Hello community, here is the log from the commit of package nrpe for openSUSE:13.1 checked in at 2013-09-27 17:52:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1/nrpe (Old) and /work/SRC/openSUSE:13.1/.nrpe.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nrpe" Changes: -------- --- /work/SRC/openSUSE:13.1/nrpe/nrpe.changes 2013-09-23 11:01:36.000000000 +0200 +++ /work/SRC/openSUSE:13.1/.nrpe.new/nrpe.changes 2013-09-27 17:52:10.000000000 +0200 @@ -1,0 +2,18 @@ +Thu Sep 26 10:38:49 UTC 2013 - l...@linux-schulserver.de + +- adapt directory ownership of /etc/nagios directories + +------------------------------------------------------------------- +Thu Sep 19 23:35:44 UTC 2013 - l...@linux-schulserver.de + +- update to 2.15: + + Added support for IPv6 (Leo Baltus, Eric Stanley) +- removed nrpe-uninitialized_variable.patch (fixed upstream) +- rebased other patches + +------------------------------------------------------------------- +Mon Aug 12 17:06:04 UTC 2013 - l...@linux-schulserver.de + +- fix directory permissions for nagios sysconfdir + +------------------------------------------------------------------- Old: ---- nrpe-2.14.tar.bz2 nrpe-uninitialized_variable.patch New: ---- nrpe-2.15.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nrpe.spec ++++++ --- /var/tmp/diff_new_pack.uvJoR4/_old 2013-09-27 17:52:10.000000000 +0200 +++ /var/tmp/diff_new_pack.uvJoR4/_new 2013-09-27 17:52:10.000000000 +0200 @@ -23,7 +23,7 @@ %define nrpeport 5666 Name: nrpe -Version: 2.14 +Version: 2.15 Release: 0 Summary: Nagios Remote Plug-In Executor License: GPL-2.0+ @@ -47,8 +47,6 @@ Patch5: nrpe-weird_output.patch # PATCH-FIX-UPSTREAM drop privileges before writing the pidfile for more safety Patch6: nrpe-drop_privileges_before_writing_pidfile.patch -# PATCH-FIX-UPSTREAM fix compiler warnings -Patch9: nrpe-uninitialized_variable.patch # PATCH-FIX-openSUSE fix pathnames for nrpe_check_control command Patch10: nrpe_check_control.patch # PATCH-FIX-UPSTREAM using implicit definitions of functions @@ -143,10 +141,9 @@ %patch2 -p0 %endif %patch3 -p0 -%patch4 -p0 +%patch4 -p1 %patch5 -p0 %patch6 -p0 -%patch9 -p0 %patch10 -p0 %patch11 -p0 cp -a %{SOURCE10} . @@ -311,8 +308,8 @@ %defattr(-,root,root) %doc contrib/README.nrpe_check_control %dir %{nagios_libdir} -%attr(0775,%{nagios_user},%{nagios_command_group}) %dir %{nagios_sysconfdir} -%attr(0775,%{nagios_user},%{nagios_command_group}) %dir %{nagios_sysconfdir}/objects +%attr(0755,root,%{nagios_command_group}) %dir %{nagios_sysconfdir} +%attr(0755,root,%{nagios_command_group}) %dir %{nagios_sysconfdir}/objects %config(noreplace) %{nagios_sysconfdir}/objects/nrpe_check_control.cfg %{nagios_plugindir}/check_nrpe %{nagios_plugindir}/nrpe_check_control ++++++ nrpe-2.14.tar.bz2 -> nrpe-2.15.tar.bz2 ++++++ ++++ 12806 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/nrpe-2.14/Changelog new/nrpe-2.15/Changelog --- old/nrpe-2.14/Changelog 2012-12-21 18:22:00.000000000 +0100 +++ new/nrpe-2.15/Changelog 2013-09-06 17:27:13.000000000 +0200 @@ -2,6 +2,10 @@ NRPE Changelog ************** +2.15 - 09/06/2013 +----------------- +- Now compiles on HP-UX (Grant Byers) +- Added support for IPv6 (Leo Baltus, Eric Stanley) 2.14 - 12/21/2012 ----------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/nrpe-2.14/configure.in new/nrpe-2.15/configure.in --- old/nrpe-2.14/configure.in 2012-12-21 18:22:00.000000000 +0100 +++ new/nrpe-2.15/configure.in 2013-09-06 17:27:13.000000000 +0200 @@ -4,7 +4,7 @@ define([AC_CACHE_LOAD],) define([AC_CACHE_SAVE],) -2.14([nrpe],[2.13],[nagios-us...@lists.sourceforge.net],[nrpe],[http://www.nagios.org]) +AC_INIT([nrpe],[2.15],[nagios-us...@lists.sourceforge.net],[nrpe],[http://www.nagios.org]) AC_CONFIG_SRCDIR([src/nrpe.c]) AC_CONFIG_HEADERS([include/config.h]) AC_CONFIG_FILES([Makefile @@ -20,9 +20,9 @@ AC_PREFIX_DEFAULT(/usr/local/nagios) PKG_NAME=nrpe -PKG_VERSION="2.14" +PKG_VERSION="2.15" PKG_HOME_URL="http://www.nagios.org/" -PKG_REL_DATE="12-21-2012" +PKG_REL_DATE="09-06-2013" RPM_RELEASE=1 AC_SUBST(PKG_NAME) AC_SUBST(PKG_VERSION) @@ -307,8 +307,10 @@ found_ssl=no for dir in $ssl_lib_dir $ssl_dir /usr/lib64 /usr/lib /usr/local/lib /usr/lib/ssl /usr/ssl/lib /usr/openssl/lib /usr/pkg/lib /usr/freeware/lib/openssl /usr/sfw/lib /opt/freeware/lib; do ssllibdir="$dir" - if test "`uname -s`" == "Darwin" ; then + if test "`uname -s`" = "Darwin" ; then soext="dylib" + elif test "`uname -s`" = "HP-UX" ; then + soext="sl" else soext="so" fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/nrpe-2.14/include/acl.h new/nrpe-2.15/include/acl.h --- old/nrpe-2.14/include/acl.h 2011-11-04 19:57:40.000000000 +0100 +++ new/nrpe-2.15/include/acl.h 2013-09-06 17:27:13.000000000 +0200 @@ -40,9 +40,12 @@ #define CHAR_TO_NUMBER(c) ((c) - '0') struct ip_acl { - struct in_addr addr; - struct in_addr mask; - struct ip_acl *next; + int family; + struct in_addr addr; + struct in_addr mask; + struct in6_addr addr6; + struct in6_addr mask6; + struct ip_acl *next; }; struct dns_acl { @@ -57,8 +60,10 @@ /* Functions */ void parse_allowed_hosts(char *allowed_hosts); int add_ipv4_to_acl(char *ipv4); +int add_ipv6_to_acl(char *ipv6); int add_domain_to_acl(char *domain); -int is_an_allowed_host(struct in_addr); +//int is_an_allowed_host(struct in_addr); +int is_an_allowed_host(int, void *); unsigned int prefix_from_mask(struct in_addr mask); void show_acl_lists(void); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/nrpe-2.14/include/common.h new/nrpe-2.15/include/common.h --- old/nrpe-2.14/include/common.h 2012-12-21 18:22:00.000000000 +0100 +++ new/nrpe-2.15/include/common.h 2013-09-06 17:27:13.000000000 +0200 @@ -2,7 +2,7 @@ * * COMMON.H - NRPE Common Include File * Copyright (c) 1999-2007 Ethan Galstad (nag...@nagios.org) - * Last Modified: 12-21-2012 + * Last Modified: 09-06-2013 * * License: * @@ -23,8 +23,8 @@ #include "config.h" -#define PROGRAM_VERSION "2.14" -#define MODIFICATION_DATE "12-21-2012" +#define PROGRAM_VERSION "2.15" +#define MODIFICATION_DATE "09-06-2013" #define OK 0 #define ERROR -1 @@ -71,7 +71,7 @@ }packet; /**************** OPERATING SYSTEM SPECIFIC DEFINITIONS **********/ -#ifdef __sun +#if defined(__sun) || defined(__hpux) # ifndef LOG_AUTHPRIV # define LOG_AUTHPRIV LOG_AUTH @@ -83,9 +83,7 @@ #elif _AIX -/*# ifndef LOG_AUTHPRIV -# define LOG_AUTHPRIV LOG_AUTH -# endif */ +# include <sys/select.h> # ifndef LOG_FTP # define LOG_FTP LOG_DAEMON diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/nrpe-2.14/include/utils.h new/nrpe-2.15/include/utils.h --- old/nrpe-2.14/include/utils.h 2006-12-12 03:04:01.000000000 +0100 +++ new/nrpe-2.15/include/utils.h 2013-09-06 17:27:13.000000000 +0200 @@ -41,9 +41,10 @@ void randomize_buffer(char *,int); int my_tcp_connect(char *,int,int *); -int my_connect(char *,int,int *,char *); +int my_connect(const char *, struct sockaddr_storage *, u_short, int, + const char *); -int my_inet_aton(register const char *,struct in_addr *); +void add_listen_addr(struct addrinfo **, int, char *, int); void strip(char *); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/nrpe-2.14/nrpe.spec new/nrpe-2.15/nrpe.spec --- old/nrpe-2.14/nrpe.spec 2012-04-06 13:53:23.000000000 +0200 +++ new/nrpe-2.15/nrpe.spec 2013-09-06 17:27:13.000000000 +0200 @@ -3,7 +3,7 @@ %if %{isaix} %define _prefix /opt/nagios - %define _docdir %{_prefix}/doc/nrpe-2.13 + %define _docdir %{_prefix}/doc/nrpe-2.15 %define nshome /opt/nagios %define _make gmake %endif @@ -21,7 +21,7 @@ %define _sysconfdir /etc/nagios %define name nrpe -%define version 2.13 +%define version 2.15 %define release 1 %define nsusr nagios %define nsgrp nagios diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/nrpe-2.14/src/acl.c new/nrpe-2.15/src/acl.c --- old/nrpe-2.14/src/acl.c 2011-11-04 19:57:40.000000000 +0100 +++ new/nrpe-2.15/src/acl.c 2013-09-06 17:27:13.000000000 +0200 @@ -234,6 +234,7 @@ } /* Save result in ACL ip list */ + ip_acl_curr->family = AF_INET; ip_acl_curr->addr.s_addr = ip; ip_acl_curr->mask.s_addr = mask; ip_acl_curr->next = NULL; @@ -248,6 +249,107 @@ } /* + * Add IPv6 host or network to IP ACL. Host will be added to ACL only if + * it has passed IPv6 format check. + * + */ + +int add_ipv6_to_acl(char *ipv6) { + char *ipv6tmp; + char *addrtok; + char *addrsave; + struct in6_addr addr; + struct in6_addr mask; + int maskval; + int byte, bit; + int nbytes = sizeof(mask.s6_addr) / sizeof(mask.s6_addr[0]); + int x; + struct ip_acl *ip_acl_curr; + + /* Save temporary copy of ipv6 so we can use the original in error + messages if needed */ + ipv6tmp = strdup(ipv6); + if(NULL == ipv6tmp) { + syslog(LOG_ERR, "Memory allocation failed for copy of address: %s\n", + ipv6); + return 0; + } + + /* Parse the address itself */ + addrtok = strtok_r(ipv6tmp, "/", &addrsave); + if(inet_pton(AF_INET6, addrtok, &addr) <= 0) { + syslog(LOG_ERR, "Invalid IPv6 address in ACL: %s\n", ipv6); + free(ipv6tmp); + return 0; + } + + /* Check whether there is a netmask */ + addrtok = strtok_r(NULL, "/", &addrsave); + if(NULL != addrtok) { + /* If so, build a netmask */ + + /* Get the number of bits in the mask */ + maskval = atoi(addrtok); + if(maskval < 0 || maskval > 128) { + syslog(LOG_ERR, "Invalid IPv6 netmask in ACL: %s\n", ipv6); + free(ipv6tmp); + return 0; + } + + /* Initialize to zero */ + for(x = 0; x < nbytes; x++) { + mask.s6_addr[x] = 0; + } + + /* Set mask based on mask bits */ + byte = 0; + bit = 7; + while(maskval > 0) { + mask.s6_addr[byte] |= 1 << bit; + bit -= 1; + if(bit < 0) { + bit = 7; + byte++; + } + maskval--; + } + } + else { + /* Otherwise, this is a single address */ + for(x = 0; x < nbytes; x++) { + mask.s6_addr[x] = 0xFF; + } + } + + /* Add address to ip_acl list */ + ip_acl_curr = malloc(sizeof(*ip_acl_curr)); + if(NULL == ip_acl_curr) { + syslog(LOG_ERR, "Memory allocation failed for ACL: %s\n", ipv6); + return 0; + } + + /* Save result in ACL ip list */ + ip_acl_curr->family = AF_INET6; + for(x = 0; x < nbytes; x++) { + ip_acl_curr->addr6.s6_addr[x] = + addr.s6_addr[x] & mask.s6_addr[x]; + ip_acl_curr->mask6.s6_addr[x] = mask.s6_addr[x]; + } + ip_acl_curr->next = NULL; + + if(NULL == ip_acl_head) { + ip_acl_head = ip_acl_curr; + } + else { + ip_acl_prev->next = ip_acl_curr; + } + ip_acl_prev = ip_acl_curr; + + free(ipv6tmp); + return 1; + } + +/* * Add domain to DNS ACL list * Domain will be added only if it has passed domain name check. * @@ -356,33 +458,74 @@ * 0 - on failure */ -int is_an_allowed_host(struct in_addr host) { - struct ip_acl *ip_acl_curr = ip_acl_head; - struct dns_acl *dns_acl_curr = dns_acl_head; - struct in_addr addr; - struct hostent *he; - - while (ip_acl_curr != NULL) { - if ( (host.s_addr & ip_acl_curr->mask.s_addr) == ip_acl_curr->addr.s_addr) - return 1; - - ip_acl_curr = ip_acl_curr->next; +int is_an_allowed_host(int family, void *host) { + struct ip_acl *ip_acl_curr = ip_acl_head; + int nbytes; + int x; + struct dns_acl *dns_acl_curr = dns_acl_head; + struct in_addr addr; + struct in6_addr addr6; + struct hostent *he; + + while (ip_acl_curr != NULL) { + if(ip_acl_curr->family == family) { + switch(ip_acl_curr->family) { + case AF_INET: + if((((struct in_addr *)host)->s_addr & + ip_acl_curr->mask.s_addr) == + ip_acl_curr->addr.s_addr) { + return 1; + } + break; + case AF_INET6: + nbytes = sizeof(ip_acl_curr->mask6.s6_addr) / + sizeof(ip_acl_curr->mask6.s6_addr[0]); + for(x = 0; x < nbytes; x++) { + if((((struct in6_addr *)host)->s6_addr[x] & + ip_acl_curr->mask6.s6_addr[x]) != + ip_acl_curr->addr6.s6_addr[x]) { + break; + } + } + if(x == nbytes) { + /* All bytes in host's address pass the netmask mask */ + return 1; + } + break; + } + } + ip_acl_curr = ip_acl_curr->next; } - while(dns_acl_curr != NULL) { - he = gethostbyname(dns_acl_curr->domain); - if (he == NULL) - return 0; - - while (*he->h_addr_list) { - memmove((char *)&addr,*he->h_addr_list++, sizeof(addr)); - if (addr.s_addr == host.s_addr) - return 1; - } - dns_acl_curr = dns_acl_curr->next; - } - return 0; -} + while(dns_acl_curr != NULL) { + he = gethostbyname(dns_acl_curr->domain); + if (he == NULL) return 0; + + while (*he->h_addr_list) { + switch(he->h_addrtype) { + case AF_INET: + memmove((char *)&addr,*he->h_addr_list++, sizeof(addr)); + if (addr.s_addr == ((struct in_addr *)host)->s_addr) return 1; + break; + case AF_INET6: + memcpy((char *)&addr6, *he->h_addr_list++, sizeof(addr6)); + for(x = 0; x < nbytes; x++) { + if(addr6.s6_addr[x] != + ((struct in6_addr *)host)->s6_addr[x]) { + break; + } + } + if(x == nbytes) { + /* All bytes in host's address match the ACL */ + return 1; + } + break; + } + } + dns_acl_curr = dns_acl_curr->next; + } + return 0; + } /* The trim() function takes a source string and copies it to the destination string, * stripped of leading and training whitespace. The destination string must be @@ -420,7 +563,8 @@ trimmed_tok = malloc( sizeof( char) * ( strlen( tok) + 1)); trim( tok, trimmed_tok); if( strlen( trimmed_tok) > 0) { - if (!add_ipv4_to_acl(trimmed_tok) && !add_domain_to_acl(trimmed_tok)) { + if (!add_ipv4_to_acl(trimmed_tok) && !add_ipv6_to_acl(trimmed_tok) + && !add_domain_to_acl(trimmed_tok)) { syslog(LOG_ERR,"Can't add to ACL this record (%s). Check allowed_hosts option!\n",trimmed_tok); } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/nrpe-2.14/src/check_nrpe.c new/nrpe-2.15/src/check_nrpe.c --- old/nrpe-2.14/src/check_nrpe.c 2012-12-21 18:22:00.000000000 +0100 +++ new/nrpe-2.15/src/check_nrpe.c 2013-09-06 17:27:13.000000000 +0200 @@ -4,7 +4,7 @@ * Copyright (c) 1999-2008 Ethan Galstad (nag...@nagios.org) * License: GPL * - * Last Modified: 12-21-2012 + * Last Modified: 09-06-2013 * * Command line: CHECK_NRPE -H <host_address> [-p port] [-c command] [-to to_sec] * @@ -24,8 +24,11 @@ #define DEFAULT_NRPE_COMMAND "_NRPE_CHECK" /* check version of NRPE daemon */ -int server_port=DEFAULT_SERVER_PORT; +u_short server_port=DEFAULT_SERVER_PORT; char *server_name=NULL; +char *bind_address=NULL; +struct sockaddr_storage hostaddr; +int address_family=AF_UNSPEC; char *command_name=NULL; int socket_timeout=DEFAULT_SOCKET_TIMEOUT; int timeout_return_code=STATE_CRITICAL; @@ -38,7 +41,11 @@ int show_version=FALSE; #ifdef HAVE_SSL +#ifdef __sun SSL_METHOD *meth; +#else +const SSL_METHOD *meth; +#endif SSL_CTX *ctx; SSL *ssl; int use_ssl=TRUE; @@ -84,12 +91,15 @@ if(result!=OK || show_help==TRUE){ - printf("Usage: check_nrpe -H <host> [-n] [-u] [-p <port>] [-t <timeout>] [-c <command>] [-a <arglist...>]\n"); + printf("Usage: check_nrpe -H <host> [ -b <bindaddr> ] [-4] [-6] [-n] [-u] [-p <port>] [-t <timeout>] [-c <command>] [-a <arglist...>]\n"); printf("\n"); printf("Options:\n"); printf(" -n = Do no use SSL\n"); printf(" -u = Make socket timeouts return an UNKNOWN state instead of CRITICAL\n"); printf(" <host> = The address of the host running the NRPE daemon\n"); + printf(" <bindaddr> = bind to local address\n"); + printf(" -4 = user ipv4 only\n"); + printf(" -6 = user ipv6 only\n"); printf(" [port] = The port on which the daemon is running (default=%d)\n",DEFAULT_SERVER_PORT); printf(" [timeout] = Number of seconds before connection times out (default=%d)\n",DEFAULT_SOCKET_TIMEOUT); printf(" [command] = The name of the command that the remote daemon should run\n"); @@ -143,7 +153,13 @@ alarm(socket_timeout); /* try to connect to the host at the given port number */ - result=my_tcp_connect(server_name,server_port,&sd); + if((sd=my_connect(server_name, &hostaddr, server_port, address_family, + bind_address)) < 0 ) { + exit (255); + } + else { + result=STATE_OK; + } #ifdef HAVE_SSL /* do SSL handshake */ @@ -320,10 +336,13 @@ int option_index=0; static struct option long_options[]={ {"host", required_argument, 0, 'H'}, + {"bind", required_argument, 0, 'b'}, {"command", required_argument, 0, 'c'}, {"args", required_argument, 0, 'a'}, {"no-ssl", no_argument, 0, 'n'}, {"unknown-timeout", no_argument, 0, 'u'}, + {"ipv4", no_argument, 0, '4'}, + {"ipv6", no_argument, 0, '6'}, {"timeout", required_argument, 0, 't'}, {"port", required_argument, 0, 'p'}, {"help", no_argument, 0, 'h'}, @@ -336,7 +355,7 @@ if(argc<2) return ERROR; - snprintf(optchars,MAX_INPUT_BUFFER,"H:c:a:t:p:nuhl"); + snprintf(optchars,MAX_INPUT_BUFFER,"H:b:c:a:t:p:nu46hl"); while(1){ #ifdef HAVE_GETOPT_LONG @@ -354,6 +373,9 @@ case 'h': show_help=TRUE; break; + case 'b': + bind_address=strdup(optarg); + break; case 'V': show_version=TRUE; break; @@ -385,6 +407,12 @@ case 'u': timeout_return_code=STATE_UNKNOWN; break; + case '4': + address_family=AF_INET; + break; + case '6': + address_family=AF_INET6; + break; default: return ERROR; break; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/nrpe-2.14/src/nrpe.c new/nrpe-2.15/src/nrpe.c --- old/nrpe-2.14/src/nrpe.c 2012-12-21 18:22:00.000000000 +0100 +++ new/nrpe-2.15/src/nrpe.c 2013-09-06 17:27:13.000000000 +0200 @@ -4,7 +4,7 @@ * Copyright (c) 1999-2008 Ethan Galstad (nag...@nagios.org) * License: GPL * - * Last Modified: 12-21-2012 + * Last Modified: 09-06-2013 * * Command line: nrpe -c <config_file> [--inetd | --daemon] * @@ -40,7 +40,11 @@ #endif #ifdef HAVE_SSL +#ifdef __sun SSL_METHOD *meth; +#else +const SSL_METHOD *meth; +#endif SSL_CTX *ctx; int use_ssl=TRUE; #else @@ -50,6 +54,9 @@ #define DEFAULT_COMMAND_TIMEOUT 60 /* default timeout for execution of plugins */ #define MAXFD 64 #define NASTY_METACHARS "|`&><'\"\\[]{};" +#define howmany(x,y) (((x)+((y)-1))/(y)) +#define MAX_LISTEN_SOCKS 16 + char *command_name=NULL; char *macro_argv[MAX_COMMAND_ARGUMENTS]; @@ -57,7 +64,11 @@ char config_file[MAX_INPUT_BUFFER]="nrpe.cfg"; int log_facility=LOG_DAEMON; int server_port=DEFAULT_SERVER_PORT; -char server_address[16]="0.0.0.0"; +char server_address[NI_MAXHOST]=""; +struct addrinfo *listen_addrs=NULL; +int listen_socks[MAX_LISTEN_SOCKS]; +int num_listen_socks = 0; +int address_family=AF_UNSPEC; int socket_timeout=DEFAULT_SOCKET_TIMEOUT; int command_timeout=DEFAULT_COMMAND_TIMEOUT; int connection_timeout=DEFAULT_CONNECTION_TIMEOUT; @@ -148,11 +159,13 @@ else if(result!=OK || show_help==TRUE){ - printf("Usage: nrpe [-n] -c <config_file> <mode>\n"); + printf("Usage: nrpe [-n] -c <config_file> [-4|-6] <mode>\n"); printf("\n"); printf("Options:\n"); printf(" -n = Do not use SSL\n"); printf(" <config_file> = Name of config file to use\n"); + printf(" -4 = use ipv4 only\n"); + printf(" -6 = use ipv6 only\n"); printf(" <mode> = One of the following operating modes:\n"); printf(" -i = Run as a service under inetd or xinetd\n"); printf(" -d = Run as a standalone daemon\n"); @@ -314,7 +327,7 @@ /* make sure we're not root */ check_privileges(); - do{ + do { /* reset flags */ sigrestart=FALSE; @@ -338,7 +351,7 @@ } } - }while(sigrestart==TRUE && sigshutdown==FALSE); + } while(sigrestart==TRUE && sigshutdown==FALSE); /* remove pid file */ remove_pid_file(); @@ -384,7 +397,7 @@ /* make sure we're not root */ check_privileges(); - do{ + do { /* reset flags */ sigrestart=FALSE; @@ -408,7 +421,7 @@ } } - }while(sigrestart==TRUE && sigshutdown==FALSE); + } while(sigrestart==TRUE && sigshutdown==FALSE); /* remove pid file */ remove_pid_file(); @@ -774,17 +787,106 @@ } +/* + * Close all listening sockets + */ +static void close_listen_socks(void) { + int i; + + for (i = 0; i <= num_listen_socks; i++) { + close(listen_socks[i]); + num_listen_socks--; + } + } + +/* Start listen on a particular port */ +void create_listener(struct addrinfo *ai) { + + int ret; + char ntop[NI_MAXHOST], strport[NI_MAXSERV]; + int listen_sock; + int flag=1; + + if(ai->ai_family != AF_INET && ai->ai_family != AF_INET6) return; + + if(num_listen_socks >= MAX_LISTEN_SOCKS) { + syslog(LOG_ERR, "Too many listen sockets. Enlarge MAX_LISTEN_SOCKS"); + exit(1); + } + + if((ret = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop), + strport, sizeof(strport), NI_NUMERICHOST|NI_NUMERICSERV)) != 0) { + syslog(LOG_ERR, "getnameinfo failed: %.100s", gai_strerror(ret)); + return; + } + + /* Create socket for listening. */ + listen_sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); + if (listen_sock < 0) { + /* kernel may not support ipv6 */ + syslog(LOG_ERR, "socket: %.100s", strerror(errno)); + return; + } + + /* socket should be non-blocking */ + fcntl(listen_sock,F_SETFL,O_NONBLOCK); + + /* set the reuse address flag so we don't get errors when + restarting */ + if(setsockopt(listen_sock, SOL_SOCKET,SO_REUSEADDR, &flag, + sizeof(flag)) < 0) { + syslog(LOG_ERR, "setsockopt SO_REUSEADDR: %s", strerror(errno)); + return; + } + +#ifdef IPV6_V6ONLY + /* Only communicate in IPv6 over AF_INET6 sockets. */ + if (ai->ai_family == AF_INET6) { + if (setsockopt(listen_sock, IPPROTO_IPV6, IPV6_V6ONLY, &flag, + sizeof(flag)) == -1) { + fprintf(stderr, "setsockopt IPV6_V6ONLY: %s", strerror(errno)); + } + } +#endif + + /* Bind the socket to the desired port. */ + if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) { + syslog(LOG_ERR, "Bind to port %s on %s failed: %.200s.", strport, + ntop, strerror(errno)); close(listen_sock); + return; + } + listen_socks[num_listen_socks] = listen_sock; + num_listen_socks++; + + /* Start listening on the port. */ + if (listen(listen_sock, 5) < 0) { + syslog(LOG_ERR, "listen on [%s]:%s: %.100s", ntop, strport, + strerror(errno)); + exit(1); + } + + syslog(LOG_INFO, "Server listening on %s port %s.", ntop, strport); + } /* wait for incoming connection requests */ void wait_for_connections(void){ + struct addrinfo *ai; + fd_set *fdset=NULL; + int maxfd=0; + struct sockaddr_storage from; + socklen_t fromlen; + char ipstr[INET6_ADDRSTRLEN]; + int i; + int r; + struct sockaddr_in myname; struct sockaddr_in *nptr; - struct sockaddr addr; + struct sockaddr_in6 *nptr6; + struct sockaddr_storage addr; int rc; int sock, new_sd; socklen_t addrlen; pid_t pid; - int flag=1; fd_set fdread; struct timeval timeout; int retval; @@ -792,48 +894,17 @@ struct request_info req; #endif - /* create a socket for listening */ - sock=socket(AF_INET,SOCK_STREAM,0); + add_listen_addr(&listen_addrs, address_family, + (strcmp(server_address, "") == 0) ? NULL : server_address, + server_port); - /* exit if we couldn't create the socket */ - if(sock<0){ - syslog(LOG_ERR,"Network server socket failure (%d: %s)",errno,strerror(errno)); - exit(STATE_CRITICAL); + for(ai = listen_addrs; ai; ai = ai->ai_next) { + create_listener(ai); } - /* socket should be non-blocking */ - fcntl(sock,F_SETFL,O_NONBLOCK); - - /* set the reuse address flag so we don't get errors when restarting */ - flag=1; - if(setsockopt(sock,SOL_SOCKET,SO_REUSEADDR,(char *)&flag,sizeof(flag))<0){ - syslog(LOG_ERR,"Could not set reuse address option on socket!\n"); - exit(STATE_UNKNOWN); - } - - myname.sin_family=AF_INET; - myname.sin_port=htons(server_port); - bzero(&myname.sin_zero,8); - - /* what address should we bind to? */ - if(!strlen(server_address)) - myname.sin_addr.s_addr=INADDR_ANY; - - else if(!my_inet_aton(server_address,&myname.sin_addr)){ - syslog(LOG_ERR,"Server address is not a valid IP address\n"); - exit(STATE_CRITICAL); - } - - /* bind the address to the Internet socket */ - if(bind(sock,(struct sockaddr *)&myname,sizeof(myname))<0){ - syslog(LOG_ERR,"Network server bind failure (%d: %s)\n",errno,strerror(errno)); - exit(STATE_CRITICAL); - } - - /* open the socket for listening */ - if(listen(sock,5)<0){ - syslog(LOG_ERR,"Network server listen failure (%d: %s)\n",errno,strerror(errno)); - exit(STATE_CRITICAL); + if (!num_listen_socks) { + syslog(LOG_ERR, "Cannot bind to any address."); + exit(1); } /* log warning about command arguments */ @@ -858,26 +929,33 @@ /* listen for connection requests - fork() if we get one */ while(1){ - /* wait for a connection request */ - while(1){ + /* bail out if necessary */ + if(sigrestart==TRUE || sigshutdown==TRUE) break; - /* wait until there's something to do */ - FD_ZERO(&fdread); - FD_SET(sock,&fdread); - timeout.tv_sec=0; - timeout.tv_usec=500000; - retval=select(sock+1,&fdread,NULL,&fdread,&timeout); + for(i = 0; i < num_listen_socks; i++) { + if (listen_socks[i] > maxfd) maxfd = listen_socks[i]; + } - /* bail out if necessary */ - if(sigrestart==TRUE || sigshutdown==TRUE) - break; + if(fdset != NULL) free(fdset); + fdset = (fd_set *)calloc(howmany(maxfd + 1, NFDBITS), sizeof(fd_mask)); - /* error */ - if(retval<0) - continue; + for (i = 0; i < num_listen_socks; i++) FD_SET(listen_socks[i], fdset); + + /* Wait in select until there is a connection. */ + retval = select(maxfd+1, fdset, NULL, NULL, NULL); + + /* bail out if necessary */ + if(sigrestart==TRUE || sigshutdown==TRUE) break; + + /* error */ + if(retval<0) continue; + + for (i = 0; i < num_listen_socks; i++) { + if (!FD_ISSET(listen_socks[i], fdset)) continue; + fromlen = sizeof(from); /* accept a new connection request */ - new_sd=accept(sock,0,0); + new_sd = accept(listen_socks[i], (struct sockaddr *)&from, &fromlen); /* some kind of error occurred... */ if(new_sd<0){ @@ -900,144 +978,189 @@ /* else handle the error later */ break; - } - - /* connection was good */ - break; - } - - /* bail out if necessary */ - if(sigrestart==TRUE || sigshutdown==TRUE) - break; + } - /* child process should handle the connection */ + /* child process should handle the connection */ pid=fork(); - if(pid==0){ + if(pid==0) { - /* fork again so we don't create zombies */ - pid=fork(); - if(pid==0){ + /* fork again so we don't create zombies */ + pid=fork(); + if(pid==0) { - /* hey, there was an error... */ - if(new_sd<0){ + /* hey, there was an error... */ + if(new_sd<0) { - /* log error to syslog facility */ - syslog(LOG_ERR,"Network server accept failure (%d: %s)",errno,strerror(errno)); + /* log error to syslog facility */ + syslog(LOG_ERR, "Network server accept failure (%d: %s)", + errno, strerror(errno)); - /* close socket prioer to exiting */ - close(sock); + /* close socket prioer to exiting */ + close(sock); - return; - } + return; + } - /* handle signals */ - signal(SIGQUIT,child_sighandler); - signal(SIGTERM,child_sighandler); - signal(SIGHUP,child_sighandler); - - /* grandchild does not need to listen for connections, so close the socket */ - close(sock); - - /* find out who just connected... */ - addrlen=sizeof(addr); - rc=getpeername(new_sd,&addr,&addrlen); + /* handle signals */ + signal(SIGQUIT,child_sighandler); + signal(SIGTERM,child_sighandler); + signal(SIGHUP,child_sighandler); + + /* grandchild does not need to listen for connections */ + close_listen_socks(); + + /* find out who just connected... */ + addrlen=sizeof(addr); + rc=getpeername(new_sd, (struct sockaddr *)&addr, &addrlen); - if(rc<0){ + if(rc<0) { /* log error to syslog facility */ - syslog(LOG_ERR,"Error: Network server getpeername() failure (%d: %s)",errno,strerror(errno)); + syslog(LOG_ERR, "Error: Network server getpeername() failure (%d: %s)", + errno, strerror(errno)); /* close socket prior to exiting */ - close(new_sd); - - return; - } + close(new_sd); - nptr=(struct sockaddr_in *)&addr; + return; + } - /* log info to syslog facility */ - if(debug==TRUE) - syslog(LOG_DEBUG,"Connection from %s port %d",inet_ntoa(nptr->sin_addr),nptr->sin_port); - - /* is this is a blessed machine? */ - if(allowed_hosts){ - switch(nptr->sin_family) { - case AF_INET: - if(!is_an_allowed_host(nptr->sin_addr)) { - /* log error to syslog facility */ - syslog(LOG_ERR,"Host %s is not allowed to talk to us!",inet_ntoa(nptr->sin_addr)); + /* is this is a blessed machine? */ + if(allowed_hosts) { + switch(addr.ss_family) { + case AF_INET: + nptr = (struct sockaddr_in *)&addr; + + /* log info to syslog facility */ + if(debug==TRUE) { + syslog(LOG_DEBUG, "Connection from %s port %d", + inet_ntoa(nptr->sin_addr), + nptr->sin_port); + } + if(!is_an_allowed_host(AF_INET, + (void *)&(nptr->sin_addr))) { + /* log error to syslog facility */ + syslog(LOG_ERR, + "Host %s is not allowed to talk to us!", + inet_ntoa(nptr->sin_addr)); /* log info to syslog facility */ - if ( debug==TRUE ) - syslog(LOG_DEBUG,"Connection from %s closed.",inet_ntoa(nptr->sin_addr)); + if ( debug==TRUE ) { + syslog(LOG_DEBUG, + "Connection from %s closed.", + inet_ntoa(nptr->sin_addr)); + } /* close socket prior to exiting */ close(new_sd); exit(STATE_OK); - } else { - /* log info to syslog facility */ - if(debug==TRUE) - syslog(LOG_DEBUG,"Host address is in allowed_hosts"); + } + else { + /* log info to syslog facility */ + if(debug==TRUE) { + syslog(LOG_DEBUG, + "Host address is in allowed_hosts"); + } } break; - case AF_INET6: - syslog(LOG_DEBUG,"Connection from %s closed. We don't support AF_INET6 addreess family in ACL\n", inet_ntoa(nptr->sin_addr)); + nptr6 = (struct sockaddr_in6 *)&addr; + if(inet_ntop(AF_INET6, + (const void *)&(nptr6->sin6_addr), ipstr, + sizeof(ipstr)) == NULL) { + strncpy(ipstr, "Unknown", sizeof(ipstr)); + } + + /* log info to syslog facility */ + if(debug==TRUE) { + syslog(LOG_DEBUG, "Connection from %s port %d", + ipstr, nptr6->sin6_port); + } + if(!is_an_allowed_host(AF_INET6, + (void *)&(nptr6->sin6_addr))) { + /* log error to syslog facility */ + syslog(LOG_ERR, + "Host %s is not allowed to talk to us!", + ipstr); + + /* log info to syslog facility */ + if ( debug==TRUE ) { + syslog(LOG_DEBUG, + "Connection from %s closed.", + ipstr); + } + + /* close socket prior to exiting */ + close(new_sd); + exit(STATE_OK); + } + else { + /* log info to syslog facility */ + if(debug==TRUE) { + syslog(LOG_DEBUG, + "Host address is in allowed_hosts"); + } + + } break; - } - } + } + } #ifdef HAVE_LIBWRAP + /* Check whether or not connections are allowed from this host */ + request_init(&req,RQ_DAEMON,"nrpe",RQ_FILE,new_sd,0); + fromhost(&req); - /* Check whether or not connections are allowed from this host */ - request_init(&req,RQ_DAEMON,"nrpe",RQ_FILE,new_sd,0); - fromhost(&req); - - if(!hosts_access(&req)){ + if(!hosts_access(&req)){ - syslog(LOG_DEBUG,"Connection refused by TCP wrapper"); + syslog(LOG_DEBUG,"Connection refused by TCP wrapper"); - /* refuse the connection */ - refuse(&req); - close(new_sd); + /* refuse the connection */ + refuse(&req); + close(new_sd); - /* should not be reached */ - syslog(LOG_ERR,"libwrap refuse() returns!"); - exit(STATE_CRITICAL); - } + /* should not be reached */ + syslog(LOG_ERR,"libwrap refuse() returns!"); + exit(STATE_CRITICAL); + } #endif - /* handle the client connection */ - handle_connection(new_sd); + /* handle the client connection */ + handle_connection(new_sd); - /* log info to syslog facility */ - if(debug==TRUE) - syslog(LOG_DEBUG,"Connection from %s closed.",inet_ntoa(nptr->sin_addr)); + /* log info to syslog facility */ + if(debug==TRUE) { + syslog(LOG_DEBUG,"Connection from %s closed.",ipstr); + } - /* close socket prior to exiting */ - close(new_sd); + /* close socket prior to exiting */ + close(new_sd); - exit(STATE_OK); - } + exit(STATE_OK); + } - /* first child returns immediately, grandchild is inherited by INIT process -> no zombies... */ - else - exit(STATE_OK); - } + /* first child returns immediately, grandchild is inherited by + INIT process -> no zombies... */ + else + exit(STATE_OK); + } - /* parent ... */ - else{ - /* parent doesn't need the new connection */ - close(new_sd); + /* parent ... */ + else { + /* parent doesn't need the new connection */ + close(new_sd); - /* parent waits for first child to exit */ - waitpid(pid,NULL,0); - } - } + /* parent waits for first child to exit */ + waitpid(pid,NULL,0); + } + } + } - /* close the socket we're listening on */ - close(sock); + /* close the sockets we're listening on */ + close_listen_socks(); + freeaddrinfo(listen_addrs); + listen_addrs=NULL; return; } @@ -1962,6 +2085,8 @@ {"inetd", no_argument, 0, 'i'}, /* To compatibility between short and long options but not used on AIX */ {"src", no_argument, 0, 's'}, + {"4", no_argument, 0, '4'}, + {"6", no_argument, 0, '4'}, {"daemon", no_argument, 0, 'd'}, {"no-ssl", no_argument, 0, 'n'}, {"help", no_argument, 0, 'h'}, @@ -1974,7 +2099,7 @@ if(argc<2) return ERROR; - snprintf(optchars,MAX_INPUT_BUFFER,"c:hVldins"); + snprintf(optchars,MAX_INPUT_BUFFER,"c:hVldi46n"); while(1){ #ifdef HAVE_GETOPT_LONG @@ -2010,6 +2135,12 @@ use_inetd=TRUE; have_mode=TRUE; break; + case '4': + address_family=AF_INET; + break; + case '6': + address_family=AF_INET6; + break; case 'n': use_ssl=FALSE; break; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/nrpe-2.14/src/utils.c new/nrpe-2.15/src/utils.c --- old/nrpe-2.14/src/utils.c 2006-12-12 03:04:01.000000000 +0100 +++ new/nrpe-2.15/src/utils.c 2013-09-06 17:27:13.000000000 +0200 @@ -32,6 +32,14 @@ #include "../include/common.h" #include "../include/utils.h" +#ifndef NI_MAXSERV +#define NI_MAXSERV 32 +#endif + +#ifndef NI_MAXHOST +#define NI_MAXHOST 1025 +#endif + static unsigned long crc32_table[256]; @@ -109,179 +117,121 @@ } -/* opens a connection to a remote host/tcp port */ -int my_tcp_connect(char *host_name,int port,int *sd){ - int result; - - result=my_connect(host_name,port,sd,"tcp"); - - return result; - } - - -/* opens a tcp or udp connection to a remote host */ -int my_connect(char *host_name,int port,int *sd,char *proto){ - struct sockaddr_in servaddr; - struct hostent *hp; - struct protoent *ptrp; - int result; - - bzero((char *)&servaddr,sizeof(servaddr)); - servaddr.sin_family=AF_INET; - servaddr.sin_port=htons(port); - - /* try to bypass using a DNS lookup if this is just an IP address */ - if(!my_inet_aton(host_name,&servaddr.sin_addr)){ - - /* else do a DNS lookup */ - hp=gethostbyname((const char *)host_name); - if(hp==NULL){ - printf("Invalid host name '%s'\n",host_name); - return STATE_UNKNOWN; - } - - memcpy(&servaddr.sin_addr,hp->h_addr,hp->h_length); - } - - /* map transport protocol name to protocol number */ - if(((ptrp=getprotobyname(proto)))==NULL){ - printf("Cannot map \"%s\" to protocol number\n",proto); - return STATE_UNKNOWN; - } - - /* create a socket */ - *sd=socket(PF_INET,(!strcmp(proto,"udp"))?SOCK_DGRAM:SOCK_STREAM,ptrp->p_proto); - if(*sd<0){ - printf("Socket creation failed\n"); - return STATE_UNKNOWN; - } - - /* open a connection */ - result=connect(*sd,(struct sockaddr *)&servaddr,sizeof(servaddr)); - if(result<0){ - switch(errno){ - case ECONNREFUSED: - printf("Connection refused by host\n"); - break; - case ETIMEDOUT: - printf("Timeout while attempting connection\n"); - break; - case ENETUNREACH: - printf("Network is unreachable\n"); - break; - default: - printf("Connection refused or timed out\n"); - } - - return STATE_CRITICAL; - } - - return STATE_OK; - } - - - -/* This code was taken from Fyodor's nmap utility, which was originally taken from - the GLIBC 2.0.6 libraries because Solaris doesn't contain the inet_aton() funtion. */ -int my_inet_aton(register const char *cp, struct in_addr *addr){ - register unsigned int val; /* changed from u_long --david */ - register int base, n; - register char c; - u_int parts[4]; - register u_int *pp = parts; - - c=*cp; - - for(;;){ - - /* - * Collect number up to ``.''. - * Values are specified as for C: - * 0x=hex, 0=octal, isdigit=decimal. - */ - if (!isdigit((int)c)) - return (0); - val=0; - base=10; - - if(c=='0'){ - c=*++cp; - if(c=='x'||c=='X') - base=16,c=*++cp; - else - base=8; - } - - for(;;){ - if(isascii((int)c) && isdigit((int)c)){ - val=(val*base)+(c -'0'); - c=*++cp; - } - else if(base==16 && isascii((int)c) && isxdigit((int)c)){ - val=(val<<4) | (c+10-(islower((int)c)?'a':'A')); - c = *++cp; - } - else - break; - } - - if(c=='.'){ - - /* - * Internet format: - * a.b.c.d - * a.b.c (with c treated as 16 bits) - * a.b (with b treated as 24 bits) - */ - if(pp>=parts+3) - return (0); - *pp++=val; - c=*++cp; - } - else +/* opens a connection to a remote host */ +int my_connect(const char *host, struct sockaddr_storage * hostaddr, u_short port, + int address_family, const char *bind_address){ + int gaierr; + int sock = -1; + char ntop[NI_MAXHOST], strport[NI_MAXSERV]; + struct addrinfo hints, *ai, *aitop; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = address_family; + hints.ai_socktype = SOCK_STREAM; + snprintf(strport, sizeof strport, "%u", port); + if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) { + fprintf(stderr,"Could not resolve hostname %.100s: %s\n", host, + gai_strerror(gaierr)); + exit(1); + } + + /* + * Loop through addresses for this host, and try each one in + * sequence until the connection succeeds. + */ + for (ai = aitop; ai; ai = ai->ai_next) { + if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) continue; + if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop), + strport, sizeof(strport), NI_NUMERICHOST|NI_NUMERICSERV) != 0) { + fprintf(stderr, "my_connect: getnameinfo failed\n"); + continue; + } + + /* Create a socket for connecting. */ + sock = my_create_socket(ai, bind_address); + if (sock < 0) { + /* Any error is already output */ + continue; + } + + if (connect(sock, ai->ai_addr, ai->ai_addrlen) >= 0) { + /* Successful connection. */ + memcpy(hostaddr, ai->ai_addr, ai->ai_addrlen); break; - } - - /* Check for trailing characters */ - if(c!='\0' && (!isascii((int)c) || !isspace((int)c))) - return (0); - - /* Concoct the address according to the number of parts specified */ - n=pp-parts+1; - switch(n){ - - case 0: - return (0); /* initial nondigit */ - - case 1: /* a -- 32 bits */ - break; - - case 2: /* a.b -- 8.24 bits */ - if(val>0xffffff) - return (0); - val|=parts[0]<<24; - break; - - case 3: /* a.b.c -- 8.8.16 bits */ - if(val>0xffff) - return (0); - val|=(parts[0]<< 24) | (parts[1]<<16); - break; - - case 4: /* a.b.c.d -- 8.8.8.8 bits */ - if(val>0xff) - return (0); - val|=(parts[0]<<24) | (parts[1]<<16) | (parts[2]<<8); - break; - } - - if(addr) - addr->s_addr=htonl(val); - - return (1); - } - - + } + else { + fprintf(stderr,"connect to address %s port %s: %s\n", ntop, strport, + strerror(errno)); + close(sock); + sock = -1; + } + } + + freeaddrinfo(aitop); + + /* Return failure if we didn't get a successful connection. */ + if (sock == -1) { + fprintf(stderr, "connect to host %s port %s: %s", host, strport, + strerror(errno)); + return -1; + } + return sock; + } + +/* Creates a socket for the connection. */ +int my_create_socket(struct addrinfo *ai, const char *bind_address) { + int sock, gaierr; + struct addrinfo hints, *res; + + sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); + if (sock < 0) fprintf(stderr,"socket: %.100s\n", strerror(errno)); + + /* Bind the socket to an alternative local IP address */ + if (bind_address == NULL) return sock; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = ai->ai_family; + hints.ai_socktype = ai->ai_socktype; + hints.ai_protocol = ai->ai_protocol; + hints.ai_flags = AI_PASSIVE; + gaierr = getaddrinfo(bind_address, NULL, &hints, &res); + if(gaierr) { + fprintf(stderr, "getaddrinfo: %s: %s\n", bind_address, + gai_strerror(gaierr)); + close(sock); + return -1; + } + if(bind(sock, res->ai_addr, res->ai_addrlen) < 0) { + fprintf(stderr, "bind: %s: %s\n", bind_address, strerror(errno)); + close(sock); + freeaddrinfo(res); + return -1; + } + freeaddrinfo(res); + return sock; +} + +void add_listen_addr(struct addrinfo **listen_addrs, int address_family, + char *addr, int port) { + struct addrinfo hints, *ai, *aitop; + char strport[NI_MAXSERV]; + int gaierr; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = address_family; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; + snprintf(strport, sizeof strport, "%d", port); + if((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) { + syslog(LOG_ERR,"bad addr or host: %s (%s)\n", addr ? addr : "<NULL>", + gai_strerror(gaierr)); + exit(1); + } + for(ai = aitop; ai->ai_next; ai = ai->ai_next); + ai->ai_next = *listen_addrs; + *listen_addrs = aitop; + } + void strip(char *buffer){ int x; int index; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/nrpe-2.14/update-version new/nrpe-2.15/update-version --- old/nrpe-2.14/update-version 2012-12-21 18:22:00.000000000 +0100 +++ new/nrpe-2.15/update-version 2013-09-06 17:27:13.000000000 +0200 @@ -1,5 +1,23 @@ #!/bin/sh +# Make sure autoconf is installed and is the correct version +min_autoconf_major=2 +min_autoconf_minor=59 +autoconf_error="Autoconf version $min_autoconf_major.$min_autoconf_minor or later must be installed to run this script." +autoconf_version=`(autoconf -V 2> /dev/null) |\ + grep "^autoconf (GNU Autoconf)" | gawk '{print $NF}'` +if [ "$autoconf_version" != "" ] ; then + autoconf_major=`echo $autoconf_version | gawk -F '.' '{print $1}'` + autoconf_minor=`echo $autoconf_version | gawk -F '.' '{print $2}'` + if [ $autoconf_major -lt $min_autoconf_major -o $autoconf_minor -lt $min_autoconf_minor ] ; then + echo $autoconf_error + exit 1 + fi +else + echo $autoconf_error + exit 1 +fi + # Get date (two formats) if [ -n "$2" ]; then LONGDATE=`date -d "$2" "+%B %d, %Y"` @@ -10,10 +28,10 @@ fi # Current version number -CURRENTVERSION=2.14 +CURRENTVERSION=2.15 # Last date -LASTDATE=12-21-2012 +LASTDATE=09-06-2013 if [ "x$1" = "x" ] then @@ -45,15 +63,18 @@ perl -i -p -e "s/Last Modified: [0-9].*/Last Modified: $SHORTDATE/;" src/nrpe.c perl -i -p -e "s/Last Modified: [0-9].*/Last Modified: $SHORTDATE/;" src/check_nrpe.c -# Update version number and release date in configure script and configure.in -perl -i -p -e "s/PKG_VERSION=.*/PKG_VERSION=\"$1\"/;" configure -perl -i -p -e "s/PKG_REL_DATE=.*\"/PKG_REL_DATE=\"$SHORTDATE\"/;" configure -perl -i -p -e "if( /^AC_INIT/) { s/$CURRENT_VERSION/$1/; }" configure.in +# Update version number and release date in configure.in +perl -i -p -e "if( /^AC_INIT/) { s/$CURRENTVERSION/$1/; }" configure.in perl -i -p -e "s/PKG_VERSION=.*/PKG_VERSION=\"$1\"/;" configure.in perl -i -p -e "s/PKG_REL_DATE=.*\"/PKG_REL_DATE=\"$SHORTDATE\"/;" configure.in +# Run autoconf to update configure (this is easier than updating every instance +# of the version number in configure) +autoconf + # Update RPM spec file with version number perl -i -p -e "s/%define version .*/%define version $1/;" nrpe.spec +perl -i -p -e "if( /\%define _docdir/) { s/$CURRENTVERSION/$1/; }" nrpe.spec # Update this file with version number and last date perl -i -p -e "s/^CURRENTVERSION=.*/CURRENTVERSION=$newversion/;" update-version ++++++ nrpe-drop_privileges_before_writing_pidfile.patch ++++++ --- /var/tmp/diff_new_pack.uvJoR4/_old 2013-09-27 17:52:10.000000000 +0200 +++ /var/tmp/diff_new_pack.uvJoR4/_new 2013-09-27 17:52:10.000000000 +0200 @@ -2,7 +2,7 @@ =================================================================== --- src/nrpe.c.orig +++ src/nrpe.c -@@ -307,13 +307,13 @@ int main(int argc, char **argv){ +@@ -320,13 +320,13 @@ int main(int argc, char **argv){ /* log info to syslog facility */ syslog(LOG_NOTICE,"Starting up daemon"); ++++++ nrpe-improved_help.patch ++++++ --- /var/tmp/diff_new_pack.uvJoR4/_old 2013-09-27 17:52:10.000000000 +0200 +++ /var/tmp/diff_new_pack.uvJoR4/_new 2013-09-27 17:52:10.000000000 +0200 @@ -1,39 +1,50 @@ -Index: src/check_nrpe.c +Index: nrpe-2.15/src/check_nrpe.c =================================================================== ---- src/check_nrpe.c.orig -+++ src/check_nrpe.c -@@ -96,6 +96,9 @@ int main(int argc, char **argv){ +--- nrpe-2.15.orig/src/check_nrpe.c ++++ nrpe-2.15/src/check_nrpe.c +@@ -91,7 +91,7 @@ int main(int argc, char **argv){ + + if(result!=OK || show_help==TRUE){ + +- printf("Usage: check_nrpe -H <host> [ -b <bindaddr> ] [-4] [-6] [-n] [-u] [-p <port>] [-t <timeout>] [-c <command>] [-a <arglist...>]\n"); ++ printf("Usage: check_nrpe -H <host> [ -b <bindaddr> ] [-4] [-6] [-n] [-u] [-p <port>] [-t <timeout>] [-c <command>] [-a <arglist...>] [--help] [--license] [--no-ssl]\n"); + printf("\n"); + printf("Options:\n"); + printf(" -n = Do no use SSL\n"); +@@ -106,6 +106,9 @@ int main(int argc, char **argv){ printf(" [arglist] = Optional arguments that should be passed to the command. Multiple\n"); printf(" arguments should be separated by a space. If provided, this must be\n"); printf(" the last option supplied on the command line.\n"); -+ printf(" -h, --help Print this short help.\n"); -+ printf(" -l,--license Print licensing information.\n"); -+ printf(" -n,--no-ssl Do not initial an ssl handshake with the server, talk in plaintext.\n"); ++ printf(" -h, --help Print this short help.\n"); ++ printf(" -l,--license Print licensing information.\n"); ++ printf(" -n,--no-ssl Do not initial an ssl handshake with the server, talk in plaintext.\n"); printf("\n"); printf("Note:\n"); printf("This plugin requires that you have the NRPE daemon running on the remote host.\n"); -Index: src/nrpe.c +Index: nrpe-2.15/src/nrpe.c =================================================================== ---- src/nrpe.c.orig -+++ src/nrpe.c -@@ -148,14 +148,17 @@ int main(int argc, char **argv){ +--- nrpe-2.15.orig/src/nrpe.c ++++ nrpe-2.15/src/nrpe.c +@@ -159,7 +159,7 @@ int main(int argc, char **argv){ else if(result!=OK || show_help==TRUE){ -- printf("Usage: nrpe [-n] -c <config_file> <mode>\n"); -+ printf("Usage: nrpe [-n] -c <config_file> <mode> [--help] [--license] [--no-ssl]\n"); +- printf("Usage: nrpe [-n] -c <config_file> [-4|-6] <mode>\n"); ++ printf("Usage: nrpe [-n] -c <config_file> [-4|-6] <mode> [--help] [--license] [--no-ssl]\n"); printf("\n"); printf("Options:\n"); printf(" -n = Do not use SSL\n"); - printf(" <config_file> = Name of config file to use\n"); +@@ -167,8 +167,11 @@ int main(int argc, char **argv){ + printf(" -4 = use ipv4 only\n"); + printf(" -6 = use ipv6 only\n"); printf(" <mode> = One of the following operating modes:\n"); - printf(" -i = Run as a service under inetd or xinetd\n"); - printf(" -d = Run as a standalone daemon\n"); -+ printf(" -i, --inetd Run as a service under inetd or xinetd\n"); -+ printf(" -d, --daemon Run as a standalone daemon\n"); -+ printf(" -h, --help = Print this short help.\n"); -+ printf(" -l, --license = Print licensing information.\n"); -+ printf(" -n, --no-ssl = Do not initial an ssl handshake with the server, talk in plain text.\n"); ++ printf(" -i, --inetd = Run as a service under inetd or xinetd\n"); ++ printf(" -d, --daemon = Run as a standalone daemon\n"); ++ printf(" -h, --help = Print this short help.\n"); ++ printf(" -l, --license = Print licensing information.\n"); ++ printf(" -n, --no-ssl = Do not initial an ssl handshake with the server, talk in plain text.\n"); /* Updates help section to indicate how to start under SRC on AIX */ printf(" -d -s = Run as a subsystem under AIX\n"); printf("\n"); ++++++ nrpe-more_random.patch ++++++ --- /var/tmp/diff_new_pack.uvJoR4/_old 2013-09-27 17:52:10.000000000 +0200 +++ /var/tmp/diff_new_pack.uvJoR4/_new 2013-09-27 17:52:10.000000000 +0200 @@ -2,7 +2,7 @@ =================================================================== --- src/utils.c.orig +++ src/utils.c -@@ -99,7 +99,7 @@ void randomize_buffer(char *buffer,int b +@@ -107,7 +107,7 @@ void randomize_buffer(char *buffer,int b /* else fallback to using the current time as the seed */ else ++++++ nrpe-weird_output.patch ++++++ --- /var/tmp/diff_new_pack.uvJoR4/_old 2013-09-27 17:52:10.000000000 +0200 +++ /var/tmp/diff_new_pack.uvJoR4/_new 2013-09-27 17:52:10.000000000 +0200 @@ -2,7 +2,7 @@ =================================================================== --- src/nrpe.c.orig +++ src/nrpe.c -@@ -1194,6 +1194,9 @@ void handle_connection(int sock){ +@@ -1317,6 +1317,9 @@ void handle_connection(int sock){ /* disable connection alarm - a new alarm will be setup during my_system */ alarm(0); -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org