diff options
Diffstat (limited to '')
| -rw-r--r-- | include/acl.h | 73 | ||||
| -rw-r--r-- | include/common.h.in | 123 | ||||
| -rw-r--r-- | include/config.h.in | 355 | ||||
| -rw-r--r-- | include/nrpe.h | 71 | ||||
| -rw-r--r-- | include/utils.h | 54 |
5 files changed, 676 insertions, 0 deletions
diff --git a/include/acl.h b/include/acl.h new file mode 100644 index 0000000..9a661f6 --- /dev/null +++ b/include/acl.h @@ -0,0 +1,73 @@ +/**************************************************************************** + * + * acl.h - header file for acl.c + * + * License: GPLv2 + * Copyright (c) 2011 Kaspersky Lab ZAO + * + * License Notice: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + ****************************************************************************/ + +#ifndef ACL_H_INCLUDED +#define ACL_H_INCLUDED 1 + +#include <sys/types.h> +#include <sys/socket.h> + +#include <netinet/in.h> +#include <arpa/inet.h> + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <ctype.h> +#include <netdb.h> +#include <syslog.h> +#include <stdarg.h> + +#define CHAR_TO_NUMBER(c) ((c) - '0') + +struct ip_acl { + int family; + struct in_addr addr; + struct in_addr mask; + struct in6_addr addr6; + struct in6_addr mask6; + struct ip_acl *next; +}; + +struct dns_acl { + char domain[255]; + struct dns_acl *next; +}; + +/* Pointers to head ACL structs */ +static struct ip_acl *ip_acl_head, *ip_acl_prev; +static struct dns_acl *dns_acl_head, *dns_acl_prev; + +/* Functions */ +void parse_allowed_hosts(char *allowed_hosts); +int add_ipv4_to_acl(char *ipv4); +int add_ipv6_to_acl(char *ipv6); +int add_domain_to_acl(char *domain); +//int is_an_allowed_host(struct in_addr); +int is_an_allowed_host(int, void *); +unsigned int prefix_from_mask(struct in_addr mask); +void show_acl_lists(void); + +#endif /* ACL_H_INCLUDED */ diff --git a/include/common.h.in b/include/common.h.in new file mode 100644 index 0000000..ce4e80f --- /dev/null +++ b/include/common.h.in @@ -0,0 +1,123 @@ +/**************************************************************************** + * + * common.h - NRPE Common header file + * + * License: GPLv2 + * Copyright (c) 2006-2017 Nagios Enterprises + * 1999-2006 Ethan Galstad (nagios@nagios.org) + * + * License Notice: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + ****************************************************************************/ + +#include "config.h" + +#define SSL_TYPE_@SSL_TYPE@ + +#ifdef HAVE_SSL +#ifdef OPENSSL_V3 +# define OPENSSL_API_COMPAT 10002 +# define OPENSSL_NO_DEPRECATED +#endif +#include <@SSL_INC_PREFIX@@SSL_HDR@> +# ifdef SSL_TYPE_openssl +# include <@SSL_INC_PREFIX@err.h> +# include <@SSL_INC_PREFIX@rand.h> +# include <@SSL_INC_PREFIX@engine.h> +# endif +#endif + +#define PROGRAM_VERSION "4.1.0" +#define MODIFICATION_DATE "2022-07-18" + +#define OK 0 +#define ERROR -1 + +#define TRUE 1 +#define FALSE 0 + +#define STATE_UNKNOWN 3 /* service state return codes */ +#define STATE_CRITICAL 2 +#define STATE_WARNING 1 +#define STATE_OK 0 + + +#define DEFAULT_SOCKET_TIMEOUT 10 /* timeout after 10 seconds */ +#define DEFAULT_CONNECTION_TIMEOUT 300 /* timeout if daemon is waiting for connection more than this time */ + +#define MAX_INPUT_BUFFER 2048 /* max size of most buffers we use */ +#define MAX_FILENAME_LENGTH 256 +#define MAX_HOST_ADDRESS_LENGTH 256 /* max size of a host address */ +#define MAX_COMMAND_ARGUMENTS 16 + +#define NRPE_HELLO_COMMAND "_NRPE_CHECK" + +/**************** PACKET STRUCTURE DEFINITION **********/ + +#define QUERY_PACKET 1 /* id code for a packet containing a query */ +#define RESPONSE_PACKET 2 /* id code for a packet containing a response */ + +/* v4 takes struct padding into account, so the buffer "takes" 4 bytes + * v3 removes the 1 byte that "should" be allocated to buffer. + */ +#define NRPE_V4_PACKET_SIZE_OFFSET 4 +#define NRPE_V3_PACKET_SIZE_OFFSET 1 + +/* packet version identifiers */ +#define NRPE_PACKET_VERSION_4 4 /* Same as version 3, but accounts for struct padding in network code */ +#define NRPE_PACKET_VERSION_3 3 /* Allows for variable-length buffer */ +#define NRPE_PACKET_VERSION_2 2 +#define NRPE_PACKET_VERSION_1 1 /* older packet version identifiers (no longer supported) */ + +#define MAX_PACKETBUFFER_LENGTH 1024 /* amount of data to send in one query/response vor version 2 */ + +#define NRPE_DEFAULT_PACKET_VERSION NRPE_PACKET_VERSION_4 + +typedef struct _v2_packet { + int16_t packet_version; + int16_t packet_type; + u_int32_t crc32_value; + int16_t result_code; + char buffer[MAX_PACKETBUFFER_LENGTH]; +} v2_packet; +typedef struct _v3_packet { + int16_t packet_version; + int16_t packet_type; + u_int32_t crc32_value; + int16_t result_code; + int16_t alignment; + int32_t buffer_length; + char buffer[1]; +} v3_packet; + +typedef v3_packet v4_packet; + +/**************** OPERATING SYSTEM SPECIFIC DEFINITIONS **********/ +#if defined(__sun) || defined(__hpux) + +# ifndef LOG_AUTHPRIV +# define LOG_AUTHPRIV LOG_AUTH +# endif +# ifndef LOG_FTP +# define LOG_FTP LOG_DAEMON +# endif +#elif defined(_AIX) +# include <sys/select.h> +# ifndef LOG_FTP +# define LOG_FTP LOG_DAEMON +# endif +#endif diff --git a/include/config.h.in b/include/config.h.in new file mode 100644 index 0000000..9bf790f --- /dev/null +++ b/include/config.h.in @@ -0,0 +1,355 @@ +/**************************************************************************** + * + * config.h - NRPE Configuration header file + * + * License: GPLv2 + * Copyright (c) 2006-2017 Nagios Enterprises + * 1999-2006 Ethan Galstad (nagios@nagios.org) + * + * License Notice: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + ****************************************************************************/ + +#ifndef _CONFIG_H +#define _CONFIG_H + +#include <stdio.h> +#include <stdlib.h> + + +/* Default port for NRPE daemon */ +#undef DEFAULT_SERVER_PORT + +/* NRPE syslog facility */ +#undef NRPE_LOG_FACILITY + +/* Enable command-line arguments */ +#undef ENABLE_COMMAND_ARGUMENTS + +/* Enable bash command substitution */ +#undef ENABLE_BASH_COMMAND_SUBSTITUTION + +/* type to use in place of socklen_t if not defined */ +#undef socklen_t + +/* Define to 1 if you have the `getopt_long' function. */ +#undef HAVE_GETOPT_LONG + +/* Have the TCP wrappers library */ +#undef HAVE_LIBWRAP + +/* Define to 1 if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* Define to 1 if you have the `strdup' function. */ +#undef HAVE_STRDUP + +/* Define to 1 if you have the `strstr' function. */ +#undef HAVE_STRSTR + +/* Define to 1 if you have the `strtoul' function. */ +#undef HAVE_STRTOUL + +/* Define to 1 if you have the `strtok_r' function. */ +#undef HAVE_STRTOK_R + +/* Define to 1 if you have the `initgroups' function. */ +#undef HAVE_INITGROUPS + +/* Define to 1 if you have the `closesocket' function. */ +#undef HAVE_CLOSESOCKET + +/* Define to 1 if you have the `sigaction' function. */ +#undef HAVE_SIGACTION + +/* Define to 1 if you have the `scandir' function. */ +#undef HAVE_SCANDIR + +/* Set to 1 if you have rfc931_timeout */ +#undef HAVE_RFC931_TIMEOUT + +/* The size of `int', as computed by sizeof. */ +#undef SIZEOF_INT + +/* The size of `short', as computed by sizeof. */ +#undef SIZEOF_SHORT + +/* The size of `long', as computed by sizeof. */ +#undef SIZEOF_LONG + +/* Define to empty if `const' does not conform to ANSI C. */ +#undef const + +/* Set to 1 to use SSL DH */ +#undef USE_SSL_DH + +/* stupid stuff for u_int32_t */ +#undef U_INT32_T_IS_USHORT +#undef U_INT32_T_IS_UINT +#undef U_INT32_T_IS_ULONG +#undef U_INT32_T_IS_UINT32_T + +#ifdef U_INT32_T_IS_USHORT +typedef unsigned short u_int32_t; +#endif +#ifdef U_INT32_T_IS_ULONG +typedef unsigned long u_int32_t; +#endif +#ifdef U_INT32_T_IS_UINT +typedef unsigned int u_int32_t; +#endif +#ifdef U_INT32_T_IS_UINT32_t +typedef uint32_t u_int32_t; +#endif + +/* stupid stuff for int32_t */ +#undef INT32_T_IS_SHORT +#undef INT32_T_IS_INT +#undef INT32_T_IS_LONG + +#ifdef INT32_T_IS_USHORT +typedef short int32_t; +#endif +#ifdef INT32_T_IS_ULONG +typedef long int32_t; +#endif +#ifdef INT32_T_IS_UINT +typedef int int32_t; +#endif + + +/***** ASPRINTF() AND FRIENDS *****/ + +/* Whether vsnprintf() is available */ +#undef HAVE_VSNPRINTF +/* Whether snprintf() is available */ +#undef HAVE_SNPRINTF +/* Whether aprintf() is available */ +#undef HAVE_ASPRINTF +/* Whether vaprintf() is available */ +#undef HAVE_VASPRINTF +/* Define if system has C99 compatible vsnprintf */ +#undef HAVE_C99_VSNPRINTF + +/* Whether va_copy() is available */ +#undef HAVE_VA_COPY + +/* Whether __va_copy() is available */ +#undef HAVE___VA_COPY + + +/* Socket Size Type */ +#undef SOCKET_SIZE_TYPE + +/* Define to the type of elements in the array set by `getgroups'. Usually + this is either `int' or `gid_t'. */ +#undef GETGROUPS_T + +/* Define as the return type of signal handlers (`int' or `void'). */ +#undef RETSIGTYPE + +/* Define to 1 if the system has the type `struct sockaddr_storage'. */ +#undef HAVE_STRUCT_SOCKADDR_STORAGE + +/* Use seteuid() or setresuid() depending on the platform */ +#undef SETEUID + +/* Set to 1 if we are on Solaris 10 */ +#undef SOLARIS_10 + +/* Define to 1 if you have the <getopt.h> header file. */ +#undef HAVE_GETOPT_H +#ifdef HAVE_GETOPT_H +#include <getopt.h> +#endif + +/* Define to 1 if you have the <strings.h> header file. */ +#undef HAVE_STRINGS_H +#ifdef HAVE_STRINGS_H +#include <strings.h> +#endif + +/* Define to 1 if you have the <string.h> header file. */ +#undef HAVE_STRING_H +#ifdef HAVE_STRING_H +#include <string.h> +#endif + +/* Define to 1 if you have the <unistd.h> header file. */ +#undef HAVE_UNISTD_H +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + +/* Define to 1 if you have the <signal.h> header file. */ +#undef HAVE_SIGNAL_H +#ifdef HAVE_SIGNAL_H +#include <signal.h> +#endif + +/* Define to 1 if you have the <syslog.h> header file. */ +#undef HAVE_SYSLOG_H +#ifdef HAVE_SYSLOG_H +#include <syslog.h> +#endif + +/* Define to 1 if you have the <sys/stat.h> header file. */ +#undef HAVE_SYS_STAT_H +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif + +/* Define to 1 if you have the <fcntl.h> header file. */ +#undef HAVE_FCNTL_H +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif + +/* Define to 1 if you have the <sys/types.h> header file. */ +#undef HAVE_SYS_TYPES_H +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif + +/* Define to 1 if you have the <sys/wait.h> header file. */ +#undef HAVE_SYS_WAIT_H +#ifdef HAVE_SYS_WAIT_H +#include <sys/wait.h> +#endif + +#ifndef WEXITSTATUS +# define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8) +#endif +#ifndef WIFEXITED +# define WIFEXITED(stat_val) (((stat_val) & 255) == 0) +#endif + +/* Define to 1 if you have the <errno.h> header file. */ +#undef HAVE_ERRNO_H +#ifdef HAVE_ERRNO_H +#include <errno.h> +#endif + +/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */ +#undef TIME_WITH_SYS_TIME + +/* Define to 1 if you have the <sys/time.h> header file. */ +#undef HAVE_SYS_TIME_H + +#if TIME_WITH_SYS_TIME +# include <sys/time.h> +# include <time.h> +#else +# if HAVE_SYS_TIME_H +# include <sys/time.h> +# else +# include <time.h> +# endif +#endif + + +/* Define to 1 if you have the <sys/socket.h> header file. */ +#undef HAVE_SYS_SOCKET_H +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif + +/* Define to 1 if you have the <socket.h> header file. */ +#undef HAVE_SOCKET_H +#ifdef HAVE_SOCKET_H +#include <socket.h> +#endif + +/* Define to 1 if you have the <tcpd.h> header file. */ +#undef HAVE_TCPD_H +#ifdef HAVE_TCPD_H +#include <tcpd.h> +#endif + +/* Define to 1 if you have the <netinet/in.h> header file. */ +#undef HAVE_NETINET_IN_H +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif + +/* Define to 1 if you have the <arpa/inet.h> header file. */ +#undef HAVE_ARPA_INET_H +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif + +/* Define to 1 if you have the <netdb.h> header file. */ +#undef HAVE_NETDB_H +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif + +/* Define to 1 if you have the <ctype.h> header file. */ +#undef HAVE_CTYPE_H +#ifdef HAVE_CTYPE_H +#include <ctype.h> +#endif + +/* Define to 1 if you have the <pwd.h> header file. */ +#undef HAVE_PWD_H +#ifdef HAVE_PWD_H +#include <pwd.h> +#endif + +/* Define to 1 if you have the <grp.h> header file. */ +#undef HAVE_GRP_H +#ifdef HAVE_GRP_H +#include <grp.h> +#endif + +/* Define to 1 if you have the <dirent.h> header file. */ +#undef HAVE_DIRENT_H +#ifdef HAVE_DIRENT_H +#include <dirent.h> +#endif + +/* Have SSL support */ +#undef HAVE_SSL +#undef OPENSSL_V3 + +/* Have the krb5.h header file */ +#undef HAVE_KRB5_H +#ifdef HAVE_KRB5_H +#include <krb5.h> +#endif + +/* Define to 1 if you have the <inttypes.h> header file. */ +#undef HAVE_INTTYPES_H + +/* Define to 1 if you have the <stdint.h> header file. */ +#undef HAVE_STDINT_H + +#ifdef HAVE_INTTYPES_H +#include <inttypes.h> +#else +#ifdef HAVE_STDINT_H +#include <stdint.h> +#endif +#endif + +/* Define to 1 if you have the <paths.h> header file. */ +#undef HAVE_PATHS_H + +/* Define to 1 if you have the <sys/resource.h> header file. */ +#undef HAVE_SYS_RESOURCE_H + +#endif diff --git a/include/nrpe.h b/include/nrpe.h new file mode 100644 index 0000000..e1b70c0 --- /dev/null +++ b/include/nrpe.h @@ -0,0 +1,71 @@ +/**************************************************************************** + * + * nrpe.h - Nagios Remote Plugin Executor header file + * + * License: GPLv2 + * Copyright (c) 2006-2017 Nagios Enterprises + * 1999-2006 Ethan Galstad (nagios@nagios.org) + * + * License Notice: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + ****************************************************************************/ + +#include <limits.h> + +typedef struct command_struct { + char *command_name; + char *command_line; + struct command_struct *next; +} command; + +int init(void); +void init_ssl(void); +void log_ssl_startup(void); +void usage(int); +void run_inetd(void); +void run_src(void); +void run_daemon(void); +void set_stdio_sigs(void); +void cleanup(void); +int read_config_file(char *); +int read_config_dir(char *); +int get_log_facility(char *); +int add_command(char *,char *); +command *find_command(char *); +void create_listener(struct addrinfo *ai); +void wait_for_connections(void); +void setup_wait_conn(void); +int wait_conn_fork(int sock); +void conn_check_peer(int sock); +void handle_connection(int); +void init_handle_conn(void); +int handle_conn_ssl(int sock, void *ssl_ptr); +int read_packet(int sock, void *ssl_ptr, v2_packet *v2_pkt, v3_packet **v3_pkt); +void free_memory(void); +int my_system(char*, int, int*, char**); /* executes a command via popen(), but also protects against timeouts */ +void my_system_sighandler(int); /* handles timeouts when executing commands via my_system() */ +void my_connection_sighandler(int); /* handles timeouts of connection */ +int drop_privileges(char *,char *, int); +int write_pid_file(void); +int remove_pid_file(void); +int check_privileges(void); +void sighandler(int); +void child_sighandler(int); +int validate_request(v2_packet *, v3_packet *); +int contains_nasty_metachars(char *); +int process_macros(char *,char *,int); +int process_arguments(int,char **); diff --git a/include/utils.h b/include/utils.h new file mode 100644 index 0000000..e81f8d1 --- /dev/null +++ b/include/utils.h @@ -0,0 +1,54 @@ +/**************************************************************************** + * + * utils.h - NRPE Utility Functions header file + * + * License: GPLv2 + * Copyright (c) 2009-2017 Nagios Enterprises + * 1999-2008 Ethan Galstad (nagios@nagios.org) + * + * License Notice: + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + ****************************************************************************/ + + +#ifndef NRPE_UTILS_H_INCLUDED +#define NRPE_UTILS_H_INCLUDED + +#include "../include/config.h" + +void generate_crc32_table(void); +unsigned long calculate_crc32(char*, int); +void randomize_buffer(char*,int); +int my_tcp_connect(char*, int, int*); +#ifdef HAVE_STRUCT_SOCKADDR_STORAGE +int my_connect(const char*, struct sockaddr_storage*, u_short, int, const char*, int); +#else +int my_connect(const char*, struct sockaddr*, u_short, int, const char*, int); +#endif +void add_listen_addr(struct addrinfo**, int, char*, int); +int clean_environ(const char *keep_env_vars, const char *nrpe_user); +char* strip(char*); +int sendall(int, char*, int*); +int recvall(int, char*, int*, int); +char *my_strsep(char**, const char*); +void open_log_file(); +void logit(int priority, const char *format, ...); +void close_log_file(); +void display_license(void); +extern int disable_syslog; + +#endif |