Startseite Erkunden Hilfe
Anmelden
LBP
/
nagios_nrpe
Mirror von https://github.com/NagiosEnterprises/nrpe.git
4
0
Fork 0
Dateien Issues 0 Wiki
Quellcode durchsuchen

Merge branch 'tom' into maint

madlohe vor 6 Jahren
Ursprung
734a1dfdb7 f328a958d6
Commit
a7124e48a6
5 geänderte Dateien mit 65 neuen und 11 gelöschten Zeilen
Geteilte Ansicht Diff-Statistik anzeigen
  1. 1 0
      include/utils.h
  2. 3 1
      sample-config/nrpe.cfg.in
  3. 12 2
      src/check_nrpe.c
  4. 47 6
      src/nrpe.c
  5. 2 2
      src/utils.c

+ 1 - 0
include/utils.h
Datei anzeigen 

@@ -49,5 +49,6 @@ void open_log_file();
 
 void logit(int priority, const char *format, ...);
 
 void close_log_file();
 
 void display_license(void);
 
+extern int disable_syslog;
 
 
 #endif

+ 3 - 1
sample-config/nrpe.cfg.in
Datei anzeigen 

@@ -270,7 +270,9 @@ connection_timeout=300
 
 
 # nasty_metachars="|`&><'\\[]{};\r\n"
 
 
-
 
+# This option allows you to enable or disable logging error messages to the syslog facilities.
 
+# If this option is not set, the error messages will be logged.
 
+disable_syslog=0
 
 
 # COMMAND DEFINITIONS
 
 # Command definitions that this daemon will run.  Definitions

+ 12 - 2
src/check_nrpe.c
Datei anzeigen 

@@ -130,6 +130,8 @@ static int verify_callback(int ok, X509_STORE_CTX * ctx);
 
 #endif
 
 void alarm_handler(int);
 
 int graceful_close(int, int);
 
+int disable_syslog = FALSE;
 
+
 
 
 int main(int argc, char **argv)
 
 {
 
@@ -243,6 +245,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
 
 		{"license", no_argument, 0, 'l'},
 
 		{"version", no_argument, 0, 'V'},
 
 		{"stderr-to-stdout", no_argument, 0, 'E'},
 
+		{"disable-syslog", no_argument, 0, 'D'},
 
 		{0, 0, 0, 0}
 
 	};
 
 #endif
 
@@ -252,7 +255,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
 
 		return ERROR;
 
 
 	optind = 0;
 
-	snprintf(optchars, MAX_INPUT_BUFFER, "H:f:b:c:a:t:p:S:L:C:K:A:d:s:P:g:2346hlnuVE");
 
+	snprintf(optchars, MAX_INPUT_BUFFER, "H:f:b:c:a:t:p:S:L:C:K:A:d:s:P:g:2346hlnuVED");
 
 
 	while (1) {
 
 		if (argindex > 0)
 
@@ -498,6 +501,11 @@ int process_arguments(int argc, char **argv, int from_config_file)
 
 			open_log_file();
 
 			break;
 
 
+		case 'D':
 
+			disable_syslog = TRUE;
 
+			break;
 
+
 
+
 
 		default:
 
 			return ERROR;
 
 		}
 
@@ -709,7 +717,7 @@ void usage(int result)
 
 		printf("       [-P <size>] [-S <ssl version>]  [-L <cipherlist>] [-C <clientcert>]\n");
 
 		printf("       [-K <key>] [-A <ca-certificate>] [-s <logopts>] [-b <bindaddr>]\n");
 
 		printf("       [-f <cfg-file>] [-p <port>] [-t <interval>:<state>] [-g <log-file>]\n");
 
-		printf("       [-c <command>] [-E] [-a <arglist...>]\n");
 
+		printf("       [-c <command>] [-E] [-D] [-a <arglist...>]\n");
 
 		printf("\n");
 
 		printf("Options:\n");
 
 		printf(" -H, --host=HOST              The address of the host running the NRPE daemon\n");
 
@@ -727,6 +735,7 @@ void usage(int result)
 
 		printf("                                        (This will be the default in a future release.)\n");
 
 		printf("                              1         Allow Anonymous Diffie Hellman (default)\n");
 
 		printf("                              2         Force Anonymous Diffie Hellman\n");
 
+		printf(" -D, --disable-syslog         Disable logging to syslog facilities\n");
 
 		printf(" -P, --payload-size=SIZE      Specify non-default payload size for NSClient++\n");
 
 		printf(" -S, --ssl-version=VERSION    The SSL/TLS version to use. Can be any one of:\n");
 
 #if OPENSSL_VERSION_NUMBER < 0x10100000
 
@@ -759,6 +768,7 @@ void usage(int result)
 
 		printf(" -a, --args=LIST              Optional arguments that should be passed to the command,\n");
 
 		printf("                              separated by a space. If provided, this must be the last\n");
 
 		printf("                              option supplied on the command line.\n");
 
+		printf(" -e 	                      Enable syslog debug messages.\n");
 
 		printf("\n");
 
 		printf(" NEW TIMEOUT SYNTAX\n");
 
 		printf(" -t, --timeout=INTERVAL:STATE\n");

+ 47 - 6
src/nrpe.c
Datei anzeigen 

@@ -160,6 +160,8 @@ static void my_disconnect_sighandler(int sig);
 
 static void complete_SSL_shutdown(SSL *);
 
 #endif
 
 
+int disable_syslog = FALSE;
 
+
 
 int main(int argc, char **argv)
 
 {
 
 	int       result = OK;
 
@@ -955,6 +957,9 @@ int read_config_file(char *filename)
 
 		else if (!strcmp(varname, "dont_blame_nrpe"))
 
 			allow_arguments = (atoi(varvalue) == 1) ? TRUE : FALSE;
 
 
+		else if (!strcmp(varname, "disable_syslog"))
 
+			disable_syslog = (atoi(varvalue) == 1) ? TRUE : FALSE;
 
+
 
 		else if (!strcmp(varname, "allow_bash_command_substitution"))
 
 			allow_bash_cmd_subst = (atoi(varvalue) == 1) ? TRUE : FALSE;
 
 
@@ -1995,13 +2000,31 @@ int handle_conn_ssl(int sock, void *ssl_ptr)
 
 	char      buffer[MAX_INPUT_BUFFER];
 
 	SSL      *ssl = (SSL*)ssl_ptr;
 
 	X509     *peer;
 
-	int       rc, x;
 
+	int       rc, x, sockfd, retval;
 
+	fd_set    rfds;
 
+	struct timeval timeout;
 
 
 	SSL_set_fd(ssl, sock);
 
+	sockfd = SSL_get_fd(ssl);
 
+
 
+	FD_ZERO(&rfds);
 
+	FD_SET(sockfd, &rfds);
 
+
 
+	timeout.tv_sec = connection_timeout;
 
+	timeout.tv_usec = 0;
 
+
 
 
 	/* keep attempting the request if needed */
 
-	while (((rc = SSL_accept(ssl)) != 1)
 
-			&& (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ));
 
+	do {
 
+		retval = select(sockfd + 1, &rfds, NULL, NULL, &timeout);
 
+
 
+		if (retval > 0) {
 
+			rc = SSL_accept(ssl);
 
+		} else {
 
+			logit(LOG_ERR, "Error: (!log_opts) Could not complete SSL handshake with %s: timeout %d seconds", remote_host, connection_timeout);
 
+			return ERROR;
 
+		}
 
+	} while (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ);
 
 
 	if (rc != 1) {
 
 		/* oops, got an unrecoverable error -- get out */
 
@@ -2148,10 +2171,28 @@ int read_packet(int sock, void *ssl_ptr, v2_packet * v2_pkt, v3_packet ** v3_pkt
 
 #ifdef HAVE_SSL
 
 	else {
 
 		SSL      *ssl = (SSL *) ssl_ptr;
 
+		int       sockfd, retval;
 
+		fd_set    rfds;
 
+		struct timeval timeout;
 
 
-		while (((rc = SSL_read(ssl, v2_pkt, bytes_to_recv)) <= 0)
 
-			   && (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ)) {
 
-		}
 
+		sockfd = SSL_get_fd(ssl);
 
+
 
+		FD_ZERO(&rfds);
 
+		FD_SET(sockfd, &rfds);
 
+
 
+		timeout.tv_sec = connection_timeout;
 
+		timeout.tv_usec = 0;
 
+
 
+		do {
 
+			retval = select(sockfd + 1, &rfds, NULL, NULL, &timeout);
 
+
 
+			if (retval > 0) {
 
+				rc = SSL_read(ssl, v2_pkt, bytes_to_recv);
 
+			} else {
 
+				logit(LOG_ERR, "Error (!log_opts): Could not complete SSL_read with %s: timeout %d seconds", remote_host, connection_timeout);
 
+				return -1;
 
+			}
 
+		} while (SSL_get_error(ssl, rc) == SSL_ERROR_WANT_READ);
 
 
 		if (rc <= 0 || rc != bytes_to_recv)
 
 			return -1;

+ 2 - 2
src/utils.c
Datei anzeigen 

@@ -537,7 +537,6 @@ void logit(int priority, const char *format, ...)
 
 
 	if (!format || !*format)
 
 		return;
 
-
 
 	va_start(ap, format);
 
 	if(vasprintf(&buffer, format, ap) > 0) {
 
 		if (log_fp) {
 
@@ -549,8 +548,9 @@ void logit(int priority, const char *format, ...)
 
 			fprintf(log_fp, "[%llu] %s\n", (unsigned long long)log_time, buffer);
 
 			fflush(log_fp);
 
 
-		} else
 
+		} else if (!disable_syslog) {
 
 			syslog(priority, "%s", buffer);
 
+		}
 
 
 		free(buffer);
 
 	}