Module: nagvis Branch: master Commit: e22d1fa5aa9255cb76e7ba99c9ef7dfc287466c9 URL: http://nagvis.git.sourceforge.net/git/gitweb.cgi?p=nagvis/nagvis;a=commit;h=e22d1fa5aa9255cb76e7ba99c9ef7dfc287466c9
Author: LaMi <[email protected]> Date: Tue Apr 6 21:20:26 2010 +0200 Made audit log configurable and removed repeating login messages when using logon dialog --- docs/en_US/nagvis_config_format_description.html | 3 ++ etc/nagvis.ini.php-sample | 4 +++ share/server/core/classes/CoreAuthHandler.php | 30 +++++++++++++-------- share/server/core/classes/GlobalMainCfg.php | 4 +++ 4 files changed, 29 insertions(+), 12 deletions(-) diff --git a/docs/en_US/nagvis_config_format_description.html b/docs/en_US/nagvis_config_format_description.html index f83b678..1372c36 100644 --- a/docs/en_US/nagvis_config_format_description.html +++ b/docs/en_US/nagvis_config_format_description.html @@ -55,6 +55,9 @@ <th width="200"> Value </th><th width="150"> Default </th><th> Description </th> </tr> <tr> + <td>audit_log</td><td>1</td><td>Enable/Disable logging of security related user actions in Nagvis. For example user logins and logouts are logged in var/nagvis-audit.log. (<font color="#ff0000">New in 1.5</font>)</td> + </tr> + <tr> <td>authmodule</td><td>CoreAuthModSQLite</td><td>Defines the authentication module to use. By default NagVis uses the built-in SQLite authentication module. On delivery there is no other authentication module available. It is possible to add own authentication modules for supporting other authentication mechanism. For details have a look at the <a href="auth_modules.html">authentication module</a> documentation. (<font color="#ff0000">New in 1.5</font>)</td> </tr> <tr> diff --git a/etc/nagvis.ini.php-sample b/etc/nagvis.ini.php-sample index 2cf2e4c..f520db1 100644 --- a/etc/nagvis.ini.php-sample +++ b/etc/nagvis.ini.php-sample @@ -15,6 +15,10 @@ ; General options which affect the whole NagVis installation [global] +; Enable/Disable logging of security related user actions in Nagvis. For +; example user logins and logouts are logged in var/nagvis-audit.log +;audit_log="1" +; ; Defines the authentication module to use. By default NagVis uses the built-in ; SQLite authentication module. On delivery there is no other authentication ; module available. It is possible to add own authentication modules for diff --git a/share/server/core/classes/CoreAuthHandler.php b/share/server/core/classes/CoreAuthHandler.php index 4b2e6ad..5fa2834 100644 --- a/share/server/core/classes/CoreAuthHandler.php +++ b/share/server/core/classes/CoreAuthHandler.php @@ -137,18 +137,22 @@ class CoreAuthHandler { public function isAuthenticated($bTrustUsername = AUTH_NOT_TRUST_USERNAME) { // Don't do these things twice if($this->bIsAuthenticated === null) { - $ALOG = new CoreLog($this->CORE->getMainCfg()->getValue('paths', 'var').'nagvis-audit.log', - $this->CORE->getMainCfg()->getValue('global', 'dateformat')); + if((bool) $this->CORE->getMainCfg()->getValue('global', 'audit_log') === true) + $ALOG = new CoreLog($this->CORE->getMainCfg()->getValue('paths', 'var').'nagvis-audit.log', + $this->CORE->getMainCfg()->getValue('global', 'dateformat')); + else + $ALOG = null; + + if($this->SESS->isSetAndNotEmpty('authCredentials')) + $bAlreadyAuthed = true; + else + $bAlreadyAuthed = false; // When the user authenticated in trust mode read it here and override // the value handed over with the function call. // The isAuthentication() function will then only check if the user exists. - if($this->SESS->isSetAndNotEmpty('authTrusted')) { - $bAlreadyAuthed = true; + if($this->SESS->isSetAndNotEmpty('authTrusted')) $bTrustUsername = AUTH_TRUST_USERNAME; - } else { - $bAlreadyAuthed = false; - } // Ask the module $this->bIsAuthenticated = $this->MOD->isAuthenticated($bTrustUsername); @@ -162,11 +166,11 @@ class CoreAuthHandler { $this->SESS->set('authTrusted', AUTH_TRUST_USERNAME); } - if(!$bAlreadyAuthed) + if($ALOG !== null && !$bAlreadyAuthed) $ALOG->l('User logged in ('.$this->getUser().' / '.$this->getUserId().'): '.$this->sModuleName); } - if($this->bIsAuthenticated === false && $this->sModuleName != 'CoreAuthModSession') { + if($ALOG !== null && $this->bIsAuthenticated === false && $this->sModuleName != 'CoreAuthModSession') { $ALOG->l('User login failed ('.$this->getUser().' / '.$this->getUserId().'): '.$this->sModuleName); } @@ -186,9 +190,11 @@ class CoreAuthHandler { public function logout() { if($this->logoutSupported()) { - $ALOG = new CoreLog($this->CORE->getMainCfg()->getValue('paths', 'var').'nagvis-audit.log', - $this->CORE->getMainCfg()->getValue('global', 'dateformat')); - $ALOG->l('User logged out ('.$this->getUser().' / '.$this->getUserId().'): '.$this->sModuleName); + if((bool) $this->CORE->getMainCfg()->getValue('global', 'audit_log') === true) { + $ALOG = new CoreLog($this->CORE->getMainCfg()->getValue('paths', 'var').'nagvis-audit.log', + $this->CORE->getMainCfg()->getValue('global', 'dateformat')); + $ALOG->l('User logged out ('.$this->getUser().' / '.$this->getUserId().'): '.$this->sModuleName); + } // Remove the login information $this->SESS->set('authCredentials', false); diff --git a/share/server/core/classes/GlobalMainCfg.php b/share/server/core/classes/GlobalMainCfg.php index b6f50ff..6c092e5 100644 --- a/share/server/core/classes/GlobalMainCfg.php +++ b/share/server/core/classes/GlobalMainCfg.php @@ -48,6 +48,10 @@ class GlobalMainCfg { $this->validConfig = Array( 'global' => Array( + 'audit_log' => Array('must' => 1, + 'editable' => 1, + 'default' => true, + 'match' => MATCH_BOOLEAN), 'authmodule' => Array('must' => 1, 'editable' => 1, 'default' => 'CoreAuthModSQLite', ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Nagvis-checkins mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nagvis-checkins
