BUG (Possible): Custom Data Input Method

Post general support questions here that do not specifically fall into the Linux or Windows categories.

Moderators: Developers, Moderators

Post Reply
tymbow
Cacti User
Posts: 54
Joined: Sat May 14, 2005 8:00 pm

BUG (Possible): Custom Data Input Method

Post by tymbow »

I have a number of templates that use a custom data input method that runs a Perl script that takes a number of input fields the contents of which vary for each target host.

Long story short, two of the input fields are "username" and "password". What I'm finding is that passwords that contain either ' or $ are not working. If I run the command line for the script manually all is fine thus I'm guessing this is a PHP issue with special characters in text fields.

Is this a known bug, or is there a recommended work around (apart from using passwords without the offending characters of course)?
User avatar
TheWitness
Developer
Posts: 17007
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Post by TheWitness »

Place single quotes around the output in your prel script. Does this help the issue? What poller are you using?

TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
tymbow
Cacti User
Posts: 54
Joined: Sat May 14, 2005 8:00 pm

Post by tymbow »

I'm using Spine on Windows.

If I check the cacti log, the command to run which includes the Perl script and username/password is actually correct. That is, if I just copy this line and run it on the command line it works perfectly and returns the correct data.

My security colleagues have now actually adjusted the "offending" passwords so the problem is mitigated for now. What I will try and do is to replicate it on our test platform and try to get more specific details on what conditions cause the error.
User avatar
TheWitness
Developer
Posts: 17007
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Post by TheWitness »

Well, that works too :)

TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
tymbow
Cacti User
Posts: 54
Joined: Sat May 14, 2005 8:00 pm

Post by tymbow »

Some brief tests seem to indicate that the "offending" characters, so far at least, were:

Code: Select all

(
) 
'
$
I'm not that familiar with PHP, but I'm assuming these may be reserved characters which is what makes me wonder if there is an issue when the command line script is called by Spine.

As the script runs properly on the Windows command line, Windows obviously does not have issue with them which leaves PHP or Spine. It may be that they need to be quoted when called, but I can't see how to achieve this. The quoting needs to occur when the command line is built so changing the Perl script will have no effect.

FYI, what the script does is scrapes and parses an HTML page which contains memory usage data for Blue Coat SG proxies and spits out a series of "parameter:value" fields that get used by Cacti. It is used thus:

Code: Select all

perl script.pl device username password
I'll keep toying about with it.
tymbow
Cacti User
Posts: 54
Joined: Sat May 14, 2005 8:00 pm

Post by tymbow »

TheWitness wrote:Well, that works too :)
Yeah it did :)

However, as a follow on to this, we recently had another issue with special characters involving the "ss_host_cpu.php" and "ss_host_disk.php" scripts for some new hosts with special characters in their SNMP community strings. The scripts kept returning 0 items with no errors which was not the case. Running them from the command line revealed the problem with the characters.

Again we changed the strings to someone less "offensive" but there definitely seems to be some issues with how Cacti handles certain characters in passwords, community strings etc. God I wish our security bods would make less crazy passwords...
Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests