[pkg-nagios-changes] [Git][nagios-team/pkg-nagvis][upstream] New upstream version 1.9.23
Bas Couwenberg
gitlab at salsa.debian.org
Thu Oct 1 05:11:46 BST 2020
Bas Couwenberg pushed to branch upstream at Debian Nagios Maintainer Group / pkg-nagvis
Commits:
e2ec3065 by Bas Couwenberg at 2020-10-01T06:04:43+02:00
New upstream version 1.9.23
- - - - -
3 changed files:
- ChangeLog
- share/server/core/classes/CoreLogonMultisite.php
- share/server/core/defines/global.php
Changes:
=====================================
ChangeLog
=====================================
@@ -1,3 +1,7 @@
+1.9.23
+Frontend:
+ * Make NagVis compatible with Checkmk 2.0 auth cookies
+
1.9.22
Core:
* FIX: Fix error handling of DB backends when DB opening failed
=====================================
share/server/core/classes/CoreLogonMultisite.php
=====================================
@@ -69,9 +69,14 @@ class CoreLogonMultisite extends CoreLogonModule {
return trim(file_get_contents($this->secretPath));
}
- private function generateHash($username, $now, $user_secret) {
+ private function generateHash($username, $session_id, $user_secret) {
$secret = $this->loadSecret();
- return md5($username . $now . $user_secret . $secret);
+ return hash("sha256", $username . $session_id. $user_secret . $secret);
+ }
+
+ private function generatePre20Hash($username, $issue_time, $user_secret) {
+ $secret = $this->loadSecret();
+ return md5($username . $issue_time . $user_secret . $secret);
}
private function checkAuthCookie($cookieName) {
@@ -83,7 +88,8 @@ class CoreLogonMultisite extends CoreLogonModule {
// (e.g. when @ signs are found in the value)
$cookieValue = trim($_COOKIE[$cookieName], '"');
- list($username, $issueTime, $cookieHash) = explode(':', $cookieValue, 3);
+ // 2nd field is "issue time" in pre 2.0 cookies. Now it's the session ID
+ list($username, $sessionId, $cookieHash) = explode(':', $cookieValue, 3);
if($this->authFile == 'htpasswd')
$users = $this->loadAuthFile($this->htpasswdPath);
@@ -95,8 +101,20 @@ class CoreLogonMultisite extends CoreLogonModule {
}
$user_secret = $users[$username];
+ // Checkmk 2.0 changed the following:
+ // a) 2nd field from "issue time" to session ID
+ // b) 3rd field from md5 hash to sha256 hash
+ // NagVis is used with older and newer Checkmk versions. Be compatible
+ // to both cookie formats.
+ $is_pre_20_cookie = strlen($cookieHash) == 32;
+
+ if ($is_pre_20_cookie)
+ $hash = $this->generatePre20Hash($username, $sessionId, (string) $user_secret);
+ else
+ $hash = $this->generateHash($username, $sessionId, (string) $user_secret);
+
// Validate the hash
- if($cookieHash != $this->generateHash($username, $issueTime, (string) $user_secret)) {
+ if ($cookieHash != $hash) {
throw new Exception();
}
=====================================
share/server/core/defines/global.php
=====================================
@@ -23,7 +23,7 @@
*****************************************************************************/
// NagVis Version
-define('CONST_VERSION', '1.9.22');
+define('CONST_VERSION', '1.9.23');
// Set PHP error handling to standard level
// Different levels for php versions below 5.1 because PHP 5.1 reports
View it on GitLab: https://salsa.debian.org/nagios-team/pkg-nagvis/-/commit/e2ec30654069b28c19d4c96fb8aecc93a9076b2a
--
View it on GitLab: https://salsa.debian.org/nagios-team/pkg-nagvis/-/commit/e2ec30654069b28c19d4c96fb8aecc93a9076b2a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-nagios-changes/attachments/20201001/6f94aa88/attachment-0001.html>
More information about the pkg-nagios-changes
mailing list