Is a null username possible with check_http

[Jim McNamara]

On Wed, 2009-07-29 at 20:08 -0400, Jim McNamara wrote:

> On Wed, 2009-07-29 at 15:45 -0500, Marc Powell wrote: 
> 
> > On Jul 29, 2009, at 2:09 PM, Jim McNamara wrote:
> > 
> > > Thanks for that help. Unfortunately it leads to some unusual  
> > > results. Both authenticating from firefox on a windows host and on  
> > > the CLI from the linux server show the same credentials being  
> > > passed, as shown here:
> > >
> > > (Windows)
> > > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv: 
> > > 1.9.0.12) Gecko/2009070611 Firefox/3.0.12\r\n
> > > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/ 
> > > *;q=0.8\r\n
> > > Accept-Language: en-us,en;q=0.5\r\n
> > > Accept-Encoding: gzip,deflate\r\n
> > > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n
> > > Keep-Alive: 300\r\n
> > > Connection: keep-alive\r\n
> > > Authorization: Basic OnJlYm9vdA==\r\n
> > > Credentials: :reboot
> > > \r\n
> > >
> > > (Linux)
> > > GET / HTTP/1.0\r\n
> > > User-Agent: check_http/v2053 (nagios-plugins 1.4.13)\r\n
> > > Connection: close\r\n
> > > Authorization: Basic OnJlYm9vdA==\r\n
> > > Credentials: :reboot
> > > \r\n
> > >
> > > So both agents pass the correct info to the unit, but something  
> > > clearly doesn't behave well.
> > 
> > I agree. Both translate to the same string.
> > 
> > > I do see a fair amount of javascript in the windows capture after  
> > > the authentication, could that be part of the issue?
> > 
> > No. I am presuming the javascript is being sent in response to the  
> > successful auth.
> > 
> > > Also the "Connection: close\r\n sent by check_http has me wondering  
> > > if is closing the stream before some of the authentication is  
> > > completed?
> > 
> > No, that's just telling the server that it can close the connection  
> > after sending the response. That response should be the HTML of the  
> > page after successful auth. That's standard HTTP and they shouldn't be  
> > bombing based on that.
> > 
> > > I have both captures from tshark and wireshark saved if seeing the  
> > > full info would be any help.
> > 
> > Probably not. It certainly appears that this device is requiring  
> > something more than just Basic authentication. It may be looking at  
> > User-Agent or some other header and rejecting if it's not there or  
> > something unexpected. You might try adding a -A to change the user- 
> > agent to match the one above and/or one or more -k headers to see what  
> > that extra bit might be. Other than that, your best source of what  
> > they're really looking for is going to be the manufacturer unless they  
> > happen to provide the source (yeah, right....).
> > 
> > --
> > Marc
> 
> 
> Thanks again Marc.
> 
> Just adding the -A modifier didn't produce any change, and I've been
> trying to add -k to perfectly mimic the strings sent by firefox. The
> problem is -A has no problem sending semicolons or asterisks as long
> as the whole string is in quotes, but -k fails at either of those
> chars. Here's some output - 
> 
> /usr/local/nagios/libexec/check_http -I 192.168.150.11 -a :reboot
> -A"Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv: 1.9.0.12)
> Gecko/2009070611 Firefox/3.0.12" -k"Accept:
> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"
> -v
> GET / HTTP/1.0
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:
> 1.9.0.12) Gecko/2009070611 Firefox/3.0.12
> Connection: close
> Accept: text/html,application/xhtml+xml,application/xml
> q=0.9,*/*
> q=0.8\r\n
> Authorization: Basic OnJlYm9vdA==
> 
> 
> http://192.168.150.11:80/ is 97 characters
> STATUS: HTTP/1.0 401 Not Authorized
> **** HEADER ****
> WWW-Authenticate: Basic realm="iBoot"
> **** CONTENT ****
> <html><h2>Error</h2></html>
> HTTP WARNING: HTTP/1.0 401 Not Authorized
> 
> It seems the semicolon breaks up the header, and neither backslashing
> or using single quotes in place of the quotation marks in my example
> made any difference. What is the right way to get the full header sent
> including special chars?
> 
> Additionally, I saw the GET command from firefox was 1.1, and GET from
> check_http is 1.0. I don't know if that is a problem, but wireshark
> shows a GET v1.0 as "Continuation or non-HTTP traffic". Can the get
> command either be changed to 1.1 or masked to appear as if it was 1.1?
> 
> Thanks again to all. 


Just to bring closure to this, though the authentication was done
correctly by nagios, the device was refusing it, and I never got
check_http to work. After speaking with techsupport at the manufacturer,
they couldn't tell/guess where the problem was. They did however provide
a work-around. They provide perl scripts for querying/rebooting these
iboot devices. It was trivial to write an event handler that passed
reboot commands to the iboots, so now my network is much more
self-healing!

The manufacturer's scripts are publicly accessible at:

http://dataprobe.com/demos/iboot/iboot.perl.zip

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20090806/b0794454/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null