From 102f14f41e3f913967fc0207c8e9435c19dbd9b2 Mon Sep 17 00:00:00 2001 From: Mattia Codato Date: Mon, 8 Feb 2021 17:25:43 +0100 Subject: [PATCH] Fix update execution message discarded refs #8616 --- lib/icinga/apiactions.cpp | 1 + lib/icinga/clusterevents.cpp | 23 ++++++++++++++++------- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/lib/icinga/apiactions.cpp b/lib/icinga/apiactions.cpp index 3f18c1fc4d2..7a22da21d52 100644 --- a/lib/icinga/apiactions.cpp +++ b/lib/icinga/apiactions.cpp @@ -798,6 +798,7 @@ Dictionary::Ptr ApiActions::ExecuteCommand(const ConfigObject::Ptr& object, cons Dictionary::Ptr pending_execution = new Dictionary(); pending_execution->Set("pending", true); pending_execution->Set("deadline", deadline); + pending_execution->Set("endpoint", resolved_endpoint); Dictionary::Ptr executions = checkable->GetExecutions(); if (!executions) diff --git a/lib/icinga/clusterevents.cpp b/lib/icinga/clusterevents.cpp index e8f9bde2a5d..95c90f2c37b 100644 --- a/lib/icinga/clusterevents.cpp +++ b/lib/icinga/clusterevents.cpp @@ -1154,13 +1154,6 @@ Value ClusterEvents::ExecutedCommandAPIHandler(const MessageOrigin::Ptr& origin, ObjectLock oLock (checkable); - if (origin->FromZone && !origin->FromZone->CanAccessObject(checkable)) { - Log(LogNotice, "ClusterEvents") - << "Discarding 'update executions API handler' message for checkable '" << checkable->GetName() - << "' from '" << origin->FromClient->GetIdentity() << "': Unauthorized access."; - return Empty; - } - if (!params->Contains("execution")) { Log(LogNotice, "ClusterEvents") << "Discarding 'update executions API handler' message for checkable '" << checkable->GetName() @@ -1188,6 +1181,22 @@ Value ClusterEvents::ExecutedCommandAPIHandler(const MessageOrigin::Ptr& origin, return Empty; } + Endpoint::Ptr command_endpoint = Endpoint::GetByName(execution->Get("endpoint")); + if (!command_endpoint) { + Log(LogNotice, "ClusterEvents") + << "Discarding 'update executions API handler' message from '" << origin->FromClient->GetIdentity() + << "': Command endpoint does not exists."; + + return Empty; + } + + if (origin->FromZone && !origin->FromZone->CanAccessObject(command_endpoint->GetZone())) { + Log(LogNotice, "ClusterEvents") + << "Discarding 'update executions API handler' message for checkable '" << checkable->GetName() + << "' from '" << origin->FromClient->GetIdentity() << "': Unauthorized access."; + return Empty; + } + if (params->Contains("exit")) execution->Set("exit", params->Get("exit"));