Imported Upstream version 3.1.1
This commit is contained in:
parent
e08d40390d
commit
02b430a86c
17
Changelog
17
Changelog
@ -2,7 +2,22 @@
|
||||
NRPE Changelog
|
||||
**************
|
||||
|
||||
3.x.x - 201x-xx-xx
|
||||
3.1.1 - 2017-05-24
|
||||
------------------
|
||||
FIXES
|
||||
- The '--log-file=' or '-g' option is missing from the help (John Frickson)
|
||||
- check_nrpe = segfault when specifying a config file (John Frickson)
|
||||
- Alternate log file not being used soon enough (John Frickson)
|
||||
- Unable to compile v3.1.0rc1 with new SSL checks on rh5 (John Frickson)
|
||||
- Unable to compile nrpe-3.1.0 - undefined references to va_start, va_end (John Frickson)
|
||||
- Can't build on Debian Stretch, openssl 1.1.0c (John Frickson)
|
||||
- Fix build failure with -Werror=format-security (Bas Couwenberg)
|
||||
- Fixed a typo in `nrpe.spec.in` (John Frickson)
|
||||
- More detailed error logging for SSL (John Frickson)
|
||||
- Fix infinite loop when unresolvable host is in allowed_hosts (Nick / John Frickson)
|
||||
|
||||
|
||||
3.1.0 - 2017-04-17
|
||||
------------------
|
||||
ENHANCEMENTS
|
||||
- Added option to nrpe.cfg.in that can override hard-coded NASTY_METACHARS (John Frickson)
|
||||
|
66
configure
vendored
66
configure
vendored
@ -1,6 +1,6 @@
|
||||
#! /bin/sh
|
||||
# Guess values for system-dependent variables and create Makefiles.
|
||||
# Generated by GNU Autoconf 2.69 for nrpe 3.1.0-rc1.
|
||||
# Generated by GNU Autoconf 2.69 for nrpe 3.1.1.
|
||||
#
|
||||
# Report bugs to <nagios-users@lists.sourceforge.net>.
|
||||
#
|
||||
@ -580,8 +580,8 @@ MAKEFLAGS=
|
||||
# Identity of this package.
|
||||
PACKAGE_NAME='nrpe'
|
||||
PACKAGE_TARNAME='nrpe'
|
||||
PACKAGE_VERSION='3.1.0-rc1'
|
||||
PACKAGE_STRING='nrpe 3.1.0-rc1'
|
||||
PACKAGE_VERSION='3.1.1'
|
||||
PACKAGE_STRING='nrpe 3.1.1'
|
||||
PACKAGE_BUGREPORT='nagios-users@lists.sourceforge.net'
|
||||
PACKAGE_URL='https://www.nagios.org/downloads/nagios-core-addons/'
|
||||
|
||||
@ -757,6 +757,7 @@ with_logdir
|
||||
with_piddir
|
||||
with_pipedir
|
||||
enable_ssl
|
||||
with_need_dh
|
||||
with_ssl
|
||||
with_ssl_inc
|
||||
with_ssl_lib
|
||||
@ -1319,7 +1320,7 @@ if test "$ac_init_help" = "long"; then
|
||||
# Omit some internal or obsolete options to make the list less imposing.
|
||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||
cat <<_ACEOF
|
||||
\`configure' configures nrpe 3.1.0-rc1 to adapt to many kinds of systems.
|
||||
\`configure' configures nrpe 3.1.1 to adapt to many kinds of systems.
|
||||
|
||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||
|
||||
@ -1369,7 +1370,7 @@ fi
|
||||
|
||||
if test -n "$ac_init_help"; then
|
||||
case $ac_init_help in
|
||||
short | recursive ) echo "Configuration of nrpe 3.1.0-rc1:";;
|
||||
short | recursive ) echo "Configuration of nrpe 3.1.1:";;
|
||||
esac
|
||||
cat <<\_ACEOF
|
||||
|
||||
@ -1422,6 +1423,7 @@ Optional Packages:
|
||||
--with-logdir=DIR where log files should be placed
|
||||
--with-piddir=DIR where the PID file should be placed
|
||||
--with-pipedir=DIR where socket and pipe files should be placed
|
||||
--with-need-dh set to 'no' to not include Diffie-Hellman SSL logic
|
||||
--with-ssl=DIR sets location of the SSL installation
|
||||
--with-ssl-inc=DIR sets location of the SSL include files
|
||||
--with-ssl-lib=DIR sets location of the SSL libraries
|
||||
@ -1514,7 +1516,7 @@ fi
|
||||
test -n "$ac_init_help" && exit $ac_status
|
||||
if $ac_init_version; then
|
||||
cat <<\_ACEOF
|
||||
nrpe configure 3.1.0-rc1
|
||||
nrpe configure 3.1.1
|
||||
generated by GNU Autoconf 2.69
|
||||
|
||||
Copyright (C) 2012 Free Software Foundation, Inc.
|
||||
@ -2120,7 +2122,7 @@ cat >config.log <<_ACEOF
|
||||
This file contains any messages produced by compilers while
|
||||
running configure, to aid debugging if configure makes a mistake.
|
||||
|
||||
It was created by nrpe $as_me 3.1.0-rc1, which was
|
||||
It was created by nrpe $as_me 3.1.1, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
$ $0 $@
|
||||
@ -2485,9 +2487,9 @@ ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
|
||||
|
||||
|
||||
PKG_NAME=nrpe
|
||||
PKG_VERSION="3.1.0-rc1"
|
||||
PKG_VERSION="3.1.1"
|
||||
PKG_HOME_URL="http://www.nagios.org/"
|
||||
PKG_REL_DATE="2017-04-06"
|
||||
PKG_REL_DATE="2017-05-24"
|
||||
RPM_RELEASE=1
|
||||
|
||||
LANG=C
|
||||
@ -3020,29 +3022,29 @@ fi
|
||||
|
||||
inetd_disabled=""
|
||||
|
||||
if test x"$init_type" = "xupstart"; then
|
||||
inetd_type="upstart"
|
||||
elif test "$opsys" = "osx"; then
|
||||
inetd_type="launchd"
|
||||
fi
|
||||
|
||||
if test x"$inetd_type" = x; then
|
||||
case $dist_type in #(
|
||||
case $dist_type in #(
|
||||
solaris) :
|
||||
if test x"$init_type" = "xsmf10" -o x"$init_type" = "xsmf11"; then
|
||||
inetd_type="$init_type"
|
||||
else
|
||||
inetd_type="inetd"
|
||||
fi ;; #(
|
||||
inetd_type="$init_type"
|
||||
else
|
||||
inetd_type="inetd"
|
||||
fi ;; #(
|
||||
*bsd*) :
|
||||
inetd_type=`ps -A -o comm -c | grep inetd` ;; #(
|
||||
osx) :
|
||||
inetd_type=`launchd` ;; #(
|
||||
aix|hp-ux) :
|
||||
inetd_type=`UNIX95= ps -A -o comm | grep inetd | head -1` ;; #(
|
||||
*) :
|
||||
inetd_type=`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND` ;; #(
|
||||
inetd_type=`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND | head -1` ;; #(
|
||||
*) :
|
||||
;;
|
||||
esac
|
||||
|
||||
if test x"$inetd_type" = x; then
|
||||
if test x"$init_type" = "xupstart"; then
|
||||
inetd_type="upstart"
|
||||
fi
|
||||
fi
|
||||
|
||||
if test x"$inetd_type" = x; then
|
||||
@ -4346,7 +4348,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
||||
# report actual input values of CONFIG_FILES etc. instead of their
|
||||
# values after options handling.
|
||||
ac_log="
|
||||
This file was extended by nrpe $as_me 3.1.0-rc1, which was
|
||||
This file was extended by nrpe $as_me 3.1.1, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
CONFIG_FILES = $CONFIG_FILES
|
||||
@ -4400,7 +4402,7 @@ _ACEOF
|
||||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
||||
ac_cs_version="\\
|
||||
nrpe config.status 3.1.0-rc1
|
||||
nrpe config.status 3.1.1
|
||||
configured by $0, generated by GNU Autoconf 2.69,
|
||||
with options \\"\$ac_cs_config\\"
|
||||
|
||||
@ -7278,9 +7280,19 @@ else
|
||||
fi
|
||||
|
||||
|
||||
need_dh=yes
|
||||
|
||||
# Check whether --with-need_dh was given.
|
||||
if test "${with_need_dh+set}" = set; then :
|
||||
withval=$with_need_dh; need_dh=$withval
|
||||
else
|
||||
nrpe_group=need_dh
|
||||
fi
|
||||
|
||||
|
||||
if test x$check_for_ssl = xyes; then
|
||||
# need_dh should only be set for NRPE
|
||||
need_dh=yes
|
||||
# need_dh=yes
|
||||
|
||||
|
||||
# -------------------------------
|
||||
@ -8272,7 +8284,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
||||
# report actual input values of CONFIG_FILES etc. instead of their
|
||||
# values after options handling.
|
||||
ac_log="
|
||||
This file was extended by nrpe $as_me 3.1.0-rc1, which was
|
||||
This file was extended by nrpe $as_me 3.1.1, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
CONFIG_FILES = $CONFIG_FILES
|
||||
@ -8335,7 +8347,7 @@ _ACEOF
|
||||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
||||
ac_cs_version="\\
|
||||
nrpe config.status 3.1.0-rc1
|
||||
nrpe config.status 3.1.1
|
||||
configured by $0, generated by GNU Autoconf 2.69,
|
||||
with options \\"\$ac_cs_config\\"
|
||||
|
||||
|
14
configure.ac
14
configure.ac
@ -5,15 +5,15 @@ define([AC_CACHE_LOAD],)
|
||||
define([AC_CACHE_SAVE],)
|
||||
|
||||
m4_include([build-aux/custom_help.m4])
|
||||
AC_INIT([nrpe],[3.1.0-rc1],[nagios-users@lists.sourceforge.net],[nrpe],[https://www.nagios.org/downloads/nagios-core-addons/])
|
||||
AC_INIT([nrpe],[3.1.1],[nagios-users@lists.sourceforge.net],[nrpe],[https://www.nagios.org/downloads/nagios-core-addons/])
|
||||
AC_CONFIG_SRCDIR([src/nrpe.c])
|
||||
AC_CONFIG_AUX_DIR([build-aux])
|
||||
AC_PREFIX_DEFAULT(/usr/local/nagios)
|
||||
|
||||
PKG_NAME=nrpe
|
||||
PKG_VERSION="3.1.0-rc1"
|
||||
PKG_VERSION="3.1.1"
|
||||
PKG_HOME_URL="http://www.nagios.org/"
|
||||
PKG_REL_DATE="2017-04-06"
|
||||
PKG_REL_DATE="2017-05-24"
|
||||
RPM_RELEASE=1
|
||||
|
||||
LANG=C
|
||||
@ -304,10 +304,16 @@ AC_ARG_ENABLE([ssl],
|
||||
fi
|
||||
],check_for_ssl=yes)
|
||||
|
||||
need_dh=yes
|
||||
AC_ARG_WITH([need_dh],
|
||||
AS_HELP_STRING([--with-need-dh],[set to 'no' to not include Diffie-Hellman SSL logic]),
|
||||
[need_dh=$withval],
|
||||
[nrpe_group=need_dh])
|
||||
|
||||
dnl Optional SSL library and include paths
|
||||
if test x$check_for_ssl = xyes; then
|
||||
# need_dh should only be set for NRPE
|
||||
need_dh=yes
|
||||
# need_dh=yes
|
||||
AC_NAGIOS_GET_SSL
|
||||
fi
|
||||
|
||||
|
BIN
docs/NRPE.odt
BIN
docs/NRPE.odt
Binary file not shown.
BIN
docs/NRPE.pdf
BIN
docs/NRPE.pdf
Binary file not shown.
@ -2,7 +2,7 @@
|
||||
*
|
||||
* COMMON.H - NRPE Common Include File
|
||||
* Copyright (c) 1999-2007 Ethan Galstad (nagios@nagios.org)
|
||||
* Last Modified: 2017-04-06
|
||||
* Last Modified: 2017-05-24
|
||||
*
|
||||
* License:
|
||||
*
|
||||
@ -33,8 +33,8 @@
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#define PROGRAM_VERSION "3.1.0-rc1"
|
||||
#define MODIFICATION_DATE "2017-04-06"
|
||||
#define PROGRAM_VERSION "3.1.1"
|
||||
#define MODIFICATION_DATE "2017-05-24"
|
||||
|
||||
#define OK 0
|
||||
#define ERROR -1
|
||||
|
@ -93,29 +93,30 @@ AC_SUBST(inetd_type)
|
||||
|
||||
inetd_disabled=""
|
||||
|
||||
if test x"$init_type" = "xupstart"; then
|
||||
inetd_type="upstart"
|
||||
elif test "$opsys" = "osx"; then
|
||||
inetd_type="launchd"
|
||||
fi
|
||||
AS_CASE([$dist_type],
|
||||
[solaris],
|
||||
if test x"$init_type" = "xsmf10" -o x"$init_type" = "xsmf11"; then
|
||||
inetd_type="$init_type"
|
||||
else
|
||||
inetd_type="inetd"
|
||||
fi,
|
||||
|
||||
[*bsd*],
|
||||
inetd_type=`ps -A -o comm -c | grep inetd`,
|
||||
|
||||
[osx],
|
||||
inetd_type=`launchd`,
|
||||
|
||||
[aix|hp-ux],
|
||||
inetd_type=`UNIX95= ps -A -o comm | grep inetd | head -1`,
|
||||
|
||||
[*],
|
||||
inetd_type=[`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND | head -1`])
|
||||
|
||||
if test x"$inetd_type" = x; then
|
||||
AS_CASE([$dist_type],
|
||||
[solaris],
|
||||
if test x"$init_type" = "xsmf10" -o x"$init_type" = "xsmf11"; then
|
||||
inetd_type="$init_type"
|
||||
else
|
||||
inetd_type="inetd"
|
||||
fi,
|
||||
|
||||
[*bsd*],
|
||||
inetd_type=`ps -A -o comm -c | grep inetd`,
|
||||
|
||||
[aix|hp-ux],
|
||||
inetd_type=`UNIX95= ps -A -o comm | grep inetd | head -1`,
|
||||
|
||||
[*],
|
||||
inetd_type=[`ps -C "inetd,xinetd" -o fname | grep -vi COMMAND | head -1`])
|
||||
if test x"$init_type" = "xupstart"; then
|
||||
inetd_type="upstart"
|
||||
fi
|
||||
fi
|
||||
|
||||
if test x"$inetd_type" = x; then
|
||||
|
@ -9,7 +9,7 @@
|
||||
%endif
|
||||
%if %{islinux}
|
||||
%define _init_dir @initdir@
|
||||
%define _init_tyhpe @init_type@
|
||||
%define _init_type @init_type@
|
||||
%define _exec_prefix %{_prefix}/sbin
|
||||
%define _bindir %{_prefix}/sbin
|
||||
%define _sbindir %{_prefix}/lib/nagios/cgi
|
||||
@ -22,7 +22,7 @@
|
||||
%define _sysconfdir /etc/nagios
|
||||
|
||||
%define name @PACKAGE_NAME@
|
||||
%define version 3.1.0-rc1
|
||||
%define version 3.1.1
|
||||
%define release @RPM_RELEASE@
|
||||
%define nsusr @nrpe_user@
|
||||
%define nsgrp @nrpe_group@
|
||||
|
@ -565,9 +565,9 @@ int is_an_allowed_host(int family, void *host)
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
dns_acl_curr = dns_acl_curr->next;
|
||||
}
|
||||
|
||||
dns_acl_curr = dns_acl_curr->next;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
@ -4,7 +4,7 @@
|
||||
* Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
|
||||
* License: GPL
|
||||
*
|
||||
* Last Modified: 2017-04-06
|
||||
* Last Modified: 2017-05-24
|
||||
*
|
||||
* Command line: CHECK_NRPE -H <host_address> [-p port] [-c command] [-to to_sec]
|
||||
*
|
||||
@ -116,8 +116,6 @@ int main(int argc, char **argv)
|
||||
|
||||
result = process_arguments(argc, argv, 0);
|
||||
|
||||
open_log_file();
|
||||
|
||||
if (result != OK || show_help == TRUE || show_license == TRUE || show_version == TRUE)
|
||||
usage(result); /* usage() will call exit() */
|
||||
|
||||
@ -466,6 +464,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
|
||||
break;
|
||||
}
|
||||
log_file = strdup(optarg);
|
||||
open_log_file();
|
||||
break;
|
||||
|
||||
default:
|
||||
@ -558,10 +557,10 @@ int read_config_file(char *fname)
|
||||
|
||||
bufp = buf;
|
||||
while (argc < 50) {
|
||||
while (*bufp && strchr(delims, *bufp))
|
||||
++bufp;
|
||||
if (*bufp == '\0')
|
||||
break;
|
||||
while (strchr(delims, *bufp))
|
||||
++bufp;
|
||||
argv[argc] = my_strsep(&bufp, delims);
|
||||
if (!argv[argc++])
|
||||
break;
|
||||
@ -667,7 +666,7 @@ void usage(int result)
|
||||
printf("Usage: check_nrpe -H <host> [-2] [-4] [-6] [-n] [-u] [-V] [-l] [-d <dhopt>]\n"
|
||||
" [-P <size>] [-S <ssl version>] [-L <cipherlist>] [-C <clientcert>]\n"
|
||||
" [-K <key>] [-A <ca-certificate>] [-s <logopts>] [-b <bindaddr>]\n"
|
||||
" [-f <cfg-file>] [-p <port>] [-t <interval>:<state>]\n"
|
||||
" [-f <cfg-file>] [-p <port>] [-t <interval>:<state>] [-g <log-file>]\n"
|
||||
" [-c <command>] [-a <arglist...>]\n");
|
||||
printf("\n");
|
||||
printf("Options:\n");
|
||||
@ -704,6 +703,7 @@ void usage(int result)
|
||||
printf(" <logopts> = SSL Logging Options\n");
|
||||
printf(" <bindaddr> = bind to local address\n");
|
||||
printf(" <cfg-file> = configuration file to use\n");
|
||||
printf(" <log-file> = full path to the log file to write to\n");
|
||||
printf(" [port] = The port on which the daemon is running (default=%d)\n",
|
||||
DEFAULT_SERVER_PORT);
|
||||
printf(" [command] = The name of the command that the remote daemon should run\n");
|
||||
@ -743,7 +743,7 @@ void usage(int result)
|
||||
void setup_ssl()
|
||||
{
|
||||
#ifdef HAVE_SSL
|
||||
int vrfy;
|
||||
int vrfy, x;
|
||||
|
||||
if (sslprm.log_opts & SSL_LogStartup) {
|
||||
char *val;
|
||||
@ -878,7 +878,9 @@ void setup_ssl()
|
||||
break;
|
||||
case TLSv1_2:
|
||||
case TLSv1_2_plus:
|
||||
#ifdef SSL_OP_NO_TLSv1_1
|
||||
ssl_opts |= SSL_OP_NO_TLSv1_1;
|
||||
#endif
|
||||
case TLSv1_1:
|
||||
case TLSv1_1_plus:
|
||||
ssl_opts |= SSL_OP_NO_TLSv1;
|
||||
@ -897,14 +899,23 @@ void setup_ssl()
|
||||
|
||||
if (sslprm.cert_file != NULL && sslprm.privatekey_file != NULL) {
|
||||
if (!SSL_CTX_use_certificate_file(ctx, sslprm.cert_file, SSL_FILETYPE_PEM)) {
|
||||
SSL_CTX_free(ctx);
|
||||
printf("Error: could not use certificate file '%s'.\n", sslprm.cert_file);
|
||||
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
||||
printf("Error: could not use certificate file '%s': %s\n",
|
||||
sslprm.cert_file, ERR_reason_error_string(x));
|
||||
}
|
||||
SSL_CTX_free(ctx);
|
||||
exit(STATE_CRITICAL);
|
||||
}
|
||||
if (!SSL_CTX_use_PrivateKey_file(ctx, sslprm.privatekey_file, SSL_FILETYPE_PEM)) {
|
||||
SSL_CTX_free(ctx);
|
||||
printf("Error: could not use private key file '%s'.\n",
|
||||
sslprm.privatekey_file);
|
||||
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
||||
printf("Error: could not use private key file '%s': %s\n",
|
||||
sslprm.privatekey_file, ERR_reason_error_string(x));
|
||||
}
|
||||
SSL_CTX_free(ctx);
|
||||
exit(STATE_CRITICAL);
|
||||
}
|
||||
}
|
||||
@ -913,8 +924,12 @@ void setup_ssl()
|
||||
vrfy = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
|
||||
SSL_CTX_set_verify(ctx, vrfy, verify_callback);
|
||||
if (!SSL_CTX_load_verify_locations(ctx, sslprm.cacert_file, NULL)) {
|
||||
SSL_CTX_free(ctx);
|
||||
printf("Error: could not use CA certificate '%s'.\n", sslprm.cacert_file);
|
||||
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
||||
printf("Error: could not use CA certificate '%s': %s\n",
|
||||
sslprm.privatekey_file, ERR_reason_error_string(x));
|
||||
}
|
||||
SSL_CTX_free(ctx);
|
||||
exit(STATE_CRITICAL);
|
||||
}
|
||||
}
|
||||
@ -932,8 +947,12 @@ void setup_ssl()
|
||||
}
|
||||
|
||||
if (SSL_CTX_set_cipher_list(ctx, sslprm.cipher_list) == 0) {
|
||||
SSL_CTX_free(ctx);
|
||||
printf("Error: Could not set SSL/TLS cipher list: %s\n", sslprm.cipher_list);
|
||||
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
||||
printf("Could not set SSL/TLS cipher list '%s': %s\n",
|
||||
sslprm.cipher_list, ERR_reason_error_string(x));
|
||||
}
|
||||
SSL_CTX_free(ctx);
|
||||
exit(STATE_CRITICAL);
|
||||
}
|
||||
}
|
||||
@ -965,7 +984,7 @@ int connect_to_remote()
|
||||
struct sockaddr addr;
|
||||
struct in_addr *inaddr;
|
||||
socklen_t addrlen;
|
||||
int result, rc, ssl_err, ern;
|
||||
int result, rc, ssl_err, ern, x, nerrs = 0;
|
||||
|
||||
/* try to connect to the host at the given port number */
|
||||
if ((sd =
|
||||
@ -1004,7 +1023,6 @@ int connect_to_remote()
|
||||
ssl_err = SSL_get_error(ssl, rc);
|
||||
|
||||
if (sslprm.log_opts & (SSL_LogCertDetails | SSL_LogIfClientCert)) {
|
||||
int x, nerrs = 0;
|
||||
rc = 0;
|
||||
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
||||
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: %s",
|
||||
@ -1015,9 +1033,16 @@ int connect_to_remote()
|
||||
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: rc=%d SSL-error=%d",
|
||||
rem_host, rc, ssl_err);
|
||||
|
||||
} else
|
||||
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: rc=%d SSL-error=%d",
|
||||
rem_host, rc, ssl_err);
|
||||
} else {
|
||||
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
||||
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: %s",
|
||||
rem_host, ERR_reason_error_string(x));
|
||||
++nerrs;
|
||||
}
|
||||
if (nerrs == 0)
|
||||
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: "
|
||||
"rc=%d SSL-error=%d", rem_host, rc, ssl_err);
|
||||
}
|
||||
|
||||
if (ssl_err == 5) {
|
||||
/* Often, errno will be zero, so print a generic message here */
|
||||
|
38
src/nrpe.c
38
src/nrpe.c
@ -186,8 +186,6 @@ int main(int argc, char **argv)
|
||||
return STATE_CRITICAL;
|
||||
}
|
||||
|
||||
open_log_file();
|
||||
|
||||
if (!nasty_metachars)
|
||||
nasty_metachars = strdup(NASTY_METACHARS);
|
||||
|
||||
@ -244,6 +242,7 @@ void init_ssl(void)
|
||||
#ifdef HAVE_SSL
|
||||
DH *dh;
|
||||
char seedfile[FILENAME_MAX];
|
||||
char errstr[120] = { "" };
|
||||
int i, c, x, vrfy;
|
||||
unsigned long ssl_opts = SSL_OP_ALL | SSL_OP_SINGLE_DH_USE;
|
||||
|
||||
@ -315,7 +314,10 @@ void init_ssl(void)
|
||||
|
||||
ctx = SSL_CTX_new(meth);
|
||||
if (ctx == NULL) {
|
||||
logit(LOG_ERR, "Error: could not create SSL context");
|
||||
while ((x = ERR_get_error()) != 0) {
|
||||
ERR_error_string(x, errstr);
|
||||
logit(LOG_ERR, "Error: could not create SSL context : %s", errstr);
|
||||
}
|
||||
SSL_CTX_free(ctx);
|
||||
exit(STATE_CRITICAL);
|
||||
}
|
||||
@ -359,7 +361,9 @@ void init_ssl(void)
|
||||
break;
|
||||
case TLSv1_2:
|
||||
case TLSv1_2_plus:
|
||||
#ifdef SSL_OP_NO_TLSv1_1
|
||||
ssl_opts |= SSL_OP_NO_TLSv1_1;
|
||||
#endif
|
||||
case TLSv1_1:
|
||||
case TLSv1_1_plus:
|
||||
ssl_opts |= SSL_OP_NO_TLSv1;
|
||||
@ -377,7 +381,6 @@ void init_ssl(void)
|
||||
SSL_CTX_set_options(ctx, ssl_opts);
|
||||
|
||||
if (sslprm.cert_file != NULL) {
|
||||
char errstr[120] = { "" };
|
||||
if (!SSL_CTX_use_certificate_file(ctx, sslprm.cert_file, SSL_FILETYPE_PEM)) {
|
||||
SSL_CTX_free(ctx);
|
||||
while ((x = ERR_get_error()) != 0) {
|
||||
@ -388,9 +391,12 @@ void init_ssl(void)
|
||||
exit(STATE_CRITICAL);
|
||||
}
|
||||
if (!SSL_CTX_use_PrivateKey_file(ctx, sslprm.privatekey_file, SSL_FILETYPE_PEM)) {
|
||||
while ((x = ERR_get_error()) != 0) {
|
||||
ERR_error_string(x, errstr);
|
||||
logit(LOG_ERR, "Error: could not use private key file '%s' : %s",
|
||||
sslprm.privatekey_file, errstr);
|
||||
}
|
||||
SSL_CTX_free(ctx);
|
||||
logit(LOG_ERR, "Error: could not use private key file '%s'",
|
||||
sslprm.privatekey_file);
|
||||
exit(STATE_CRITICAL);
|
||||
}
|
||||
}
|
||||
@ -401,6 +407,10 @@ void init_ssl(void)
|
||||
vrfy |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
|
||||
SSL_CTX_set_verify(ctx, vrfy, verify_callback);
|
||||
if (!SSL_CTX_load_verify_locations(ctx, sslprm.cacert_file, NULL)) {
|
||||
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
||||
logit(LOG_ERR, "Error: could not use certificate file '%s': %s\n",
|
||||
sslprm.cacert_file, ERR_reason_error_string(x));
|
||||
}
|
||||
SSL_CTX_free(ctx);
|
||||
logit(LOG_ERR, "Error: could not use CA certificate '%s'", sslprm.cacert_file);
|
||||
exit(STATE_CRITICAL);
|
||||
@ -651,13 +661,13 @@ void cleanup(void)
|
||||
free_memory(); /* free all memory we allocated */
|
||||
|
||||
if (sigrestart == TRUE && sigshutdown == FALSE) {
|
||||
close_log_file();
|
||||
result = read_config_file(config_file); /* read the config file */
|
||||
|
||||
if (result == ERROR) { /* exit if there are errors... */
|
||||
logit(LOG_ERR, "Config file '%s' contained errors, bailing out...", config_file);
|
||||
exit(STATE_CRITICAL);
|
||||
}
|
||||
open_log_file();
|
||||
return;
|
||||
}
|
||||
|
||||
@ -950,10 +960,11 @@ int read_config_file(char *filename)
|
||||
else if (!strcmp(varname, "nasty_metachars"))
|
||||
nasty_metachars = strdup(varvalue);
|
||||
|
||||
else if (!strcmp(varname, "log_file"))
|
||||
else if (!strcmp(varname, "log_file")) {
|
||||
log_file = strdup(varvalue);
|
||||
open_log_file();
|
||||
|
||||
else {
|
||||
} else {
|
||||
logit(LOG_WARNING, "Unknown option specified in config file '%s' - Line %d\n",
|
||||
filename, line);
|
||||
continue;
|
||||
@ -1852,6 +1863,7 @@ int handle_conn_ssl(int sock, void *ssl_ptr)
|
||||
#else
|
||||
const SSL_CIPHER *c;
|
||||
#endif
|
||||
const char *errmsg = NULL;
|
||||
char buffer[MAX_INPUT_BUFFER];
|
||||
SSL *ssl = (SSL*)ssl_ptr;
|
||||
X509 *peer;
|
||||
@ -1869,8 +1881,14 @@ int handle_conn_ssl(int sock, void *ssl_ptr)
|
||||
int nerrs = 0;
|
||||
rc = 0;
|
||||
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
|
||||
errmsg = ERR_reason_error_string(x);
|
||||
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: %s",
|
||||
remote_host, ERR_reason_error_string(x));
|
||||
remote_host, errmsg);
|
||||
if (errmsg && !strcmp(errmsg, "no shared cipher")) {
|
||||
if (sslprm.cert_file == NULL || sslprm.cacert_file == NULL)
|
||||
logit(LOG_ERR, "Error: This could be because you have not "
|
||||
"specified certificate or ca-certificate files");
|
||||
}
|
||||
++nerrs;
|
||||
}
|
||||
if (nerrs == 0)
|
||||
|
@ -31,6 +31,7 @@
|
||||
|
||||
#include "../include/common.h"
|
||||
#include "../include/utils.h"
|
||||
#include <stdarg.h>
|
||||
#ifdef HAVE_PATHS_H
|
||||
#include <paths.h>
|
||||
#endif
|
||||
@ -469,6 +470,7 @@ char *my_strsep(char **stringp, const char *delim)
|
||||
void open_log_file()
|
||||
{
|
||||
int fh;
|
||||
int flags = O_RDWR|O_APPEND|O_CREAT;
|
||||
struct stat st;
|
||||
|
||||
close_log_file();
|
||||
@ -476,7 +478,10 @@ void open_log_file()
|
||||
if (!log_file)
|
||||
return;
|
||||
|
||||
if ((fh = open(log_file, O_RDWR|O_APPEND|O_CREAT|O_NOFOLLOW, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) == -1) {
|
||||
#ifdef O_NOFOLLOW
|
||||
flags |= O_NOFOLLOW;
|
||||
#endif
|
||||
if ((fh = open(log_file, flags, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) == -1) {
|
||||
printf("Warning: Cannot open log file '%s' for writing\n", log_file);
|
||||
logit(LOG_WARNING, "Warning: Cannot open log file '%s' for writing", log_file);
|
||||
return;
|
||||
@ -527,7 +532,7 @@ void logit(int priority, const char *format, ...)
|
||||
fflush(log_fp);
|
||||
|
||||
} else
|
||||
syslog(priority, buffer);
|
||||
syslog(priority, "%s", buffer);
|
||||
|
||||
free(buffer);
|
||||
}
|
||||
|
@ -28,10 +28,10 @@ else
|
||||
fi
|
||||
|
||||
# Current version number
|
||||
CURRENTVERSION=3.1.0-rc1
|
||||
CURRENTVERSION=3.1.1
|
||||
|
||||
# Last date
|
||||
LASTDATE=2017-04-06
|
||||
LASTDATE=2017-05-24
|
||||
|
||||
if [ "x$1" = "x" ]
|
||||
then
|
||||
|
Loading…
Reference in New Issue
Block a user