diff -up ./Changelog.git_20170321 ./Changelog
--- ./Changelog.git_20170321 2016-09-08 12:18:58.000000000 -0400
+++ ./Changelog 2017-03-21 15:59:04.851507165 -0400
@@ -2,6 +2,29 @@
NRPE Changelog
**************
+3.0.x - 2016-xx-xx
+------------------
+FIXES
+- Added missing debugging syslog entries, and changed printf()'s to syslog()'s. (Jobst Schmalenbach)
+- Fix help output for ssl option (configure) (Ruben Kerkhof)
+- Fixes to README.SSL.md and SECURITY.md (Elan Ruusamäe)
+- Changed the 'check_load' command in nrpe.cfg.in (minusdavid)
+- Cleanup of config.h.in suggested by Ruben Kerkhof
+- Minor change to logging in check_nrpe (John Frickson)
+- Solaris 11 detection is broken in configure (John Frickson)
+- Removed function `b64_decode` which wasn't being used (John Frickson)
+- check_nrpe ignores -a option when -f option is specified (John Frickson)
+- Added missing LICENSE file (John Frickson)
+- Off-by-one BO in my_system() (John Frickson)
+- Got rid of some compiler warnings (Stefan Krüger / John Frickson)
+- Add SOURCE_DATE_EPOCH specification support for reproducible builds. (Bas Couwenberg)
+- nrpe 3.0.1 allows TLSv1 and TLSv1.1 when I configure for TLSv1.2+ (John Frickson)
+- "Remote %s accepted a Version %s Packet", please add to debug (John Frickson)
+- nrpe 3.0.1 segfaults when key and/or cert are broken symlinks (John Frickson)
+- Fixed a couple of typos in docs/NRPE.* files (Ludmil Meltchev)
+- Changed release date to ISO format (yyyy-mm-dd) (John Frickson)
+
+
3.0.1 - 2016-09-08
------------------
FIXES
diff -up ./LICENSE.git_20170321 ./LICENSE
--- ./LICENSE.git_20170321 2017-03-21 15:59:04.852507149 -0400
+++ ./LICENSE 2017-03-21 15:59:04.852507149 -0400
@@ -0,0 +1,339 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) year name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.
diff -up ./README.SSL.md.git_20170321 ./README.SSL.md
--- ./README.SSL.md.git_20170321 2016-09-08 12:18:58.000000000 -0400
+++ ./README.SSL.md 2017-03-21 15:59:04.852507149 -0400
@@ -171,14 +171,14 @@ run the nrpe daemon: `db_server` and `bo
As root, do the following:
mkdir -p -m 750 /usr/local/nagios/etc/ssl
- chown root.nagios /usr/local/nagios/etc/ssl
+ chown root:nagios /usr/local/nagios/etc/ssl
cd /usr/local/nagios/etc/ssl
mkdir -m 750 ca
- chown root.root ca
+ chown root:root ca
mkdir -m 750 server_certs
- chown root.nagios server_certs
+ chown root:nagios server_certs
mkdir -m 750 client_certs
- chown root.nagios client_certs
+ chown root:nagios client_certs
####Create Certificate Authority
@@ -229,7 +229,7 @@ If you have the default `/etc/openssl.cn
mkdir demoCA/newcerts
touch demoCA/index.txt
echo "01" > demoCA/serial
- chown -R root.root demoCA
+ chown -R root:root demoCA
chmod 700 demoCA
chmod 700 demoCA/newcerts
chmod 600 demoCA/serial
@@ -242,13 +242,13 @@ Now, sign the CSRs. As root, do the foll
-keyfile ca/ca_key.pem -cert ca/ca_cert.pem \
-in server_certs/db_server.csr \
-out server_certs/db_server.pem
- chown root.nagios server_certs/db_server.pem
+ chown root:nagios server_certs/db_server.pem
chmod 440 server_certs/db_server.pem
openssl ca -days 365 -notext -md sha256 \
-keyfile ca/ca_key.pem -cert ca/ca_cert.pem \
-in server_certs/bobs_workstation.csr \
-out server_certs/bobs_workstation.pem
- chown root.nagios server_certs/bobs_workstation.pem
+ chown root:nagios server_certs/bobs_workstation.pem
chmod 440 server_certs/bobs_workstation.pem
Now, copy the `db_server.pem` and `db_server.key` files to the
@@ -271,7 +271,7 @@ running the check_nrpe program.
-keyfile ca/ca_key.pem -cert ca/ca_cert.pem \
-in client_certs/nag_serv.csr \
-out client_certs/nag_serv.pem
- chown root.nagios client_certs/nag_serv.pem
+ chown root:nagios client_certs/nag_serv.pem
chmod 440 client_certs/nag_serv.pem
Now, copy the `nag_serv.pem`, `nag_serv.key` and `ca/ca_cert.pem`
diff -up ./SECURITY.md.git_20170321 ./SECURITY.md
--- ./SECURITY.md.git_20170321 2016-09-08 12:18:58.000000000 -0400
+++ ./SECURITY.md 2017-03-21 15:59:04.852507149 -0400
@@ -64,7 +64,7 @@ To help prevent some nasty things from b
clients, the following metacharacters are not allowed
in client command arguments:
- | ` & > < ' " \ [ ] { } ; !
+ | ` & > < ' \ [ ] { } ; ! \r \n
Any client request which contains the above mentioned metachars
is discarded.
diff -up ./THANKS.git_20170321 ./THANKS
--- ./THANKS.git_20170321 2016-09-08 12:18:58.000000000 -0400
+++ ./THANKS 2017-03-21 15:59:04.852507149 -0400
@@ -4,10 +4,12 @@ Andrew Boyce-Lewis
Andrew Ryder
Andrew Widdersheim
Bartosz Woronicz
+Bas Couwenberg
Bill Mitchell
Bjoern Beutel
Brian Seklecki
Derrick Bennett
+Elan Ruusamäe
Eric Mislivec
Eric Stanley
Gerhard Lausser
@@ -17,6 +19,7 @@ Grégory Starck
James Peterson
Jari Takkala
Jason Cook
+Jobst Schmalenbach
John Maag
Jon Andrews
Kaspersky Lab
@@ -30,12 +33,15 @@ Matthias Flacke
Niels Endres
Patric Wust
Peter Palfrader
+Philippe Kueck
Rene Klootwijk
Robert Peaslee
+Ruben Kerkhof
Ryan McGarry
Ryan Ordway
Sean Finney
Spenser Reinhardt
+Stefan Krüger
Subhendu Ghosh
Thierry Bertaud
Ton Voon
diff -up ./configure.ac.git_20170321 ./configure.ac
--- ./configure.ac.git_20170321 2016-09-08 12:18:58.000000000 -0400
+++ ./configure.ac 2017-03-21 15:59:04.854507118 -0400
@@ -60,7 +60,7 @@ AC_NAGIOS_GET_INETD
AC_NAGIOS_GET_PATHS
AC_NAGIOS_GET_FILES
-if test "$dist_type" = solaris -a "$dist_ver" != smf11; then
+if test "$dist_type" = solaris -a "$dist_ver" = 10; then
AC_DEFINE(SOLARIS_10,yes)
fi
@@ -296,7 +296,7 @@ AC_TRY_COMPILE([#include <stdlib.h>
dnl Does user want to check for SSL?
AC_ARG_ENABLE([ssl],
- AS_HELP_STRING([--enable-ssl],[enables native SSL support]),[
+ AS_HELP_STRING([--disable-ssl],[disables native SSL support @<:@default=check@:>@]),[
if test x$enableval = xyes; then
check_for_ssl=yes
else
diff -up ./configure.git_20170321 ./configure
--- ./configure.git_20170321 2016-09-08 12:18:58.000000000 -0400
+++ ./configure 2017-03-21 15:59:04.853507133 -0400
@@ -630,6 +630,7 @@ SSL_LIB_DIR
SSL_INC_PREFIX
SSL_HDR
SSL_INC_DIR
+SSL_TYPE
HAVE_SSL
EGREP
GREP
@@ -1388,7 +1389,7 @@ Optional Features:
'--enable-install-method', so you can see the
destinations before a full './configure', 'make',
'make install' process.
- --enable-ssl enables native SSL support
+ --disable-ssl disables native SSL support [default=check]
--enable-command-args allows clients to specify command arguments. ***
THIS IS A SECURITY RISK! *** Read the SECURITY file
before using this option!
@@ -2751,10 +2752,12 @@ fi
bsd) :
dist_type=`uname -s | tr "A-Z" "a-z"`
dist_ver=`uname -r` ;; #(
- aix|hp-ux) :
- dist_ver=$OSTYPE ;; #(
+ aix) :
+ dist_ver="`uname -v`.`uname -r`" ;; #(
+ hp-ux) :
+ dist_ver=`uname -r | cut -d'.' -f1-3` ;; #(
solaris) :
- dist_ver=`echo $OSTYPE | cut -d'.' -f2` ;; #(
+ dist_ver=`uname -r | cut -d'.' -f2` ;; #(
*) :
dist_ver=$OSTYPE
;; #(
@@ -2888,20 +2891,19 @@ fi
elif test "$dist_type" = "slackware"; then
init_type="bsd"
init_type_wanted=no
+ elif test "$dist_type" = "aix"; then
+ init_type="bsd"
+ init_type_wanted=no
+ elif test "$dist_type" = "hp-ux"; then
+ init_type="unknown"
+ init_type_wanted=no
fi
fi
PSCMD="ps -p1 -o args"
- case $dist_type in #(
- aix) :
- PSCMD="env UNIX95=1; ps -p1 -o args" ;; #(
- solaris) :
- PSCMD="env UNIX95=1; ps -p1 -o args" ;; #(
- hp-ux) :
- PSCMD="env UNIX95=1; ps -p1 -o args" ;; #(
- *) :
- ;;
-esac
+ if test $dist_type = solaris; then
+ PSCMD="env UNIX95=1; ps -p1 -o args"
+ fi
if test "$init_type_wanted" = yes; then
pid1=`$PSCMD | grep -vi COMMAND | cut -d' ' -f1`
@@ -2948,7 +2950,7 @@ esac
if test "$init_type_wanted" = yes; then
if test "$pid1" = "/sbin/init" -o "$pid1" = "/usr/sbin/init"; then
- if `/sbin/init --version 2>/dev/null | grep "upstart" >/dev/null`; then
+ if `$pid1 --version 2>/dev/null | grep "upstart" >/dev/null`; then
init_type="upstart"
init_type_wanted=no
elif test -f "/etc/rc" -a ! -L "/etc/rc"; then
@@ -3154,16 +3156,21 @@ case $dist_type in #(
esac
-need_cgi=no
-need_web=no
-need_brk=no
-need_plg=no
-need_pipe=no
-need_spl=no
-need_loc=no
-need_log_subdir=no
-need_etc_subdir=no
-need_pls_dir=no
+ # Does this package need to know:
+need_cgi=no # where the cgi-bin directory is
+need_web=no # where the website directory is
+need_brk=no # where the event broker modules directory is
+need_plg=no # where the plugins directory is
+need_pipe=no # where the pipe directory is
+need_spl=no # where the spool directory is
+need_loc=no # where the locale directory is
+need_log_subdir=no # where the loc sub-directory is
+need_etc_subdir=no # where the etc sub-directory is
+need_pls_dir=no # where the package locate state directory is
+
+if test x"$INIT_PROG" = x; then
+ INIT_PROG="$PKG_NAME"
+fi
case $PKG_NAME in #(
nagios) :
@@ -3177,7 +3184,8 @@ case $PKG_NAME in #(
need_cgi=yes
need_web=yes ;; #(
ndoutils) :
- need_spl=yes ;; #(
+ need_brk=yes
+ need_spl=yes ;; #(
nrpe) :
need_plg=yes ;; #(
nsca) :
@@ -3348,14 +3356,14 @@ tmpfilesd=${tmpfilesd="/usr/lib/tmpfiles
if test ! -d "$tmpfilesd"; then
tmpfilesd="N/A"
else
- tmpfilesd="$tmpfilesd/$PKG_NAME.conf"
+ tmpfilesd="$tmpfilesd/$INIT_PROG.conf"
fi
subsyslockdir=${subsyslockdir="/var/lock/subsys"}
if test ! -d "$subsyslockdir"; then
subsyslockdir="N/A"
subsyslockfile="N/A"
else
- subsyslockfile="$subsyslockdir/$PKG_NAME"
+ subsyslockfile="$subsyslockdir/$INIT_PROG"
fi
if test "$need_loc" = no; then
localedir="N/A"
@@ -3436,23 +3444,23 @@ elif test $opsys = "linux"; then
fi
privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
if test $need_log_subdir = yes; then
- logdir=${logdir="$localstatedir/log/$PKG_NAME"}
+ logdir=${logdir="$localstatedir/log/$INIT_PROG"}
else
logdir=${logdir="$localstatedir/log"}
fi
- piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
+ piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
if test "$need_pipe" = yes; then
- pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
+ pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
else
pipedir="N/A"
fi
if test "$need_pls_dir" = yes; then
- pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
+ pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
else
pkglocalstatedir="N/A"
fi
if test "$need_spl" = yes; then
- spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
+ spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
else
spooldir="N/A"
fi
@@ -3501,7 +3509,7 @@ elif test $opsys = "unix"; then
fi
privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
if test "$need_pls_dir" = yes; then
- pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
+ pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
else
pkglocalstatedir="N/A"
fi
@@ -3509,7 +3517,7 @@ elif test $opsys = "unix"; then
localedir=${localedir="/usr/local/share/locale/<lang>/LC_MESSAGES/nagios-plugins.mo"}
fi
if test "$need_spl" = yes; then
- spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
+ spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
else
spooldir="N/A"
fi
@@ -3534,14 +3542,14 @@ elif test $opsys = "unix"; then
pipedir=${pipedir="$pkglocalstatedir"}
logdir=${logdir="$pkglocalstatedir/log"} ;; #(
*) :
- piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
+ piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
if test "$need_pipe" = yes; then
- pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
+ pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
else
pipedir="N/A"
fi
if test $need_log_subdir = yes; then
- logdir=${logdir="$localstatedir/log/$PKG_NAME"}
+ logdir=${logdir="$localstatedir/log/$INIT_PROG"}
else
logdir=${logdir="$localstatedir/log"}
fi
@@ -3594,7 +3602,7 @@ elif test $opsys = "bsd"; then
fi
privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
if test "$need_pls_dir" = yes; then
- pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
+ pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
else
pkglocalstatedir="N/A"
fi
@@ -3602,7 +3610,7 @@ elif test $opsys = "bsd"; then
localedir=${localedir="/usr/local/share/locale/<lang>/LC_MESSAGES/nagios-plugins.mo"}
fi
if test "$need_spl" = yes; then
- spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
+ spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
else
spooldir="N/A"
fi
@@ -3627,14 +3635,14 @@ elif test $opsys = "bsd"; then
else
cgibindir="N/A"
fi
- piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
+ piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
if test "$need_pipe" = yes; then
- pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
+ pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
else
pipedir="N/A"
fi
if test $need_log_subdir = yes; then
- logdir=${logdir="$localstatedir/log/$PKG_NAME"}
+ logdir=${logdir="$localstatedir/log/$INIT_PROG"}
else
logdir=${logdir="$localstatedir/log"}
fi
@@ -3670,6 +3678,7 @@ eval libexecdir=$libexecdir
eval brokersdir=$brokersdir
eval pluginsdir=$pluginsdir
eval cgibindir=$cgibindir
+eval localstatedir=$localstatedir
eval pkglocalstatedir=$pkglocalstatedir
eval webdir=$webdir
eval localedir=$localedir
@@ -3687,51 +3696,56 @@ case $init_type in #(
else
initdir=${initdir="/etc/init.d"}
fi
- initname=${initname="$PKG_NAME"}
+ initname=${initname="$INIT_PROG"}
initconfdir=${initconfdir="/etc/conf.d"}
- initconf=${initconf="$initconfdir/$PKG_NAME"} ;; #(
+ initconf=${initconf="$initconfdir/$INIT_PROG"} ;; #(
systemd) :
if test $dist_type = "debian"; then
initdir=${initdir="/lib/systemd/system"}
else
initdir=${initdir="/usr/lib/systemd/system"}
fi
- initname=${initname="$PKG_NAME.service"} ;; #(
+ initname=${initname="$INIT_PROG.service"} ;; #(
bsd) :
- initdir=${initdir="/etc/rc.d"}
- initname=${initname="rc.$PKG_NAME"} ;; #(
+ if test $dist_type = "aix"; then
+ initdir=${initdir="/sbin/rc.d/init.d"}
+ initname=${initname="$INIT_PROG"}
+ else
+ initdir=${initdir="/etc/rc.d"}
+ initname=${initname="rc.$INIT_PROG"}
+ fi ;; #(
newbsd) :
initdir=${initdir="/etc/rc.d"}
- initname=${initname="$PKG_NAME"} ;; #(
+ initname=${initname="$INIT_PROG"} ;; #(
gentoo) :
initdir=${initdir="/etc/init.d"}
- initname=${initname="$PKG_NAME"}
+ initname=${initname="$INIT_PROG"}
initconfdir=${initconfdir="/etc/init.d"}
- initconf=${initconf="$initconfdir/$PKG_NAME"} ;; #(
+ initconf=${initconf="$initconfdir/$INIT_PROG"} ;; #(
openrc) :
initdir=${initdir="/etc/init.d"}
- initname=${initname="$PKG_NAME"}
+ initname=${initname="$INIT_PROG"}
initconfdir=${initconfdir="/etc/conf.d"}
- initconf=${initconf="$initconfdir/$PKG_NAME"} ;; #(
+ initconf=${initconf="$initconfdir/$INIT_PROG"} ;; #(
smf*) :
if test $init_type = smf10; then
initdir=${initdir="/var/svc/manifest/network/nagios"}
else
initdir=${initdir="/lib/svc/manifest/network/nagios"}
fi
- initname=${initname="$PKG_NAME.xml"}
+ initname=${initname="$INIT_PROG.xml"}
initconfdir=unknown
initconf=unknown ;; #(
upstart) :
initdir=${initdir="/etc/init"}
- initname=${initname="$PKG_NAME.conf"}
+ initname=${initname="$INIT_PROG.conf"}
initconfdir=${initconfdir="/etc/default"}
- initconf=${initconf="$initconfdir/$PKG_NAME"} ;; #(
+ initconf=${initconf="$initconfdir/$INIT_PROG"} ;; #(
launchd) :
initdir=${initdir="/Library/LaunchDaemons"}
- initname=${initname="org.nagios.$PKG_NAME.plist"} ;; #(
+ initname=${initname="org.nagios.$INIT_PROG.plist"} ;; #(
# initconfdir=${initconfdir="/private/etc"}
-# initconf=${initconf="$initconfdir/$PKG_NAME"},
+# initconf=${initconf="$initconfdir/$INIT_PROG"},
*) :
@@ -3750,28 +3764,28 @@ case $inetd_type in #(
inetdname=${inetdname="inetd.conf"} ;; #(
xinetd) :
inetddir=${inetddir="/etc/xinetd.d"}
- inetdname=${inetdname="$PKG_NAME"} ;; #(
+ inetdname=${inetdname="$INIT_PROG"} ;; #(
systemd) :
if test $dist_type = "debian"; then
inetddir=${inetddir="/lib/systemd/system"}
else
inetddir=${inetddir="/usr/lib/systemd/system"}
fi
- netdname=${inetdname="$PKG_NAME.socket"} ;; #(
+ netdname=${inetdname="$INIT_PROG.socket"} ;; #(
smf*) :
if test $init_type = smf10; then
inetddir=${inetddir="/var/svc/manifest/network/nagios"}
else
inetddir=${inetddir="/lib/svc/manifest/network/nagios"}
fi
- inetdname=${inetdname="$PKG_NAME.xml"} ;; #(
+ inetdname=${inetdname="$INIT_PROG.xml"} ;; #(
# [upstart],
# inetddir=${inetddir="/etc/init.d"}
-# inetdname=${inetdname="$PKG_NAME"},
+# inetdname=${inetdname="$INIT_PROG"},
launchd) :
inetddir=${inetddir="/Library/LaunchDaemons"}
- inetdname=${inetdname="org.nagios.$PKG_NAME.plist"} ;; #(
+ inetdname=${inetdname="org.nagios.$INIT_PROG.plist"} ;; #(
*) :
inetddir=${inetddir="unknown"}
inetdname=${inetdname="unknown"} ;; #(
@@ -3829,12 +3843,12 @@ case $init_type in #(
src_init=upstart-init
fi ;; #(
launchd) :
- src_init="mac-init.plist"
-
- * ;; #(
+ src_init="mac-init.plist" ;; #(
*) :
src_init="unknown"
- ;;
+ ;; #(
+ *) :
+ ;;
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $src_init" >&5
$as_echo "$src_init" >&6; }
@@ -3866,7 +3880,7 @@ $as_echo "$src_inetd" >&6; }
-if test "$dist_type" = solaris -a "$dist_ver" != smf11; then
+if test "$dist_type" = solaris -a "$dist_ver" = 10; then
$as_echo "#define SOLARIS_10 yes" >>confdefs.h
fi
@@ -7266,7 +7280,7 @@ fi
if test x$check_for_ssl = xyes; then
# need_dh should only be set for NRPE
- need_dh=yes
+ need_dh=no
# -------------------------------
@@ -7285,6 +7299,7 @@ SSL_LIB_DIR=
+
diff -up ./include/common.h.in.git_20170321 ./include/common.h.in
--- ./include/common.h.in.git_20170321 2016-09-08 12:18:58.000000000 -0400
+++ ./include/common.h.in 2017-03-21 15:59:04.854507118 -0400
@@ -23,8 +23,14 @@
#include "config.h"
+#define SSL_TYPE_@SSL_TYPE@
+
#ifdef HAVE_SSL
#include <@SSL_INC_PREFIX@@SSL_HDR@>
+# ifdef SSL_TYPE_openssl
+# include <@SSL_INC_PREFIX@err.h>
+# include <@SSL_INC_PREFIX@rand.h>
+# endif
#endif
#define PROGRAM_VERSION "3.0.1"
diff -up ./include/config.h.in.git_20170321 ./include/config.h.in
--- ./include/config.h.in.git_20170321 2016-09-08 12:18:58.000000000 -0400
+++ ./include/config.h.in 2017-03-21 15:59:04.854507118 -0400
@@ -28,30 +28,67 @@
#include <stdlib.h>
-#define DEFAULT_SERVER_PORT @nrpe_port@ /* default port to use */
+/* Default port for NRPE daemon */
+#undef DEFAULT_SERVER_PORT
-#define NRPE_LOG_FACILITY @log_facility@
+/* NRPE syslog facility */
+#undef NRPE_LOG_FACILITY
+/* Enable command-line arguments */
#undef ENABLE_COMMAND_ARGUMENTS
+
+/* Enable bash command substitution */
#undef ENABLE_BASH_COMMAND_SUBSTITUTION
+
+/* type to use in place of socklen_t if not defined */
#undef socklen_t
+
+/* Define to 1 if you have the `getopt_long' function. */
#undef HAVE_GETOPT_LONG
+
+/* Have the TCP wrappers library */
#undef HAVE_LIBWRAP
+
+/* Define to 1 if you have the ANSI C header files. */
#undef STDC_HEADERS
+
+/* Define to 1 if you have the `strdup' function. */
#undef HAVE_STRDUP
+
+/* Define to 1 if you have the `strstr' function. */
#undef HAVE_STRSTR
+
+/* Define to 1 if you have the `strtoul' function. */
#undef HAVE_STRTOUL
+
+/* Define to 1 if you have the `strtok_r' function. */
#undef HAVE_STRTOK_R
+
+/* Define to 1 if you have the `initgroups' function. */
#undef HAVE_INITGROUPS
+
+/* Define to 1 if you have the `closesocket' function. */
#undef HAVE_CLOSESOCKET
+
+/* Define to 1 if you have the `sigaction' function. */
#undef HAVE_SIGACTION
+
+/* Set to 1 if you have rfc931_timeout */
#undef HAVE_RFC931_TIMEOUT
+/* The size of `int', as computed by sizeof. */
#undef SIZEOF_INT
+
+/* The size of `short', as computed by sizeof. */
#undef SIZEOF_SHORT
+
+/* The size of `long', as computed by sizeof. */
#undef SIZEOF_LONG
-/* #undef const */
+/* Define to empty if `const' does not conform to ANSI C. */
+#undef const
+
+/* Set to 1 to use SSL DH */
#undef USE_SSL_DH
/* stupid stuff for u_int32_t */
@@ -91,71 +128,98 @@ typedef int int32_t;
/***** ASPRINTF() AND FRIENDS *****/
+/* Whether vsnprintf() is available */
#undef HAVE_VSNPRINTF
+/* Whether snprintf() is available */
#undef HAVE_SNPRINTF
+/* Whether aprintf() is available */
#undef HAVE_ASPRINTF
+/* Whether vaprintf() is available */
#undef HAVE_VASPRINTF
+/* Define if system has C99 compatible vsnprintf */
#undef HAVE_C99_VSNPRINTF
+
+/* Whether va_copy() is available */
#undef HAVE_VA_COPY
+
+/* Whether __va_copy() is available */
#undef HAVE___VA_COPY
-#define SOCKET_SIZE_TYPE ""
-#define GETGROUPS_T ""
-#define RETSIGTYPE ""
+/* Socket Size Type */
+#undef SOCKET_SIZE_TYPE
+
+/* Define to the type of elements in the array set by `getgroups'. Usually
+ this is either `int' or `gid_t'. */
+#undef GETGROUPS_T
+
+/* Define as the return type of signal handlers (`int' or `void'). */
+#undef RETSIGTYPE
+
+/* Define to 1 if the system has the type `struct sockaddr_storage'. */
#undef HAVE_STRUCT_SOCKADDR_STORAGE
/* Use seteuid() or setresuid() depending on the platform */
#undef SETEUID
-/* Is this a Solaris 10 machine? */
+/* Set to 1 if we are on Solaris 10 */
#undef SOLARIS_10
+/* Define to 1 if you have the <getopt.h> header file. */
#undef HAVE_GETOPT_H
#ifdef HAVE_GETOPT_H
#include <getopt.h>
#endif
+/* Define to 1 if you have the <strings.h> header file. */
#undef HAVE_STRINGS_H
-#undef HAVE_STRING_H
#ifdef HAVE_STRINGS_H
#include <strings.h>
#endif
-#ifdef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+#ifdef HAVE_STRING_H
#include <string.h>
#endif
+/* Define to 1 if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
-
+/* Define to 1 if you have the <signal.h> header file. */
#undef HAVE_SIGNAL_H
#ifdef HAVE_SIGNAL_H
#include <signal.h>
#endif
+/* Define to 1 if you have the <syslog.h> header file. */
#undef HAVE_SYSLOG_H
#ifdef HAVE_SYSLOG_H
#include <syslog.h>
#endif
+/* Define to 1 if you have the <sys/stat.h> header file. */
#undef HAVE_SYS_STAT_H
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
+/* Define to 1 if you have the <fcntl.h> header file. */
#undef HAVE_FCNTL_H
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
+/* Define to 1 if you have the <sys/types.h> header file. */
#undef HAVE_SYS_TYPES_H
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
+/* Define to 1 if you have the <sys/wait.h> header file. */
#undef HAVE_SYS_WAIT_H
#ifdef HAVE_SYS_WAIT_H
#include <sys/wait.h>
@@ -168,14 +232,18 @@ typedef int int32_t;
# define WIFEXITED(stat_val) (((stat_val) & 255) == 0)
#endif
+/* Define to 1 if you have the <errno.h> header file. */
#undef HAVE_ERRNO_H
#ifdef HAVE_ERRNO_H
#include <errno.h>
#endif
-/* needed for the time_t structures we use later... */
+/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
#undef TIME_WITH_SYS_TIME
+
+/* Define to 1 if you have the <sys/time.h> header file. */
#undef HAVE_SYS_TIME_H
+
#if TIME_WITH_SYS_TIME
# include <sys/time.h>
# include <time.h>
@@ -188,68 +256,81 @@ typedef int int32_t;
#endif
+/* Define to 1 if you have the <sys/socket.h> header file. */
#undef HAVE_SYS_SOCKET_H
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
-/* Define to 'int' if <sys/socket.h> does not define */
-#undef socklen_t
-
+/* Define to 1 if you have the <socket.h> header file. */
#undef HAVE_SOCKET_H
#ifdef HAVE_SOCKET_H
#include <socket.h>
#endif
+/* Define to 1 if you have the <tcpd.h> header file. */
#undef HAVE_TCPD_H
#ifdef HAVE_TCPD_H
#include <tcpd.h>
#endif
+/* Define to 1 if you have the <netinet/in.h> header file. */
#undef HAVE_NETINET_IN_H
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
+/* Define to 1 if you have the <arpa/inet.h> header file. */
#undef HAVE_ARPA_INET_H
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
+/* Define to 1 if you have the <netdb.h> header file. */
#undef HAVE_NETDB_H
#ifdef HAVE_NETDB_H
#include <netdb.h>
#endif
+/* Define to 1 if you have the <ctype.h> header file. */
#undef HAVE_CTYPE_H
#ifdef HAVE_CTYPE_H
#include <ctype.h>
#endif
+/* Define to 1 if you have the <pwd.h> header file. */
#undef HAVE_PWD_H
#ifdef HAVE_PWD_H
#include <pwd.h>
#endif
+/* Define to 1 if you have the <grp.h> header file. */
#undef HAVE_GRP_H
#ifdef HAVE_GRP_H
#include <grp.h>
#endif
+/* Define to 1 if you have the <dirent.h> header file. */
#undef HAVE_DIRENT_H
#ifdef HAVE_DIRENT_H
#include <dirent.h>
#endif
+/* Have SSL support */
#undef HAVE_SSL
+/* Have the krb5.h header file */
#undef HAVE_KRB5_H
#ifdef HAVE_KRB5_H
#include <krb5.h>
#endif
+/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
+
+/* Define to 1 if you have the <stdint.h> header file. */
#undef HAVE_STDINT_H
+
#ifdef HAVE_INTTYPES_H
#include <inttypes.h>
#else
@@ -258,4 +339,10 @@ typedef int int32_t;
#endif
#endif
+/* Define to 1 if you have the <paths.h> header file. */
+#undef HAVE_PATHS_H
+
+/* Define to 1 if you have the <sys/resource.h> header file. */
+#undef HAVE_SYS_RESOURCE_H
+
#endif
diff -up ./include/utils.h.git_20170321 ./include/utils.h
--- ./include/utils.h.git_20170321 2016-09-08 12:18:58.000000000 -0400
+++ ./include/utils.h 2017-03-21 15:59:04.854507118 -0400
@@ -49,7 +49,6 @@ char* strip(char*);
int sendall(int, char*, int*);
int recvall(int, char*, int*, int);
char *my_strsep(char**, const char*);
-int b64_decode(unsigned char *encoded);
void display_license(void);
#endif
diff -up ./macros/ax_nagios_get_distrib.git_20170321 ./macros/ax_nagios_get_distrib
--- ./macros/ax_nagios_get_distrib.git_20170321 2016-09-08 12:18:58.000000000 -0400
+++ ./macros/ax_nagios_get_distrib 2017-03-21 15:59:04.855507102 -0400
@@ -96,10 +96,12 @@ AC_SUBST(dist_ver)
[bsd],
dist_type=`uname -s | tr ["[A-Z]" "[a-z]"]`
dist_ver=`uname -r`,
- [aix|hp-ux],
- dist_ver=$OSTYPE,
+ [aix],
+ dist_ver="`uname -v`.`uname -r`",
+ [hp-ux],
+ dist_ver=`uname -r | cut -d'.' -f1-3`,
[solaris],
- dist_ver=`echo $OSTYPE | cut -d'.' -f2`,
+ dist_ver=`uname -r | cut -d'.' -f2`,
[*],
dist_ver=$OSTYPE
)
diff -up ./macros/ax_nagios_get_files.git_20170321 ./macros/ax_nagios_get_files
--- ./macros/ax_nagios_get_files.git_20170321 2016-09-08 12:18:58.000000000 -0400
+++ ./macros/ax_nagios_get_files 2017-03-21 15:59:04.855507102 -0400
@@ -97,7 +97,7 @@ AS_CASE([$init_type],
fi,
[launchd],
- src_init="mac-init.plist"
+ src_init="mac-init.plist",
[*],
src_init="unknown"
diff -up ./macros/ax_nagios_get_init.git_20170321 ./macros/ax_nagios_get_init
--- ./macros/ax_nagios_get_init.git_20170321 2016-09-08 12:18:58.000000000 -0400
+++ ./macros/ax_nagios_get_init 2017-03-21 15:59:04.855507102 -0400
@@ -119,14 +119,19 @@ AC_SUBST(init_type)
elif test "$dist_type" = "slackware"; then
init_type="bsd"
init_type_wanted=no
+ elif test "$dist_type" = "aix"; then
+ init_type="bsd"
+ init_type_wanted=no
+ elif test "$dist_type" = "hp-ux"; then
+ init_type="unknown"
+ init_type_wanted=no
fi
fi
PSCMD="ps -p1 -o args"
- AS_CASE([$dist_type],
- [aix], PSCMD="env UNIX95=1; ps -p1 -o args",
- [solaris], PSCMD="env UNIX95=1; ps -p1 -o args",
- [hp-ux], PSCMD="env UNIX95=1; ps -p1 -o args")
+ if test $dist_type = solaris; then
+ PSCMD="env UNIX95=1; ps -p1 -o args"
+ fi
if test "$init_type_wanted" = yes; then
pid1=`$PSCMD | grep -vi COMMAND | cut -d' ' -f1`
@@ -173,7 +178,7 @@ AC_SUBST(init_type)
if test "$init_type_wanted" = yes; then
if test "$pid1" = "/sbin/init" -o "$pid1" = "/usr/sbin/init"; then
- if `/sbin/init --version 2>/dev/null | grep "upstart" >/dev/null`; then
+ if `$pid1 --version 2>/dev/null | grep "upstart" >/dev/null`; then
init_type="upstart"
init_type_wanted=no
elif test -f "/etc/rc" -a ! -L "/etc/rc"; then
diff -up ./macros/ax_nagios_get_paths.git_20170321 ./macros/ax_nagios_get_paths
--- ./macros/ax_nagios_get_paths.git_20170321 2016-09-08 12:18:58.000000000 -0400
+++ ./macros/ax_nagios_get_paths 2017-03-21 15:59:04.856507086 -0400
@@ -119,16 +119,21 @@ AS_CASE([$dist_type],
[*solaris*|*hp-ux*|*aix*|*osx*], opsys=unix)
-need_cgi=no
-need_web=no
-need_brk=no
-need_plg=no
-need_pipe=no
-need_spl=no
-need_loc=no
-need_log_subdir=no
-need_etc_subdir=no
-need_pls_dir=no
+ # Does this package need to know:
+need_cgi=no # where the cgi-bin directory is
+need_web=no # where the website directory is
+need_brk=no # where the event broker modules directory is
+need_plg=no # where the plugins directory is
+need_pipe=no # where the pipe directory is
+need_spl=no # where the spool directory is
+need_loc=no # where the locale directory is
+need_log_subdir=no # where the loc sub-directory is
+need_etc_subdir=no # where the etc sub-directory is
+need_pls_dir=no # where the package locate state directory is
+
+if test x"$INIT_PROG" = x; then
+ INIT_PROG="$PKG_NAME"
+fi
AS_CASE([$PKG_NAME],
[nagios],
@@ -143,6 +148,7 @@ AS_CASE([$PKG_NAME],
need_web=yes,
[ndoutils],
+ need_brk=yes
need_spl=yes,
[nrpe],
@@ -284,14 +290,14 @@ tmpfilesd=${tmpfilesd="/usr/lib/tmpfiles
if test ! -d "$tmpfilesd"; then
tmpfilesd="N/A"
else
- tmpfilesd="$tmpfilesd/$PKG_NAME.conf"
+ tmpfilesd="$tmpfilesd/$INIT_PROG.conf"
fi
subsyslockdir=${subsyslockdir="/var/lock/subsys"}
if test ! -d "$subsyslockdir"; then
subsyslockdir="N/A"
subsyslockfile="N/A"
else
- subsyslockfile="$subsyslockdir/$PKG_NAME"
+ subsyslockfile="$subsyslockdir/$INIT_PROG"
fi
if test "$need_loc" = no; then
localedir="N/A"
@@ -372,23 +378,23 @@ elif test $opsys = "linux"; then
fi
privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
if test $need_log_subdir = yes; then
- logdir=${logdir="$localstatedir/log/$PKG_NAME"}
+ logdir=${logdir="$localstatedir/log/$INIT_PROG"}
else
logdir=${logdir="$localstatedir/log"}
fi
- piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
+ piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
if test "$need_pipe" = yes; then
- pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
+ pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
else
pipedir="N/A"
fi
if test "$need_pls_dir" = yes; then
- pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
+ pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
else
pkglocalstatedir="N/A"
fi
if test "$need_spl" = yes; then
- spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
+ spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
else
spooldir="N/A"
fi
@@ -437,7 +443,7 @@ elif test $opsys = "unix"; then
fi
privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
if test "$need_pls_dir" = yes; then
- pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
+ pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
else
pkglocalstatedir="N/A"
fi
@@ -445,7 +451,7 @@ elif test $opsys = "unix"; then
localedir=${localedir="/usr/local/share/locale/<lang>/LC_MESSAGES/nagios-plugins.mo"}
fi
if test "$need_spl" = yes; then
- spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
+ spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
else
spooldir="N/A"
fi
@@ -471,14 +477,14 @@ elif test $opsys = "unix"; then
logdir=${logdir="$pkglocalstatedir/log"},
[*],
- piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
+ piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
if test "$need_pipe" = yes; then
- pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
+ pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
else
pipedir="N/A"
fi
if test $need_log_subdir = yes; then
- logdir=${logdir="$localstatedir/log/$PKG_NAME"}
+ logdir=${logdir="$localstatedir/log/$INIT_PROG"}
else
logdir=${logdir="$localstatedir/log"}
fi
@@ -528,7 +534,7 @@ elif test $opsys = "bsd"; then
fi
privatesysconfdir=${privatesysconfdir="$pkgsysconfdir/private"}
if test "$need_pls_dir" = yes; then
- pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$PKG_NAME"}
+ pkglocalstatedir=${pkglocalstatedir="$localstatedir/lib/$INIT_PROG"}
else
pkglocalstatedir="N/A"
fi
@@ -536,7 +542,7 @@ elif test $opsys = "bsd"; then
localedir=${localedir="/usr/local/share/locale/<lang>/LC_MESSAGES/nagios-plugins.mo"}
fi
if test "$need_spl" = yes; then
- spooldir=${spooldir="$localstatedir/spool/$PKG_NAME"}
+ spooldir=${spooldir="$localstatedir/spool/$INIT_PROG"}
else
spooldir="N/A"
fi
@@ -561,14 +567,14 @@ elif test $opsys = "bsd"; then
else
cgibindir="N/A"
fi
- piddir=${piddir="$localstatedir/run/${PKG_NAME}"}
+ piddir=${piddir="$localstatedir/run/${INIT_PROG}"}
if test "$need_pipe" = yes; then
- pipedir=${pipedir="$localstatedir/run/${PKG_NAME}"}
+ pipedir=${pipedir="$localstatedir/run/${INIT_PROG}"}
else
pipedir="N/A"
fi
if test $need_log_subdir = yes; then
- logdir=${logdir="$localstatedir/log/$PKG_NAME"}
+ logdir=${logdir="$localstatedir/log/$INIT_PROG"}
else
logdir=${logdir="$localstatedir/log"}
fi
@@ -604,6 +610,7 @@ eval libexecdir=$libexecdir
eval brokersdir=$brokersdir
eval pluginsdir=$pluginsdir
eval cgibindir=$cgibindir
+eval localstatedir=$localstatedir
eval pkglocalstatedir=$pkglocalstatedir
eval webdir=$webdir
eval localedir=$localedir
@@ -622,9 +629,9 @@ AS_CASE([$init_type],
else
initdir=${initdir="/etc/init.d"}
fi
- initname=${initname="$PKG_NAME"}
+ initname=${initname="$INIT_PROG"}
initconfdir=${initconfdir="/etc/conf.d"}
- initconf=${initconf="$initconfdir/$PKG_NAME"},
+ initconf=${initconf="$initconfdir/$INIT_PROG"},
[systemd],
if test $dist_type = "debian"; then
@@ -632,27 +639,32 @@ AS_CASE([$init_type],
else
initdir=${initdir="/usr/lib/systemd/system"}
fi
- initname=${initname="$PKG_NAME.service"},
+ initname=${initname="$INIT_PROG.service"},
[bsd],
- initdir=${initdir="/etc/rc.d"}
- initname=${initname="rc.$PKG_NAME"},
+ if test $dist_type = "aix"; then
+ initdir=${initdir="/sbin/rc.d/init.d"}
+ initname=${initname="$INIT_PROG"}
+ else
+ initdir=${initdir="/etc/rc.d"}
+ initname=${initname="rc.$INIT_PROG"}
+ fi,
[newbsd],
initdir=${initdir="/etc/rc.d"}
- initname=${initname="$PKG_NAME"},
+ initname=${initname="$INIT_PROG"},
[gentoo],
initdir=${initdir="/etc/init.d"}
- initname=${initname="$PKG_NAME"}
+ initname=${initname="$INIT_PROG"}
initconfdir=${initconfdir="/etc/init.d"}
- initconf=${initconf="$initconfdir/$PKG_NAME"},
+ initconf=${initconf="$initconfdir/$INIT_PROG"},
[openrc],
initdir=${initdir="/etc/init.d"}
- initname=${initname="$PKG_NAME"}
+ initname=${initname="$INIT_PROG"}
initconfdir=${initconfdir="/etc/conf.d"}
- initconf=${initconf="$initconfdir/$PKG_NAME"},
+ initconf=${initconf="$initconfdir/$INIT_PROG"},
[smf*],
if test $init_type = smf10; then
@@ -660,21 +672,21 @@ AS_CASE([$init_type],
else
initdir=${initdir="/lib/svc/manifest/network/nagios"}
fi
- initname=${initname="$PKG_NAME.xml"}
+ initname=${initname="$INIT_PROG.xml"}
initconfdir=unknown
initconf=unknown,
[upstart],
initdir=${initdir="/etc/init"}
- initname=${initname="$PKG_NAME.conf"}
+ initname=${initname="$INIT_PROG.conf"}
initconfdir=${initconfdir="/etc/default"}
- initconf=${initconf="$initconfdir/$PKG_NAME"},
+ initconf=${initconf="$initconfdir/$INIT_PROG"},
[launchd],
initdir=${initdir="/Library/LaunchDaemons"}
- initname=${initname="org.nagios.$PKG_NAME.plist"},
+ initname=${initname="org.nagios.$INIT_PROG.plist"},
# initconfdir=${initconfdir="/private/etc"}
-# initconf=${initconf="$initconfdir/$PKG_NAME"},
+# initconf=${initconf="$initconfdir/$INIT_PROG"},
[*],
@@ -691,7 +703,7 @@ AS_CASE([$inetd_type],
[xinetd],
inetddir=${inetddir="/etc/xinetd.d"}
- inetdname=${inetdname="$PKG_NAME"},
+ inetdname=${inetdname="$INIT_PROG"},
[systemd],
if test $dist_type = "debian"; then
@@ -699,7 +711,7 @@ AS_CASE([$inetd_type],
else
inetddir=${inetddir="/usr/lib/systemd/system"}
fi
- netdname=${inetdname="$PKG_NAME.socket"},
+ netdname=${inetdname="$INIT_PROG.socket"},
[smf*],
if test $init_type = smf10; then
@@ -707,15 +719,15 @@ AS_CASE([$inetd_type],
else
inetddir=${inetddir="/lib/svc/manifest/network/nagios"}
fi
- inetdname=${inetdname="$PKG_NAME.xml"},
+ inetdname=${inetdname="$INIT_PROG.xml"},
# [upstart],
# inetddir=${inetddir="/etc/init.d"}
-# inetdname=${inetdname="$PKG_NAME"},
+# inetdname=${inetdname="$INIT_PROG"},
[launchd],
inetddir=${inetddir="/Library/LaunchDaemons"}
- inetdname=${inetdname="org.nagios.$PKG_NAME.plist"},
+ inetdname=${inetdname="org.nagios.$INIT_PROG.plist"},
[*],
inetddir=${inetddir="unknown"}
diff -up ./macros/ax_nagios_get_ssl.git_20170321 ./macros/ax_nagios_get_ssl
--- ./macros/ax_nagios_get_ssl.git_20170321 2016-09-08 12:18:58.000000000 -0400
+++ ./macros/ax_nagios_get_ssl 2017-03-21 15:59:04.856507086 -0400
@@ -59,6 +59,7 @@ SSL_HDR=
SSL_LIB_DIR=
AC_SUBST(HAVE_SSL)
+AC_SUBST(SSL_TYPE)
AC_SUBST(SSL_INC_DIR)
AC_SUBST(SSL_HDR)
AC_SUBST(SSL_INC_PREFIX)
diff -up ./sample-config/nrpe.cfg.in.git_20170321 ./sample-config/nrpe.cfg.in
--- ./sample-config/nrpe.cfg.in.git_20170321 2016-09-08 12:18:58.000000000 -0400
+++ ./sample-config/nrpe.cfg.in 2017-03-21 15:59:04.856507086 -0400
@@ -285,7 +285,7 @@ connection_timeout=300
# The following examples use hardcoded command arguments...
command[check_users]=@pluginsdir@/check_users -w 5 -c 10
-command[check_load]=@pluginsdir@/check_load -w 15,10,5 -c 30,25,20
+command[check_load]=@pluginsdir@/check_load -r -w .15,.10,.05 -c .30,.25,.20
command[check_hda1]=@pluginsdir@/check_disk -w 20% -c 10% -p /dev/hda1
command[check_zombie_procs]=@pluginsdir@/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=@pluginsdir@/check_procs -w 150 -c 200
diff -up ./src/acl.c.git_20170321 ./src/acl.c
--- ./src/acl.c.git_20170321 2016-09-08 12:18:58.000000000 -0400
+++ ./src/acl.c 2017-03-21 15:59:04.856507086 -0400
@@ -29,6 +29,7 @@
*/
#include "../include/config.h"
+#include "../include/common.h"
#include <sys/types.h>
#include <sys/socket.h>
@@ -46,6 +47,8 @@
#include "../include/acl.h"
+extern int debug;
+
/* This function checks if a char argumnet from valid char range.
* Valid range is: ASCII only, a number or a letter, a space, a dot, a slash, a dash, a comma.
*
@@ -76,16 +79,12 @@ int isvalidchar(int c) {
switch (c) {
case '.':
return 4;
- break;
case '/':
return 5;
- break;
case '-':
return 6;
- break;
case ',':
return 7;
- break;
default:
return 0;
}
@@ -142,18 +141,27 @@ int add_ipv4_to_acl(char *ipv4) {
unsigned long ip, mask;
struct ip_acl *ip_acl_curr;
+ if(debug == TRUE)
+ syslog(LOG_INFO, "add_ipv4_to_acl: checking ip-address >%s<", ipv4);
+
/* Check for min and max IPv4 valid length */
- if (len < 7 || len > 18)
- return 0;
+ if (len < 7 || len > 18) {
+ syslog(LOG_INFO, "add_ipv4_to_acl: Error, ip-address >%s< incorrect length", ipv4);
+ return 0;
+ }
/* default mask for ipv4 */
data[4] = 32;
/* Basic IPv4 format check */
for (i = 0; i < len; i++) {
- /* Return 0 on error state */
- if (state == -1)
- return 0;
+ /* Return 0 on error state */
+ if (state == -1) {
+ if(debug == TRUE)
+ syslog(LOG_INFO, "add_ipv4_to_acl: Error, ip-address >%s< incorrect "
+ "format, continue with next check ...", ipv4);
+ return 0;
+ }
c = ipv4[i];
@@ -201,6 +209,7 @@ int add_ipv4_to_acl(char *ipv4) {
break;
default:
/* Bad states */
+ syslog(LOG_INFO, "add_ipv4_to_acl: Error, ip-address >%s< bad state", ipv4);
return 0;
}
@@ -247,6 +256,10 @@ int add_ipv4_to_acl(char *ipv4) {
ip_acl_prev->next = ip_acl_curr;
}
ip_acl_prev = ip_acl_curr;
+
+ if(debug == TRUE)
+ syslog(LOG_INFO, "add_ipv4_to_acl: ip-address >%s< correct, adding.", ipv4);
+
return 1;
}
@@ -387,8 +400,12 @@ int add_domain_to_acl(char *domain) {
struct dns_acl *dns_acl_curr;
- if (len > 63)
+ if (len > 63) {
+ syslog(LOG_INFO,
+ "ADD_DOMAIN_TO_ACL: Error, did not add >%s< to acl list, too long!",
+ domain);
return 0;
+ }
for (i = 0; i < len; i++) {
c = domain[i];
@@ -426,7 +443,10 @@ int add_domain_to_acl(char *domain) {
}
break;
default:
- /* Not valid chars */
+ syslog(LOG_INFO,
+ "ADD_DOMAIN_TO_ACL: Error, did not add >%s< to acl list, "
+ "invalid chars!", domain);
+ /* Not valid chars */
return 0;
}
}
@@ -448,8 +468,13 @@ int add_domain_to_acl(char *domain) {
dns_acl_prev->next = dns_acl_curr;
dns_acl_prev = dns_acl_curr;
+ if(debug == TRUE)
+ syslog(LOG_INFO, "ADD_DOMAIN_TO_ACL: added >%s< to acl list!", domain);
return 1;
default:
+ syslog(LOG_INFO,
+ "ADD_DOMAIN_TO_ACL: ERROR, did not add >%s< to acl list, "
+ "check allowed_host in config file!", domain);
return 0;
}
}
@@ -470,14 +495,23 @@ int is_an_allowed_host(int family, void
struct sockaddr_in *addr;
struct sockaddr_in6 addr6;
struct addrinfo *res, *ai;
+ struct in_addr tmp;
while (ip_acl_curr != NULL) {
if(ip_acl_curr->family == family) {
switch(ip_acl_curr->family) {
case AF_INET:
+ if (debug == TRUE) {
+ tmp.s_addr = ((struct in_addr*)host)->s_addr;
+ syslog(LOG_INFO, "is_an_allowed_host (AF_INET): is host >%s< "
+ "an allowed host >%s<\n",
+ inet_ntoa(tmp), inet_ntoa(ip_acl_curr->addr));
+ }
if((((struct in_addr *)host)->s_addr &
ip_acl_curr->mask.s_addr) ==
ip_acl_curr->addr.s_addr) {
+ if (debug == TRUE)
+ syslog(LOG_INFO, "is_an_allowed_host (AF_INET): host is in allowed host list!");
return 1;
}
break;
@@ -509,9 +543,20 @@ int is_an_allowed_host(int family, void
switch(ai->ai_family) {
case AF_INET:
+ if(debug == TRUE) {
+ tmp.s_addr=((struct in_addr *)host)->s_addr;
+ syslog(LOG_INFO, "is_an_allowed_host (AF_INET): is host >%s< "
+ "an allowed host >%s<\n",
+ inet_ntoa(tmp), dns_acl_curr->domain);
+ }
+
addr = (struct sockaddr_in*)(ai->ai_addr);
- if (addr->sin_addr.s_addr == ((struct in_addr*)host)->s_addr)
+ if (addr->sin_addr.s_addr == ((struct in_addr*)host)->s_addr) {
+ if (debug == TRUE)
+ syslog(LOG_INFO, "is_an_allowed_host (AF_INET): "
+ "host is in allowed host list!");
return 1;
+ }
break;
case AF_INET6:
@@ -559,19 +604,30 @@ void parse_allowed_hosts(char *allowed_h
const char *delim = ",";
char *trimmed_tok;
+ if (debug == TRUE)
+ syslog(LOG_INFO,
+ "parse_allowed_hosts: parsing the allowed host string >%s< to add to ACL list\n",
+ allowed_hosts);
+
#ifdef HAVE_STRTOK_R
tok = strtok_r(hosts, delim, &saveptr);
#else
+ if (debug == TRUE)
+ syslog(LOG_INFO,"parse_allowed_hosts: using strtok, this might lead to "
+ "problems in the allowed_hosts string determination!\n");
tok = strtok(hosts, delim);
#endif
while( tok) {
trimmed_tok = malloc( sizeof( char) * ( strlen( tok) + 1));
trim( tok, trimmed_tok);
+ if(debug == TRUE)
+ syslog(LOG_DEBUG, "parse_allowed_hosts: ADDING this record (%s) to ACL list!\n", trimmed_tok);
if( strlen( trimmed_tok) > 0) {
if (!add_ipv4_to_acl(trimmed_tok) && !add_ipv6_to_acl(trimmed_tok)
&& !add_domain_to_acl(trimmed_tok)) {
syslog(LOG_ERR,"Can't add to ACL this record (%s). Check allowed_hosts option!\n",trimmed_tok);
- }
+ } else if (debug == TRUE)
+ syslog(LOG_DEBUG,"parse_allowed_hosts: Record added to ACL list!\n");
}
free( trimmed_tok);
#ifdef HAVE_STRTOK_R
@@ -606,17 +662,21 @@ unsigned int prefix_from_mask(struct in_
* It shows all hosts in ACL lists
*/
-void show_acl_lists(void) {
- struct ip_acl *ip_acl_curr = ip_acl_head;
- struct dns_acl *dns_acl_curr = dns_acl_head;
-
- while (ip_acl_curr != NULL) {
- printf(" IP ACL: %s/%u %u\n", inet_ntoa(ip_acl_curr->addr), prefix_from_mask(ip_acl_curr->mask), ip_acl_curr->addr.s_addr);
- ip_acl_curr = ip_acl_curr->next;
- }
+void show_acl_lists(void)
+{
+ struct ip_acl *ip_acl_curr = ip_acl_head;
+ struct dns_acl *dns_acl_curr = dns_acl_head;
- while (dns_acl_curr != NULL) {
- printf("DNS ACL: %s\n", dns_acl_curr->domain);
- dns_acl_curr = dns_acl_curr->next;
- }
+ syslog(LOG_INFO, "Showing ACL lists for both IP and DOMAIN acl's:\n" );
+
+ while (ip_acl_curr != NULL) {
+ syslog(LOG_INFO, " IP ACL: %s/%u %u\n", inet_ntoa(ip_acl_curr->addr),
+ prefix_from_mask(ip_acl_curr->mask), ip_acl_curr->addr.s_addr);
+ ip_acl_curr = ip_acl_curr->next;
+ }
+
+ while (dns_acl_curr != NULL) {
+ syslog(LOG_INFO, " DNS ACL: %s\n", dns_acl_curr->domain);
+ dns_acl_curr = dns_acl_curr->next;
+ }
}
diff -up ./src/check_nrpe.c.git_20170321 ./src/check_nrpe.c
--- ./src/check_nrpe.c.git_20170321 2016-09-08 12:18:58.000000000 -0400
+++ ./src/check_nrpe.c 2017-03-21 15:59:04.857507070 -0400
@@ -46,6 +46,7 @@ int show_help = FALSE;
int show_license = FALSE;
int show_version = FALSE;
int packet_ver = NRPE_PACKET_VERSION_3;
+int force_v2_packet = 0;
int payload_size = 0;
#ifdef HAVE_SSL
@@ -57,7 +58,7 @@ const SSL_METHOD *meth;
SSL_CTX *ctx;
SSL *ssl;
int use_ssl = TRUE;
-int ssl_opts = SSL_OP_ALL;
+unsigned long ssl_opts = SSL_OP_ALL;
#else
int use_ssl = FALSE;
#endif
@@ -149,7 +150,7 @@ int main(int argc, char **argv)
if (result == -1) {
/* Failure reading from remote, so try version 2 packet */
- syslog(LOG_NOTICE, "Remote %s does not support Version 3 Packets", rem_host);
+ syslog(LOG_INFO, "Remote %s does not support Version 3 Packets", rem_host);
packet_ver = NRPE_PACKET_VERSION_2;
/* Rerun the setup */
@@ -168,8 +169,8 @@ int main(int argc, char **argv)
result = read_response(); /* Get the response */
}
- if (result != -1)
- syslog(LOG_NOTICE, "Remote %s accepted a Version %d Packet", rem_host, packet_ver);
+ if (result != -1 && force_v2_packet == 0 && packet_ver == NRPE_PACKET_VERSION_2)
+ syslog(LOG_DEBUG, "Remote %s accepted a Version %d Packet", rem_host, packet_ver);
return result;
}
@@ -220,12 +221,14 @@ int process_arguments(int argc, char **a
snprintf(optchars, MAX_INPUT_BUFFER, "H:f:b:c:a:t:p:S:L:C:K:A:d:s:P:246hlnuV");
while (1) {
+ if (argindex > 0)
+ break;
#ifdef HAVE_GETOPT_LONG
c = getopt_long(argc, argv, optchars, long_options, &option_index);
#else
c = getopt(argc, argv, optchars);
#endif
- if (c == -1 || c == EOF || argindex > 0)
+ if (c == -1 || c == EOF)
break;
/* process all arguments */
@@ -302,7 +305,6 @@ int process_arguments(int argc, char **a
if (from_config_file) {
printf("Error: The config file should not have a command (-c) option.\n");
return ERROR;
- break;
}
command_name = strdup(optarg);
break;
@@ -311,7 +313,6 @@ int process_arguments(int argc, char **a
if (from_config_file) {
printf("Error: The config file should not have args (-a) arguments.\n");
return ERROR;
- break;
}
argindex = optind;
break;
@@ -336,6 +337,7 @@ int process_arguments(int argc, char **a
break;
}
packet_ver = NRPE_PACKET_VERSION_2;
+ force_v2_packet = 1;
break;
case '4':
@@ -448,17 +450,18 @@ int process_arguments(int argc, char **a
default:
return ERROR;
- break;
}
}
/* determine (base) command query */
- snprintf(query, sizeof(query), "%s",
- (command_name == NULL) ? DEFAULT_NRPE_COMMAND : command_name);
- query[sizeof(query) - 1] = '\x0';
+ if (!from_config_file) {
+ snprintf(query, sizeof(query), "%s",
+ (command_name == NULL) ? DEFAULT_NRPE_COMMAND : command_name);
+ query[sizeof(query) - 1] = '\x0';
+ }
/* get the command args */
- if (argindex > 0) {
+ if (!from_config_file && argindex > 0) {
for (c = argindex - 1; c < argc; c++) {
@@ -471,7 +474,6 @@ int process_arguments(int argc, char **a
query[sizeof(query) - 1] = '\x0';
}
}
-
if (!from_config_file && config_file != NULL) {
if ((rc = read_config_file(config_file)) != OK)
return rc;
@@ -803,10 +805,23 @@ void setup_ssl()
exit(STATE_CRITICAL);
}
- if (sslprm.ssl_min_ver >= SSLv3) {
- ssl_opts |= SSL_OP_NO_SSLv2;
- if (sslprm.ssl_min_ver >= TLSv1)
+ switch(sslprm.ssl_min_ver) {
+ case SSLv2:
+ case SSLv2_plus:
+ break;
+ case TLSv1_2:
+ case TLSv1_2_plus:
+ ssl_opts |= SSL_OP_NO_TLSv1_1;
+ case TLSv1_1:
+ case TLSv1_1_plus:
+ ssl_opts |= SSL_OP_NO_TLSv1;
+ case TLSv1:
+ case TLSv1_plus:
ssl_opts |= SSL_OP_NO_SSLv3;
+ case SSLv3:
+ case SSLv3_plus:
+ ssl_opts |= SSL_OP_NO_SSLv2;
+ break;
}
SSL_CTX_set_options(ctx, ssl_opts);
diff -up ./src/nrpe.c.git_20170321 ./src/nrpe.c
--- ./src/nrpe.c.git_20170321 2016-09-08 12:18:58.000000000 -0400
+++ ./src/nrpe.c 2017-03-21 15:59:04.857507070 -0400
@@ -235,10 +235,10 @@ int init(void)
void init_ssl(void)
{
#ifdef HAVE_SSL
- DH *dh;
- char seedfile[FILENAME_MAX];
- int i, c, x;
- int ssl_opts = SSL_OP_ALL | SSL_OP_SINGLE_DH_USE, vrfy;
+ DH *dh;
+ char seedfile[FILENAME_MAX];
+ int i, c, x, vrfy;
+ unsigned long ssl_opts = SSL_OP_ALL | SSL_OP_SINGLE_DH_USE;
if (use_ssl == FALSE) {
if (debug == TRUE)
@@ -304,19 +304,35 @@ void init_ssl(void)
exit(STATE_CRITICAL);
}
- if (sslprm.ssl_min_ver >= SSLv3) {
- ssl_opts |= SSL_OP_NO_SSLv2;
- if (sslprm.ssl_min_ver >= TLSv1)
+ switch(sslprm.ssl_min_ver) {
+ case SSLv2:
+ case SSLv2_plus:
+ break;
+ case TLSv1_2:
+ case TLSv1_2_plus:
+ ssl_opts |= SSL_OP_NO_TLSv1_1;
+ case TLSv1_1:
+ case TLSv1_1_plus:
+ ssl_opts |= SSL_OP_NO_TLSv1;
+ case TLSv1:
+ case TLSv1_plus:
ssl_opts |= SSL_OP_NO_SSLv3;
+ case SSLv3:
+ case SSLv3_plus:
+ ssl_opts |= SSL_OP_NO_SSLv2;
+ break;
}
SSL_CTX_set_options(ctx, ssl_opts);
if (sslprm.cert_file != NULL) {
+ char errstr[120] = { "" };
if (!SSL_CTX_use_certificate_file(ctx, sslprm.cert_file, SSL_FILETYPE_PEM)) {
SSL_CTX_free(ctx);
- while ((x = ERR_get_error()) != 0)
+ while ((x = ERR_get_error()) != 0) {
+ ERR_error_string(x, errstr);
syslog(LOG_ERR, "Error: could not use certificate file %s : %s",
- sslprm.cert_file, ERR_error_string(x, NULL));
+ sslprm.cert_file, errstr);
+ }
exit(STATE_CRITICAL);
}
if (!SSL_CTX_use_PrivateKey_file(ctx, sslprm.privatekey_file, SSL_FILETYPE_PEM)) {
@@ -724,6 +740,8 @@ int read_config_file(char *filename)
} else if (!strcmp(varname, "allowed_hosts")) {
allowed_hosts = strdup(varvalue);
parse_allowed_hosts(allowed_hosts);
+ if (debug == TRUE)
+ show_acl_lists();
} else if (strstr(input_line, "command[")) {
temp_buffer = strtok(varname, "[");
@@ -1220,12 +1238,21 @@ void wait_for_connections(void)
void setup_wait_conn(void)
{
struct addrinfo *ai;
+ char addrstr[100];
+ void *ptr;
add_listen_addr(&listen_addrs, address_family,
(strcmp(server_address, "") == 0) ? NULL : server_address, server_port);
- for (ai = listen_addrs; ai; ai = ai->ai_next)
+ for (ai = listen_addrs; ai; ai = ai->ai_next) {
+ if (debug == TRUE) {
+ inet_ntop (ai->ai_family, ai->ai_addr->sa_data, addrstr, 100);
+ ptr = &((struct sockaddr_in *) ai->ai_addr)->sin_addr;
+ inet_ntop (ai->ai_family, ptr, addrstr, 100);
+ syslog(LOG_INFO, "SETUP_WAIT_CONN FOR: IPv4 address: %s (%s)\n", addrstr, ai->ai_canonname);
+ }
create_listener(ai);
+ }
if (!num_listen_socks) {
syslog(LOG_ERR, "Cannot bind to any address.");
@@ -1372,6 +1399,9 @@ void conn_check_peer(int sock)
break;
}
+ if (debug == TRUE)
+ syslog(LOG_INFO, "CONN_CHECK_PEER: is this a blessed machine: %s port %d\n",
+ remote_host, nptr->sin_port);
/* is this is a blessed machine? */
if (allowed_hosts) {
@@ -2111,7 +2141,7 @@ int my_system(char *command, int timeout
break;
}
if (tot_bytes < output_size) /* If buffer is full, discard the rest */
- strncat(*output, buffer, output_size - tot_bytes);
+ strncat(*output, buffer, output_size - tot_bytes - 1);
tot_bytes += bytes_read;
}
@@ -2153,8 +2183,8 @@ void my_connection_sighandler(int sig)
/* drops privileges */
int drop_privileges(char *user, char *group, int full_drop)
{
- uid_t uid = -1;
- gid_t gid = -1;
+ uid_t uid = (uid_t)-1;
+ gid_t gid = (gid_t)-1;
struct group *grp;
struct passwd *pw;
@@ -2382,7 +2412,6 @@ void sighandler(int sig)
void child_sighandler(int sig)
{
exit(0); /* terminate */
- return; /* so the compiler doesn't complain... */
}
/* tests whether or not a client request is valid */
@@ -2680,7 +2709,6 @@ int process_arguments(int argc, char **a
default:
return ERROR;
- break;
}
}
diff -up ./src/utils.c.git_20170321 ./src/utils.c
--- ./src/utils.c.git_20170321 2016-09-08 12:18:58.000000000 -0400
+++ ./src/utils.c 2017-03-21 15:59:04.858507054 -0400
@@ -31,6 +31,9 @@
#include "../include/common.h"
#include "../include/utils.h"
+#ifdef HAVE_PATHS_H
+#include <paths.h>
+#endif
#ifndef HAVE_ASPRINTF
extern int asprintf(char **ptr, const char *format, ...);
@@ -242,7 +245,7 @@ void add_listen_addr(struct addrinfo **l
int clean_environ(const char *keep_env_vars, const char *nrpe_user)
{
-#ifdef HAVE_PATHS_H
+#if defined(HAVE_PATHS_H) && defined(_PATH_STDPATH)
static char *path = _PATH_STDPATH;
#else
static char *path = "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin";
@@ -450,55 +453,6 @@ char *my_strsep(char **stringp, const ch
return begin;
}
-int b64_decode(unsigned char *encoded)
-{
- static const char *b64 = {
- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
- };
- int i, j, l, padding = 0;
- unsigned char c[4], *outp = encoded;
-
- union {
- unsigned c3;
- struct {
- unsigned f1:6;
- unsigned f2:6;
- unsigned f3:6;
- unsigned f4:6;
- } fields;
- } enc;
-
- enc.c3 = 0;
- l = strlen((char *)encoded);
- for (i = 0; i < l; i += 4) {
- for (j = 0; j < 4; ++j) {
- if (encoded[i + j] == '=') {
- c[j] = 0;
- ++padding;
- } else if (encoded[i + j] >= 'A' && encoded[i + j] <= 'Z')
- c[j] = encoded[i + j] - 'A';
- else if (encoded[i + j] >= 'a' && encoded[i + j] <= 'z')
- c[j] = encoded[i + j] - 'a' + 26;
- else if (encoded[i + j] >= '0' && encoded[i + j] <= '9')
- c[j] = encoded[i + j] - '0' + 52;
- else if (encoded[i + j] == '+')
- c[j] = encoded[i + j] - '+' + 62;
- else
- c[j] = encoded[i + j] - '/' + 63;
- }
- enc.fields.f1 = c[3];
- enc.fields.f2 = c[2];
- enc.fields.f3 = c[1];
- enc.fields.f4 = c[0];
- *outp++ = (enc.c3 >> 16) & 0xff;
- *outp++ = (enc.c3 >> 8) & 0xff;
- *outp++ = (enc.c3) & 0xff;
- }
- *outp = '\0';
-
- return outp - encoded - padding;
-}
-
/* show license */
void display_license(void)
{
diff -up ./update-version.git_20170321 ./update-version
--- ./update-version.git_20170321 2016-09-08 12:18:58.000000000 -0400
+++ ./update-version 2017-03-21 15:59:04.858507054 -0400
@@ -20,18 +20,18 @@ fi
# Get date (two formats)
if [ -n "$2" ]; then
- LONGDATE=`date -d "$2" "+%B %d, %Y"`
- SHORTDATE=`date -d "$2" "+%m-%d-%Y"`
+ LONGDATE=$(LC_ALL=C date -u -d "$2" "+%B %d, %Y")
+ SHORTDATE=$(date -u -d "$2" "+%Y-%m-%d")
else
- LONGDATE=`date "+%B %d, %Y"`
- SHORTDATE=`date "+%m-%d-%Y"`
+ LONGDATE=$(LC_ALL=C date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" "+%B %d, %Y")
+ SHORTDATE=$(date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" "+%Y-%m-%d")
fi
# Current version number
CURRENTVERSION=3.0.1
# Last date
-LASTDATE=09-08-2016
+LASTDATE=2016-09-08
if [ "x$1" = "x" ]
then