->authenticated==FALSE)
 
455
        if(authinfo->authenticated == FALSE)
370
456
                return FALSE;
371
457
 
372
458
        return authinfo->authorized_for_configuration_information;
373
 
        }
 
459
        }
374
460
 
375
461
 
376
462
/* check if current user is authorized to issue system commands */
377
 
int is_authorized_for_system_commands(authdata *authinfo){
 
463
int is_authorized_for_system_commands(authdata *authinfo) {
378
464
 
379
465
        /* if we're not using authentication, fake it */
380
 
        if(use_authentication==FALSE)
 
466
        if(use_authentication == FALSE)
381
467
                return TRUE;
382
468
 
383
469
        /* if this user has not authenticated return error */
384
 
        if(authinfo->authenticated==FALSE)
 
470
        if(authinfo->authenticated == FALSE)
385
471
                return FALSE;
386
472
 
387
473
        return authinfo->authorized_for_system_commands;
388
 
        }
 
474
        }
389
475
 
390
476
 
391
477
/* check is the current user is authorized to issue commands relating to a particular service */
392
 
int is_authorized_for_service_commands(service *svc, authdata *authinfo){
 
478
int is_authorized_for_service_commands(service *svc, authdata *authinfo) {
393
479
        host *temp_host;
394
480
        contact *temp_contact;
395
481
 
396
 
        if(svc==NULL)
 
482
        if(svc == NULL)
397
483
                return FALSE;
398
484
 
399
485
        /* if we're not using authentication, fake it */
400
 
        if(use_authentication==FALSE)
 
486
        if(use_authentication == FALSE)
401
487
                return TRUE;
402
488
 
403
489
        /* if this user has not authenticated return error */
404
 
        if(authinfo->authenticated==FALSE)
 
490
        if(authinfo->authenticated == FALSE)
405
491
                return FALSE;
406
492
 
407
493
        /* the user is authorized if they have rights to the service */
408
 
        if(is_authorized_for_service(svc,authinfo)==TRUE){
 
494
        if(is_authorized_for_service(svc, authinfo) == TRUE) {
409
495
 
410
496
                /* find the host */
411
 
                temp_host=find_host(svc->host_name);
412
 
                if(temp_host==NULL)
 
497
                temp_host = find_host(svc->host_name);
 
498
                if(temp_host == NULL)
413
499
                        return FALSE;
414
500
 
415
501
                /* find the contact */
416
 
                temp_contact=find_contact(authinfo->username);
 
502
                temp_contact = find_contact(authinfo->username);
417
503
 
418
504
                /* reject if contact is not allowed to issue commands */
419
 
                if(temp_contact && temp_contact->can_submit_commands==FALSE)
 
505
                if(temp_contact && temp_contact->can_submit_commands == FALSE)
420
506
                        return FALSE;
421
507
 
422
508
                /* see if this user is a contact for the host */
423
 
                if(is_contact_for_host(temp_host,temp_contact)==TRUE)
 
509
                if(is_contact_for_host(temp_host, temp_contact) == TRUE)
424
510
                        return TRUE;
425
511
 
426
512
                /* see if this user is an escalated contact for the host */
427
 
                if(is_escalated_contact_for_host(temp_host,temp_contact)==TRUE)
 
513
                if(is_escalated_contact_for_host(temp_host, temp_contact) == TRUE)
428
514
                        return TRUE;
429
515
 
430
516
                /* this user is a contact for the service, so they have permission... */
431
 
                if(is_contact_for_service(svc,temp_contact)==TRUE)
 
517
                if(is_contact_for_service(svc, temp_contact) == TRUE)
432
518
                        return TRUE;
433
519
 
434
520
                /* this user is an escalated contact for the service, so they have permission... */
435
 
                if(is_escalated_contact_for_service(svc,temp_contact)==TRUE)
 
521
                if(is_escalated_contact_for_service(svc, temp_contact) == TRUE)
436
522
                        return TRUE;
437
523
 
438
524
                /* this user is not a contact for the host, so they must have been given explicit permissions to all service commands */
439
 
                if(authinfo->authorized_for_all_service_commands==TRUE)
 
525
                if(authinfo->authorized_for_all_service_commands == TRUE)
440
526
                        return TRUE;
441
 
                }
 
527
                }
442
528
 
443
529
        return FALSE;
444
 
        }
 
530
        }
445
531
 
446
532
 
447
533
/* check is the current user is authorized to issue commands relating to a particular host */
448
 
int is_authorized_for_host_commands(host *hst, authdata *authinfo){
 
534
int is_authorized_for_host_commands(host *hst, authdata *authinfo) {
449
535
        contact *temp_contact;
450
536
 
451
 
        if(hst==NULL)
 
537
        if(hst == NULL)
452
538
                return FALSE;
453
539
 
454
540
        /* if we're not using authentication, fake it */
455
 
        if(use_authentication==FALSE)
 
541
        if(use_authentication == FALSE)
456
542
                return TRUE;
457
543
 
458
544
        /* if this user has not authenticated return error */
459
 
        if(authinfo->authenticated==FALSE)
 
545
        if(authinfo->authenticated == FALSE)
460
546
                return FALSE;
461
547
 
462
548
        /* the user is authorized if they have rights to the host */
463
 
        if(is_authorized_for_host(hst,authinfo)==TRUE){
 
549
        if(is_authorized_for_host(hst, authinfo) == TRUE) {
464
550
 
465
551
                /* find the contact */
466
 
                temp_contact=find_contact(authinfo->username);
 
552
                temp_contact = find_contact(authinfo->username);
467
553
 
468
554
                /* reject if contact is not allowed to issue commands */
469
 
                if(temp_contact && temp_contact->can_submit_commands==FALSE)
 
555
                if(temp_contact && temp_contact->can_submit_commands == FALSE)
470
556
                        return FALSE;
471
557
 
472
558
                /* this user is a contact for the host, so they have permission... */
473
 
                if(is_contact_for_host(hst,temp_contact)==TRUE)
 
559
                if(is_contact_for_host(hst, temp_contact) == TRUE)
474
560
                        return TRUE;
475
561
 
476
562
                /* this user is an escalated contact for the host, so they have permission... */
477
 
                if(is_escalated_contact_for_host(hst,temp_contact)==TRUE)
 
563
                if(is_escalated_contact_for_host(hst, temp_contact) == TRUE)
478
564
                        return TRUE;
479
565
 
480
566
                /* this user is not a contact for the host, so they must have been given explicit permissions to all host commands */
481
 
                if(authinfo->authorized_for_all_host_commands==TRUE)
 
567
                if(authinfo->authorized_for_all_host_commands == TRUE)
482
568
                        return TRUE;
483
 
                }
 
569
                }
484
570
 
485
571
        return FALSE;
486
 
        }
487
 
 
488
 
 
 
572
        }
 
573
 
 
574
 
 
575
/* check is the current user is authorized to issue commands relating to a particular servicegroup */
 
576
int is_authorized_for_servicegroup_commands(servicegroup *sg, authdata *authinfo) {
 
577
        servicesmember *temp_servicesmember;
 
578
        service *temp_service;
 
579
 
 
580
        if(sg == NULL)
 
581
                return FALSE;
 
582
 
 
583
        /* see if user is authorized for all services commands in the servicegroup */
 
584
        for(temp_servicesmember = sg->members; temp_servicesmember != NULL; temp_servicesmember = temp_servicesmember->next) {
 
585
                temp_service = find_service(temp_servicesmember->host_name, temp_servicesmember->service_description);
 
586
                if(is_authorized_for_service_commands(temp_service, authinfo) == FALSE)
 
587
                        return FALSE;
 
588
                }
 
589
 
 
590
        return TRUE;
 
591
        }
 
592
 
 
593
 
 
594
/* check is the current user is authorized to issue commands relating to a particular hostgroup */
 
595
int is_authorized_for_hostgroup_commands(hostgroup *hg, authdata *authinfo) {
 
596
        hostsmember *temp_hostsmember;
 
597
        host *temp_host;
 
598
 
 
599
        if(hg == NULL)
 
600
                return FALSE;
 
601
 
 
602
        /* see if user is authorized for all hosts in the hostgroup */
 
603
        for(temp_hostsmember = hg->members; temp_hostsmember != NULL; temp_hostsmember = temp_hostsmember->next) {
 
604
                temp_host = find_host(temp_hostsmember->host_name);
 
605
                if(is_authorized_for_host_commands(temp_host, authinfo) == FALSE)
 
606
                        return FALSE;
 
607
                }
 
608
 
 
609
        return TRUE;
 
610
        }