<div dir="ltr">This appears to fix criticaleditor; I do get an error<div><h1 style="color:rgb(0,0,0);font-family:-webkit-standard">Internal Server Error</h1><p style="color:rgb(0,0,0);font-family:-webkit-standard">The server encountered an internal error or misconfiguration and was unable to complete your request.</p><p style="color:rgb(0,0,0);font-family:-webkit-standard">Please contact the server administrator, <a href="mailto:rlhamil@richard-hamilton.name">rlhamil@richard-hamilton.name</a> and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p><p style="color:rgb(0,0,0);font-family:-webkit-standard">More information about this error may be available in the server error log.</p><p style="color:rgb(0,0,0);font-family:-webkit-standard"><span style="color:rgb(34,34,34);font-family:arial,sans-serif">if I try to go past the last record; don't know if that's supposed to happen or not.</span><br></p><p style="color:rgb(0,0,0);font-family:-webkit-standard"><span style="color:rgb(34,34,34);font-family:arial,sans-serif"><br></span></p><p style="color:rgb(0,0,0);font-family:-webkit-standard"><span style="color:rgb(34,34,34);font-family:arial,sans-serif">The rest, I don't know how to test.</span></p><p style="color:rgb(0,0,0);font-family:-webkit-standard"><span style="color:rgb(34,34,34);font-family:arial,sans-serif"><br></span></p></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Mar 3, 2016 at 3:13 PM, J.C. Cleaver <span dir="ltr"><<a href="mailto:cleaver@terabithia.org" target="_blank">cleaver@terabithia.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Well this was pretty ugly.<br>
<br>
Three distinct problems:<br>
1) criticaleditor should only be rejecting based on POSTs<br>
2) criticalview is a regular CGI, not a secure one<br>
3) ackinfo wasn't allowing ack submission directly from svcstatus POSTs<br>
<br>
#3 is my fault -- I actually was not aware that the NK feature placed the<br>
form in that spot.<br>
<br>
The attached patch seems to fix all three of these issues for me. I'd<br>
appreciate it if y'all could test.<br>
<br>
<br>
Regards,<br>
-jc<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
On Thu, March 3, 2016 7:57 am, Richard Hamilton wrote:<br>
> With different paths (e.g. /export/home/xymon/cgi-secure/...) on Solaris<br>
> 11<br>
> (SPARC), I'm seeing the criticaleditor.sh issue too; nothing of<br>
> consequence<br>
> differs from the existing and the newly supplied xymon-apache.conf, so<br>
> that's not it.<br>
><br>
> I'm all green/clear right now, so I don't have anything to acknowledge and<br>
> try that, I guess. :-)<br>
><br>
> Aside from an rcsid[] line, I don't see any difference in cgiwrap.c or<br>
> criticaleditor.c between 4.3.25 and 4.3.26; going back to 4.3.24, there<br>
> are<br>
> definitely differences.<br>
><br>
> Just for the heck of it, I compiled 4.3.24, moved over<br>
> server/bin/criticaleditor.cgi to save it under a different name, and<br>
> dropped in the 4.3.24 version of it. The page then came up without the<br>
> redirect problem! I did _not_ attempt editing anything, just in case the<br>
> stored data format might have been changed/upgraded. Note: I didn't even<br>
> replace cgiwrap or the link to it with the old one, just the actual<br>
> criticaleditor.cgi binary.<br>
><br>
> So something between 4.3.24 and 4.3.26 broke it - probably something in<br>
> criticaleditor.c.<br>
><br>
> On Thu, Mar 3, 2016 at 8:19 AM, Axel Beckert <<a href="mailto:beckert@phys.ethz.ch">beckert@phys.ethz.ch</a>> wrote:<br>
><br>
>> Hi,<br>
>><br>
>> On Sun, Feb 28, 2016 at 08:24:33PM +0000, Guðmundur Freyr Hafsteinsson<br>
>> wrote:<br>
>> > Everything is working except the criticaleditor.sh link under<br>
>> administrator, which gives me the following errors in the logs (masked<br>
>> my<br>
>> ips):<br>
>> ><br>
>> > [error] [client Y.Y.Y.Y] Request exceeded the limit of 10 internal<br>
>> redirects due to probable configuration error. Use<br>
>> 'LimitInternalRecursion'<br>
>> to increase the limit if necessary. Use 'LogLevel debug' to get a<br>
>> backtrace., referer: <a href="http://X.X.X.X/xymon/xymon.html" rel="noreferrer" target="_blank">http://X.X.X.X/xymon/xymon.html</a><br>
>> ><br>
>> > The features that are currently using the same xymonpasswd file do<br>
>> work<br>
>> properly:<br>
>> > enadis.sh<br>
>> > acknowledge.sh<br>
>><br>
>> I can add ackinfo.sh to the list of misbehaving CGI scripts:<br>
>><br>
>> When I view e.g.<br>
>> <a href="https://xymon" rel="noreferrer" target="_blank">https://xymon</a><br>
>> .<domain>/xymon-cgi/svcstatus.sh?HOST=<somehost>&SERVICE=<someservice>&NKPRIO=1&NKTTGROUP=&NKTTEXTRA=<br>
>> and fill out the acknowledge form on top, it does a POST request to<br>
>> <a href="https://xymon" rel="noreferrer" target="_blank">https://xymon</a>.<domain>/xymon-seccgi/ackinfo.sh, but since recently<br>
>> this returns a "404 Not Found", interestingly with the text "The<br>
>> requested URL /xymon-seccgi/criticalview.sh was not found on this<br>
>> server." (i.e. criticalview.sh instead of ackinfo.sh).<br>
>><br>
>> In the apache error log, this causes lines like this one:<br>
>><br>
>> [Thu Mar 03 14:16:16.673425 2016] [cgid:error] [pid 2311:tid<br>
>> 140260545623808] [client <ip>:52929] AH01264: script not found or unable<br>
>> to<br>
>> stat: /usr/lib/xymon/cgi-secure/criticalview.sh, referer: <a href="https://xymon" rel="noreferrer" target="_blank">https://xymon</a><br>
>> .<domain>/xymon-cgi/svcstatus.sh?HOST=<somehost>&SERVICE=<someservice>&NKPRIO=1&NKTTGROUP=&NKTTEXTRA=<br>
>><br>
>> /usr/lib/xymon/cgi-secure/criticalview.sh indeed does not exists, but<br>
>> /usr/lib/xymon/cgi-secure/ackinfo.sh does exist.<br>
>><br>
>> (Regarding the paths: I'm using the official Debian packages as this<br>
>> is my server to test them.)<br>
>><br>
>> Kind regards, Axel Beckert<br>
>> --<br>
>> Axel Beckert <<a href="mailto:beckert@phys.ethz.ch">beckert@phys.ethz.ch</a>> support: <a href="tel:%2B41%2044%20633%2026%2068" value="+41446332668">+41 44 633 26 68</a><br>
>> IT Services Group, HPT H 6 voice: <a href="tel:%2B41%2044%20633%2041%2089" value="+41446334189">+41 44 633 41 89</a><br>
>> Departement of Physics, ETH Zurich<br>
>> CH-8093 Zurich, Switzerland <a href="http://nic.phys.ethz.ch/" rel="noreferrer" target="_blank">http://nic.phys.ethz.ch/</a><br>
>> _______________________________________________<br>
>> Xymon mailing list<br>
>> <a href="mailto:Xymon@xymon.com">Xymon@xymon.com</a><br>
>> <a href="http://lists.xymon.com/mailman/listinfo/xymon" rel="noreferrer" target="_blank">http://lists.xymon.com/mailman/listinfo/xymon</a><br>
>><br>
> _______________________________________________<br>
> Xymon mailing list<br>
> <a href="mailto:Xymon@xymon.com">Xymon@xymon.com</a><br>
> <a href="http://lists.xymon.com/mailman/listinfo/xymon" rel="noreferrer" target="_blank">http://lists.xymon.com/mailman/listinfo/xymon</a><br>
><br>
</div></div></blockquote></div><br></div>