From: Ethan G. <ega...@us...> - 2003-03-14 02:37:09
|
Update of /cvsroot/nagios/nrpe/src In directory sc8-pr-cvs1:/tmp/cvs-serv18830/src Modified Files: check_nrpe.c nrpe.c Added Files: dh.h Log Message: SSL support (Derrick) --- NEW FILE --- #ifndef HEADER_DH_H #include <openssl/dh.h> #endif DH *get_dh512() { static unsigned char dh512_p[]={ 0xAC,0x60,0x86,0x85,0xDD,0x35,0x52,0xDD,0x53,0x07,0x6E,0x5A, 0xB1,0x75,0x46,0x6E,0x26,0xBB,0x86,0xC9,0x59,0x97,0x1D,0x8B, 0x41,0xC4,0x75,0xFB,0xED,0x17,0x3D,0xC3,0x76,0xBE,0x50,0x82, 0x54,0xE9,0xDE,0x73,0x9C,0x7D,0x19,0xA4,0x52,0x2C,0x8A,0xEE, 0x92,0x2C,0x98,0xF7,0x78,0xC6,0xE8,0xD1,0x00,0xBD,0x13,0x7F, 0x79,0x6D,0xAD,0xF3, }; static unsigned char dh512_g[]={ 0x02, }; DH *dh; if ((dh=DH_new()) == NULL) return(NULL); dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); if ((dh->p == NULL) || (dh->g == NULL)) { DH_free(dh); return(NULL); } return(dh); } Index: check_nrpe.c =================================================================== RCS file: /cvsroot/nagios/nrpe/src/check_nrpe.c,v retrieving revision 1.18 retrieving revision 1.19 diff -C2 -r1.18 -r1.19 *** check_nrpe.c 7 Mar 2003 04:14:04 -0000 1.18 --- check_nrpe.c 14 Mar 2003 02:37:06 -0000 1.19 *************** *** 76,80 **** printf("License: GPL\n"); #ifdef HAVE_SSL ! printf("SSL Available\n"); #endif printf("\n"); --- 76,80 ---- printf("License: GPL\n"); #ifdef HAVE_SSL ! printf("SSL/TLS Available: Anonymous DHMode, OpenSSL 0.9.6 or higher required\n"); #endif printf("\n"); *************** *** 140,145 **** if(result==STATE_OK && use_ssl==TRUE){ if((ssl=SSL_new(ctx))!=NULL){ ! /*SSL_CTX_set_cipher_list(ctx,"ALL");*/ ! SSL_CTX_set_cipher_list(ctx,"DH"); SSL_set_fd(ssl,sd); if((rc=SSL_connect(ssl))!=1){ --- 140,144 ---- if(result==STATE_OK && use_ssl==TRUE){ if((ssl=SSL_new(ctx))!=NULL){ ! SSL_CTX_set_cipher_list(ctx,"ADH"); SSL_set_fd(ssl,sd); if((rc=SSL_connect(ssl))!=1){ Index: nrpe.c =================================================================== RCS file: /cvsroot/nagios/nrpe/src/nrpe.c,v retrieving revision 1.19 retrieving revision 1.20 diff -C2 -r1.19 -r1.20 *** nrpe.c 7 Mar 2003 04:06:58 -0000 1.19 --- nrpe.c 14 Mar 2003 02:37:06 -0000 1.20 *************** *** 5,9 **** * License: GPL * ! * Last Modified: 03-06-2003 * * Command line: nrpe -c <config_file> [--inetd | --daemon] --- 5,9 ---- * License: GPL * ! * Last Modified: 03-13-2003 * * Command line: nrpe -c <config_file> [--inetd | --daemon] *************** *** 24,27 **** --- 24,31 ---- #include "utils.h" + #ifdef HAVE_SSL + #include "dh.h" + #endif + #define DEFAULT_COMMAND_TIMEOUT 60 /* default timeout for execution of plugins */ #define MAXFD 64 *************** *** 86,89 **** --- 90,96 ---- int x; char buffer[MAX_INPUT_BUFFER]; + #ifdef HAVE_SSL + DH *dh; + #endif result=process_arguments(argc,argv); *************** *** 98,102 **** printf("License: GPL\n"); #ifdef HAVE_SSL ! printf("SSL Available\n"); #endif printf("\n"); --- 105,109 ---- printf("License: GPL\n"); #ifdef HAVE_SSL ! printf("SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required\n"); #endif printf("\n"); *************** *** 189,195 **** } /*SSL_CTX_set_cipher_list(ctx,"ALL");*/ ! SSL_CTX_set_options(ctx,SSL_OP_SINGLE_DH_USE); ! SSL_CTX_set_cipher_list(ctx,"DH"); ! } #endif --- 196,208 ---- } /*SSL_CTX_set_cipher_list(ctx,"ALL");*/ ! SSL_CTX_set_cipher_list(ctx,"ADH"); ! dh=get_dh512(); ! SSL_CTX_set_tmp_dh(ctx,dh); ! DH_free(dh); ! syslog(LOG_INFO,"INFO: SSL/TLS initialized. All network traffic will be encrypted."); ! } ! else{ ! syslog(LOG_INFO,"INFO: SSL/TLS NOT initialized. Network encryption DISABLED."); ! } #endif *************** *** 330,334 **** else if(!strcmp(varname,"server_address")){ strncpy(server_address,varvalue,sizeof(server_address) - 1); ! server_address[sizeof(server_address) - 1] = '\0'; } --- 343,347 ---- else if(!strcmp(varname,"server_address")){ strncpy(server_address,varvalue,sizeof(server_address) - 1); ! server_address[sizeof(server_address)-1]='\0'; } *************** *** 718,723 **** if((ssl=SSL_new(ctx))!=NULL){ SSL_set_fd(ssl,sock); ! if(SSL_accept(ssl)!=1){ ! syslog(LOG_ERR,"Error: Could not complete SSL handshake.\n"); #ifdef DEBUG errfp=fopen("/tmp/err.log","w"); --- 731,736 ---- if((ssl=SSL_new(ctx))!=NULL){ SSL_set_fd(ssl,sock); ! if((rc=SSL_accept(ssl))!=1){ ! syslog(LOG_ERR,"Error: Could not complete SSL handshake. %s\n",SSL_get_error(ssl,rc)); #ifdef DEBUG errfp=fopen("/tmp/err.log","w"); *************** *** 757,760 **** --- 770,774 ---- SSL_shutdown(ssl); SSL_free(ssl); + syslog(LOG_INFO,"INFO: SSL Socket Shutdown.\n"); #endif *************** *** 852,855 **** --- 866,873 ---- strcpy(buffer,""); result=my_system(processed_command,command_timeout,&early_timeout,buffer,sizeof(buffer)); + + /* log debug info */ + if(debug==TRUE) + syslog(LOG_DEBUG,"Command completed with return code %d and output: %s",result,buffer); /* see if the command timed out */ |