Author: Lars Michelsen <[email protected]>
Date: Mon Nov 19 09:18:06 2012 +0100
Committer: Lars Michelsen <[email protected]>
Commit-Date: Mon Nov 19 09:18:06 2012 +0100
NagVis LogonMultisite module now supports both cookie formats, old and new one
---
ChangeLog | 2 +-
etc/nagvis.ini.php-sample | 16 ++-----
share/server/core/classes/CoreLogonMultisite.php | 52 ++++++++++++++--------
share/server/core/classes/GlobalMainCfg.php | 4 +-
4 files changed, 42 insertions(+), 32 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 70b1cf6..5833d63 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,6 @@
1.7.4
Core:
- * Added new logon module CoreLogonMultisite121 to support the
+ * Extended logon module CoreLogonMultisite to support the
new cookie format of Check_MK 1.2.1i2 and newer
Frontend:
diff --git a/etc/nagvis.ini.php-sample b/etc/nagvis.ini.php-sample
index e5fc271..18a5317 100644
--- a/etc/nagvis.ini.php-sample
+++ b/etc/nagvis.ini.php-sample
@@ -108,23 +108,17 @@
;
; LogonMultisite: This module uses the authentication provided by auth_*
cookies
; which have been generated by Check_MK multisite when using the cookie based
-; authentication. Special options for this module:
+; authentication. Since 1.2.1i2 Check_MK uses a new cookie format. To be able
+; to use this, you need to define a new option called logon_multisite_serials
+; which points to the auth.serial file generated by Check_MK.
+; Special options for this module:
;
; logon_multisite_htpasswd="/path/to/htpasswd"
+; logon_multisite_serials="/path/to/auth.serials"
; logon_multisite_secret="/path/to/auth.secret"
; logon_multisite_createuser="1"
; logon_multisite_createrole="Guests"
;
-; LogonMultisite121: This module uses the authentication provided by auth_*
cookies
-; which have been generated by Check_MK multisite 1.2.1i2 or newer when
using the
-; cookie based authentication. Special options for this module:
-;
-; logon_multisite_profiles="/path/to/multisite/user/profiles"
-; logon_multisite_secret="/path/to/auth.secret"
-; logon_multisite_createuser="1"
-; logon_multisite_createrole="Guests"
-;
-;
;logonmodule="LogonMixed"
;logonenvvar="REMOTE_USER"
;logonenvcreateuser="1"
diff --git a/share/server/core/classes/CoreLogonMultisite.php
b/share/server/core/classes/CoreLogonMultisite.php
index 322b839..62e72ed 100644
--- a/share/server/core/classes/CoreLogonMultisite.php
+++ b/share/server/core/classes/CoreLogonMultisite.php
@@ -24,29 +24,43 @@
*****************************************************************************/
class CoreLogonMultisite extends CoreLogonModule {
- private $htpasswdPath;
- private $secretPath;
+ private $htpasswdPath;
+ private $serialsPath;
+ private $secretPath;
+ private $authFile;
public function __construct() {
$this->htpasswdPath = cfg('global', 'logon_multisite_htpasswd');
+ $this->serialsPath = cfg('global', 'logon_multisite_serials');
$this->secretPath = cfg('global', 'logon_multisite_secret');
- if(!file_exists($this->htpasswdPath)) {
- throw new NagVisException(l('LogonMultisite: The htpasswd file
"[PATH]" does not exist.',
- array('PATH' => $this->htpasswdPath)));
+ // When the auth.serial file exists, use this instead of the htpasswd
+ // for validating the cookie. The structure of the file is equal, so
+ // the same code can be used.
+ if(file_exists($this->serialsPath)) {
+ $this->authFile = 'serial';
+
+ } elseif(file_exists($this->htpasswdPath)) {
+ $this->authFile = 'htpasswd';
+
+ } else {
+ throw new NagVisException(l('LogonMultisite: The htpasswd file
"[HTPASSWD]" or '
+ .'the authentication serial file
"[SERIAL]" do not exist.',
+ array('HTPASSWD' => $this->htpasswdPath, 'SERIAL' =>
$this->serialsPath)));
}
+
if(!file_exists($this->secretPath)) {
$this->redirectToLogin();
- //throw new NagVisException(l('LogonMultisite: The auth secret
file "[PATH]" does not exist.',
- // array('PATH' => $this->secretPath)));
}
}
- private function loadHtpasswd() {
+ private function loadAuthFile($path) {
$creds = array();
- foreach(file($this->htpasswdPath) AS $line) {
- list($username, $pwhash) = explode(':', $line, 2);
- $creds[$username] = rtrim($pwhash);
+ foreach(file($path) AS $line) {
+ if(strpos($line, ':') !== false) {
+ list($username, $secret) = explode(':', $line, 2);
+ $creds[$username] = rtrim($secret);
+ }
}
return $creds;
}
@@ -55,9 +69,9 @@ class CoreLogonMultisite extends CoreLogonModule {
return trim(file_get_contents($this->secretPath));
}
- private function generateHash($username, $now, $pwhash) {
+ private function generateHash($username, $now, $user_secret) {
$secret = $this->loadSecret();
- return md5($username . $now . $pwhash . $secret);
+ return md5($username . $now . $user_secret . $secret);
}
private function checkAuthCookie($cookieName) {
@@ -67,16 +81,18 @@ class CoreLogonMultisite extends CoreLogonModule {
list($username, $issueTime, $cookieHash) = explode(':',
$_COOKIE[$cookieName], 3);
- // FIXME: Check expire time?
-
- $users = $this->loadHtpasswd();
+ if($this->authFile == 'htpasswd')
+ $users = $this->loadAuthFile($this->htpasswdPath);
+ else
+ $users = $this->loadAuthFile($this->serialsPath);
+
if(!isset($users[$username])) {
throw new Exception();
}
- $pwhash = $users[$username];
+ $user_secret = $users[$username];
// Validate the hash
- if($cookieHash != $this->generateHash($username, $issueTime, $pwhash))
{
+ if($cookieHash != $this->generateHash($username, $issueTime, (string)
$user_secret)) {
throw new Exception();
}
diff --git a/share/server/core/classes/GlobalMainCfg.php
b/share/server/core/classes/GlobalMainCfg.php
index b942abe..b63f707 100644
--- a/share/server/core/classes/GlobalMainCfg.php
+++ b/share/server/core/classes/GlobalMainCfg.php
@@ -185,12 +185,12 @@ class GlobalMainCfg {
'depends_value' => 'LogonMultisite',
'match' => MATCH_STRING_PATH,
),
- 'logon_multisite_profiles' => Array(
+ 'logon_multisite_serials' => Array(
'must' => 0,
'editable' => 1,
'default' => '',
'depends_on' => 'logonmodule',
- 'depends_value' => 'LogonMultisite121',
+ 'depends_value' => 'LogonMultisite',
'match' => MATCH_STRING_PATH,
),
'logon_multisite_secret' => Array(
------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Nagvis-checkins mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nagvis-checkins
