Bug in statuswml.cgi with Acknowledging Services

[Benjamin Schmaus]

This was causing the "Your're not authorized" for me in my environment. 

 I removed the url_encode() off the service description and the correct value was passed.  You may be correct with regards to special characters, however I was only trying to figure out how to get the value to correctly show for the service so I could acknowledge the service state.  This is by no means the correct fix, but a way to expose the issue.

If you use a WAP browser, like Klondike or the Mozilla WML plugin, you can view the WAP interface without a cell phone.  Further you can look at the WML source of the form and clearly see that the postfield name for service had the value set as the hostname. 

Benjamin Schmaus



----- Original Message ----
From: Jon Angliss <jon at netdork.net>
To: nagios-devel at lists.sourceforge.net
Sent: Tuesday, August 12, 2008 2:42:41 AM
Subject: Re: [Nagios-devel] Bug in statuswml.cgi with Acknowledging Services

On Mon, 11 Aug 2008 13:41:38 -0700 (PDT), Benjamin Schmaus
<schmaustech at yahoo.com> wrote:

>It appears there is a bug if you try to acknowledge a critical state via the WAP interface for a service on the host in Nagios 3.x.

Is this what has been causing the "You're not authorized" messages
I've been getting when trying to ack stuff?  

>Upon looking at the post HTML code, it appears that the service name being passed is the host on which that service is in a critical state.  
>
>Specifically this line in statuswml.c:
>
>printf("<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='com_author' value='$(name)'/><postfield name='com_data' value='$(comment)'/><postfield name='persistent' value=''/><postfield name='send_notification' value=''/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go>\n",COMMAND_CGI,url_encode(host_name),url_encode(service_desc),CMD_ACKNOWLEDGE_SVC_PROBLEM,CMDMODE_COMMIT);
>
>If this line is changed to:
>
>        printf("<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='com_author' value='$(name)'/><postfield name='com_data' value='$(comment)'/><postfield name='persistent' value=''/><postfield name='send_notification' value=''/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go>\n",COMMAND_CGI,url_encode(host_name),service_desc,CMD_ACKNOWLEDGE_SVC_PROBLEM,CMDMODE_COMMIT);
>
>Then it appears to work.

The only change I see you've made is a change to service_desc to not
be feed through url_encode() first. Did that really fix it for you? If
what you're saying about it passing the service as the host name, I
can't see how stripping out the url_encode from your line would
resolve that issue, and could cause issues if you had special
characters in the service description.

-- 
Jon Angliss


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel



      

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/