Since I got no feedback posting problems on bug tracking system, I'll post them to the mailing list.
For mon-0-99-3.31, hopefully fixes several issues with trap authentication: - trap section parsing in auth.cf ignored all non-wildcard entries. Rewritten entire test logic to give detailed error messages. Hope it works :) - trap auth did not use ip address and did not test for non-existent user (funny thing is that the way the password test was done, it allowed any non-existant user to send traps) -- Dan Borlovan <[EMAIL PROTECTED]> Level 7 Software
--- mon.orig 2003-06-03 09:13:22.000000000 +0300 +++ mon 2003-06-04 09:52:09.000000000 +0300 @@ -3505,28 +3505,28 @@ ($host, $user, $password) = ($1, $2, $3); if ($host eq "*") { - # - # allow traps from all hosts - # - - } elsif ($host =~ /^[a-z]/ && ($host = gethostbyname ($host)) eq "") { - syslog ('err', "invalid host in $CF{AUTHFILE}, line $."); - next; - } elsif ($host =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/ && - ($host = inet_aton ($host)) eq "") { - syslog ('err', "invalid host in $CF{AUTHFILE}, line $."); - next; + # widlcard entry + } elsif ($host =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/) { + # ip address + unless (inet_aton($host)) { + syslog('err', "invalid ip address '$host' in $CF{AUTHFILE}, line $."); + next; + } } else { - syslog ('err', "invalid host in $CF{AUTHFILE}, line $."); - next; - } - - if ($host ne "*") - { - $host = inet_ntoa ($host); + # not wildcard or ip address, assume hostname + if ($host =~ /[^-.a-zA-Z0-9]/) { + syslog('err', "invalid characters in hostname '$host' in $CF{AUTHFILE}, line $."); + next; + } + if (($host = gethostbyname($host)) eq "") { + syslog('err', "cannot resolve hostname '$host' in $CF{AUTHFILE}, line $."); + next; + } + $host = inet_ntoa($host); } $AUTHTRAPS{$host}{$user} = $password; + debug(1, "added trap auth host = $host, user = $user, password = $password\n"); } elsif ($sect eq "snmptrap") { @@ -3724,7 +3724,7 @@ else { - $traphost = $addr; + $traphost = $fromip; } if (defined ($AUTHTRAPS{$traphost}{"*"})) @@ -3745,7 +3745,7 @@ return undef; } - if ($trapuser ne "*" && + if ($trapuser ne "*" && $AUTHTRAPS{$traphost}{$trapuser} && crypt ($trappass, $AUTHTRAPS{$traphost}{$trapuser}) ne $AUTHTRAPS{$traphost}{$trapuser}) {
_______________________________________________ mon mailing list [EMAIL PROTECTED] http://linux.kernel.org/mailman/listinfo/mon