[Nagios-devel] Bug: default_user_name broken (patch included)

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
Guest

[Nagios-devel] Bug: default_user_name broken (patch included)

Post by Guest »

I've been working on setting up Nagios 1.0a7 on our internal network, and I
noticed that the default_user_name option in cgi.cfg is broken. In
cgi/auth.c:123, the current username is set to "?" if authentication isn't
being used, but later the default_user_name is used only if the current
username is the empty string (""). The only time the default_user_name will
be used is if malloc() fails! Here's the code snippet:

----cgi/auth.c:123---
/* grab username from the environment... */
temp_ptr=getenv("REMOTE_USER");
if(temp_ptr==NULL){
authinfo->username="?";
authinfo->authenticated=FALSE;
}
else{
authinfo->username=(char *)malloc(strlen(temp_ptr)+1);
if(authinfo->username==NULL)
authinfo->username=""; username,temp_ptr);
if(!strcmp(authinfo->username,"")){
authinfo->username="?";
authinfo->authenticated=FALSE;
}
else
authinfo->authenticated=TRUE;
}



---> if(!strcmp(authinfo->username,"") &&
strstr(input_buffer,"default_user_name=")==input_buffer){
temp_ptr=strtok(input_buffer,"=");
temp_ptr=strtok(NULL,",");
authinfo->username=(char
*)malloc(strlen(temp_ptr)+1);
if(authinfo->username==NULL)
authinfo->username="";
else
strcpy(authinfo->username,temp_ptr);
if(!strcmp(authinfo->username,""))
authinfo->authenticated=FALSE;
else
authinfo->authenticated=TRUE;
}
----end snippet----

A simple patch is included below--it just checks authinfo->username against
"?" instead of "". I've tested it out, and it works for me. A better way
might be to check if authinfo->authenticated is FALSE--I'll leave the choice
up to whoever checks it in.

- Bradey


--------
diff -ruN nagios-1.0a7/cgi/auth.c nagios-1.0a7-patched/cgi/auth.c
--- nagios-1.0a7/cgi/auth.c Wed Mar 6 17:34:32 2002
+++ nagios-1.0a7-patched/cgi/auth.c Wed Apr 24 20:15:22 2002
@@ -120,7 +120,7 @@
strip(input_buffer);

/* we don't have a username yet, so fake the
authentication if we find a default username defined */
- if(!strcmp(authinfo->username,"") &&
strstr(input_buffer,"default_user_name=")==input_buffer){
+ if(!strcmp(authinfo->username,"?") &&
strstr(input_buffer,"default_user_name=")==input_buffer){
temp_ptr=strtok(input_buffer,"=");
temp_ptr=strtok(NULL,",");
authinfo->username=(char
*)malloc(strlen(temp_ptr)+1);





This post was automatically imported from historical nagios-devel mailing list archives
Original poster: Bradey.Honsinger@construx.com
Locked