Page 1 of 1

[Nagios-devel] Bug: default_user_name broken (patch included)

Posted: Thu Apr 25, 2002 7:10 pm
by Guest
I've been working on setting up Nagios 1.0a7 on our internal network, and I
noticed that the default_user_name option in cgi.cfg is broken. In
cgi/auth.c:123, the current username is set to "?" if authentication isn't
being used, but later the default_user_name is used only if the current
username is the empty string (""). The only time the default_user_name will
be used is if malloc() fails! Here's the code snippet:

----cgi/auth.c:123---
/* grab username from the environment... */
temp_ptr=getenv("REMOTE_USER");
if(temp_ptr==NULL){
authinfo->username="?";
authinfo->authenticated=FALSE;
}
else{
authinfo->username=(char *)malloc(strlen(temp_ptr)+1);
if(authinfo->username==NULL)
authinfo->username=""; username,temp_ptr);
if(!strcmp(authinfo->username,"")){
authinfo->username="?";
authinfo->authenticated=FALSE;
}
else
authinfo->authenticated=TRUE;
}



---> if(!strcmp(authinfo->username,"") &&
strstr(input_buffer,"default_user_name=")==input_buffer){
temp_ptr=strtok(input_buffer,"=");
temp_ptr=strtok(NULL,",");
authinfo->username=(char
*)malloc(strlen(temp_ptr)+1);
if(authinfo->username==NULL)
authinfo->username="";
else
strcpy(authinfo->username,temp_ptr);
if(!strcmp(authinfo->username,""))
authinfo->authenticated=FALSE;
else
authinfo->authenticated=TRUE;
}
----end snippet----

A simple patch is included below--it just checks authinfo->username against
"?" instead of "". I've tested it out, and it works for me. A better way
might be to check if authinfo->authenticated is FALSE--I'll leave the choice
up to whoever checks it in.

- Bradey


--------
diff -ruN nagios-1.0a7/cgi/auth.c nagios-1.0a7-patched/cgi/auth.c
--- nagios-1.0a7/cgi/auth.c Wed Mar 6 17:34:32 2002
+++ nagios-1.0a7-patched/cgi/auth.c Wed Apr 24 20:15:22 2002
@@ -120,7 +120,7 @@
strip(input_buffer);

/* we don't have a username yet, so fake the
authentication if we find a default username defined */
- if(!strcmp(authinfo->username,"") &&
strstr(input_buffer,"default_user_name=")==input_buffer){
+ if(!strcmp(authinfo->username,"?") &&
strstr(input_buffer,"default_user_name=")==input_buffer){
temp_ptr=strtok(input_buffer,"=");
temp_ptr=strtok(NULL,",");
authinfo->username=(char
*)malloc(strlen(temp_ptr)+1);





This post was automatically imported from historical nagios-devel mailing list archives
Original poster: Bradey.Honsinger@construx.com