z

Commercial Support Clients: Clients with support contracts can get escalated support assistance by visiting Nagios Answer Hub. These forums are for community support services. Although we at Nagios try our best to help out on the forums here, we always give priority support to our support clients.

[Nagios-devel] Bug: default_user_name broken (patch included)

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.

[Nagios-devel] Bug: default_user_name broken (patch included)

Postby Guest » Thu Apr 25, 2002 7:10 pm

I've been working on setting up Nagios 1.0a7 on our internal network, and I
noticed that the default_user_name option in cgi.cfg is broken. In
cgi/auth.c:123, the current username is set to "?" if authentication isn't
being used, but later the default_user_name is used only if the current
username is the empty string (""). The only time the default_user_name will
be used is if malloc() fails! Here's the code snippet:

----cgi/auth.c:123---
/* grab username from the environment... */
temp_ptr=getenv("REMOTE_USER");
if(temp_ptr==NULL){
authinfo->username="?";
authinfo->authenticated=FALSE;
}
else{
authinfo->username=(char *)malloc(strlen(temp_ptr)+1);
if(authinfo->username==NULL)
authinfo->username=""; <--- only place username is
set to ""--when malloc fails!
else
strcpy(authinfo->username,temp_ptr);
if(!strcmp(authinfo->username,"")){
authinfo->username="?";
authinfo->authenticated=FALSE;
}
else
authinfo->authenticated=TRUE;
}



---> if(!strcmp(authinfo->username,"") &&
strstr(input_buffer,"default_user_name=")==input_buffer){
temp_ptr=strtok(input_buffer,"=");
temp_ptr=strtok(NULL,",");
authinfo->username=(char
*)malloc(strlen(temp_ptr)+1);
if(authinfo->username==NULL)
authinfo->username="";
else
strcpy(authinfo->username,temp_ptr);
if(!strcmp(authinfo->username,""))
authinfo->authenticated=FALSE;
else
authinfo->authenticated=TRUE;
}
----end snippet----

A simple patch is included below--it just checks authinfo->username against
"?" instead of "". I've tested it out, and it works for me. A better way
might be to check if authinfo->authenticated is FALSE--I'll leave the choice
up to whoever checks it in.

- Bradey


--------
diff -ruN nagios-1.0a7/cgi/auth.c nagios-1.0a7-patched/cgi/auth.c
--- nagios-1.0a7/cgi/auth.c Wed Mar 6 17:34:32 2002
+++ nagios-1.0a7-patched/cgi/auth.c Wed Apr 24 20:15:22 2002
@@ -120,7 +120,7 @@
strip(input_buffer);

/* we don't have a username yet, so fake the
authentication if we find a default username defined */
- if(!strcmp(authinfo->username,"") &&
strstr(input_buffer,"default_user_name=")==input_buffer){
+ if(!strcmp(authinfo->username,"?") &&
strstr(input_buffer,"default_user_name=")==input_buffer){
temp_ptr=strtok(input_buffer,"=");
temp_ptr=strtok(NULL,",");
authinfo->username=(char
*)malloc(strlen(temp_ptr)+1);





This post was automatically imported from historical nagios-devel mailing list archives
Original poster: Bradey.Honsinger@construx.com
Guest
 

Return to Open Source Nagios Projects

Who is online

Users browsing this forum: No registered users and 16 guests