[Nagios-checkins] SF.net SVN: nagios:[1803] nagiosvshell/branches/devel/vshell
Nagios network monitoring software is enterprise server monitoring
Brought to you by:
egalstad,
sawolf-nagios
From: <mgu...@us...> - 2011-09-07 21:45:14
|
Revision: 1803 http://nagios.svn.sourceforge.net/nagios/?rev=1803&view=rev Author: mguthrie88 Date: 2011-09-07 21:45:07 +0000 (Wed, 07 Sep 2011) Log Message: ----------- Restructuring interface to allow for user-level filtering. Created function NagiosUser class that will handle all authorization functionality Began restructuring controller, separated functions into new scripts for easier maintainance Modified Paths: -------------- nagiosvshell/branches/devel/vshell/controllers/controller.php nagiosvshell/branches/devel/vshell/controllers/controllers.inc.php nagiosvshell/branches/devel/vshell/data/NagiosData.php nagiosvshell/branches/devel/vshell/data/NagiosUser.php nagiosvshell/branches/devel/vshell/data/data.inc.php nagiosvshell/branches/devel/vshell/inc.inc.php nagiosvshell/branches/devel/vshell/session.inc.php Added Paths: ----------- nagiosvshell/branches/devel/vshell/controllers/data_functions.inc.php nagiosvshell/branches/devel/vshell/controllers/filtering_functions.inc.php nagiosvshell/branches/devel/vshell/controllers/output_functions.inc.php Modified: nagiosvshell/branches/devel/vshell/controllers/controller.php =================================================================== --- nagiosvshell/branches/devel/vshell/controllers/controller.php 2011-09-06 09:08:08 UTC (rev 1802) +++ nagiosvshell/branches/devel/vshell/controllers/controller.php 2011-09-07 21:45:07 UTC (rev 1803) @@ -179,41 +179,9 @@ } -function process_state_filter($filter_str) -{ - $ret_filter = NULL; - $filter_str = strtoupper($filter_str); - $valid_states = array('UP', 'DOWN', 'UNREACHABLE', 'OK', 'CRITICAL', - 'WARNING', 'UNKNOWN', 'PENDING', 'PROBLEMS','UNHANDLED', 'ACKNOWLEDGED'); - if (in_array($filter_str, $valid_states)) - { - $ret_filter = $filter_str; - } - return $ret_filter; -} -function process_name_filter($filter_str) { - //$filter_str = preg_quote($filter_str, '/'); //removed strtolower -MG - $filter_str = strtolower(rawurldecode($filter_str)); - return $filter_str; -} - -function process_objtype_filter($filter_str) -{ - $ret_filter = NULL; - $filter_str = strtolower($filter_str); - $valid_objtypes = array('hosts_objs', 'services_objs', 'hostgroups_objs', 'servicegroups_objs', - 'timeperiods', 'contacts', 'contactgroups', 'commands'); - if (in_array($filter_str, $valid_objtypes)) - { - $ret_filter = $filter_str; - } - return $ret_filter; -} - - function mode_header($mode) { $retval = ''; @@ -243,169 +211,8 @@ return $retval; } -function hosts_and_services_data($type, $state_filter=NULL, $name_filter=NULL) -{ - global $NagiosData; - $data = $NagiosData->getProperty($type); - $data_in = $data; - if ($state_filter) - { - if($state_filter == 'PROBLEMS' || $state_filter == 'UNHANDLED' || $state_filter == 'ACKNOWLEDGED') //merge arrays for multiple states - { - $data = array_merge(get_by_state('UNKNOWN', $data_in), get_by_state('CRITICAL', $data_in), - get_by_state('WARNING', $data_in), get_by_state('UNREACHABLE', $data_in), - get_by_state('DOWN', $data_in)); - if($state_filter == 'UNHANDLED') //filter down problem array - { - //loop and return array - $unhandled = array(); - foreach($data as $d) - { - if($d['problem_has_been_acknowledged'] == 0 && $d['scheduled_downtime_depth'] == 0) $unhandled[] = $d; - } - $data = $unhandled; - }//end unhandled if - if($state_filter == 'ACKNOWLEDGED') - { - //loop and return array - $acknowledged = array(); - foreach($data as $d) - { - if($d['problem_has_been_acknowledged'] > 0 || $d['scheduled_downtime_depth'] > 0) $acknowledged[] = $d; - } - $data = $acknowledged; - }//end acknowledged if - } - else - { - $data = get_by_state($state_filter, $data); - } - } - if ($name_filter) - { - $name_data = get_by_name($name_filter, $data); - $service_data = get_by_name($name_filter, $data, 'service_description'); - $data = $name_data; - foreach ($service_data as $i => $service) - { - if (!isset($data[$i])) { $data[$i] = $service; } - } - } - //var_dump($data); - return $data; -} - -function hosts_and_services_output($type, $data, $mode) -{ - $retval = ''; - switch($mode) - { - case 'html': - list($start, $limit) = get_pagination_values(); - $title = ucwords(preg_replace('/objs/', 'Objects', preg_replace('/_/', ' ', $type))); - include_once(DIRBASE.'/views/'.$type.'.php'); - $display_function = 'display_'.$type; - $retval = $display_function($data, $start, $limit); - break; - } - return $retval; -} - -function hostgroups_and_servicegroups_data($type, $name_filter=NULL) -{ - include_once(DIRBASE.'/views/'.$type.'.php'); - $data_function = 'get_'.preg_replace('/s$/', '', $type).'_data'; - $data = $data_function(); - if ($name_filter) - { - - // TODO filters against Services and/or hosts within groups, status of services/hosts in groups, etc... - $name = preg_quote($name_filter, '/'); - $match_keys = array_filter(array_keys($data), create_function('$d', 'return !preg_match("/'.$name.'/i", $d);')); - // XXX is there a better way? - foreach ($match_keys as $key) - { - unset($data[$key]); - } - } - return $data; -} - -function hostgroups_and_servicegroups_output($type, $data, $mode) -{ - $retval = ''; - switch($mode) - { - case 'html': - $title = ucwords(preg_replace('/objs/', 'Objects', preg_replace('/_/', ' ', $type))); - $display_function = 'display_'.$type; - $retval = $display_function($data); - break; - } - return $retval; -} - -function host_and_service_detail_data($type, $name) -{ - $data_function = 'process_'.preg_replace('/detail/', '_detail', $type); - $data = $data_function(stripslashes($name)); //added stripslashes because hostnames with periods had them in the variable -MG - return $data; -} - -function host_and_service_detail_output($type, $data, $mode) -{ - $retval = ''; - switch($mode) - { - case 'html': - require_once(DIRBASE.'/views/'.$type.'s.php'); - $display_function = 'get_'.preg_replace('/detail/', '_detail', $type).'s'; - $retval = $display_function($data); - break; - } - return $retval; -} - -function object_data($objtype_filter, $name_filter) -{ - $valid_objtype_filters = array('hosts_objs', 'services_objs', 'hostgroups_objs', 'servicegroups_objs', - 'timeperiods', 'contacts', 'contactgroups', 'commands'); - - if (in_array($objtype_filter, $valid_objtype_filters)) { - global $NagiosData; - $data = $NagiosData->getProperty($objtype_filter); - - if ($name_filter) - { - $name_data = get_by_name($name_filter, $data); - $service_data = get_by_name($name_filter, $data, 'service_description'); - - $data = $name_data; - foreach ($service_data as $i => $service) - { - if (!isset($data[$i])) { $data[$i] = $service; } - } - } - } - return $data; -} - -function object_output($objtype_filter, $data, $mode) -{ - $retval = ''; - switch($mode) - { - case 'html': - include(DIRBASE.'/views/config_viewer.php'); - $retval = build_object_list($data, $objtype_filter); - break; - } - return $retval; -} - - function get_pagination_values() { $start = isset($_GET['start']) ? htmlentities($_GET['start']) : 0; @@ -420,34 +227,10 @@ return array($start, $limit); } -//////////////////////////////////////////////////////////// -//$username is obtained from $_SERVER authorized user for nagios -// -function set_perms($username) -{ - global $NagiosData; - $permissions = $NagiosData->getProperty('permissions'); - foreach($permissions as $key => $array)//perms = array('system_information' - { - foreach($array as $user) - { - if($user == $username || $user == '*') - { - //print "authorizing $username"; - authorize($key); - } - } - } -} -////////////////////////////////////////////////////// -// -//activates authorization for user. See authorizations.inc.php for auth list -// -function authorize($auth) //sets global permission -{ - global $authorizations; //global authorization array controller - $authorizations[$auth] = 1; -} + + + + ?> Modified: nagiosvshell/branches/devel/vshell/controllers/controllers.inc.php =================================================================== --- nagiosvshell/branches/devel/vshell/controllers/controllers.inc.php 2011-09-06 09:08:08 UTC (rev 1802) +++ nagiosvshell/branches/devel/vshell/controllers/controllers.inc.php 2011-09-07 21:45:07 UTC (rev 1803) @@ -53,5 +53,8 @@ include(dirname(__FILE__).'/controller.php'); include(dirname(__FILE__).'/authorizations.inc.php'); include(dirname(__FILE__).'/status_functions.php'); +include(dirname(__FILE__).'/output_functions.inc.php'); +include(dirname(__FILE__).'/filtering_functions.inc.php'); +include(dirname(__FILE__).'/data_functions.inc.php'); ?> Added: nagiosvshell/branches/devel/vshell/controllers/data_functions.inc.php =================================================================== --- nagiosvshell/branches/devel/vshell/controllers/data_functions.inc.php (rev 0) +++ nagiosvshell/branches/devel/vshell/controllers/data_functions.inc.php 2011-09-07 21:45:07 UTC (rev 1803) @@ -0,0 +1,127 @@ +<?php //data_functions.inc.php + + + + + +function hosts_and_services_data($type, $state_filter=NULL, $name_filter=NULL) +{ + global $NagiosData; + global $NagiosUser; + $data = $NagiosData->getProperty($type); + + + //add filter for user-level filtering + if(!$NagiosUser->is_admin()) { + //print $type; + $data = user_filtering($data,$type); + } + + $data_in = $data; + + if ($state_filter) + { + if($state_filter == 'PROBLEMS' || $state_filter == 'UNHANDLED' || $state_filter == 'ACKNOWLEDGED') //merge arrays for multiple states + { + + $data = array_merge(get_by_state('UNKNOWN', $data_in), get_by_state('CRITICAL', $data_in), + get_by_state('WARNING', $data_in), get_by_state('UNREACHABLE', $data_in), + get_by_state('DOWN', $data_in)); + if($state_filter == 'UNHANDLED') //filter down problem array + { + //loop and return array + $unhandled = array(); + foreach($data as $d) + { + if($d['problem_has_been_acknowledged'] == 0 && $d['scheduled_downtime_depth'] == 0) $unhandled[] = $d; + } + $data = $unhandled; + }//end unhandled if + if($state_filter == 'ACKNOWLEDGED') + { + //loop and return array + $acknowledged = array(); + foreach($data as $d) + { + if($d['problem_has_been_acknowledged'] > 0 || $d['scheduled_downtime_depth'] > 0) $acknowledged[] = $d; + } + $data = $acknowledged; + }//end acknowledged if + } + else + { + $data = get_by_state($state_filter, $data); + } + } + if ($name_filter) + { + $name_data = get_by_name($name_filter, $data); + $service_data = get_by_name($name_filter, $data, 'service_description'); + $data = $name_data; + foreach ($service_data as $i => $service) + { + if (!isset($data[$i])) { $data[$i] = $service; } + } + } + //var_dump($data); + return $data; +} + + + +function host_and_service_detail_data($type, $name) +{ + $data_function = 'process_'.preg_replace('/detail/', '_detail', $type); + $data = $data_function(stripslashes($name)); //added stripslashes because hostnames with periods had them in the variable -MG + return $data; +} + + + +function hostgroups_and_servicegroups_data($type, $name_filter=NULL) +{ + include_once(DIRBASE.'/views/'.$type.'.php'); + $data_function = 'get_'.preg_replace('/s$/', '', $type).'_data'; + $data = $data_function(); + if ($name_filter) + { + + // TODO filters against Services and/or hosts within groups, status of services/hosts in groups, etc... + $name = preg_quote($name_filter, '/'); + $match_keys = array_filter(array_keys($data), create_function('$d', 'return !preg_match("/'.$name.'/i", $d);')); + // XXX is there a better way? + foreach ($match_keys as $key) + { + unset($data[$key]); + } + } + return $data; +} + +function object_data($objtype_filter, $name_filter) +{ + $valid_objtype_filters = array('hosts_objs', 'services_objs', 'hostgroups_objs', 'servicegroups_objs', + 'timeperiods', 'contacts', 'contactgroups', 'commands'); + + if (in_array($objtype_filter, $valid_objtype_filters)) { + global $NagiosData; + $data = $NagiosData->getProperty($objtype_filter); + + if ($name_filter) + { + $name_data = get_by_name($name_filter, $data); + $service_data = get_by_name($name_filter, $data, 'service_description'); + + $data = $name_data; + foreach ($service_data as $i => $service) + { + if (!isset($data[$i])) { $data[$i] = $service; } + } + } + } + return $data; +} + + + +?> \ No newline at end of file Added: nagiosvshell/branches/devel/vshell/controllers/filtering_functions.inc.php =================================================================== --- nagiosvshell/branches/devel/vshell/controllers/filtering_functions.inc.php (rev 0) +++ nagiosvshell/branches/devel/vshell/controllers/filtering_functions.inc.php 2011-09-07 21:45:07 UTC (rev 1803) @@ -0,0 +1,67 @@ +<?php //filtering_functions.inc.php + + + + +function user_filtering($data,$type) +{ + global $NagiosUser; + $new_data = array(); + //rebuild array for auth hosts + if($type=='hosts') { + foreach($data as $d) { + //echo $d['host_name']; + if($NagiosUser->is_authorized_for_host($d['host_name']) ) $new_data[] = $d; + + } + } + //rebuild array for auth services + if($type=='services') { + foreach($data as $d) { + //print "<pre>".print_r($d,true)."</pre>"; + if($NagiosUser->is_authorized_for_service($d['host_name'],$d['service_description'])) $new_data[] = $d; + //die(); + } + } + return $new_data; + +} + + +function process_state_filter($filter_str) +{ + $ret_filter = NULL; + $filter_str = strtoupper($filter_str); + $valid_states = array('UP', 'DOWN', 'UNREACHABLE', 'OK', 'CRITICAL', + 'WARNING', 'UNKNOWN', 'PENDING', 'PROBLEMS','UNHANDLED', 'ACKNOWLEDGED'); + + + if (in_array($filter_str, $valid_states)) + { + $ret_filter = $filter_str; + } + return $ret_filter; +} + +function process_name_filter($filter_str) { + //$filter_str = preg_quote($filter_str, '/'); //removed strtolower -MG + $filter_str = strtolower(rawurldecode($filter_str)); + return $filter_str; +} + +function process_objtype_filter($filter_str) +{ + $ret_filter = NULL; + $filter_str = strtolower($filter_str); + $valid_objtypes = array('hosts_objs', 'services_objs', 'hostgroups_objs', 'servicegroups_objs', + 'timeperiods', 'contacts', 'contactgroups', 'commands'); + if (in_array($filter_str, $valid_objtypes)) + { + $ret_filter = $filter_str; + } + return $ret_filter; +} + + + +?> \ No newline at end of file Added: nagiosvshell/branches/devel/vshell/controllers/output_functions.inc.php =================================================================== --- nagiosvshell/branches/devel/vshell/controllers/output_functions.inc.php (rev 0) +++ nagiosvshell/branches/devel/vshell/controllers/output_functions.inc.php 2011-09-07 21:45:07 UTC (rev 1803) @@ -0,0 +1,64 @@ +<?php //output_functions.inc.php + +function object_output($objtype_filter, $data, $mode) +{ + $retval = ''; + switch($mode) + { + case 'html': + include(DIRBASE.'/views/config_viewer.php'); + $retval = build_object_list($data, $objtype_filter); + break; + } + return $retval; +} + + + +function host_and_service_detail_output($type, $data, $mode) +{ + $retval = ''; + switch($mode) + { + case 'html': + require_once(DIRBASE.'/views/'.$type.'s.php'); + $display_function = 'get_'.preg_replace('/detail/', '_detail', $type).'s'; + $retval = $display_function($data); + break; + } + return $retval; +} + + +function hostgroups_and_servicegroups_output($type, $data, $mode) +{ + $retval = ''; + switch($mode) + { + case 'html': + $title = ucwords(preg_replace('/objs/', 'Objects', preg_replace('/_/', ' ', $type))); + $display_function = 'display_'.$type; + $retval = $display_function($data); + break; + } + return $retval; +} + + +function hosts_and_services_output($type, $data, $mode) +{ + $retval = ''; + switch($mode) + { + case 'html': + list($start, $limit) = get_pagination_values(); + $title = ucwords(preg_replace('/objs/', 'Objects', preg_replace('/_/', ' ', $type))); + include_once(DIRBASE.'/views/'.$type.'.php'); + $display_function = 'display_'.$type; + $retval = $display_function($data, $start, $limit); + break; + } + return $retval; +} + +?> \ No newline at end of file Modified: nagiosvshell/branches/devel/vshell/data/NagiosData.php =================================================================== --- nagiosvshell/branches/devel/vshell/data/NagiosData.php 2011-09-06 09:08:08 UTC (rev 1802) +++ nagiosvshell/branches/devel/vshell/data/NagiosData.php 2011-09-07 21:45:07 UTC (rev 1803) @@ -77,6 +77,12 @@ self::$instance->__update(); return self::$instance; } + + + public function dumpVars() + { + return $this->_vars; + } /* General purpose "getter" for protected properties * @@ -179,14 +185,11 @@ 'hostgroups_objs', 'servicegroups_objs', 'contacts', 'contactgroups', 'timeperiods', 'commands', 'hostgroups', 'servicegroups', 'program'); - self::$instance->_set_vars(cache_or_disk('objects', OBJECTSFILE, - $disk_cache_keys)); + self::$instance->_set_vars(cache_or_disk('objects', OBJECTSFILE, $disk_cache_keys)); - self::$instance->_set_vars(cache_or_disk('perms', CGICFG, - array('permissions'))); + self::$instance->_set_vars(cache_or_disk('perms', CGICFG, array('permissions'))); - self::$instance->_set_vars(cache_or_disk('status', STATUSFILE, - array('hosts', 'services', 'comments', 'info', 'details', 'program'))); + self::$instance->_set_vars(cache_or_disk('status', STATUSFILE, array('hosts', 'services', 'comments', 'info', 'details', 'program'))); } Modified: nagiosvshell/branches/devel/vshell/data/NagiosUser.php =================================================================== --- nagiosvshell/branches/devel/vshell/data/NagiosUser.php 2011-09-06 09:08:08 UTC (rev 1802) +++ nagiosvshell/branches/devel/vshell/data/NagiosUser.php 2011-09-07 21:45:07 UTC (rev 1803) @@ -4,34 +4,101 @@ class NagiosUser -{ - global $NagiosData; - private static $instance; - public $username; - +{ //boolean for users who can see and access all features - protected $admin = false; + protected $admin = false; + //boolean for viewing all hosts and services + protected $sees_all = false; //array for storing global authorizations from cgi file protected $authKeys = array( - 'authorized_for_all_host_commands' = false; - 'authorized_for_all_hosts' = false; - 'authorized_for_all_service_commands' = false; - 'authorized_for_all_services' = false; - 'authorized_for_configuration_information' = false; - 'authorized_for_system_commands' = false; - 'authorized_for_system_information' = false; - 'authorized_for_read_only' = true; + 'authorized_for_all_host_commands' => false, + 'authorized_for_all_hosts' => false, + 'authorized_for_all_service_commands' => false, + 'authorized_for_all_services' => false, + 'authorized_for_configuration_information' => false, + 'authorized_for_system_commands' => false, + 'authorized_for_system_information' => false, + 'authorized_for_read_only' => true, ); protected $authHosts = array(); - protected $authServices = array(); - protected $authHostgroups = array(); - protected $authServicegroups = array(); - - //constructor - function __construct($username) { - $this->username = $username; + //protected $authServices = array(); + protected $username; + + //constructor + //initialize authorized hosts and services only upon construction and then cache data + //TODO move towards session auth so this info gets updated upon login and restart of Nagios + + function __construct($username=false) { + //some users have requested to turn off authentication or user other methods, this allows override and backwards compatibility + if(!$username) + $this->username = $this->get_user(); + else $this->username = $username; //for users that hard-code a username: NOT RECOMMENDED + + //build main authKeys array + $this->set_perms(); + + $this->admin = $this->determine_admin(); + + //if user level account, determin authorized objects + if(!$this->admin) { + //check fo see if user can see all hosts and services + $this->sees_all = ($this->authKeys['authorized_for_all_hosts'] == true && $this->authKeys['authorized_for_all_services']) ? true : false; + //build auth objects array + $this->build_authorized_objects(); + } + //print_r($this->authHosts); + + } + + private function get_user() + { + // HTTP BASIC AUTHENTICATION through Nagios Core or XI + //$remote_user=""; + if(isset($_SERVER["REMOTE_USER"])) + { + $remote_user=$_SERVER["REMOTE_USER"]; + //echo "REMOTE USER is set: $remote_user<br />"; + return $remote_user; + } + //digest authentication + elseif(isset($_SERVER['PHP_AUTH_USER'])) + { + //echo "Auth Digest detected".$_SERVER['PHP_AUTH_USER']; + return $_SERVER['PHP_AUTH_USER']; + } + else + { + echo "Access Denied: No authentication detected."; + return false; + } + + } + + //////////////////////////////////////////////////////////// + //$username is obtained from $_SERVER authorized user for nagios + // + private function set_perms() + { + global $NagiosData; + $permissions = $NagiosData->getProperty('permissions'); + + foreach($permissions as $key => $array) { + foreach($array as $user) { + if($user == $this->username || $user == '*') $this->authorize($key); + } + } + } + ////////////////////////////////////////////////////// + // + //activates authorization for user. See authorizations.inc.php for auth list + // + private function authorize($auth) //sets global permission + { + global $authorizations; //global authorization array controller + $authorizations[$auth] = 1; + $this->authKeys[$auth] = true; } ///////////////get methods @@ -42,66 +109,175 @@ public function get_authorized_services() { return $this->authServices; } + + public function get_username() { + return $this->username; + } - public function get_authorized_hostgroups() { - return $this->authHostgroups; - } - - public function get_authorized_servicegroups() { - return $this->authServicegroups; - } - public function is_admin() { - return $admin; + return $this->admin; } public function if_has_authKey($key) { if(isset($this->authKeys[$key])) - return $this->authKeys['authorized_for_all_hosts']; + return $this->authKeys[$key]; else return false; } + + private function determine_admin() { + $bool = true; + foreach($this->authKeys as $key) + { + if($key != true) return false; + } + return true; + + } - /////////////add/set methods /////////////////////////// - public add_authorized_host($hostname='') { - if($hostname !='') $this->authHosts[] = $hostname; - } - public function add_authorized_service($hostname='',$service='',$hostgroup=false) { - if($hostgroup && $service !='') { - //add logic if it's a service->hostgroup assignment - } - elseif($hostname!='',$service='') { //normal host:service addition - $this->authServices[] = $hostname.'::'.$service; - } - else return; - } - - public function add_authorized_hostgroup($hostgroup='') { - if($hostgroup !='') { - $this->authHostgroups[] = $hostgroup; - //grab list of all host members of this host group and and array push into authHosts - } - } - - public function add_authorized_servicegroup($servicegroup='') { - if($servicegroup!='') { - $this->authServicegroups[] = $servicegroup; - //grab list of all service members of this group and push into authServices array - } - } - public function setAuthKey($keyname,$value) { if(isset($this->authKeys[$keyname])) { $this->authKeys[$keyname] = $value; } } + + //returns boolean + public function is_authorized_for_host($hostname) { + //echo "checking auth <br />"; + //can user see everything? + if($this->admin == true || $this->sees_all == true) return true; + //user level filtering + if(array_key_exists($hostname,$this->authHosts) ) return true; + //not authorized + //echo "auth failed!<br />"; + return false; + } + + //returns boolean + public function is_authorized_for_service($hostname,$service) { + //can user see everything? + if($this->admin == true || $this->sees_all == true) return true; + //user level filtering + + if(isset($this->authHosts[$hostname]) && in_array($service,$this->authHosts[$hostname]['services']) ) return true; + //not authorized + + return false; + } + + //main logic function for user-level filtering + private function build_authorized_objects() { + global $NagiosData; + + //fetch necessary object config arrays + $hosts = $NagiosData->getProperty('hosts_objs'); + $contactgroups = $NagiosData->getProperty('contactgroups'); + + //contactgroup memberships + $cg_memberships = array(); + + //find relevant contact groups for user + foreach($contactgroups as $cg) + { + //echo $cg['contactgroup_name']; + if(strpos($cg['members'],$this->username)!==false) + $cg_memberships[] = $cg['contactgroup_name']; + } + + //echo "CG Memberships<br />"; + //print_r($cg_memberships); + + //check host for host->contact and host->contactgroup relationships + + //////////////CREATE SINGLE MULTI-D HEIRARCHY ARRAY + /* + // $authObjects = + array ( 'localhost' array( + // 'host_name' => 'localhost' + // 'services' => array( 0 => service1 + 1 => service2 + 3 => service3 ) + // ) + */ + + + foreach($hosts as $host) + { + $key = $host['host_name']; + if(isset($host['contacts']) && strpos($host['contacts'],$this->username) !== false) + { + if(!isset($this->authHosts[$key])) $this->authHosts[$key] = array('host_name' => $key, 'services' => array() ); + $this->authHosts[$key]['host_name'] = $key; + continue; //skip to next + } + if(isset($host['contact_groups'])) + { + $cgmems = explode(',',$host['contact_groups']); + foreach($cgmems as $cg) + { + if(in_array($cg,$cgmems)) + { + $this->authHosts[$key]['host_name'] = $key; + break; + } //end IF + + } //end FOREACH contactgroup member + }//end IF contactgroups set + + }//end FOREACH host + + //get services objects + $services = $NagiosData->getProperty('services_objs'); + //echo "Services: <br /><pre>".print_r($services,true)."</pre>"; + + foreach($services as $service) + { + //$auth = false; + $key = $service['host_name']; + //check for authorized host first, if host is authorized add services + if(array_key_exists($key,$this->authHosts)) + { + if(!isset($this->authHosts[$key])) $this->authHosts[$key] = array('host_name' => $key, 'services' =>array() ); + if(!isset($this->authHosts[$key]['services'])) $this->authHosts[$key]['services'] = array(); + + //only add service if it's not already there + if(!in_array($service['service_description'], $this->authHosts[$key]['services'])) + $this->authHosts[$key]['services'][] = $service['service_description']; + } + + //check for authorization at the service level + if(isset($service['contacts']) && strpos($service['contacts'],$this->username) !== false) + { + //if(!isset($this->authHosts[$key])) $this->authHosts[$key] = array(); + if(!in_array($service['service_description'], $this->authHosts[$key]['services'])) + $this->authHosts[$key]['services'][] = $service['service_description']; + continue; + } + + //check against contactgroups + if(isset($service['contact_groups']) ) + { + $cgmems = explode(',',$service['contact_groups']); + foreach($cg_memberships as $cg) + { + if(in_array($cg,$cgmems)) + { + //echo "key is: $key<br />"; + $this->authHosts[$key]['services'][] = $service['service_description']; + break; + } //end IF + } //end FOREACH contactgroup member + } //end IF contactgroups + } //end services FOREACH + + }//end function build_authorized_objects() + + + - - - -} +} //end NagiosUser class Modified: nagiosvshell/branches/devel/vshell/data/data.inc.php =================================================================== --- nagiosvshell/branches/devel/vshell/data/data.inc.php 2011-09-06 09:08:08 UTC (rev 1802) +++ nagiosvshell/branches/devel/vshell/data/data.inc.php 2011-09-07 21:45:07 UTC (rev 1803) @@ -58,7 +58,8 @@ require_once('data_utils.php'); require_once('NagiosData.php'); -$NagiosData = NagiosData::singleton(); +require_once('NagiosUser.php'); + require_once('get_tac_data.php'); require_once('build_groups.php'); Modified: nagiosvshell/branches/devel/vshell/inc.inc.php =================================================================== --- nagiosvshell/branches/devel/vshell/inc.inc.php 2011-09-06 09:08:08 UTC (rev 1802) +++ nagiosvshell/branches/devel/vshell/inc.inc.php 2011-09-07 21:45:07 UTC (rev 1803) @@ -53,7 +53,7 @@ //include files for local directory include(dirname(__FILE__).'/constants.inc.php'); //DO NOT ADD INCLUDES ABOVE THIS LINE -include(dirname(__FILE__).'/session.inc.php'); + @@ -62,7 +62,7 @@ include(dirname(__FILE__).'/controllers/controllers.inc.php'); include(dirname(__FILE__).'/views/views.inc.php'); +include(dirname(__FILE__).'/session.inc.php'); - ?> \ No newline at end of file Modified: nagiosvshell/branches/devel/vshell/session.inc.php =================================================================== --- nagiosvshell/branches/devel/vshell/session.inc.php 2011-09-06 09:08:08 UTC (rev 1802) +++ nagiosvshell/branches/devel/vshell/session.inc.php 2011-09-07 21:45:07 UTC (rev 1803) @@ -1,5 +1,13 @@ <?php //user authentication + +//initialize main classes +$NagiosData = NagiosData::singleton(); +$NagiosUser = new NagiosUser(); + + + + //initializes all session variables as neccessary function init_vshell() { @@ -16,33 +24,12 @@ textdomain(LANG); + + } -function get_user() //return $username if logged into nagios -{ - // HTTP BASIC AUTHENTICATION through Nagios Core or XI - //$remote_user=""; - if(isset($_SERVER["REMOTE_USER"])) - { - $remote_user=$_SERVER["REMOTE_USER"]; - //echo "REMOTE USER is set: $remote_user<br />"; - return $remote_user; - } - //digest authentication - elseif(isset($_SERVER['PHP_AUTH_USER'])) - { - //echo "Auth Digest detected".$_SERVER['PHP_AUTH_USER']; - return $_SERVER['PHP_AUTH_USER']; - } - else - { - echo "Access Denied: No authentication detected."; - return false; - } - -} This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |