Added option to allow week random seed

Changelog

@@ -3,6 +3,11 @@ NRPE Changelog
 **************
 
 
+2.4 - ??/??/2006
+----------------
+- Added option to allow week random seed (Gerhard Lausser)
+
+
 2.3 - 01/23/2006
 ----------------
 - Spec file fixes

sample-config/nrpe.cfg.in

@@ -2,7 +2,7 @@
 # Sample NRPE Config File 
 # Written by: Ethan Galstad (nagios@nagios.org)
 # 
-# Last Modified: 01-20-2006
+# Last Modified: 02-02-2006
 #
 # NOTES:
 # This is a sample configuration file for the NRPE daemon.  It needs to be
@@ -90,6 +90,19 @@ command_timeout=60
 
 
 
+# WEEK RANDOM SEED OPTION
+# This directive allows you to use SSL even if your system does not have
+# a /dev/random or /dev/urandom (on purpose or because the necessary patches
+# were not applied). The random number generator will be seeded from a file
+# which is either a file pointed to by the environment valiable $RANDFILE
+# or $HOME/.rnd. If neither exists, the pseudo random number generator will
+# be initialized and a warning will be issued.
+# Values: 0=only seed from /dev/[u]random, 1=also seed from weak randomness
+
+#allow_weak_random_seed=1
+
+
+
 # INCLUDE CONFIG FILE
 # This directive allows you to include definitions from an external config file.
 

src/nrpe.c

@@ -4,7 +4,7 @@
  * Copyright (c) 1999-2006 Ethan Galstad (nagios@nagios.org)
  * License: GPL
  *
- * Last Modified: 01-23-2006
+ * Last Modified: 02-02-2006
  *
  * Command line: nrpe -c <config_file> [--inetd | --daemon]
  *
@@ -62,6 +62,8 @@ char    *pid_file=NULL;
 
 int     allow_arguments=FALSE;
 
+int     allow_weak_random_seed=FALSE;
+
 int     show_help=FALSE;
 int     show_license=FALSE;
 int     show_version=FALSE;
@@ -77,6 +79,8 @@ int main(int argc, char **argv){
 	char buffer[MAX_INPUT_BUFFER];
 #ifdef HAVE_SSL
 	DH *dh;
+	char seedfile[FILENAME_MAX];
+	int i,c;
 #endif
 
 	result=process_arguments(argc,argv);
@@ -187,6 +191,25 @@ int main(int argc, char **argv){
 		SSLeay_add_ssl_algorithms();
 		meth=SSLv23_server_method();
 		SSL_load_error_strings();
+
+		/* use week random seed if necessary */
+		if(allow_weak_random_seed && (RAND_status()==0)){
+
+			if(RAND_file_name(seedfile,sizeof(seedfile)-1))
+				if(RAND_load_file(seedfile,-1))
+					RAND_write_file(seedfile);
+
+			if(RAND_status()==0){
+				syslog(LOG_ERR,"Warning: SSL/TLS uses a weak random seed which is highly discouraged");
+				for(i=0;i<500 && RAND_status()==0;i++){
+					for(c=0;c<sizeof(seedfile);c+=sizeof(int)){
+						*((int *)(seedfile+c))=rand();
+					        }
+					RAND_seed(seedfile,sizeof(seedfile));
+					}
+				}
+			}
+
 		if((ctx=SSL_CTX_new(meth))==NULL){
 			syslog(LOG_ERR,"Error: could not create SSL context.\n");
 			exit(STATE_CRITICAL);
@@ -407,6 +430,9 @@ int read_config_file(char *filename){
 			        }
 		        }
 
+		else if(!strcmp(varname,"allow_weak_random_seed"))
+			allow_weak_random_seed=(atoi(varvalue)==1)?TRUE:FALSE;
+
 		else if(!strcmp(varname,"pid_file"))
 			pid_file=strdup(varvalue);