def _action(self) -> None: assert user.id is not None users = userdb.load_users(lock=True) user_spec = users[user.id] cur_password = request.get_str_input_mandatory("cur_password") password = request.get_str_input_mandatory("password") password2 = request.get_str_input_mandatory("password2", "") # Force change pw mode if not cur_password: raise MKUserError("cur_password", _("You need to provide your current password.")) if not password: raise MKUserError("password", _("You need to change your password.")) if cur_password == password: raise MKUserError("password", _("The new password must differ from your current one.")) if userdb.check_credentials(user.id, cur_password) is False: raise MKUserError("cur_password", _("Your old password is wrong.")) if password2 and password != password2: raise MKUserError("password2", _("The both new passwords do not match.")) watolib.verify_password_policy(password) user_spec["password"] = hash_password(password) user_spec["last_pw_change"] = int(time.time()) # In case the user was enforced to change it's password, remove the flag try: del user_spec["enforce_pw_change"] except KeyError: pass # Increase serial to invalidate old authentication cookies if "serial" not in user_spec: user_spec["serial"] = 1 else: user_spec["serial"] += 1 userdb.save_users(users) flash(_("Successfully changed password.")) # Set the new cookie to prevent logout for the current user login.update_auth_cookie(user.id) # In distributed setups with remote sites where the user can login, start the # user profile replication now which will redirect the user to the destination # page after completion. Otherwise directly open up the destination page. origtarget = request.get_str_input_mandatory("_origtarget", "user_change_pw.py") if user.authorized_login_sites(): raise redirect( makeuri_contextless( request, [("back", origtarget)], filename="user_profile_replicate.py" ) ) raise redirect(origtarget)
def ajax_tree_openclose() -> None: tree = request.get_str_input_mandatory("tree") name = request.get_str_input_mandatory("name") user.set_tree_state(tree, name, request.get_str_input("state")) user.save_tree_states() response.set_data("OK") # Write out something to make debugging easier
def page(self) -> PageResult: """ Determines the hosts to be shown """ config.user.need_permission("general.parent_child_topology") topology_settings = TopologySettings() if request.var("filled_in"): # Parameters from the check_mk filters topology_settings.growth_root_nodes = self._get_hostnames_from_filters( ) elif request.var("host_name"): # Explicit host_name. Used by icon linking to Topology topology_settings.growth_root_nodes = { request.get_str_input_mandatory("host_name") } else: # Default page without further context topology_settings.growth_root_nodes = self._get_default_view_hostnames( topology_settings.growth_auto_max_nodes) if request.has_var("topology_settings"): # These parameters are usually generated within javascript through user interactions try: settings_from_var = json.loads( request.get_str_input_mandatory("topology_settings")) for key, value in settings_from_var.items(): setattr(topology_settings, key, value) except (TypeError, ValueError): raise MKGeneralException( _("Invalid topology_settings %r") % topology_settings) self.show_topology(topology_settings)
def ajax_set_rowselection() -> None: ident = request.get_str_input_mandatory('id') action = request.get_str_input_mandatory('action', 'set') if action not in ['add', 'del', 'set', 'unset']: raise MKUserError(None, _('Invalid action')) rows = request.get_str_input_mandatory('rows', '').split(',') config.user.set_rowselection(selection_id(), ident, rows, action)
def ajax_set_rowselection() -> None: ident = request.get_str_input_mandatory("id") action = request.get_str_input_mandatory("action", "set") if action not in ["add", "del", "set", "unset"]: raise MKUserError(None, _("Invalid action")) rows = request.get_str_input_mandatory("rows", "").split(",") user.set_rowselection(selection_id(), ident, rows, action)
def _ajax_speedometer(self): response.set_content_type("application/json") try: # Try to get values from last call in order to compute # driftig speedometer-needle and to reuse the scheduled # check reate. # TODO: Do we need a get_float_input_mandatory? last_perc = float(request.get_str_input_mandatory("last_perc")) scheduled_rate = float( request.get_str_input_mandatory("scheduled_rate")) last_program_start = request.get_integer_input_mandatory( "program_start") # Get the current rates and the program start time. If there # are more than one site, we simply add the start times. data = sites.live().query_summed_stats( "GET status\n" "Columns: service_checks_rate program_start") current_rate = data[0] program_start = data[1] # Recompute the scheduled_rate only if it is not known (first call) # or if one of the sites has been restarted. The computed value cannot # change during the monitoring since it just reflects the configuration. # That way we save CPU resources since the computation of the # scheduled checks rate needs to loop over all hosts and services. if last_program_start != program_start: # These days, we configure the correct check interval for Checkmk checks. # We do this correctly for active and for passive ones. So we can simply # use the check_interval of all services. Hosts checks are ignored. # # Manually added services without check_interval could be a problem, but # we have no control there. scheduled_rate = (sites.live().query_summed_stats( "GET services\n" "Stats: suminv check_interval\n")[0] / 60.0) percentage = 100.0 * current_rate / scheduled_rate title = _( "Scheduled service check rate: %.1f/s, current rate: %.1f/s, that is " "%.0f%% of the scheduled rate") % (scheduled_rate, current_rate, percentage) except Exception as e: scheduled_rate = 0.0 program_start = 0 percentage = 0 last_perc = 0.0 title = _("No performance data: %s") % e response.set_data( json.dumps({ "scheduled_rate": scheduled_rate, "program_start": program_start, "percentage": percentage, "last_perc": last_perc, "title": title, }))
def _execute_cmk_automation(self): cmk_command = request.get_str_input_mandatory("automation") args = watolib.mk_eval(request.get_str_input_mandatory("arguments")) indata = watolib.mk_eval(request.get_str_input_mandatory("indata")) stdin_data = watolib.mk_eval(request.get_str_input_mandatory("stdin_data")) timeout = watolib.mk_eval(request.get_str_input_mandatory("timeout")) result = watolib.check_mk_local_automation(cmk_command, args, indata, stdin_data, timeout) # Don't use write_text() here (not needed, because no HTML document is rendered) response.set_data(repr(result))
def recover_pre_2_1_range_filter_request_vars(query: query_filters.NumberRangeQuery): """Some range filters used the _to suffix instead of the standard _until. Do inverse translation to search for this request vars.""" request_var_match = ((var, re.sub("_until(_|$)", "_to\\1", var)) for var in query.request_vars) return { current_var: ( request.get_str_input_mandatory(current_var, "") or request.get_str_input_mandatory(old_var, "") ) for current_var, old_var in request_var_match }
def page_graph_dashlet() -> None: spec = request.var("spec") if not spec: raise MKUserError("spec", _("Missing spec parameter")) graph_identification = json.loads(request.get_str_input_mandatory("spec")) render = request.var("render") if not render: raise MKUserError("render", _("Missing render parameter")) custom_graph_render_options = json.loads(request.get_str_input_mandatory("render")) host_service_graph_dashlet_cmk(graph_identification, custom_graph_render_options)
def _check_auth_automation() -> UserId: secret = request.get_str_input_mandatory("_secret", "").strip() user_id = request.get_str_input_mandatory("_username", "") user_id = UserId(user_id.strip()) request.del_var_from_env("_username") request.del_var_from_env("_secret") if verify_automation_secret(user_id, secret): # Auth with automation secret succeeded - mark transid as unneeded in this case transactions.ignore() set_auth_type("automation") return user_id raise MKAuthException(_("Invalid automation secret for user %s") % user_id)
def _from_vars(self): self._hostname = self._vs_host().from_html_vars("host") self._vs_host().validate_value(self._hostname, "host") # TODO: validate all fields self._item = request.get_str_input_mandatory("file", "") self._match_txt = request.get_str_input_mandatory("match", "") self._host = watolib.Folder.current().host(self._hostname) if self._hostname and not self._host: raise MKUserError(None, _("This host does not exist.")) if self._item and not self._hostname: raise MKUserError(None, _("You need to specify a host name to test file matching."))
def _file_path(self, file_id: Optional[str] = None) -> Path: if file_id is None: file_id = request.get_str_input_mandatory("file_id") if not file_id.isalnum(): raise MKUserError("file_id", _("The file_id has to be alphanumeric.")) return self._upload_tmp_path / ("%s.csv" % file_id)
def _get_time_range_of(self, what: str) -> Union[None, int, float]: varprefix = self.ident + "_" + what rangename = request.var(varprefix + "_range") if rangename == "abs": try: return time.mktime( time.strptime(request.get_str_input_mandatory(varprefix), "%Y-%m-%d")) except Exception: user_errors.add( MKUserError( varprefix, _("Please enter the date in the format YYYY-MM-DD."))) return None if rangename == "unix": return request.get_integer_input_mandatory(varprefix) if rangename is None: return None try: count = request.get_integer_input_mandatory(varprefix) secs = count * int(rangename) return int(time.time()) - secs except Exception: request.set_var(varprefix, "") return None
def filter(self, infoname): self.check_wato_data_update() folder = request.get_str_input_mandatory(self.ident, "") if folder: return "Filter: host_filename %s\n" % _wato_folders_to_lq_regex( folder) return ""
def _get_api_call() -> APICallDefinitionDict: action = request.get_str_input_mandatory("action") for cls in api_call_collection_registry.values(): api_call = cls().get_api_calls().get(action) if api_call: return api_call raise MKUserError(None, "Unknown API action %s" % escaping.escape_attribute(action))
def _ajax_tag_tree_enter(self): response.set_content_type("application/json") self._load() path = request.get_str_input_mandatory("path").split("|") if request.var("path") else [] self._cwds[self._current_tree_id] = path self._save_user_settings() response.set_data("OK")
def value(self) -> FilterHTTPVariables: """Returns the current representation of the filter settings from the HTML var context. This can be used to persist the filter settings.""" return { varname: request.get_str_input_mandatory(varname, "") for varname in self.htmlvars }
def show(self, view: "View", rows: Rows) -> None: csv_separator = request.get_str_input_mandatory("csv_separator", ";") first = True resp = [] for cell in view.group_cells + view.row_cells: if first: first = False else: resp.append(csv_separator) title = cell.export_title() resp.append('"%s"' % self._format_for_csv(title)) for row in rows: resp.append("\n") first = True for cell in view.group_cells + view.row_cells: if first: first = False else: resp.append(csv_separator) joined_row = join_row(row, cell) content = cell.render_for_export(joined_row) resp.append('"%s"' % self._format_for_csv(content)) response.set_data("".join(resp))
def page_api() -> None: try: if not request.has_var("output_format"): response.set_content_type("application/json") output_format = "json" else: output_format = request.get_ascii_input_mandatory( "output_format", "json").lower() if output_format not in _FORMATTERS: response.set_content_type("text/plain") raise MKUserError( None, "Only %s are supported as output formats" % " and ".join('"%s"' % f for f in _FORMATTERS), ) # TODO: Add some kind of helper for boolean-valued variables? pretty_print = False pretty_print_var = request.get_str_input_mandatory( "pretty_print", "no").lower() if pretty_print_var not in ("yes", "no"): raise MKUserError(None, 'pretty_print must be "yes" or "no"') pretty_print = pretty_print_var == "yes" api_call = _get_api_call() _check_permissions(api_call) request_object = _get_request(api_call) _check_formats(output_format, api_call, request_object) _check_request_keys(api_call, request_object) resp = _execute_action(api_call, request_object) except MKAuthException as e: resp = { "result_code": 1, "result": _("Authorization Error. Insufficent permissions for '%s'") % e, } except MKException as e: resp = { "result_code": 1, "result": _("Checkmk exception: %s\n%s") % (e, "".join(traceback.format_exc())), } except Exception: if active_config.debug: raise logger.exception("error handling web API call") resp = { "result_code": 1, "result": _("Unhandled exception: %s") % traceback.format_exc(), } response.set_data( _FORMATTERS[output_format][1 if pretty_print else 0](resp))
def page(self) -> AjaxPageResult: try: name = request.get_str_input_mandatory("name") url = makeuri_contextless(request, [("name", name)], "dashboard.py") cmk.gui.utils.validate_start_url(url, "") _set_user_attribute("start_url", repr(url)) except Exception: raise MKUserError(None, _("Failed to set start URL")) return {}
def page(self): settings = json.loads(request.get_str_input_mandatory("settings")) try: dashlet_type = cast(Type[ABCFigureDashlet], dashlet_registry[settings.get("type")]) except KeyError: raise MKUserError("type", _('The requested element type does not exist.')) settings = dashlet_vs_general_settings( dashlet_type, dashlet_type.single_infos()).value_from_json(settings) raw_properties = request.get_str_input_mandatory("properties") properties = dashlet_type.vs_parameters().value_from_json(json.loads(raw_properties)) context = json.loads(request.get_str_input_mandatory("context", "{}")) # Inject the infos because the datagenerator is a separate instance to dashlet settings["infos"] = dashlet_type.infos() response_data = dashlet_type.generate_response_data(properties, context, settings) return create_figures_response(response_data)
def robotmk_report_page() -> cmk.gui.pages.PageResult: """Renders the content of the RobotMK html log file""" site_id, host_name, service_description = _get_mandatory_request_vars() report_type: str = request.get_str_input_mandatory("report_type") content = _get_html_from_livestatus(report_type, site_id, host_name, service_description) html_content = _get_cleaned_html_content(content[0].decode("utf-8")) html.write_html(html_content)
def infos(self): # Hack for create mode of dashlet editor. The user first selects a datasource and then the # single contexts, the dashlet editor needs to use these information. if requested_file_name(request) == "edit_dashlet" and request.has_var( "datasource"): ds_name = request.get_str_input_mandatory("datasource") return views.data_source_registry[ds_name]().infos return self._get_infos_from_view_spec(self._dashlet_spec)
def ajax_save_treestate(): path_id = request.get_str_input_mandatory("path") current_ex_level_str, path = path_id.split(":", 1) current_ex_level = int(current_ex_level_str) if user.bi_expansion_level != current_ex_level: user.set_tree_states("bi", {}) user.set_tree_state("bi", path, request.var("state") == "open") user.save_tree_states() user.bi_expansion_level = current_ex_level
def page(self): # To prevent mixups in written files we use the same lock here as for # the normal WATO page processing. This might not be needed for some # special automation requests, like inventory e.g., but to keep it simple, # we request the lock in all cases. lock_config = not (self._command == "checkmk-automation" and request.get_str_input_mandatory("automation") == "active-check") with store.lock_checkmk_configuration( ) if lock_config else nullcontext(): self._execute_automation()
def _execute_cmk_automation(self): cmk_command = request.get_str_input_mandatory("automation") args = watolib.mk_eval(request.get_str_input_mandatory("arguments")) indata = watolib.mk_eval(request.get_str_input_mandatory("indata")) stdin_data = watolib.mk_eval( request.get_str_input_mandatory("stdin_data")) timeout = watolib.mk_eval(request.get_str_input_mandatory("timeout")) cmdline_cmd, serialized_result = watolib.check_mk_local_automation_serialized( command=cmk_command, args=args, indata=indata, stdin_data=stdin_data, timeout=timeout, ) # Don't use write_text() here (not needed, because no HTML document is rendered) response.set_data( self._format_cmk_automation_result( serialized_result=SerializedResult(serialized_result), cmk_command=cmk_command, cmdline_cmd=cmdline_cmd, ))
def ajax_graph(): response.set_content_type("application/json") try: context_var = request.get_str_input_mandatory("context") context = json.loads(context_var) response_data = render_ajax_graph(context) response.set_data(json.dumps(response_data)) except Exception as e: logger.error("Ajax call ajax_graph.py failed: %s\n%s", e, traceback.format_exc()) if config.debug: raise response.set_data("ERROR: %s" % e)
def ajax_snapin(): """Renders and returns the contents of the requested sidebar snapin(s) in JSON format""" response.set_content_type("application/json") user_config = UserSidebarConfig(user, config.sidebar) snapin_id = request.var("name") snapin_ids = ([snapin_id] if snapin_id else request.get_str_input_mandatory("names", "").split(",")) snapin_code: List[str] = [] for snapin_id in snapin_ids: try: snapin_instance = user_config.get_snapin(snapin_id).snapin_type() except KeyError: continue # Skip not existing snapins if not snapin_instance.may_see(): continue # When restart snapins are about to be refreshed, only render # them, when the core has been restarted after their initial # rendering if not snapin_instance.refresh_regularly( ) and snapin_instance.refresh_on_restart(): since = request.get_float_input_mandatory("since", 0) newest = since for site in sites.states().values(): prog_start = site.get("program_start", 0) if prog_start > newest: newest = prog_start if newest <= since: # no restart snapin_code.append("") continue with output_funnel.plugged(): try: snapin_instance.show() except Exception as e: write_snapin_exception(e) e_message = ( _("Exception during element refresh (element '%s')") % snapin_instance.type_name()) logger.error("%s %s: %s", request.requested_url, e_message, traceback.format_exc()) finally: snapin_code.append(output_funnel.drain()) response.set_data(json.dumps(snapin_code))
def selection_id() -> str: """Generates a selection id or uses the given one""" if not request.has_var('selection'): sel_id = utils.gen_id() request.set_var('selection', sel_id) return sel_id sel_id = request.get_str_input_mandatory('selection') # Avoid illegal file access by introducing .. or / if not re.match("^[-0-9a-zA-Z]+$", sel_id): new_id = utils.gen_id() request.set_var('selection', new_id) return new_id return sel_id
def _evaluate_user_opts(self) -> Tuple[TableRows, bool, Optional[str]]: assert self.id is not None table_id = self.id rows = self.rows search_term = None actions_enabled = self.options["searchable"] or self.options["sortable"] if not actions_enabled: return rows, False, None table_opts = user.tableoptions.setdefault(table_id, {}) # Handle the initial visibility of the actions actions_visible = table_opts.get("actions_visible", False) if request.get_ascii_input("_%s_actions" % table_id): actions_visible = request.get_ascii_input("_%s_actions" % table_id) == "1" table_opts["actions_visible"] = actions_visible if self.options["searchable"]: search_term = request.get_str_input_mandatory("search", "") # Search is always lower case -> case insensitive search_term = search_term.lower() if search_term: request.set_var("search", search_term) rows = _filter_rows(rows, search_term) if request.get_ascii_input("_%s_reset_sorting" % table_id): request.del_var("_%s_sort" % table_id) if "sort" in table_opts: del table_opts["sort"] # persist if self.options["sortable"]: # Now apply eventual sorting settings sort = self._get_sort_column(table_opts) if sort is not None: request.set_var("_%s_sort" % table_id, sort) table_opts["sort"] = sort # persist sort_col, sort_reverse = map(int, sort.split(",", 1)) rows = _sort_rows(rows, sort_col, sort_reverse) if actions_enabled: user.save_tableoptions() return rows, actions_visible, search_term