Direct link to Host/Service problem in Message Notification

[mmestnik]

Can you provide an example $HOSTNOTESURL$?

I'm concerned about php's handling of GET vs POST/arguments VS an array. There are also the auth differences as XI's interface uses cookies and javascript. What features does the smartphone support? We make heavy use of frames also.

Accessing the legacy nagios UI may be an option, but we do plan on completely removing this once the XI UI is a feature compatible replacement.

[fmpub]

Correct the links now work the problem is that if you do not have a session cookie? or something like that then rather then giving you a login/password challenge/response it just throws up a "Session timed out" message. Behaviour should be

1) hit link
2) challenge/response auth
3) display page

That is how things worked under core just using apache auth. however under XI you hit the link and it doesn't ask you to log in it just tells you that your session has timed out so the link only works if you already have a valid session in your browser.

[admin]

Actually, htmlentities() doesn't apply, as the notification commands he's using send notifications directly from Nagios Core. Only notifications that are routed through Nagios XI are subject to the PHP stuff that's been added.

[mmestnik]

fmpub:
I'm sorry I didn't follow your last message. Could you please provide more information.

Can you provide an example $HOSTNOTESURL$?

I'm concerned about php's handling of GET vs POST/arguments VS an array. There are also the auth differences as XI's interface uses cookies and javascript. What features does the smartphone support? We make heavy use of frames also.

Accessing the legacy nagios UI may be an option, but we do plan on completely removing this once the XI UI is a feature compatible replacement.

Can you provide an example $HOSTNOTESURL$? Please label them as working/not-working/ect.
What features does the smartphone support?

[fmpub]

So here is what is happening. Under Naios Core we had apache auth on "/" so you would hit the link regardless of your browser (mobile etc.) and it would challenge you to auth and once done so would pull up your page and allow you to acknowledge the service/host problem

XI uses a completely different auth. so when you hit the Link the webpage tries to pull up and it goes "you don't have an auth token, your session has timed out" rather then first asking you to auth then redirecting you to the page so you can acknowledge services.

The Illegal Macro thing has allowed us to get the Link working, but there remains the auth problem which I believe we have solved by changing the URL to do the following;

Code: Select all

/usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nAcknowledged By: $SERVICEACKAUTHORALIAS$\nAcknowledgment Note: $SERVICEACKCOMMENT$\nURL: $SERVICENOTESURL$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$" | /bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$

becomes 

/usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nAcknowledged By: $SERVICEACKAUTHORALIAS$\nAcknowledgment Note: $SERVICEACKCOMMENT$\nURL: http://nagios.fmpub.net/nagiosxi/login.php?redirect=/nagiosxi/includes/components/xicore/status.php%3Fshow=servicedetail%26host=$HOSTALIAS$%26service=$SERVICEDESC$%26dest=auto\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$" | /bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$

[mmestnik]

You have it working then?
Do think it would be acceptable to redirect unauthenticated requests to the login script with the correct parameter to redirect back?

[fmpub]

it's working.. I need to use the illegalmacro thing to get it to work so that's not 100% ideal but workable not sure what kind of an RFE can fix that but will allow you guys to decide. The Reformatting of the URL works but perhaps it may be better for Nagios XI to do this by default if possible. that is to redirect someone to the login screen if they do not have an auth token/session and then redirect them back to their page after auth.

If something like that is possible I could see the value in it's addition to XI.

[mmestnik]

I've opened a tracker for the unauthenticated redirect.

I still don't follow what part of the macro is illegal. Can you provide an example?

This is how I'd have expected this to be done:

Code: Select all

/usr/bin/printf "***** Nagios *****\n\nNotification Type: %s\nAcknowledged By: %s\nAcknowledgment Note: %s\nURL: http://nagios.fmpub.net/nagiosxi/login.php?redirect=/nagiosxi/includes/components/xicore/status.php%%3Fshow=servicedetail%%26host=%s%%26service=%s%%26dest=auto\n\nService: %s\nHost: %s\nAddress: %s\nState: %s\n\nDate/Time: %s\n\nAdditional Info:\n\n%s" "$NOTIFICATIONTYPE$" "$SERVICEACKAUTHORALIAS$" "$SERVICEACKCOMMENT$" "$HOSTALIAS$" "$SERVICEDESC$" "$SERVICEDESC$" "$HOSTALIAS$" "$HOSTADDRESS$" "$SERVICESTATE$" "$LONGDATETIME$" "$SERVICEOUTPUT$" | /bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$

Any char that can't be sent because of command expansion rules can be replaced with it's oct/hex/uni code like so:

Code: Select all

       \NNN   byte with octal value NNN (1 to 3 digits)

       \xHH   byte with hexadecimal value HH (1 to 2 digits)

       \uHHHH Unicode (ISO/IEC 10646) character with hex value HHHH (4 digits)

       \UHHHHHHHH
              Unicode character with hex value HHHHHHHH (8 digits)

[fmpub]

No that's not it.. the problem is that Nagios doesn't automatically redirect to a login page if you don't have an auth token, then after auth'ing redirect you back to the page you were trying to get to.

[mmestnik]

I thought you had two problems.
1. Login redirect. From what I can tell this isn't going to be fixed. Insert this into your URL should be a workaround:

Code: Select all

/nagiosxi/login.php?redirect=

2. Something with illegalmacro. I don't understand, perhaps this was never a problem and instead your problem was only #1?