Upcoming upload for nagios-3.0.5
Hi,
unfortunatly Nagios has some security bug which can lead to remote command
execution under some very special circumstances. See [1] for more details.
Upstream released 3.0.5 which addresses this issue and is fixes are very
intrusive and not easy to backport since they change many things in the cgi
(they introduce some kind of session handling) code. I tried to backport it
but failed after a few hours with a big, not working patch. So I decided to
try to get 3.0.5 into debian. The patch is pretty big, but nearly everything
are documentation, bug and security fixes (see the changelog entrys [2]).
I attached a patch from nagios-3.0.3-4 to nagios-3.0.5-1. If this is not
acceptable for the releaseteam somebody else with more knowledge in C should
provide a proper fix. To get the diff a little bit shorter I removed html/*
and the debian po files from the diff.
Thanks in advance
Alex
[1] http://secunia.com/advisories/cve_reference/CVE-2008-5028/
[2]
Changelog entry for 3.0.4-3.0.5
* Security fix for Cross Site Request Forgery (CSRF) bug reported by Tim
Starling.
* Sample audio files for CGIs removed from distribution
* Fix for mutliline config file continuation bug
* Minor fix to RPM spec file
* Fix for AIX compiler warnings
* Minor sample config file fix
* Added documentation on CGI security issues
Changelog entry for 3.0.3-3.0.4
* Fix for properly terminating plugins when parent processes get killed
(e.g. using 'killall nagios' with check_timeout plugins running )
* Fix for event broker callback when service notifications are
* disabled
* Fix for scheduling scheduling servicegroup downtime with 'hosts
too' option in CGIs
* Fix for segfault under Solaris with NULL plugin output
* Fixes for bugs in sample event handlers - stop/start
active service checks and enable notifications
* Cosmetic fix for logging of notifications
* Fix for high CPU utilization under OS X
* Fix for host/service name encoding in CGIs
(trends and availability reports, etc.)
diff -ruN nagios3-3.0.3/base/checks.c nagios3-3.0.5/base/checks.c
--- nagios3-3.0.3/base/checks.c 2008-06-23 23:33:00.000000000 +0200
+++ nagios3-3.0.5/base/checks.c 2008-10-15 17:35:00.000000000 +0200
@@ -3,7 +3,7 @@
* CHECKS.C - Service and host check functions for Nagios
*
* Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
- * Last Modified: 06-23-2008
+ * Last Modified: 10-15-2008
*
* License:
*
@@ -667,6 +667,9 @@
/* become the process group leader */
setpgid(0,0);
+ /* catch term signals at this process level */
+ signal(SIGTERM,service_check_sighandler);
+
/* catch plugins that don't finish in a timely manner */
signal(SIGALRM,service_check_sighandler);
alarm(service_check_timeout);
@@ -800,7 +803,7 @@
fprintf(check_result_info.output_file_fp,"early_timeout=%d\n",check_result_info.early_timeout);
fprintf(check_result_info.output_file_fp,"exited_ok=%d\n",check_result_info.exited_ok);
fprintf(check_result_info.output_file_fp,"return_code=%d\n",check_result_info.return_code);
- fprintf(check_result_info.output_file_fp,"output=%s\n",checkresult_dbuf.buf);
+ fprintf(check_result_info.output_file_fp,"output=%s\n",(checkresult_dbuf.buf==NULL)?"(null)":checkresult_dbuf.buf);
/* close the temp file */
fclose(check_result_info.output_file_fp);
@@ -3049,6 +3052,9 @@
/* become the process group leader */
setpgid(0,0);
+ /* catch term signals at this process level */
+ signal(SIGTERM,host_check_sighandler);
+
/* catch plugins that don't finish in a timely manner */
signal(SIGALRM,host_check_sighandler);
alarm(host_check_timeout);
diff -ruN nagios3-3.0.3/base/commands.c nagios3-3.0.5/base/commands.c
--- nagios3-3.0.3/base/commands.c 2008-05-19 20:01:56.000000000 +0200
+++ nagios3-3.0.5/base/commands.c 2008-11-02 19:51:29.000000000 +0100
@@ -3,7 +3,7 @@
* COMMANDS.C - External command functions for Nagios
*
* Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
- * Last Modified: 05-10-2008
+ * Last Modified: 10-15-2008
*
* License:
*
@@ -262,9 +262,9 @@
else if(!strcmp(command_id,"ENTER_ACTIVE_MODE") || !strcmp(command_id,"ENABLE_NOTIFICATIONS"))
command_type=CMD_ENABLE_NOTIFICATIONS;
- else if(!strcmp(command_id,"SHUTDOWN_PROGRAM"))
+ else if(!strcmp(command_id,"SHUTDOWN_PROGRAM") || !strcmp(command_id,"SHUTDOWN_PROCESS"))
command_type=CMD_SHUTDOWN_PROCESS;
- else if(!strcmp(command_id,"RESTART_PROGRAM"))
+ else if(!strcmp(command_id,"RESTART_PROGRAM") || !strcmp(command_id,"RESTART_PROCESS"))
command_type=CMD_RESTART_PROCESS;
else if(!strcmp(command_id,"SAVE_STATE_INFORMATION"))
@@ -3537,14 +3537,14 @@
/* set the attribute modified flag */
svc->modified_attributes|=attr;
+ /* disable the service notifications... */
+ svc->notifications_enabled=FALSE;
+
#ifdef USE_EVENT_BROKER
/* send data to event broker */
broker_adaptive_service_data(NEBTYPE_ADAPTIVESERVICE_UPDATE,NEBFLAG_NONE,NEBATTR_NONE,svc,CMD_NONE,attr,svc->modified_attributes,NULL);
#endif
- /* disable the service notifications... */
- svc->notifications_enabled=FALSE;
-
/* update the status log to reflect the new service state */
update_service_status(svc,FALSE);
diff -ruN nagios3-3.0.3/base/events.c nagios3-3.0.5/base/events.c
--- nagios3-3.0.3/base/events.c 2008-05-19 20:01:56.000000000 +0200
+++ nagios3-3.0.5/base/events.c 2008-11-02 19:51:30.000000000 +0100
@@ -3,7 +3,7 @@
* EVENTS.C - Timed event functions for Nagios
*
* Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
- * Last Modified: 05-19-2008
+ * Last Modified: 11-02-2008
*
* License:
*
@@ -575,7 +575,7 @@
/* add a log rotation event if necessary */
if(log_rotation_method!=LOG_ROTATION_NONE)
- schedule_new_event(EVENT_LOG_ROTATION,TRUE,get_next_log_rotation_time(),TRUE,0,get_next_log_rotation_time,TRUE,NULL,NULL,0);
+ schedule_new_event(EVENT_LOG_ROTATION,TRUE,get_next_log_rotation_time(),TRUE,0,(void *)get_next_log_rotation_time,TRUE,NULL,NULL,0);
/* add a retention data save event if needed */
if(retain_state_information==TRUE && retention_update_interval>0)
diff -ruN nagios3-3.0.3/base/nagios.c nagios3-3.0.5/base/nagios.c
--- nagios3-3.0.3/base/nagios.c 2008-06-25 20:16:30.000000000 +0200
+++ nagios3-3.0.5/base/nagios.c 2008-11-04 23:28:39.000000000 +0100
@@ -3,12 +3,12 @@
* NAGIOS.C - Core Program Code For Nagios
*
* Program: Nagios
- * Version: 3.0.3
+ * Version: 3.0.5
* License: GPL
* Copyright (c) 1999-2007 Ethan Galstad (http://www.nagios.org)
*
* First Written: 01-28-1999 (start of development)
- * Last Modified: 06-25-2008
+ * Last Modified: 11-04-2008
*
* Description:
*
@@ -452,7 +452,7 @@
getcwd(config_file,MAX_FILENAME_LENGTH);
/* append a forward slash */
- strncat(config_file,"/",MAX_FILENAME_LENGTH-2);
+ strncat(config_file,"/",1);
config_file[MAX_FILENAME_LENGTH-1]='\x0';
/* append the config file to the path */
diff -ruN nagios3-3.0.3/base/nagiostats.c nagios3-3.0.5/base/nagiostats.c
--- nagios3-3.0.3/base/nagiostats.c 2008-06-25 20:16:32.000000000 +0200
+++ nagios3-3.0.5/base/nagiostats.c 2008-11-04 23:28:39.000000000 +0100
@@ -3,11 +3,11 @@
* NAGIOSTATS.C - Displays Nagios Statistics
*
* Program: Nagiostats
- * Version: 3.0.3
+ * Version: 3.0.5
* License: GPL
* Copyright (c) 2003-2008 Ethan Galstad (nagios@nagios.org)
*
- * Last Modified: 06-25-2008
+ * Last Modified: 11-04-2008
*
* License:
*
diff -ruN nagios3-3.0.3/base/nebmods.c nagios3-3.0.5/base/nebmods.c
--- nagios3-3.0.3/base/nebmods.c 2008-02-23 22:12:11.000000000 +0100
+++ nagios3-3.0.5/base/nebmods.c 2008-11-02 19:51:30.000000000 +0100
@@ -3,7 +3,7 @@
* NEBMODS.C - Event Broker Module Functions
*
* Copyright (c) 2002-2008 Ethan Galstad (nagios@nagios.org)
- * Last Modified: 02-23-2008
+ * Last Modified: 11-02-2008
*
* License:
*
@@ -505,7 +505,7 @@
for(temp_callback=neb_callback_list[callback_type];temp_callback!=NULL;temp_callback=next_callback){
next_callback=temp_callback->next;
if((void *)temp_callback->module_handle==(void *)mod->module_handle)
- neb_deregister_callback(callback_type,temp_callback->callback_func);
+ neb_deregister_callback(callback_type,(int(*)(int,void*))temp_callback->callback_func);
}
}
@@ -535,7 +535,7 @@
next_callback=temp_callback->next;
/* we found it */
- if(temp_callback->callback_func==callback_func)
+ if(temp_callback->callback_func==(void *)callback_func)
break;
last_callback=temp_callback;
diff -ruN nagios3-3.0.3/base/notifications.c nagios3-3.0.5/base/notifications.c
--- nagios3-3.0.3/base/notifications.c 2008-06-23 22:47:41.000000000 +0200
+++ nagios3-3.0.5/base/notifications.c 2008-10-15 18:18:35.000000000 +0200
@@ -3,7 +3,7 @@
* NOTIFICATIONS.C - Service and host notification functions for Nagios
*
* Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
- * Last Modified: 06-23-2008
+ * Last Modified: 10-15-2008
*
* License:
*
@@ -262,7 +262,7 @@
}
- log_debug_info(DEBUGL_NOTIFICATIONS,0,"%d contacts were notified.",contacts_notified);
+ log_debug_info(DEBUGL_NOTIFICATIONS,0,"%d contacts were notified.\n",contacts_notified);
}
/* there were no contacts, so no notification really occurred... */
@@ -1151,7 +1151,7 @@
}
}
- log_debug_info(DEBUGL_NOTIFICATIONS,0,"%d contacts were notified.",contacts_notified);
+ log_debug_info(DEBUGL_NOTIFICATIONS,0,"%d contacts were notified.\n",contacts_notified);
}
/* there were no contacts, so no notification really occurred... */
diff -ruN nagios3-3.0.3/base/utils.c nagios3-3.0.5/base/utils.c
--- nagios3-3.0.3/base/utils.c 2008-06-23 22:47:41.000000000 +0200
+++ nagios3-3.0.5/base/utils.c 2008-11-02 19:51:30.000000000 +0100
@@ -3,7 +3,7 @@
* UTILS.C - Miscellaneous utility functions for Nagios
*
* Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
- * Last Modified: 06-23-2008
+ * Last Modified: 11-02-2008
*
* License:
*
@@ -1848,6 +1848,7 @@
/* handle timeouts when executing service checks */
+/* 07/16/08 EG also called when parent process gets a TERM signal */
void service_check_sighandler(int sig){
struct timeval end_time;
@@ -1891,6 +1892,7 @@
/* handle timeouts when executing host checks */
+/* 07/16/08 EG also called when parent process gets a TERM signal */
void host_check_sighandler(int sig){
struct timeval end_time;
@@ -3048,7 +3050,7 @@
ch=delim[0];
- if(ch=='\0')
+ if(ch=='\0' || begin[0]=='\0')
end=NULL;
else{
if(*begin==ch)
@@ -3483,7 +3485,7 @@
}
/* one backslash found, so we should continue reading the next line */
- else if(buf[end]=='\\')
+ else if(end>0 && buf[end]=='\\')
buf[end]='\x0';
/* else no continuation marker was found, so break */
@@ -3826,6 +3828,8 @@
/* wait for data to arrive */
/* select seems to not work, so we have to use poll instead */
+ /* 10-15-08 EG check into implementing William's patch @ http://blog.netways.de/2008/08/15/nagios-unter-mac-os-x-installieren/ */
+ /* 10-15-08 EG poll() seems broken on OSX - see Jonathan's patch a few lines down */
pfd.fd=command_file_fd;
pfd.events=POLLIN;
pollval=poll(&pfd,1,500);
@@ -3873,6 +3877,15 @@
printf("(CFWT) BUFFER ITEMS: %d/%d\n",buffer_items,external_command_buffer_slots);
#endif
+ /* 10-15-08 Fix for OS X by Jonathan Saggau - see http://www.jonathansaggau.com/blog/2008/09/using_shark_and_custom_dtrace.html */
+ /* Not sure if this would have negative effects on other OSes... */
+ if(buffer_items==0){
+ /* pause a bit so OS X doesn't go nuts with CPU overload */
+ tv.tv_sec=0;
+ tv.tv_usec=500;
+ select(0,NULL,NULL,NULL,&tv);
+ }
+
/* process all commands in the file (named pipe) if there's some space in the buffer */
if(buffer_items<external_command_buffer_slots){
diff -ruN nagios3-3.0.3/cgi/avail.c nagios3-3.0.5/cgi/avail.c
--- nagios3-3.0.3/cgi/avail.c 2008-06-23 22:47:42.000000000 +0200
+++ nagios3-3.0.5/cgi/avail.c 2008-10-16 00:40:07.000000000 +0200
@@ -3,7 +3,7 @@
* AVAIL.C - Nagios Availability CGI
*
* Copyright (c) 2000-2008 Ethan Galstad (nagios@nagios.org)
- * Last Modified: 06-23-2008
+ * Last Modified: 10-15-2008
*
* License:
*
@@ -510,13 +510,13 @@
if(full_log_entries==TRUE)
printf("<input type='hidden' name='full_log_entries' value=''>\n");
if(display_type==DISPLAY_HOSTGROUP_AVAIL)
- printf("<input type='hidden' name='hostgroup' value='%s'>\n",hostgroup_name);
+ printf("<input type='hidden' name='hostgroup' value='%s'>\n",escape_string(hostgroup_name));
if(display_type==DISPLAY_HOST_AVAIL || display_type==DISPLAY_SERVICE_AVAIL)
- printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name));
+ printf("<input type='hidden' name='host' value='%s'>\n",escape_string(host_name));
if(display_type==DISPLAY_SERVICE_AVAIL)
- printf("<input type='hidden' name='service' value='%s'>\n",svc_description);
+ printf("<input type='hidden' name='service' value='%s'>\n",escape_string(svc_description));
if(display_type==DISPLAY_SERVICEGROUP_AVAIL)
- printf("<input type='hidden' name='servicegroup' value='%s'>\n",url_encode(servicegroup_name));
+ printf("<input type='hidden' name='servicegroup' value='%s'>\n",escape_string(servicegroup_name));
printf("<input type='hidden' name='assumeinitialstates' value='%s'>\n",(assume_initial_states==TRUE)?"yes":"no");
printf("<input type='hidden' name='assumestateretention' value='%s'>\n",(assume_state_retention==TRUE)?"yes":"no");
@@ -645,13 +645,13 @@
printf("<form method=\"get\" action=\"%s\">\n",AVAIL_CGI);
printf("<input type='hidden' name='show_log_entries' value=''>\n");
if(display_type==DISPLAY_HOSTGROUP_AVAIL)
- printf("<input type='hidden' name='hostgroup' value='%s'>\n",hostgroup_name);
+ printf("<input type='hidden' name='hostgroup' value='%s'>\n",escape_string(hostgroup_name));
if(display_type==DISPLAY_HOST_AVAIL || display_type==DISPLAY_SERVICE_AVAIL)
- printf("<input type='hidden' name='host' value='%s'>\n",host_name);
+ printf("<input type='hidden' name='host' value='%s'>\n",escape_string(host_name));
if(display_type==DISPLAY_SERVICE_AVAIL)
- printf("<input type='hidden' name='service' value='%s'>\n",svc_description);
+ printf("<input type='hidden' name='service' value='%s'>\n",escape_string(svc_description));
if(display_type==DISPLAY_SERVICEGROUP_AVAIL)
- printf("<input type='hidden' name='servicegroup' value='%s'>\n",servicegroup_name);
+ printf("<input type='hidden' name='servicegroup' value='%s'>\n",escape_string(servicegroup_name));
printf("<table border=0 cellpadding=5>\n");
@@ -736,7 +736,7 @@
printf("<option value=\"\">None\n");
/* check all the time periods... */
for(temp_timeperiod=timeperiod_list;temp_timeperiod!=NULL;temp_timeperiod=temp_timeperiod->next)
- printf("<option value=%s>%s\n",url_encode(temp_timeperiod->name),temp_timeperiod->name);
+ printf("<option value=%s>%s\n",escape_string(temp_timeperiod->name),temp_timeperiod->name);
printf("</select>\n");
printf("</td>\n");
printf("</tr>\n");
@@ -838,7 +838,7 @@
printf("<option value='all'>** ALL HOSTGROUPS **\n");
for(temp_hostgroup=hostgroup_list;temp_hostgroup!=NULL;temp_hostgroup=temp_hostgroup->next){
if(is_authorized_for_hostgroup(temp_hostgroup,¤t_authdata)==TRUE)
- printf("<option value='%s'>%s\n",temp_hostgroup->group_name,temp_hostgroup->group_name);
+ printf("<option value='%s'>%s\n",escape_string(temp_hostgroup->group_name),temp_hostgroup->group_name);
}
printf("</select>\n");
printf("</td></tr>\n");
@@ -868,7 +868,7 @@
printf("<option value='all'>** ALL HOSTS **\n");
for(temp_host=host_list;temp_host!=NULL;temp_host=temp_host->next){
if(is_authorized_for_host(temp_host,¤t_authdata)==TRUE)
- printf("<option value='%s'>%s\n",temp_host->name,temp_host->name);
+ printf("<option value='%s'>%s\n",escape_string(temp_host->name),temp_host->name);
}
printf("</select>\n");
printf("</td></tr>\n");
@@ -900,7 +900,7 @@
printf("<option value='all'>** ALL SERVICEGROUPS **\n");
for(temp_servicegroup=servicegroup_list;temp_servicegroup!=NULL;temp_servicegroup=temp_servicegroup->next){
if(is_authorized_for_servicegroup(temp_servicegroup,¤t_authdata)==TRUE)
- printf("<option value='%s'>%s\n",temp_servicegroup->group_name,temp_servicegroup->group_name);
+ printf("<option value='%s'>%s\n",escape_string(temp_servicegroup->group_name),temp_servicegroup->group_name);
}
printf("</select>\n");
printf("</td></tr>\n");
@@ -941,7 +941,7 @@
printf("<form method=\"get\" action=\"%s\" name='serviceform'>\n",AVAIL_CGI);
printf("<input type='hidden' name='get_date_parts'>\n");
- printf("<input type='hidden' name='host' value='%s'>\n",(firsthostpointer==NULL)?"unknown":firsthostpointer);
+ printf("<input type='hidden' name='host' value='%s'>\n",(firsthostpointer==NULL)?"unknown":(char *)escape_string(firsthostpointer));
printf("<table border=0 cellpadding=5>\n");
@@ -950,7 +950,7 @@
printf("<option value='all'>** ALL SERVICES **\n");
for(temp_service=service_list;temp_service!=NULL;temp_service=temp_service->next){
if(is_authorized_for_service(temp_service,¤t_authdata)==TRUE)
- printf("<option value='%s'>%s;%s\n",temp_service->description,temp_service->host_name,temp_service->description);
+ printf("<option value='%s'>%s;%s\n",escape_string(temp_service->description),temp_service->host_name,temp_service->description);
}
printf("</select>\n");
diff -ruN nagios3-3.0.3/cgi/cgiutils.c nagios3-3.0.5/cgi/cgiutils.c
--- nagios3-3.0.3/cgi/cgiutils.c 2008-06-23 22:47:44.000000000 +0200
+++ nagios3-3.0.5/cgi/cgiutils.c 2008-11-02 19:51:30.000000000 +0100
@@ -3,7 +3,7 @@
* CGIUTILS.C - Common utilities for Nagios CGIs
*
* Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
- * Last Modified: 06-23-2008
+ * Last Modified: 11-02-2008
*
* License:
*
@@ -1078,7 +1078,7 @@
if(delim[0]=='\0' || delim[1]=='\0'){
char ch = delim[0];
- if(ch=='\0')
+ if(ch=='\0' || begin[0]=='\0')
end=NULL;
else{
if(*begin==ch)
@@ -1196,6 +1196,10 @@
if(temp_mmapfile==NULL)
return NULL;
+ /* size of file is 0 bytes */
+ if(temp_mmapfile->file_size==0L)
+ return NULL;
+
/* we've reached the end of the file */
if(temp_mmapfile->current_position>=temp_mmapfile->file_size)
return NULL;
@@ -1285,7 +1289,7 @@
}
/* one backslash found, so we should continue reading the next line */
- else if(buf[end]=='\\')
+ else if(end>0 && buf[end]=='\\')
buf[end]='\x0';
/* else no continuation marker was found, so break */
@@ -1492,6 +1496,54 @@
+/* escape string for html form usage */
+char * escape_string(char *input){
+ int len,output_len;
+ int x,y;
+ char temp_expansion[10];
+
+ /* we need up to six times the space to do the conversion */
+ len=(int)strlen(input);
+ output_len=len*6;
+ if((encoded_html_string=(char *)malloc(output_len+1))==NULL)
+ return "";
+
+ strcpy(encoded_html_string,"");
+
+ for(x=0,y=0;x<=len;x++){
+
+ /* end of string */
+ if((char)input[x]==(char)'\x0'){
+ encoded_html_string[y]='\x0';
+ break;
+ }
+
+ /* alpha-numeric characters don't get encoded */
+ else if(((char)input[x]>='0' && (char)input[x]<='9') || ((char)input[x]>='A' && (char)input[x]<='Z') || ((char)input[x]>=(char)'a' && (char)input[x]<=(char)'z'))
+ encoded_html_string[y++]=input[x];
+
+ /* spaces, hyphens, periods, underscores and colons don't get encoded */
+ else if(((char)input[x]==(char)' ') || ((char)input[x]==(char)'-') || ((char)input[x]==(char)'.') || ((char)input[x]==(char)'_') || ((char)input[x]==(char)':'))
+ encoded_html_string[y++]=input[x];
+
+ /* for simplicity, all other chars represented by their numeric value */
+ else{
+ encoded_html_string[y]='\x0';
+ sprintf(temp_expansion,"&#%d;",(unsigned char)input[x]);
+ if((int)strlen(encoded_html_string)<(output_len-strlen(temp_expansion))){
+ strcat(encoded_html_string,temp_expansion);
+ y+=strlen(temp_expansion);
+ }
+ }
+ }
+
+ encoded_html_string[y++]='\x0';
+
+ return encoded_html_string;
+ }
+
+
+
/* determines the log file we should use (from current time) */
void get_log_archive_to_use(int archive,char *buffer,int buffer_length){
struct tm *t;
diff -ruN nagios3-3.0.3/cgi/cmd.c nagios3-3.0.5/cgi/cmd.c
--- nagios3-3.0.3/cgi/cmd.c 2008-05-19 20:42:26.000000000 +0200
+++ nagios3-3.0.5/cgi/cmd.c 2008-11-02 18:32:03.000000000 +0100
@@ -3,7 +3,7 @@
* CMD.C - Nagios Command CGI
*
* Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
- * Last Modified: 05-19-2008
+ * Last Modified: 10-30-2008
*
* License:
*
@@ -31,6 +31,8 @@
#include "../include/cgiauth.h"
#include "../include/getcgi.h"
+extern const char *extcmd_get_name(int id);
+
extern char main_config_file[MAX_FILENAME_LENGTH];
extern char url_html_path[MAX_FILENAME_LENGTH];
extern char url_images_path[MAX_FILENAME_LENGTH];
@@ -938,7 +940,7 @@
case CMD_ADD_HOST_COMMENT:
case CMD_ACKNOWLEDGE_HOST_PROBLEM:
printf("<tr><td CLASS='optBoxRequiredItem'>Host Name:</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='host' VALUE='%s'>",host_name);
+ printf("<INPUT TYPE='TEXT' NAME='host' VALUE='%s'>",escape_string(host_name));
printf("</b></td></tr>\n");
if(cmd==CMD_ACKNOWLEDGE_HOST_PROBLEM){
printf("<tr><td CLASS='optBoxItem'>Sticky Acknowledgement:</td><td><b>");
@@ -952,20 +954,20 @@
printf("<INPUT TYPE='checkbox' NAME='persistent' %s>",(cmd==CMD_ACKNOWLEDGE_HOST_PROBLEM)?"":"CHECKED");
printf("</b></td></tr>\n");
printf("<tr><td CLASS='optBoxRequiredItem'>Author (Your Name):</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s' %s>",url_encode(comment_author),(lock_author_names==TRUE)?"READONLY DISABLED":"");
+ printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s' %s>",escape_string(comment_author),(lock_author_names==TRUE)?"READONLY DISABLED":"");
printf("</b></td></tr>\n");
printf("<tr><td CLASS='optBoxRequiredItem'>Comment:</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",url_encode(comment_data));
+ printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",escape_string(comment_data));
printf("</b></td></tr>\n");
break;
case CMD_ADD_SVC_COMMENT:
case CMD_ACKNOWLEDGE_SVC_PROBLEM:
printf("<tr><td CLASS='optBoxRequiredItem'>Host Name:</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='host' VALUE='%s'>",host_name);
+ printf("<INPUT TYPE='TEXT' NAME='host' VALUE='%s'>",escape_string(host_name));
printf("</b></td></tr>\n");
printf("<tr><td CLASS='optBoxRequiredItem'>Service:</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='service' VALUE='%s'>",service_desc);
+ printf("<INPUT TYPE='TEXT' NAME='service' VALUE='%s'>",escape_string(service_desc));
if(cmd==CMD_ACKNOWLEDGE_SVC_PROBLEM){
printf("<tr><td CLASS='optBoxItem'>Sticky Acknowledgement:</td><td><b>");
printf("<INPUT TYPE='checkbox' NAME='sticky_ack' CHECKED>");
@@ -978,10 +980,10 @@
printf("<INPUT TYPE='checkbox' NAME='persistent' %s",(cmd==CMD_ACKNOWLEDGE_SVC_PROBLEM)?"":"CHECKED");
printf("</b></td></tr>\n");
printf("<tr><td CLASS='optBoxRequiredItem'>Author (Your Name):</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s' %s>",url_encode(comment_author),(lock_author_names==TRUE)?"READONLY DISABLED":"");
+ printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s' %s>",escape_string(comment_author),(lock_author_names==TRUE)?"READONLY DISABLED":"");
printf("</b></td></tr>\n");
printf("<tr><td CLASS='optBoxRequiredItem'>Comment:</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",url_encode(comment_data));
+ printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",escape_string(comment_data));
printf("</b></td></tr>\n");
break;
@@ -994,7 +996,7 @@
case CMD_DELAY_HOST_NOTIFICATION:
printf("<tr><td CLASS='optBoxRequiredItem'>Host Name:</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='host' VALUE='%s'>",host_name);
+ printf("<INPUT TYPE='TEXT' NAME='host' VALUE='%s'>",escape_string(host_name));
printf("</b></td></tr>\n");
printf("<tr><td CLASS='optBoxRequiredItem'>Notification Delay (minutes from now):</td><td><b>");
printf("<INPUT TYPE='TEXT' NAME='not_dly' VALUE='%d'>",notification_delay);
@@ -1003,10 +1005,10 @@
case CMD_DELAY_SVC_NOTIFICATION:
printf("<tr><td CLASS='optBoxRequiredItem'>Host Name:</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='host' VALUE='%s'>",host_name);
+ printf("<INPUT TYPE='TEXT' NAME='host' VALUE='%s'>",escape_string(host_name));
printf("</b></td></tr>\n");
printf("<tr><td CLASS='optBoxRequiredItem'>Service:</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='service' VALUE='%s'>",service_desc);
+ printf("<INPUT TYPE='TEXT' NAME='service' VALUE='%s'>",escape_string(service_desc));
printf("<tr><td CLASS='optBoxRequiredItem'>Notification Delay (minutes from now):</td><td><b>");
printf("<INPUT TYPE='TEXT' NAME='not_dly' VALUE='%d'>",notification_delay);
printf("</b></td></tr>\n");
@@ -1016,11 +1018,11 @@
case CMD_SCHEDULE_HOST_CHECK:
case CMD_SCHEDULE_HOST_SVC_CHECKS:
printf("<tr><td CLASS='optBoxRequiredItem'>Host Name:</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='host' VALUE='%s'>",host_name);
+ printf("<INPUT TYPE='TEXT' NAME='host' VALUE='%s'>",escape_string(host_name));
printf("</b></td></tr>\n");
if(cmd==CMD_SCHEDULE_SVC_CHECK){
printf("<tr><td CLASS='optBoxRequiredItem'>Service:</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='service' VALUE='%s'>",service_desc);
+ printf("<INPUT TYPE='TEXT' NAME='service' VALUE='%s'>",escape_string(service_desc));
printf("</b></td></tr>\n");
}
time(&t);
@@ -1048,10 +1050,10 @@
case CMD_START_OBSESSING_OVER_SVC:
case CMD_STOP_OBSESSING_OVER_SVC:
printf("<tr><td CLASS='optBoxRequiredItem'>Host Name:</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='host' VALUE='%s'>",host_name);
+ printf("<INPUT TYPE='TEXT' NAME='host' VALUE='%s'>",escape_string(host_name));
printf("</b></td></tr>\n");
printf("<tr><td CLASS='optBoxRequiredItem'>Service:</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='service' VALUE='%s'>",service_desc);
+ printf("<INPUT TYPE='TEXT' NAME='service' VALUE='%s'>",escape_string(service_desc));
printf("</b></td></tr>\n");
break;
@@ -1076,7 +1078,7 @@
case CMD_START_OBSESSING_OVER_HOST:
case CMD_STOP_OBSESSING_OVER_HOST:
printf("<tr><td CLASS='optBoxRequiredItem'>Host Name:</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='host' VALUE='%s'>",host_name);
+ printf("<INPUT TYPE='TEXT' NAME='host' VALUE='%s'>",escape_string(host_name));
printf("</b></td></tr>\n");
if(cmd==CMD_ENABLE_HOST_SVC_CHECKS || cmd==CMD_DISABLE_HOST_SVC_CHECKS || cmd==CMD_ENABLE_HOST_SVC_NOTIFICATIONS || cmd==CMD_DISABLE_HOST_SVC_NOTIFICATIONS){
printf("<tr><td CLASS='optBoxItem'>%s For Host Too:</td><td><b>",(cmd==CMD_ENABLE_HOST_SVC_CHECKS || cmd==CMD_ENABLE_HOST_SVC_NOTIFICATIONS)?"Enable":"Disable");
@@ -1120,11 +1122,11 @@
case CMD_PROCESS_HOST_CHECK_RESULT:
case CMD_PROCESS_SERVICE_CHECK_RESULT:
printf("<tr><td CLASS='optBoxRequiredItem'>Host Name:</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='host' VALUE='%s'>",host_name);
+ printf("<INPUT TYPE='TEXT' NAME='host' VALUE='%s'>",escape_string(host_name));
printf("</b></td></tr>\n");
if(cmd==CMD_PROCESS_SERVICE_CHECK_RESULT){
printf("<tr><td CLASS='optBoxRequiredItem'>Service:</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='service' VALUE='%s'>",service_desc);
+ printf("<INPUT TYPE='TEXT' NAME='service' VALUE='%s'>",escape_string(service_desc));
printf("</b></td></tr>\n");
}
printf("<tr><td CLASS='optBoxRequiredItem'>Check Result:</td><td><b>");
@@ -1154,17 +1156,17 @@
case CMD_SCHEDULE_SVC_DOWNTIME:
printf("<tr><td CLASS='optBoxRequiredItem'>Host Name:</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='host' VALUE='%s'>",host_name);
+ printf("<INPUT TYPE='TEXT' NAME='host' VALUE='%s'>",escape_string(host_name));
printf("</b></td></tr>\n");
if(cmd==CMD_SCHEDULE_SVC_DOWNTIME){
printf("<tr><td CLASS='optBoxRequiredItem'>Service:</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='service' VALUE='%s'>",service_desc);
+ printf("<INPUT TYPE='TEXT' NAME='service' VALUE='%s'>",escape_string(service_desc));
}
printf("<tr><td CLASS='optBoxRequiredItem'>Author (Your Name):</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s' %s>",url_encode(comment_author),(lock_author_names==TRUE)?"READONLY DISABLED":"");
+ printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s' %s>",escape_string(comment_author),(lock_author_names==TRUE)?"READONLY DISABLED":"");
printf("</b></td></tr>\n");
printf("<tr><td CLASS='optBoxRequiredItem'>Comment:</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",url_encode(comment_data));
+ printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",escape_string(comment_data));
printf("</b></td></tr>\n");
printf("<tr><td CLASS='optBoxItem'><br></td></tr>\n");
@@ -1242,7 +1244,7 @@
case CMD_ENABLE_HOSTGROUP_SVC_CHECKS:
case CMD_DISABLE_HOSTGROUP_SVC_CHECKS:
printf("<tr><td CLASS='optBoxRequiredItem'>Hostgroup Name:</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='hostgroup' VALUE='%s'>",hostgroup_name);
+ printf("<INPUT TYPE='TEXT' NAME='hostgroup' VALUE='%s'>",escape_string(hostgroup_name));
printf("</b></td></tr>\n");
if(cmd==CMD_ENABLE_HOSTGROUP_SVC_CHECKS || cmd==CMD_DISABLE_HOSTGROUP_SVC_CHECKS || cmd==CMD_ENABLE_HOSTGROUP_SVC_NOTIFICATIONS || cmd==CMD_DISABLE_HOSTGROUP_SVC_NOTIFICATIONS){
printf("<tr><td CLASS='optBoxItem'>%s For Hosts Too:</td><td><b>",(cmd==CMD_ENABLE_HOSTGROUP_SVC_CHECKS || cmd==CMD_ENABLE_HOSTGROUP_SVC_NOTIFICATIONS)?"Enable":"Disable");
@@ -1258,7 +1260,7 @@
case CMD_ENABLE_SERVICEGROUP_SVC_CHECKS:
case CMD_DISABLE_SERVICEGROUP_SVC_CHECKS:
printf("<tr><td CLASS='optBoxRequiredItem'>Servicegroup Name:</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='servicegroup' VALUE='%s'>",servicegroup_name);
+ printf("<INPUT TYPE='TEXT' NAME='servicegroup' VALUE='%s'>",escape_string(servicegroup_name));
printf("</b></td></tr>\n");
if(cmd==CMD_ENABLE_SERVICEGROUP_SVC_CHECKS || cmd==CMD_DISABLE_SERVICEGROUP_SVC_CHECKS || cmd==CMD_ENABLE_SERVICEGROUP_SVC_NOTIFICATIONS || cmd==CMD_DISABLE_SERVICEGROUP_SVC_NOTIFICATIONS){
printf("<tr><td CLASS='optBoxItem'>%s For Hosts Too:</td><td><b>",(cmd==CMD_ENABLE_SERVICEGROUP_SVC_CHECKS || cmd==CMD_ENABLE_SERVICEGROUP_SVC_NOTIFICATIONS)?"Enable":"Disable");
@@ -1282,19 +1284,19 @@
if(cmd==CMD_SCHEDULE_HOSTGROUP_HOST_DOWNTIME || cmd==CMD_SCHEDULE_HOSTGROUP_SVC_DOWNTIME){
printf("<tr><td CLASS='optBoxRequiredItem'>Hostgroup Name:</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='hostgroup' VALUE='%s'>",hostgroup_name);
+ printf("<INPUT TYPE='TEXT' NAME='hostgroup' VALUE='%s'>",escape_string(hostgroup_name));
printf("</b></td></tr>\n");
}
else{
printf("<tr><td CLASS='optBoxRequiredItem'>Servicegroup Name:</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='servicegroup' VALUE='%s'>",servicegroup_name);
+ printf("<INPUT TYPE='TEXT' NAME='servicegroup' VALUE='%s'>",escape_string(servicegroup_name));
printf("</b></td></tr>\n");
}
printf("<tr><td CLASS='optBoxRequiredItem'>Author (Your Name):</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s' %s>",url_encode(comment_author),(lock_author_names==TRUE)?"READONLY DISABLED":"");
+ printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s' %s>",escape_string(comment_author),(lock_author_names==TRUE)?"READONLY DISABLED":"");
printf("</b></td></tr>\n");
printf("<tr><td CLASS='optBoxRequiredItem'>Comment:</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",url_encode(comment_data));
+ printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",escape_string(comment_data));
printf("</b></td></tr>\n");
time(&t);
get_time_string(&t,buffer,sizeof(buffer)-1,SHORT_DATE_TIME);
@@ -1331,12 +1333,12 @@
case CMD_SEND_CUSTOM_HOST_NOTIFICATION:
case CMD_SEND_CUSTOM_SVC_NOTIFICATION:
printf("<tr><td CLASS='optBoxRequiredItem'>Host Name:</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='host' VALUE='%s'>",host_name);
+ printf("<INPUT TYPE='TEXT' NAME='host' VALUE='%s'>",escape_string(host_name));
printf("</b></td></tr>\n");
if(cmd==CMD_SEND_CUSTOM_SVC_NOTIFICATION){
printf("<tr><td CLASS='optBoxRequiredItem'>Service:</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='service' VALUE='%s'>",service_desc);
+ printf("<INPUT TYPE='TEXT' NAME='service' VALUE='%s'>",escape_string(service_desc));
printf("</b></td></tr>\n");
}
@@ -1349,10 +1351,10 @@
printf("</b></td></tr>\n");
printf("<tr><td CLASS='optBoxRequiredItem'>Author (Your Name):</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s' %s>",url_encode(comment_author),(lock_author_names==TRUE)?"READONLY DISABLED":"");
+ printf("<INPUT TYPE='TEXT' NAME='com_author' VALUE='%s' %s>",escape_string(comment_author),(lock_author_names==TRUE)?"READONLY DISABLED":"");
printf("</b></td></tr>\n");
printf("<tr><td CLASS='optBoxRequiredItem'>Comment:</td><td><b>");
- printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",url_encode(comment_data));
+ printf("<INPUT TYPE='TEXT' NAME='com_data' VALUE='%s' SIZE=40>",escape_string(comment_data));
printf("</b></td></tr>\n");
break;
@@ -1883,6 +1885,34 @@
return;
}
+static int cmd_submitf(int id, const char *fmt, ...)
+{
+ char cmd[MAX_EXTERNAL_COMMAND_LENGTH];
+ const char *command;
+ int len, len2;
+ va_list ap;
+
+ command = extcmd_get_name(id);
+ /*
+ * We disallow sending 'CHANGE' commands from the cgi's
+ * until we do proper session handling to prevent cross-site
+ * request forgery
+ */
+ if (!command || (strlen(command) > 6 && !memcmp("CHANGE", command, 6)))
+ return ERROR;
+
+ len = snprintf(cmd, sizeof(cmd) - 1, "[%lu] %s;", time(NULL), command);
+ if (len < 0)
+ return ERROR;
+
+ va_start(ap, fmt);
+ len2 = vsnprintf(&cmd[len], sizeof(cmd) - len - 1, fmt, ap);
+ va_end(ap);
+ if (len2 < 0)
+ return ERROR;
+
+ return write_command_to_file(cmd);
+}
/* commits a command for processing */
int commit_command(int cmd){
@@ -1901,248 +1931,195 @@
/* get the notification time */
notification_time=current_time+(notification_delay*60);
+ /*
+ * these are supposed to be implanted inside the
+ * completed commands shipped off to nagios and
+ * must therefore never contain ';'
+ */
+ if (host_name && strchr(host_name, ';'))
+ return ERROR;
+ if (service_desc && strchr(service_desc, ';'))
+ return ERROR;
+ if (comment_author && strchr(comment_author, ';'))
+ return ERROR;
+ if (hostgroup_name && strchr(hostgroup_name, ';'))
+ return ERROR;
+ if (servicegroup_name && strchr(servicegroup_name, ';'))
+ return ERROR;
+
/* decide how to form the command line... */
switch(cmd){
- case CMD_ADD_HOST_COMMENT:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] ADD_HOST_COMMENT;%s;%d;%s;%s\n",current_time,host_name,(persistent_comment==TRUE)?1:0,comment_author,comment_data);
+ /* commands without arguments */
+ case CMD_START_EXECUTING_SVC_CHECKS:
+ case CMD_STOP_EXECUTING_SVC_CHECKS:
+ case CMD_START_ACCEPTING_PASSIVE_SVC_CHECKS:
+ case CMD_STOP_ACCEPTING_PASSIVE_SVC_CHECKS:
+ case CMD_ENABLE_EVENT_HANDLERS:
+ case CMD_DISABLE_EVENT_HANDLERS:
+ case CMD_START_OBSESSING_OVER_SVC_CHECKS:
+ case CMD_STOP_OBSESSING_OVER_SVC_CHECKS:
+ case CMD_ENABLE_FLAP_DETECTION:
+ case CMD_DISABLE_FLAP_DETECTION:
+ case CMD_ENABLE_FAILURE_PREDICTION:
+ case CMD_DISABLE_FAILURE_PREDICTION:
+ case CMD_ENABLE_PERFORMANCE_DATA:
+ case CMD_DISABLE_PERFORMANCE_DATA:
+ case CMD_START_EXECUTING_HOST_CHECKS:
+ case CMD_STOP_EXECUTING_HOST_CHECKS:
+ case CMD_START_ACCEPTING_PASSIVE_HOST_CHECKS:
+ case CMD_STOP_ACCEPTING_PASSIVE_HOST_CHECKS:
+ case CMD_START_OBSESSING_OVER_HOST_CHECKS:
+ case CMD_STOP_OBSESSING_OVER_HOST_CHECKS:
+ result = cmd_submitf(cmd,"");
+ break;
+
+ /** simple host commands **/
+ case CMD_ENABLE_HOST_FLAP_DETECTION:
+ case CMD_DISABLE_HOST_FLAP_DETECTION:
+ case CMD_ENABLE_PASSIVE_HOST_CHECKS:
+ case CMD_DISABLE_PASSIVE_HOST_CHECKS:
+ case CMD_START_OBSESSING_OVER_HOST:
+ case CMD_STOP_OBSESSING_OVER_HOST:
+ case CMD_DEL_ALL_HOST_COMMENTS:
+ case CMD_ENABLE_ALL_NOTIFICATIONS_BEYOND_HOST:
+ case CMD_DISABLE_ALL_NOTIFICATIONS_BEYOND_HOST:
+ case CMD_ENABLE_HOST_EVENT_HANDLER:
+ case CMD_DISABLE_HOST_EVENT_HANDLER:
+ case CMD_ENABLE_HOST_CHECK:
+ case CMD_DISABLE_HOST_CHECK:
+ case CMD_REMOVE_HOST_ACKNOWLEDGEMENT:
+ result = cmd_submitf(cmd,"%s",host_name);
+ break;
+
+ /** simple service commands **/
+ case CMD_ENABLE_SVC_FLAP_DETECTION:
+ case CMD_DISABLE_SVC_FLAP_DETECTION:
+ case CMD_ENABLE_PASSIVE_SVC_CHECKS:
+ case CMD_DISABLE_PASSIVE_SVC_CHECKS:
+ case CMD_START_OBSESSING_OVER_SVC:
+ case CMD_STOP_OBSESSING_OVER_SVC:
+ case CMD_DEL_ALL_SVC_COMMENTS:
+ case CMD_ENABLE_SVC_NOTIFICATIONS:
+ case CMD_DISABLE_SVC_NOTIFICATIONS:
+ case CMD_ENABLE_SVC_EVENT_HANDLER:
+ case CMD_DISABLE_SVC_EVENT_HANDLER:
+ case CMD_ENABLE_SVC_CHECK:
+ case CMD_DISABLE_SVC_CHECK:
+ case CMD_REMOVE_SVC_ACKNOWLEDGEMENT:
+ result = cmd_submitf(cmd,"%s;%s",host_name,service_desc);
break;
+ case CMD_ADD_HOST_COMMENT:
+ result = cmd_submitf(cmd,"%s;%d;%s;%s",host_name,persistent_comment,comment_author,comment_data);
+ break;
+
case CMD_ADD_SVC_COMMENT:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] ADD_SVC_COMMENT;%s;%s;%d;%s;%s\n",current_time,host_name,service_desc,(persistent_comment==TRUE)?1:0,comment_author,comment_data);
+ result = cmd_submitf(cmd,"%s;%s;%d;%s;%s",current_time,host_name,service_desc,persistent_comment,comment_author,comment_data);
break;
case CMD_DEL_HOST_COMMENT:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] DEL_HOST_COMMENT;%lu\n",current_time,comment_id);
- break;
-
case CMD_DEL_SVC_COMMENT:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] DEL_SVC_COMMENT;%lu\n",current_time,comment_id);
+ result = cmd_submitf(cmd,"%lu",comment_id);
break;
case CMD_DELAY_HOST_NOTIFICATION:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] DELAY_HOST_NOTIFICATION;%s;%lu\n",current_time,host_name,notification_time);
+ result = cmd_submitf(cmd,"%s;%lu",host_name,notification_time);
break;
case CMD_DELAY_SVC_NOTIFICATION:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] DELAY_SVC_NOTIFICATION;%s;%s;%lu\n",current_time,host_name,service_desc,notification_time);
+ result = cmd_submitf(cmd,"%s;%s;%lu",host_name,service_desc,notification_time);
break;
case CMD_SCHEDULE_SVC_CHECK:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_%sSVC_CHECK;%s;%s;%lu\n",current_time,(force_check==TRUE)?"FORCED_":"",host_name,service_desc,start_time);
+ case CMD_SCHEDULE_FORCED_SVC_CHECK:
+ result = cmd_submitf(cmd,"%s;%s;%lu",host_name,service_desc,start_time);
break;
- case CMD_ENABLE_SVC_CHECK:
- case CMD_DISABLE_SVC_CHECK:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SVC_CHECK;%s;%s\n",current_time,(cmd==CMD_ENABLE_SVC_CHECK)?"ENABLE":"DISABLE",host_name,service_desc);
- break;
-
case CMD_DISABLE_NOTIFICATIONS:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] DISABLE_NOTIFICATIONS;%lu\n",current_time,scheduled_time);
- break;
-
case CMD_ENABLE_NOTIFICATIONS:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] ENABLE_NOTIFICATIONS;%lu\n",current_time,scheduled_time);
- break;
-
case CMD_SHUTDOWN_PROCESS:
case CMD_RESTART_PROCESS:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_PROGRAM;%lu\n",current_time,(cmd==CMD_SHUTDOWN_PROCESS)?"SHUTDOWN":"RESTART",scheduled_time);
+ result = cmd_submitf(cmd,"%lu",scheduled_time);
break;
case CMD_ENABLE_HOST_SVC_CHECKS:
case CMD_DISABLE_HOST_SVC_CHECKS:
- if(affect_host_and_services==FALSE)
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_SVC_CHECKS;%s\n",current_time,(cmd==CMD_ENABLE_HOST_SVC_CHECKS)?"ENABLE":"DISABLE",host_name);
- else
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_SVC_CHECKS;%s\n[%lu] %s_HOST_CHECK;%s\n",current_time,(cmd==CMD_ENABLE_HOST_SVC_CHECKS)?"ENABLE":"DISABLE",host_name,current_time,(cmd==CMD_ENABLE_HOST_SVC_CHECKS)?"ENABLE":"DISABLE",host_name);
+ result = cmd_submitf(cmd,"%s",host_name);
+ if(affect_host_and_services==TRUE) {
+ cmd = (cmd == CMD_ENABLE_HOST_SVC_CHECKS) ? CMD_ENABLE_HOST_CHECK : CMD_DISABLE_HOST_CHECK;
+ result |= cmd_submitf(cmd,"%s",host_name);
+ }
break;
case CMD_SCHEDULE_HOST_SVC_CHECKS:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_%sHOST_SVC_CHECKS;%s;%lu\n",current_time,(force_check==TRUE)?"FORCED_":"",host_name,scheduled_time);
- break;
-
- case CMD_DEL_ALL_HOST_COMMENTS:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] DEL_ALL_HOST_COMMENTS;%s\n",current_time,host_name);
- break;
-
- case CMD_DEL_ALL_SVC_COMMENTS:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] DEL_ALL_SVC_COMMENTS;%s;%s\n",current_time,host_name,service_desc);
+ if (force_check == TRUE)
+ cmd = CMD_SCHEDULE_FORCED_HOST_SVC_CHECKS;
+ result = cmd_submitf(cmd,"%s;%lu",host_name,scheduled_time);
break;
- case CMD_ENABLE_SVC_NOTIFICATIONS:
- case CMD_DISABLE_SVC_NOTIFICATIONS:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SVC_NOTIFICATIONS;%s;%s\n",current_time,(cmd==CMD_ENABLE_SVC_NOTIFICATIONS)?"ENABLE":"DISABLE",host_name,service_desc);
- break;
-
case CMD_ENABLE_HOST_NOTIFICATIONS:
case CMD_DISABLE_HOST_NOTIFICATIONS:
if(propagate_to_children==TRUE)
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_AND_CHILD_NOTIFICATIONS;%s\n",current_time,(cmd==CMD_ENABLE_HOST_NOTIFICATIONS)?"ENABLE":"DISABLE",host_name);
- else
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_NOTIFICATIONS;%s\n",current_time,(cmd==CMD_ENABLE_HOST_NOTIFICATIONS)?"ENABLE":"DISABLE",host_name);
- break;
-
- case CMD_ENABLE_ALL_NOTIFICATIONS_BEYOND_HOST:
- case CMD_DISABLE_ALL_NOTIFICATIONS_BEYOND_HOST:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_ALL_NOTIFICATIONS_BEYOND_HOST;%s\n",current_time,(cmd==CMD_ENABLE_ALL_NOTIFICATIONS_BEYOND_HOST)?"ENABLE":"DISABLE",host_name);
+ cmd = (cmd == CMD_ENABLE_HOST_NOTIFICATIONS) ? CMD_ENABLE_HOST_AND_CHILD_NOTIFICATIONS : CMD_DISABLE_HOST_AND_CHILD_NOTIFICATIONS;
+ result = cmd_submitf(cmd,"%s",host_name);
break;
case CMD_ENABLE_HOST_SVC_NOTIFICATIONS:
case CMD_DISABLE_HOST_SVC_NOTIFICATIONS:
- if(affect_host_and_services==FALSE)
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_SVC_NOTIFICATIONS;%s\n",current_time,(cmd==CMD_ENABLE_HOST_SVC_NOTIFICATIONS)?"ENABLE":"DISABLE",host_name);
- else
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_SVC_NOTIFICATIONS;%s\n[%lu] %s_HOST_NOTIFICATIONS;%s\n",current_time,(cmd==CMD_ENABLE_HOST_SVC_NOTIFICATIONS)?"ENABLE":"DISABLE",host_name,current_time,(cmd==CMD_ENABLE_HOST_SVC_NOTIFICATIONS)?"ENABLE":"DISABLE",host_name);
+ result = cmd_submitf(cmd,"%s",host_name);
+ if(affect_host_and_services==TRUE) {
+ cmd = (cmd == CMD_ENABLE_HOST_SVC_NOTIFICATIONS) ? CMD_ENABLE_HOST_NOTIFICATIONS : CMD_DISABLE_HOST_NOTIFICATIONS;
+ result |= cmd_submitf(cmd,"%s",host_name);
+ }
break;
case CMD_ACKNOWLEDGE_HOST_PROBLEM:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] ACKNOWLEDGE_HOST_PROBLEM;%s;%d;%d;%d;%s;%s\n",current_time,host_name,(sticky_ack==TRUE)?ACKNOWLEDGEMENT_STICKY:ACKNOWLEDGEMENT_NORMAL,(send_notification==TRUE)?1:0,(persistent_comment==TRUE)?1:0,comment_author,comment_data);
+ result = cmd_submitf(cmd,"%s;%d;%d;%d;%s;%s",host_name,(sticky_ack==TRUE)?ACKNOWLEDGEMENT_STICKY:ACKNOWLEDGEMENT_NORMAL,send_notification,persistent_comment,comment_author,comment_data);
break;
case CMD_ACKNOWLEDGE_SVC_PROBLEM:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] ACKNOWLEDGE_SVC_PROBLEM;%s;%s;%d;%d;%d;%s;%s\n",current_time,host_name,service_desc,(sticky_ack==TRUE)?ACKNOWLEDGEMENT_STICKY:ACKNOWLEDGEMENT_NORMAL,(send_notification==TRUE)?1:0,(persistent_comment==TRUE)?1:0,comment_author,comment_data);
+ result = cmd_submitf(cmd,"%s;%s;%d;%d;%d;%s;%s",host_name,service_desc,(sticky_ack==TRUE)?ACKNOWLEDGEMENT_STICKY:ACKNOWLEDGEMENT_NORMAL,send_notification,persistent_comment,comment_author,comment_data);
break;
- case CMD_START_EXECUTING_SVC_CHECKS:
- case CMD_STOP_EXECUTING_SVC_CHECKS:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_EXECUTING_SVC_CHECKS;\n",current_time,(cmd==CMD_START_EXECUTING_SVC_CHECKS)?"START":"STOP");
- break;
-
- case CMD_START_ACCEPTING_PASSIVE_SVC_CHECKS:
- case CMD_STOP_ACCEPTING_PASSIVE_SVC_CHECKS:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_ACCEPTING_PASSIVE_SVC_CHECKS;\n",current_time,(cmd==CMD_START_ACCEPTING_PASSIVE_SVC_CHECKS)?"START":"STOP");
- break;
-
- case CMD_ENABLE_PASSIVE_SVC_CHECKS:
- case CMD_DISABLE_PASSIVE_SVC_CHECKS:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_PASSIVE_SVC_CHECKS;%s;%s\n",current_time,(cmd==CMD_ENABLE_PASSIVE_SVC_CHECKS)?"ENABLE":"DISABLE",host_name,service_desc);
- break;
-
- case CMD_ENABLE_EVENT_HANDLERS:
- case CMD_DISABLE_EVENT_HANDLERS:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_EVENT_HANDLERS;\n",current_time,(cmd==CMD_ENABLE_EVENT_HANDLERS)?"ENABLE":"DISABLE");
- break;
-
- case CMD_ENABLE_SVC_EVENT_HANDLER:
- case CMD_DISABLE_SVC_EVENT_HANDLER:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SVC_EVENT_HANDLER;%s;%s\n",current_time,(cmd==CMD_ENABLE_SVC_EVENT_HANDLER)?"ENABLE":"DISABLE",host_name,service_desc);
- break;
-
- case CMD_ENABLE_HOST_EVENT_HANDLER:
- case CMD_DISABLE_HOST_EVENT_HANDLER:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_EVENT_HANDLER;%s\n",current_time,(cmd==CMD_ENABLE_HOST_EVENT_HANDLER)?"ENABLE":"DISABLE",host_name);
- break;
-
- case CMD_ENABLE_HOST_CHECK:
- case CMD_DISABLE_HOST_CHECK:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_CHECK;%s\n",current_time,(cmd==CMD_ENABLE_HOST_CHECK)?"ENABLE":"DISABLE",host_name);
- break;
-
- case CMD_START_OBSESSING_OVER_SVC_CHECKS:
- case CMD_STOP_OBSESSING_OVER_SVC_CHECKS:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_OBSESSING_OVER_SVC_CHECKS;\n",current_time,(cmd==CMD_START_OBSESSING_OVER_SVC_CHECKS)?"START":"STOP");
- break;
-
- case CMD_REMOVE_HOST_ACKNOWLEDGEMENT:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] REMOVE_HOST_ACKNOWLEDGEMENT;%s\n",current_time,host_name);
- break;
-
- case CMD_REMOVE_SVC_ACKNOWLEDGEMENT:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] REMOVE_SVC_ACKNOWLEDGEMENT;%s;%s\n",current_time,host_name,service_desc);
- break;
-
case CMD_PROCESS_SERVICE_CHECK_RESULT:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] PROCESS_SERVICE_CHECK_RESULT;%s;%s;%d;%s|%s\n",current_time,host_name,service_desc,plugin_state,plugin_output,performance_data);
+ result = cmd_submitf(cmd,"%s;%s;%d;%s|%s",host_name,service_desc,plugin_state,plugin_output,performance_data);
break;
case CMD_PROCESS_HOST_CHECK_RESULT:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] PROCESS_HOST_CHECK_RESULT;%s;%d;%s|%s\n",current_time,host_name,plugin_state,plugin_output,performance_data);
+ result = cmd_submitf(cmd,"%s;%d;%s|%s",host_name,plugin_state,plugin_output,performance_data);
break;
case CMD_SCHEDULE_HOST_DOWNTIME:
if(child_options==1)
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_AND_PROPAGATE_TRIGGERED_HOST_DOWNTIME;%s;%lu;%lu;%d;%lu;%lu;%s;%s\n",current_time,host_name,start_time,end_time,(fixed==TRUE)?1:0,triggered_by,duration,comment_author,comment_data);
- else if(child_options==2)
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_AND_PROPAGATE_HOST_DOWNTIME;%s;%lu;%lu;%d;%lu;%lu;%s;%s\n",current_time,host_name,start_time,end_time,(fixed==TRUE)?1:0,triggered_by,duration,comment_author,comment_data);
- else
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_HOST_DOWNTIME;%s;%lu;%lu;%d;%lu;%lu;%s;%s\n",current_time,host_name,start_time,end_time,(fixed==TRUE)?1:0,triggered_by,duration,comment_author,comment_data);
- break;
-
- case CMD_SCHEDULE_SVC_DOWNTIME:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_SVC_DOWNTIME;%s;%s;%lu;%lu;%d;%lu;%lu;%s;%s\n",current_time,host_name,service_desc,start_time,end_time,(fixed==TRUE)?1:0,triggered_by,duration,comment_author,comment_data);
- break;
+ cmd = CMD_SCHEDULE_AND_PROPAGATE_TRIGGERED_HOST_DOWNTIME;
+ else if (child_options == 2)
+ cmd = CMD_SCHEDULE_AND_PROPAGATE_HOST_DOWNTIME;
- case CMD_ENABLE_HOST_FLAP_DETECTION:
- case CMD_DISABLE_HOST_FLAP_DETECTION:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOST_FLAP_DETECTION;%s\n",current_time,(cmd==CMD_ENABLE_HOST_FLAP_DETECTION)?"ENABLE":"DISABLE",host_name);
- break;
-
- case CMD_ENABLE_SVC_FLAP_DETECTION:
- case CMD_DISABLE_SVC_FLAP_DETECTION:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SVC_FLAP_DETECTION;%s;%s\n",current_time,(cmd==CMD_ENABLE_SVC_FLAP_DETECTION)?"ENABLE":"DISABLE",host_name,service_desc);
+ result = cmd_submitf(cmd,"%s;%lu;%lu;%d;%lu;%lu;%s;%s",host_name,start_time,end_time,fixed,triggered_by,duration,comment_author,comment_data);
break;
- case CMD_ENABLE_FLAP_DETECTION:
- case CMD_DISABLE_FLAP_DETECTION:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_FLAP_DETECTION\n",current_time,(cmd==CMD_ENABLE_FLAP_DETECTION)?"ENABLE":"DISABLE");
+ case CMD_SCHEDULE_SVC_DOWNTIME:
+ result = cmd_submitf(cmd,"%s;%s;%lu;%lu;%d;%lu;%lu;%s;%s",host_name,service_desc,start_time,end_time,fixed,triggered_by,duration,comment_author,comment_data);
break;
case CMD_DEL_HOST_DOWNTIME:
case CMD_DEL_SVC_DOWNTIME:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] DEL_%s_DOWNTIME;%lu\n",current_time,(cmd==CMD_DEL_HOST_DOWNTIME)?"HOST":"SVC",downtime_id);
- break;
-
- case CMD_ENABLE_FAILURE_PREDICTION:
- case CMD_DISABLE_FAILURE_PREDICTION:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_FAILURE_PREDICTION\n",current_time,(cmd==CMD_ENABLE_FAILURE_PREDICTION)?"ENABLE":"DISABLE");
- break;
-
- case CMD_ENABLE_PERFORMANCE_DATA:
- case CMD_DISABLE_PERFORMANCE_DATA:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_PERFORMANCE_DATA\n",current_time,(cmd==CMD_ENABLE_PERFORMANCE_DATA)?"ENABLE":"DISABLE");
- break;
-
- case CMD_START_EXECUTING_HOST_CHECKS:
- case CMD_STOP_EXECUTING_HOST_CHECKS:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_EXECUTING_HOST_CHECKS;\n",current_time,(cmd==CMD_START_EXECUTING_HOST_CHECKS)?"START":"STOP");
- break;
-
- case CMD_START_ACCEPTING_PASSIVE_HOST_CHECKS:
- case CMD_STOP_ACCEPTING_PASSIVE_HOST_CHECKS:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_ACCEPTING_PASSIVE_HOST_CHECKS;\n",current_time,(cmd==CMD_START_ACCEPTING_PASSIVE_HOST_CHECKS)?"START":"STOP");
- break;
-
- case CMD_ENABLE_PASSIVE_HOST_CHECKS:
- case CMD_DISABLE_PASSIVE_HOST_CHECKS:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_PASSIVE_HOST_CHECKS;%s\n",current_time,(cmd==CMD_ENABLE_PASSIVE_HOST_CHECKS)?"ENABLE":"DISABLE",host_name);
- break;
-
- case CMD_START_OBSESSING_OVER_HOST_CHECKS:
- case CMD_STOP_OBSESSING_OVER_HOST_CHECKS:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_OBSESSING_OVER_HOST_CHECKS;\n",current_time,(cmd==CMD_START_OBSESSING_OVER_HOST_CHECKS)?"START":"STOP");
+ result = cmd_submitf(cmd,"%lu",downtime_id);
break;
case CMD_SCHEDULE_HOST_CHECK:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_%sHOST_CHECK;%s;%lu\n",current_time,(force_check==TRUE)?"FORCED_":"",host_name,start_time);
- break;
-
- case CMD_START_OBSESSING_OVER_SVC:
- case CMD_STOP_OBSESSING_OVER_SVC:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_OBSESSING_OVER_SVC;%s;%s\n",current_time,(cmd==CMD_START_OBSESSING_OVER_SVC)?"START":"STOP",host_name,service_desc);
- break;
-
- case CMD_START_OBSESSING_OVER_HOST:
- case CMD_STOP_OBSESSING_OVER_HOST:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_OBSESSING_OVER_HOST;%s\n",current_time,(cmd==CMD_START_OBSESSING_OVER_HOST)?"START":"STOP",host_name);
+ if (force_check == TRUE)
+ cmd = CMD_SCHEDULE_FORCED_HOST_CHECK;
+ result = cmd_submitf(cmd,"%s;%lu",host_name,start_time);
break;
case CMD_SEND_CUSTOM_HOST_NOTIFICATION:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SEND_CUSTOM_HOST_NOTIFICATION;%s;%d;%s;%s\n",current_time,host_name,(force_notification | broadcast_notification),comment_author,comment_data);
+ result = cmd_submitf(cmd,"%s;%d;%s;%s",host_name,(force_notification | broadcast_notification),comment_author,comment_data);
break;
case CMD_SEND_CUSTOM_SVC_NOTIFICATION:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SEND_CUSTOM_SVC_NOTIFICATION;%s;%s;%d;%s;%s\n",current_time,host_name,service_desc,(force_notification | broadcast_notification),comment_author,comment_data);
+ result = cmd_submitf(cmd,"%s;%s;%d;%s;%s",host_name,service_desc,(force_notification | broadcast_notification),comment_author,comment_data);
break;
@@ -2150,34 +2127,35 @@
case CMD_ENABLE_HOSTGROUP_SVC_NOTIFICATIONS:
case CMD_DISABLE_HOSTGROUP_SVC_NOTIFICATIONS:
- if(affect_host_and_services==FALSE)
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOSTGROUP_SVC_NOTIFICATIONS;%s\n",current_time,(cmd==CMD_ENABLE_HOSTGROUP_SVC_NOTIFICATIONS)?"ENABLE":"DISABLE",hostgroup_name);
- else
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOSTGROUP_SVC_NOTIFICATIONS;%s\n[%lu] %s_HOSTGROUP_HOST_NOTIFICATIONS;%s\n",current_time,(cmd==CMD_ENABLE_HOSTGROUP_SVC_NOTIFICATIONS)?"ENABLE":"DISABLE",hostgroup_name,current_time,(cmd==CMD_ENABLE_HOSTGROUP_SVC_NOTIFICATIONS)?"ENABLE":"DISABLE",hostgroup_name);
+ result = cmd_submitf(cmd,"%s",hostgroup_name);
+ if(affect_host_and_services==TRUE) {
+ cmd = (cmd == CMD_ENABLE_HOSTGROUP_SVC_NOTIFICATIONS) ? CMD_ENABLE_HOSTGROUP_HOST_NOTIFICATIONS : CMD_DISABLE_HOSTGROUP_HOST_NOTIFICATIONS;
+ result |= cmd_submitf(cmd,"%s",hostgroup_name);
+ }
break;
case CMD_ENABLE_HOSTGROUP_HOST_NOTIFICATIONS:
case CMD_DISABLE_HOSTGROUP_HOST_NOTIFICATIONS:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOSTGROUP_HOST_NOTIFICATIONS;%s\n",current_time,(cmd==CMD_ENABLE_HOSTGROUP_HOST_NOTIFICATIONS)?"ENABLE":"DISABLE",hostgroup_name);
+ result = cmd_submitf(cmd,"%s",hostgroup_name);
break;
case CMD_ENABLE_HOSTGROUP_SVC_CHECKS:
case CMD_DISABLE_HOSTGROUP_SVC_CHECKS:
- if(affect_host_and_services==FALSE)
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOSTGROUP_SVC_CHECKS;%s\n",current_time,(cmd==CMD_ENABLE_HOSTGROUP_SVC_CHECKS)?"ENABLE":"DISABLE",hostgroup_name);
- else
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_HOSTGROUP_SVC_CHECKS;%s\n[%lu] %s_HOSTGROUP_HOST_CHECKS;%s\n",current_time,(cmd==CMD_ENABLE_HOSTGROUP_SVC_CHECKS)?"ENABLE":"DISABLE",hostgroup_name,current_time,(cmd==CMD_ENABLE_HOSTGROUP_SVC_CHECKS)?"ENABLE":"DISABLE",hostgroup_name);
+ result = cmd_submitf(cmd,"%s",hostgroup_name);
+ if(affect_host_and_services==TRUE) {
+ cmd = (cmd == CMD_ENABLE_HOSTGROUP_SVC_CHECKS) ? CMD_ENABLE_HOSTGROUP_HOST_CHECKS : CMD_DISABLE_HOSTGROUP_HOST_CHECKS;
+ result |= cmd_submitf(cmd,"%s",hostgroup_name);
+ }
break;
case CMD_SCHEDULE_HOSTGROUP_HOST_DOWNTIME:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_HOSTGROUP_HOST_DOWNTIME;%s;%lu;%lu;%d;0;%lu;%s;%s\n",current_time,hostgroup_name,start_time,end_time,(fixed==TRUE)?1:0,duration,comment_author,comment_data);
+ result = cmd_submitf(cmd,"%s;%lu;%lu;%d;0;%lu;%s;%s",hostgroup_name,start_time,end_time,fixed,duration,comment_author,comment_data);
break;
case CMD_SCHEDULE_HOSTGROUP_SVC_DOWNTIME:
- if(affect_host_and_services==FALSE)
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_HOSTGROUP_SVC_DOWNTIME;%s;%lu;%lu;%d;0;%lu;%s;%s\n",current_time,hostgroup_name,start_time,end_time,(fixed==TRUE)?1:0,duration,comment_author,comment_data);
- else
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_HOSTGROUP_SVC_DOWNTIME;%s;%lu;%lu;%d;0;%lu;%s;%s\n[%lu] SCHEDULE_HOSTGROUP_HOST_DOWNTIME;%s;%lu;%lu;%d;0;%lu;%s;%s\n",current_time,hostgroup_name,start_time,end_time,(fixed==TRUE)?1:0,duration,comment_author,comment_data,current_time,hostgroup_name,start_time,end_time,(fixed==TRUE)?1:0,duration,comment_author,comment_data);
+ result = cmd_submitf(cmd,"%s;%lu;%lu;%d;0;%lu;%s;%s",hostgroup_name,start_time,end_time,fixed,duration,comment_author,comment_data);
+ if(affect_host_and_services==TRUE)
+ result |= cmd_submitf(CMD_SCHEDULE_HOSTGROUP_HOST_DOWNTIME,"%s;%lu;%lu;%d;0;%lu;%s;%s",hostgroup_name,start_time,end_time,fixed,duration,comment_author,comment_data);
break;
@@ -2185,34 +2163,35 @@
case CMD_ENABLE_SERVICEGROUP_SVC_NOTIFICATIONS:
case CMD_DISABLE_SERVICEGROUP_SVC_NOTIFICATIONS:
- if(affect_host_and_services==FALSE)
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SERVICEGROUP_SVC_NOTIFICATIONS;%s\n",current_time,(cmd==CMD_ENABLE_SERVICEGROUP_SVC_NOTIFICATIONS)?"ENABLE":"DISABLE",servicegroup_name);
- else
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SERVICEGROUP_SVC_NOTIFICATIONS;%s\n[%lu] %s_SERVICEGROUP_HOST_NOTIFICATIONS;%s\n",current_time,(cmd==CMD_ENABLE_SERVICEGROUP_SVC_NOTIFICATIONS)?"ENABLE":"DISABLE",servicegroup_name,current_time,(cmd==CMD_ENABLE_SERVICEGROUP_SVC_NOTIFICATIONS)?"ENABLE":"DISABLE",servicegroup_name);
+ result = cmd_submitf(cmd,"%s",servicegroup_name);
+ if(affect_host_and_services==TRUE) {
+ cmd = (cmd == CMD_ENABLE_SERVICEGROUP_SVC_NOTIFICATIONS) ? CMD_ENABLE_SERVICEGROUP_HOST_NOTIFICATIONS : CMD_DISABLE_SERVICEGROUP_HOST_NOTIFICATIONS;
+ result |= cmd_submitf(cmd,"%s",servicegroup_name);
+ }
break;
case CMD_ENABLE_SERVICEGROUP_HOST_NOTIFICATIONS:
case CMD_DISABLE_SERVICEGROUP_HOST_NOTIFICATIONS:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SERVICEGROUP_HOST_NOTIFICATIONS;%s\n",current_time,(cmd==CMD_ENABLE_SERVICEGROUP_HOST_NOTIFICATIONS)?"ENABLE":"DISABLE",servicegroup_name);
+ result = cmd_submitf(cmd,"%s",servicegroup_name);
break;
case CMD_ENABLE_SERVICEGROUP_SVC_CHECKS:
case CMD_DISABLE_SERVICEGROUP_SVC_CHECKS:
- if(affect_host_and_services==FALSE)
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SERVICEGROUP_SVC_CHECKS;%s\n",current_time,(cmd==CMD_ENABLE_SERVICEGROUP_SVC_CHECKS)?"ENABLE":"DISABLE",servicegroup_name);
- else
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] %s_SERVICEGROUP_SVC_CHECKS;%s\n[%lu] %s_SERVICEGROUP_HOST_CHECKS;%s\n",current_time,(cmd==CMD_ENABLE_SERVICEGROUP_SVC_CHECKS)?"ENABLE":"DISABLE",servicegroup_name,current_time,(cmd==CMD_ENABLE_SERVICEGROUP_SVC_CHECKS)?"ENABLE":"DISABLE",servicegroup_name);
+ result = cmd_submitf(cmd,"%s",servicegroup_name);
+ if(affect_host_and_services==TRUE) {
+ cmd = (cmd == CMD_ENABLE_SERVICEGROUP_SVC_CHECKS) ? CMD_ENABLE_SERVICEGROUP_HOST_CHECKS : CMD_DISABLE_SERVICEGROUP_HOST_CHECKS;
+ result |= cmd_submitf(cmd,"%s",servicegroup_name);
+ }
break;
case CMD_SCHEDULE_SERVICEGROUP_HOST_DOWNTIME:
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_SERVICEGROUP_HOST_DOWNTIME;%s;%lu;%lu;%d;0;%lu;%s;%s\n",current_time,servicegroup_name,start_time,end_time,(fixed==TRUE)?1:0,duration,comment_author,comment_data);
+ result = cmd_submitf(cmd,"%s;%lu;%lu;%d;0;%lu;%s;%s",servicegroup_name,start_time,end_time,fixed,duration,comment_author,comment_data);
break;
case CMD_SCHEDULE_SERVICEGROUP_SVC_DOWNTIME:
- if(affect_host_and_services==FALSE)
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_SERVICEGROUP_SVC_DOWNTIME;%s;%lu;%lu;%d;0;%lu;%s;%s\n",current_time,servicegroup_name,start_time,end_time,(fixed==TRUE)?1:0,duration,comment_author,comment_data);
- else
- snprintf(command_buffer,sizeof(command_buffer)-1,"[%lu] SCHEDULE_SERVICEGROUP_SVC_DOWNTIME;%s;%lu;%lu;%d;0;%lu;%s;%s\n[%lu] SCHEDULE_SERVICEGROUP_HOST_DOWNTIME;%s;%lu;%lu;%d;%lu;%s;%s\n",current_time,servicegroup_name,start_time,end_time,(fixed==TRUE)?1:0,duration,comment_author,comment_data,current_time,servicegroup_name,start_time,end_time,(fixed==TRUE)?1:0,duration,comment_author,comment_data);
+ result = cmd_submitf(cmd,"%s;%lu;%lu;%d;0;%lu;%s;%s",servicegroup_name,start_time,end_time,fixed,duration,comment_author,comment_data);
+ if(affect_host_and_services==TRUE)
+ result |= cmd_submitf(CMD_SCHEDULE_SERVICEGROUP_HOST_DOWNTIME, "%s;%lu;%lu;%d;0;%lu;%s;%s",servicegroup_name,start_time,end_time,fixed,duration,comment_author,comment_data);
break;
default:
@@ -2220,12 +2199,6 @@
break;
}
- /* make sure command buffer is terminated */
- command_buffer[sizeof(command_buffer)-1]='\x0';
-
- /* write the command to the command file */
- result=write_command_to_file(command_buffer);
-
return result;
}
@@ -2236,6 +2209,14 @@
FILE *fp;
struct stat statbuf;
+ /*
+ * Commands are not allowed to have newlines in them, as
+ * that allows malicious users to hand-craft requests that
+ * bypass the access-restrictions.
+ */
+ if (!cmd || !*cmd || strchr(cmd, '\n'))
+ return ERROR;
+
/* bail out if the external command file doesn't exist */
if(stat(command_file,&statbuf)){
diff -ruN nagios3-3.0.3/cgi/extcmd_list.c nagios3-3.0.5/cgi/extcmd_list.c
--- nagios3-3.0.3/cgi/extcmd_list.c 1970-01-01 01:00:00.000000000 +0100
+++ nagios3-3.0.5/cgi/extcmd_list.c 2008-11-02 18:32:03.000000000 +0100
@@ -0,0 +1,227 @@
+#include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include "../include/common.h"
+
+struct nagios_extcmd {
+ const char *name;
+ int id;
+/* size_t namelen;
+ int min_args;
+ int (*handler)(struct nagios_extcmd *, int, char **);
+ struct nagios_extcmd *next_handler;
+ */
+};
+
+#define CMD_DEF(name, min_args, handler) \
+ { #name, CMD_ ## name }
+/* { #name, sizeof(#name) - 1, CMD_ ## name, min_args, handler, NULL } */
+struct nagios_extcmd in_core_commands[] =
+{
+ CMD_DEF(NONE, 0, NULL),
+ CMD_DEF(ADD_HOST_COMMENT, 0, NULL),
+ CMD_DEF(DEL_HOST_COMMENT, 0, NULL),
+ CMD_DEF(ADD_SVC_COMMENT, 0, NULL),
+ CMD_DEF(DEL_SVC_COMMENT, 0, NULL),
+ CMD_DEF(ENABLE_SVC_CHECK, 0, NULL),
+ CMD_DEF(DISABLE_SVC_CHECK, 0, NULL),
+ CMD_DEF(SCHEDULE_SVC_CHECK, 0, NULL),
+ CMD_DEF(DELAY_SVC_NOTIFICATION, 0, NULL),
+ CMD_DEF(DELAY_HOST_NOTIFICATION, 0, NULL),
+ CMD_DEF(DISABLE_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(ENABLE_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(RESTART_PROCESS, 0, NULL),
+ CMD_DEF(SHUTDOWN_PROCESS, 0, NULL),
+ CMD_DEF(ENABLE_HOST_SVC_CHECKS, 0, NULL),
+ CMD_DEF(DISABLE_HOST_SVC_CHECKS, 0, NULL),
+ CMD_DEF(SCHEDULE_HOST_SVC_CHECKS, 0, NULL),
+ CMD_DEF(DELAY_HOST_SVC_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(DEL_ALL_HOST_COMMENTS, 0, NULL),
+ CMD_DEF(DEL_ALL_SVC_COMMENTS, 0, NULL),
+ CMD_DEF(ENABLE_SVC_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(DISABLE_SVC_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(ENABLE_HOST_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(DISABLE_HOST_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(ENABLE_ALL_NOTIFICATIONS_BEYOND_HOST, 0, NULL),
+ CMD_DEF(DISABLE_ALL_NOTIFICATIONS_BEYOND_HOST, 0, NULL),
+ CMD_DEF(ENABLE_HOST_SVC_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(DISABLE_HOST_SVC_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(PROCESS_SERVICE_CHECK_RESULT, 0, NULL),
+ CMD_DEF(SAVE_STATE_INFORMATION, 0, NULL),
+ CMD_DEF(READ_STATE_INFORMATION, 0, NULL),
+ CMD_DEF(ACKNOWLEDGE_HOST_PROBLEM, 0, NULL),
+ CMD_DEF(ACKNOWLEDGE_SVC_PROBLEM, 0, NULL),
+ CMD_DEF(START_EXECUTING_SVC_CHECKS, 0, NULL),
+ CMD_DEF(STOP_EXECUTING_SVC_CHECKS, 0, NULL),
+ CMD_DEF(START_ACCEPTING_PASSIVE_SVC_CHECKS, 0, NULL),
+ CMD_DEF(STOP_ACCEPTING_PASSIVE_SVC_CHECKS, 0, NULL),
+ CMD_DEF(ENABLE_PASSIVE_SVC_CHECKS, 0, NULL),
+ CMD_DEF(DISABLE_PASSIVE_SVC_CHECKS, 0, NULL),
+ CMD_DEF(ENABLE_EVENT_HANDLERS, 0, NULL),
+ CMD_DEF(DISABLE_EVENT_HANDLERS, 0, NULL),
+ CMD_DEF(ENABLE_HOST_EVENT_HANDLER, 0, NULL),
+ CMD_DEF(DISABLE_HOST_EVENT_HANDLER, 0, NULL),
+ CMD_DEF(ENABLE_SVC_EVENT_HANDLER, 0, NULL),
+ CMD_DEF(DISABLE_SVC_EVENT_HANDLER, 0, NULL),
+ CMD_DEF(ENABLE_HOST_CHECK, 0, NULL),
+ CMD_DEF(DISABLE_HOST_CHECK, 0, NULL),
+ CMD_DEF(START_OBSESSING_OVER_SVC_CHECKS, 0, NULL),
+ CMD_DEF(STOP_OBSESSING_OVER_SVC_CHECKS, 0, NULL),
+ CMD_DEF(REMOVE_HOST_ACKNOWLEDGEMENT, 0, NULL),
+ CMD_DEF(REMOVE_SVC_ACKNOWLEDGEMENT, 0, NULL),
+ CMD_DEF(SCHEDULE_FORCED_HOST_SVC_CHECKS, 0, NULL),
+ CMD_DEF(SCHEDULE_FORCED_SVC_CHECK, 0, NULL),
+ CMD_DEF(SCHEDULE_HOST_DOWNTIME, 0, NULL),
+ CMD_DEF(SCHEDULE_SVC_DOWNTIME, 0, NULL),
+ CMD_DEF(ENABLE_HOST_FLAP_DETECTION, 0, NULL),
+ CMD_DEF(DISABLE_HOST_FLAP_DETECTION, 0, NULL),
+ CMD_DEF(ENABLE_SVC_FLAP_DETECTION, 0, NULL),
+ CMD_DEF(DISABLE_SVC_FLAP_DETECTION, 0, NULL),
+ CMD_DEF(ENABLE_FLAP_DETECTION, 0, NULL),
+ CMD_DEF(DISABLE_FLAP_DETECTION, 0, NULL),
+ CMD_DEF(ENABLE_HOSTGROUP_SVC_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(DISABLE_HOSTGROUP_SVC_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(ENABLE_HOSTGROUP_HOST_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(DISABLE_HOSTGROUP_HOST_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(ENABLE_HOSTGROUP_SVC_CHECKS, 0, NULL),
+ CMD_DEF(DISABLE_HOSTGROUP_SVC_CHECKS, 0, NULL),
+ CMD_DEF(CANCEL_HOST_DOWNTIME, 0, NULL),
+ CMD_DEF(CANCEL_SVC_DOWNTIME, 0, NULL),
+ CMD_DEF(CANCEL_ACTIVE_HOST_DOWNTIME, 0, NULL),
+ CMD_DEF(CANCEL_PENDING_HOST_DOWNTIME, 0, NULL),
+ CMD_DEF(CANCEL_ACTIVE_SVC_DOWNTIME, 0, NULL),
+ CMD_DEF(CANCEL_PENDING_SVC_DOWNTIME, 0, NULL),
+ CMD_DEF(CANCEL_ACTIVE_HOST_SVC_DOWNTIME, 0, NULL),
+ CMD_DEF(CANCEL_PENDING_HOST_SVC_DOWNTIME, 0, NULL),
+ CMD_DEF(FLUSH_PENDING_COMMANDS, 0, NULL),
+ CMD_DEF(DEL_HOST_DOWNTIME, 0, NULL),
+ CMD_DEF(DEL_SVC_DOWNTIME, 0, NULL),
+ CMD_DEF(ENABLE_FAILURE_PREDICTION, 0, NULL),
+ CMD_DEF(DISABLE_FAILURE_PREDICTION, 0, NULL),
+ CMD_DEF(ENABLE_PERFORMANCE_DATA, 0, NULL),
+ CMD_DEF(DISABLE_PERFORMANCE_DATA, 0, NULL),
+ CMD_DEF(SCHEDULE_HOSTGROUP_HOST_DOWNTIME, 0, NULL),
+ CMD_DEF(SCHEDULE_HOSTGROUP_SVC_DOWNTIME, 0, NULL),
+ CMD_DEF(SCHEDULE_HOST_SVC_DOWNTIME, 0, NULL),
+ CMD_DEF(PROCESS_HOST_CHECK_RESULT, 0, NULL),
+ CMD_DEF(START_EXECUTING_HOST_CHECKS, 0, NULL),
+ CMD_DEF(STOP_EXECUTING_HOST_CHECKS, 0, NULL),
+ CMD_DEF(START_ACCEPTING_PASSIVE_HOST_CHECKS, 0, NULL),
+ CMD_DEF(STOP_ACCEPTING_PASSIVE_HOST_CHECKS, 0, NULL),
+ CMD_DEF(ENABLE_PASSIVE_HOST_CHECKS, 0, NULL),
+ CMD_DEF(DISABLE_PASSIVE_HOST_CHECKS, 0, NULL),
+ CMD_DEF(START_OBSESSING_OVER_HOST_CHECKS, 0, NULL),
+ CMD_DEF(STOP_OBSESSING_OVER_HOST_CHECKS, 0, NULL),
+ CMD_DEF(SCHEDULE_HOST_CHECK, 0, NULL),
+ CMD_DEF(SCHEDULE_FORCED_HOST_CHECK, 0, NULL),
+ CMD_DEF(START_OBSESSING_OVER_SVC, 0, NULL),
+ CMD_DEF(STOP_OBSESSING_OVER_SVC, 0, NULL),
+ CMD_DEF(START_OBSESSING_OVER_HOST, 0, NULL),
+ CMD_DEF(STOP_OBSESSING_OVER_HOST, 0, NULL),
+ CMD_DEF(ENABLE_HOSTGROUP_HOST_CHECKS, 0, NULL),
+ CMD_DEF(DISABLE_HOSTGROUP_HOST_CHECKS, 0, NULL),
+ CMD_DEF(ENABLE_HOSTGROUP_PASSIVE_SVC_CHECKS, 0, NULL),
+ CMD_DEF(DISABLE_HOSTGROUP_PASSIVE_SVC_CHECKS, 0, NULL),
+ CMD_DEF(ENABLE_HOSTGROUP_PASSIVE_HOST_CHECKS, 0, NULL),
+ CMD_DEF(DISABLE_HOSTGROUP_PASSIVE_HOST_CHECKS, 0, NULL),
+ CMD_DEF(ENABLE_SERVICEGROUP_SVC_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(DISABLE_SERVICEGROUP_SVC_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(ENABLE_SERVICEGROUP_HOST_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(DISABLE_SERVICEGROUP_HOST_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(ENABLE_SERVICEGROUP_SVC_CHECKS, 0, NULL),
+ CMD_DEF(DISABLE_SERVICEGROUP_SVC_CHECKS, 0, NULL),
+ CMD_DEF(ENABLE_SERVICEGROUP_HOST_CHECKS, 0, NULL),
+ CMD_DEF(DISABLE_SERVICEGROUP_HOST_CHECKS, 0, NULL),
+ CMD_DEF(ENABLE_SERVICEGROUP_PASSIVE_SVC_CHECKS, 0, NULL),
+ CMD_DEF(DISABLE_SERVICEGROUP_PASSIVE_SVC_CHECKS, 0, NULL),
+ CMD_DEF(ENABLE_SERVICEGROUP_PASSIVE_HOST_CHECKS, 0, NULL),
+ CMD_DEF(DISABLE_SERVICEGROUP_PASSIVE_HOST_CHECKS, 0, NULL),
+ CMD_DEF(SCHEDULE_SERVICEGROUP_HOST_DOWNTIME, 0, NULL),
+ CMD_DEF(SCHEDULE_SERVICEGROUP_SVC_DOWNTIME, 0, NULL),
+ CMD_DEF(CHANGE_GLOBAL_HOST_EVENT_HANDLER, 0, NULL),
+ CMD_DEF(CHANGE_GLOBAL_SVC_EVENT_HANDLER, 0, NULL),
+ CMD_DEF(CHANGE_HOST_EVENT_HANDLER, 0, NULL),
+ CMD_DEF(CHANGE_SVC_EVENT_HANDLER, 0, NULL),
+ CMD_DEF(CHANGE_HOST_CHECK_COMMAND, 0, NULL),
+ CMD_DEF(CHANGE_SVC_CHECK_COMMAND, 0, NULL),
+ CMD_DEF(CHANGE_NORMAL_HOST_CHECK_INTERVAL, 0, NULL),
+ CMD_DEF(CHANGE_NORMAL_SVC_CHECK_INTERVAL, 0, NULL),
+ CMD_DEF(CHANGE_RETRY_SVC_CHECK_INTERVAL, 0, NULL),
+ CMD_DEF(CHANGE_MAX_HOST_CHECK_ATTEMPTS, 0, NULL),
+ CMD_DEF(CHANGE_MAX_SVC_CHECK_ATTEMPTS, 0, NULL),
+ CMD_DEF(SCHEDULE_AND_PROPAGATE_TRIGGERED_HOST_DOWNTIME, 0, NULL),
+ CMD_DEF(ENABLE_HOST_AND_CHILD_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(DISABLE_HOST_AND_CHILD_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(SCHEDULE_AND_PROPAGATE_HOST_DOWNTIME, 0, NULL),
+ CMD_DEF(ENABLE_SERVICE_FRESHNESS_CHECKS, 0, NULL),
+ CMD_DEF(DISABLE_SERVICE_FRESHNESS_CHECKS, 0, NULL),
+ CMD_DEF(ENABLE_HOST_FRESHNESS_CHECKS, 0, NULL),
+ CMD_DEF(DISABLE_HOST_FRESHNESS_CHECKS, 0, NULL),
+ CMD_DEF(SET_HOST_NOTIFICATION_NUMBER, 0, NULL),
+ CMD_DEF(SET_SVC_NOTIFICATION_NUMBER, 0, NULL),
+ CMD_DEF(CHANGE_HOST_CHECK_TIMEPERIOD, 0, NULL),
+ CMD_DEF(CHANGE_SVC_CHECK_TIMEPERIOD, 0, NULL),
+ CMD_DEF(PROCESS_FILE, 0, NULL),
+ CMD_DEF(CHANGE_CUSTOM_HOST_VAR, 0, NULL),
+ CMD_DEF(CHANGE_CUSTOM_SVC_VAR, 0, NULL),
+ CMD_DEF(CHANGE_CUSTOM_CONTACT_VAR, 0, NULL),
+ CMD_DEF(ENABLE_CONTACT_HOST_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(DISABLE_CONTACT_HOST_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(ENABLE_CONTACT_SVC_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(DISABLE_CONTACT_SVC_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(ENABLE_CONTACTGROUP_HOST_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(DISABLE_CONTACTGROUP_HOST_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(ENABLE_CONTACTGROUP_SVC_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(DISABLE_CONTACTGROUP_SVC_NOTIFICATIONS, 0, NULL),
+ CMD_DEF(CHANGE_RETRY_HOST_CHECK_INTERVAL, 0, NULL),
+ CMD_DEF(SEND_CUSTOM_HOST_NOTIFICATION, 0, NULL),
+ CMD_DEF(SEND_CUSTOM_SVC_NOTIFICATION, 0, NULL),
+ CMD_DEF(CHANGE_HOST_NOTIFICATION_TIMEPERIOD, 0, NULL),
+ CMD_DEF(CHANGE_SVC_NOTIFICATION_TIMEPERIOD, 0, NULL),
+ CMD_DEF(CHANGE_CONTACT_HOST_NOTIFICATION_TIMEPERIOD, 0, NULL),
+ CMD_DEF(CHANGE_CONTACT_SVC_NOTIFICATION_TIMEPERIOD, 0, NULL),
+ CMD_DEF(CHANGE_HOST_MODATTR, 0, NULL),
+ CMD_DEF(CHANGE_SVC_MODATTR, 0, NULL),
+ CMD_DEF(CHANGE_CONTACT_MODATTR, 0, NULL),
+ CMD_DEF(CHANGE_CONTACT_MODHATTR, 0, NULL),
+ CMD_DEF(CHANGE_CONTACT_MODSATTR, 0, NULL),
+};
+#undef CMD_DEF
+
+#ifndef ARRAY_SIZE
+# define ARRAY_SIZE(x) (sizeof(x) / sizeof(x[0]))
+#endif
+static int extcmd_entries, extcmd_slots;
+
+const char *extcmd_get_name(int id)
+{
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(in_core_commands); i++) {
+ struct nagios_extcmd *ecmd;
+ ecmd = &in_core_commands[i];
+ if (ecmd->id == id)
+ return ecmd->name;
+ }
+
+ return NULL;
+}
+
+#ifdef ECMD_LIST_TESTING
+int main(int argc, char **argv)
+{
+ int i, no_handler = 0;
+
+ for (i = 0; i < ARRAY_SIZE(in_core_commands); i++) {
+ struct nagios_extcmd *cmd = &in_core_commands[i];
+ if (!cmd->handler) {
+ no_handler++;
+ printf("%s has no handler\n", extcmd_get_name(i));
+ }
+ }
+ printf("%d of %d commands have no handler\n",
+ no_handler, ARRAY_SIZE(in_core_commands));
+
+ return 0;
+}
+#endif
diff -ruN nagios3-3.0.3/cgi/histogram.c nagios3-3.0.5/cgi/histogram.c
--- nagios3-3.0.3/cgi/histogram.c 2008-05-19 20:42:26.000000000 +0200
+++ nagios3-3.0.5/cgi/histogram.c 2008-10-16 00:40:07.000000000 +0200
@@ -3,7 +3,7 @@
* HISTOGRAM.C - Nagios Alert Histogram CGI
*
* Copyright (c) 2001-2008 Ethan Galstad (nagios@nagios.org)
- * Last Modified: 01-08-2008
+ * Last Modified: 10-15-2008
*
* License:
*
@@ -407,9 +407,9 @@
printf("<form method=\"GET\" action=\"%s\">\n",HISTOGRAM_CGI);
printf("<input type='hidden' name='t1' value='%lu'>\n",(unsigned long)t1);
printf("<input type='hidden' name='t2' value='%lu'>\n",(unsigned long)t2);
- printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name));
+ printf("<input type='hidden' name='host' value='%s'>\n",escape_string(host_name));
if(display_type==DISPLAY_SERVICE_HISTOGRAM)
- printf("<input type='hidden' name='service' value='%s'>\n",url_encode(svc_description));
+ printf("<input type='hidden' name='service' value='%s'>\n",escape_string(svc_description));
printf("<tr><td CLASS='optBoxItem' valign=top align=left>Report period:</td><td CLASS='optBoxItem' valign=top align=left>Assume state retention:</td></tr>\n");
@@ -697,7 +697,7 @@
for(temp_host=host_list;temp_host!=NULL;temp_host=temp_host->next){
if(is_authorized_for_host(temp_host,¤t_authdata)==TRUE)
- printf("<option value='%s'>%s\n",temp_host->name,temp_host->name);
+ printf("<option value='%s'>%s\n",escape_string(temp_host->name),temp_host->name);
}
printf("</select>\n");
@@ -746,7 +746,7 @@
printf("<TABLE BORDER=0 cellpadding=5>\n");
printf("<form method=\"GET\" action=\"%s\" name=\"serviceform\">\n",HISTOGRAM_CGI);
printf("<input type='hidden' name='input' value='getoptions'>\n");
- printf("<input type='hidden' name='host' value='%s'>\n",(first_service==NULL)?"unknown":first_service);
+ printf("<input type='hidden' name='host' value='%s'>\n",(first_service==NULL)?"unknown":(char *)escape_string(first_service));
printf("<tr><td class='reportSelectSubTitle'>Service:</td>\n");
printf("<td class='reportSelectItem'>\n");
@@ -754,7 +754,7 @@
for(temp_service=service_list;temp_service!=NULL;temp_service=temp_service->next){
if(is_authorized_for_service(temp_service,¤t_authdata)==TRUE)
- printf("<option value='%s'>%s;%s\n",temp_service->description,temp_service->host_name,temp_service->description);
+ printf("<option value='%s'>%s;%s\n",escape_string(temp_service->description),temp_service->host_name,temp_service->description);
}
printf("</select>\n");
@@ -789,9 +789,9 @@
printf("<TABLE BORDER=0 cellpadding=5>\n");
printf("<form method=\"GET\" action=\"%s\">\n",HISTOGRAM_CGI);
- printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name));
+ printf("<input type='hidden' name='host' value='%s'>\n",escape_string(host_name));
if(display_type==DISPLAY_SERVICE_HISTOGRAM)
- printf("<input type='hidden' name='service' value='%s'>\n",url_encode(svc_description));
+ printf("<input type='hidden' name='service' value='%s'>\n",escape_string(svc_description));
printf("<tr><td class='reportSelectSubTitle' align=right>Report Period:</td>\n");
printf("<td class='reportSelectItem'>\n");
diff -ruN nagios3-3.0.3/cgi/history.c nagios3-3.0.5/cgi/history.c
--- nagios3-3.0.3/cgi/history.c 2008-06-23 22:47:44.000000000 +0200
+++ nagios3-3.0.5/cgi/history.c 2008-10-16 00:40:08.000000000 +0200
@@ -204,9 +204,9 @@
printf("<table border=0 CLASS='optBox'>\n");
printf("<form method=\"GET\" action=\"%s\">\n",HISTORY_CGI);
- printf("<input type='hidden' name='host' value='%s'>\n",(show_all_hosts==TRUE)?"all":url_encode(host_name));
+ printf("<input type='hidden' name='host' value='%s'>\n",(show_all_hosts==TRUE)?"all":escape_string(host_name));
if(display_type==DISPLAY_SERVICES)
- printf("<input type='hidden' name='service' value='%s'>\n",url_encode(svc_description));
+ printf("<input type='hidden' name='service' value='%s'>\n",escape_string(svc_description));
printf("<input type='hidden' name='archive' value='%d'>\n",log_archive);
printf("<tr>\n");
diff -ruN nagios3-3.0.3/cgi/Makefile.in nagios3-3.0.5/cgi/Makefile.in
--- nagios3-3.0.3/cgi/Makefile.in 2008-02-28 20:26:36.000000000 +0100
+++ nagios3-3.0.5/cgi/Makefile.in 2008-11-02 18:32:03.000000000 +0100
@@ -1,7 +1,7 @@
###############################
# Makefile for Nagios CGIs
#
-# Last Modified: 09-04-2007
+# Last Modified: 10-30-2008
###############################
@@ -130,8 +130,8 @@
checksanity.cgi: checksanity.c $(CGIDEPS) $(CDATADEPS) $(DDATADEPS)
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ checksanity.c $(CGILIBS) $(CDATALIBS) $(DDATALIBS) $(LIBS)
-cmd.cgi: cmd.c $(CGIDEPS) $(CDATADEPS) $(DDATADEPS)
- $(CC) $(CFLAGS) $(LDFLAGS) -o $@ cmd.c $(CGILIBS) $(CDATALIBS) $(DDATALIBS) $(LIBS)
+cmd.cgi: cmd.c $(CGIDEPS) $(CDATADEPS) $(DDATADEPS) extcmd_list.o
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ cmd.c extcmd_list.o $(CGILIBS) $(CDATALIBS) $(DDATALIBS) $(LIBS)
config.cgi: config.c $(CGIDEPS)
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ config.c $(CGILIBS) $(LIBS)
diff -ruN nagios3-3.0.3/cgi/notifications.c nagios3-3.0.5/cgi/notifications.c
--- nagios3-3.0.3/cgi/notifications.c 2008-05-19 20:42:27.000000000 +0200
+++ nagios3-3.0.5/cgi/notifications.c 2008-10-16 00:40:08.000000000 +0200
@@ -212,11 +212,11 @@
printf("<table border=0 CLASS='optBox'>\n");
printf("<form method='GET' action='%s'>\n",NOTIFICATIONS_CGI);
if(query_type==FIND_SERVICE){
- printf("<input type='hidden' name='host' value='%s'>\n",url_encode(query_host_name));
- printf("<input type='hidden' name='service' value='%s'>\n",url_encode(query_svc_description));
+ printf("<input type='hidden' name='host' value='%s'>\n",escape_string(query_host_name));
+ printf("<input type='hidden' name='service' value='%s'>\n",escape_string(query_svc_description));
}
else
- printf("<input type='hidden' name='%s' value='%s'>\n",(query_type==FIND_HOST)?"host":"contact",url_encode((query_type==FIND_HOST)?query_host_name:query_contact_name));
+ printf("<input type='hidden' name='%s' value='%s'>\n",(query_type==FIND_HOST)?"host":"contact",(query_type==FIND_HOST)?escape_string(query_host_name):escape_string(query_contact_name));
printf("<input type='hidden' name='archive' value='%d'>\n",log_archive);
printf("<tr>\n");
if(query_type==FIND_SERVICE)
diff -ruN nagios3-3.0.3/cgi/statusmap.c nagios3-3.0.5/cgi/statusmap.c
--- nagios3-3.0.3/cgi/statusmap.c 2008-05-19 20:42:28.000000000 +0200
+++ nagios3-3.0.5/cgi/statusmap.c 2008-10-16 00:40:08.000000000 +0200
@@ -700,7 +700,7 @@
printf("<form method=\"POST\" action=\"%s\">\n",STATUSMAP_CGI);
printf("<table border=0 CLASS='optBox'>\n");
printf("<tr><td valign=top>\n");
- printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name));
+ printf("<input type='hidden' name='host' value='%s'>\n",escape_string(host_name));
printf("<input type='hidden' name='layout' value='%d'>\n",layout_method);
printf("</td><td valign=top>\n");
@@ -763,7 +763,7 @@
break;
}
}
- printf("<option value='%s' %s>%s\n",temp_hostgroup->group_name,(found==1)?"SELECTED":"",temp_hostgroup->alias);
+ printf("<option value='%s' %s>%s\n",escape_string(temp_hostgroup->group_name),(found==1)?"SELECTED":"",temp_hostgroup->alias);
}
printf("</select>\n");
printf("</td><td CLASS='optBoxItem' valign=top>Layer mode:<br>");
@@ -1944,8 +1944,8 @@
printf("\\\" border=0 width=40 height=40></td>");
printf("<td class=\\\"popupText\\\"><i>%s</i></td></tr>",(hst->icon_image_alt==NULL)?"":html_encode(hst->icon_image_alt,TRUE));
- printf("<tr><td class=\\\"popupText\\\">Name:</td><td class=\\\"popupText\\\"><b>%s</b></td></tr>",html_encode(hst->name,TRUE));
- printf("<tr><td class=\\\"popupText\\\">Alias:</td><td class=\\\"popupText\\\"><b>%s</b></td></tr>",html_encode(hst->alias,TRUE));
+ printf("<tr><td class=\\\"popupText\\\">Name:</td><td class=\\\"popupText\\\"><b>%s</b></td></tr>",escape_string(hst->name));
+ printf("<tr><td class=\\\"popupText\\\">Alias:</td><td class=\\\"popupText\\\"><b>%s</b></td></tr>",escape_string(hst->alias));
printf("<tr><td class=\\\"popupText\\\">Address:</td><td class=\\\"popupText\\\"><b>%s</b></td></tr>",html_encode(hst->address,TRUE));
printf("<tr><td class=\\\"popupText\\\">State:</td><td class=\\\"popupText\\\"><b>");
@@ -2390,7 +2390,7 @@
if(get_method==TRUE)
printf("&layer=%s",temp_layer->layer_name);
else
- printf("<input type='hidden' name='layer' value='%s'>\n",temp_layer->layer_name);
+ printf("<input type='hidden' name='layer' value='%s'>\n",escape_string(temp_layer->layer_name));
}
if(get_method==TRUE)
diff -ruN nagios3-3.0.3/cgi/statuswml.c nagios3-3.0.5/cgi/statuswml.c
--- nagios3-3.0.3/cgi/statuswml.c 2008-05-19 20:42:28.000000000 +0200
+++ nagios3-3.0.5/cgi/statuswml.c 2008-10-16 00:40:08.000000000 +0200
@@ -2,8 +2,8 @@
*
* STATUSWML.C - Nagios Status CGI for WAP-enabled devices
*
- * Copyright (c) 2001-2007 Ethan Galstad (nagios@nagios.org)
- * Last Modified: 12-13-2007
+ * Copyright (c) 2001-2008 Ethan Galstad (nagios@nagios.org)
+ * Last Modified: 10-15-2008
*
* License:
*
@@ -606,7 +606,7 @@
printf("<card id='card1' title='Status Overview'>\n");
printf("<p align='center' mode='nowrap'>\n");
- printf("<b><anchor title='Status Overview'>Status Overview<go href='%s' method='post'><postfield name='hostgroup' value='%s'/><postfield name='style' value='summary'/></go></anchor></b><br/><br/>\n",STATUSWML_CGI,url_encode(hostgroup_name));
+ printf("<b><anchor title='Status Overview'>Status Overview<go href='%s' method='post'><postfield name='hostgroup' value='%s'/><postfield name='style' value='summary'/></go></anchor></b><br/><br/>\n",STATUSWML_CGI,escape_string(hostgroup_name));
/* check all hostgroups */
for(temp_hostgroup=hostgroup_list;temp_hostgroup!=NULL;temp_hostgroup=temp_hostgroup->next){
@@ -689,7 +689,7 @@
printf("<card id='card1' title='Status Summary'>\n");
printf("<p align='center' mode='nowrap'>\n");
- printf("<b><anchor title='Status Summary'>Status Summary<go href='%s' method='post'><postfield name='hostgroup' value='%s'/><postfield name='style' value='overview'/></go></anchor></b><br/><br/>\n",STATUSWML_CGI,url_encode(hostgroup_name));
+ printf("<b><anchor title='Status Summary'>Status Summary<go href='%s' method='post'><postfield name='hostgroup' value='%s'/><postfield name='style' value='overview'/></go></anchor></b><br/><br/>\n",STATUSWML_CGI,escape_string(hostgroup_name));
/* check all hostgroups */
for(temp_hostgroup=hostgroup_list;temp_hostgroup!=NULL;temp_hostgroup=temp_hostgroup->next){
@@ -911,7 +911,7 @@
printf("</table>\n");
printf("<br/>\n");
- printf("<b><anchor title='View Services'>View Services<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='style' value='servicedetail'/></go></anchor></b>\n",STATUSWML_CGI,url_encode(host_name));
+ printf("<b><anchor title='View Services'>View Services<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='style' value='servicedetail'/></go></anchor></b>\n",STATUSWML_CGI,escape_string(host_name));
printf("<b><anchor title='Host Commands'>Host Commands<go href='#card2'/></anchor></b>\n");
printf("</p>\n");
@@ -930,23 +930,23 @@
printf("<b><anchor title='Acknowledge Problem'>Acknowledge Problem<go href='#card3'/></anchor></b>\n");
if(temp_hoststatus->checks_enabled==FALSE)
- printf("<b><anchor title='Enable Host Checks'>Enable Host Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_ENABLE_HOST_CHECK,CMDMODE_COMMIT);
+ printf("<b><anchor title='Enable Host Checks'>Enable Host Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,escape_string(host_name),CMD_ENABLE_HOST_CHECK,CMDMODE_COMMIT);
else
- printf("<b><anchor title='Disable Host Checks'>Disable Host Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_DISABLE_HOST_CHECK,CMDMODE_COMMIT);
+ printf("<b><anchor title='Disable Host Checks'>Disable Host Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,escape_string(host_name),CMD_DISABLE_HOST_CHECK,CMDMODE_COMMIT);
if(temp_hoststatus->notifications_enabled==FALSE)
- printf("<b><anchor title='Enable Host Notifications'>Enable Host Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_ENABLE_HOST_NOTIFICATIONS,CMDMODE_COMMIT);
+ printf("<b><anchor title='Enable Host Notifications'>Enable Host Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,escape_string(host_name),CMD_ENABLE_HOST_NOTIFICATIONS,CMDMODE_COMMIT);
else
- printf("<b><anchor title='Disable Host Notifications'>Disable Host Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_DISABLE_HOST_NOTIFICATIONS,CMDMODE_COMMIT);
+ printf("<b><anchor title='Disable Host Notifications'>Disable Host Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,escape_string(host_name),CMD_DISABLE_HOST_NOTIFICATIONS,CMDMODE_COMMIT);
- printf("<b><anchor title='Enable All Service Checks'>Enable All Service Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_ENABLE_HOST_SVC_CHECKS,CMDMODE_COMMIT);
+ printf("<b><anchor title='Enable All Service Checks'>Enable All Service Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,escape_string(host_name),CMD_ENABLE_HOST_SVC_CHECKS,CMDMODE_COMMIT);
- printf("<b><anchor title='Disable All Service Checks'>Disable All Service Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_DISABLE_HOST_SVC_CHECKS,CMDMODE_COMMIT);
+ printf("<b><anchor title='Disable All Service Checks'>Disable All Service Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,escape_string(host_name),CMD_DISABLE_HOST_SVC_CHECKS,CMDMODE_COMMIT);
- printf("<b><anchor title='Enable All Service Notifications'>Enable All Service Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_ENABLE_HOST_SVC_NOTIFICATIONS,CMDMODE_COMMIT);
+ printf("<b><anchor title='Enable All Service Notifications'>Enable All Service Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,escape_string(host_name),CMD_ENABLE_HOST_SVC_NOTIFICATIONS,CMDMODE_COMMIT);
- printf("<b><anchor title='Disable All Service Notifications'>Disable All Service Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),CMD_DISABLE_HOST_SVC_NOTIFICATIONS,CMDMODE_COMMIT);
+ printf("<b><anchor title='Disable All Service Notifications'>Disable All Service Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,escape_string(host_name),CMD_DISABLE_HOST_SVC_NOTIFICATIONS,CMDMODE_COMMIT);
printf("</p>\n");
@@ -966,7 +966,7 @@
printf("<input name='comment' value='acknowledged by WAP'/>\n");
printf("<do type='accept'>\n");
- printf("<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='com_author' value='$(name)'/><postfield name='com_data' value='$(comment)'/><postfield name='persistent' value=''/><postfield name='send_notification' value=''/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go>\n",COMMAND_CGI,url_encode(host_name),CMD_ACKNOWLEDGE_HOST_PROBLEM,CMDMODE_COMMIT);
+ printf("<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='com_author' value='$(name)'/><postfield name='com_data' value='$(comment)'/><postfield name='persistent' value=''/><postfield name='send_notification' value=''/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go>\n",COMMAND_CGI,escape_string(host_name),CMD_ACKNOWLEDGE_HOST_PROBLEM,CMDMODE_COMMIT);
printf("</do>\n");
printf("</p>\n");
@@ -986,7 +986,8 @@
/**** MAIN SCREEN (CARD 1) ****/
printf("<card id='card1' title='Host Services'>\n");
printf("<p align='center' mode='nowrap'>\n");
- printf("<b>Host <anchor title='%s'>'%s'<go href='%s' method='post'><postfield name='host' value='%s'/></go></anchor> Services</b><br/>\n",url_encode(host_name),host_name,STATUSWML_CGI,url_encode(host_name));
+ printf("<b>Host <anchor title='%s'>",url_encode(host_name));
+ printf("'%s'<go href='%s' method='post'><postfield name='host' value='%s'/></go></anchor> Services</b><br/>\n",host_name,STATUSWML_CGI,escape_string(host_name));
printf("<table columns='2' align='LL'>\n");
@@ -1127,7 +1128,7 @@
printf("</table>\n");
printf("<br/>\n");
- printf("<b><anchor title='View Host'>View Host<go href='%s' method='post'><postfield name='host' value='%s'/></go></anchor></b>\n",STATUSWML_CGI,url_encode(host_name));
+ printf("<b><anchor title='View Host'>View Host<go href='%s' method='post'><postfield name='host' value='%s'/></go></anchor></b>\n",STATUSWML_CGI,escape_string(host_name));
printf("<b><anchor title='Service Commands'>Svc. Commands<go href='#card2'/></anchor></b>\n");
printf("</p>\n");
@@ -1142,17 +1143,26 @@
if(temp_servicestatus->status!=SERVICE_OK && temp_servicestatus->status!=SERVICE_PENDING)
printf("<b><anchor title='Acknowledge Problem'>Acknowledge Problem<go href='#card3'/></anchor></b>\n");
- if(temp_servicestatus->checks_enabled==FALSE)
- printf("<b><anchor title='Enable Checks'>Enable Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),url_encode(service_desc),CMD_ENABLE_SVC_CHECK,CMDMODE_COMMIT);
+ if(temp_servicestatus->checks_enabled==FALSE){
+ printf("<b><anchor title='Enable Checks'>Enable Checks<go href='%s' method='post'><postfield name='host' value='%s'/>",COMMAND_CGI,escape_string(host_name));
+ printf("<postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",escape_string(service_desc),CMD_ENABLE_SVC_CHECK,CMDMODE_COMMIT);
+ }
else{
- printf("<b><anchor title='Disable Checks'>Disable Checks<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),url_encode(service_desc),CMD_DISABLE_SVC_CHECK,CMDMODE_COMMIT);
- printf("<b><anchor title='Schedule Immediate Check'>Schedule Immediate Check<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='start_time' value='%lu'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),url_encode(service_desc),(unsigned long)current_time,CMD_SCHEDULE_SVC_CHECK,CMDMODE_COMMIT);
+ printf("<b><anchor title='Disable Checks'>Disable Checks<go href='%s' method='post'><postfield name='host' value='%s'/>",COMMAND_CGI,escape_string(host_name));
+ printf("<postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",escape_string(service_desc),CMD_DISABLE_SVC_CHECK,CMDMODE_COMMIT);
+
+ printf("<b><anchor title='Schedule Immediate Check'>Schedule Immediate Check<go href='%s' method='post'><postfield name='host' value='%s'/>",COMMAND_CGI,escape_string(host_name));
+ printf("<postfield name='service' value='%s'/><postfield name='start_time' value='%lu'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",escape_string(service_desc),(unsigned long)current_time,CMD_SCHEDULE_SVC_CHECK,CMDMODE_COMMIT);
}
- if(temp_servicestatus->notifications_enabled==FALSE)
- printf("<b><anchor title='Enable Notifications'>Enable Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),url_encode(service_desc),CMD_ENABLE_SVC_NOTIFICATIONS,CMDMODE_COMMIT);
- else
- printf("<b><anchor title='Disable Notifications'>Disable Notifications<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",COMMAND_CGI,url_encode(host_name),url_encode(service_desc),CMD_DISABLE_SVC_NOTIFICATIONS,CMDMODE_COMMIT);
+ if(temp_servicestatus->notifications_enabled==FALSE){
+ printf("<b><anchor title='Enable Notifications'>Enable Notifications<go href='%s' method='post'><postfield name='host' value='%s'/>",COMMAND_CGI,escape_string(host_name));
+ printf("<postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",escape_string(service_desc),CMD_ENABLE_SVC_NOTIFICATIONS,CMDMODE_COMMIT);
+ }
+ else{
+ printf("<b><anchor title='Disable Notifications'>Disable Notifications<go href='%s' method='post'><postfield name='host' value='%s'/>",COMMAND_CGI,escape_string(host_name));
+ printf("<postfield name='service' value='%s'/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go></anchor></b><br/>\n",escape_string(service_desc),CMD_DISABLE_SVC_NOTIFICATIONS,CMDMODE_COMMIT);
+ }
printf("</p>\n");
@@ -1172,7 +1182,8 @@
printf("<input name='comment' value='acknowledged by WAP'/>\n");
printf("<do type='accept'>\n");
- printf("<go href='%s' method='post'><postfield name='host' value='%s'/><postfield name='service' value='%s'/><postfield name='com_author' value='$(name)'/><postfield name='com_data' value='$(comment)'/><postfield name='persistent' value=''/><postfield name='send_notification' value=''/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go>\n",COMMAND_CGI,url_encode(host_name),url_encode(service_desc),CMD_ACKNOWLEDGE_SVC_PROBLEM,CMDMODE_COMMIT);
+ printf("<go href='%s' method='post'><postfield name='host' value='%s'/>",COMMAND_CGI,escape_string(host_name));
+ printf("<postfield name='service' value='%s'/><postfield name='com_author' value='$(name)'/><postfield name='com_data' value='$(comment)'/><postfield name='persistent' value=''/><postfield name='send_notification' value=''/><postfield name='cmd_typ' value='%d'/><postfield name='cmd_mod' value='%d'/><postfield name='content' value='wml'/></go>\n",escape_string(service_desc),CMD_ACKNOWLEDGE_SVC_PROBLEM,CMDMODE_COMMIT);
printf("</do>\n");
printf("</p>\n");
diff -ruN nagios3-3.0.3/cgi/summary.c nagios3-3.0.5/cgi/summary.c
--- nagios3-3.0.3/cgi/summary.c 2008-01-24 03:51:30.000000000 +0100
+++ nagios3-3.0.5/cgi/summary.c 2008-10-16 00:40:08.000000000 +0200
@@ -588,7 +588,7 @@
printf("<option value='all'>** ALL HOSTGROUPS **\n");
for(temp_hostgroup=hostgroup_list;temp_hostgroup!=NULL;temp_hostgroup=temp_hostgroup->next){
if(is_authorized_for_hostgroup(temp_hostgroup,¤t_authdata)==TRUE)
- printf("<option value='%s'>%s\n",temp_hostgroup->group_name,temp_hostgroup->group_name);
+ printf("<option value='%s'>%s\n",escape_string(temp_hostgroup->group_name),temp_hostgroup->group_name);
}
printf("</select>\n");
printf("</td></tr>\n");
@@ -598,7 +598,7 @@
printf("<option value='all'>** ALL SERVICEGROUPS **\n");
for(temp_servicegroup=servicegroup_list;temp_servicegroup!=NULL;temp_servicegroup=temp_servicegroup->next){
if(is_authorized_for_servicegroup(temp_servicegroup,¤t_authdata)==TRUE)
- printf("<option value='%s'>%s\n",temp_servicegroup->group_name,temp_servicegroup->group_name);
+ printf("<option value='%s'>%s\n",escape_string(temp_servicegroup->group_name),temp_servicegroup->group_name);
}
printf("</select>\n");
printf("</td></tr>\n");
@@ -609,7 +609,7 @@
for(temp_host=host_list;temp_host!=NULL;temp_host=temp_host->next){
if(is_authorized_for_host(temp_host,¤t_authdata)==TRUE)
- printf("<option value='%s'>%s\n",temp_host->name,temp_host->name);
+ printf("<option value='%s'>%s\n",escape_string(temp_host->name),temp_host->name);
}
printf("</select>\n");
printf("</td></tr>\n");
diff -ruN nagios3-3.0.3/cgi/trends.c nagios3-3.0.5/cgi/trends.c
--- nagios3-3.0.3/cgi/trends.c 2008-06-23 22:47:46.000000000 +0200
+++ nagios3-3.0.5/cgi/trends.c 2008-10-16 00:40:08.000000000 +0200
@@ -3,7 +3,7 @@
* TRENDS.C - Nagios State Trends CGI
*
* Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
- * Last Modified: 06-23-2008
+ * Last Modified: 10-15-2008
*
* License:
*
@@ -454,9 +454,9 @@
printf("<input type='hidden' name='nomap' value=''>\n");
printf("<input type='hidden' name='t1' value='%lu'>\n",(unsigned long)t1);
printf("<input type='hidden' name='t2' value='%lu'>\n",(unsigned long)t2);
- printf("<input type='hidden' name='host' value='%s'>\n",url_encode(host_name));
+ printf("<input type='hidden' name='host' value='%s'>\n",escape_string(host_name));
if(display_type==DISPLAY_SERVICE_TRENDS)
- printf("<input type='hidden' name='service' value='%s'>\n",url_encode(svc_description));
+ printf("<input type='hidden' name='service' value='%s'>\n",escape_string(svc_description));
printf("<input type='hidden' name='assumeinitialstates' value='%s'>\n",(assume_initial_states==TRUE)?"yes":"no");
printf("<input type='hidden' name='assumestateretention' value='%s'>\n",(assume_state_retention==TRUE)?"yes":"no");
@@ -809,7 +809,7 @@
for(temp_host=host_list;temp_host!=NULL;temp_host=temp_host->next){
if(is_authorized_for_host(temp_host,¤t_authdata)==TRUE)
- printf("<option value='%s'>%s\n",temp_host->name,temp_host->name);
+ printf("<option value='%s'>%s\n",escape_string(temp_host->name),temp_host->name);
}
printf("</select>\n");
@@ -858,7 +858,7 @@
printf("<TABLE BORDER=0 cellpadding=5>\n");
printf("<form method=\"GET\" action=\"%s\" name=\"serviceform\">\n",TRENDS_CGI);
printf("<input type='hidden' name='input' value='getoptions'>\n");
- printf("<input type='hidden' name='host' value='%s'>\n",(first_service==NULL)?"unknown":first_service);
+ printf("<input type='hidden' name='host' value='%s'>\n",(first_service==NULL)?"unknown":(char *)escape_string(first_service));
printf("<tr><td class='reportSelectSubTitle'>Service:</td>\n");
printf("<td class='reportSelectItem'>\n");
@@ -866,7 +866,7 @@
for(temp_service=service_list;temp_service!=NULL;temp_service=temp_service->next){
if(is_authorized_for_service(temp_service,¤t_authdata)==TRUE)
- printf("<option value='%s'>%s;%s\n",temp_service->description,temp_service->host_name,temp_service->description);
+ printf("<option value='%s'>%s;%s\n",escape_string(temp_service->description),temp_service->host_name,temp_service->description);
}
printf("</select>\n");
@@ -901,9 +901,9 @@
printf("<TABLE BORDER=0 CELLPADDING=5>\n");
printf("<form method=\"GET\" action=\"%s\">\n",TRENDS_CGI);
- printf("<input type='hidden' name='host' value='%s'>\n",host_name);
+ printf("<input type='hidden' name='host' value='%s'>\n",escape_string(host_name));
if(display_type==DISPLAY_SERVICE_TRENDS)
- printf("<input type='hidden' name='service' value='%s'>\n",svc_description);
+ printf("<input type='hidden' name='service' value='%s'>\n",escape_string(svc_description));
printf("<tr><td class='reportSelectSubTitle' align=right>Report period:</td>\n");
printf("<td class='reportSelectItem'>\n");
diff -ruN nagios3-3.0.3/Changelog nagios3-3.0.5/Changelog
--- nagios3-3.0.3/Changelog 2008-06-25 20:16:27.000000000 +0200
+++ nagios3-3.0.5/Changelog 2008-11-04 23:28:39.000000000 +0100
@@ -3,6 +3,31 @@
#####################
+3.0.5 - 11/04/2008
+------------------
+* Security fix for Cross Site Request Forgery (CSRF) bug reported by Tim Starling.
+* Sample audio files for CGIs removed from distribution
+* Fix for mutliline config file continuation bug
+* Minor fix to RPM spec file
+* Fix for AIX compiler warnings
+* Minor sample config file fix
+* Added documentation on CGI security issues
+
+
+
+3.0.4 - 10/15/2008
+------------------
+* Fix for properly terminating plugins when parent processes get killed (e.g. using 'killall nagios' with check_timeout plugins running)
+* Fix for event broker callback when service notifications are disabled
+* Fix for scheduling scheduling servicegroup downtime with 'hosts too' option in CGIs
+* Fix for segfault under Solaris with NULL plugin output
+* Fixes for bugs in sample event handlers - stop/start active service checks and enable notifications
+* Cosmetic fix for logging of notifications
+* Fix for high CPU utilization under OS X
+* Fix for host/service name encoding in CGIs (trends and availability reports, etc.)
+
+
+
3.0.3 - 06/25/2008
------------------
* Typo fix in object config routines
diff -ruN nagios3-3.0.3/configure nagios3-3.0.5/configure
--- nagios3-3.0.3/configure 2008-06-25 20:16:28.000000000 +0200
+++ nagios3-3.0.5/configure 2008-11-04 23:28:39.000000000 +0100
@@ -1307,9 +1307,9 @@
PKG_NAME=nagios
-PKG_VERSION="3.0.3"
+PKG_VERSION="3.0.5"
PKG_HOME_URL="http://www.nagios.org/";
-PKG_REL_DATE="06-25-2008"
+PKG_REL_DATE="11-04-2008"
ac_aux_dir=
for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do
diff -ruN nagios3-3.0.3/configure.in nagios3-3.0.5/configure.in
--- nagios3-3.0.3/configure.in 2008-06-25 20:16:28.000000000 +0200
+++ nagios3-3.0.5/configure.in 2008-11-04 23:28:39.000000000 +0100
@@ -9,9 +9,9 @@
AC_PREFIX_DEFAULT(/usr/local/nagios)
PKG_NAME=nagios
-PKG_VERSION="3.0.3"
+PKG_VERSION="3.0.5"
PKG_HOME_URL="http://www.nagios.org/";
-PKG_REL_DATE="06-25-2008"
+PKG_REL_DATE="11-04-2008"
dnl Figure out how to invoke "install" and what install options to use.
AC_PROG_INSTALL
diff -ruN nagios3-3.0.3/contrib/eventhandlers/disable_active_service_checks nagios3-3.0.5/contrib/eventhandlers/disable_active_service_checks
--- nagios3-3.0.3/contrib/eventhandlers/disable_active_service_checks 2008-05-19 20:01:59.000000000 +0200
+++ nagios3-3.0.5/contrib/eventhandlers/disable_active_service_checks 2008-10-15 18:12:09.000000000 +0200
@@ -14,7 +14,7 @@
# the check_external_commands option in the main
# configuration file.
-printfcmd="/bin/printf"
+printfcmd="/usr/bin/printf"
CommandFile="/usr/local/nagios/var/rw/nagios.cmd"
@@ -22,5 +22,5 @@
datetime=`date +%s`
# pipe the command to the command file
-`$printfcmd "[%i] STOP_EXECUTING_SERVICE_CHECKS\n" $datetime >> $CommandFile`
+`$printfcmd "[%i] STOP_EXECUTING_SVC_CHECKS\n" $datetime >> $CommandFile`
diff -ruN nagios3-3.0.3/contrib/eventhandlers/disable_notifications nagios3-3.0.5/contrib/eventhandlers/disable_notifications
--- nagios3-3.0.3/contrib/eventhandlers/disable_notifications 2008-01-24 13:34:57.000000000 +0100
+++ nagios3-3.0.5/contrib/eventhandlers/disable_notifications 2008-10-15 18:12:09.000000000 +0200
@@ -12,7 +12,7 @@
# the check_external_commands option in the main
# configuration file.
-printfcmd="/bin/printf"
+printfcmd="/usr/bin/printf"
CommandFile="/usr/local/nagios/var/rw/nagios.cmd"
diff -ruN nagios3-3.0.3/contrib/eventhandlers/distributed-monitoring/submit_check_result_via_nsca nagios3-3.0.5/contrib/eventhandlers/distributed-monitoring/submit_check_result_via_nsca
--- nagios3-3.0.3/contrib/eventhandlers/distributed-monitoring/submit_check_result_via_nsca 2008-04-14 17:55:06.000000000 +0200
+++ nagios3-3.0.5/contrib/eventhandlers/distributed-monitoring/submit_check_result_via_nsca 2008-10-15 18:12:09.000000000 +0200
@@ -2,7 +2,7 @@
# SUBMIT_CHECK_RESULT_VIA_NSCA
# Written by Ethan Galstad (nagios@nagios.org)
-# Last Modified: 04-13-2008
+# Last Modified: 10-15-2008
#
# This script will send passive check results to the
# nsca daemon that runs on the central Nagios server.
@@ -26,7 +26,7 @@
# IP address of the central server that has the nsca
# daemon running.
-printfcmd="/bin/printf"
+printfcmd="/usr/bin/printf"
NscaBin="/usr/local/nagios/libexec/send_nsca"
NscaCfg="/usr/local/nagios/etc/send_nsca.cfg"
diff -ruN nagios3-3.0.3/contrib/eventhandlers/enable_active_service_checks nagios3-3.0.5/contrib/eventhandlers/enable_active_service_checks
--- nagios3-3.0.3/contrib/eventhandlers/enable_active_service_checks 2008-05-19 20:01:59.000000000 +0200
+++ nagios3-3.0.5/contrib/eventhandlers/enable_active_service_checks 2008-10-15 18:12:09.000000000 +0200
@@ -14,7 +14,7 @@
# the check_external_commands option in the main
# configuration file.
-printfcmd="/bin/printf"
+printfcmd="/usr/bin/printf"
CommandFile="/usr/local/nagios/var/rw/nagios.cmd"
@@ -22,5 +22,5 @@
datetime=`date +%s`
# pipe the command to the command file
-`$printfcmd "[%i] START_EXECUTING_SERVICE_CHECKS\n" $datetime >> $CommandFile`
+`$printfcmd "[%i] START_EXECUTING_SVC_CHECKS\n" $datetime >> $CommandFile`
diff -ruN nagios3-3.0.3/contrib/eventhandlers/enable_notifications nagios3-3.0.5/contrib/eventhandlers/enable_notifications
--- nagios3-3.0.3/contrib/eventhandlers/enable_notifications 2008-01-24 13:34:57.000000000 +0100
+++ nagios3-3.0.5/contrib/eventhandlers/enable_notifications 2008-10-15 18:12:09.000000000 +0200
@@ -12,7 +12,7 @@
# the check_external_commands option in the main
# configuration file.
-printfcmd="/bin/printf"
+printfcmd="/usr/bin/printf"
CommandFile="/usr/local/nagios/var/rw/nagios.cmd"
@@ -20,7 +20,7 @@
datetime=`date +%s`
# pipe the command to the command file
-`printfcmd "[%i] ENABLE_NOTIFICATIONS;%i\n" $datetime $datetime >> $CommandFile`
+`$printfcmd "[%i] ENABLE_NOTIFICATIONS;%i\n" $datetime $datetime >> $CommandFile`
diff -ruN nagios3-3.0.3/debian/changelog nagios3-3.0.5/debian/changelog
--- nagios3-3.0.3/debian/changelog 2008-11-28 21:58:43.000000000 +0100
+++ nagios3-3.0.5/debian/changelog 2008-11-28 21:59:52.000000000 +0100
@@ -1,6 +1,20 @@
+nagios3 (3.0.5-1) unstable; urgency=low
+
+ [ Christian Perrier ]
+ * Fix pending l10n issues. Debconf translations:
+ - Italian. Closes: #505813
+ - Polish. Closes: #506851
+
+ [ Alexander Wirt ]
+ * New upstream version
+ - Adds security fix for cmd.cgi (Closes: #504894)
+ This security problem is referenced as CVE-2008-5028 and SA32610
+
+ -- Alexander Wirt <formorer@debian.org> Fri, 28 Nov 2008 21:18:27 +0100
+
nagios3 (3.0.3-3) unstable; urgency=low
- [ Alexander Wirt]
+ [ Alexander Wirt ]
* Create /var/lib/nagios3/spool/checkresults (Closes: #492201)
* Refer to nagios-plugins-basic instead of nagios-plugins in commands.cfg
(Closes: #493107)
diff -ruN nagios3-3.0.3/debian/patches/00list nagios3-3.0.5/debian/patches/00list
--- nagios3-3.0.3/debian/patches/00list 2008-11-28 21:58:43.000000000 +0100
+++ nagios3-3.0.5/debian/patches/00list 2008-11-28 21:59:52.000000000 +0100
@@ -5,3 +5,4 @@
52_nagios.cfg-debianize.dpatch
60_fix_p1.pl_patch_mini_epn.dpatch
70_fix_eventhandler_paths.dpatch
+80_fix_encoding_trends.cgi.dpatch
diff -ruN nagios3-3.0.3/debian/patches/52_nagios.cfg-debianize.dpatch nagios3-3.0.5/debian/patches/52_nagios.cfg-debianize.dpatch
--- nagios3-3.0.3/debian/patches/52_nagios.cfg-debianize.dpatch 2008-11-28 21:58:43.000000000 +0100
+++ nagios3-3.0.5/debian/patches/52_nagios.cfg-debianize.dpatch 2008-11-28 21:59:52.000000000 +0100
@@ -5,31 +5,30 @@
## DP: Debianize nagios.cfg
@DPATCH@
-diff -urNad nagios3-3.0.3~/sample-config/nagios.cfg.in nagios3-3.0.3/sample-config/nagios.cfg.in
---- nagios3-3.0.3~/sample-config/nagios.cfg.in 2008-05-19 20:02:08.000000000 +0200
-+++ nagios3-3.0.3/sample-config/nagios.cfg.in 2008-07-21 01:09:01.000000000 +0200
-@@ -1,11 +1,6 @@
- ##############################################################################
+diff -urNad nagios3-3.0.5~/sample-config/nagios.cfg.in nagios3-3.0.5/sample-config/nagios.cfg.in
+--- nagios3-3.0.5~/sample-config/nagios.cfg.in 2008-11-02 19:51:30.000000000 +0100
++++ nagios3-3.0.5/sample-config/nagios.cfg.in 2008-11-28 21:42:19.000000000 +0100
+@@ -2,10 +2,6 @@
#
# NAGIOS.CFG - Sample Main Config File for Nagios @VERSION@
--#
+ #
-# Read the documentation for more information on this configuration
-# file. I've provided some comments here, but things may not be so
-# clear without further explanation.
-#
- # Last Modified: 05-19-2008
+ # Last Modified: 10-15-2008
#
##############################################################################
-@@ -16,9 +11,19 @@
+@@ -16,9 +12,19 @@
# for historical purposes. This should be the first option specified
# in the config file!!!
-log_file=@localstatedir@/nagios.log
+log_file=/var/log/nagios3/nagios.log
-+
+
+# Commands definitions
+cfg_file=/etc/nagios3/commands.cfg
-
++
+# Debian also defaults to using the check commands defined by the debian
+# nagios-plugins package
+cfg_dir=/etc/nagios-plugins/config
@@ -41,7 +40,7 @@
# OBJECT CONFIGURATION FILE(S)
# These are the object configuration files in which you define hosts,
-@@ -27,13 +32,10 @@
+@@ -27,13 +33,10 @@
# if you wish (as shown below), or keep them all in a single config file.
# You can specify individual object config files as shown below:
@@ -59,7 +58,7 @@
# Definitions for monitoring a Windows machine
#cfg_file=@sysconfdir@/objects/windows.cfg
-@@ -64,7 +66,7 @@
+@@ -64,7 +67,7 @@
# directly) in order to prevent inconsistencies that can occur
# when the config files are modified after Nagios starts.
@@ -68,7 +67,7 @@
-@@ -103,7 +105,7 @@
+@@ -103,7 +106,7 @@
# The contents of the status file are deleted every time Nagios
# restarts.
@@ -77,7 +76,7 @@
-@@ -140,7 +142,7 @@
+@@ -140,7 +143,7 @@
# you will have to enable this.
# Values: 0 = disable commands, 1 = enable commands
@@ -86,7 +85,7 @@
-@@ -169,6 +171,8 @@
+@@ -169,6 +172,8 @@
# is running as (usually 'nobody'). Permissions should be set at the
# directory level instead of on the file, as the file is deleted every
# time its contents are processed.
@@ -95,7 +94,7 @@
command_file=@localstatedir@/rw/nagios.cmd
-@@ -198,7 +202,7 @@
+@@ -198,7 +203,7 @@
# is created, used, and deleted throughout the time that Nagios is
# running.
@@ -104,7 +103,7 @@
-@@ -264,7 +268,7 @@
+@@ -264,7 +269,7 @@
# This is the directory where archived (rotated) log files should be
# placed (assuming you've chosen to do log rotation).
@@ -113,7 +112,7 @@
-@@ -1051,7 +1055,7 @@
+@@ -1059,7 +1064,7 @@
# strict-iso8601 (YYYY-MM-DDTHH:MM:SS)
#
@@ -122,7 +121,7 @@
-@@ -1081,7 +1085,7 @@
+@@ -1089,7 +1094,7 @@
# embedded Perl interpreter) is located. If you didn't compile
# Nagios with embedded Perl support, this option has no effect.
@@ -131,7 +130,7 @@
-@@ -1165,8 +1169,8 @@
+@@ -1173,8 +1178,8 @@
# using the $ADMINEMAIL$ and $ADMINPAGER$ macros in your notification
# commands.
diff -ruN nagios3-3.0.3/debian/patches/70_fix_eventhandler_paths.dpatch nagios3-3.0.5/debian/patches/70_fix_eventhandler_paths.dpatch
--- nagios3-3.0.3/debian/patches/70_fix_eventhandler_paths.dpatch 2008-11-28 21:58:43.000000000 +0100
+++ nagios3-3.0.5/debian/patches/70_fix_eventhandler_paths.dpatch 2008-11-28 21:59:52.000000000 +0100
@@ -5,39 +5,33 @@
## DP: Fixes paths for all contributed eventhandlers
@DPATCH@
-diff -urNad nagios3-3.0.3~/contrib/eventhandlers/disable_active_service_checks nagios3-3.0.3/contrib/eventhandlers/disable_active_service_checks
---- nagios3-3.0.3~/contrib/eventhandlers/disable_active_service_checks 2008-05-19 20:01:59.000000000 +0200
-+++ nagios3-3.0.3/contrib/eventhandlers/disable_active_service_checks 2008-08-05 09:56:27.000000000 +0200
-@@ -14,9 +14,9 @@
- # the check_external_commands option in the main
- # configuration file.
+diff -urNad nagios3-3.0.5~/contrib/eventhandlers/disable_active_service_checks nagios3-3.0.5/contrib/eventhandlers/disable_active_service_checks
+--- nagios3-3.0.5~/contrib/eventhandlers/disable_active_service_checks 2008-10-15 18:12:09.000000000 +0200
++++ nagios3-3.0.5/contrib/eventhandlers/disable_active_service_checks 2008-11-28 21:48:00.000000000 +0100
+@@ -16,7 +16,7 @@
--printfcmd="/bin/printf"
-+printfcmd="/usr/bin/printf"
+ printfcmd="/usr/bin/printf"
-CommandFile="/usr/local/nagios/var/rw/nagios.cmd"
+CommandFile="/var/lib/nagios3/rw/nagios.cmd"
# get the current date/time in seconds since UNIX epoch
datetime=`date +%s`
-diff -urNad nagios3-3.0.3~/contrib/eventhandlers/disable_notifications nagios3-3.0.3/contrib/eventhandlers/disable_notifications
---- nagios3-3.0.3~/contrib/eventhandlers/disable_notifications 2008-01-24 13:34:57.000000000 +0100
-+++ nagios3-3.0.3/contrib/eventhandlers/disable_notifications 2008-08-05 09:56:27.000000000 +0200
-@@ -12,9 +12,9 @@
- # the check_external_commands option in the main
- # configuration file.
+diff -urNad nagios3-3.0.5~/contrib/eventhandlers/disable_notifications nagios3-3.0.5/contrib/eventhandlers/disable_notifications
+--- nagios3-3.0.5~/contrib/eventhandlers/disable_notifications 2008-10-15 18:12:09.000000000 +0200
++++ nagios3-3.0.5/contrib/eventhandlers/disable_notifications 2008-11-28 21:48:35.000000000 +0100
+@@ -14,7 +14,7 @@
--printfcmd="/bin/printf"
-+printfcmd="/usr/bin/printf"
+ printfcmd="/usr/bin/printf"
-CommandFile="/usr/local/nagios/var/rw/nagios.cmd"
+CommandFile="/var/lib/nagios3/rw/nagios.cmd"
# get the current date/time in seconds since UNIX epoch
datetime=`date +%s`
-diff -urNad nagios3-3.0.3~/contrib/eventhandlers/distributed-monitoring/obsessive_svc_handler nagios3-3.0.3/contrib/eventhandlers/distributed-monitoring/obsessive_svc_handler
---- nagios3-3.0.3~/contrib/eventhandlers/distributed-monitoring/obsessive_svc_handler 2002-02-26 05:03:37.000000000 +0100
-+++ nagios3-3.0.3/contrib/eventhandlers/distributed-monitoring/obsessive_svc_handler 2008-08-05 09:57:54.000000000 +0200
+diff -urNad nagios3-3.0.5~/contrib/eventhandlers/distributed-monitoring/obsessive_svc_handler nagios3-3.0.5/contrib/eventhandlers/distributed-monitoring/obsessive_svc_handler
+--- nagios3-3.0.5~/contrib/eventhandlers/distributed-monitoring/obsessive_svc_handler 2002-02-26 05:03:37.000000000 +0100
++++ nagios3-3.0.5/contrib/eventhandlers/distributed-monitoring/obsessive_svc_handler 2008-11-28 21:47:11.000000000 +0100
@@ -21,7 +21,7 @@
#
@@ -47,56 +41,47 @@
# Convert the state string to the corresponding return code
return_code=-1
-diff -urNad nagios3-3.0.3~/contrib/eventhandlers/distributed-monitoring/submit_check_result_via_nsca nagios3-3.0.3/contrib/eventhandlers/distributed-monitoring/submit_check_result_via_nsca
---- nagios3-3.0.3~/contrib/eventhandlers/distributed-monitoring/submit_check_result_via_nsca 2008-04-14 17:55:06.000000000 +0200
-+++ nagios3-3.0.3/contrib/eventhandlers/distributed-monitoring/submit_check_result_via_nsca 2008-08-05 09:58:47.000000000 +0200
-@@ -26,10 +26,10 @@
- # IP address of the central server that has the nsca
- # daemon running.
+diff -urNad nagios3-3.0.5~/contrib/eventhandlers/distributed-monitoring/submit_check_result_via_nsca nagios3-3.0.5/contrib/eventhandlers/distributed-monitoring/submit_check_result_via_nsca
+--- nagios3-3.0.5~/contrib/eventhandlers/distributed-monitoring/submit_check_result_via_nsca 2008-10-15 18:12:09.000000000 +0200
++++ nagios3-3.0.5/contrib/eventhandlers/distributed-monitoring/submit_check_result_via_nsca 2008-11-28 21:50:14.000000000 +0100
+@@ -28,8 +28,8 @@
--printfcmd="/bin/printf"
-+printfcmd="/usr/bin/printf"
+ printfcmd="/usr/bin/printf"
-NscaBin="/usr/local/nagios/libexec/send_nsca"
-NscaCfg="/usr/local/nagios/etc/send_nsca.cfg"
-+NscaBin="/usr/sbin/send_nsca"
++NscaBin="/usr/sbin/send_nsca"
+NscaCfg="/etc/send_nsca.cfg"
NagiosHost="nagioshost"
# Fire the data off to the NSCA daemon using the send_nsca script
-diff -urNad nagios3-3.0.3~/contrib/eventhandlers/enable_active_service_checks nagios3-3.0.3/contrib/eventhandlers/enable_active_service_checks
---- nagios3-3.0.3~/contrib/eventhandlers/enable_active_service_checks 2008-05-19 20:01:59.000000000 +0200
-+++ nagios3-3.0.3/contrib/eventhandlers/enable_active_service_checks 2008-08-05 09:56:27.000000000 +0200
-@@ -14,9 +14,9 @@
- # the check_external_commands option in the main
- # configuration file.
+diff -urNad nagios3-3.0.5~/contrib/eventhandlers/enable_active_service_checks nagios3-3.0.5/contrib/eventhandlers/enable_active_service_checks
+--- nagios3-3.0.5~/contrib/eventhandlers/enable_active_service_checks 2008-10-15 18:12:09.000000000 +0200
++++ nagios3-3.0.5/contrib/eventhandlers/enable_active_service_checks 2008-11-28 21:48:52.000000000 +0100
+@@ -16,7 +16,7 @@
--printfcmd="/bin/printf"
-+printfcmd="/usr/bin/printf"
+ printfcmd="/usr/bin/printf"
-CommandFile="/usr/local/nagios/var/rw/nagios.cmd"
+CommandFile="/var/lib/nagios3/rw/nagios.cmd"
# get the current date/time in seconds since UNIX epoch
datetime=`date +%s`
-diff -urNad nagios3-3.0.3~/contrib/eventhandlers/enable_notifications nagios3-3.0.3/contrib/eventhandlers/enable_notifications
---- nagios3-3.0.3~/contrib/eventhandlers/enable_notifications 2008-01-24 13:34:57.000000000 +0100
-+++ nagios3-3.0.3/contrib/eventhandlers/enable_notifications 2008-08-05 09:56:27.000000000 +0200
-@@ -12,9 +12,9 @@
- # the check_external_commands option in the main
- # configuration file.
+diff -urNad nagios3-3.0.5~/contrib/eventhandlers/enable_notifications nagios3-3.0.5/contrib/eventhandlers/enable_notifications
+--- nagios3-3.0.5~/contrib/eventhandlers/enable_notifications 2008-10-15 18:12:09.000000000 +0200
++++ nagios3-3.0.5/contrib/eventhandlers/enable_notifications 2008-11-28 21:49:40.000000000 +0100
+@@ -14,7 +14,7 @@
--printfcmd="/bin/printf"
-+printfcmd="/usr/bin/printf"
+ printfcmd="/usr/bin/printf"
-CommandFile="/usr/local/nagios/var/rw/nagios.cmd"
+CommandFile="/var/lib/nagios3/rw/nagios.cmd"
# get the current date/time in seconds since UNIX epoch
datetime=`date +%s`
-diff -urNad nagios3-3.0.3~/contrib/eventhandlers/redundancy-scenario1/handle-master-host-event nagios3-3.0.3/contrib/eventhandlers/redundancy-scenario1/handle-master-host-event
---- nagios3-3.0.3~/contrib/eventhandlers/redundancy-scenario1/handle-master-host-event 2004-02-20 05:37:01.000000000 +0100
-+++ nagios3-3.0.3/contrib/eventhandlers/redundancy-scenario1/handle-master-host-event 2008-08-05 09:59:37.000000000 +0200
+diff -urNad nagios3-3.0.5~/contrib/eventhandlers/redundancy-scenario1/handle-master-host-event nagios3-3.0.5/contrib/eventhandlers/redundancy-scenario1/handle-master-host-event
+--- nagios3-3.0.5~/contrib/eventhandlers/redundancy-scenario1/handle-master-host-event 2004-02-20 05:37:01.000000000 +0100
++++ nagios3-3.0.5/contrib/eventhandlers/redundancy-scenario1/handle-master-host-event 2008-11-28 21:47:11.000000000 +0100
@@ -10,10 +10,10 @@
# Location of the echo and mail commands
@@ -110,9 +95,9 @@
# Only take action on hard host states...
-diff -urNad nagios3-3.0.3~/contrib/eventhandlers/redundancy-scenario1/handle-master-proc-event nagios3-3.0.3/contrib/eventhandlers/redundancy-scenario1/handle-master-proc-event
---- nagios3-3.0.3~/contrib/eventhandlers/redundancy-scenario1/handle-master-proc-event 2006-05-30 18:38:01.000000000 +0200
-+++ nagios3-3.0.3/contrib/eventhandlers/redundancy-scenario1/handle-master-proc-event 2008-08-05 09:59:59.000000000 +0200
+diff -urNad nagios3-3.0.5~/contrib/eventhandlers/redundancy-scenario1/handle-master-proc-event nagios3-3.0.5/contrib/eventhandlers/redundancy-scenario1/handle-master-proc-event
+--- nagios3-3.0.5~/contrib/eventhandlers/redundancy-scenario1/handle-master-proc-event 2006-05-30 18:38:01.000000000 +0200
++++ nagios3-3.0.5/contrib/eventhandlers/redundancy-scenario1/handle-master-proc-event 2008-11-28 21:47:11.000000000 +0100
@@ -10,10 +10,10 @@
# Location of the echo and mail commands
@@ -126,9 +111,9 @@
# Only take action on hard service states...
-diff -urNad nagios3-3.0.3~/contrib/eventhandlers/submit_check_result nagios3-3.0.3/contrib/eventhandlers/submit_check_result
---- nagios3-3.0.3~/contrib/eventhandlers/submit_check_result 2002-02-26 05:03:37.000000000 +0100
-+++ nagios3-3.0.3/contrib/eventhandlers/submit_check_result 2008-08-05 09:56:27.000000000 +0200
+diff -urNad nagios3-3.0.5~/contrib/eventhandlers/submit_check_result nagios3-3.0.5/contrib/eventhandlers/submit_check_result
+--- nagios3-3.0.5~/contrib/eventhandlers/submit_check_result 2002-02-26 05:03:37.000000000 +0100
++++ nagios3-3.0.5/contrib/eventhandlers/submit_check_result 2008-11-28 21:47:11.000000000 +0100
@@ -24,7 +24,7 @@
echocmd="/bin/echo"
diff -ruN nagios3-3.0.3/debian/po/fr.po nagios3-3.0.5/debian/po/fr.po
diff -ruN nagios3-3.0.3/debian/po/it.po nagios3-3.0.5/debian/po/it.po
diff -ruN nagios3-3.0.3/debian/po/pl.po nagios3-3.0.5/debian/po/pl.po
diff -ruN nagios3-3.0.3/html/docs/about.html nagios3-3.0.5/html/docs/about.html
diff -ruN nagios3-3.0.3/html/docs/activechecks.html nagios3-3.0.5/html/docs/activechecks.html
diff -ruN nagios3-3.0.3/html/docs/adaptive.html nagios3-3.0.5/html/docs/adaptive.html
diff -ruN nagios3-3.0.3/html/docs/addons.html nagios3-3.0.5/html/docs/addons.html
diff -ruN nagios3-3.0.3/html/docs/beginners.html nagios3-3.0.5/html/docs/beginners.html
diff -ruN nagios3-3.0.3/html/docs/cachedchecks.html nagios3-3.0.5/html/docs/cachedchecks.html
diff -ruN nagios3-3.0.3/html/docs/cgiauth.html nagios3-3.0.5/html/docs/cgiauth.html
diff -ruN nagios3-3.0.3/html/docs/cgiincludes.html nagios3-3.0.5/html/docs/cgiincludes.html
diff -ruN nagios3-3.0.3/html/docs/cgisecurity.html nagios3-3.0.5/html/docs/cgisecurity.html
diff -ruN nagios3-3.0.3/html/docs/cgis.html nagios3-3.0.5/html/docs/cgis.html
diff -ruN nagios3-3.0.3/html/docs/checkscheduling.html nagios3-3.0.5/html/docs/checkscheduling.html
diff -ruN nagios3-3.0.3/html/docs/clusters.html nagios3-3.0.5/html/docs/clusters.html
diff -ruN nagios3-3.0.3/html/docs/configcgi.html nagios3-3.0.5/html/docs/configcgi.html
diff -ruN nagios3-3.0.3/html/docs/config.html nagios3-3.0.5/html/docs/config.html
diff -ruN nagios3-3.0.3/html/docs/configmain.html nagios3-3.0.5/html/docs/configmain.html
diff -ruN nagios3-3.0.3/html/docs/configobject.html nagios3-3.0.5/html/docs/configobject.html
diff -ruN nagios3-3.0.3/html/docs/customobjectvars.html nagios3-3.0.5/html/docs/customobjectvars.html
diff -ruN nagios3-3.0.3/html/docs/dependencies.html nagios3-3.0.5/html/docs/dependencies.html
diff -ruN nagios3-3.0.3/html/docs/dependencychecks.html nagios3-3.0.5/html/docs/dependencychecks.html
diff -ruN nagios3-3.0.3/html/docs/distributed.html nagios3-3.0.5/html/docs/distributed.html
diff -ruN nagios3-3.0.3/html/docs/downtime.html nagios3-3.0.5/html/docs/downtime.html
diff -ruN nagios3-3.0.3/html/docs/embeddedperl.html nagios3-3.0.5/html/docs/embeddedperl.html
diff -ruN nagios3-3.0.3/html/docs/epnplugins.html nagios3-3.0.5/html/docs/epnplugins.html
diff -ruN nagios3-3.0.3/html/docs/escalations.html nagios3-3.0.5/html/docs/escalations.html
diff -ruN nagios3-3.0.3/html/docs/eventhandlers.html nagios3-3.0.5/html/docs/eventhandlers.html
diff -ruN nagios3-3.0.3/html/docs/extcommands.html nagios3-3.0.5/html/docs/extcommands.html
diff -ruN nagios3-3.0.3/html/docs/faststartup.html nagios3-3.0.5/html/docs/faststartup.html
diff -ruN nagios3-3.0.3/html/docs/flapping.html nagios3-3.0.5/html/docs/flapping.html
diff -ruN nagios3-3.0.3/html/docs/freshness.html nagios3-3.0.5/html/docs/freshness.html
diff -ruN nagios3-3.0.3/html/docs/funstuff.html nagios3-3.0.5/html/docs/funstuff.html
diff -ruN nagios3-3.0.3/html/docs/hostchecks.html nagios3-3.0.5/html/docs/hostchecks.html
diff -ruN nagios3-3.0.3/html/docs/index.html nagios3-3.0.5/html/docs/index.html
diff -ruN nagios3-3.0.3/html/docs/integration.html nagios3-3.0.5/html/docs/integration.html
diff -ruN nagios3-3.0.3/html/docs/int-snmptrap.html nagios3-3.0.5/html/docs/int-snmptrap.html
diff -ruN nagios3-3.0.3/html/docs/int-tcpwrappers.html nagios3-3.0.5/html/docs/int-tcpwrappers.html
diff -ruN nagios3-3.0.3/html/docs/largeinstalltweaks.html nagios3-3.0.5/html/docs/largeinstalltweaks.html
diff -ruN nagios3-3.0.3/html/docs/macrolist.html nagios3-3.0.5/html/docs/macrolist.html
diff -ruN nagios3-3.0.3/html/docs/macros.html nagios3-3.0.5/html/docs/macros.html
diff -ruN nagios3-3.0.3/html/docs/monitoring-linux.html nagios3-3.0.5/html/docs/monitoring-linux.html
diff -ruN nagios3-3.0.3/html/docs/monitoring-netware.html nagios3-3.0.5/html/docs/monitoring-netware.html
diff -ruN nagios3-3.0.3/html/docs/monitoring-printers.html nagios3-3.0.5/html/docs/monitoring-printers.html
diff -ruN nagios3-3.0.3/html/docs/monitoring-publicservices.html nagios3-3.0.5/html/docs/monitoring-publicservices.html
diff -ruN nagios3-3.0.3/html/docs/monitoring-routers.html nagios3-3.0.5/html/docs/monitoring-routers.html
diff -ruN nagios3-3.0.3/html/docs/monitoring-windows.html nagios3-3.0.5/html/docs/monitoring-windows.html
diff -ruN nagios3-3.0.3/html/docs/mrtggraphs.html nagios3-3.0.5/html/docs/mrtggraphs.html
diff -ruN nagios3-3.0.3/html/docs/nagiostats.html nagios3-3.0.5/html/docs/nagiostats.html
diff -ruN nagios3-3.0.3/html/docs/networkreachability.html nagios3-3.0.5/html/docs/networkreachability.html
diff -ruN nagios3-3.0.3/html/docs/notifications.html nagios3-3.0.5/html/docs/notifications.html
diff -ruN nagios3-3.0.3/html/docs/objectdefinitions.html nagios3-3.0.5/html/docs/objectdefinitions.html
diff -ruN nagios3-3.0.3/html/docs/objectinheritance.html nagios3-3.0.5/html/docs/objectinheritance.html
diff -ruN nagios3-3.0.3/html/docs/objecttricks.html nagios3-3.0.5/html/docs/objecttricks.html
diff -ruN nagios3-3.0.3/html/docs/oncallrotation.html nagios3-3.0.5/html/docs/oncallrotation.html
diff -ruN nagios3-3.0.3/html/docs/passivechecks.html nagios3-3.0.5/html/docs/passivechecks.html
diff -ruN nagios3-3.0.3/html/docs/passivestatetranslation.html nagios3-3.0.5/html/docs/passivestatetranslation.html
diff -ruN nagios3-3.0.3/html/docs/perfdata.html nagios3-3.0.5/html/docs/perfdata.html
diff -ruN nagios3-3.0.3/html/docs/pluginapi.html nagios3-3.0.5/html/docs/pluginapi.html
diff -ruN nagios3-3.0.3/html/docs/plugins.html nagios3-3.0.5/html/docs/plugins.html
diff -ruN nagios3-3.0.3/html/docs/quickstart-fedora.html nagios3-3.0.5/html/docs/quickstart-fedora.html
diff -ruN nagios3-3.0.3/html/docs/quickstart.html nagios3-3.0.5/html/docs/quickstart.html
diff -ruN nagios3-3.0.3/html/docs/quickstart-opensuse.html nagios3-3.0.5/html/docs/quickstart-opensuse.html
diff -ruN nagios3-3.0.3/html/docs/quickstart-ubuntu.html nagios3-3.0.5/html/docs/quickstart-ubuntu.html
diff -ruN nagios3-3.0.3/html/docs/redundancy.html nagios3-3.0.5/html/docs/redundancy.html
diff -ruN nagios3-3.0.3/html/docs/security.html nagios3-3.0.5/html/docs/security.html
diff -ruN nagios3-3.0.3/html/docs/servicechecks.html nagios3-3.0.5/html/docs/servicechecks.html
diff -ruN nagios3-3.0.3/html/docs/stalking.html nagios3-3.0.5/html/docs/stalking.html
diff -ruN nagios3-3.0.3/html/docs/startstop.html nagios3-3.0.5/html/docs/startstop.html
diff -ruN nagios3-3.0.3/html/docs/statetypes.html nagios3-3.0.5/html/docs/statetypes.html
diff -ruN nagios3-3.0.3/html/docs/timeperiods.html nagios3-3.0.5/html/docs/timeperiods.html
diff -ruN nagios3-3.0.3/html/docs/toc.html nagios3-3.0.5/html/docs/toc.html
diff -ruN nagios3-3.0.3/html/docs/tuning.html nagios3-3.0.5/html/docs/tuning.html
diff -ruN nagios3-3.0.3/html/docs/upgrading.html nagios3-3.0.5/html/docs/upgrading.html
diff -ruN nagios3-3.0.3/html/docs/verifyconfig.html nagios3-3.0.5/html/docs/verifyconfig.html
diff -ruN nagios3-3.0.3/html/docs/volatileservices.html nagios3-3.0.5/html/docs/volatileservices.html
diff -ruN nagios3-3.0.3/html/docs/whatsnew.html nagios3-3.0.5/html/docs/whatsnew.html
diff -ruN nagios3-3.0.3/html/main.html nagios3-3.0.5/html/main.html
diff -ruN nagios3-3.0.3/html/Makefile.in nagios3-3.0.5/html/Makefile.in
diff -ruN nagios3-3.0.3/include/cgiutils.h.in nagios3-3.0.5/include/cgiutils.h.in
--- nagios3-3.0.3/include/cgiutils.h.in 2007-11-11 00:34:26.000000000 +0100
+++ nagios3-3.0.5/include/cgiutils.h.in 2008-10-16 00:40:08.000000000 +0200
@@ -1,8 +1,8 @@
/************************************************************************
*
* CGIUTILS.H - Header file for common CGI functions
- * Copyright (c) 1999-2007 Ethan Galstad (nagios@nagios.org)
- * Last Modified: 10-18-2007
+ * Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
+ * Last Modified: 10-15-2008
*
* License:
*
@@ -484,6 +484,7 @@
char * url_encode(char *); /* encodes a string in proper URL format */
char * html_encode(char *,int); /* encodes a string in HTML format (for what the user sees) */
+char * escape_string(char *); /* escape string for html form usage */
void get_time_breakdown(unsigned long,int *,int *,int *,int *); /* given total seconds, get days, hours, minutes, seconds */
diff -ruN nagios3-3.0.3/include/common.h nagios3-3.0.5/include/common.h
--- nagios3-3.0.3/include/common.h 2008-06-25 20:16:36.000000000 +0200
+++ nagios3-3.0.5/include/common.h 2008-11-04 23:28:40.000000000 +0100
@@ -21,8 +21,8 @@
************************************************************************/
-#define PROGRAM_VERSION "3.0.3"
-#define PROGRAM_MODIFICATION_DATE "06-25-2008"
+#define PROGRAM_VERSION "3.0.5"
+#define PROGRAM_MODIFICATION_DATE "11-04-2008"
/*#define DEBUG_CHECK_IPC 1 */
/*#define DEBUG_CHECK_IPC2 1*/
diff -ruN nagios3-3.0.3/include/config.h.in nagios3-3.0.5/include/config.h.in
--- nagios3-3.0.3/include/config.h.in 2007-11-10 23:54:37.000000000 +0100
+++ nagios3-3.0.5/include/config.h.in 2008-11-02 19:51:30.000000000 +0100
@@ -2,7 +2,7 @@
*
* Nagios Config Header File
* Written By: Ethan Galstad (nagios@nagios.org)
- * Last Modified: 11-10-2007
+ * Last Modified: 11-02-2008
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -102,14 +102,6 @@
#define GETGROUPS_T ""
#define RETSIGTYPE ""
-#ifndef RTLD_GLOBAL
-#define RTLD_GLOBAL 0
-#endif
-
-#ifndef RTLD_NOW
-#define RTLD_NOW 0
-#endif
-
/***** HEADER FILES *****/
@@ -328,6 +320,16 @@
#endif
+/* moved to end to prevent AIX compiler warnings */
+#ifndef RTLD_GLOBAL
+#define RTLD_GLOBAL 0
+#endif
+
+#ifndef RTLD_NOW
+#define RTLD_NOW 0
+#endif
+
+
/***** MARO DEFINITIONS *****/
/* this needs to come after all system include files, so we don't accidentally attempt to redefine it */
diff -ruN nagios3-3.0.3/nagios.spec nagios3-3.0.5/nagios.spec
--- nagios3-3.0.3/nagios.spec 2008-06-25 20:16:28.000000000 +0200
+++ nagios3-3.0.5/nagios.spec 2008-11-02 19:51:29.000000000 +0100
@@ -1,6 +1,6 @@
%define name nagios
-%define version 3.0.3
-%define release 1.fc4.test
+%define version 3.0.5
+%define release 1
%define nsusr nagios
%define nsgrp nagios
%define cmdgrp nagiocmd
diff -ruN nagios3-3.0.3/sample-config/nagios.cfg.in nagios3-3.0.5/sample-config/nagios.cfg.in
--- nagios3-3.0.3/sample-config/nagios.cfg.in 2008-05-19 20:02:08.000000000 +0200
+++ nagios3-3.0.5/sample-config/nagios.cfg.in 2008-11-02 19:51:30.000000000 +0100
@@ -6,7 +6,7 @@
# file. I've provided some comments here, but things may not be so
# clear without further explanation.
#
-# Last Modified: 05-19-2008
+# Last Modified: 10-15-2008
#
##############################################################################
@@ -544,6 +544,14 @@
+# TIME CHANGE ADJUSTMENT THRESHOLDS
+# These options determine when Nagios will react to detected changes
+# in system time (either forward or backwards).
+
+#time_change_threshold=900
+
+
+
# AUTO-RESCHEDULING OPTION
# This option determines whether or not Nagios will attempt to
# automatically reschedule active host and service checks to
diff -ruN nagios3-3.0.3/THANKS nagios3-3.0.5/THANKS
--- nagios3-3.0.3/THANKS 2008-06-23 23:33:00.000000000 +0200
+++ nagios3-3.0.5/THANKS 2008-11-02 19:51:29.000000000 +0100
@@ -14,9 +14,11 @@
* Felipe Almeida
* Jon Andrews
* Michael Anthon
+* Bernd Arnold
* Erwan Arzur
* Volker Aust
* Hendrik Baecker
+* Markus Baertschi
* Michael Bailey
* Luigi Balzano
* Sebastien Barbereau
@@ -61,6 +63,7 @@
* Stephen Davies
* Karl DeBisschop
* Tom De Blende
+* Mark DeTrano
* Thomas Dohl
* Mike Dorman
* Alok Dubey
@@ -102,6 +105,7 @@
* Ronald Ho
* Stanley Hopcroft
* Sam Howard
+* Torsten Huebler
* Stig Jacobsen
* Percy Jahn
* Stewart James
@@ -119,6 +123,7 @@
* Rene Klootwijk
* David Kmoch
* Brandon Knitter
+* Uwe Knop
* Ryoji Kobayashi
* Uwe Knop
* Daniel Koffler
@@ -131,6 +136,7 @@
* Gerhard Lausser
* William Leibzon
* Pedro Leite
+* Bernard Li
* Joerg Linge
* Michael Little
* Shad Lords
@@ -155,6 +161,7 @@
* Gerd Mueller
* Bob (Netshell)
* Time Niemueller
+* Sven Nierlein
* Michael O'Reilly
* Tomer Okavi
* Vadim Okun
@@ -168,6 +175,7 @@
* Janet Post
* Paul Pot
* Marc Powell
+* William Preston
* Patrick Proy
* Luiz Felipe R E
* Alain Radix
@@ -189,8 +197,10 @@
* Chris Rothecker
* John Rouillard
* Yves Rubin
+* Jonathan Saggau
* Karel Salavec
* Jorge Sanchez
+* Bogdan Sandu
* Pavel Satrapa
* Mark Schenker
* David Schlecht
@@ -207,6 +217,7 @@
* Gordon Smith
* Lou Sneddon
* Mark Spieth
+* Tim Starling
* Thomas Stolle
* Kevin Stone
* Herbert Straub
@@ -241,6 +252,7 @@
* Florian Weimer
* Chris Witterholt
* Evan Winter
+* Armin Wolfermann
* Greg Woods
* Cliff Woolley
* Mitch Wright
diff -ruN nagios3-3.0.3/update-version nagios3-3.0.5/update-version
--- nagios3-3.0.3/update-version 2008-06-25 20:16:29.000000000 +0200
+++ nagios3-3.0.5/update-version 2008-11-04 23:28:39.000000000 +0100
@@ -10,10 +10,10 @@
fi
# Current version number
-CURRENTVERSION=3.0.3
+CURRENTVERSION=3.0.5
# Last date
-LASTDATE=06-25-2008
+LASTDATE=11-04-2008
if [ "x$1" = "x" ]
then
diff -ruN nagios3-3.0.3/xdata/xpddefault.c nagios3-3.0.5/xdata/xpddefault.c
--- nagios3-3.0.3/xdata/xpddefault.c 2007-12-09 00:57:48.000000000 +0100
+++ nagios3-3.0.5/xdata/xpddefault.c 2008-11-02 19:51:30.000000000 +0100
@@ -2,8 +2,8 @@
*
* XPDDEFAULT.C - Default performance data routines
*
- * Copyright (c) 2000-2007 Ethan Galstad (nagios@nagios.org)
- * Last Modified: 12-08-2007
+ * Copyright (c) 2000-2008 Ethan Galstad (nagios@nagios.org)
+ * Last Modified: 11-02-2008
*
* License:
*
@@ -316,11 +316,11 @@
/* periodically process the host perfdata file */
if(xpddefault_host_perfdata_file_processing_interval>0 && xpddefault_host_perfdata_file_processing_command!=NULL)
- schedule_new_event(EVENT_USER_FUNCTION,TRUE,current_time+xpddefault_host_perfdata_file_processing_interval,TRUE,xpddefault_host_perfdata_file_processing_interval,NULL,TRUE,xpddefault_process_host_perfdata_file,NULL,0);
+ schedule_new_event(EVENT_USER_FUNCTION,TRUE,current_time+xpddefault_host_perfdata_file_processing_interval,TRUE,xpddefault_host_perfdata_file_processing_interval,NULL,TRUE,(void *)xpddefault_process_host_perfdata_file,NULL,0);
/* periodically process the service perfdata file */
if(xpddefault_service_perfdata_file_processing_interval>0 && xpddefault_service_perfdata_file_processing_command!=NULL)
- schedule_new_event(EVENT_USER_FUNCTION,TRUE,current_time+xpddefault_service_perfdata_file_processing_interval,TRUE,xpddefault_service_perfdata_file_processing_interval,NULL,TRUE,xpddefault_process_service_perfdata_file,NULL,0);
+ schedule_new_event(EVENT_USER_FUNCTION,TRUE,current_time+xpddefault_service_perfdata_file_processing_interval,TRUE,xpddefault_service_perfdata_file_processing_interval,NULL,TRUE,(void *)xpddefault_process_service_perfdata_file,NULL,0);
/* save the host perf data file macro */
my_free(macro_x[MACRO_HOSTPERFDATAFILE]);
Reply to: