Главная Обзор Помощь
Вход
LBP
/
nagios_nrpe
зеркало из https://github.com/NagiosEnterprises/nrpe.git
4
0
Ответвить 0
Файлы Задачи 0 Вики
Просмотр исходного кода

Debugging was hard as many "syslog(...)" statements were missing

Fix for issue https://github.com/NagiosEnterprises/nrpe/issues/60

Jobst Schmalenbach added a bunch of missing syslog entries for
debugging, and changed some printf()'s to syslog()'s.
John C. Frickson 9 лет назад
Родитель
3107c0b6ed
Сommit
23793bf22a
2 измененных файлов с 98 добавлено и 21 удалено
Разделённый вид Показать статистику Diff
  1. 83 20
      src/acl.c
  2. 15 1
      src/nrpe.c

+ 83 - 20
src/acl.c
Просмотреть файл 

@@ -46,6 +46,8 @@
 
 
 #include "../include/acl.h"
 
 
+extern int debug;
 
+
 
 /* This function checks if a char argumnet from valid char range.
 
  * Valid range is: ASCII only, a number or a letter, a space, a dot, a slash, a dash, a comma.
 
  *
 
@@ -142,18 +144,27 @@ int add_ipv4_to_acl(char *ipv4) {
 
         unsigned long ip, mask;
 
         struct ip_acl *ip_acl_curr;
 
 
+		if(debug == TRUE)
 
+			syslog(LOG_INFO, "add_ipv4_to_acl: checking ip-address >%s<", ipv4);
 
+
 
         /* Check for min and max IPv4 valid length */
 
-        if (len < 7 || len > 18)
 
-                return 0;
 
+		if (len < 7 || len > 18) {
 
+			syslog(LOG_INFO, "add_ipv4_to_acl: Error, ip-address >%s< incorrect length", ipv4);
 
+			return 0;
 
+		}
 
 
         /* default mask for ipv4 */
 
         data[4] = 32;
 
 
         /* Basic IPv4 format check */
 
         for (i = 0; i < len; i++) {
 
-                /* Return 0 on error state */
 
-                if (state == -1)
 
-                        return 0;
 
+			/* Return 0 on error state */
 
+			if (state == -1) {
 
+				if(debug == TRUE)
 
+					syslog(LOG_INFO, "add_ipv4_to_acl: Error, ip-address >%s< incorrect "
 
+								"format, continue with next check ...", ipv4);
 
+				return 0;
 
+			}
 
 
                 c = ipv4[i];
 
 
@@ -201,6 +212,7 @@ int add_ipv4_to_acl(char *ipv4) {
 
                 break;
 
         default:
 
                 /* Bad states */
 
+                syslog(LOG_INFO, "add_ipv4_to_acl: Error, ip-address >%s< bad state", ipv4);
 
                 return 0;
 
         }
 
 
@@ -247,6 +259,10 @@ int add_ipv4_to_acl(char *ipv4) {
 
                 ip_acl_prev->next = ip_acl_curr;
 
         }
 
         ip_acl_prev = ip_acl_curr;
 
+
 
+        if(debug == TRUE)
 
+          syslog(LOG_INFO, "add_ipv4_to_acl: ip-address >%s< correct, adding.", ipv4);
 
+
 
         return 1;
 
 }
 
 
@@ -387,8 +403,12 @@ int add_domain_to_acl(char *domain) {
 
 
         struct dns_acl *dns_acl_curr;
 
 
-        if (len > 63)
 
+        if (len > 63) {
 
+                syslog(LOG_INFO,
 
+					   "ADD_DOMAIN_TO_ACL: Error, did not add >%s< to acl list, too long!",
 
+					   domain);
 
                 return 0;
 
+        }
 
 
         for (i = 0; i < len; i++) {
 
                 c = domain[i];
 
@@ -426,7 +446,10 @@ int add_domain_to_acl(char *domain) {
 
                         }
 
                         break;
 
                 default:
 
-                        /* Not valid chars */
 
+                        syslog(LOG_INFO,
 
+							   "ADD_DOMAIN_TO_ACL: Error, did not add >%s< to acl list, "
 
+								"invalid chars!", domain);
 
+					/* Not valid chars */
 
                         return 0;
 
                 }
 
         }
 
@@ -448,8 +471,13 @@ int add_domain_to_acl(char *domain) {
 
                         dns_acl_prev->next = dns_acl_curr;
 
 
                 dns_acl_prev = dns_acl_curr;
 
+                if(debug == TRUE)
 
+                     syslog(LOG_INFO, "ADD_DOMAIN_TO_ACL: added >%s< to acl list!", domain);
 
                 return 1;
 
         default:
 
+                syslog(LOG_INFO,
 
+					   "ADD_DOMAIN_TO_ACL: ERROR, did not add >%s< to acl list, "
 
+						"check allowed_host in config file!", domain);
 
                 return 0;
 
         }
 
 }
 
@@ -470,14 +498,23 @@ int is_an_allowed_host(int family, void *host)
 
 	struct sockaddr_in	*addr;
 
 	struct sockaddr_in6	addr6;
 
 	struct addrinfo		*res, *ai;
 
+	struct in_addr		tmp;
 
 
 	while (ip_acl_curr != NULL) {
 
 		if(ip_acl_curr->family == family) {
 
 			switch(ip_acl_curr->family) {
 
 			case AF_INET:
 
+				if (debug == TRUE) {
 
+					tmp.s_addr = ((struct in_addr*)host)->s_addr;
 
+					syslog(LOG_INFO, "is_an_allowed_host (AF_INET): is host >%s< "
 
+							"an allowed host >%s<\n",
 
+						 inet_ntoa(tmp), inet_ntoa(ip_acl_curr->addr));
 
+				}
 
 				if((((struct in_addr *)host)->s_addr & 
 						ip_acl_curr->mask.s_addr) == 
 						ip_acl_curr->addr.s_addr) {
 
+					if (debug == TRUE)
 
+						syslog(LOG_INFO, "is_an_allowed_host (AF_INET): host is in allowed host list!");
 
 					return 1;
 
 					}
 
 				break;
 
@@ -509,9 +546,20 @@ int is_an_allowed_host(int family, void *host)
 
 				switch(ai->ai_family) {
 
 
 				case AF_INET:
 
+					if(debug == TRUE) {
 
+						tmp.s_addr=((struct in_addr *)host)->s_addr;
 
+						syslog(LOG_INFO, "is_an_allowed_host (AF_INET): is host >%s< "
 
+								"an allowed host >%s<\n",
 
+							 inet_ntoa(tmp), dns_acl_curr->domain);
 
+					}
 
+
 
 					addr = (struct sockaddr_in*)(ai->ai_addr);
 
-					if (addr->sin_addr.s_addr == ((struct in_addr*)host)->s_addr)
 
+					if (addr->sin_addr.s_addr == ((struct in_addr*)host)->s_addr) {
 
+						if (debug == TRUE)
 
+							syslog(LOG_INFO, "is_an_allowed_host (AF_INET): "
 
+									"host is in allowed host list!");
 
 						return 1;
 
+					}
 
 					break;
 
 
 				case AF_INET6:
 
@@ -559,19 +607,30 @@ void parse_allowed_hosts(char *allowed_hosts) {
 
 	const char *delim = ",";
 
 	char *trimmed_tok;
 
 
+	if (debug == TRUE)
 
+		syslog(LOG_INFO,
 
+			 "parse_allowed_hosts: parsing the allowed host string >%s< to add to ACL list\n",
 
+			 allowed_hosts);
 
+
 
 #ifdef HAVE_STRTOK_R
 
 	tok = strtok_r(hosts, delim, &saveptr);
 
 #else
 
+	if (debug == TRUE)
 
+		syslog(LOG_INFO,"parse_allowed_hosts: using strtok, this might lead to "
 
+				"problems in the allowed_hosts string determination!\n");
 
 	tok = strtok(hosts, delim);
 
 #endif
 
 	while( tok) {
 
 		trimmed_tok = malloc( sizeof( char) * ( strlen( tok) + 1));
 
 		trim( tok, trimmed_tok);
 
+		if(debug == TRUE)
 
+			syslog(LOG_DEBUG, "parse_allowed_hosts: ADDING this record (%s) to ACL list!\n", trimmed_tok);
 
 		if( strlen( trimmed_tok) > 0) {
 
 			if (!add_ipv4_to_acl(trimmed_tok) && !add_ipv6_to_acl(trimmed_tok) 
 					&& !add_domain_to_acl(trimmed_tok)) {
 
 				syslog(LOG_ERR,"Can't add to ACL this record (%s). Check allowed_hosts option!\n",trimmed_tok);
 
-			}
 
+			} else if (debug == TRUE)
 
+				syslog(LOG_DEBUG,"parse_allowed_hosts: Record added to ACL list!\n");
 
 		}
 
 		free( trimmed_tok);
 
 #ifdef HAVE_STRTOK_R
 
@@ -606,17 +665,21 @@ unsigned int prefix_from_mask(struct in_addr mask) {
 
  * It shows all hosts in ACL lists
 
  */
 
 
-void show_acl_lists(void) {
 
-        struct ip_acl *ip_acl_curr = ip_acl_head;
 
-        struct dns_acl *dns_acl_curr = dns_acl_head;
 
+void show_acl_lists(void)
 
+{
 
+	struct ip_acl *ip_acl_curr = ip_acl_head;
 
+	struct dns_acl *dns_acl_curr = dns_acl_head;
 
 
-        while (ip_acl_curr != NULL) {
 
-                printf(" IP ACL: %s/%u %u\n", inet_ntoa(ip_acl_curr->addr), prefix_from_mask(ip_acl_curr->mask), ip_acl_curr->addr.s_addr);
 
-                ip_acl_curr = ip_acl_curr->next;
 
-        }
 
+	syslog(LOG_INFO, "Showing ACL lists for both IP and DOMAIN acl's:\n" );
 
 
-        while (dns_acl_curr != NULL) {
 
-                printf("DNS ACL: %s\n", dns_acl_curr->domain);
 
-                dns_acl_curr = dns_acl_curr->next;
 
-        }
 
+	while (ip_acl_curr != NULL) {
 
+		syslog(LOG_INFO, "   IP ACL: %s/%u %u\n", inet_ntoa(ip_acl_curr->addr),
 
+			 prefix_from_mask(ip_acl_curr->mask), ip_acl_curr->addr.s_addr);
 
+		ip_acl_curr = ip_acl_curr->next;
 
+	}
 
+
 
+	while (dns_acl_curr != NULL) {
 
+		syslog(LOG_INFO, "  DNS ACL: %s\n", dns_acl_curr->domain);
 
+		dns_acl_curr = dns_acl_curr->next;
 
+	}
 
 }

+ 15 - 1
src/nrpe.c
Просмотреть файл 

@@ -724,6 +724,8 @@ int read_config_file(char *filename)
 
 		} else if (!strcmp(varname, "allowed_hosts")) {
 
 			allowed_hosts = strdup(varvalue);
 
 			parse_allowed_hosts(allowed_hosts);
 
+			if (debug == TRUE)
 
+				show_acl_lists();
 
 
 		} else if (strstr(input_line, "command[")) {
 
 			temp_buffer = strtok(varname, "[");
 
@@ -1220,12 +1222,21 @@ void wait_for_connections(void)
 
 void setup_wait_conn(void)
 
 {
 
 	struct addrinfo *ai;
 
+	char	addrstr[100];
 
+	void	*ptr;
 
 
 	add_listen_addr(&listen_addrs, address_family,
 
 					(strcmp(server_address, "") == 0) ? NULL : server_address, server_port);
 
 
-	for (ai = listen_addrs; ai; ai = ai->ai_next)
 
+	for (ai = listen_addrs; ai; ai = ai->ai_next) {
 
+		if (debug == TRUE) {
 
+			inet_ntop (ai->ai_family, ai->ai_addr->sa_data, addrstr, 100);
 
+			ptr = &((struct sockaddr_in *) ai->ai_addr)->sin_addr;
 
+			inet_ntop (ai->ai_family, ptr, addrstr, 100);
 
+			syslog(LOG_INFO, "SETUP_WAIT_CONN FOR: IPv4 address: %s (%s)\n", addrstr, ai->ai_canonname);
 
+		}
 
 		create_listener(ai);
 
+	}
 
 
 	if (!num_listen_socks) {
 
 		syslog(LOG_ERR, "Cannot bind to any address.");
 
@@ -1372,6 +1383,9 @@ void conn_check_peer(int sock)
 
 		break;
 
 	}
 
 
+	if (debug == TRUE)
 
+		syslog(LOG_INFO, "CONN_CHECK_PEER: is this a blessed machine: %s port %d\n",
 
+			 remote_host, nptr->sin_port);
 
 
 	/* is this is a blessed machine? */
 
 	if (allowed_hosts) {