há 9 anos atrás · c8cf11210f
--- a/.gitignore
+++ b/.gitignore
@@ -27,7 +27,10 @@ startup/default-socket
 
				 startup/default-socket-svc
			
 
				 startup/default-xinetd
			
 
				 startup/mac-org.nagios.PKG_NAME.plist
			
 
				+startup/newbsd-init
			
 
				 startup/openrc-conf
			
 
				 startup/openrc-init
			
 
				+startup/rh-upstart-init
			
 
				 startup/solaris-PKG_NAME.xml
			
 
				+startup/tmpfile.conf
			
 
				 startup/upstart-init
			
--- a/include/nrpe.h
+++ b/include/nrpe.h
@@ -51,7 +51,7 @@ int wait_conn_fork(int sock);
 
				 void conn_check_peer(int sock);
			
 
				 void handle_connection(int);
			
 
				 void init_handle_conn(void);
			
 
				-int handle_conn_ssl(int sock);
			
 
				+int handle_conn_ssl(int sock, void *ssl_ptr);
			
 
				 int read_packet(int sock, void *ssl_ptr, v2_packet *v2_pkt, v3_packet **v3_pkt);
			
 
				 void free_memory(void);
			
 
				 int my_system(char*, int, int*, char**);	/* executes a command via popen(), but also protects against timeouts */
			
--- a/sample-config/nrpe.cfg.in
+++ b/sample-config/nrpe.cfg.in
@@ -213,6 +213,7 @@ connection_timeout=300
 
				 # will be changed to something like the example below in a later version of NRPE.
			
 
				 
			
 
				 #ssl_cipher_list=ALL:!MD5:@STRENGTH
			
 
				+#ssl_cipher_list=ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!RC4:!MD5:@STRENGTH
			
 
				 
			
 
				 # SSL Certificate and Private Key Files
			
 
				 
			
--- a/src/nrpe.c
+++ b/src/nrpe.c
@@ -1478,7 +1478,17 @@ void handle_connection(int sock)
 
				 
			
 
				 	/* do SSL handshake */
			
 
				 	if (use_ssl == TRUE) {
			
 
				-		if (handle_conn_ssl(sock) != OK)
			
 
				+    	if ((ssl = SSL_new(ctx)) == NULL) {
			
 
				+        	syslog(LOG_ERR, "Error: Could not create SSL connection structure.");
			
 
				+# ifdef DEBUG
			
 
				+            errfp = fopen("/tmp/err.log", "a");
			
 
				+    		ERR_print_errors_fp(errfp);
			
 
				+        	fclose(errfp);
			
 
				+# endif
			
 
				+    		return;
			
 
				+        }
			
 
				+
			
 
				+		if (handle_conn_ssl(sock, ssl) != OK)
			
 
				 			return;
			
 
				 	}
			
 
				 
			
@@ -1714,25 +1724,15 @@ void init_handle_conn(void)
 
				 	alarm(connection_timeout);
			
 
				 }
			
 
				 
			
 
				-int handle_conn_ssl(int sock)
			
 
				+int handle_conn_ssl(int sock, void *ssl_ptr)
			
 
				 {
			
 
				 #ifdef HAVE_SSL
			
 
				 	const SSL_CIPHER *c;
			
 
				 	char      buffer[MAX_INPUT_BUFFER];
			
 
				-	SSL      *ssl = NULL;
			
 
				+	SSL      *ssl = (SSL*)ssl_ptr;
			
 
				 	X509     *peer;
			
 
				 	int       rc, x;
			
 
				 
			
 
				-	if ((ssl = SSL_new(ctx)) == NULL) {
			
 
				-		syslog(LOG_ERR, "Error: Could not create SSL connection structure.");
			
 
				-# ifdef DEBUG
			
 
				-		errfp = fopen("/tmp/err.log", "a");
			
 
				-		ERR_print_errors_fp(errfp);
			
 
				-		fclose(errfp);
			
 
				-# endif
			
 
				-		return ERROR;
			
 
				-	}
			
 
				-
			
 
				 	SSL_set_fd(ssl, sock);
			
 
				 
			
 
				 	/* keep attempting the request if needed */
			
--- a/startup/rh-upstart-init.in
+++ b/startup/rh-upstart-init.in
@@ -7,11 +7,11 @@
 
				 
			
 
				 description		"the Nagios Remote Plugin Executor"
			
 
				 
			
 
				-oom score -800
			
 
				+oom -10
			
 
				 
			
 
				 start on (local-filesystems and net-device-up IFACE!=lo)
			
 
				 stop on runlevel [!2345]
			
 
				 
			
 
				 respawn
			
 
				 
			
 
				-exec @sbindir@/nrpe -c @pkgsysconfdir@/nrpe.cfg -d
			
 
				+exec @sbindir@/nrpe -c @pkgsysconfdir@/nrpe.cfg -f