Nagios Bug and Feature Tracker

All issues moved to NagiosEnterprises Github

Bug and Feature Tracker

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0000619 [Nagios Core] Web Interface minor always 2014-06-12 04:08 2016-09-07 11:32
Reporter xeg View Status public  
Assigned To jfrickson
Priority normal Resolution fixed  
Status resolved   Product Version 4.0.7
Summary 0000619: Access control in hostgroups - status.cgi
Description  When the user access per hosts is set and hostgroup include more then allowed hosts for this user (common group, e.g. all linux servers) and user has access to subset (e.g. database servers). He sees all hosts in group.
  In 'Host groups' -- shows all hosts but any service.
  In 'Host group - summary'-- shows count of services in groups
  In 'Host group - grid' -- shows list of all services.


Additional Information This patch add required behavior.

diff nagios-4.0.7/cgi/status.c nagios-4.0.7_patched/cgi/status.c

3586a3587,3590
> /* make sure user has rights to view this host */
> if(is_authorized_for_host(temp_host, &current_authdata) == FALSE)
> continue;
>
3969a3974,3977
> /* make sure user has rights to view this host */
> if(is_authorized_for_host(temp_host, &current_authdata) == FALSE)
> continue;
>
4140a4149,4152
> /* make sure user has rights to view this host */
> if(is_authorized_for_host(temp_host, &current_authdata) == FALSE)
> continue;
>
4495a4508,4511
> /* make sure user has rights to view this host */
> if(is_authorized_for_host(temp_host, &current_authdata) == FALSE)
> continue;
>
Tags No tags attached.
Nagios Version All
OS
OS Version
Attached Files

- Relationships
has duplicate 0000519resolvedjfrickson Restricted access user sees additional hosts - when viewing hostgroups 

-  Notes
(0001636)
jfrickson (manager)
2016-09-07 11:32

Patches applied and tested. Fix is in 'maint' branch via commit https://github.com/NagiosEnterprises/nagioscore/commit/d1b3a07ff72ece0d296b153d4d5c8c4543ed96c1 [^]

- Issue History
Date Modified Username Field Change
2014-06-12 04:08 xeg New Issue
2014-06-12 04:08 xeg Nagios Version => All
2015-09-25 12:15 jfrickson Status new => assigned
2015-09-25 12:15 jfrickson Assigned To => nagios_staff
2016-09-07 11:27 jfrickson Assigned To nagios_staff => jfrickson
2016-09-07 11:32 jfrickson Note Added: 0001636
2016-09-07 11:32 jfrickson Status assigned => resolved
2016-09-07 11:32 jfrickson Fixed in Version => 4.2.2
2016-09-07 11:32 jfrickson Resolution open => fixed
2016-09-07 13:56 jfrickson Relationship added has duplicate 0000519


Mantis 1.1.7[^]
Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker