[Nagiosplug-devel] [ nagiosplug-Bugs-2531905 ] check_mysql does not properly handle passwords in from file.

SourceForge.net noreply at sourceforge.net
Sat Jan 24 00:13:16 CET 2009


Bugs item #2531905, was opened at 2009-01-23 18:13
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=2531905&group_id=29880

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Argument proccessing
Group: Release (specify)
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Ben Timby (btimby)
Assigned to: Nobody/Anonymous (nobody)
Summary: check_mysql does not properly handle passwords in from file.

Initial Comment:
-----------------
     PROBLEM
-----------------
The mysql client can use a password from a configuration file. This feature is nice as it keeps the password off of the command line.

The check_mysql function does not allow for this. Even though the program informs you via a warning that passing the password on the command line is insecure. It does not allow for the best alternative.

According to mysql, the mysql_connect() and mysql_real_connect() both allow a value of NULL to be given for the password.

http://dev.mysql.com/doc/refman/5.1/en/mysql-real-connect.html

In this case, if a password was read from the option file, it will be used for authentication. The constant "" is used in the case of NO password.

Right now, check_mysql, in the validate_arguments() function sets the value of db_pass to "" if it was not provided on the command line. This prevents the password configured in the option file from being used.

-----------------
   TEST CASE
-----------------
# vi $HOME/.my.cnf
[client]
password=foo
# ./check_mysql
Access denied for user 'root'@'localhost' (using password: NO)

-----------------
      PATCH
-----------------
The attached patch remedies this. It uses the same method as the mysql client to determine if NULL or "" should be used.

If -p is provided, without a value, then "" is used. If -p is omitted, then NULL is used. If -p is provided WITH a password, that password is used.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=2531905&group_id=29880




More information about the Devel mailing list