We've moved to a new support system!

The Nagios Answer Hub is a place where you can get help with technical questions from our experts. There, you can quickly open tickets and join discussion boards.

Request Nagios Answer Hub access here: https://info.nagios.com/answer-hub-access-new-users

After completing the access form, you will be given access to a portal where new tickets can be created. We will keep the old customer forum sections and ticket system available for current cases to be resolved.

Go to the Answer Hub

[Nagios-devel] Bug: default_user_name broken (patch included)

Engage with the community of users including those using the open source solutions.
Includes Nagios Core, Plugins, and NCPA

[Nagios-devel] Bug: default_user_name broken (patch included)

Postby Guest » Thu Apr 25, 2002 7:10 pm

I've been working on setting up Nagios 1.0a7 on our internal network, and I
noticed that the default_user_name option in cgi.cfg is broken. In
cgi/auth.c:123, the current username is set to "?" if authentication isn't
being used, but later the default_user_name is used only if the current
username is the empty string (""). The only time the default_user_name will
be used is if malloc() fails! Here's the code snippet:

----cgi/auth.c:123---
/* grab username from the environment... */
temp_ptr=getenv("REMOTE_USER");
if(temp_ptr==NULL){
authinfo->username="?";
authinfo->authenticated=FALSE;
}
else{
authinfo->username=(char *)malloc(strlen(temp_ptr)+1);
if(authinfo->username==NULL)
authinfo->username=""; <--- only place username is
set to ""--when malloc fails!
else
strcpy(authinfo->username,temp_ptr);
if(!strcmp(authinfo->username,"")){
authinfo->username="?";
authinfo->authenticated=FALSE;
}
else
authinfo->authenticated=TRUE;
}



---> if(!strcmp(authinfo->username,"") &&
strstr(input_buffer,"default_user_name=")==input_buffer){
temp_ptr=strtok(input_buffer,"=");
temp_ptr=strtok(NULL,",");
authinfo->username=(char
*)malloc(strlen(temp_ptr)+1);
if(authinfo->username==NULL)
authinfo->username="";
else
strcpy(authinfo->username,temp_ptr);
if(!strcmp(authinfo->username,""))
authinfo->authenticated=FALSE;
else
authinfo->authenticated=TRUE;
}
----end snippet----

A simple patch is included below--it just checks authinfo->username against
"?" instead of "". I've tested it out, and it works for me. A better way
might be to check if authinfo->authenticated is FALSE--I'll leave the choice
up to whoever checks it in.

- Bradey


--------
diff -ruN nagios-1.0a7/cgi/auth.c nagios-1.0a7-patched/cgi/auth.c
--- nagios-1.0a7/cgi/auth.c Wed Mar 6 17:34:32 2002
+++ nagios-1.0a7-patched/cgi/auth.c Wed Apr 24 20:15:22 2002
@@ -120,7 +120,7 @@
strip(input_buffer);

/* we don't have a username yet, so fake the
authentication if we find a default username defined */
- if(!strcmp(authinfo->username,"") &&
strstr(input_buffer,"default_user_name=")==input_buffer){
+ if(!strcmp(authinfo->username,"?") &&
strstr(input_buffer,"default_user_name=")==input_buffer){
temp_ptr=strtok(input_buffer,"=");
temp_ptr=strtok(NULL,",");
authinfo->username=(char
*)malloc(strlen(temp_ptr)+1);





This post was automatically imported from historical nagios-devel mailing list archives
Original poster: Bradey.Honsinger@construx.com
Guest
 

Return to Community Support

Who is online

Users browsing this forum: Google [Bot] and 22 guests