Debian Bug report logs - #482947
check_radius wrongly hardcodes the NAS-IP-Address attribute in its requests

version graph

Package: nagios-plugins-standard; Maintainer for nagios-plugins-standard is Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>; Source for nagios-plugins-standard is src:nagios-plugins.

Reported by: Josip Rodin <joy@debbugs.entuzijast.net>

Date: Mon, 26 May 2008 00:33:01 UTC

Severity: normal

Tags: patch

Found in version nagios-plugins/1.4.5-1etch1

Fixed in version nagios-plugins/1.4.12-1

Done: Jan Wagner <waja@cyconet.org>

Bug is archived. No further changes may be made.

Forwarded to http://sourceforge.net/tracker/index.php?func=detail&aid=1975646&group_id=29880&atid=397599

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>:
Bug#482947; Package nagios-plugins-standard. Full text and rfc822 format available.

Acknowledgement sent to Josip Rodin <joy@debbugs.entuzijast.net>:
New Bug report received and forwarded. Copy sent to Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Josip Rodin <joy@debbugs.entuzijast.net>
To: submit@bugs.debian.org
Subject: check_radius wrongly hardcodes the NAS-IP-Address attribute in its requests
Date: Mon, 26 May 2008 02:30:50 +0200
Package: nagios-plugins-standard
Version: 1.4.5-1etch1

Hi,

check_radius doesn't seem to provide any way to modify the NAS-IP-Address
attribute that it uses in the packets it sends, but it does so for
NAS-Identifier.

Instead, it hardcodes the IP address that it gets from the
rc_own_ipaddress() library call, and that in turn translates into calling
gethostbyname() on the result of uname(). This call can easily fail, and its
result can easily be unsuitable - for example when the Nagios instance uses
its own virtual host, and you don't want the original system hostname leaked
to the RADIUS servers you monitor with this.

Furthermore, this behaviour is inconsistent with RFC 2865, which defines the
two attributes as analogous and never suggests hardcoding the value of
either of them in client software.

A new option should be added so that the user can provide the NAS-IP-Address
attribute contents, just like they can for the other attribute.

Please fix this. TIA.

-- 
     2. That which causes joy or happiness.




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>:
Bug#482947; Package nagios-plugins-standard. Full text and rfc822 format available.

Acknowledgement sent to Josip Rodin <joy@debbugs.entuzijast.net>:
Extra info received and forwarded to list. Copy sent to Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #10 received at 482947@bugs.debian.org (full text, mbox):

From: Josip Rodin <joy@debbugs.entuzijast.net>
To: 482947@bugs.debian.org
Subject: Re: Bug#482947: Acknowledgement (check_radius wrongly hardcodes the NAS-IP-Address attribute in its requests)
Date: Mon, 26 May 2008 11:32:19 +0200
I see that the NAS-Identifier parsing was added by a user:

http://nagiosplug.svn.sourceforge.net/viewvc/nagiosplug/nagiosplug/trunk/plugins/check_radius.c?r1=690&r2=851&sortby=date

I guess I'll just write a similar patch for NAS-IP-Address.

-- 
     2. That which causes joy or happiness.




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>:
Bug#482947; Package nagios-plugins-standard. Full text and rfc822 format available.

Acknowledgement sent to Josip Rodin <joy@debbugs.entuzijast.net>:
Extra info received and forwarded to list. Copy sent to Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #15 received at 482947@bugs.debian.org (full text, mbox):

From: Josip Rodin <joy@debbugs.entuzijast.net>
To: 482947@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Bug#482947: Acknowledgement (check_radius wrongly hardcodes the NAS-IP-Address attribute in its requests)
Date: Wed, 28 May 2008 00:44:36 +0200
[Message part 1 (text/plain, inline)]
tag 482947 patch
thanks

On Mon, May 26, 2008 at 11:32:19AM +0200, Josip Rodin wrote:
> 
> I see that the NAS-Identifier parsing was added by a user:
> 
> http://nagiosplug.svn.sourceforge.net/viewvc/nagiosplug/nagiosplug/trunk/plugins/check_radius.c?r1=690&r2=851&sortby=date
> 
> I guess I'll just write a similar patch for NAS-IP-Address.

Here's a working patch for this.

I've also noticed that the original code for NAS-IP-Address hardcoding
is broken in its error handling - it does "return (ERROR_PC)", which is
meaningless in the context of check_radius.c. That actually seems to be
copy&waste from radiusclient-0.3.2/src/radexample.c. :) I fixed that.

While debugging, I also took the opportunity to decouple the nas-identifier
rc_avpair_add() instance from the initial three, because this is just
bad practice to lump a fourth optional attribute into the same block with
the required attributes, the error handling for which is throwing the same
daft message "Out of Memory?"...

-- 
     2. That which causes joy or happiness.
[check_radius.c.diff (text/x-diff, attachment)]

Tags added: patch Request was from Josip Rodin <joy@debbugs.entuzijast.net> to control@bugs.debian.org. (Tue, 27 May 2008 22:45:11 GMT) Full text and rfc822 format available.

Noted your statement that Bug has been forwarded to http://sourceforge.net/tracker/index.php?func=detail&aid=1975646&group_id=29880&atid=397599. Request was from Josip Rodin <joy@debbugs.entuzijast.net> to control@bugs.debian.org. (Tue, 27 May 2008 23:21:03 GMT) Full text and rfc822 format available.

Tags added: pending Request was from Jan Wagner <waja-guest@alioth.debian.org> to control@bugs.debian.org. (Fri, 06 Jun 2008 13:12:03 GMT) Full text and rfc822 format available.

Reply sent to Jan Wagner <waja@cyconet.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Josip Rodin <joy@debbugs.entuzijast.net>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #26 received at 482947-close@bugs.debian.org (full text, mbox):

From: Jan Wagner <waja@cyconet.org>
To: 482947-close@bugs.debian.org
Subject: Bug#482947: fixed in nagios-plugins 1.4.12-1
Date: Wed, 18 Jun 2008 10:02:09 +0000
Source: nagios-plugins
Source-Version: 1.4.12-1

We believe that the bug you reported is fixed in the latest version of
nagios-plugins, which is due to be installed in the Debian FTP archive:

nagios-plugins-basic_1.4.12-1_i386.deb
  to pool/main/n/nagios-plugins/nagios-plugins-basic_1.4.12-1_i386.deb
nagios-plugins-standard_1.4.12-1_i386.deb
  to pool/main/n/nagios-plugins/nagios-plugins-standard_1.4.12-1_i386.deb
nagios-plugins_1.4.12-1.diff.gz
  to pool/main/n/nagios-plugins/nagios-plugins_1.4.12-1.diff.gz
nagios-plugins_1.4.12-1.dsc
  to pool/main/n/nagios-plugins/nagios-plugins_1.4.12-1.dsc
nagios-plugins_1.4.12-1_all.deb
  to pool/main/n/nagios-plugins/nagios-plugins_1.4.12-1_all.deb
nagios-plugins_1.4.12.orig.tar.gz
  to pool/main/n/nagios-plugins/nagios-plugins_1.4.12.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 482947@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jan Wagner <waja@cyconet.org> (supplier of updated nagios-plugins package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 17 Jun 2008 23:18:32 +0200
Source: nagios-plugins
Binary: nagios-plugins nagios-plugins-basic nagios-plugins-standard
Architecture: source all i386
Version: 1.4.12-1
Distribution: unstable
Urgency: low
Maintainer: Debian Nagios Maintainer Group <pkg-nagios-devel@lists.alioth.debian.org>
Changed-By: Jan Wagner <waja@cyconet.org>
Description: 
 nagios-plugins - Plugins for the nagios network monitoring and management system
 nagios-plugins-basic - Plugins for the nagios network monitoring and management system
 nagios-plugins-standard - Plugins for the nagios network monitoring and management system
Closes: 407310 423461 425129 457336 460097 461999 467493 478906 478942 479013 479292 479984 482942 482947
Changes: 
 nagios-plugins (1.4.12-1) unstable; urgency=low
 .
   [ Jan Wagner ]
   * new upstream
     - check_http supports now an IPv6 as value for parameter -H
     (Closes: #457336)
     - Enhanced check_smtp to actually print invalid response text
     (Closes: #467493)
   * removed the following patches, cause fixed upstream
     - 28_check_pgsql_include_for_8.3.dpatch
     - 29_check_ntp_fixsefault_deprecate.dpatch
     - 30_fix_check_ntp_options.dpatch
     - 31_check_disk_local_option.dpatch
   * adjust 50_misc_typos.dpatch to apply new upstream
   * remove unneeded debhelper scripts from rules
   * remove senseless comments from patches
   * add missing descriptions to patches
   * add missing command definition for check_ldaps, thanks Michael Renner
     <robe@amd.co.at> for reporting it (Closes: #407310)
   * remove sarge handholding for configfiles migration
   * add nagios3 to Suggests and remove nagios2, nagios and nagios-text
     (Closes: #479292)
   * adjust year in copyright
   * include list of files which are GPL3 into copyright
   * build depend on libradiusclient-ng-dev instead of libradius1-dev (for more
     informations see REQUIREMENTS)
   * add 33_fix_emb_check_disk_smb.dpatch which fixes processing via embedded
     perl of check_disk_smb, thanks Stephane Chazelas <stephane@artesyncp.com>
     for providing it (Closes: #478906)
   * add 34_fix_smbclient_check_disk_smb.dpatch which fixes usage of smbclient,
     thanks Stephane Chazelas <stephane@artesyncp.com> for providing it and
     adding ' around arguments in plugin configs
     (Closes: #478942)
   * add 35_check_http_date.dpatch which fixes date parsing of check_http,
     thanks Hilko Bengen <bengen@debian.org> for providing it (Closes: #460097)
   * add 36_check_ldap_empty_base.dpatch which allows empty ldap base, thanks
     to Stephane Chazelas <stephane@artesyncp.com> for providing it
     (Closes: #479984)
   * add 37_check_radius_nas-ip-address.dpatch to add support for nas-ip to
     check_radius, thanks Josip Rodin <joy@debbugs.entuzijast.net> for
     providing it (Closes: #482947)
   * provide new checks for check_http which makes use of "-H '$HOSTNAME'"
     (Closes: #423461)
   * fixed check_radius command definition and removed static port in favor of
     ability to provide it as 4th argument, since it was broken and unusable
     anyways, thanks Josip Rodin <joy@debbugs.entuzijast.net> for profiding a
     fix (Closes: #482942)
   * mention the check_radius breakerage in NEWS.Debian
   * add check_linux_raid into package (Closes: #461999) and add
     38_fix_libexec.dpatch to fix libexec path
   * Updating standards version to 3.8.0, no changes needed
   * add 39_check_dig_options.dpatch which provides fix for no check for
     mandatory parameter -l, thanks Matthias Eble
     <psychotrahe at users.sourceforge.net> for providing a fix
     (Closes: #479013)
 .
   [ Alexander Wirt ]
   * Call smbclient with -N (supress password prompt) if no password is
     supplied. Thanks to Josip Rodin for the patch (Closes: #425129)
   * Add myself to uploaders
Checksums-Sha1: 
 f84d1bccae1b39eccea051587a51eaf97e7e9a8d 1631 nagios-plugins_1.4.12-1.dsc
 bcf569a805f4b486296f5924db100cc760991389 1831377 nagios-plugins_1.4.12.orig.tar.gz
 d689819dcc7361ba9d440b76af036330c1ab7a17 32169 nagios-plugins_1.4.12-1.diff.gz
 d653d7a58c391841cc6b07d8ed9ca2dfdd709913 114024 nagios-plugins_1.4.12-1_all.deb
 0cd9a4d8d2ab72ad9e421f9bdc6b7b23aeab3ca4 427586 nagios-plugins-basic_1.4.12-1_i386.deb
 9c2274ab5d05c2ffc37014469b7f798a551e1e3b 226224 nagios-plugins-standard_1.4.12-1_i386.deb
Checksums-Sha256: 
 3b580f9918ddecf5f7547c713bb1c0be7f9589b1f2728d79cd4296a01654647a 1631 nagios-plugins_1.4.12-1.dsc
 8f186bf05b0c66c38666affb3a15b860bd4b705962f1a46f785ef2c035b80662 1831377 nagios-plugins_1.4.12.orig.tar.gz
 5442d00225202e2004a75eefe2b7f9846259fdd5e6f17657a149c7b1a30b0911 32169 nagios-plugins_1.4.12-1.diff.gz
 59c80599400aac0ee89fddb105e8a2cdad8c41a016efa6b61c9917c65a7651c2 114024 nagios-plugins_1.4.12-1_all.deb
 84e79e026abfb807510ef5a6101ea37455ba76b12d7ca94bf06dcf00080fcd58 427586 nagios-plugins-basic_1.4.12-1_i386.deb
 5644a6cfc97ba17fe5d851feb8d55f74d08c0727cbad7cd08acfaed0782b125a 226224 nagios-plugins-standard_1.4.12-1_i386.deb
Files: 
 1a4b82423f047caf5a1b2085f469d444 1631 net extra nagios-plugins_1.4.12-1.dsc
 af68d00bbe2c39de02803d23e5eecca3 1831377 net extra nagios-plugins_1.4.12.orig.tar.gz
 a6e6b27bbce688587a8c3c20681bd8b2 32169 net extra nagios-plugins_1.4.12-1.diff.gz
 f98b050b604898eba18a71332c7f611a 114024 net extra nagios-plugins_1.4.12-1_all.deb
 a8ca4697a97ff031bcd76d7a0f3284f9 427586 net extra nagios-plugins-basic_1.4.12-1_i386.deb
 3a16d681544fe5065a74e145e8537afc 226224 net extra nagios-plugins-standard_1.4.12-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkhY28EACgkQ+C5cwEsrK56U6gCeMn1Lo6c9ReGKI0wKlXWl/uin
Jg0AoKKbS4g12/Dizj1PSJnnhbYEhIpK
=IlOn
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 17 Jul 2008 07:31:28 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 07:30:48 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.