tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

* use dedicated permissions namespace for scriptframe in filterutility to allow proper parallel execution 

* fixes issue https://github.com/Icinga/icinga2/issues/6785 where permission checks get wrong result because permissions checks are done within a shared namespaces without using only unique keys
  * mitigates issue https://github.com/Icinga/icinga2/issues/6874 where segmentation faults occur because of concurrent access to non threadsafe parts of namespace (a fix for thread safety of namespaces which would be an alternative approach to get rid of these segfaults is out of scope of this fix as 6785 needs to be fixed anyway and this is the straight-forwards) way to fix that
* do the same for eventqueue (not certain whether events can be processed in parallel but I expect it is the case)
This commit is contained in:
Elias Ohm 2019-04-12 08:10:57 +02:00
parent 973b03dcb2
commit 1e7cd4afc8
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/remote/eventqueue.cpp
View File

@ -23,7 +23,8 @@ bool EventQueue::CanProcessEvent(const String& type) const
void EventQueue::ProcessEvent(const Dictionary::Ptr& event)
{
ScriptFrame frame(true);
Namespace::Ptr frameNS = new Namespace();
ScriptFrame frame(true, frameNS);
frame.Sandboxed = true;
try {

3
lib/remote/filterutility.cpp
View File

@ -188,7 +188,8 @@ std::vector<Value> FilterUtility::GetFilterTargets(const QueryDescription& qd, c
Expression *permissionFilter;
CheckPermission(user, qd.Permission, &permissionFilter);
ScriptFrame permissionFrame(true);
Namespace::Ptr permissionFrameNS = new Namespace();
ScriptFrame permissionFrame(true, permissionFrameNS);
for (const String& type : qd.Types) {
String attr = type;