Re: [Nagios-devel] Bug: default_user_name broken (patch included)
Posted: Fri Apr 26, 2002 6:30 pm
Thanks for the note. I should actually remove all "?" in that
section of the code. The only place its really used is in the
display_info_table() function in cgiutils.c, so I'll make changes
there.
On 25 Apr 2002 at 20:10, Bradey Honsinger wrote:
>
> I've been working on setting up Nagios 1.0a7 on our internal network, and I
> noticed that the default_user_name option in cgi.cfg is broken. In
> cgi/auth.c:123, the current username is set to "?" if authentication isn't
> being used, but later the default_user_name is used only if the current
> username is the empty string (""). The only time the default_user_name will
> be used is if malloc() fails! Here's the code snippet:
>
> ----cgi/auth.c:123---
> /* grab username from the environment... */
> temp_ptr=getenv("REMOTE_USER");
> if(temp_ptr==NULL){
> authinfo->username="?";
> authinfo->authenticated=FALSE;
> }
> else{
> authinfo->username=(char *)malloc(strlen(temp_ptr)+1);
> if(authinfo->username==NULL)
> authinfo->username=""; set to ""--when malloc fails!
> else
> strcpy(authinfo->username,temp_ptr);
> if(!strcmp(authinfo->username,"")){
> authinfo->username="?";
> authinfo->authenticated=FALSE;
> }
> else
> authinfo->authenticated=TRUE;
> }
>
>
>
> ---> if(!strcmp(authinfo->username,"") &&
> strstr(input_buffer,"default_user_name=")==input_buffer){
> temp_ptr=strtok(input_buffer,"=");
> temp_ptr=strtok(NULL,",");
> authinfo->username=(char
> *)malloc(strlen(temp_ptr)+1);
> if(authinfo->username==NULL)
> authinfo->username="";
> else
> strcpy(authinfo->username,temp_ptr);
> if(!strcmp(authinfo->username,""))
> authinfo->authenticated=FALSE;
> else
> authinfo->authenticated=TRUE;
> }
> ----end snippet----
>
> A simple patch is included below--it just checks authinfo->username against
> "?" instead of "". I've tested it out, and it works for me. A better way
> might be to check if authinfo->authenticated is FALSE--I'll leave the choice
> up to whoever checks it in.
>
> - Bradey
>
>
> --------
> diff -ruN nagios-1.0a7/cgi/auth.c nagios-1.0a7-patched/cgi/auth.c
> --- nagios-1.0a7/cgi/auth.c Wed Mar 6 17:34:32 2002
> +++ nagios-1.0a7-patched/cgi/auth.c Wed Apr 24 20:15:22 2002
> @@ -120,7 +120,7 @@
> strip(input_buffer);
>
> /* we don't have a username yet, so fake the
> authentication if we find a default username defined */
> - if(!strcmp(authinfo->username,"") &&
> strstr(input_buffer,"default_user_name=")==input_buffer){
> + if(!strcmp(authinfo->username,"?") &&
> strstr(input_buffer,"default_user_name=")==input_buffer){
> temp_ptr=strtok(input_buffer,"=");
> temp_ptr=strtok(NULL,",");
> authinfo->username=(char
> *)malloc(strlen(temp_ptr)+1);
>
> _______________________________________________
> Nagios-devel mailing list
> Nagios-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/lis ... gios-devel
>
Ethan Galstad,
Nagios Developer
---
Email: nagios@nagios.org
Website: http://www.nagios.org
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: nagios@nagios.org
section of the code. The only place its really used is in the
display_info_table() function in cgiutils.c, so I'll make changes
there.
On 25 Apr 2002 at 20:10, Bradey Honsinger wrote:
>
> I've been working on setting up Nagios 1.0a7 on our internal network, and I
> noticed that the default_user_name option in cgi.cfg is broken. In
> cgi/auth.c:123, the current username is set to "?" if authentication isn't
> being used, but later the default_user_name is used only if the current
> username is the empty string (""). The only time the default_user_name will
> be used is if malloc() fails! Here's the code snippet:
>
> ----cgi/auth.c:123---
> /* grab username from the environment... */
> temp_ptr=getenv("REMOTE_USER");
> if(temp_ptr==NULL){
> authinfo->username="?";
> authinfo->authenticated=FALSE;
> }
> else{
> authinfo->username=(char *)malloc(strlen(temp_ptr)+1);
> if(authinfo->username==NULL)
> authinfo->username=""; set to ""--when malloc fails!
> else
> strcpy(authinfo->username,temp_ptr);
> if(!strcmp(authinfo->username,"")){
> authinfo->username="?";
> authinfo->authenticated=FALSE;
> }
> else
> authinfo->authenticated=TRUE;
> }
>
>
>
> ---> if(!strcmp(authinfo->username,"") &&
> strstr(input_buffer,"default_user_name=")==input_buffer){
> temp_ptr=strtok(input_buffer,"=");
> temp_ptr=strtok(NULL,",");
> authinfo->username=(char
> *)malloc(strlen(temp_ptr)+1);
> if(authinfo->username==NULL)
> authinfo->username="";
> else
> strcpy(authinfo->username,temp_ptr);
> if(!strcmp(authinfo->username,""))
> authinfo->authenticated=FALSE;
> else
> authinfo->authenticated=TRUE;
> }
> ----end snippet----
>
> A simple patch is included below--it just checks authinfo->username against
> "?" instead of "". I've tested it out, and it works for me. A better way
> might be to check if authinfo->authenticated is FALSE--I'll leave the choice
> up to whoever checks it in.
>
> - Bradey
>
>
> --------
> diff -ruN nagios-1.0a7/cgi/auth.c nagios-1.0a7-patched/cgi/auth.c
> --- nagios-1.0a7/cgi/auth.c Wed Mar 6 17:34:32 2002
> +++ nagios-1.0a7-patched/cgi/auth.c Wed Apr 24 20:15:22 2002
> @@ -120,7 +120,7 @@
> strip(input_buffer);
>
> /* we don't have a username yet, so fake the
> authentication if we find a default username defined */
> - if(!strcmp(authinfo->username,"") &&
> strstr(input_buffer,"default_user_name=")==input_buffer){
> + if(!strcmp(authinfo->username,"?") &&
> strstr(input_buffer,"default_user_name=")==input_buffer){
> temp_ptr=strtok(input_buffer,"=");
> temp_ptr=strtok(NULL,",");
> authinfo->username=(char
> *)malloc(strlen(temp_ptr)+1);
>
> _______________________________________________
> Nagios-devel mailing list
> Nagios-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/lis ... gios-devel
>
Ethan Galstad,
Nagios Developer
---
Email: nagios@nagios.org
Website: http://www.nagios.org
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: nagios@nagios.org