Is a null username possible with check_http
Jim McNamara
jim at packetalk.net
Wed Jul 29 21:09:43 CEST 2009
On Wed, 2009-07-29 at 12:59 -0500, Marc Powell wrote:
> On Jul 29, 2009, at 11:46 AM, Jim McNamara wrote:
>
> > I posted this question to the nagiosplugins-help list last Wednesday
> > but received no answers. I hope I receive some insight from this list!
> >
> > -------------------------------------------------------------------------------------------
> >
> > I'm running nagios 3.0.6 with plugins 1.4.13 both compiled from
> > source on a debian machine. We recently added dataprobe iboot remote
> > power switches to my network. They have basic web authentication,
> > but the authentication only uses a password, not a username. I tried
> > several different things with the -a modifier to check_http, and all
> > failed to get an OK result from the plugin. Among the tests were -
> >
> > -a \n:PASS
> > -a \r:PASS
> > -a *:PASS
> > -a :PASS
> > -a garbage:PASS
> >
> > All of the tests lead to a 401 error, as shown in this verbose
> > output -
> >
> > /usr/local/nagios/libexec/check_http -I 192.168.1.254 -a \n:PASS -v
> > GET / HTTP/1.0
> > User-Agent: check_http/v2053 (nagios-plugins 1.4.13)
> > Connection: close
> > Authorization: Basic bjpyZWJvb3Q=
> >
> >
> > http://192.168.1.254:80/ is 97 characters
> > STATUS: HTTP/1.0 401 Not Authorized
> > **** HEADER ****
> > WWW-Authenticate: Basic realm="iBoot"
> > **** CONTENT ****
> > <html><h2>Error</h2></html>
> > HTTP WARNING: HTTP/1.0 401 Not Authorized
> >
> > Is there some way to pass an empty or null username to this device?
> > When authenticating as a human through a browser, leaving the
> > username empty and the default password of PASS lets you in. Thanks
> > for any suggestions!
>
> Looking at the code, it does no modification of the auth info you
> provide other than encoding to base64. Based on how basic auth works,
> '-a :PASS' should do it as that will be encoded, sent, then decoded by
> the server into ':PASS'. This is the proper format for basic auth
> without username. You can easily decode what is being sent to the
> server by check_http (as above) to verify 'n:reboot'. I would try
> capturing the information sent by your browser to verify that the auth
> info is the same.
>
> --
> Marc
Marc,
Thanks for that help. Unfortunately it leads to some unusual results.
Both authenticating from firefox on a windows host and on the CLI from
the linux server show the same credentials being passed, as shown here:
(Windows)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.0.12)
Gecko/2009070611 Firefox/3.0.12\r\n
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
\r\n
Accept-Language: en-us,en;q=0.5\r\n
Accept-Encoding: gzip,deflate\r\n
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n
Keep-Alive: 300\r\n
Connection: keep-alive\r\n
Authorization: Basic OnJlYm9vdA==\r\n
Credentials: :reboot
\r\n
(Linux)
GET / HTTP/1.0\r\n
User-Agent: check_http/v2053 (nagios-plugins 1.4.13)\r\n
Connection: close\r\n
Authorization: Basic OnJlYm9vdA==\r\n
Credentials: :reboot
\r\n
So both agents pass the correct info to the unit, but something clearly
doesn't behave well. I do see a fair amount of javascript in the
windows capture after the authentication, could that be part of the
issue? Also the "Connection: close\r\n sent by check_http has me
wondering if is closing the stream before some of the authentication is
completed? I have both captures from tshark and wireshark saved if
seeing the full info would be any help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20090729/20724dd2/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list