debmon/nagios-nrpe
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Imported Upstream version 3.1.0

Browse Source
This commit is contained in:
Mario Fetka
2017-05-13 13:05:54 +02:00
parent 76f2f414ed
commit e08d40390d
33 changed files with 1452 additions and 604 deletions
Download Patch File Download Diff File Expand all files Collapse all files

131
src/acl.c
View File

@@ -29,6 +29,7 @@
*/
#include "../include/config.h"
#include "../include/common.h"
#include <sys/types.h>
#include <sys/socket.h>
@@ -41,12 +42,13 @@
#include <string.h>
#include <ctype.h>
#include <netdb.h>
#include <syslog.h>
#include <stdarg.h>
#include "../include/acl.h"
/* This function checks if a char argumnet from valid char range.
extern int debug;
/* This function checks if a char argument from valid char range.
* Valid range is: ASCII only, a number or a letter, a space, a dot, a slash, a dash, a comma.
*
* Returns:
@@ -76,16 +78,12 @@ int isvalidchar(int c) {
switch (c) {
case '.':
return 4;
break;
case '/':
return 5;
break;
case '-':
return 6;
break;
case ',':
return 7;
break;
default:
return 0;
}
@@ -142,18 +140,27 @@ int add_ipv4_to_acl(char *ipv4) {
unsigned long ip, mask;
struct ip_acl *ip_acl_curr;
if(debug == TRUE)
logit(LOG_INFO, "add_ipv4_to_acl: checking ip-address >%s<", ipv4);
/* Check for min and max IPv4 valid length */
if (len < 7 || len > 18)
return 0;
if (len < 7 || len > 18) {
logit(LOG_INFO, "add_ipv4_to_acl: Error, ip-address >%s< incorrect length", ipv4);
return 0;
}
/* default mask for ipv4 */
data[4] = 32;
/* Basic IPv4 format check */
for (i = 0; i < len; i++) {
/* Return 0 on error state */
if (state == -1)
return 0;
/* Return 0 on error state */
if (state == -1) {
if(debug == TRUE)
logit(LOG_INFO, "add_ipv4_to_acl: Error, ip-address >%s< incorrect "
"format, continue with next check ...", ipv4);
return 0;
}
c = ipv4[i];
@@ -201,6 +208,7 @@ int add_ipv4_to_acl(char *ipv4) {
break;
default:
/* Bad states */
logit(LOG_INFO, "add_ipv4_to_acl: Error, ip-address >%s< bad state", ipv4);
return 0;
}
@@ -209,29 +217,29 @@ int add_ipv4_to_acl(char *ipv4) {
*/
for (i=0; i < 4; i++) {
if (data[i] < 0 || data[i] > 255) {
syslog(LOG_ERR,"Invalid IPv4 address/network format(%s) in allowed_hosts option\n",ipv4);
logit(LOG_ERR,"Invalid IPv4 address/network format(%s) in allowed_hosts option\n",ipv4);
return 0;
}
}
if (data[4] < 0 || data[4] > 32) {
syslog(LOG_ERR,"Invalid IPv4 network mask format(%s) in allowed_hosts option\n",ipv4);
logit(LOG_ERR,"Invalid IPv4 network mask format(%s) in allowed_hosts option\n",ipv4);
return 0;
}
/* Conver ip and mask to unsigned long */
/* Convert ip and mask to unsigned long */
ip = htonl((data[0] << 24) + (data[1] << 16) + (data[2] << 8) + data[3]);
mask = htonl(-1 << (32 - data[4]));
/* Wrong network address */
if ( (ip & mask) != ip) {
syslog(LOG_ERR,"IP address and mask do not match in %s\n",ipv4);
logit(LOG_ERR,"IP address and mask do not match in %s\n",ipv4);
return 0;
}
/* Add addr to ip_acl list */
if ( (ip_acl_curr = malloc(sizeof(*ip_acl_curr))) == NULL) {
syslog(LOG_ERR,"Can't allocate memory for ACL, malloc error\n");
logit(LOG_ERR,"Can't allocate memory for ACL, malloc error\n");
return 0;
}
@@ -247,6 +255,10 @@ int add_ipv4_to_acl(char *ipv4) {
ip_acl_prev->next = ip_acl_curr;
}
ip_acl_prev = ip_acl_curr;
if(debug == TRUE)
logit(LOG_INFO, "add_ipv4_to_acl: ip-address >%s< correct, adding.", ipv4);
return 1;
}
@@ -271,7 +283,7 @@ int add_ipv6_to_acl(char *ipv6) {
messages if needed */
ipv6tmp = strdup(ipv6);
if(NULL == ipv6tmp) {
syslog(LOG_ERR, "Memory allocation failed for copy of address: %s\n",
logit(LOG_ERR, "Memory allocation failed for copy of address: %s\n",
ipv6);
return 0;
}
@@ -327,7 +339,7 @@ int add_ipv6_to_acl(char *ipv6) {
/* Add address to ip_acl list */
ip_acl_curr = malloc(sizeof(*ip_acl_curr));
if(NULL == ip_acl_curr) {
syslog(LOG_ERR, "Memory allocation failed for ACL: %s\n", ipv6);
logit(LOG_ERR, "Memory allocation failed for ACL: %s\n", ipv6);
return 0;
}
@@ -387,8 +399,12 @@ int add_domain_to_acl(char *domain) {
struct dns_acl *dns_acl_curr;
if (len > 63)
if (len > 63) {
logit(LOG_INFO,
"ADD_DOMAIN_TO_ACL: Error, did not add >%s< to acl list, too long!",
domain);
return 0;
}
for (i = 0; i < len; i++) {
c = domain[i];
@@ -426,7 +442,10 @@ int add_domain_to_acl(char *domain) {
}
break;
default:
/* Not valid chars */
logit(LOG_INFO,
"ADD_DOMAIN_TO_ACL: Error, did not add >%s< to acl list, "
"invalid chars!", domain);
/* Not valid chars */
return 0;
}
}
@@ -436,7 +455,7 @@ int add_domain_to_acl(char *domain) {
case 1: case 4: case 5:
/* Add name to domain ACL list */
if ( (dns_acl_curr = malloc(sizeof(*dns_acl_curr))) == NULL) {
syslog(LOG_ERR,"Can't allocate memory for ACL, malloc error\n");
logit(LOG_ERR,"Can't allocate memory for ACL, malloc error\n");
return 0;
}
strcpy(dns_acl_curr->domain, domain);
@@ -448,13 +467,18 @@ int add_domain_to_acl(char *domain) {
dns_acl_prev->next = dns_acl_curr;
dns_acl_prev = dns_acl_curr;
if(debug == TRUE)
logit(LOG_INFO, "ADD_DOMAIN_TO_ACL: added >%s< to acl list!", domain);
return 1;
default:
logit(LOG_INFO,
"ADD_DOMAIN_TO_ACL: ERROR, did not add >%s< to acl list, "
"check allowed_host in config file!", domain);
return 0;
}
}
/* Checks connectiong host in ACL
/* Checks connection host in ACL
*
* Returns:
* 1 - on success
@@ -470,14 +494,23 @@ int is_an_allowed_host(int family, void *host)
struct sockaddr_in *addr;
struct sockaddr_in6 addr6;
struct addrinfo *res, *ai;
struct in_addr tmp;
while (ip_acl_curr != NULL) {
if(ip_acl_curr->family == family) {
switch(ip_acl_curr->family) {
case AF_INET:
if (debug == TRUE) {
tmp.s_addr = ((struct in_addr*)host)->s_addr;
logit(LOG_INFO, "is_an_allowed_host (AF_INET): is host >%s< "
"an allowed host >%s<\n",
inet_ntoa(tmp), inet_ntoa(ip_acl_curr->addr));
}
if((((struct in_addr *)host)->s_addr &
ip_acl_curr->mask.s_addr) ==
ip_acl_curr->addr.s_addr) {
if (debug == TRUE)
logit(LOG_INFO, "is_an_allowed_host (AF_INET): host is in allowed host list!");
return 1;
}
break;
@@ -509,9 +542,20 @@ int is_an_allowed_host(int family, void *host)
switch(ai->ai_family) {
case AF_INET:
if(debug == TRUE) {
tmp.s_addr=((struct in_addr *)host)->s_addr;
logit(LOG_INFO, "is_an_allowed_host (AF_INET): is host >%s< "
"an allowed host >%s<\n",
inet_ntoa(tmp), dns_acl_curr->domain);
}
addr = (struct sockaddr_in*)(ai->ai_addr);
if (addr->sin_addr.s_addr == ((struct in_addr*)host)->s_addr)
if (addr->sin_addr.s_addr == ((struct in_addr*)host)->s_addr) {
if (debug == TRUE)
logit(LOG_INFO, "is_an_allowed_host (AF_INET): "
"host is in allowed host list!");
return 1;
}
break;
case AF_INET6:
@@ -559,19 +603,30 @@ void parse_allowed_hosts(char *allowed_hosts) {
const char *delim = ",";
char *trimmed_tok;
if (debug == TRUE)
logit(LOG_INFO,
"parse_allowed_hosts: parsing the allowed host string >%s< to add to ACL list\n",
allowed_hosts);
#ifdef HAVE_STRTOK_R
tok = strtok_r(hosts, delim, &saveptr);
#else
if (debug == TRUE)
logit(LOG_INFO,"parse_allowed_hosts: using strtok, this might lead to "
"problems in the allowed_hosts string determination!\n");
tok = strtok(hosts, delim);
#endif
while( tok) {
trimmed_tok = malloc( sizeof( char) * ( strlen( tok) + 1));
trim( tok, trimmed_tok);
if(debug == TRUE)
logit(LOG_DEBUG, "parse_allowed_hosts: ADDING this record (%s) to ACL list!\n", trimmed_tok);
if( strlen( trimmed_tok) > 0) {
if (!add_ipv4_to_acl(trimmed_tok) && !add_ipv6_to_acl(trimmed_tok)
&& !add_domain_to_acl(trimmed_tok)) {
syslog(LOG_ERR,"Can't add to ACL this record (%s). Check allowed_hosts option!\n",trimmed_tok);
}
logit(LOG_ERR,"Can't add to ACL this record (%s). Check allowed_hosts option!\n",trimmed_tok);
} else if (debug == TRUE)
logit(LOG_DEBUG,"parse_allowed_hosts: Record added to ACL list!\n");
}
free( trimmed_tok);
#ifdef HAVE_STRTOK_R
@@ -606,17 +661,21 @@ unsigned int prefix_from_mask(struct in_addr mask) {
* It shows all hosts in ACL lists
*/
void show_acl_lists(void) {
struct ip_acl *ip_acl_curr = ip_acl_head;
struct dns_acl *dns_acl_curr = dns_acl_head;
void show_acl_lists(void)
{
struct ip_acl *ip_acl_curr = ip_acl_head;
struct dns_acl *dns_acl_curr = dns_acl_head;
while (ip_acl_curr != NULL) {
printf(" IP ACL: %s/%u %u\n", inet_ntoa(ip_acl_curr->addr), prefix_from_mask(ip_acl_curr->mask), ip_acl_curr->addr.s_addr);
ip_acl_curr = ip_acl_curr->next;
}
logit(LOG_INFO, "Showing ACL lists for both IP and DOMAIN acl's:\n" );
while (dns_acl_curr != NULL) {
printf("DNS ACL: %s\n", dns_acl_curr->domain);
dns_acl_curr = dns_acl_curr->next;
}
while (ip_acl_curr != NULL) {
logit(LOG_INFO, " IP ACL: %s/%u %u\n", inet_ntoa(ip_acl_curr->addr),
prefix_from_mask(ip_acl_curr->mask), ip_acl_curr->addr.s_addr);
ip_acl_curr = ip_acl_curr->next;
}
while (dns_acl_curr != NULL) {
logit(LOG_INFO, " DNS ACL: %s\n", dns_acl_curr->domain);
dns_acl_curr = dns_acl_curr->next;
}
}

320
src/check_nrpe.c
View File

@@ -4,7 +4,7 @@
* Copyright (c) 1999-2008 Ethan Galstad (nagios@nagios.org)
* License: GPL
*
* Last Modified: 09-08-2016
* Last Modified: 2017-04-06
*
* Command line: CHECK_NRPE -H <host_address> [-p port] [-c command] [-to to_sec]
*
@@ -46,7 +46,9 @@ int show_help = FALSE;
int show_license = FALSE;
int show_version = FALSE;
int packet_ver = NRPE_PACKET_VERSION_3;
int force_v2_packet = 0;
int payload_size = 0;
extern char *log_file;
#ifdef HAVE_SSL
# if (defined(__sun) && defined(SOLARIS_10)) || defined(_AIX) || defined(__hpux)
@@ -57,7 +59,7 @@ const SSL_METHOD *meth;
SSL_CTX *ctx;
SSL *ssl;
int use_ssl = TRUE;
int ssl_opts = SSL_OP_ALL;
unsigned long ssl_opts = SSL_OP_ALL;
#else
int use_ssl = FALSE;
#endif
@@ -81,7 +83,7 @@ struct _SSL_PARMS {
char *cacert_file;
char *privatekey_file;
char cipher_list[MAX_FILENAME_LENGTH];
SslVer ssl_min_ver;
SslVer ssl_proto_ver;
int allowDH;
ClntCerts client_certs;
SslLogging log_opts;
@@ -97,7 +99,7 @@ void set_timeout_state (char *state);
int parse_timeout_string (char *timeout_str);
void usage(int result);
void setup_ssl();
void set_sig_hadlers();
void set_sig_handlers();
int connect_to_remote();
int send_request();
int read_response();
@@ -114,6 +116,8 @@ int main(int argc, char **argv)
result = process_arguments(argc, argv, 0);
open_log_file();
if (result != OK || show_help == TRUE || show_license == TRUE || show_version == TRUE)
usage(result); /* usage() will call exit() */
@@ -127,14 +131,14 @@ int main(int argc, char **argv)
timeout_return_code = STATE_CRITICAL;
if (sslprm.cipher_list[0] == '\0')
strncpy(sslprm.cipher_list, "ALL:!MD5:@STRENGTH", MAX_FILENAME_LENGTH - 1);
if (sslprm.ssl_min_ver == SSL_Ver_Invalid)
sslprm.ssl_min_ver = TLSv1_plus;
if (sslprm.ssl_proto_ver == SSL_Ver_Invalid)
sslprm.ssl_proto_ver = TLSv1_plus;
if (sslprm.allowDH == -1)
sslprm.allowDH = TRUE;
generate_crc32_table(); /* generate the CRC 32 table */
setup_ssl(); /* Do all the SSL/TLS set up */
set_sig_hadlers(); /* initialize alarm signal handling */
set_sig_handlers(); /* initialize alarm signal handling */
result = connect_to_remote(); /* Make the connection */
if (result != STATE_OK) {
alarm(0);
@@ -149,28 +153,32 @@ int main(int argc, char **argv)
if (result == -1) {
/* Failure reading from remote, so try version 2 packet */
syslog(LOG_NOTICE, "Remote %s does not support Version 3 Packets", rem_host);
logit(LOG_INFO, "Remote %s does not support Version 3 Packets", rem_host);
packet_ver = NRPE_PACKET_VERSION_2;
/* Rerun the setup */
setup_ssl();
set_sig_hadlers();
set_sig_handlers();
result = connect_to_remote(); /* Connect */
if (result != STATE_OK) {
alarm(0);
close_log_file(); /* close the log file */
return result;
}
result = send_request(); /* Send the request */
if (result != STATE_OK)
if (result != STATE_OK) {
close_log_file(); /* close the log file */
return result;
}
result = read_response(); /* Get the response */
}
if (result != -1)
syslog(LOG_NOTICE, "Remote %s accepted a Version %d Packet", rem_host, packet_ver);
if (result != -1 && force_v2_packet == 0 && packet_ver == NRPE_PACKET_VERSION_2)
logit(LOG_DEBUG, "Remote %s accepted a Version %d Packet", rem_host, packet_ver);
close_log_file(); /* close the log file */
return result;
}
@@ -206,6 +214,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
{"timeout", required_argument, 0, 't'},
{"port", required_argument, 0, 'p'},
{"payload-size", required_argument, 0, 'P'},
{"log-file", required_argument, 0, 'g'},
{"help", no_argument, 0, 'h'},
{"license", no_argument, 0, 'l'},
{0, 0, 0, 0}
@@ -217,15 +226,17 @@ int process_arguments(int argc, char **argv, int from_config_file)
return ERROR;
optind = 0;
snprintf(optchars, MAX_INPUT_BUFFER, "H:f:b:c:a:t:p:S:L:C:K:A:d:s:P:246hlnuV");
snprintf(optchars, MAX_INPUT_BUFFER, "H:f:b:c:a:t:p:S:L:C:K:A:d:s:P:g:246hlnuV");
while (1) {
if (argindex > 0)
break;
#ifdef HAVE_GETOPT_LONG
c = getopt_long(argc, argv, optchars, long_options, &option_index);
#else
c = getopt(argc, argv, optchars);
#endif
if (c == -1 || c == EOF || argindex > 0)
if (c == -1 || c == EOF)
break;
/* process all arguments */
@@ -258,7 +269,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
case 't':
if (from_config_file && socket_timeout != -1) {
syslog(LOG_WARNING, "WARNING: Command-line socket timeout overrides "
logit(LOG_WARNING, "WARNING: Command-line socket timeout overrides "
"the config file option.");
break;
}
@@ -269,7 +280,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
case 'p':
if (from_config_file && server_port != 0) {
syslog(LOG_WARNING, "WARNING: Command-line server port overrides "
logit(LOG_WARNING, "WARNING: Command-line server port overrides "
"the config file option.");
break;
}
@@ -280,7 +291,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
case 'P':
if (from_config_file && payload_size > 0) {
syslog(LOG_WARNING, "WARNING: Command-line payload-size (-P) overrides "
logit(LOG_WARNING, "WARNING: Command-line payload-size (-P) overrides "
"the config file option.");
break;
}
@@ -291,7 +302,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
case 'H':
if (from_config_file && server_name != NULL) {
syslog(LOG_WARNING, "WARNING: Command-line server name overrides "
logit(LOG_WARNING, "WARNING: Command-line server name overrides "
"the config file option.");
break;
}
@@ -302,7 +313,6 @@ int process_arguments(int argc, char **argv, int from_config_file)
if (from_config_file) {
printf("Error: The config file should not have a command (-c) option.\n");
return ERROR;
break;
}
command_name = strdup(optarg);
break;
@@ -311,7 +321,6 @@ int process_arguments(int argc, char **argv, int from_config_file)
if (from_config_file) {
printf("Error: The config file should not have args (-a) arguments.\n");
return ERROR;
break;
}
argindex = optind;
break;
@@ -322,7 +331,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
case 'u':
if (from_config_file && timeout_return_code != -1) {
syslog(LOG_WARNING, "WARNING: Command-line unknown-timeout (-u) "
logit(LOG_WARNING, "WARNING: Command-line unknown-timeout (-u) "
"overrides the config file option.");
break;
}
@@ -331,16 +340,17 @@ int process_arguments(int argc, char **argv, int from_config_file)
case '2':
if (from_config_file && packet_ver != NRPE_PACKET_VERSION_3) {
syslog(LOG_WARNING, "WARNING: Command-line v2-packets-only (-2) "
logit(LOG_WARNING, "WARNING: Command-line v2-packets-only (-2) "
"overrides the config file option.");
break;
}
packet_ver = NRPE_PACKET_VERSION_2;
force_v2_packet = 1;
break;
case '4':
if (from_config_file && address_family != AF_UNSPEC) {
syslog(LOG_WARNING, "WARNING: Command-line ipv4 (-4) "
logit(LOG_WARNING, "WARNING: Command-line ipv4 (-4) "
"or ipv6 (-6) overrides the config file option.");
break;
}
@@ -349,7 +359,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
case '6':
if (from_config_file && address_family != AF_UNSPEC) {
syslog(LOG_WARNING, "WARNING: Command-line ipv4 (-4) "
logit(LOG_WARNING, "WARNING: Command-line ipv4 (-4) "
"or ipv6 (-6) overrides the config file option.");
break;
}
@@ -358,7 +368,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
case 'd':
if (from_config_file && sslprm.allowDH != -1) {
syslog(LOG_WARNING, "WARNING: Command-line use-adh (-d) "
logit(LOG_WARNING, "WARNING: Command-line use-adh (-d) "
"overrides the config file option.");
break;
}
@@ -369,7 +379,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
case 'A':
if (from_config_file && sslprm.cacert_file != NULL) {
syslog(LOG_WARNING, "WARNING: Command-line ca-cert-file (-A) "
logit(LOG_WARNING, "WARNING: Command-line ca-cert-file (-A) "
"overrides the config file option.");
break;
}
@@ -378,7 +388,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
case 'C':
if (from_config_file && sslprm.cert_file != NULL) {
syslog(LOG_WARNING, "WARNING: Command-line client-cert (-C) "
logit(LOG_WARNING, "WARNING: Command-line client-cert (-C) "
"overrides the config file option.");
break;
}
@@ -388,7 +398,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
case 'K':
if (from_config_file && sslprm.privatekey_file != NULL) {
syslog(LOG_WARNING, "WARNING: Command-line key-file (-K) "
logit(LOG_WARNING, "WARNING: Command-line key-file (-K) "
"overrides the config file option.");
break;
}
@@ -397,38 +407,41 @@ int process_arguments(int argc, char **argv, int from_config_file)
break;
case 'S':
if (from_config_file && sslprm.ssl_min_ver != SSL_Ver_Invalid) {
syslog(LOG_WARNING, "WARNING: Command-line ssl-version (-S) "
if (from_config_file && sslprm.ssl_proto_ver != SSL_Ver_Invalid) {
logit(LOG_WARNING, "WARNING: Command-line ssl-version (-S) "
"overrides the config file option.");
break;
}
if (!strcmp(optarg, "SSLv2"))
sslprm.ssl_min_ver = SSLv2;
else if (!strcmp(optarg, "SSLv2+"))
sslprm.ssl_min_ver = SSLv2_plus;
else if (!strcmp(optarg, "SSLv3"))
sslprm.ssl_min_ver = SSLv3;
else if (!strcmp(optarg, "SSLv3+"))
sslprm.ssl_min_ver = SSLv3_plus;
else if (!strcmp(optarg, "TLSv1"))
sslprm.ssl_min_ver = TLSv1;
else if (!strcmp(optarg, "TLSv1+"))
sslprm.ssl_min_ver = TLSv1_plus;
else if (!strcmp(optarg, "TLSv1.1"))
sslprm.ssl_min_ver = TLSv1_1;
else if (!strcmp(optarg, "TLSv1.1+"))
sslprm.ssl_min_ver = TLSv1_1_plus;
else if (!strcmp(optarg, "TLSv1.2"))
sslprm.ssl_min_ver = TLSv1_2;
if (!strcmp(optarg, "TLSv1.2"))
sslprm.ssl_proto_ver = TLSv1_2;
else if (!strcmp(optarg, "TLSv1.2+"))
sslprm.ssl_min_ver = TLSv1_2_plus;
sslprm.ssl_proto_ver = TLSv1_2_plus;
else if (!strcmp(optarg, "TLSv1.1"))
sslprm.ssl_proto_ver = TLSv1_1;
else if (!strcmp(optarg, "TLSv1.1+"))
sslprm.ssl_proto_ver = TLSv1_1_plus;
else if (!strcmp(optarg, "TLSv1"))
sslprm.ssl_proto_ver = TLSv1;
else if (!strcmp(optarg, "TLSv1+"))
sslprm.ssl_proto_ver = TLSv1_plus;
else if (!strcmp(optarg, "SSLv3"))
sslprm.ssl_proto_ver = SSLv3;
else if (!strcmp(optarg, "SSLv3+"))
sslprm.ssl_proto_ver = SSLv3_plus;
#if OPENSSL_VERSION_NUMBER < 0x10100000
else if (!strcmp(optarg, "SSLv2"))
sslprm.ssl_proto_ver = SSLv2;
else if (!strcmp(optarg, "SSLv2+"))
sslprm.ssl_proto_ver = SSLv2_plus;
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
else
return ERROR;
break;
case 'L':
if (from_config_file && sslprm.cipher_list[0] != '\0') {
syslog(LOG_WARNING, "WARNING: Command-line cipher-list (-L) "
logit(LOG_WARNING, "WARNING: Command-line cipher-list (-L) "
"overrides the config file option.");
break;
}
@@ -438,7 +451,7 @@ int process_arguments(int argc, char **argv, int from_config_file)
case 's':
if (from_config_file && have_log_opts == TRUE) {
syslog(LOG_WARNING, "WARNING: Command-line ssl-logging (-s) "
logit(LOG_WARNING, "WARNING: Command-line ssl-logging (-s) "
"overrides the config file option.");
break;
}
@@ -446,19 +459,29 @@ int process_arguments(int argc, char **argv, int from_config_file)
have_log_opts = TRUE;
break;
case 'g':
if (from_config_file && log_file != NULL) {
logit(LOG_WARNING, "WARNING: Command-line log-file (-g) "
"overrides the config file option.");
break;
}
log_file = strdup(optarg);
break;
default:
return ERROR;
break;
}
}
/* determine (base) command query */
snprintf(query, sizeof(query), "%s",
(command_name == NULL) ? DEFAULT_NRPE_COMMAND : command_name);
query[sizeof(query) - 1] = '\x0';
if (!from_config_file) {
snprintf(query, sizeof(query), "%s",
(command_name == NULL) ? DEFAULT_NRPE_COMMAND : command_name);
query[sizeof(query) - 1] = '\x0';
}
/* get the command args */
if (argindex > 0) {
if (!from_config_file && argindex > 0) {
for (c = argindex - 1; c < argc; c++) {
@@ -471,7 +494,6 @@ int process_arguments(int argc, char **argv, int from_config_file)
query[sizeof(query) - 1] = '\x0';
}
}
if (!from_config_file && config_file != NULL) {
if ((rc = read_config_file(config_file)) != OK)
return rc;
@@ -507,28 +529,28 @@ int read_config_file(char *fname)
size_t sz;
if (stat(fname, &st)) {
syslog(LOG_ERR, "Error: Could not stat config file %s", fname);
logit(LOG_ERR, "Error: Could not stat config file %s", fname);
return ERROR;
}
if ((f = fopen(fname, "r")) == NULL) {
syslog(LOG_ERR, "Error: Could not open config file %s", fname);
logit(LOG_ERR, "Error: Could not open config file %s", fname);
return ERROR;
}
if ((buf = (char*)calloc(1, st.st_size + 2)) == NULL) {
fclose(f);
syslog(LOG_ERR, "Error: read_config_file fail to allocate memory");
logit(LOG_ERR, "Error: read_config_file fail to allocate memory");
return ERROR;
}
if ((sz = fread(buf, 1, st.st_size, f)) != st.st_size) {
fclose(f);
free(buf);
syslog(LOG_ERR, "Error: Failed to completely read config file %s", fname);
logit(LOG_ERR, "Error: Failed to completely read config file %s", fname);
return ERROR;
}
if ((argv = calloc(50, sizeof(char*))) == NULL) {
fclose(f);
free(buf);
syslog(LOG_ERR, "Error: read_config_file fail to allocate memory");
logit(LOG_ERR, "Error: read_config_file fail to allocate memory");
return ERROR;
}
@@ -550,7 +572,7 @@ int read_config_file(char *fname)
if (argc == 50) {
free(buf);
free(argv);
syslog(LOG_ERR, "Error: too many parameters in config file %s", fname);
logit(LOG_ERR, "Error: too many parameters in config file %s", fname);
return ERROR;
}
@@ -594,22 +616,22 @@ void set_timeout_state (char *state) {
int parse_timeout_string (char *timeout_str)
{
char *seperated_str;
char *separated_str;
char *timeout_val = NULL;
char *timeout_sta = NULL;
if (strstr(timeout_str, ":") == NULL)
timeout_val = timeout_str;
else if (strncmp(timeout_str, ":", 1) == 0) {
seperated_str = strtok(timeout_str, ":");
if (seperated_str != NULL)
timeout_sta = seperated_str;
separated_str = strtok(timeout_str, ":");
if (separated_str != NULL)
timeout_sta = separated_str;
} else {
seperated_str = strtok(timeout_str, ":");
timeout_val = seperated_str;
seperated_str = strtok(NULL, ":");
if (seperated_str != NULL) {
timeout_sta = seperated_str;
separated_str = strtok(timeout_str, ":");
timeout_val = separated_str;
separated_str = strtok(NULL, ":");
if (separated_str != NULL) {
timeout_sta = separated_str;
}
}
@@ -655,7 +677,7 @@ void usage(int result)
printf(" -6 = bind to ipv6 only\n");
printf(" -n = Do no use SSL\n");
printf
(" -u = (DEPRECATED) Make timeouts return UNKNOWN instead of CRITICAL\n");
(" -u = Make connection problems return UNKNOWN instead of CRITICAL\n");
printf(" -V = Show version\n");
printf(" -l = Show license\n");
printf(" <dhopt> = Anonymous Diffie Hellman use:\n");
@@ -665,10 +687,14 @@ void usage(int result)
printf(" 2 = Force Anonymous Diffie Hellman\n");
printf(" <size> = Specify non-default payload size for NSClient++\n");
printf
(" <ssl ver> = The SSL/TLS version to use. Can be any one of: SSLv2 (only),\n");
printf(" SSLv2+ (or above), SSLv3 (only), SSLv3+ (or above),\n");
printf(" TLSv1 (only), TLSv1+ (or above DEFAULT), TLSv1.1 (only),\n");
printf(" TLSv1.1+ (or above), TLSv1.2 (only), TLSv1.2+ (or above)\n");
(" <ssl ver> = The SSL/TLS version to use. Can be any one of:\n");
#if OPENSSL_VERSION_NUMBER < 0x10100000
printf(" SSLv2 (only), SSLv2+ (or above),\n");
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
printf(" SSLv3 (only), SSLv3+ (or above),\n");
printf(" TLSv1 (only), TLSv1+ (or above DEFAULT),\n");
printf(" TLSv1.1 (only), TLSv1.1+ (or above),\n");
printf(" TLSv1.2 (only), TLSv1.2+ (or above)\n");
printf(" <cipherlist> = The list of SSL ciphers to use (currently defaults\n");
printf
(" to \"ALL:!MD5:@STRENGTH\". WILL change in a future release.)\n");
@@ -722,20 +748,21 @@ void setup_ssl()
if (sslprm.log_opts & SSL_LogStartup) {
char *val;
syslog(LOG_INFO, "SSL Certificate File: %s",
logit(LOG_INFO, "SSL Certificate File: %s",
sslprm.cert_file ? sslprm.cert_file : "None");
syslog(LOG_INFO, "SSL Private Key File: %s",
logit(LOG_INFO, "SSL Private Key File: %s",
sslprm.privatekey_file ? sslprm.privatekey_file : "None");
syslog(LOG_INFO, "SSL CA Certificate File: %s",
logit(LOG_INFO, "SSL CA Certificate File: %s",
sslprm.cacert_file ? sslprm.cacert_file : "None");
if (sslprm.allowDH < 2)
syslog(LOG_INFO, "SSL Cipher List: %s", sslprm.cipher_list);
logit(LOG_INFO, "SSL Cipher List: %s", sslprm.cipher_list);
else
syslog(LOG_INFO, "SSL Cipher List: ADH");
syslog(LOG_INFO, "SSL Allow ADH: %s",
logit(LOG_INFO, "SSL Cipher List: ADH");
logit(LOG_INFO, "SSL Allow ADH: %s",
sslprm.allowDH == 0 ? "No" : (sslprm.allowDH == 1 ? "Allow" : "Require"));
syslog(LOG_INFO, "SSL Log Options: 0x%02x", sslprm.log_opts);
switch (sslprm.ssl_min_ver) {
logit(LOG_INFO, "SSL Log Options: 0x%02x", sslprm.log_opts);
switch (sslprm.ssl_proto_ver) {
case SSLv2:
val = "SSLv2";
break;
@@ -770,44 +797,102 @@ void setup_ssl()
val = "INVALID VALUE!";
break;
}
syslog(LOG_INFO, "SSL Version: %s", val);
logit(LOG_INFO, "SSL Version: %s", val);
}
/* initialize SSL */
if (use_ssl == TRUE) {
SSL_load_error_strings();
SSL_library_init();
#if OPENSSL_VERSION_NUMBER >= 0x10100000
meth = TLS_method();
#else /* OPENSSL_VERSION_NUMBER >= 0x10100000 */
meth = SSLv23_client_method();
# ifndef OPENSSL_NO_SSL2
if (sslprm.ssl_min_ver == SSLv2)
if (sslprm.ssl_proto_ver == SSLv2)
meth = SSLv2_client_method();
# endif
# ifndef OPENSSL_NO_SSL3
if (sslprm.ssl_min_ver == SSLv3)
if (sslprm.ssl_proto_ver == SSLv3)
meth = SSLv3_client_method();
# endif
if (sslprm.ssl_min_ver == TLSv1)
if (sslprm.ssl_proto_ver == TLSv1)
meth = TLSv1_client_method();
# ifdef SSL_TXT_TLSV1_1
if (sslprm.ssl_min_ver == TLSv1_1)
if (sslprm.ssl_proto_ver == TLSv1_1)
meth = TLSv1_1_client_method();
# ifdef SSL_TXT_TLSV1_2
if (sslprm.ssl_min_ver == TLSv1_2)
if (sslprm.ssl_proto_ver == TLSv1_2)
meth = TLSv1_2_client_method();
# endif
# endif
# endif /* ifdef SSL_TXT_TLSV1_2 */
# endif /* ifdef SSL_TXT_TLSV1_1 */
#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000 */
if ((ctx = SSL_CTX_new(meth)) == NULL) {
printf("CHECK_NRPE: Error - could not create SSL context.\n");
exit(STATE_CRITICAL);
}
if (sslprm.ssl_min_ver >= SSLv3) {
ssl_opts |= SSL_OP_NO_SSLv2;
if (sslprm.ssl_min_ver >= TLSv1)
#if OPENSSL_VERSION_NUMBER >= 0x10100000
SSL_CTX_set_max_proto_version(ctx, 0);
switch(sslprm.ssl_proto_ver) {
case TLSv1_2:
SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION);
case TLSv1_2_plus:
SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
break;
case TLSv1_1:
SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION);
case TLSv1_1_plus:
SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
break;
case TLSv1:
SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION);
case TLSv1_plus:
SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
break;
case SSLv3:
SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION);
case SSLv3_plus:
SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
break;
}
#else /* OPENSSL_VERSION_NUMBER >= 0x10100000 */
switch(sslprm.ssl_proto_ver) {
case SSLv2:
case SSLv2_plus:
break;
case TLSv1_2:
case TLSv1_2_plus:
ssl_opts |= SSL_OP_NO_TLSv1_1;
case TLSv1_1:
case TLSv1_1_plus:
ssl_opts |= SSL_OP_NO_TLSv1;
case TLSv1:
case TLSv1_plus:
ssl_opts |= SSL_OP_NO_SSLv3;
case SSLv3:
case SSLv3_plus:
ssl_opts |= SSL_OP_NO_SSLv2;
break;
}
#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000 */
SSL_CTX_set_options(ctx, ssl_opts);
if (sslprm.cert_file != NULL && sslprm.privatekey_file != NULL) {
@@ -838,7 +923,7 @@ void setup_ssl()
if (strlen(sslprm.cipher_list) < sizeof(sslprm.cipher_list) - 6) {
strcat(sslprm.cipher_list, ":!ADH");
if (sslprm.log_opts & SSL_LogStartup)
syslog(LOG_INFO, "New SSL Cipher List: %s", sslprm.cipher_list);
logit(LOG_INFO, "New SSL Cipher List: %s", sslprm.cipher_list);
}
} else {
/* use anonymous DH ciphers */
@@ -855,7 +940,7 @@ void setup_ssl()
#endif
}
void set_sig_hadlers()
void set_sig_handlers()
{
#ifdef HAVE_SIGACTION
struct sigaction sig_action;
@@ -885,7 +970,7 @@ int connect_to_remote()
/* try to connect to the host at the given port number */
if ((sd =
my_connect(server_name, &hostaddr, server_port, address_family, bind_address)) < 0)
exit(STATE_CRITICAL);
exit(timeout_return_code);
result = STATE_OK;
addrlen = sizeof(addr);
@@ -901,7 +986,7 @@ int connect_to_remote()
strncpy(rem_host, "Unknown", sizeof(rem_host));
rem_host[MAX_HOST_ADDRESS_LENGTH - 1] = '\0';
if ((sslprm.log_opts & SSL_LogIpAddr) != 0)
syslog(LOG_DEBUG, "Connected to %s", rem_host);
logit(LOG_DEBUG, "Connected to %s", rem_host);
#ifdef HAVE_SSL
if (use_ssl == FALSE)
@@ -922,16 +1007,16 @@ int connect_to_remote()
int x, nerrs = 0;
rc = 0;
while ((x = ERR_get_error_line_data(NULL, NULL, NULL, NULL)) != 0) {
syslog(LOG_ERR, "Error: Could not complete SSL handshake with %s: %s",
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: %s",
rem_host, ERR_reason_error_string(x));
++nerrs;
}
if (nerrs == 0)
syslog(LOG_ERR, "Error: Could not complete SSL handshake with %s: rc=%d SSL-error=%d",
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: rc=%d SSL-error=%d",
rem_host, rc, ssl_err);
} else
syslog(LOG_ERR, "Error: Could not complete SSL handshake with %s: rc=%d SSL-error=%d",
logit(LOG_ERR, "Error: Could not complete SSL handshake with %s: rc=%d SSL-error=%d",
rem_host, rc, ssl_err);
if (ssl_err == 5) {
@@ -961,7 +1046,7 @@ int connect_to_remote()
} else {
if (sslprm.log_opts & SSL_LogVersion)
syslog(LOG_NOTICE, "Remote %s - SSL Version: %s", rem_host, SSL_get_version(ssl));
logit(LOG_NOTICE, "Remote %s - SSL Version: %s", rem_host, SSL_get_version(ssl));
if (sslprm.log_opts & SSL_LogCipher) {
# if (defined(__sun) && defined(SOLARIS_10)) || defined(_AIX) || defined(__hpux)
@@ -969,7 +1054,7 @@ int connect_to_remote()
# else
const SSL_CIPHER *c = SSL_get_current_cipher(ssl);
# endif
syslog(LOG_NOTICE, "Remote %s - %s, Cipher is %s", rem_host,
logit(LOG_NOTICE, "Remote %s - %s, Cipher is %s", rem_host,
SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
}
@@ -979,16 +1064,17 @@ int connect_to_remote()
if (peer) {
if (sslprm.log_opts & SSL_LogIfClientCert)
syslog(LOG_NOTICE, "SSL %s has %s certificate",
rem_host, peer->valid ? "a valid" : "an invalid");
logit(LOG_NOTICE, "SSL %s has %s certificate",
rem_host, SSL_get_verify_result(ssl) ? "a valid" : "an invalid");
if (sslprm.log_opts & SSL_LogCertDetails) {
syslog(LOG_NOTICE, "SSL %s Cert Name: %s", rem_host, peer->name);
X509_NAME_oneline(X509_get_subject_name(peer), buffer, sizeof(buffer));
logit(LOG_NOTICE, "SSL %s Cert Name: %s", rem_host, buffer);
X509_NAME_oneline(X509_get_issuer_name(peer), buffer, sizeof(buffer));
syslog(LOG_NOTICE, "SSL %s Cert Issuer: %s", rem_host, buffer);
logit(LOG_NOTICE, "SSL %s Cert Issuer: %s", rem_host, buffer);
}
} else
syslog(LOG_NOTICE, "SSL Did not get certificate from %s", rem_host);
logit(LOG_NOTICE, "SSL Did not get certificate from %s", rem_host);
}
}
@@ -1095,7 +1181,7 @@ int read_response()
int rc, result;
alarm(0);
set_sig_hadlers();
set_sig_handlers();
#ifdef HAVE_SSL
rc = read_packet(sd, ssl, &v2_receive_packet, &v3_receive_packet);
@@ -1240,7 +1326,7 @@ int read_packet(int sock, void *ssl_ptr, v2_packet ** v2_pkt, v3_packet ** v3_pk
} else
buffer_size = pkt_size - common_size;
if ((*v2_pkt = calloc(1, pkt_size)) == NULL) {
syslog(LOG_ERR, "Error: Could not allocate memory for packet");
logit(LOG_ERR, "Error: Could not allocate memory for packet");
return -1;
}
memcpy(*v2_pkt, &packet, common_size);
@@ -1266,7 +1352,7 @@ int read_packet(int sock, void *ssl_ptr, v2_packet ** v2_pkt, v3_packet ** v3_pk
buffer_size = ntohl(buffer_size);
pkt_size += buffer_size;
if ((*v3_pkt = calloc(1, pkt_size)) == NULL) {
syslog(LOG_ERR, "Error: Could not allocate memory for packet");
logit(LOG_ERR, "Error: Could not allocate memory for packet");
return -1;
}
@@ -1329,7 +1415,7 @@ int read_packet(int sock, void *ssl_ptr, v2_packet ** v2_pkt, v3_packet ** v3_pk
} else
buffer_size = pkt_size - common_size;
if ((*v2_pkt = calloc(1, pkt_size)) == NULL) {
syslog(LOG_ERR, "Error: Could not allocate memory for packet");
logit(LOG_ERR, "Error: Could not allocate memory for packet");
return -1;
}
memcpy(*v2_pkt, &packet, common_size);
@@ -1361,7 +1447,7 @@ int read_packet(int sock, void *ssl_ptr, v2_packet ** v2_pkt, v3_packet ** v3_pk
buffer_size = ntohl(buffer_size);
pkt_size += buffer_size;
if ((*v3_pkt = calloc(1, pkt_size)) == NULL) {
syslog(LOG_ERR, "Error: Could not allocate memory for packet");
logit(LOG_ERR, "Error: Could not allocate memory for packet");
return -1;
}
@@ -1427,11 +1513,11 @@ int verify_callback(int preverify_ok, X509_STORE_CTX * ctx)
ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
X509_NAME_oneline(X509_get_subject_name(err_cert), name, 256);
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), issuer, 256);
X509_NAME_oneline(X509_get_issuer_name(err_cert), issuer, 256);
if (!preverify_ok && sslprm.client_certs >= Ask_For_Cert
&& (sslprm.log_opts & SSL_LogCertDetails)) {
syslog(LOG_ERR, "SSL Client has an invalid certificate: %s (issuer=%s) err=%d:%s",
logit(LOG_ERR, "SSL Client has an invalid certificate: %s (issuer=%s) err=%d:%s",
name, issuer, err, X509_verify_cert_error_string(err));
}

508
src/nrpe.c
View File

File diff suppressed because it is too large Load Diff

6
src/snprintf.c
View File

@@ -77,7 +77,7 @@
* Fix incorrect zpadlen handling in fmtfp.
* Thanks to Ollie Oldham <ollie.oldham@metro-optix.com> for spotting it.
* few mods to make it easier to compile the tests.
* addedd the "Ollie" test to the floating point ones.
* added the "Ollie" test to the floating point ones.
*
* Martin Pool (mbp@samba.org) April 2003
* Remove NO_CONFIG_H so that the test case can be built within a source
@@ -847,7 +847,7 @@ static void fmtint(char *buffer, size_t *currlen, size_t maxlen,
spadlen = 0;
}
if (flags & DP_F_MINUS)
spadlen = -spadlen; /* Left Justifty */
spadlen = -spadlen; /* Left Justify */
#ifdef DEBUG_SNPRINTF
printf("zpad: %d, spad: %d, min: %d, max: %d, place: %d\n",
@@ -1055,7 +1055,7 @@ static void fmtfp (char *buffer, size_t *currlen, size_t maxlen,
if (padlen < 0)
padlen = 0;
if (flags & DP_F_MINUS)
padlen = -padlen; /* Left Justifty */
padlen = -padlen; /* Left Justify */
if ((flags & DP_F_ZERO) && (padlen > 0)) {
if (signvalue) {

152
src/utils.c
View File

@@ -31,10 +31,16 @@
#include "../include/common.h"
#include "../include/utils.h"
#ifdef HAVE_PATHS_H
#include <paths.h>
#endif
#ifndef HAVE_ASPRINTF
extern int asprintf(char **ptr, const char *format, ...);
#endif
#ifndef HAVE_VASPRINTF
extern int vasprintf(char **ptr, const char *format, va_list ap);
#endif
#ifndef NI_MAXSERV
# define NI_MAXSERV 32
@@ -48,6 +54,9 @@ extern char **environ;
static unsigned long crc32_table[256];
char *log_file = NULL;
FILE *log_fp = NULL;
static int my_create_socket(struct addrinfo *ai, const char *bind_address);
@@ -231,7 +240,7 @@ void add_listen_addr(struct addrinfo **listen_addrs, int address_family, char *a
hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
snprintf(strport, sizeof strport, "%d", port);
if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) {
syslog(LOG_ERR, "bad addr or host: %s (%s)\n", addr ? addr : "<NULL>",
logit(LOG_ERR, "bad addr or host: %s (%s)\n", addr ? addr : "<NULL>",
gai_strerror(gaierr));
exit(1);
}
@@ -242,7 +251,7 @@ void add_listen_addr(struct addrinfo **listen_addrs, int address_family, char *a
int clean_environ(const char *keep_env_vars, const char *nrpe_user)
{
#ifdef HAVE_PATHS_H
#if defined(HAVE_PATHS_H) && defined(_PATH_STDPATH)
static char *path = _PATH_STDPATH;
#else
static char *path = "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin";
@@ -257,7 +266,7 @@ int clean_environ(const char *keep_env_vars, const char *nrpe_user)
else
asprintf(&keep, "NRPE_MULTILINESUPPORT,NRPE_PROGRAMVERSION");
if (keep == NULL) {
syslog(LOG_ERR, "Could not sanitize the environment. Aborting!");
logit(LOG_ERR, "Could not sanitize the environment. Aborting!");
return ERROR;
}
@@ -269,7 +278,7 @@ int clean_environ(const char *keep_env_vars, const char *nrpe_user)
}
if ((kept = calloc(keepcnt + 1, sizeof(char *))) == NULL) {
syslog(LOG_ERR, "Could not sanitize the environment. Aborting!");
logit(LOG_ERR, "Could not sanitize the environment. Aborting!");
return ERROR;
}
for (i = 0, var = my_strsep(&keep, ","); var != NULL; var = my_strsep(&keep, ","))
@@ -283,7 +292,7 @@ int clean_environ(const char *keep_env_vars, const char *nrpe_user)
free(keep);
free(kept);
free(var);
syslog(LOG_ERR, "Could not sanitize the environment. Aborting!");
logit(LOG_ERR, "Could not sanitize the environment. Aborting!");
return ERROR;
}
if (len >= var_sz) {
@@ -309,17 +318,24 @@ int clean_environ(const char *keep_env_vars, const char *nrpe_user)
free(keep);
free(kept);
pw = (struct passwd *)getpwnam(nrpe_user);
if (pw == NULL)
return OK;
setenv("PATH", path, 1);
setenv("IFS", " \t\n", 1);
setenv("HOME", pw->pw_dir, 0);
setenv("SHELL", pw->pw_shell, 0);
setenv("LOGNAME", nrpe_user, 0);
setenv("USER", nrpe_user, 0);
pw = (struct passwd *)getpwnam(nrpe_user);
if (pw == NULL) {
char *end = NULL;
uid_t uid = strtol(nrpe_user, &end, 10);
if (uid > 0)
pw = (struct passwd *)getpwuid(uid);
if (pw == NULL || *end != '\0')
return OK;
}
setenv("HOME", pw->pw_dir, 0);
setenv("SHELL", pw->pw_shell, 0);
return OK;
}
@@ -450,53 +466,83 @@ char *my_strsep(char **stringp, const char *delim)
return begin;
}
int b64_decode(unsigned char *encoded)
void open_log_file()
{
static const char *b64 = {
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
};
int i, j, l, padding = 0;
unsigned char c[4], *outp = encoded;
int fh;
struct stat st;
union {
unsigned c3;
struct {
unsigned f1:6;
unsigned f2:6;
unsigned f3:6;
unsigned f4:6;
} fields;
} enc;
close_log_file();
enc.c3 = 0;
l = strlen((char *)encoded);
for (i = 0; i < l; i += 4) {
for (j = 0; j < 4; ++j) {
if (encoded[i + j] == '=') {
c[j] = 0;
++padding;
} else if (encoded[i + j] >= 'A' && encoded[i + j] <= 'Z')
c[j] = encoded[i + j] - 'A';
else if (encoded[i + j] >= 'a' && encoded[i + j] <= 'z')
c[j] = encoded[i + j] - 'a' + 26;
else if (encoded[i + j] >= '0' && encoded[i + j] <= '9')
c[j] = encoded[i + j] - '0' + 52;
else if (encoded[i + j] == '+')
c[j] = encoded[i + j] - '+' + 62;
else
c[j] = encoded[i + j] - '/' + 63;
}
enc.fields.f1 = c[3];
enc.fields.f2 = c[2];
enc.fields.f3 = c[1];
enc.fields.f4 = c[0];
*outp++ = (enc.c3 >> 16) & 0xff;
*outp++ = (enc.c3 >> 8) & 0xff;
*outp++ = (enc.c3) & 0xff;
if (!log_file)
return;
if ((fh = open(log_file, O_RDWR|O_APPEND|O_CREAT|O_NOFOLLOW, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) == -1) {
printf("Warning: Cannot open log file '%s' for writing\n", log_file);
logit(LOG_WARNING, "Warning: Cannot open log file '%s' for writing", log_file);
return;
}
*outp = '\0';
log_fp = fdopen(fh, "a+");
if(log_fp == NULL) {
printf("Warning: Cannot open log file '%s' for writing\n", log_file);
logit(LOG_WARNING, "Warning: Cannot open log file '%s' for writing", log_file);
return;
}
return outp - encoded - padding;
if ((fstat(fh, &st)) == -1) {
log_fp = NULL;
close(fh);
printf("Warning: Cannot fstat log file '%s'\n", log_file);
logit(LOG_WARNING, "Warning: Cannot fstat log file '%s'", log_file);
return;
}
if (st.st_nlink != 1 || (st.st_mode & S_IFMT) != S_IFREG) {
log_fp = NULL;
close(fh);
printf("Warning: log file '%s' has an invalid mode\n", log_file);
logit(LOG_WARNING, "Warning: log file '%s' has an invalid mode", log_file);
return;
}
(void)fcntl(fileno(log_fp), F_SETFD, FD_CLOEXEC);
}
void logit(int priority, const char *format, ...)
{
time_t log_time = 0L;
va_list ap;
char *buffer = NULL;
if (!format || !*format)
return;
va_start(ap, format);
if(vasprintf(&buffer, format, ap) > 0) {
if (log_fp) {
time(&log_time);
/* strip any newlines from the end of the buffer */
strip(buffer);
/* write the buffer to the log file */
fprintf(log_fp, "[%llu] %s\n", (unsigned long long)log_time, buffer);
fflush(log_fp);
} else
syslog(priority, buffer);
free(buffer);
}
va_end(ap);
}
void close_log_file()
{
if(!log_fp)
return;
fflush(log_fp);
fclose(log_fp);
log_fp = NULL;
return;
}
/* show license */