[Nagiosplug-devel] [ nagiosplug-Bugs-1985230 ] check_snmp does not allow " chars in cmdline
SourceForge.net
noreply at sourceforge.net
Fri Mar 13 22:14:22 CET 2009
Bugs item #1985230, was opened at 2008-06-05 01:46
Message generated for change (Comment added) made by jbarbuto
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Argument proccessing
Group: CVS
Status: Open
Resolution: None
Priority: 7
Private: No
Submitted By: Jan Wagner (cyco_dd)
Assigned to: Nobody/Anonymous (nobody)
Summary: check_snmp does not allow " chars in cmdline
Initial Comment:
The following Bugreport we got against our debian package:
snmpd can be queried for customized "extend"s.
A configured extend like
extend avail_mem /usr/local/bin/check_avail_mem.pl
can be queried as
snmpget -c public -v1 ds9 'nsExtendOutput1Line."avail_mem"'
NET-SNMP-EXTEND-MIB::nsExtendOutput1Line."avail_mem" = STRING: 749764
If you try to query this with check_snmp like
check_snmp -H $HOSTADDRESS$ -C public -o 'nsExtendOutput1Line."syslog-idletime"'
this results into
Could not open pipe: /usr/bin/snmpget -t 1 -r 5 -m ALL -v 1 -c public ds9:161 nsExtendOutput1Line."syslog-idletime"
Unfortuantely, check_snmp contains code in popen.c that does not allow any " chars in
the command line and bails out with above error.
I fixed this by commenting out the follwing block:
--- popen.c.old 2008-01-12 14:16:39.000000000 +0100
+++ popen.c 2008-01-12 14:16:54.000000000 +0100
@@ -133,8 +133,10 @@
strcpy (cmd, cmdstring);
/* This is not a shell, so we don't handle "???" */
+/*
if (strstr (cmdstring, "\""))
return NULL;
+*/
/* allow single quotes, but only if non-whitesapce doesn't occur on both sides */
if (strstr (cmdstring, " ' ") || strstr (cmdstring, "'''"))
You can track the bugreport via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460405
Thanks and kind regards, Jan.
----------------------------------------------------------------------
>Comment By: John A. Barbuto (jbarbuto)
Date: 2009-03-13 14:14
Message:
tonvoon: I see, I thought you were referring to plugins/runcmd.c.
I've attached a patch against the SVN trunk that changes check_snmp to use
lib/utils_cmd.c. It's passed all the tests I've thrown at it, including
extend OIDs. This wasn't a trivial patch, and my C foo isn't great, so
please modify as necessary.
----------------------------------------------------------------------
Comment By: Ton Voon (tonvoon)
Date: 2009-03-12 04:18
Message:
jbarbuto: Can you see the cmd_run and cmd_run_array in lib/utils_cmd.c?
This is also used in negate.c. The idea is that if you pass an array of
arguments, there will not be any shell expansion.
mechanyx: There may be quoting that is required at Nagios. If you use $ in
a command argument, you need to escape it with $$.
----------------------------------------------------------------------
Comment By: Richard Edward Horner (mechanyx)
Date: 2009-03-11 14:24
Message:
I'm not sure if this is related or not, but I had a similar problem with
check_snmp where the community string on a network device contained a
dollar sign ($). I was unable to get the check to run with that community
string. I apologize as I do not remember exactly what Nagios output when I
tried various methods of quoting or escaping it. I ended up changing the
community string on the device.
Thanks, Rich(ard)
----------------------------------------------------------------------
Comment By: John A. Barbuto (jbarbuto)
Date: 2009-03-11 13:34
Message:
I looked into writing a patch using the runcmd library, but I don't see
this function you're referring to.
np_runcmd_open() looks pretty similar to spopen(), with the same double
quotes restriction.
The old exec method of running external commands is deprecated, so I'd
really like to get extend working.
----------------------------------------------------------------------
Comment By: Ton Voon (tonvoon)
Date: 2009-02-19 16:11
Message:
I don't think this is a valid fix. Preferably check_snmp should be switched
to use the runcmd library instead, which has a function to pass a varg list
for the command to run, thereby avoiding shell quotation.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1985230&group_id=29880
More information about the Devel
mailing list