summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Guyot-Sionnest <dermoth@users.sourceforge.net>2008-05-20 07:57:13 +0000
committerThomas Guyot-Sionnest <dermoth@users.sourceforge.net>2008-05-20 07:57:13 +0000
commiteaf61e51ac6a64e3d879248edd7b10f62e3c6aa3 (patch)
treee2509d41b6f05911259bb731c27ef718878cfcc0
parent7e3fc482ed934105c3f27e39175bf0cff3286db3 (diff)
downloadmonitoring-plugins-eaf61e51ac6a64e3d879248edd7b10f62e3c6aa3.tar.gz
Clobber password in check_radius process list aguments
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1994 f882894a-f735-0410-b71e-b25c423dba1c
-rw-r--r--NEWS2
-rw-r--r--plugins/check_radius.c14
2 files changed, 11 insertions, 5 deletions
diff --git a/NEWS b/NEWS
index 674a274f..d01b678c 100644
--- a/NEWS
+++ b/NEWS
@@ -18,7 +18,7 @@ This file documents the major additions and syntax changes between releases.
18 check_dig can now pass arguments dig by using -A/--dig-arguments (#1874041/#1889453) 18 check_dig can now pass arguments dig by using -A/--dig-arguments (#1874041/#1889453)
19 check_ntp and check_ntp_peer now show proper jitter/stratum thresholds longopts in --help 19 check_ntp and check_ntp_peer now show proper jitter/stratum thresholds longopts in --help
20 check_dns now allow to repeat -a to match multiple possibly returned address (common with load balancers) 20 check_dns now allow to repeat -a to match multiple possibly returned address (common with load balancers)
21 check_mysql now try clearing password in processlist just like check_mysql_query 21 check_mysql and check_radius now try clearing password in processlist just like check_mysql_query
22 check_mysql and check_mysql_query now support sockets explicitely (-s, --socket) 22 check_mysql and check_mysql_query now support sockets explicitely (-s, --socket)
23 negate now has the ability to replace the status text as well (-s, --substitute) 23 negate now has the ability to replace the status text as well (-s, --substitute)
24 Added performance data to check_ping (Christian Schneemann) 24 Added performance data to check_ping (Christian Schneemann)
diff --git a/plugins/check_radius.c b/plugins/check_radius.c
index 7ce820a8..5021a57a 100644
--- a/plugins/check_radius.c
+++ b/plugins/check_radius.c
@@ -260,7 +260,13 @@ process_arguments (int argc, char **argv)
260 username = optarg; 260 username = optarg;
261 break; 261 break;
262 case 'p': /* password */ 262 case 'p': /* password */
263 password = optarg; 263 password = strdup(optarg);
264
265 /* Delete the password from process list */
266 while (*optarg != '\0') {
267 *optarg = 'X';
268 optarg++;
269 }
264 break; 270 break;
265 case 'n': /* nas id */ 271 case 'n': /* nas id */
266 nasid = optarg; 272 nasid = optarg;
@@ -343,9 +349,9 @@ print_help (void)
343 printf ("%s\n", _("name and password. A configuration file may also be present. The format of")); 349 printf ("%s\n", _("name and password. A configuration file may also be present. The format of"));
344 printf ("%s\n", _("the configuration file is described in the radiusclient library sources.")); 350 printf ("%s\n", _("the configuration file is described in the radiusclient library sources."));
345 printf ("%s\n", _("The password option presents a substantial security issue because the")); 351 printf ("%s\n", _("The password option presents a substantial security issue because the"));
346 printf ("%s\n", _("password can be determined by careful watching of the command line in")); 352 printf ("%s\n", _("password can possibly be determined by careful watching of the command line"));
347 printf ("%s\n", _("a process listing. This risk is exacerbated because nagios will")); 353 printf ("%s\n", _("in a process listing. This risk is exacerbated because nagios will"));
348 printf ("%s\n", _("run the plugin at regular predictable intervals. Please be sure that")); 354 printf ("%s\n", _("run the plugin at regular predictable intervals. Please be sure that"));
349 printf ("%s\n", _("the password used does not allow access to sensitive system resources.")); 355 printf ("%s\n", _("the password used does not allow access to sensitive system resources."));
350 356
351#ifdef NP_EXTRA_OPTS 357#ifdef NP_EXTRA_OPTS