New features (graceful socket close, unknown timeouts, connection timeout for dead clients), prep for 2.6 release

Changelog

@@ -2,6 +2,12 @@
 NRPE Changelog
 **************
 
+2.6 - 12/11/2006
+------------------
+- Added -u option to check_nrpe to return UNKNOWN states on socket timeouts (Bjoern Beutel)
+- Added connection_timeout variable to NRPE daemon to catch dead client connections (Ton Voon)
+- Added graceful timeout to check_nrpe to ensure connection to NRPE daemon is properly closed (Mark Plaksin)
+
 
 2.5.2 - 06/30/2006
 ------------------

configure

@@ -1294,9 +1294,9 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
 
 PKG_NAME=nrpe
-PKG_VERSION="2.5.2"
+PKG_VERSION="2.6"
 PKG_HOME_URL="http://www.nagios.org/"
-PKG_REL_DATE="06-30-2006"
+PKG_REL_DATE="12-11-2006"
 
 ac_aux_dir=
 for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do
@@ -5654,7 +5654,8 @@ fi
 
 
 
-for ac_func in strdup strstr strtoul initgroups
+
+for ac_func in strdup strstr strtoul initgroups closesocket
 do
 as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
 echo "$as_me:$LINENO: checking for $ac_func" >&5

configure.in

@@ -9,9 +9,9 @@ AC_CONFIG_HEADER(include/config.h)
 AC_PREFIX_DEFAULT(/usr/local/nagios)
 
 PKG_NAME=nrpe
-PKG_VERSION="2.5.2"
+PKG_VERSION="2.6"
 PKG_HOME_URL="http://www.nagios.org/"
-PKG_REL_DATE="06-30-2006"
+PKG_REL_DATE="12-11-2006"
 
 dnl Figure out how to invoke "install" and what install options to use.
 AC_PROG_INSTALL
@@ -95,7 +95,7 @@ AC_CHECK_LIB(wrap,main,[
 	AC_DEFINE(HAVE_LIBWRAP)
 	])
 AC_SUBST(LIBWRAPLIBS)
-AC_CHECK_FUNCS(strdup strstr strtoul initgroups)
+AC_CHECK_FUNCS(strdup strstr strtoul initgroups closesocket)
 
 dnl socklen_t check - from curl
 AC_CHECK_TYPE([socklen_t], ,[

include/common.h

@@ -1,8 +1,8 @@
 /************************************************************************
  *
  * COMMON.H - NRPE Common Include File
- * Copyright (c) 1999-2003 Ethan Galstad (nagios@nagios.org)
- * Last Modified: 03-05-2003
+ * Copyright (c) 1999-2006 Ethan Galstad (nagios@nagios.org)
+ * Last Modified: 12-11-2006
  *
  * License:
  *
@@ -23,8 +23,8 @@
 
 #include "config.h"
 
-#define PROGRAM_VERSION "2.5.1"
-#define MODIFICATION_DATE "04-09-2006"
+#define PROGRAM_VERSION "2.6"
+#define MODIFICATION_DATE "12-11-2006"
 
 #define OK		0
 #define ERROR		-1
@@ -39,6 +39,7 @@
 
 
 #define DEFAULT_SOCKET_TIMEOUT	10	/* timeout after 10 seconds */
+#define DEFAULT_CONNECTION_TIMEOUT 300	/* timeout if daemon is waiting for connection more than this time */
 
 #define MAX_INPUT_BUFFER	2048	/* max size of most buffers we use */
 #define MAX_FILENAME_LENGTH     256

include/config.h.in

@@ -2,7 +2,7 @@
  *
  * NRPE Common Header File
  * Copyright (c) 1999-2006 Ethan Galstad (nagios@nagios.org)
- * Last Modified: 01-20-2006
+ * Last Modified: 12-11-2006
  *
  * License:
  *
@@ -43,6 +43,7 @@
 #undef HAVE_STRSTR
 #undef HAVE_STRTOUL 
 #undef HAVE_INITGROUPS
+#undef HAVE_CLOSESOCKET
 
 #undef SIZEOF_INT
 #undef SIZEOF_SHORT

include/dh.h

@@ -4,12 +4,12 @@
 DH *get_dh512()
 	{
 	static unsigned char dh512_p[]={
-		0xDD,0xFE,0xAB,0x05,0xB7,0x0F,0xD8,0xDA,0x6D,0xAD,0x7C,0xD8,
-		0x5D,0x9E,0xE9,0xE6,0x79,0x28,0x19,0xE7,0xAA,0xA9,0x56,0xD1,
-		0xDE,0x11,0xD0,0x89,0x8D,0x63,0x2D,0xB1,0xDD,0x29,0x4F,0x83,
-		0x7A,0xAB,0x85,0xAA,0xE8,0xB7,0x4D,0x4F,0x8E,0x16,0x90,0xA3,
-		0xBD,0x55,0x57,0xE8,0x21,0x77,0xE9,0x5D,0x87,0x5C,0xF1,0xFA,
-		0x81,0xC0,0xD5,0xF3,
+		0xF7,0xA2,0x46,0xB0,0x6F,0x77,0xC4,0xD1,0x98,0x62,0xBD,0x55,
+		0x3F,0x6C,0x49,0x9E,0x0B,0x2D,0xDE,0xA3,0x51,0x36,0xA5,0xBF,
+		0xF8,0x1C,0xC1,0xD3,0xA1,0xD8,0x69,0x06,0xB1,0x21,0x87,0xF2,
+		0x9E,0x74,0x30,0x4E,0x56,0x09,0x8C,0x4F,0xD3,0x9A,0xDA,0xB8,
+		0x37,0x72,0xA0,0x71,0x69,0x52,0x33,0x62,0x16,0xC3,0xE6,0xA0,
+		0x8A,0x98,0xEF,0xFB,
 		};
 	static unsigned char dh512_g[]={
 		0x02,

include/nrpe.h

@@ -52,6 +52,7 @@ int contains_nasty_metachars(char *);
 int process_macros(char *,char *,int);
 int my_system(char *,int,int *,char *,int);            	/* executes a command via popen(), but also protects against timeouts */
 void my_system_sighandler(int);				/* handles timeouts when executing commands via my_system() */
+void my_connection_sighandler(int);			/* handles timeouts of connection */
 
 void sighandler(int);
 void child_sighandler(int);

include/utils.h

@@ -3,9 +3,9 @@
  * UTILS.H - NRPE Utilities Include File
  *
  * License: GPL
- * Copyright (c) 1999-2003 Ethan Galstad (nagios@nagios.org)
+ * Copyright (c) 1999-2006 Ethan Galstad (nagios@nagios.org)
  *
- * Last Modified: 10-14-2003
+ * Last Modified: 12-11-2006
  *
  * Description:
  *

nrpe.spec

@@ -1,5 +1,5 @@
 %define name nrpe
-%define version 2.5.2
+%define version 2.6
 %define release 1
 %define nsusr nagios
 %define nsgrp nagios

sample-config/nrpe.cfg.in

@@ -2,7 +2,7 @@
 # Sample NRPE Config File 
 # Written by: Ethan Galstad (nagios@nagios.org)
 # 
-# Last Modified: 02-23-2006
+# Last Modified: 12-11-2006
 #
 # NOTES:
 # This is a sample configuration file for the NRPE daemon.  It needs to be
@@ -127,6 +127,17 @@ command_timeout=60
 
 
 
+# CONNECTION TIMEOUT
+# This specifies the maximum number of seconds that the NRPE daemon will
+# wait for a connection to be established before exiting. This is sometimes
+# seen where a network problem stops the SSL being established even though
+# all network sessions are connected. This causes the nrpe daemons to
+# accumulate, eating system resources. Do not set this too low.
+
+connection_timeout=300
+
+
+
 # WEEK RANDOM SEED OPTION
 # This directive allows you to use SSL even if your system does not have
 # a /dev/random or /dev/urandom (on purpose or because the necessary patches

src/check_nrpe.c

@@ -4,7 +4,7 @@
  * Copyright (c) 1999-2006 Ethan Galstad (nagios@nagios.org)
  * License: GPL
  *
- * Last Modified: 04-09-2006
+ * Last Modified: 12-11-2006
  *
  * Command line: CHECK_NRPE -H <host_address> [-p port] [-c command] [-to to_sec]
  *
@@ -28,6 +28,7 @@ int server_port=DEFAULT_SERVER_PORT;
 char *server_name=NULL;
 char *command_name=NULL;
 int socket_timeout=DEFAULT_SOCKET_TIMEOUT;
+int timeout_return_code=STATE_CRITICAL;
 int sd;
 
 char query[MAX_INPUT_BUFFER]="";
@@ -48,6 +49,7 @@ int use_ssl=FALSE;
 
 int process_arguments(int,char **);
 void alarm_handler(int);
+int graceful_close(int,int);
 
 
 
@@ -82,10 +84,11 @@ int main(int argc, char **argv){
 
 	if(result!=OK || show_help==TRUE){
 
-		printf("Usage: check_nrpe -H <host> [-n] [-p <port>] [-t <timeout>] [-c <command>] [-a <arglist...>]\n");
+		printf("Usage: check_nrpe -H <host> [-n] [-u] [-p <port>] [-t <timeout>] [-c <command>] [-a <arglist...>]\n");
 		printf("\n");
 		printf("Options:\n");
 		printf(" -n         = Do no use SSL\n");
+		printf(" -u         = Make socket timeouts return an UNKNOWN state instead of CRITICAL\n");
 		printf(" <host>     = The address of the host running the NRPE daemon\n");
 		printf(" [port]     = The port on which the daemon is running (default=%d)\n",DEFAULT_SERVER_PORT);
 		printf(" [timeout]  = Number of seconds before connection times out (default=%d)\n",DEFAULT_SOCKET_TIMEOUT);
@@ -238,7 +241,7 @@ int main(int argc, char **argv){
 			SSL_CTX_free(ctx);
 	                }
 #endif
-		close(sd);
+		graceful_close(sd,1000);
 
 		/* recv() error */
 		if(rc<0){
@@ -320,6 +323,7 @@ int process_arguments(int argc, char **argv){
 		{"command", required_argument, 0, 'c'},
 		{"args", required_argument, 0, 'a'},
 		{"no-ssl", no_argument, 0, 'n'},
+		{"unknown-timeout", no_argument, 0, 'u'},
 		{"timeout", required_argument, 0, 't'},
 		{"port", required_argument, 0, 'p'},
 		{"help", no_argument, 0, 'h'},
@@ -332,7 +336,7 @@ int process_arguments(int argc, char **argv){
 	if(argc<2)
 		return ERROR;
 
-	snprintf(optchars,MAX_INPUT_BUFFER,"H:c:a:t:p:nhl");
+	snprintf(optchars,MAX_INPUT_BUFFER,"H:c:a:t:p:nuhl");
 
 	while(1){
 #ifdef HAVE_GETOPT_LONG
@@ -378,6 +382,9 @@ int process_arguments(int argc, char **argv){
 		case 'n':
 			use_ssl=FALSE;
 			break;
+		case 'u':
+			timeout_return_code=STATE_UNKNOWN;
+			break;
 		default:
 			return ERROR;
 			break;
@@ -417,6 +424,38 @@ void alarm_handler(int sig){
 
 	printf("CHECK_NRPE: Socket timeout after %d seconds.\n",socket_timeout);
 
-	exit(STATE_CRITICAL);
+	exit(timeout_return_code);
         }
 
+
+/* submitted by Mark Plaksin 08/31/2006 */
+int graceful_close(int sd, int timeout){
+        fd_set in;
+        struct timeval tv;
+        char buf[1000];
+
+        shutdown(sd,SHUT_WR);  // Send FIN packet
+        for(;;){
+
+                FD_ZERO(&in);
+                FD_SET(sd,&in);
+                tv.tv_sec=timeout/1000;
+                tv.tv_usec=(timeout % 1000)*1000;
+
+		/* timeout or error */
+                if(1!=select(sd+1,&in,NULL,NULL,&tv))
+			break;   
+
+		/* no more data (FIN or RST) */
+                if(0>=recv(sd,buf,sizeof(buf),0))
+			break;
+		}
+
+#ifdef HAVE_CLOSESOCKET
+        closesocket(sd);
+#else
+	close(sd);
+#endif
+
+	return OK;
+	}

src/nrpe.c

@@ -4,7 +4,7 @@
  * Copyright (c) 1999-2006 Ethan Galstad (nagios@nagios.org)
  * License: GPL
  *
- * Last Modified: 04-28-2006
+ * Last Modified: 12-11-2006
  *
  * Command line: nrpe -c <config_file> [--inetd | --daemon]
  *
@@ -52,6 +52,7 @@ int     server_port=DEFAULT_SERVER_PORT;
 char    server_address[16]="0.0.0.0";
 int     socket_timeout=DEFAULT_SOCKET_TIMEOUT;
 int     command_timeout=DEFAULT_COMMAND_TIMEOUT;
+int     connection_timeout=DEFAULT_CONNECTION_TIMEOUT;
 char    *command_prefix=NULL;
 
 command *command_list=NULL;
@@ -476,6 +477,14 @@ int read_config_file(char *filename){
 			        }
 		        }
 
+ 		else if(!strcmp(varname,"connection_timeout")){
+			connection_timeout=atoi(varvalue);
+			if(connection_timeout<1){
+				syslog(LOG_ERR,"Invalid connection_timeout specified in config file '%s' - Line %d\n",filename,line);
+				return ERROR;
+			        }
+		        }
+
 		else if(!strcmp(varname,"allow_weak_random_seed"))
 			allow_weak_random_seed=(atoi(varvalue)==1)?TRUE:FALSE;
 
@@ -963,6 +972,10 @@ void handle_connection(int sock){
 	fcntl(sock,F_SETFL,O_NONBLOCK);
 #endif
 
+	/* set connection handler */
+	signal(SIGALRM,my_connection_sighandler);
+	alarm(connection_timeout);
+
 #ifdef HAVE_SSL
 	/* do SSL handshake */
 	if(result==STATE_OK && use_ssl==TRUE){
@@ -1072,6 +1085,9 @@ void handle_connection(int sock){
 	if(debug==TRUE)
 		syslog(LOG_DEBUG,"Host is asking for command '%s' to be run...",receive_packet.buffer);
 
+	/* disable connection alarm - a new alarm will be setup during my_system */
+	alarm(0);
+
 	/* if this is the version check command, just spew it out */
 	if(!strcmp(command_name,NRPE_HELLO_COMMAND)){
 
@@ -1400,6 +1416,14 @@ void my_system_sighandler(int sig){
         }
 
 
+/* handle errors where connection takes too long */
+void my_connection_sighandler(int sig) {
+
+	syslog(LOG_ERR,"Connection has taken too long to establish. Exiting...");
+
+	exit(STATE_CRITICAL);
+	}
+
 
 /* drops privileges */
 int drop_privileges(char *user, char *group){

src/utils.c

@@ -3,9 +3,9 @@
  * UTILS.C - NRPE Utility Functions
  *
  * License: GPL
- * Copyright (c) 1999-2003 Ethan Galstad (nagios@nagios.org)
+ * Copyright (c) 1999-2006 Ethan Galstad (nagios@nagios.org)
  *
- * Last Modified: 10-14-2003
+ * Last Modified: 12-11-2006
  *
  * Description:
  *

update-version

@@ -1,18 +1,45 @@
 #!/bin/sh
 
+# Get date (two formats)
+if [ -n "$2" ]; then
+    LONGDATE=`date -d "$2" "+%B %d, %Y"`
+    SHORTDATE=`date -d "$2" "+%m-%d-%Y"`
+else
+    LONGDATE=`date "+%B %d, %Y"`
+    SHORTDATE=`date "+%m-%d-%Y"`
+fi
+
+# Current version number
+CURRENTVERSION=2.6
+
+# Last date
+LASTDATE=12-11-2006
+
 if [ "x$1" = "x" ]
 then
-	echo "Usage: $0 <release number>"
-	exit 1
+        echo "Usage: $0 <version number | \"newdate\"> [revision date]"
+        echo ""
+        echo "Run this script with the name of the new version (i.e \"2.6\") to"
+        echo "update version number and modification date in files."
+        echo "Use the \"newdate\" argument if you want to keep the current version"
+        echo "number and just update the modification date."
+        echo ""
+        echo "Current version=$CURRENTVERSION"
+        echo "Current Modification date=$LASTDATE"
+        echo ""
+        exit 1
 fi
 
-# Get date (two formats)
-LONGDATE=`date "+%B %d, %Y"`
-SHORTDATE=`date "+%m-%d-%Y"`
+newversion=$1
+if [ "x$newversion" = "xnewdate" ]
+then
+    newversion=$CURRENTVERSION
+fi
 
 # Update version number and release date in common code
 perl -i -p -e "s/VERSION \".*\"/VERSION \"$1\"/;" include/common.h
 perl -i -p -e "s/MODIFICATION_DATE \".*\"/MODIFICATION_DATE \"$SHORTDATE\"/;" include/common.h
+perl -i -p -e "s/Last Modified: [0-9].*/Last Modified: $SHORTDATE/;" include/common.h
 
 # Update version number and release date in main code
 perl -i -p -e "s/Last Modified: [0-9].*/Last Modified: $SHORTDATE/;" src/nrpe.c
@@ -26,3 +53,7 @@ perl -i -p -e "s/PKG_REL_DATE=.*\"/PKG_REL_DATE=\"$SHORTDATE\"/;" configure.in
 
 # Update RPM spec file with version number
 perl -i -p -e "s/%define version .*/%define version $1/;" nrpe.spec
+
+# Update this file with version number and last date
+perl -i -p -e "s/^CURRENTVERSION=.*/CURRENTVERSION=$newversion/;" update-version
+perl -i -p -e "s/^LASTDATE=.*/LASTDATE=$SHORTDATE/;" update-version