xymonnet not working for basic authentication with # in password
list Max Xu
I am have something like httpstatus;https://admin_name:passwdXY#user-d18882f5cf4a@xymon.invalid/abc;200 in hosts.cfg. Xymonnet fails to parse it. Log says: URL : https://admin_name:443/#user-d18882f5cf4a@xymon.invalid/abc HTTP status : 0 Looking at code(version 4.3.24), ‘#' causes NULL auth, which will cause user name part be use as host name. Can this be confirmed? Thanks, -Max
list John Thurston
On 11/3/2017 1:19 PM, Max Xu wrote:
I am have something like httpstatus;https://admin_name:passwdXY#user-d18882f5cf4a@xymon.invalid/abc;200 in hosts.cfg.
It would not surprise me that the # character breaks the parser. The syntax of this line has evolved over the decades, while remaining backwardly compatible. It is a truly spectacular mashup of semicolons, spaces, quotes, and equal signs. Have you tried wrapping the whole httpstatus portion in double-quotes? "httpsstatus;http://foo:b#user-88bdf11bb8d9@xymon.invalid;200"; Have you tried replacing the # with %23 ? I don't really expect it to work, but it's worth a try. -- Do things because you should, not just because you can. John Thurston XXX-XXX-XXXX user-ce4d79d99bab@xymon.invalid Department of Administration State of Alaska
list Max Xu
Thanks John, I did try them all with same result. On 11/3/17, 3:03 PM, "Xymon on behalf of John Thurston" <xymon-bounces at xymon.com on behalf of user-ce4d79d99bab@xymon.invalid> wrote:
On 11/3/2017 1:19 PM, Max Xu wrote:I am have something like httpstatus;https://urldefense.proofpoint.com/v2/url?u=https-3A__admin-5Fname-3ApasswdXY-23Z-40abc.com_abc-3B200&d=DwIGaQ&c=Zok6nrOF6Fe0JtVEqKh3FEeUbToa1PtNBZf6G01cvEQ&r=_rRsvDpSvkhydGEmSgSLQ5J0DhQTISZJFuX6D4Oq8-A&m=dm7hBNws2amD5BULT5yiqOnwxg_cMThGCgONbsIrpZA&s=4CL4rAHy0-BsMW7hps3Dh456ycR5riTr5M7lBIIcWlo&e= in hosts.cfg.
▸
It would not surprise me that the # character breaks the parser. The syntax of this line has evolved over the decades, while remaining backwardly compatible. It is a truly spectacular mashup of semicolons, spaces, quotes, and equal signs. Have you tried wrapping the whole httpstatus portion in double-quotes?
"httpsstatus;https://urldefense.proofpoint.com/v2/url?u=http-3A__foo-3Ab-23r-40baz.com-3B200&d=DwIGaQ&c=Zok6nrOF6Fe0JtVEqKh3FEeUbToa1PtNBZf6G01cvEQ&r=_rRsvDpSvkhydGEmSgSLQ5J0DhQTISZJFuX6D4Oq8-A&m=dm7hBNws2amD5BULT5yiqOnwxg_cMThGCgONbsIrpZA&s=2Mnx0bcUCUbyCPPK-IbfGYmy_egZqVsaH8panqcrEUI&e=";
▸
Have you tried replacing the # with %23 ? I don't really expect it to work, but it's worth a try.
--
Do things because you should, not just because you can.
John Thurston XXX-XXX-XXXX
user-ce4d79d99bab@xymon.invalid
Department of Administration
State of Alaska
https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.xymon.com_mailman_listinfo_xymon&d=DwIGaQ&c=Zok6nrOF6Fe0JtVEqKh3FEeUbToa1PtNBZf6G01cvEQ&r=_rRsvDpSvkhydGEmSgSLQ5J0DhQTISZJFuX6D4Oq8-A&m=dm7hBNws2amD5BULT5yiqOnwxg_cMThGCgONbsIrpZA&s=mzYYlmRtaJGRv5qAs_pNKqqRdxBdb8qnLYOdSPucSGs&e=
list Phil Crooker
You could run this in a custom ext script, just use the same TEST name, and of course remove it from hosts.cfg. You'll probably need to add escapes/quotes or whatever works (e.g. you need to put \ in front of all the & chars). Here is one of the tests I use:
/usr/bin/curl --max-time 30 -sS --write-out "\nHTTP_return_code:%{http_code} Time:%{time_total}" > $XYMONHOME/tmp/OUTPUT.$$.$MACHINEDOTS 2>&1 https://whatever.com/blahblah
Try it out manually w/o all the xymon stuff to make sure the URL is read properly. Note the timeout - you'll probably need this for when the connection half works. I write the output to a file so the script can include it in the status message.
cheers.
▸
From: Xymon <xymon-bounces at xymon.com> on behalf of Max Xu <user-0e2fe6810b65@xymon.invalid>
Sent: Tuesday, 7 November 2017 8:40 AM
To: John Thurston; xymon at xymon.com
Subject: Re: [Xymon] xymonnet not working for basic authentication with # in password
Thanks John, I did try them all with same result.
On 11/3/17, 3:03 PM, "Xymon on behalf of John Thurston" <xymon-bounces at xymon.com on behalf of user-ce4d79d99bab@xymon.invalid> wrote:
On 11/3/2017 1:19 PM, Max Xu wrote:I am have something like httpstatus;https://urldefense.proofpoint.com/v2/url?u=https-3A__admin-5Fname-3ApasswdXY-23Z-40abc.com_abc-3B200&d=DwIGaQ&c=Zok6nrOF6Fe0JtVEqKh3FEeUbToa1PtNBZf6G01cvEQ&r=_rRsvDpSvkhydGEmSgSLQ5J0DhQTISZJFuX6D4Oq8-A&m=dm7hBNws2amD5BULT5yiqOnwxg_cMThGCgONbsIrpZA&s=4CL4rAHy0-BsMW7hps3Dh456ycR5riTr5M7lBIIcWlo&e= in hosts.cfg.It would not surprise me that the # character breaks the parser. The syntax of this line has evolved over the decades, while remaining backwardly compatible. It is a truly spectacular mashup of semicolons, spaces, quotes, and equal signs. Have you tried wrapping the whole httpstatus portion in double-quotes? "httpsstatus;https://urldefense.proofpoint.com/v2/url?u=http-3A__foo-3Ab-23r-40baz.com-3B200&d=DwIGaQ&c=Zok6nrOF6Fe0JtVEqKh3FEeUbToa1PtNBZf6G01cvEQ&r=_rRsvDpSvkhydGEmSgSLQ5J0DhQTISZJFuX6D4Oq8-A&m=dm7hBNws2amD5BULT5yiqOnwxg_cMThGCgONbsIrpZA&s=2Mnx0bcUCUbyCPPK-IbfGYmy_egZqVsaH8panqcrEUI&e="; Have you tried replacing the # with %23 ? I don't really expect it to work, but it's worth a try. -- Do things because you should, not just because you can. John Thurston XXX-XXX-XXXX user-ce4d79d99bab@xymon.invalid Department of Administration State of Alaska https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.xymon.com_mailman_listinfo_xymon&d=DwIGaQ&c=Zok6nrOF6Fe0JtVEqKh3FEeUbToa1PtNBZf6G01cvEQ&r=_rRsvDpSvkhydGEmSgSLQ5J0DhQTISZJFuX6D4Oq8-A&m=dm7hBNws2amD5BULT5yiqOnwxg_cMThGCgONbsIrpZA&s=mzYYlmRtaJGRv5qAs_pNKqqRdxBdb8qnLYOdSPucSGs&e=
list Max Xu
Thanks Phil! That is my approach now. Just wanted to confirm the issue and hoped other people don’t need to go through the same effort of testing.
▸
On 11/6/17, 4:58 PM, "Phil Crooker" <user-e8e31cd73303@xymon.invalid> wrote:
You could run this in a custom ext script, just use the same TEST name, and of course remove it from hosts.cfg. You'll probably need to add escapes/quotes or whatever works (e.g. you need to put \ in front of all the & chars). Here is one of the tests I use:
/usr/bin/curl --max-time 30 -sS --write-out "\nHTTP_return_code:%{http_code} Time:%{time_total}" > $XYMONHOME/tmp/OUTPUT.$$.$MACHINEDOTS 2>&1 https://urldefense.proofpoint.com/v2/url?u=https-3A__whatever.com_blahblah&d=DwIFAw&c=Zok6nrOF6Fe0JtVEqKh3FEeUbToa1PtNBZf6G01cvEQ&r=_rRsvDpSvkhydGEmSgSLQ5J0DhQTISZJFuX6D4Oq8-A&m=24udmzCdcvbr1OdUbT5A93xBR3NRkcD-Jm9ogrLo5T0&s=d_2stxh6M8pJNrcrH9mlRS0T3-KWYl32gDFnNHos2ig&e=
▸
Try it out manually w/o all the xymon stuff to make sure the URL is read properly. Note the timeout - you'll probably need this for when the connection half works. I write the output to a file so the script can include it in the status message. cheers. From: Xymon <xymon-bounces at xymon.com> on behalf of Max Xu <user-0e2fe6810b65@xymon.invalid> Sent: Tuesday, 7 November 2017 8:40 AM To: John Thurston; xymon at xymon.com Subject: Re: [Xymon] xymonnet not working for basic authentication with # in password Thanks John, I did try them all with same result. On 11/3/17, 3:03 PM, "Xymon on behalf of John Thurston" <xymon-bounces at xymon.com on behalf of user-ce4d79d99bab@xymon.invalid> wrote:On 11/3/2017 1:19 PM, Max Xu wrote:I am have something like httpstatus;https://urldefense.proofpoint.com/v2/url?u=https-3A__admin-5Fname-3ApasswdXY-23Z-40abc.com_abc-3B200&d=DwIGaQ&c=Zok6nrOF6Fe0JtVEqKh3FEeUbToa1PtNBZf6G01cvEQ&r=_rRsvDpSvkhydGEmSgSLQ5J0DhQTISZJFuX6D4Oq8-A&m=dm7hBNws2amD5BULT5yiqOnwxg_cMThGCgONbsIrpZA&s=4CL4rAHy0-BsMW7hps3Dh456ycR5riTr5M7lBIIcWlo&e= in hosts.cfg.It would not surprise me that the # character breaks the parser. The syntax of this line has evolved over the decades, while remaining backwardly compatible. It is a truly spectacular mashup of semicolons, spaces, quotes, and equal signs. Have you tried wrapping the whole httpstatus portion in double-quotes? "httpsstatus;https://urldefense.proofpoint.com/v2/url?u=http-3A__foo-3Ab-23r-40baz.com-3B200&d=DwIGaQ&c=Zok6nrOF6Fe0JtVEqKh3FEeUbToa1PtNBZf6G01cvEQ&r=_rRsvDpSvkhydGEmSgSLQ5J0DhQTISZJFuX6D4Oq8-A&m=dm7hBNws2amD5BULT5yiqOnwxg_cMThGCgONbsIrpZA&s=2Mnx0bcUCUbyCPPK-IbfGYmy_egZqVsaH8panqcrEUI&e="; Have you tried replacing the # with %23 ? I don't really expect it to work, but it's worth a try. -- Do things because you should, not just because you can. John Thurston XXX-XXX-XXXX user-ce4d79d99bab@xymon.invalid Department of Administration State of Alaska https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.xymon.com_mailman_listinfo_xymon&d=DwIGaQ&c=Zok6nrOF6Fe0JtVEqKh3FEeUbToa1PtNBZf6G01cvEQ&r=_rRsvDpSvkhydGEmSgSLQ5J0DhQTISZJFuX6D4Oq8-A&m=dm7hBNws2amD5BULT5yiqOnwxg_cMThGCgONbsIrpZA&s=mzYYlmRtaJGRv5qAs_pNKqqRdxBdb8qnLYOdSPucSGs&e=
https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.xymon.com_mailman_listinfo_xymon&d=DwIFAw&c=Zok6nrOF6Fe0JtVEqKh3FEeUbToa1PtNBZf6G01cvEQ&r=_rRsvDpSvkhydGEmSgSLQ5J0DhQTISZJFuX6D4Oq8-A&m=24udmzCdcvbr1OdUbT5A93xBR3NRkcD-Jm9ogrLo5T0&s=FzpWBZlmms6HICr6qbpKJl4r1cW-sDiWMfhsdqDeIoI&e= -- This message from ORIX Australia might contain confidential and/or privileged information. If you are not the intended recipient, any use, disclosure or copying of this message (or of any attachments to it) is not authorised. If you have received this message in error, please notify the sender immediately and delete the message and any attachments from your system. Please inform the sender if you do not wish to receive future communications by email. ORIX has a Privacy Policy which outlines what kinds of personal information we collect and hold, how we may collect and handle it, and your rights regarding personal information. Please let us know if you would like a copy. The Privacy Policy and a Collection Statement are also available at https://urldefense.proofpoint.com/v2/url?u=http-3A__www.orix.com.au&d=DwIFAw&c=Zok6nrOF6Fe0JtVEqKh3FEeUbToa1PtNBZf6G01cvEQ&r=_rRsvDpSvkhydGEmSgSLQ5J0DhQTISZJFuX6D4Oq8-A&m=24udmzCdcvbr1OdUbT5A93xBR3NRkcD-Jm9ogrLo5T0&s=BbpSwYDMjTaO0ZsHe3SozLTZMktdr4WEaMgbWH0nNEk&e=. We do not accept liability for any loss or damage caused by any computer viruses or defects that may be transmitted with this message. We recommend you carry out your own checks for viruses or defects.