Patch: trap authentication does not work

Wed, 04 Jun 2003 17:17:56 -0700 

Since I got no feedback posting problems on bug tracking system, I'll
post them to the mailing list.

For mon-0-99-3.31, hopefully fixes several issues with trap
authentication:

- trap section parsing in auth.cf ignored all non-wildcard entries.
Rewritten entire test logic to give detailed error messages. Hope it
works :)

- trap auth did not use ip address and did not test for non-existent
user (funny thing is that the way the password test was done, it allowed
any non-existant user to send traps)

-- 
Dan Borlovan <[EMAIL PROTECTED]>
Level 7 Software

--- mon.orig    2003-06-03 09:13:22.000000000 +0300
+++ mon 2003-06-04 09:52:09.000000000 +0300
@@ -3505,28 +3505,28 @@
            ($host, $user, $password) = ($1, $2, $3);
 
            if ($host eq "*") {
-               #
-               # allow traps from all hosts
-               #
-
-           } elsif ($host =~ /^[a-z]/ && ($host = gethostbyname ($host)) eq "") {
-               syslog ('err', "invalid host in $CF{AUTHFILE}, line $.");
-               next;
-           } elsif ($host =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/ &&
-                       ($host = inet_aton ($host)) eq "") {
-               syslog ('err', "invalid host in $CF{AUTHFILE}, line $.");
-               next;
+               # widlcard entry
+           } elsif ($host =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/) {
+               # ip address
+               unless (inet_aton($host)) {
+                       syslog('err', "invalid ip address '$host' in $CF{AUTHFILE}, 
line $.");
+                       next;
+               }
            } else {
-               syslog ('err', "invalid host in $CF{AUTHFILE}, line $.");
-               next;
-           }
-
-           if ($host ne "*")
-           {
-               $host = inet_ntoa ($host);
+               # not wildcard or ip address, assume hostname
+               if ($host =~ /[^-.a-zA-Z0-9]/) {
+                       syslog('err', "invalid characters in hostname '$host' in 
$CF{AUTHFILE}, line $.");
+                       next;
+               }
+               if (($host = gethostbyname($host)) eq "") {
+                       syslog('err', "cannot resolve hostname '$host' in 
$CF{AUTHFILE}, line $.");
+                       next;
+               }
+               $host = inet_ntoa($host);
            }
 
            $AUTHTRAPS{$host}{$user} = $password;
+           debug(1, "added trap auth host = $host, user = $user, password = 
$password\n");
 
        } elsif ($sect eq "snmptrap") {
 
@@ -3724,7 +3724,7 @@
     
     else
     {
-       $traphost = $addr;
+       $traphost = $fromip;
     }
 
     if (defined ($AUTHTRAPS{$traphost}{"*"}))
@@ -3745,7 +3745,7 @@
        return undef;
     }
 
-    if ($trapuser ne "*" &&
+    if ($trapuser ne "*" && $AUTHTRAPS{$traphost}{$trapuser} &&
            crypt ($trappass, $AUTHTRAPS{$traphost}{$trapuser}) ne
            $AUTHTRAPS{$traphost}{$trapuser})
     {

_______________________________________________
mon mailing list
[EMAIL PROTECTED]
http://linux.kernel.org/mailman/listinfo/mon

Reply via email to