[Xymon] Criticaleditor.sh - issues after upgrading to 4.3.26. [ + ackinfo.sh ]
J.C. Cleaver
cleaver at terabithia.org
Thu Mar 3 21:13:51 CET 2016
Well this was pretty ugly.
Three distinct problems:
1) criticaleditor should only be rejecting based on POSTs
2) criticalview is a regular CGI, not a secure one
3) ackinfo wasn't allowing ack submission directly from svcstatus POSTs
#3 is my fault -- I actually was not aware that the NK feature placed the
form in that spot.
The attached patch seems to fix all three of these issues for me. I'd
appreciate it if y'all could test.
Regards,
-jc
On Thu, March 3, 2016 7:57 am, Richard Hamilton wrote:
> With different paths (e.g. /export/home/xymon/cgi-secure/...) on Solaris
> 11
> (SPARC), I'm seeing the criticaleditor.sh issue too; nothing of
> consequence
> differs from the existing and the newly supplied xymon-apache.conf, so
> that's not it.
>
> I'm all green/clear right now, so I don't have anything to acknowledge and
> try that, I guess. :-)
>
> Aside from an rcsid[] line, I don't see any difference in cgiwrap.c or
> criticaleditor.c between 4.3.25 and 4.3.26; going back to 4.3.24, there
> are
> definitely differences.
>
> Just for the heck of it, I compiled 4.3.24, moved over
> server/bin/criticaleditor.cgi to save it under a different name, and
> dropped in the 4.3.24 version of it. The page then came up without the
> redirect problem! I did _not_ attempt editing anything, just in case the
> stored data format might have been changed/upgraded. Note: I didn't even
> replace cgiwrap or the link to it with the old one, just the actual
> criticaleditor.cgi binary.
>
> So something between 4.3.24 and 4.3.26 broke it - probably something in
> criticaleditor.c.
>
> On Thu, Mar 3, 2016 at 8:19 AM, Axel Beckert <beckert at phys.ethz.ch> wrote:
>
>> Hi,
>>
>> On Sun, Feb 28, 2016 at 08:24:33PM +0000, Guðmundur Freyr Hafsteinsson
>> wrote:
>> > Everything is working except the criticaleditor.sh link under
>> administrator, which gives me the following errors in the logs (masked
>> my
>> ips):
>> >
>> > [error] [client Y.Y.Y.Y] Request exceeded the limit of 10 internal
>> redirects due to probable configuration error. Use
>> 'LimitInternalRecursion'
>> to increase the limit if necessary. Use 'LogLevel debug' to get a
>> backtrace., referer: http://X.X.X.X/xymon/xymon.html
>> >
>> > The features that are currently using the same xymonpasswd file do
>> work
>> properly:
>> > enadis.sh
>> > acknowledge.sh
>>
>> I can add ackinfo.sh to the list of misbehaving CGI scripts:
>>
>> When I view e.g.
>> https://xymon
>> .<domain>/xymon-cgi/svcstatus.sh?HOST=<somehost>&SERVICE=<someservice>&NKPRIO=1&NKTTGROUP=&NKTTEXTRA=
>> and fill out the acknowledge form on top, it does a POST request to
>> https://xymon.<domain>/xymon-seccgi/ackinfo.sh, but since recently
>> this returns a "404 Not Found", interestingly with the text "The
>> requested URL /xymon-seccgi/criticalview.sh was not found on this
>> server." (i.e. criticalview.sh instead of ackinfo.sh).
>>
>> In the apache error log, this causes lines like this one:
>>
>> [Thu Mar 03 14:16:16.673425 2016] [cgid:error] [pid 2311:tid
>> 140260545623808] [client <ip>:52929] AH01264: script not found or unable
>> to
>> stat: /usr/lib/xymon/cgi-secure/criticalview.sh, referer: https://xymon
>> .<domain>/xymon-cgi/svcstatus.sh?HOST=<somehost>&SERVICE=<someservice>&NKPRIO=1&NKTTGROUP=&NKTTEXTRA=
>>
>> /usr/lib/xymon/cgi-secure/criticalview.sh indeed does not exists, but
>> /usr/lib/xymon/cgi-secure/ackinfo.sh does exist.
>>
>> (Regarding the paths: I'm using the official Debian packages as this
>> is my server to test them.)
>>
>> Kind regards, Axel Beckert
>> --
>> Axel Beckert <beckert at phys.ethz.ch> support: +41 44 633 26 68
>> IT Services Group, HPT H 6 voice: +41 44 633 41 89
>> Departement of Physics, ETH Zurich
>> CH-8093 Zurich, Switzerland http://nic.phys.ethz.ch/
>> _______________________________________________
>> Xymon mailing list
>> Xymon at xymon.com
>> http://lists.xymon.com/mailman/listinfo/xymon
>>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cgifix.patch
Type: text/x-patch
Size: 3406 bytes
Desc: not available
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20160303/4e3ce391/attachment.bin>
More information about the Xymon
mailing list