[Nagios-checkins] SF.net SVN: nagios:[1803] nagiosvshell/branches/devel/vshell
Nagios network monitoring software is enterprise server monitoring
Brought to you by:
egalstad,
sawolf-nagios
Menu
▾
▴
[Nagios-checkins] SF.net SVN: nagios:[1803] nagiosvshell/branches/devel/vshell
|
From: <mgu...@us...> - 2011-09-07 21:45:14
|
Revision: 1803
http://nagios.svn.sourceforge.net/nagios/?rev=1803&view=rev
Author: mguthrie88
Date: 2011-09-07 21:45:07 +0000 (Wed, 07 Sep 2011)
Log Message:
-----------
Restructuring interface to allow for user-level filtering.
Created function NagiosUser class that will handle all authorization functionality
Began restructuring controller, separated functions into new scripts for easier maintainance
Modified Paths:
--------------
nagiosvshell/branches/devel/vshell/controllers/controller.php
nagiosvshell/branches/devel/vshell/controllers/controllers.inc.php
nagiosvshell/branches/devel/vshell/data/NagiosData.php
nagiosvshell/branches/devel/vshell/data/NagiosUser.php
nagiosvshell/branches/devel/vshell/data/data.inc.php
nagiosvshell/branches/devel/vshell/inc.inc.php
nagiosvshell/branches/devel/vshell/session.inc.php
Added Paths:
-----------
nagiosvshell/branches/devel/vshell/controllers/data_functions.inc.php
nagiosvshell/branches/devel/vshell/controllers/filtering_functions.inc.php
nagiosvshell/branches/devel/vshell/controllers/output_functions.inc.php
Modified: nagiosvshell/branches/devel/vshell/controllers/controller.php
===================================================================
--- nagiosvshell/branches/devel/vshell/controllers/controller.php 2011-09-06 09:08:08 UTC (rev 1802)
+++ nagiosvshell/branches/devel/vshell/controllers/controller.php 2011-09-07 21:45:07 UTC (rev 1803)
@@ -179,41 +179,9 @@
}
-function process_state_filter($filter_str)
-{
- $ret_filter = NULL;
- $filter_str = strtoupper($filter_str);
- $valid_states = array('UP', 'DOWN', 'UNREACHABLE', 'OK', 'CRITICAL',
- 'WARNING', 'UNKNOWN', 'PENDING', 'PROBLEMS','UNHANDLED', 'ACKNOWLEDGED');
- if (in_array($filter_str, $valid_states))
- {
- $ret_filter = $filter_str;
- }
- return $ret_filter;
-}
-function process_name_filter($filter_str) {
- //$filter_str = preg_quote($filter_str, '/'); //removed strtolower -MG
- $filter_str = strtolower(rawurldecode($filter_str));
- return $filter_str;
-}
-
-function process_objtype_filter($filter_str)
-{
- $ret_filter = NULL;
- $filter_str = strtolower($filter_str);
- $valid_objtypes = array('hosts_objs', 'services_objs', 'hostgroups_objs', 'servicegroups_objs',
- 'timeperiods', 'contacts', 'contactgroups', 'commands');
- if (in_array($filter_str, $valid_objtypes))
- {
- $ret_filter = $filter_str;
- }
- return $ret_filter;
-}
-
-
function mode_header($mode)
{
$retval = '';
@@ -243,169 +211,8 @@
return $retval;
}
-function hosts_and_services_data($type, $state_filter=NULL, $name_filter=NULL)
-{
- global $NagiosData;
- $data = $NagiosData->getProperty($type);
- $data_in = $data;
- if ($state_filter)
- {
- if($state_filter == 'PROBLEMS' || $state_filter == 'UNHANDLED' || $state_filter == 'ACKNOWLEDGED') //merge arrays for multiple states
- {
- $data = array_merge(get_by_state('UNKNOWN', $data_in), get_by_state('CRITICAL', $data_in),
- get_by_state('WARNING', $data_in), get_by_state('UNREACHABLE', $data_in),
- get_by_state('DOWN', $data_in));
- if($state_filter == 'UNHANDLED') //filter down problem array
- {
- //loop and return array
- $unhandled = array();
- foreach($data as $d)
- {
- if($d['problem_has_been_acknowledged'] == 0 && $d['scheduled_downtime_depth'] == 0) $unhandled[] = $d;
- }
- $data = $unhandled;
- }//end unhandled if
- if($state_filter == 'ACKNOWLEDGED')
- {
- //loop and return array
- $acknowledged = array();
- foreach($data as $d)
- {
- if($d['problem_has_been_acknowledged'] > 0 || $d['scheduled_downtime_depth'] > 0) $acknowledged[] = $d;
- }
- $data = $acknowledged;
- }//end acknowledged if
- }
- else
- {
- $data = get_by_state($state_filter, $data);
- }
- }
- if ($name_filter)
- {
- $name_data = get_by_name($name_filter, $data);
- $service_data = get_by_name($name_filter, $data, 'service_description');
- $data = $name_data;
- foreach ($service_data as $i => $service)
- {
- if (!isset($data[$i])) { $data[$i] = $service; }
- }
- }
- //var_dump($data);
- return $data;
-}
-
-function hosts_and_services_output($type, $data, $mode)
-{
- $retval = '';
- switch($mode)
- {
- case 'html':
- list($start, $limit) = get_pagination_values();
- $title = ucwords(preg_replace('/objs/', 'Objects', preg_replace('/_/', ' ', $type)));
- include_once(DIRBASE.'/views/'.$type.'.php');
- $display_function = 'display_'.$type;
- $retval = $display_function($data, $start, $limit);
- break;
- }
- return $retval;
-}
-
-function hostgroups_and_servicegroups_data($type, $name_filter=NULL)
-{
- include_once(DIRBASE.'/views/'.$type.'.php');
- $data_function = 'get_'.preg_replace('/s$/', '', $type).'_data';
- $data = $data_function();
- if ($name_filter)
- {
-
- // TODO filters against Services and/or hosts within groups, status of services/hosts in groups, etc...
- $name = preg_quote($name_filter, '/');
- $match_keys = array_filter(array_keys($data), create_function('$d', 'return !preg_match("/'.$name.'/i", $d);'));
- // XXX is there a better way?
- foreach ($match_keys as $key)
- {
- unset($data[$key]);
- }
- }
- return $data;
-}
-
-function hostgroups_and_servicegroups_output($type, $data, $mode)
-{
- $retval = '';
- switch($mode)
- {
- case 'html':
- $title = ucwords(preg_replace('/objs/', 'Objects', preg_replace('/_/', ' ', $type)));
- $display_function = 'display_'.$type;
- $retval = $display_function($data);
- break;
- }
- return $retval;
-}
-
-function host_and_service_detail_data($type, $name)
-{
- $data_function = 'process_'.preg_replace('/detail/', '_detail', $type);
- $data = $data_function(stripslashes($name)); //added stripslashes because hostnames with periods had them in the variable -MG
- return $data;
-}
-
-function host_and_service_detail_output($type, $data, $mode)
-{
- $retval = '';
- switch($mode)
- {
- case 'html':
- require_once(DIRBASE.'/views/'.$type.'s.php');
- $display_function = 'get_'.preg_replace('/detail/', '_detail', $type).'s';
- $retval = $display_function($data);
- break;
- }
- return $retval;
-}
-
-function object_data($objtype_filter, $name_filter)
-{
- $valid_objtype_filters = array('hosts_objs', 'services_objs', 'hostgroups_objs', 'servicegroups_objs',
- 'timeperiods', 'contacts', 'contactgroups', 'commands');
-
- if (in_array($objtype_filter, $valid_objtype_filters)) {
- global $NagiosData;
- $data = $NagiosData->getProperty($objtype_filter);
-
- if ($name_filter)
- {
- $name_data = get_by_name($name_filter, $data);
- $service_data = get_by_name($name_filter, $data, 'service_description');
-
- $data = $name_data;
- foreach ($service_data as $i => $service)
- {
- if (!isset($data[$i])) { $data[$i] = $service; }
- }
- }
- }
- return $data;
-}
-
-function object_output($objtype_filter, $data, $mode)
-{
- $retval = '';
- switch($mode)
- {
- case 'html':
- include(DIRBASE.'/views/config_viewer.php');
- $retval = build_object_list($data, $objtype_filter);
- break;
- }
- return $retval;
-}
-
-
function get_pagination_values()
{
$start = isset($_GET['start']) ? htmlentities($_GET['start']) : 0;
@@ -420,34 +227,10 @@
return array($start, $limit);
}
-////////////////////////////////////////////////////////////
-//$username is obtained from $_SERVER authorized user for nagios
-//
-function set_perms($username)
-{
- global $NagiosData;
- $permissions = $NagiosData->getProperty('permissions');
- foreach($permissions as $key => $array)//perms = array('system_information'
- {
- foreach($array as $user)
- {
- if($user == $username || $user == '*')
- {
- //print "authorizing $username";
- authorize($key);
- }
- }
- }
-}
-//////////////////////////////////////////////////////
-//
-//activates authorization for user. See authorizations.inc.php for auth list
-//
-function authorize($auth) //sets global permission
-{
- global $authorizations; //global authorization array controller
- $authorizations[$auth] = 1;
-}
+
+
+
+
?>
Modified: nagiosvshell/branches/devel/vshell/controllers/controllers.inc.php
===================================================================
--- nagiosvshell/branches/devel/vshell/controllers/controllers.inc.php 2011-09-06 09:08:08 UTC (rev 1802)
+++ nagiosvshell/branches/devel/vshell/controllers/controllers.inc.php 2011-09-07 21:45:07 UTC (rev 1803)
@@ -53,5 +53,8 @@
include(dirname(__FILE__).'/controller.php');
include(dirname(__FILE__).'/authorizations.inc.php');
include(dirname(__FILE__).'/status_functions.php');
+include(dirname(__FILE__).'/output_functions.inc.php');
+include(dirname(__FILE__).'/filtering_functions.inc.php');
+include(dirname(__FILE__).'/data_functions.inc.php');
?>
Added: nagiosvshell/branches/devel/vshell/controllers/data_functions.inc.php
===================================================================
--- nagiosvshell/branches/devel/vshell/controllers/data_functions.inc.php (rev 0)
+++ nagiosvshell/branches/devel/vshell/controllers/data_functions.inc.php 2011-09-07 21:45:07 UTC (rev 1803)
@@ -0,0 +1,127 @@
+<?php //data_functions.inc.php
+
+
+
+
+
+function hosts_and_services_data($type, $state_filter=NULL, $name_filter=NULL)
+{
+ global $NagiosData;
+ global $NagiosUser;
+ $data = $NagiosData->getProperty($type);
+
+
+ //add filter for user-level filtering
+ if(!$NagiosUser->is_admin()) {
+ //print $type;
+ $data = user_filtering($data,$type);
+ }
+
+ $data_in = $data;
+
+ if ($state_filter)
+ {
+ if($state_filter == 'PROBLEMS' || $state_filter == 'UNHANDLED' || $state_filter == 'ACKNOWLEDGED') //merge arrays for multiple states
+ {
+
+ $data = array_merge(get_by_state('UNKNOWN', $data_in), get_by_state('CRITICAL', $data_in),
+ get_by_state('WARNING', $data_in), get_by_state('UNREACHABLE', $data_in),
+ get_by_state('DOWN', $data_in));
+ if($state_filter == 'UNHANDLED') //filter down problem array
+ {
+ //loop and return array
+ $unhandled = array();
+ foreach($data as $d)
+ {
+ if($d['problem_has_been_acknowledged'] == 0 && $d['scheduled_downtime_depth'] == 0) $unhandled[] = $d;
+ }
+ $data = $unhandled;
+ }//end unhandled if
+ if($state_filter == 'ACKNOWLEDGED')
+ {
+ //loop and return array
+ $acknowledged = array();
+ foreach($data as $d)
+ {
+ if($d['problem_has_been_acknowledged'] > 0 || $d['scheduled_downtime_depth'] > 0) $acknowledged[] = $d;
+ }
+ $data = $acknowledged;
+ }//end acknowledged if
+ }
+ else
+ {
+ $data = get_by_state($state_filter, $data);
+ }
+ }
+ if ($name_filter)
+ {
+ $name_data = get_by_name($name_filter, $data);
+ $service_data = get_by_name($name_filter, $data, 'service_description');
+ $data = $name_data;
+ foreach ($service_data as $i => $service)
+ {
+ if (!isset($data[$i])) { $data[$i] = $service; }
+ }
+ }
+ //var_dump($data);
+ return $data;
+}
+
+
+
+function host_and_service_detail_data($type, $name)
+{
+ $data_function = 'process_'.preg_replace('/detail/', '_detail', $type);
+ $data = $data_function(stripslashes($name)); //added stripslashes because hostnames with periods had them in the variable -MG
+ return $data;
+}
+
+
+
+function hostgroups_and_servicegroups_data($type, $name_filter=NULL)
+{
+ include_once(DIRBASE.'/views/'.$type.'.php');
+ $data_function = 'get_'.preg_replace('/s$/', '', $type).'_data';
+ $data = $data_function();
+ if ($name_filter)
+ {
+
+ // TODO filters against Services and/or hosts within groups, status of services/hosts in groups, etc...
+ $name = preg_quote($name_filter, '/');
+ $match_keys = array_filter(array_keys($data), create_function('$d', 'return !preg_match("/'.$name.'/i", $d);'));
+ // XXX is there a better way?
+ foreach ($match_keys as $key)
+ {
+ unset($data[$key]);
+ }
+ }
+ return $data;
+}
+
+function object_data($objtype_filter, $name_filter)
+{
+ $valid_objtype_filters = array('hosts_objs', 'services_objs', 'hostgroups_objs', 'servicegroups_objs',
+ 'timeperiods', 'contacts', 'contactgroups', 'commands');
+
+ if (in_array($objtype_filter, $valid_objtype_filters)) {
+ global $NagiosData;
+ $data = $NagiosData->getProperty($objtype_filter);
+
+ if ($name_filter)
+ {
+ $name_data = get_by_name($name_filter, $data);
+ $service_data = get_by_name($name_filter, $data, 'service_description');
+
+ $data = $name_data;
+ foreach ($service_data as $i => $service)
+ {
+ if (!isset($data[$i])) { $data[$i] = $service; }
+ }
+ }
+ }
+ return $data;
+}
+
+
+
+?>
\ No newline at end of file
Added: nagiosvshell/branches/devel/vshell/controllers/filtering_functions.inc.php
===================================================================
--- nagiosvshell/branches/devel/vshell/controllers/filtering_functions.inc.php (rev 0)
+++ nagiosvshell/branches/devel/vshell/controllers/filtering_functions.inc.php 2011-09-07 21:45:07 UTC (rev 1803)
@@ -0,0 +1,67 @@
+<?php //filtering_functions.inc.php
+
+
+
+
+function user_filtering($data,$type)
+{
+ global $NagiosUser;
+ $new_data = array();
+ //rebuild array for auth hosts
+ if($type=='hosts') {
+ foreach($data as $d) {
+ //echo $d['host_name'];
+ if($NagiosUser->is_authorized_for_host($d['host_name']) ) $new_data[] = $d;
+
+ }
+ }
+ //rebuild array for auth services
+ if($type=='services') {
+ foreach($data as $d) {
+ //print "<pre>".print_r($d,true)."</pre>";
+ if($NagiosUser->is_authorized_for_service($d['host_name'],$d['service_description'])) $new_data[] = $d;
+ //die();
+ }
+ }
+ return $new_data;
+
+}
+
+
+function process_state_filter($filter_str)
+{
+ $ret_filter = NULL;
+ $filter_str = strtoupper($filter_str);
+ $valid_states = array('UP', 'DOWN', 'UNREACHABLE', 'OK', 'CRITICAL',
+ 'WARNING', 'UNKNOWN', 'PENDING', 'PROBLEMS','UNHANDLED', 'ACKNOWLEDGED');
+
+
+ if (in_array($filter_str, $valid_states))
+ {
+ $ret_filter = $filter_str;
+ }
+ return $ret_filter;
+}
+
+function process_name_filter($filter_str) {
+ //$filter_str = preg_quote($filter_str, '/'); //removed strtolower -MG
+ $filter_str = strtolower(rawurldecode($filter_str));
+ return $filter_str;
+}
+
+function process_objtype_filter($filter_str)
+{
+ $ret_filter = NULL;
+ $filter_str = strtolower($filter_str);
+ $valid_objtypes = array('hosts_objs', 'services_objs', 'hostgroups_objs', 'servicegroups_objs',
+ 'timeperiods', 'contacts', 'contactgroups', 'commands');
+ if (in_array($filter_str, $valid_objtypes))
+ {
+ $ret_filter = $filter_str;
+ }
+ return $ret_filter;
+}
+
+
+
+?>
\ No newline at end of file
Added: nagiosvshell/branches/devel/vshell/controllers/output_functions.inc.php
===================================================================
--- nagiosvshell/branches/devel/vshell/controllers/output_functions.inc.php (rev 0)
+++ nagiosvshell/branches/devel/vshell/controllers/output_functions.inc.php 2011-09-07 21:45:07 UTC (rev 1803)
@@ -0,0 +1,64 @@
+<?php //output_functions.inc.php
+
+function object_output($objtype_filter, $data, $mode)
+{
+ $retval = '';
+ switch($mode)
+ {
+ case 'html':
+ include(DIRBASE.'/views/config_viewer.php');
+ $retval = build_object_list($data, $objtype_filter);
+ break;
+ }
+ return $retval;
+}
+
+
+
+function host_and_service_detail_output($type, $data, $mode)
+{
+ $retval = '';
+ switch($mode)
+ {
+ case 'html':
+ require_once(DIRBASE.'/views/'.$type.'s.php');
+ $display_function = 'get_'.preg_replace('/detail/', '_detail', $type).'s';
+ $retval = $display_function($data);
+ break;
+ }
+ return $retval;
+}
+
+
+function hostgroups_and_servicegroups_output($type, $data, $mode)
+{
+ $retval = '';
+ switch($mode)
+ {
+ case 'html':
+ $title = ucwords(preg_replace('/objs/', 'Objects', preg_replace('/_/', ' ', $type)));
+ $display_function = 'display_'.$type;
+ $retval = $display_function($data);
+ break;
+ }
+ return $retval;
+}
+
+
+function hosts_and_services_output($type, $data, $mode)
+{
+ $retval = '';
+ switch($mode)
+ {
+ case 'html':
+ list($start, $limit) = get_pagination_values();
+ $title = ucwords(preg_replace('/objs/', 'Objects', preg_replace('/_/', ' ', $type)));
+ include_once(DIRBASE.'/views/'.$type.'.php');
+ $display_function = 'display_'.$type;
+ $retval = $display_function($data, $start, $limit);
+ break;
+ }
+ return $retval;
+}
+
+?>
\ No newline at end of file
Modified: nagiosvshell/branches/devel/vshell/data/NagiosData.php
===================================================================
--- nagiosvshell/branches/devel/vshell/data/NagiosData.php 2011-09-06 09:08:08 UTC (rev 1802)
+++ nagiosvshell/branches/devel/vshell/data/NagiosData.php 2011-09-07 21:45:07 UTC (rev 1803)
@@ -77,6 +77,12 @@
self::$instance->__update();
return self::$instance;
}
+
+
+ public function dumpVars()
+ {
+ return $this->_vars;
+ }
/* General purpose "getter" for protected properties
*
@@ -179,14 +185,11 @@
'hostgroups_objs', 'servicegroups_objs', 'contacts',
'contactgroups', 'timeperiods', 'commands', 'hostgroups',
'servicegroups', 'program');
- self::$instance->_set_vars(cache_or_disk('objects', OBJECTSFILE,
- $disk_cache_keys));
+ self::$instance->_set_vars(cache_or_disk('objects', OBJECTSFILE, $disk_cache_keys));
- self::$instance->_set_vars(cache_or_disk('perms', CGICFG,
- array('permissions')));
+ self::$instance->_set_vars(cache_or_disk('perms', CGICFG, array('permissions')));
- self::$instance->_set_vars(cache_or_disk('status', STATUSFILE,
- array('hosts', 'services', 'comments', 'info', 'details', 'program')));
+ self::$instance->_set_vars(cache_or_disk('status', STATUSFILE, array('hosts', 'services', 'comments', 'info', 'details', 'program')));
}
Modified: nagiosvshell/branches/devel/vshell/data/NagiosUser.php
===================================================================
--- nagiosvshell/branches/devel/vshell/data/NagiosUser.php 2011-09-06 09:08:08 UTC (rev 1802)
+++ nagiosvshell/branches/devel/vshell/data/NagiosUser.php 2011-09-07 21:45:07 UTC (rev 1803)
@@ -4,34 +4,101 @@
class NagiosUser
-{
- global $NagiosData;
- private static $instance;
- public $username;
-
+{
//boolean for users who can see and access all features
- protected $admin = false;
+ protected $admin = false;
+ //boolean for viewing all hosts and services
+ protected $sees_all = false;
//array for storing global authorizations from cgi file
protected $authKeys = array(
- 'authorized_for_all_host_commands' = false;
- 'authorized_for_all_hosts' = false;
- 'authorized_for_all_service_commands' = false;
- 'authorized_for_all_services' = false;
- 'authorized_for_configuration_information' = false;
- 'authorized_for_system_commands' = false;
- 'authorized_for_system_information' = false;
- 'authorized_for_read_only' = true;
+ 'authorized_for_all_host_commands' => false,
+ 'authorized_for_all_hosts' => false,
+ 'authorized_for_all_service_commands' => false,
+ 'authorized_for_all_services' => false,
+ 'authorized_for_configuration_information' => false,
+ 'authorized_for_system_commands' => false,
+ 'authorized_for_system_information' => false,
+ 'authorized_for_read_only' => true,
);
protected $authHosts = array();
- protected $authServices = array();
- protected $authHostgroups = array();
- protected $authServicegroups = array();
-
- //constructor
- function __construct($username) {
- $this->username = $username;
+ //protected $authServices = array();
+ protected $username;
+
+ //constructor
+ //initialize authorized hosts and services only upon construction and then cache data
+ //TODO move towards session auth so this info gets updated upon login and restart of Nagios
+
+ function __construct($username=false) {
+ //some users have requested to turn off authentication or user other methods, this allows override and backwards compatibility
+ if(!$username)
+ $this->username = $this->get_user();
+ else $this->username = $username; //for users that hard-code a username: NOT RECOMMENDED
+
+ //build main authKeys array
+ $this->set_perms();
+
+ $this->admin = $this->determine_admin();
+
+ //if user level account, determin authorized objects
+ if(!$this->admin) {
+ //check fo see if user can see all hosts and services
+ $this->sees_all = ($this->authKeys['authorized_for_all_hosts'] == true && $this->authKeys['authorized_for_all_services']) ? true : false;
+ //build auth objects array
+ $this->build_authorized_objects();
+ }
+ //print_r($this->authHosts);
+
+ }
+
+ private function get_user()
+ {
+ // HTTP BASIC AUTHENTICATION through Nagios Core or XI
+ //$remote_user="";
+ if(isset($_SERVER["REMOTE_USER"]))
+ {
+ $remote_user=$_SERVER["REMOTE_USER"];
+ //echo "REMOTE USER is set: $remote_user<br />";
+ return $remote_user;
+ }
+ //digest authentication
+ elseif(isset($_SERVER['PHP_AUTH_USER']))
+ {
+ //echo "Auth Digest detected".$_SERVER['PHP_AUTH_USER'];
+ return $_SERVER['PHP_AUTH_USER'];
+ }
+ else
+ {
+ echo "Access Denied: No authentication detected.";
+ return false;
+ }
+
+ }
+
+ ////////////////////////////////////////////////////////////
+ //$username is obtained from $_SERVER authorized user for nagios
+ //
+ private function set_perms()
+ {
+ global $NagiosData;
+ $permissions = $NagiosData->getProperty('permissions');
+
+ foreach($permissions as $key => $array) {
+ foreach($array as $user) {
+ if($user == $this->username || $user == '*') $this->authorize($key);
+ }
+ }
+ }
+ //////////////////////////////////////////////////////
+ //
+ //activates authorization for user. See authorizations.inc.php for auth list
+ //
+ private function authorize($auth) //sets global permission
+ {
+ global $authorizations; //global authorization array controller
+ $authorizations[$auth] = 1;
+ $this->authKeys[$auth] = true;
}
///////////////get methods
@@ -42,66 +109,175 @@
public function get_authorized_services() {
return $this->authServices;
}
+
+ public function get_username() {
+ return $this->username;
+ }
- public function get_authorized_hostgroups() {
- return $this->authHostgroups;
- }
-
- public function get_authorized_servicegroups() {
- return $this->authServicegroups;
- }
-
public function is_admin() {
- return $admin;
+ return $this->admin;
}
public function if_has_authKey($key) {
if(isset($this->authKeys[$key]))
- return $this->authKeys['authorized_for_all_hosts'];
+ return $this->authKeys[$key];
else return false;
}
+
+ private function determine_admin() {
+ $bool = true;
+ foreach($this->authKeys as $key)
+ {
+ if($key != true) return false;
+ }
+ return true;
+
+ }
- /////////////add/set methods ///////////////////////////
- public add_authorized_host($hostname='') {
- if($hostname !='') $this->authHosts[] = $hostname;
- }
- public function add_authorized_service($hostname='',$service='',$hostgroup=false) {
- if($hostgroup && $service !='') {
- //add logic if it's a service->hostgroup assignment
- }
- elseif($hostname!='',$service='') { //normal host:service addition
- $this->authServices[] = $hostname.'::'.$service;
- }
- else return;
- }
-
- public function add_authorized_hostgroup($hostgroup='') {
- if($hostgroup !='') {
- $this->authHostgroups[] = $hostgroup;
- //grab list of all host members of this host group and and array push into authHosts
- }
- }
-
- public function add_authorized_servicegroup($servicegroup='') {
- if($servicegroup!='') {
- $this->authServicegroups[] = $servicegroup;
- //grab list of all service members of this group and push into authServices array
- }
- }
-
public function setAuthKey($keyname,$value) {
if(isset($this->authKeys[$keyname])) {
$this->authKeys[$keyname] = $value;
}
}
+
+ //returns boolean
+ public function is_authorized_for_host($hostname) {
+ //echo "checking auth <br />";
+ //can user see everything?
+ if($this->admin == true || $this->sees_all == true) return true;
+ //user level filtering
+ if(array_key_exists($hostname,$this->authHosts) ) return true;
+ //not authorized
+ //echo "auth failed!<br />";
+ return false;
+ }
+
+ //returns boolean
+ public function is_authorized_for_service($hostname,$service) {
+ //can user see everything?
+ if($this->admin == true || $this->sees_all == true) return true;
+ //user level filtering
+
+ if(isset($this->authHosts[$hostname]) && in_array($service,$this->authHosts[$hostname]['services']) ) return true;
+ //not authorized
+
+ return false;
+ }
+
+ //main logic function for user-level filtering
+ private function build_authorized_objects() {
+ global $NagiosData;
+
+ //fetch necessary object config arrays
+ $hosts = $NagiosData->getProperty('hosts_objs');
+ $contactgroups = $NagiosData->getProperty('contactgroups');
+
+ //contactgroup memberships
+ $cg_memberships = array();
+
+ //find relevant contact groups for user
+ foreach($contactgroups as $cg)
+ {
+ //echo $cg['contactgroup_name'];
+ if(strpos($cg['members'],$this->username)!==false)
+ $cg_memberships[] = $cg['contactgroup_name'];
+ }
+
+ //echo "CG Memberships<br />";
+ //print_r($cg_memberships);
+
+ //check host for host->contact and host->contactgroup relationships
+
+ //////////////CREATE SINGLE MULTI-D HEIRARCHY ARRAY
+ /*
+ // $authObjects =
+ array ( 'localhost' array(
+ // 'host_name' => 'localhost'
+ // 'services' => array( 0 => service1
+ 1 => service2
+ 3 => service3 )
+ // )
+ */
+
+
+ foreach($hosts as $host)
+ {
+ $key = $host['host_name'];
+ if(isset($host['contacts']) && strpos($host['contacts'],$this->username) !== false)
+ {
+ if(!isset($this->authHosts[$key])) $this->authHosts[$key] = array('host_name' => $key, 'services' => array() );
+ $this->authHosts[$key]['host_name'] = $key;
+ continue; //skip to next
+ }
+ if(isset($host['contact_groups']))
+ {
+ $cgmems = explode(',',$host['contact_groups']);
+ foreach($cgmems as $cg)
+ {
+ if(in_array($cg,$cgmems))
+ {
+ $this->authHosts[$key]['host_name'] = $key;
+ break;
+ } //end IF
+
+ } //end FOREACH contactgroup member
+ }//end IF contactgroups set
+
+ }//end FOREACH host
+
+ //get services objects
+ $services = $NagiosData->getProperty('services_objs');
+ //echo "Services: <br /><pre>".print_r($services,true)."</pre>";
+
+ foreach($services as $service)
+ {
+ //$auth = false;
+ $key = $service['host_name'];
+ //check for authorized host first, if host is authorized add services
+ if(array_key_exists($key,$this->authHosts))
+ {
+ if(!isset($this->authHosts[$key])) $this->authHosts[$key] = array('host_name' => $key, 'services' =>array() );
+ if(!isset($this->authHosts[$key]['services'])) $this->authHosts[$key]['services'] = array();
+
+ //only add service if it's not already there
+ if(!in_array($service['service_description'], $this->authHosts[$key]['services']))
+ $this->authHosts[$key]['services'][] = $service['service_description'];
+ }
+
+ //check for authorization at the service level
+ if(isset($service['contacts']) && strpos($service['contacts'],$this->username) !== false)
+ {
+ //if(!isset($this->authHosts[$key])) $this->authHosts[$key] = array();
+ if(!in_array($service['service_description'], $this->authHosts[$key]['services']))
+ $this->authHosts[$key]['services'][] = $service['service_description'];
+ continue;
+ }
+
+ //check against contactgroups
+ if(isset($service['contact_groups']) )
+ {
+ $cgmems = explode(',',$service['contact_groups']);
+ foreach($cg_memberships as $cg)
+ {
+ if(in_array($cg,$cgmems))
+ {
+ //echo "key is: $key<br />";
+ $this->authHosts[$key]['services'][] = $service['service_description'];
+ break;
+ } //end IF
+ } //end FOREACH contactgroup member
+ } //end IF contactgroups
+ } //end services FOREACH
+
+ }//end function build_authorized_objects()
+
+
+
-
-
-
-}
+} //end NagiosUser class
Modified: nagiosvshell/branches/devel/vshell/data/data.inc.php
===================================================================
--- nagiosvshell/branches/devel/vshell/data/data.inc.php 2011-09-06 09:08:08 UTC (rev 1802)
+++ nagiosvshell/branches/devel/vshell/data/data.inc.php 2011-09-07 21:45:07 UTC (rev 1803)
@@ -58,7 +58,8 @@
require_once('data_utils.php');
require_once('NagiosData.php');
-$NagiosData = NagiosData::singleton();
+require_once('NagiosUser.php');
+
require_once('get_tac_data.php');
require_once('build_groups.php');
Modified: nagiosvshell/branches/devel/vshell/inc.inc.php
===================================================================
--- nagiosvshell/branches/devel/vshell/inc.inc.php 2011-09-06 09:08:08 UTC (rev 1802)
+++ nagiosvshell/branches/devel/vshell/inc.inc.php 2011-09-07 21:45:07 UTC (rev 1803)
@@ -53,7 +53,7 @@
//include files for local directory
include(dirname(__FILE__).'/constants.inc.php'); //DO NOT ADD INCLUDES ABOVE THIS LINE
-include(dirname(__FILE__).'/session.inc.php');
+
@@ -62,7 +62,7 @@
include(dirname(__FILE__).'/controllers/controllers.inc.php');
include(dirname(__FILE__).'/views/views.inc.php');
+include(dirname(__FILE__).'/session.inc.php');
-
?>
\ No newline at end of file
Modified: nagiosvshell/branches/devel/vshell/session.inc.php
===================================================================
--- nagiosvshell/branches/devel/vshell/session.inc.php 2011-09-06 09:08:08 UTC (rev 1802)
+++ nagiosvshell/branches/devel/vshell/session.inc.php 2011-09-07 21:45:07 UTC (rev 1803)
@@ -1,5 +1,13 @@
<?php //user authentication
+
+//initialize main classes
+$NagiosData = NagiosData::singleton();
+$NagiosUser = new NagiosUser();
+
+
+
+
//initializes all session variables as neccessary
function init_vshell()
{
@@ -16,33 +24,12 @@
textdomain(LANG);
+
+
}
-function get_user() //return $username if logged into nagios
-{
- // HTTP BASIC AUTHENTICATION through Nagios Core or XI
- //$remote_user="";
- if(isset($_SERVER["REMOTE_USER"]))
- {
- $remote_user=$_SERVER["REMOTE_USER"];
- //echo "REMOTE USER is set: $remote_user<br />";
- return $remote_user;
- }
- //digest authentication
- elseif(isset($_SERVER['PHP_AUTH_USER']))
- {
- //echo "Auth Digest detected".$_SERVER['PHP_AUTH_USER'];
- return $_SERVER['PHP_AUTH_USER'];
- }
- else
- {
- echo "Access Denied: No authentication detected.";
- return false;
- }
-
-}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|