Mailinglist Archive: opensuse-commit (554 mails)

< Previous Next >
commit nagios-nsca
  • From: root@xxxxxxx (h_root)
  • Date: Thu, 7 Dec 2006 21:11:11 +0100 (CET)
  • Message-id: <20061207201111.536411AA28B@xxxxxxxxxxxxxxx>

Hello community,

here is the log from the commit of package nagios-nsca
checked in at Thu Dec 7 21:11:11 CET 2006.

--------
--- nagios-nsca/nagios-nsca.changes 2006-10-10 11:57:54.000000000 +0200
+++ /mounts/work_src_done/STABLE/nagios-nsca/nagios-nsca.changes 2006-12-01 13:12:16.000000000 +0100
@@ -1,0 +2,14 @@
+Fri Dec 1 12:59:22 CET 2006 - tsieden@xxxxxxx
+
+- update to version 2.6
+ * spec file fix
+ * segfault fix in encryption library cleanup
+ * daemon now exits with an error if it can't drop privileges
+ * added chroot support (Sean Finney)
+ * added support for writing a PID file
+ * added support for reloading config files with SIGHUP
+ * removed obsolete patches which are included in upstream now
+
+- fix NscaBin location in init script
+
+-------------------------------------------------------------------

Old:
----
nagios-nsca.encrypt-cleanup.patch
nsca-2.5.tar.bz2

New:
----
nsca-2.6.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ nagios-nsca.spec ++++++
--- /var/tmp/diff_new_pack.S89hBv/_old 2006-12-07 21:10:47.000000000 +0100
+++ /var/tmp/diff_new_pack.S89hBv/_new 2006-12-07 21:10:47.000000000 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package nagios-nsca (Version 2.5)
+# spec file for package nagios-nsca (Version 2.6)
#
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -13,10 +13,10 @@
Name: nagios-nsca
BuildRequires: libmcrypt-devel nagios tcpd-devel
Summary: The Nagios Service Check Acceptor
-Version: 2.5
-Release: 20
+Version: 2.6
+Release: 1
URL: http://www.nagios.org/
-License: GPL
+License: GNU General Public License (GPL)
Group: System/Monitoring
Autoreqprov: on
Requires: nagios
@@ -27,8 +27,7 @@
Patch1: nagios-nsca.abuild.patch
Patch2: nagios-nsca.xinetd.patch
Patch3: nagios-nsca.spooldir.patch
-Patch4: nagios-nsca.encrypt-cleanup.patch
-Patch5: nagios-nsca.send_nsca.formatstring.patch
+Patch4: nagios-nsca.send_nsca.formatstring.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build

%description
@@ -44,11 +43,10 @@

%prep
%setup -n nsca-%{version}
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
+%patch1
+%patch2
+%patch3
%patch4 -p1
-%patch5 -p1

%build
%{?suse_update_config:%{suse_update_config}}
@@ -102,6 +100,16 @@
%doc Changelog README SECURITY LEGAL

%changelog -n nagios-nsca
+* Fri Dec 01 2006 - tsieden@xxxxxxx
+- update to version 2.6
+ * spec file fix
+ * segfault fix in encryption library cleanup
+ * daemon now exits with an error if it can't drop privileges
+ * added chroot support (Sean Finney)
+ * added support for writing a PID file
+ * added support for reloading config files with SIGHUP
+ * removed obsolete patches which are included in upstream now
+- fix NscaBin location in init script
* Tue Oct 10 2006 - olh@xxxxxxx
- fix send_nsca segfault with -c and -d options
* Thu Feb 02 2006 - stark@xxxxxxx

++++++ nagios-nsca.abuild.patch ++++++
--- /var/tmp/diff_new_pack.S89hBv/_old 2006-12-07 21:10:47.000000000 +0100
+++ /var/tmp/diff_new_pack.S89hBv/_new 2006-12-07 21:10:47.000000000 +0100
@@ -1,12 +1,6 @@
----
- src/nsca.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-Index: nsca-2.5/src/nsca.c
-===================================================================
---- nsca-2.5.orig/src/nsca.c
-+++ nsca-2.5/src/nsca.c
-@@ -555,6 +555,7 @@ static int find_rhand(int fd){
+--- src/nsca.c 2006-04-06 23:19:30.000000000 +0200
++++ src/nsca.c 2006-12-01 12:24:18.000000000 +0100
+@@ -601,6 +601,7 @@
/* we couldn't find the read handler */
syslog(LOG_ERR, "Handler stack corrupt - aborting");
do_exit(STATE_CRITICAL);
@@ -14,7 +8,7 @@
}


-@@ -571,6 +572,7 @@ static int find_whand(int fd){
+@@ -617,6 +618,7 @@
/* we couldn't find the write handler */
syslog(LOG_ERR, "Handler stack corrupt - aborting");
do_exit(STATE_CRITICAL);

++++++ nagios-nsca.spooldir.patch ++++++
--- /var/tmp/diff_new_pack.S89hBv/_old 2006-12-07 21:10:47.000000000 +0100
+++ /var/tmp/diff_new_pack.S89hBv/_new 2006-12-07 21:10:47.000000000 +0100
@@ -1,12 +1,15 @@
----
- sample-config/nsca.cfg.in | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-Index: nsca-2.5/sample-config/nsca.cfg.in
-===================================================================
---- nsca-2.5.orig/sample-config/nsca.cfg.in
-+++ nsca-2.5/sample-config/nsca.cfg.in
-@@ -57,7 +57,7 @@ debug=0
+--- sample-config/nsca.cfg.in 2006-04-06 23:19:30.000000000 +0200
++++ sample-config/nsca.cfg.in 2006-12-01 12:31:39.000000000 +0100
+@@ -61,7 +61,7 @@
+ # NOTE: if you specify this option, the command file will be opened
+ # relative to this directory.
+
+-#nsca_chroot=/var/run/nagios/rw
++#nsca_chroot=/var/run/nagios
+
+
+
+@@ -78,7 +78,7 @@
# This is the location of the Nagios command file that the daemon
# should write all service check results that it receives.

@@ -15,7 +18,7 @@


# ALTERNATE DUMP FILE
-@@ -70,7 +70,7 @@ command_file=@localstatedir@/rw/nagios.c
+@@ -91,7 +91,7 @@
# it starts Nagios. Or you may simply choose to ignore any
# check results received while Nagios was not running...


++++++ nagios-nsca.xinetd.patch ++++++
--- /var/tmp/diff_new_pack.S89hBv/_old 2006-12-07 21:10:47.000000000 +0100
+++ /var/tmp/diff_new_pack.S89hBv/_new 2006-12-07 21:10:47.000000000 +0100
@@ -1,11 +1,5 @@
----
- sample-config/nsca.xinetd.in | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-Index: nsca-2.5/sample-config/nsca.xinetd.in
-===================================================================
---- nsca-2.5.orig/sample-config/nsca.xinetd.in
-+++ nsca-2.5/sample-config/nsca.xinetd.in
+--- sample-config/nsca.xinetd.in 2003-10-16 01:17:46.000000000 +0200
++++ sample-config/nsca.xinetd.in 2006-12-01 12:39:20.000000000 +0100
@@ -1,15 +1,17 @@
-# default: on
+# default: off
@@ -14,8 +8,8 @@
{
flags = REUSE
socket_type = stream
-+ type = UNLISTED
-+ port = @nsca_port@
++ type = UNLISTED
++ port = @nsca_port@
wait = no
user = @nsca_user@
group = @nsca_grp@
@@ -25,5 +19,5 @@
- disable = no
- only_from = 127.0.0.1
+ disable = yes
-+ #only_from = 127.0.0.1
++# only_from = 127.0.0.1
}

++++++ nsca-2.5.tar.bz2 -> nsca-2.6.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/nsca-2.5/Changelog new/nsca-2.6/Changelog
--- old/nsca-2.5/Changelog 2006-01-22 01:14:55.000000000 +0100
+++ new/nsca-2.6/Changelog 2006-04-06 23:19:30.000000000 +0200
@@ -3,6 +3,16 @@
**************


+2.6 - 04/06/2006
+----------------
+- Spec file fix
+- Segfault fix in encryption library cleanup
+- Daemon now exits with an error if it can't drop privileges
+- Added chroot support (Sean Finney)
+- Added support for writing a PID file
+- Added support for reloading config files with SIGHUP
+
+
2.5 - 01/21/2006
----------------
- Native TCP wrapper support in daemon mode
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/nsca-2.5/configure new/nsca-2.6/configure
--- old/nsca-2.5/configure 2006-01-22 01:14:55.000000000 +0100
+++ new/nsca-2.6/configure 2006-04-06 23:19:30.000000000 +0200
@@ -1288,9 +1288,9 @@


PKG_NAME=nsca
-PKG_VERSION="2.5"
+PKG_VERSION="2.6"
PKG_HOME_URL="http://www.nagios.org/";
-PKG_REL_DATE="01-21-2006"
+PKG_REL_DATE="04-06-2006"

ac_aux_dir=
for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/nsca-2.5/configure.in new/nsca-2.6/configure.in
--- old/nsca-2.5/configure.in 2006-01-22 01:14:55.000000000 +0100
+++ new/nsca-2.6/configure.in 2006-04-06 23:19:30.000000000 +0200
@@ -9,9 +9,9 @@
AC_PREFIX_DEFAULT(/usr/local/nagios)

PKG_NAME=nsca
-PKG_VERSION="2.5"
+PKG_VERSION="2.6"
PKG_HOME_URL="http://www.nagios.org/";
-PKG_REL_DATE="01-21-2006"
+PKG_REL_DATE="04-06-2006"

dnl Figure out how to invoke "install" and what install options to use.
AC_PROG_INSTALL
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/nsca-2.5/include/common.h new/nsca-2.6/include/common.h
--- old/nsca-2.5/include/common.h 2006-01-22 01:14:55.000000000 +0100
+++ new/nsca-2.6/include/common.h 2006-04-06 23:19:30.000000000 +0200
@@ -24,8 +24,8 @@
#include "config.h"


-#define PROGRAM_VERSION "2.5"
-#define MODIFICATION_DATE "01-21-2006"
+#define PROGRAM_VERSION "2.6"
+#define MODIFICATION_DATE "04-06-2006"


#define OK 0
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/nsca-2.5/include/nsca.h new/nsca-2.6/include/nsca.h
--- old/nsca-2.5/include/nsca.h 1970-01-01 01:00:00.000000000 +0100
+++ new/nsca-2.6/include/nsca.h 2006-04-06 23:20:43.000000000 +0200
@@ -0,0 +1,56 @@
+/************************************************************************
+ *
+ * NSCA.H - NSCA Include File
+ * Copyright (c) 1999-2006 Ethan Galstad (nagios@xxxxxxxxxx)
+ * Last Modified: 04-03-2006
+ *
+ * License:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ ************************************************************************/
+
+struct handler_entry{
+ void (*handler)(int, void *);
+ void *data;
+ int fd;
+ };
+
+
+static void handle_events(void);
+static void wait_for_connections(void);
+static void handle_connection(int,void *);
+static void accept_connection(int,void *);
+static void handle_connection_read(int,void *);
+static void install_child_handler(void);
+
+static int process_arguments(int,char **);
+static int read_config_file(char *);
+
+static int open_command_file(void);
+static void close_command_file(void);
+static int write_check_result(char *,char *,int,char *,time_t);
+
+static int get_user_info(const char *,uid_t *);
+static int get_group_info(const char *,gid_t *);
+static int drop_privileges(const char *,uid_t,gid_t);
+static void do_chroot(void);
+static void do_exit(int);
+
+static int write_pid_file(uid_t,gid_t);
+static int remove_pid_file(void);
+
+void sighandler(int);
+
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/nsca-2.5/nsca.spec new/nsca-2.6/nsca.spec
--- old/nsca-2.5/nsca.spec 2004-02-03 02:27:54.000000000 +0100
+++ new/nsca-2.6/nsca.spec 2006-04-06 23:19:30.000000000 +0200
@@ -1,5 +1,5 @@
%define name nsca
-%define version 2.4
+%define version 2.6
%define release 1
%define nsusr nagios
%define nsgrp nagios
@@ -18,7 +18,7 @@
Name: %{name}
Version: %{version}
Release: %{release}
-Copyright: GPL
+License: GPL
Group: Application/System
Source0: %{name}-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-buildroot
@@ -117,9 +117,9 @@

%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
-install -b -D -m 0644 nsca.cfg ${RPM_BUILD_ROOT}/etc/nagios/nsca.cfg
-install -b -D -m 0644 send_nsca.cfg ${RPM_BUILD_ROOT}/etc/nagios/send_nsca.cfg
-install -b -D -m 0644 nsca.xinetd ${RPM_BUILD_ROOT}/etc/xined.d/nsca
+install -b -D -m 0644 sample-config/nsca.cfg ${RPM_BUILD_ROOT}/etc/nagios/nsca.cfg
+install -b -D -m 0644 sample-config/send_nsca.cfg ${RPM_BUILD_ROOT}/etc/nagios/send_nsca.cfg
+install -b -D -m 0644 sample-config/nsca.xinetd ${RPM_BUILD_ROOT}/etc/xined.d/nsca
install -b -D -m 0755 src/nsca ${RPM_BUILD_ROOT}/usr/sbin/nsca
install -b -D -m 0755 src/send_nsca ${RPM_BUILD_ROOT}/usr/bin/send_nsca

diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/nsca-2.5/sample-config/nsca.cfg.in new/nsca-2.6/sample-config/nsca.cfg.in
--- old/nsca-2.5/sample-config/nsca.cfg.in 2006-01-22 01:14:55.000000000 +0100
+++ new/nsca-2.6/sample-config/nsca.cfg.in 2006-04-06 23:19:30.000000000 +0200
@@ -2,10 +2,18 @@
# Sample NSCA Daemon Config File
# Written by: Ethan Galstad (nagios@xxxxxxxxxx)
#
-# Last Modified: 01-21-2006
+# Last Modified: 04-03-2006
####################################################


+# PID FILE
+# The name of the file in which the NSCA daemon should write it's process ID
+# number. The file is only written if the NSCA daemon is started by the root
+# user as a single- or multi-process daemon.
+
+pid_file=/var/run/nsca.pid
+
+

# PORT NUMBER
# Port number we should wait for connections on.
@@ -44,6 +52,19 @@



+# NSCA CHROOT
+# If specified, determines a directory into which the nsca daemon
+# will perform a chroot(2) operation before dropping its privileges.
+# for the security conscious this can add a layer of protection in
+# the event that the nagios daemon is compromised.
+#
+# NOTE: if you specify this option, the command file will be opened
+# relative to this directory.
+
+#nsca_chroot=/var/run/nagios/rw
+
+
+
# DEBUGGING OPTION
# This option determines whether or not debugging
# messages are logged to the syslog facility.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/nsca-2.5/src/nsca.c new/nsca-2.6/src/nsca.c
--- old/nsca-2.5/src/nsca.c 2006-01-22 01:14:55.000000000 +0100
+++ new/nsca-2.6/src/nsca.c 2006-04-06 23:19:30.000000000 +0200
@@ -4,7 +4,7 @@
* Copyright (c) 2000-2006 Ethan Galstad (nagios@xxxxxxxxxx)
* License: GPL v2
*
- * Last Modified: 01-21-2006
+ * Last Modified: 04-06-2006
*
* Command line: NSCA -c <config_file> [mode]
*
@@ -19,6 +19,7 @@
#include "../include/config.h"
#include "../include/netutils.h"
#include "../include/utils.h"
+#include "../include/nsca.h"


static int server_port=DEFAULT_SERVER_PORT;
@@ -30,20 +31,6 @@
static char command_file[MAX_INPUT_BUFFER]="";
static char password[MAX_INPUT_BUFFER]="";

-static void handle_events(void);
-static void wait_for_connections(void);
-static void handle_connection(int,void *);
-static void accept_connection(int,void *);
-static void handle_connection_read(int,void *);
-static int process_arguments(int,char **);
-static int read_config_file(char *);
-static int open_command_file(void);
-static void close_command_file(void);
-static void install_child_handler(void);
-static int drop_privileges(char *,char *);
-static int write_check_result(char *,char *,int,char *,time_t);
-static void do_exit(int);
-
static enum { OPTIONS_ERROR, SINGLE_PROCESS_DAEMON, MULTI_PROCESS_DAEMON, INETD } mode=SINGLE_PROCESS_DAEMON;
static int debug=FALSE;
static int aggregate_writes=FALSE;
@@ -51,34 +38,36 @@
static int append_to_file=FALSE;
static unsigned long max_packet_age=30;

-char *nsca_user=NULL;
-char *nsca_group=NULL;
+char *nsca_user=NULL;
+char *nsca_group=NULL;

-int show_help=FALSE;
-int show_license=FALSE;
-int show_version=FALSE;
+char *nsca_chroot=NULL;

-static FILE *command_file_fp=NULL;
+char *pid_file=NULL;
+int wrote_pid_file=FALSE;

-struct handler_entry{
- void (*handler)(int, void *);
- void *data;
- int fd;
- };
+int show_help=FALSE;
+int show_license=FALSE;
+int show_version=FALSE;
+
+int sigrestart=FALSE;
+int sigshutdown=FALSE;
+
+static FILE *command_file_fp=NULL;

struct handler_entry *rhand=NULL;
struct handler_entry *whand=NULL;
struct pollfd *pfds=NULL;
-int maxrhand=0;
-int maxwhand=0;
-int maxpfds=0;
-int nrhand=0;
-int nwhand=0;
-int npfds=0;
-
+int maxrhand=0;
+int maxwhand=0;
+int maxpfds=0;
+int nrhand=0;
+int nwhand=0;
+int npfds=0;
+
#ifdef HAVE_LIBWRAP
-int allow_severity=LOG_INFO;
-int deny_severity=LOG_WARNING;
+int allow_severity=LOG_INFO;
+int deny_severity=LOG_WARNING;
#endif


@@ -86,6 +75,8 @@
int main(int argc, char **argv){
char buffer[MAX_INPUT_BUFFER];
int result;
+ uid_t uid=-1;
+ gid_t gid=-1;


/* process command-line arguments */
@@ -140,7 +131,7 @@


/* open a connection to the syslog facility */
- openlog("nsca",LOG_PID,LOG_DAEMON);
+ openlog("nsca",LOG_PID|LOG_NDELAY,LOG_DAEMON);

/* make sure the config file uses an absolute path */
if(config_file[0]!='/'){
@@ -177,24 +168,37 @@
switch(mode){

case INETD:
+ /* chroot if configured */
+ do_chroot();
+
/* if we're running under inetd, handle one connection and get out */
handle_connection(0,NULL);
break;

case MULTI_PROCESS_DAEMON:
+
/* older style, mult-process daemon */
/* execution cascades below... */
install_child_handler();

+ /* |
+ |
+ | */
case SINGLE_PROCESS_DAEMON:
+ /* |
+ |
+ V */
+
/* daemonize and start listening for requests... */
if(fork()==0){

/* we're a daemon - set up a new process group */
setsid();

- /* ignore SIGHUP */
- signal(SIGHUP, SIG_IGN);
+ /* handle signals */
+ signal(SIGQUIT,sighandler);
+ signal(SIGTERM,sighandler);
+ signal(SIGHUP,sighandler);

/* close standard file descriptors */
close(0);
@@ -206,25 +210,61 @@
open("/dev/null",O_WRONLY);
open("/dev/null",O_WRONLY);

+ /* get group information before chrooting */
+ get_user_info(nsca_user,&uid);
+ get_group_info(nsca_group,&gid);
+
+ /* write pid file */
+ if(write_pid_file(uid,gid)==ERROR)
+ return STATE_CRITICAL;
+
+ /* chroot if configured */
+ do_chroot();
+
/* drop privileges */
- drop_privileges(nsca_user,nsca_group);
+ if(drop_privileges(nsca_user,uid,gid)==ERROR)
+ do_exit(STATE_CRITICAL);

- /* wait for connections */
- wait_for_connections();
- }
+ do{
+
+ /* reset flags */
+ sigrestart=FALSE;
+ sigshutdown=FALSE;
+
+ /* wait for connections */
+ wait_for_connections();
+
+ if(sigrestart==TRUE){
+
+ /* re-read the config file */
+ result=read_config_file(config_file);
+
+ /* exit if there are errors... */
+ if(result==ERROR){
+ syslog(LOG_ERR,"Config file '%s' contained errors, bailing out...",config_file);
+ break;
+ }
+ }
+
+ }while(sigrestart==TRUE && sigshutdown==FALSE);
+
+ /* remove pid file */
+ remove_pid_file();
+
+ syslog(LOG_NOTICE,"Daemon shutdown\n");
+ }
break;

default:
break;
- }
-
- /* We are now running in daemon mode, or the connection handed over by inetd has
- been completed, so the parent process exits */
+ }
+
+ /* we are now running in daemon mode, or the connection handed over by inetd has been completed, so the parent process exits */
do_exit(STATE_OK);

/* keep the compilers happy... */
return STATE_OK;
- }
+ }


/* cleanup */
@@ -234,7 +274,7 @@
if(command_file_fp!=NULL)
close_command_file();

- /*** CLEAR SENSITIVE INFO FROM MEMORY ***/
+ /*** CLEAR SENSITIVE INFO FROM MEMORY ***/

/* overwrite password */
clear_buffer(password,sizeof(password));
@@ -408,6 +448,12 @@
else if(!strcmp(varname,"nsca_group"))
nsca_group=strdup(varvalue);

+ else if(!strcmp(varname,"nsca_chroot"))
+ nsca_chroot=strdup(varvalue);
+
+ else if(!strcmp(varname,"pid_file"))
+ pid_file=strdup(varvalue);
+
else{
syslog(LOG_ERR,"Unknown option specified in config file '%s' - Line %d\n",filename,line);

@@ -580,6 +626,10 @@
void *data;
int i, hand;

+ /* bail out if necessary */
+ if(sigrestart==TRUE || sigshutdown==TRUE)
+ return;
+
poll(pfds,npfds,-1);
for(i=0;i<npfds;i++){
if((pfds[i].events&POLLIN) && (pfds[i].revents&(POLLIN|POLLERR|POLLHUP|POLLNVAL))){
@@ -618,7 +668,7 @@
/* wait for incoming connection requests */
static void wait_for_connections(void) {
struct sockaddr_in myname;
- int sock;
+ int sock=0;
int flag=1;

/* create a socket for listening */
@@ -669,14 +719,28 @@
syslog(LOG_DEBUG,"Listening for connections on port %d\n",htons(myname.sin_port));
}

+ /* socket should be non-blocking for mult-process daemon */
+ if(mode==MULTI_PROCESS_DAEMON)
+ fcntl(sock,F_SETFL,O_NONBLOCK);
+
/* listen for connection requests */
- if(mode==MULTI_PROCESS_DAEMON){
- while(1)
- accept_connection(sock,NULL);
- }
- else{
+ if(mode==SINGLE_PROCESS_DAEMON)
register_read_handler(sock,accept_connection,NULL);
- while(1)
+ while(1){
+
+ /* bail out if necessary */
+ if(sigrestart==TRUE || sigshutdown==TRUE){
+ /* close the socket we're listening on */
+ close(sock);
+ break;
+ }
+
+ /* accept a new connection */
+ if(mode==MULTI_PROCESS_DAEMON)
+ accept_connection(sock,NULL);
+
+ /* handle the new connection (if any) */
+ else
handle_events();
}

@@ -696,22 +760,35 @@
struct request_info req;
#endif

+ /* REMOVED 04/03/2006 EG - already done in wait_for_connections() */
+ /*
if(mode==SINGLE_PROCESS_DAEMON)
- register_read_handler(sock, accept_connection, NULL);
+ register_read_handler(sock,accept_connection,NULL);
+ */

/* wait for a connection request */
while(1){
- new_sd=accept(sock,0,0);
- if(new_sd>=0)
- break;
- if(errno==EWOULDBLOCK || errno==EINTR){
- if(mode==MULTI_PROCESS_DAEMON)
- sleep(1);
- else
- return;
- }
- else
+
+ /* we got a live one... */
+ if((new_sd=accept(sock,0,0))>=0)
break;
+
+ /* handle the error */
+ else{
+
+ /* bail out if necessary */
+ if(sigrestart==TRUE || sigshutdown==TRUE)
+ return;
+
+ if(errno==EWOULDBLOCK || errno==EINTR){
+ if(mode==MULTI_PROCESS_DAEMON)
+ sleep(1);
+ else
+ return;
+ }
+ else
+ break;
+ }
}

/* hey, there was an error... */
@@ -1008,6 +1085,7 @@
}


+
/* writes service/host check results to the Nagios command file */
static int write_check_result(char *host_name, char *svc_description, int return_code, char *plugin_output, time_t check_time){

@@ -1139,47 +1217,90 @@



-/* drops privileges */
-static int drop_privileges(char *user, char *group){
- uid_t uid=-1;
- gid_t gid=-1;
- struct group *grp;
- struct passwd *pw;
+/* write an optional pid file */
+static int write_pid_file(uid_t usr, gid_t grp){
+ int fd;
+ int result=0;
+ pid_t pid=0;
+ char pbuf[16];

- /* set effective group ID */
- if(group!=NULL){
-
- /* see if this is a group name */
- if(strspn(group,"0123456789")<strlen(group)){
- grp=(struct group *)getgrnam(group);
- if(grp!=NULL)
- gid=(gid_t)(grp->gr_gid);
- else
- syslog(LOG_ERR,"Warning: Could not get group entry for '%s'",group);
- endgrent();
- }
+ /* no pid file was specified */
+ if(pid_file==NULL)
+ return OK;

- /* else we were passed the GID */
- else
- gid=(gid_t)atoi(group);
+ /* read existing pid file */
+ if((fd=open(pid_file,O_RDONLY))>=0){

- /* set effective group ID if other than current EGID */
- if(gid!=getegid()){
+ result=read(fd,pbuf,(sizeof pbuf)-1);

- if(setgid(gid)==-1)
- syslog(LOG_ERR,"Warning: Could not set effective GID=%d",(int)gid);
+ close(fd);
+
+ if(result>0){
+
+ pbuf[result]='\x0';
+ pid=(pid_t)atoi(pbuf);
+
+ /* if previous process is no longer running running, remove the old pid file */
+ if(pid && (pid==getpid() || kill(pid,0)<0))
+ unlink(pid_file);
+
+ /* previous process is still running */
+ else{
+ syslog(LOG_ERR,"There's already an NSCA server running (PID %lu). Bailing out...",(unsigned long)pid);
+ return ERROR;
+ }
}
+ }
+
+ /* write new pid file */
+ if((fd=open(pid_file,O_WRONLY | O_CREAT,0644))>=0){
+ sprintf(pbuf,"%d\n",(int)getpid());
+ write(fd,pbuf,strlen(pbuf));
+ fchown(fd,usr,grp);
+ close(fd);
+ wrote_pid_file=TRUE;
+ }
+ else{
+ syslog(LOG_ERR,"Cannot write to pidfile '%s' - check your privileges.",pid_file);
+ }
+
+ return OK;
+ }
+
+
+
+/* remove pid file */
+static int remove_pid_file(void){
+
+ /* no pid file was specified */
+ if(pid_file==NULL)
+ return OK;
+
+ /* pid file was not written */
+ if(wrote_pid_file==FALSE)
+ return OK;
+
+ /* remove existing pid file */
+ if(unlink(pid_file)==-1){
+ syslog(LOG_ERR,"Cannot remove pidfile '%s' - check your privileges.",pid_file);
+ return ERROR;
}

+ return OK;
+ }
+

- /* set effective user ID */
+
+/* get user information */
+static int get_user_info(const char *user, uid_t *uid){
+ const struct passwd *pw=NULL;
+
if(user!=NULL){
-
/* see if this is a user name */
if(strspn(user,"0123456789")<strlen(user)){
pw=(struct passwd *)getpwnam(user);
if(pw!=NULL)
- uid=(uid_t)(pw->pw_uid);
+ *uid=(uid_t)(pw->pw_uid);
else
syslog(LOG_ERR,"Warning: Could not get passwd entry for '%s'",user);
endpwent();
@@ -1187,27 +1308,142 @@

/* else we were passed the UID */
else
- uid=(uid_t)atoi(user);
-
-#ifdef HAVE_INITGROUPS
+ *uid=(uid_t)atoi(user);
+
+ }
+ else
+ *uid=geteuid();
+
+ return OK;
+ }
+
+
+
+/* get group information */
+static int get_group_info(const char *group, gid_t *gid){
+ const struct group *grp=NULL;
+
+ /* get group ID */
+ if(group!=NULL){
+ /* see if this is a group name */
+ if(strspn(group,"0123456789")<strlen(group)){
+ grp=(struct group *)getgrnam(group);
+ if(grp!=NULL)
+ *gid=(gid_t)(grp->gr_gid);
+ else
+ syslog(LOG_ERR,"Warning: Could not get group entry for '%s'",group);
+ endgrent();
+ }
+
+ /* else we were passed the GID */
+ else
+ *gid=(gid_t)atoi(group);
+ }
+ else
+ *gid=getegid();
+
+ return OK;
+ }

- if(uid!=geteuid()){

- /* initialize supplementary groups */
- if(initgroups(user,gid)==-1){
- if(errno==EPERM)
- syslog(LOG_ERR,"Warning: Unable to change supplementary groups using initgroups()");
- else{
- syslog(LOG_ERR,"Warning: Possibly root user failed dropping privileges with initgroups()");
- return ERROR;
- }
- }
+
+/* drops privileges */
+static int drop_privileges(const char *user, uid_t uid, gid_t gid){
+ struct group *grp;
+ struct passwd *pw;
+
+ /* only drop privileges if we're running as root, so we don't interfere with being debugged while running as some random user */
+ if(getuid()!=0)
+ return OK;
+
+ /* set effective group ID if other than current EGID */
+ if(gid!=getegid()){
+ if(setgid(gid)==-1){
+ syslog(LOG_ERR,"Warning: Could not set effective GID=%d",(int)gid);
+ return ERROR;
}
+ }
+
+#ifdef HAVE_INITGROUPS
+ if(uid!=geteuid()){
+ /* initialize supplementary groups */
+ if(initgroups(user,gid)==-1){
+ if(errno==EPERM)
+ syslog(LOG_ERR,"Warning: Unable to change supplementary groups using initgroups()");
+ else{
+ syslog(LOG_ERR,"Warning: Possibly root user failed dropping privileges with initgroups()");
+ return ERROR;
+ }
+ }
+ }
#endif

- if(setuid(uid)==-1)
- syslog(LOG_ERR,"Warning: Could not set effective UID=%d",(int)uid);
+ if(setuid(uid)==-1){
+ syslog(LOG_ERR,"Warning: Could not set effective UID=%d",(int)uid);
+ return ERROR;
}

return OK;
}
+
+
+
+/* perform the chroot() operation if configured to do so */
+void do_chroot(void){
+ int retval=0;
+ const char *err=NULL;
+
+ if(nsca_chroot!=NULL){
+ retval=chdir(nsca_chroot);
+ if(retval!=0){
+ err=strerror(errno);
+ syslog(LOG_ERR, "can not chdir into chroot directory: %s", err);
+ do_exit(STATE_UNKNOWN);
+ }
+ retval=chroot(".");
+ if(retval!=0){
+ err=strerror(errno);
+ syslog(LOG_ERR, "can not chroot: %s", err);
+ do_exit(STATE_UNKNOWN);
+ }
+ }
+ }
+
+
+
+/* handle signals */
+void sighandler(int sig){
+ static char *sigs[]={"EXIT","HUP","INT","QUIT","ILL","TRAP","ABRT","BUS","FPE","KILL","USR1","SEGV","USR2","PIPE","ALRM","TERM","STKFLT","CHLD","CONT","STOP","TSTP","TTIN","TTOU","URG","XCPU","XFSZ","VTALRM","PROF","WINCH","IO","PWR","UNUSED","ZERR","DEBUG",(char *)NULL};
+ int i;
+ char temp_buffer[MAX_INPUT_BUFFER];
+
+ if(sig<0)
+ sig=-sig;
+
+ for(i=0;sigs[i]!=(char *)NULL;i++);
+
+ sig%=i;
+
+ /* we received a SIGHUP, so restart... */
+ if(sig==SIGHUP){
+
+ sigrestart=TRUE;
+
+ syslog(LOG_NOTICE,"Caught SIGHUP - restarting...\n");
+ }
+
+ /* else begin shutting down... */
+ if(sig==SIGTERM){
+
+ /* if shutdown is already true, we're in a signal trap loop! */
+ if(sigshutdown==TRUE)
+ exit(STATE_CRITICAL);
+
+ sigshutdown=TRUE;
+
+ syslog(LOG_NOTICE,"Caught SIG%s - shutting down...\n",sigs[sig]);
+ }
+
+ return;
+ }
+
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/nsca-2.5/src/send_nsca.c new/nsca-2.6/src/send_nsca.c
--- old/nsca-2.5/src/send_nsca.c 2006-01-22 01:14:55.000000000 +0100
+++ new/nsca-2.6/src/send_nsca.c 2006-04-06 23:19:30.000000000 +0200
@@ -4,7 +4,7 @@
* License: GPL v2
* Copyright (c) 2000-2006 Ethan Galstad (nagios@xxxxxxxxxx)
*
- * Last Modified: 01-21-2006
+ * Last Modified: 04-06-2006
*
* Command line: SEND_NSCA <host_address> [-p port] [-to to_sec] [-c config_file]
*
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/nsca-2.5/src/utils.c new/nsca-2.6/src/utils.c
--- old/nsca-2.5/src/utils.c 2003-10-25 01:55:40.000000000 +0200
+++ new/nsca-2.6/src/utils.c 2006-02-02 19:45:06.000000000 +0100
@@ -3,9 +3,9 @@
* UTILS.C - Utility functions for NSCA
*
* License: GPL
- * Copyright (c) 2000-2003 Ethan Galstad (nagios@xxxxxxxxxx)
+ * Copyright (c) 2000-2006 Ethan Galstad (nagios@xxxxxxxxxx)
*
- * Last Modified: 10-24-2003
+ * Last Modified: 02-02-2006
*
* Description:
*
@@ -258,10 +258,6 @@
CI->key=NULL;
free(CI->IV);
CI->IV=NULL;
- free(CI->mcrypt_algorithm);
- CI->mcrypt_algorithm=NULL;
- free(CI->mcrypt_mode);
- CI->mcrypt_mode=NULL;
}
#endif

diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/nsca-2.5/update-version new/nsca-2.6/update-version
--- old/nsca-2.5/update-version 2003-10-16 01:17:45.000000000 +0200
+++ new/nsca-2.6/update-version 2006-01-23 02:18:50.000000000 +0100
@@ -23,3 +23,6 @@
perl -i -p -e "s/PKG_REL_DATE=.*\"/PKG_REL_DATE=\"$SHORTDATE\"/;" configure
perl -i -p -e "s/PKG_VERSION=.*/PKG_VERSION=\"$1\"/;" configure.in
perl -i -p -e "s/PKG_REL_DATE=.*\"/PKG_REL_DATE=\"$SHORTDATE\"/;" configure.in
+
+# Update RPM spec file with version number
+perl -i -p -e "s/%define version .*/%define version $1/;" nsca.spec

++++++ rcnsca ++++++
--- nagios-nsca/rcnsca 2006-01-22 13:06:50.000000000 +0100
+++ /mounts/work_src_done/STABLE/nagios-nsca/rcnsca 2006-12-01 13:11:00.000000000 +0100
@@ -18,7 +18,7 @@
### END INIT INFO


-NscaBin=/usr/sbin/nsca
+NscaBin=/usr/bin/nsca
test -x $NscaBin || { echo "$NscaBin not installed";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx

< Previous Next >
This Thread