Nagios Plugin Development

Thanks John. I applied your latest patch.

I found a flaw in my patch: the MAX_OIDS limit was no longer being
enforced, allowing for a potential buffer overflow. I've attached a patch
against the git master to fix this.

Applied in git. Manually tested for an OID containing a double quote and
works as expected.

Thanks for John for his patch.

I just used the tests in t/check_snmp.t plus a few others more specific to
our environment. Almost all of my extra tests, like the extend tests,
wouldn't necessarily work elsewhere. About the only test you'd find
useful
to add is one of multiple OIDs:

$res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o
host.hrStorage.hrMemorySize.0,host.hrSystem.hrSystemProcesses.0 -w 1:,1: -c
1:,1:");
cmp_ok( $res->return_code, '==', 0, "Exit OK when querying hrMemorySize
and hrSystemProcesses");
like($res->output, '/^SNMP OK - \d+ \d+/', "String contains hrMemorySize
and hrSystemProcesses");

Thanks John! I look through this now.

Out of interest, what tests did you run? Will add them into our test
scripts

tonvoon: I see, I thought you were referring to plugins/runcmd.c.

I've attached a patch against the SVN trunk that changes check_snmp to use
lib/utils_cmd.c. It's passed all the tests I've thrown at it, including
extend OIDs. This wasn't a trivial patch, and my C foo isn't great, so
please modify as necessary.

jbarbuto: Can you see the cmd_run and cmd_run_array in lib/utils_cmd.c?
This is also used in negate.c. The idea is that if you pass an array of
arguments, there will not be any shell expansion.

mechanyx: There may be quoting that is required at Nagios. If you use $ in
a command argument, you need to escape it with $$.

I'm not sure if this is related or not, but I had a similar problem with
check_snmp where the community string on a network device contained a
dollar sign ($). I was unable to get the check to run with that community
string. I apologize as I do not remember exactly what Nagios output when I
tried various methods of quoting or escaping it. I ended up changing the
community string on the device.

Thanks, Rich(ard)

I looked into writing a patch using the runcmd library, but I don't see
this function you're referring to.
np_runcmd_open() looks pretty similar to spopen(), with the same double
quotes restriction.

The old exec method of running external commands is deprecated, so I'd
really like to get extend working.

I don't think this is a valid fix. Preferably check_snmp should be switched
to use the runcmd library instead, which has a function to pass a varg list
for the command to run, thereby avoiding shell quotation.