[Nagios-checkins] CVS: nrpe/src dh.h,NONE,1.1 check_nrpe.c,1.18,1.19 nrpe.c,1.19,1.20

[Ethan G. <ega...@us...>]

Update of /cvsroot/nagios/nrpe/src
In directory sc8-pr-cvs1:/tmp/cvs-serv18830/src

Modified Files:
	check_nrpe.c nrpe.c 
Added Files:
	dh.h 
Log Message:
SSL support (Derrick)

--- NEW FILE ---
#ifndef HEADER_DH_H
#include <openssl/dh.h>
#endif
DH *get_dh512()
	{
	static unsigned char dh512_p[]={
		0xAC,0x60,0x86,0x85,0xDD,0x35,0x52,0xDD,0x53,0x07,0x6E,0x5A,
		0xB1,0x75,0x46,0x6E,0x26,0xBB,0x86,0xC9,0x59,0x97,0x1D,0x8B,
		0x41,0xC4,0x75,0xFB,0xED,0x17,0x3D,0xC3,0x76,0xBE,0x50,0x82,
		0x54,0xE9,0xDE,0x73,0x9C,0x7D,0x19,0xA4,0x52,0x2C,0x8A,0xEE,
		0x92,0x2C,0x98,0xF7,0x78,0xC6,0xE8,0xD1,0x00,0xBD,0x13,0x7F,
		0x79,0x6D,0xAD,0xF3,
		};
	static unsigned char dh512_g[]={
		0x02,
		};
	DH *dh;

	if ((dh=DH_new()) == NULL) return(NULL);
	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
	if ((dh->p == NULL) || (dh->g == NULL))
		{ DH_free(dh); return(NULL); }
	return(dh);
	}

Index: check_nrpe.c
===================================================================
RCS file: /cvsroot/nagios/nrpe/src/check_nrpe.c,v
retrieving revision 1.18
retrieving revision 1.19
diff -C2 -r1.18 -r1.19
*** check_nrpe.c	7 Mar 2003 04:14:04 -0000	1.18
--- check_nrpe.c	14 Mar 2003 02:37:06 -0000	1.19
***************
*** 76,80 ****
  		printf("License: GPL\n");
  #ifdef HAVE_SSL
! 		printf("SSL Available\n");
  #endif
  		printf("\n");
--- 76,80 ----
  		printf("License: GPL\n");
  #ifdef HAVE_SSL
! 		printf("SSL/TLS Available: Anonymous DHMode, OpenSSL 0.9.6 or higher required\n");
  #endif
  		printf("\n");
***************
*** 140,145 ****
  	if(result==STATE_OK && use_ssl==TRUE){
  		if((ssl=SSL_new(ctx))!=NULL){
! 			/*SSL_CTX_set_cipher_list(ctx,"ALL");*/
! 			SSL_CTX_set_cipher_list(ctx,"DH");
  			SSL_set_fd(ssl,sd);
  			if((rc=SSL_connect(ssl))!=1){
--- 140,144 ----
  	if(result==STATE_OK && use_ssl==TRUE){
  		if((ssl=SSL_new(ctx))!=NULL){
! 			SSL_CTX_set_cipher_list(ctx,"ADH");
  			SSL_set_fd(ssl,sd);
  			if((rc=SSL_connect(ssl))!=1){

Index: nrpe.c
===================================================================
RCS file: /cvsroot/nagios/nrpe/src/nrpe.c,v
retrieving revision 1.19
retrieving revision 1.20
diff -C2 -r1.19 -r1.20
*** nrpe.c	7 Mar 2003 04:06:58 -0000	1.19
--- nrpe.c	14 Mar 2003 02:37:06 -0000	1.20
***************
*** 5,9 ****
   * License: GPL
   *
!  * Last Modified: 03-06-2003
   *
   * Command line: nrpe -c <config_file> [--inetd | --daemon]
--- 5,9 ----
   * License: GPL
   *
!  * Last Modified: 03-13-2003
   *
   * Command line: nrpe -c <config_file> [--inetd | --daemon]
***************
*** 24,27 ****
--- 24,31 ----
  #include "utils.h"
  
+ #ifdef HAVE_SSL
+ #include "dh.h"
+ #endif
+ 
  #define DEFAULT_COMMAND_TIMEOUT	60			/* default timeout for execution of plugins */
  #define MAXFD                   64
***************
*** 86,89 ****
--- 90,96 ----
  	int x;
  	char buffer[MAX_INPUT_BUFFER];
+ #ifdef HAVE_SSL
+ 	DH *dh;
+ #endif
  
  	result=process_arguments(argc,argv);
***************
*** 98,102 ****
  		printf("License: GPL\n");
  #ifdef HAVE_SSL
! 		printf("SSL Available\n");
  #endif
  		printf("\n");
--- 105,109 ----
  		printf("License: GPL\n");
  #ifdef HAVE_SSL
! 		printf("SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required\n");
  #endif
  		printf("\n");
***************
*** 189,195 ****
  		        }
  		/*SSL_CTX_set_cipher_list(ctx,"ALL");*/
! 		SSL_CTX_set_options(ctx,SSL_OP_SINGLE_DH_USE);
! 		SSL_CTX_set_cipher_list(ctx,"DH");
!                 }
  #endif
  
--- 196,208 ----
  		        }
  		/*SSL_CTX_set_cipher_list(ctx,"ALL");*/
! 		SSL_CTX_set_cipher_list(ctx,"ADH");
! 		dh=get_dh512();
! 		SSL_CTX_set_tmp_dh(ctx,dh);
! 		DH_free(dh);
! 		syslog(LOG_INFO,"INFO: SSL/TLS initialized. All network traffic will be encrypted.");
! 	        }
! 	else{
! 		syslog(LOG_INFO,"INFO: SSL/TLS NOT initialized. Network encryption DISABLED.");
! 	        }
  #endif
  
***************
*** 330,334 ****
  		else if(!strcmp(varname,"server_address")){
                          strncpy(server_address,varvalue,sizeof(server_address) - 1);
!                         server_address[sizeof(server_address) - 1] = '\0';
                          }
  
--- 343,347 ----
  		else if(!strcmp(varname,"server_address")){
                          strncpy(server_address,varvalue,sizeof(server_address) - 1);
!                         server_address[sizeof(server_address)-1]='\0';
                          }
  
***************
*** 718,723 ****
  		if((ssl=SSL_new(ctx))!=NULL){
  			SSL_set_fd(ssl,sock);
! 			if(SSL_accept(ssl)!=1){
! 				syslog(LOG_ERR,"Error: Could not complete SSL handshake.\n");
  #ifdef DEBUG
  				errfp=fopen("/tmp/err.log","w");
--- 731,736 ----
  		if((ssl=SSL_new(ctx))!=NULL){
  			SSL_set_fd(ssl,sock);
! 			if((rc=SSL_accept(ssl))!=1){
! 				syslog(LOG_ERR,"Error: Could not complete SSL handshake. %s\n",SSL_get_error(ssl,rc));
  #ifdef DEBUG
  				errfp=fopen("/tmp/err.log","w");
***************
*** 757,760 ****
--- 770,774 ----
  		SSL_shutdown(ssl);
  		SSL_free(ssl);
+ 		syslog(LOG_INFO,"INFO: SSL Socket Shutdown.\n");
  #endif
  
***************
*** 852,855 ****
--- 866,873 ----
  			strcpy(buffer,"");
  			result=my_system(processed_command,command_timeout,&early_timeout,buffer,sizeof(buffer));
+ 
+ 			/* log debug info */
+ 			if(debug==TRUE)
+ 				syslog(LOG_DEBUG,"Command completed with return code %d and output: %s",result,buffer);
  
  			/* see if the command timed out */