Imported Upstream version 3.0.1

include/common.h

@@ -1,92 +0,0 @@
-/************************************************************************
- *
- * COMMON.H - NRPE Common Include File
- * Copyright (c) 1999-2007 Ethan Galstad (nagios@nagios.org)
- * Last Modified: 09-06-2013
- *
- * License:
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- ************************************************************************/
-
-#include "config.h"
-
-#define PROGRAM_VERSION "2.15"
-#define MODIFICATION_DATE "09-06-2013"
-
-#define OK		0
-#define ERROR		-1
-
-#define TRUE		1
-#define FALSE		0
-
-#define STATE_UNKNOWN  	3	/* service state return codes */
-#define	STATE_CRITICAL 	2
-#define STATE_WARNING 	1
-#define STATE_OK       	0
-
-
-#define DEFAULT_SOCKET_TIMEOUT	10	/* timeout after 10 seconds */
-#define DEFAULT_CONNECTION_TIMEOUT 300	/* timeout if daemon is waiting for connection more than this time */
-
-#define MAX_INPUT_BUFFER	2048	/* max size of most buffers we use */
-#define MAX_FILENAME_LENGTH     256
-
-#define MAX_HOST_ADDRESS_LENGTH	256	/* max size of a host address */
-
-#define NRPE_HELLO_COMMAND      "_NRPE_CHECK"
-
-#define MAX_COMMAND_ARGUMENTS   16
-
-
-/**************** PACKET STRUCTURE DEFINITION **********/
-
-#define QUERY_PACKET		1		/* id code for a packet containing a query */
-#define	RESPONSE_PACKET		2		/* id code for a packet containing a response */
-
-#define NRPE_PACKET_VERSION_3   3               /* packet version identifier */
-#define NRPE_PACKET_VERSION_2   2               
-#define NRPE_PACKET_VERSION_1	1		/* older packet version identifiers (no longer supported) */
-
-#define MAX_PACKETBUFFER_LENGTH	1024		/* max amount of data we'll send in one query/response */
-
-typedef struct packet_struct{
-	int16_t   packet_version;
-	int16_t   packet_type;
-	u_int32_t crc32_value;
-	int16_t   result_code;
-	char      buffer[MAX_PACKETBUFFER_LENGTH];
-        }packet;
-
-/**************** OPERATING SYSTEM SPECIFIC DEFINITIONS **********/
-#if defined(__sun) || defined(__hpux)
-
-#  ifndef LOG_AUTHPRIV
-#    define LOG_AUTHPRIV LOG_AUTH
-#  endif
-
-#  ifndef LOG_FTP
-#    define LOG_FTP LOG_DAEMON
-#  endif
-
-#elif _AIX
-
-#  include <sys/select.h>
-
-#  ifndef LOG_FTP
-#    define LOG_FTP LOG_DAEMON
-#  endif
-
-#endif

include/common.h.in

@@ -0,0 +1,96 @@
+/************************************************************************
+ *
+ * COMMON.H - NRPE Common Include File
+ * Copyright (c) 1999-2007 Ethan Galstad (nagios@nagios.org)
+ * Last Modified: 09-08-2016
+ *
+ * License:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ ************************************************************************/
+
+#include "config.h"
+
+#ifdef HAVE_SSL
+#include <@SSL_INC_PREFIX@@SSL_HDR@>
+#endif
+
+#define PROGRAM_VERSION "3.0.1"
+#define MODIFICATION_DATE "09-08-2016"
+
+#define OK							0
+#define ERROR						-1
+
+#define TRUE						1
+#define FALSE						0
+
+#define STATE_UNKNOWN				3		/* service state return codes */
+#define	STATE_CRITICAL				2
+#define STATE_WARNING				1
+#define STATE_OK					0
+
+
+#define DEFAULT_SOCKET_TIMEOUT		10		/* timeout after 10 seconds */
+#define DEFAULT_CONNECTION_TIMEOUT	300		/* timeout if daemon is waiting for connection more than this time */
+
+#define MAX_INPUT_BUFFER			2048	/* max size of most buffers we use */
+#define MAX_FILENAME_LENGTH			256
+#define MAX_HOST_ADDRESS_LENGTH		256		/* max size of a host address */
+#define MAX_COMMAND_ARGUMENTS		16
+
+#define NRPE_HELLO_COMMAND			"_NRPE_CHECK"
+
+/**************** PACKET STRUCTURE DEFINITION **********/
+
+#define QUERY_PACKET				1		/* id code for a packet containing a query */
+#define	RESPONSE_PACKET				2		/* id code for a packet containing a response */
+#define NRPE_PACKET_VERSION_3		3		/* packet version identifier */
+#define NRPE_PACKET_VERSION_2		2
+#define NRPE_PACKET_VERSION_1		1		/* older packet version identifiers (no longer supported) */
+
+#define MAX_PACKETBUFFER_LENGTH		1024	/* amount of data to send in one query/response vor version 2 */
+
+typedef struct _v2_packet {
+	int16_t		packet_version;
+	int16_t		packet_type;
+	u_int32_t	crc32_value;
+	int16_t		result_code;
+	char		buffer[MAX_PACKETBUFFER_LENGTH];
+} v2_packet;
+typedef struct _v3_packet {
+	int16_t		packet_version;
+	int16_t		packet_type;
+	u_int32_t	crc32_value;
+	int16_t		result_code;
+	int16_t		alignment;
+	int32_t		buffer_length;
+	char		buffer[1];
+} v3_packet;
+
+/**************** OPERATING SYSTEM SPECIFIC DEFINITIONS **********/
+#if defined(__sun) || defined(__hpux)
+
+# ifndef LOG_AUTHPRIV
+#  define LOG_AUTHPRIV LOG_AUTH
+# endif
+# ifndef LOG_FTP
+#  define LOG_FTP LOG_DAEMON
+# endif
+#elif defined(_AIX)
+# include <sys/select.h>
+# ifndef LOG_FTP
+#  define LOG_FTP LOG_DAEMON
+# endif
+#endif

include/config.h.in

@@ -33,26 +33,27 @@
 #define NRPE_LOG_FACILITY       @log_facility@
 
 #undef ENABLE_COMMAND_ARGUMENTS
-
 #undef ENABLE_BASH_COMMAND_SUBSTITUTION
-
 #undef socklen_t
-
 #undef HAVE_GETOPT_LONG
-
 #undef HAVE_LIBWRAP
-
 #undef STDC_HEADERS
 #undef HAVE_STRDUP
 #undef HAVE_STRSTR
-#undef HAVE_STRTOUL 
+#undef HAVE_STRTOUL
+#undef HAVE_STRTOK_R
 #undef HAVE_INITGROUPS
 #undef HAVE_CLOSESOCKET
+#undef HAVE_SIGACTION
+#undef HAVE_RFC931_TIMEOUT
 
 #undef SIZEOF_INT
 #undef SIZEOF_SHORT
 #undef SIZEOF_LONG
 
+/* #undef const */
+#undef USE_SSL_DH
+
 /* stupid stuff for u_int32_t */
 #undef U_INT32_T_IS_USHORT
 #undef U_INT32_T_IS_UINT
@@ -99,10 +100,16 @@ typedef int int32_t;
 #undef HAVE___VA_COPY
 
 
-
 #define SOCKET_SIZE_TYPE ""
 #define GETGROUPS_T ""
 #define RETSIGTYPE ""
+#undef HAVE_STRUCT_SOCKADDR_STORAGE
+
+/* Use seteuid() or setresuid() depending on the platform */
+#undef SETEUID
+
+/* Is this a Solaris 10 machine? */
+#undef SOLARIS_10
 
 #undef HAVE_GETOPT_H
 #ifdef HAVE_GETOPT_H
@@ -223,7 +230,7 @@ typedef int int32_t;
 #ifdef HAVE_PWD_H
 #include <pwd.h>
 #endif
- 
+
 #undef HAVE_GRP_H
 #ifdef HAVE_GRP_H
 #include <grp.h>
@@ -235,15 +242,6 @@ typedef int int32_t;
 #endif
 
 #undef HAVE_SSL
-#ifdef HAVE_SSL
-#include <rsa.h>
-#include <crypto.h>
-#include <dh.h>
-#include <pem.h>
-#include <ssl.h>
-#include <err.h>
-#include <rand.h>
-#endif
 
 #undef HAVE_KRB5_H
 #ifdef HAVE_KRB5_H

include/dh.h

@@ -1,25 +0,0 @@
-#ifndef HEADER_DH_H
-#include <openssl/dh.h>
-#endif
-DH *get_dh512()
-	{
-	static unsigned char dh512_p[]={
-		0xDA,0xD8,0xF0,0xA2,0x9A,0x64,0xC2,0x9F,0x22,0x9D,0x47,0xA1,
-		0xB2,0xED,0xD6,0x89,0xB5,0x46,0x6D,0x4E,0x1F,0x14,0xF4,0xF4,
-		0xEB,0xCA,0x4D,0x41,0x89,0x60,0x0D,0x1F,0xB3,0x50,0xC4,0x54,
-		0xE1,0x60,0xB5,0xDD,0x57,0x0C,0xF9,0xF5,0x19,0x73,0x6C,0x0C,
-		0x45,0x33,0xA9,0xC1,0xD7,0xF3,0x27,0x68,0xEE,0xDA,0x8C,0x4A,
-		0x1C,0x52,0xA1,0x9B,
-		};
-	static unsigned char dh512_g[]={
-		0x02,
-		};
-	DH *dh;
-
-	if ((dh=DH_new()) == NULL) return(NULL);
-	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
-	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
-	if ((dh->p == NULL) || (dh->g == NULL))
-		{ DH_free(dh); return(NULL); }
-	return(dh);
-	}

include/nrpe.h

@@ -22,44 +22,48 @@
  *
  ************************************************************************/
 
- /*
-  * 08-10-2011 IPv4 subnetworks support added.
-  * Main change in nrpe.c is that is_an_allowed_host() moved to acl.c
-  *
-  */
-
 /**************** COMMAND STRUCTURE DEFINITION **********/
 
-typedef struct command_struct{
-	char *command_name;
-	char *command_line;
-	struct command_struct *next;
-        }command;
+typedef struct command_struct {
+	char					*command_name;
+	char					*command_line;
+	struct command_struct	*next;
+} command;
 
-int process_arguments(int,char **);
-void wait_for_connections(void);
-void handle_connection(int);
+int init(void);
+void init_ssl(void);
+void log_ssl_startup(void);
+void usage(int);
+void run_inetd(void);
+void run_src(void);
+void run_daemon(void);
+void set_stdio_sigs(void);
+void cleanup(void);
 int read_config_file(char *);
 int read_config_dir(char *);
 int get_log_facility(char *);
 int add_command(char *,char *);
 command *find_command(char *);
-void sighandler(int);
-int drop_privileges(char *,char *);
-int check_privileges(void);
-
-int write_pid_file(void);
-int remove_pid_file(void);
-
+void create_listener(struct addrinfo *ai);
+void wait_for_connections(void);
+void setup_wait_conn(void);
+int wait_conn_fork(int sock);
+void conn_check_peer(int sock);
+void handle_connection(int);
+void init_handle_conn(void);
+int handle_conn_ssl(int sock, void *ssl_ptr);
+int read_packet(int sock, void *ssl_ptr, v2_packet *v2_pkt, v3_packet **v3_pkt);
 void free_memory(void);
-int validate_request(packet *);
-int contains_nasty_metachars(char *);
-int process_macros(char *,char *,int);
-int my_system(char *,int,int *,char *,int);            	/* executes a command via popen(), but also protects against timeouts */
+int my_system(char*, int, int*, char**);	/* executes a command via popen(), but also protects against timeouts */
 void my_system_sighandler(int);				/* handles timeouts when executing commands via my_system() */
 void my_connection_sighandler(int);			/* handles timeouts of connection */
-
+int drop_privileges(char *,char *, int);
+int write_pid_file(void);
+int remove_pid_file(void);
+int check_privileges(void);
 void sighandler(int);
 void child_sighandler(int);
-
-
+int validate_request(v2_packet *, v3_packet *);
+int contains_nasty_metachars(char *);
+int process_macros(char *,char *,int);
+int process_arguments(int,char **);

include/utils.h

@@ -29,35 +29,27 @@
  *
  ************************************************************************************************/
 
-#ifndef _UTILS_H
-#define _UTILS_H
+#ifndef NRPE_UTILS_H_INCLUDED
+#define NRPE_UTILS_H_INCLUDED
 
 #include "../include/config.h"
 
-
 void generate_crc32_table(void);
-unsigned long calculate_crc32(char *, int);
-
-void randomize_buffer(char *,int);
-
-int my_tcp_connect(char *,int,int *);
-int my_connect(const char *, struct sockaddr_storage *, u_short, int, 
-		const char *);
-
-void add_listen_addr(struct addrinfo **, int, char *, int);
-
-void strip(char *);
-
-int sendall(int,char *,int *);
-int recvall(int,char *,int *,int);
-
-char *my_strsep(char **,const char *);
-
+unsigned long calculate_crc32(char*, int);
+void randomize_buffer(char*,int);
+int my_tcp_connect(char*, int, int*);
+#ifdef HAVE_STRUCT_SOCKADDR_STORAGE
+int my_connect(const char*, struct sockaddr_storage*, u_short, int, const char*);
+#else
+int my_connect(const char*, struct sockaddr*, u_short, int, const char*);
+#endif
+void add_listen_addr(struct addrinfo**, int, char*, int);
+int clean_environ(const char *keep_env_vars, const char *nrpe_user);
+char* strip(char*);
+int sendall(int, char*, int*);
+int recvall(int, char*, int*, int);
+char *my_strsep(char**, const char*);
+int b64_decode(unsigned char *encoded);
 void display_license(void);
 
 #endif
-
-
-
-
-