[ZBX-11630] vmware collector fail to authenticate when password contains XML entities Created: 2016 Dec 21 Updated: 2017 Dec 17 Resolved: 2016 Dec 30 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | Proxy (P), Server (S) |
Affects Version/s: | 3.0.6 |
Fix Version/s: | 3.0.8rc1, 3.2.4rc1, 3.4.0alpha1 |
Type: | Incident report | Priority: | Minor |
Reporter: | Jerome Demeyer | Assignee: | Unassigned |
Resolution: | Fixed | Votes: | 1 |
Labels: | curl, lld, vmware, xml | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
RHEL 7.2 / Zabbix 3.0.6 / vCenter 5.5.0 |
Issue Links: |
|
Description |
Hello, I tried to add a second VMware vCenter host and it did not worked. Thanks to command zabbix_server -R log_level_increase="vmware collector", we can see that zabbix cant log in : Debug log Level 4 : vmware_service_authenticate():FAIL. Debug log Level 5 : <soapenv:Fault><faultcode>ServerFaultCode</faultcode><faultstring> When investigate with NetCat tool, I intercept the SOAP request issued by Zabbix VMware collector, and it shows that XML entities are not managed. I paste only the essential, you will understand : <ns0:password>e><ample</ns0:password> As a temporary workaround, I changed VMware password and replace XML entities ( " ' & < > ) with any other special character ( # ~ [ ] _ ... ) Sincerly yours |
Comments |
Comment by Glebs Ivanovskis (Inactive) [ 2016 Dec 21 ] |
As I understand, this boils down to the proper escaping of service->password in vmware_service_authenticate().
Perhaps we need to escape more strings we write to XML, not just passwords. |
Comment by Andris Zeila [ 2016 Dec 21 ] |
The development branch svn://svn.zabbix.com/branches/dev/ZBXNEXT-2033_303 has xml_escape_dyn() (in src/libs/zbxmedia/remedy.c) function which is used to send data to Remedy service. It can be taken from there. |
Comment by Sergejs Paskevics [ 2016 Dec 22 ] |
Fixed in development branch svn://svn.zabbix.com/branches/dev/ZBX-11630 |
Comment by Aleksandrs Saveljevs [ 2016 Dec 28 ] |
I was wondering whether libxml2 has a function to escape HTML entities. According to http://stackoverflow.com/questions/10062780/preserving-html-entities-with-libxml , there is UTF8ToHtml() function, but it does not escape < and >. There is also htmlEncodeEntities(), but there is a problem using it. So it seems we can go with our own solution. |
Comment by Aleksandrs Saveljevs [ 2016 Dec 28 ] |
(1) There is no need to initialize the majority of the variables introduced to NULL. asaveljevs RESOLVED in r64756 and r64760. s.paskevics Looks good, CLOSED. |
Comment by Sergejs Paskevics [ 2016 Dec 28 ] |
Fixed in :
|