[icinga-devel] CGI AUTH and restrict a user to read only ( patch )

Serge Noiraud Serge.Noiraud at bull.net
Wed Feb 1 11:27:03 CET 2012


Hi,

This the first time I send a request to this list.

My problem description :
I have some users associated by their contact to some hosts.
They can see all services and all hosts associated with their user account.
Ok, it works very well.
BUT, they can send commands for those hosts and services.
I want them to be read only.

I couln't find a solution for this.
So I add one directive to cgi.cfg :
authorized_for_read_only=user1,user2,...

So, here is my solution :
Is it the best way to do this ?
I add the following to cgiauth.c :
--- cgiauth.c.orig      2012-02-01 09:37:26.000000000 +0100
+++ cgiauth.c   2012-02-01 09:57:28.000000000 +0100
@@ -126,6 +126,12 @@
                                         if (!strcmp(temp_ptr, 
authinfo->username) || !strcmp(temp_ptr, "*"))
                                                 
authinfo->authorized_for_all_hosts = TRUE;
                                 }
+                       } else if (strstr(input, 
"authorized_for_read_only=") == input) {
+                               temp_ptr = strtok(input, "=");
+                               while ((temp_ptr = strtok(NULL, ","))) {
+                                       if (!strcmp(temp_ptr, 
authinfo->username))
+                                               
authinfo->authorized_for_read_only = TRUE;
+                               }
                         } else if (strstr(input, 
"authorized_for_all_services=") == input) {
                                 temp_ptr = strtok(input, "=");
                                 while ((temp_ptr = strtok(NULL, ","))) {

Serge




More information about the icinga-devel mailing list