Segregation of networks

[Robert Nelson]

> > Yes, except most add-ons like grouplist.cgi ignore 
> authentication and 
> > create the same left-hand menu for every user. Now, not 
> only are all 
> > the groups still listed there, but the majority of them appear blank
> > to the user.   
> 
> Sounds like bad or incomplete design on the part of whoever 
> wrote grouplist.cgi ;)
> 
> > 
> > I've got the authentication in place, I've even hacked a few HTML 
> > pages together so that a specific user can only see their 
> authorized 
> > hosts, but I do that by taking away the menu. I'd basically like to 
> > make two versions of the Nagios Web UI but still maintained by one
> > set of config files on the backend. Does that make any sense?    
> 
> Yes, it makes sense but you'll probably have better luck 
> fixing grouplist.cgi to follow the nagios contacts paradigm 
> than munging nagios to fix a borked addon. It sounds like 
> grouplist.cgi looks at the cfg files directly so as long as 
> you maintain one set of config files you're still going to 
> have the problem no matter how many different front ends you create.
> 
> For the record, I've never used grouplist.cgi so I don't know 
> if the behavior you're seeing is a design decision, a bug or 
> a configuration issue. I would hope that any addon to nagios 
> would respect the most basic behaviors of the program.

If I knew how to hack grouplist.cgi to check what groups the user is
authorized for, I would. As a user, IMO, this is one place where session
info instead of .htaccess would make things a LOT easier. I'm sure that
would make something else plenty more difficult though ;)

Since I'm going to have to hack the HTML anyway, if someone has a
pointer to where I can look to make this work, I'd appreciate it. The
snippet of code that grouplist currently uses to determine the groups is
pretty basic:

==========
#Get files and dirs
CFGFILES=`egrep -e "^cfg_file=" $NAGIOSDIR/etc/nagios.cfg|cut -d "=" -f
2`
CFGDIRS=`egrep -e "^cfg_dir=" $NAGIOSDIR/etc/nagios.cfg|cut -d "=" -f 2`

#add files in cfg_dir's to filelist
for CFGDIR in $CFGDIRS; do
        CFGFILES="$CFGFILES `ls $CFGDIR/*.cfg` "
done

GROUPLIST=""

# Get groupnames from files
for CFGFILE in `echo $CFGFILES`; do
        if [ -f $CFGFILE ]; then
                HOSTGROUPS=`egrep -e "hostgroup_name" $CFGFILE|awk
'{print $2}'|
 tr "," " "`
                GROUPLIST="$GROUPLIST $HOSTGROUPS"
        fi
Done

#Sort and remove duplicated names
GROUPLIST=`echo $GROUPLIST|tr " " "\n"|sort|uniq`
==========

Once it does that, then it builds an appropriate set of links, with the
text for each link being the name of the hostgroup. To my not-very-good
programmer's eye, the code does not appear to have been built to do
anything with htpasswd, since it doesn't do much other than look at the
"hostgroup_name" statements. Am I wrong?


Rob Nelson
Network Engineer
Windchannel Communications
919-538-6326 


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null