static struct my_value *new_value(struct client_context *cc)
{
struct my_value *value;
MD5_CTX context;
uint8_t digest[16];
char valud_id_buf[11];
unsigned header_length;
unsigned l;
value = calloc(1, sizeof(struct my_value));
value->buf = malloc(sizeof(struct buffer));
value->buf->ptr = calloc(1, cc->args_info.value_size_arg + 1);
value->buf->size = cc->args_info.value_size_arg;
value->value_id = cc->last_value_id++;
randomize_buffer(value->buf);
sprintf(valud_id_buf, "%010d", value->value_id);
header_length = 10 + 32 + 4;
MD5_Init(&context);
MD5_Update(&context, (uint8_t *)&value->value_id,
sizeof(value->value_id));
MD5_Update(&context, (uint8_t *)value->buf->ptr + header_length,
cc->args_info.value_size_arg - header_length);
MD5_Final(digest, &context);
l = sprintf(value->buf->ptr, "{%010d,%016lx%016lx}",
value->value_id,
*((int64_t *)digest), *((int64_t *)digest + 1));
value->buf->ptr[l] = ' ';
return value;
}
int main(int argc, char **argv)
{
assert(2 == argc);
size_t blk_size;
char *buf;
FILE *f;
int i;
int iters;
double t0, t1;
ssize_t retval;
f = fopen(argv[1], "w+");
if (NULL == f)
err(EXIT_FAILURE, "fopen");
blk_size = 64 * 1400 + 64 * 20;
buf = malloc(blk_size);
if (NULL == buf)
err(EXIT_FAILURE, "malloc");
iters = 1000;
for (i = 0; i < iters; i++) {
randomize_buffer(buf, blk_size);
t0 = now();
retval = fwrite(buf, blk_size, 1, f);
if (1 != retval)
err(EXIT_FAILURE, "fwrite");
retval = fdatasync(fileno(f));
if (retval)
err(EXIT_FAILURE, "fdatasync");
t1 = now();
printf("%f s% 20f b/s\n", t1 - t0, blk_size / (t1 - t0));
}
return 0;
}
void checkasm_check_afir(void)
{
LOCAL_ALIGNED_32(float, src0, [LEN*2+8]);
LOCAL_ALIGNED_32(float, src1, [LEN*2+8]);
LOCAL_ALIGNED_32(float, src2, [LEN*2+8]);
AudioFIRDSPContext fir = { 0 };
ff_afir_init(&fir);
randomize_buffer(src0);
randomize_buffer(src1);
randomize_buffer(src2);
if (check_func(fir.fcmul_add, "fcmul_add"))
test_fcmul_add(src0, src1, src2);
report("fcmul_add");
}
void overwrite(int stage) {
u_int32_t i, j;
off_t count = 0;
unsigned char *buffptr = buffer;
lseek(file, 0, SEEK_SET);
while (count < file_size - buffsize) {
if (stage == W_RANDOM) {
randomize_buffer(buffer, buffsize);
} else if (stage == W_TRIPLE) {
buffptr = align_buffer(buffer, count);
}
i = write(file, buffptr, buffsize);
if (options & OPT_VERIFY) {
/* verify the write */
lseek(file, count, SEEK_SET);
j = read(file, verify_buffer, buffsize);
if (!(i == j && !memcmp(verify_buffer, buffptr, buffsize))) {
verification_failure(count);
}
}
if (options & OPT_V) {
update_progress(i);
}
count += i;
}
if (stage == W_RANDOM) {
randomize_buffer(buffer, file_size - count);
} else if (stage == W_TRIPLE) {
buffptr = align_buffer(buffer, count);
}
i = write(file, buffptr, file_size - count);
if (options & OPT_VERIFY) {
/* verify the write */
lseek(file, count, SEEK_SET);
j = read(file, verify_buffer, file_size - count);
if (!(i == j && !memcmp(verify_buffer, buffptr, file_size - count))) {
verification_failure(count);
}
}
if (options & OPT_V) {
update_progress(i);
}
flush(file);
lseek(file, 0, SEEK_SET);
}
static void
write_header( cipher_filter_context_t *cfx, IOBUF a )
{
PACKET pkt;
PKT_encrypted ed;
byte temp[18];
unsigned blocksize;
unsigned nprefix;
blocksize = cipher_get_blocksize( cfx->dek->algo );
if( blocksize < 8 || blocksize > 16 )
log_fatal("unsupported blocksize %u\n", blocksize );
memset( &ed, 0, sizeof ed );
ed.len = cfx->datalen;
ed.extralen = blocksize+2;
ed.new_ctb = !ed.len && !RFC1991;
if( cfx->dek->use_mdc ) {
ed.mdc_method = DIGEST_ALGO_SHA1;
cfx->mdc_hash = md_open( DIGEST_ALGO_SHA1, 0 );
if ( DBG_HASHING )
md_start_debug( cfx->mdc_hash, "creatmdc" );
}
{
char buf[20];
sprintf (buf, "%d %d", ed.mdc_method, cfx->dek->algo);
write_status_text (STATUS_BEGIN_ENCRYPTION, buf);
}
init_packet( &pkt );
pkt.pkttype = cfx->dek->use_mdc? PKT_ENCRYPTED_MDC : PKT_ENCRYPTED;
pkt.pkt.encrypted = &ed;
if( build_packet( a, &pkt ))
log_bug("build_packet(ENCR_DATA) failed\n");
nprefix = blocksize;
randomize_buffer( temp, nprefix, 1 );
temp[nprefix] = temp[nprefix-2];
temp[nprefix+1] = temp[nprefix-1];
print_cipher_algo_note( cfx->dek->algo );
cfx->cipher_hd = cipher_open( cfx->dek->algo,
cfx->dek->use_mdc? CIPHER_MODE_CFB
: CIPHER_MODE_AUTO_CFB, 1 );
/* log_hexdump( "thekey", cfx->dek->key, cfx->dek->keylen );*/
cipher_setkey( cfx->cipher_hd, cfx->dek->key, cfx->dek->keylen );
cipher_setiv( cfx->cipher_hd, NULL, 0 );
/* log_hexdump( "prefix", temp, nprefix+2 ); */
if( cfx->mdc_hash ) /* hash the "IV" */
md_write( cfx->mdc_hash, temp, nprefix+2 );
cipher_encrypt( cfx->cipher_hd, temp, temp, nprefix+2);
cipher_sync( cfx->cipher_hd );
iobuf_write(a, temp, nprefix+2);
cfx->header=1;
}
void randomize_vector(
size_t filesize,
std::vector<uint8_t>* output_vector_ptr
)
{
ASSERT_NE(nullptr, output_vector_ptr);
output_vector_ptr->resize(filesize);
randomize_buffer(
output_vector_ptr->data(),
filesize
);
}
/* handles a client connection */
void handle_connection(int sock){
u_int32_t calculated_crc32;
command *temp_command;
packet receive_packet;
packet send_packet;
int bytes_to_send;
int bytes_to_recv;
char buffer[MAX_INPUT_BUFFER];
char raw_command[MAX_INPUT_BUFFER];
char processed_command[MAX_INPUT_BUFFER];
int result=STATE_OK;
int early_timeout=FALSE;
int rc;
int x;
#ifdef DEBUG
FILE *errfp;
#endif
#ifdef HAVE_SSL
SSL *ssl=NULL;
#endif
/* log info to syslog facility */
if(debug==TRUE)
syslog(LOG_DEBUG,"Handling the connection...");
#ifdef OLDSTUFF
/* socket should be non-blocking */
fcntl(sock,F_SETFL,O_NONBLOCK);
#endif
/* set connection handler */
signal(SIGALRM,my_connection_sighandler);
alarm(connection_timeout);
#ifdef HAVE_SSL
/* do SSL handshake */
if(result==STATE_OK && use_ssl==TRUE){
if((ssl=SSL_new(ctx))!=NULL){
SSL_set_fd(ssl,sock);
/* keep attempting the request if needed */
while(((rc=SSL_accept(ssl))!=1) && (SSL_get_error(ssl,rc)==SSL_ERROR_WANT_READ));
if(rc!=1){
syslog(LOG_ERR,"Error: Could not complete SSL handshake. %d\n",SSL_get_error(ssl,rc));
#ifdef DEBUG
errfp=fopen("/tmp/err.log","w");
ERR_print_errors_fp(errfp);
fclose(errfp);
#endif
return;
}
}
else{
syslog(LOG_ERR,"Error: Could not create SSL connection structure.\n");
#ifdef DEBUG
errfp=fopen("/tmp/err.log","w");
ERR_print_errors_fp(errfp);
fclose(errfp);
#endif
return;
}
}
#endif
bytes_to_recv=sizeof(receive_packet);
if(use_ssl==FALSE)
rc=recvall(sock,(char *)&receive_packet,&bytes_to_recv,socket_timeout);
#ifdef HAVE_SSL
else{
while(((rc=SSL_read(ssl,&receive_packet,bytes_to_recv))<=0) && (SSL_get_error(ssl,rc)==SSL_ERROR_WANT_READ));
}
#endif
/* recv() error or client disconnect */
if(rc<=0){
/* log error to syslog facility */
syslog(LOG_ERR,"Could not read request from client, bailing out...");
#ifdef HAVE_SSL
if(ssl){
SSL_shutdown(ssl);
SSL_free(ssl);
syslog(LOG_INFO,"INFO: SSL Socket Shutdown.\n");
}
#endif
return;
}
/* we couldn't read the correct amount of data, so bail out */
else if(bytes_to_recv!=sizeof(receive_packet)){
/* log error to syslog facility */
syslog(LOG_ERR,"Data packet from client was too short, bailing out...");
#ifdef HAVE_SSL
if(ssl){
SSL_shutdown(ssl);
SSL_free(ssl);
}
#endif
return;
}
#ifdef DEBUG
fp=fopen("/tmp/packet","w");
if(fp){
fwrite(&receive_packet,1,sizeof(receive_packet),fp);
fclose(fp);
}
#endif
/* make sure the request is valid */
if(validate_request(&receive_packet)==ERROR){
/* log an error */
syslog(LOG_ERR,"Client request was invalid, bailing out...");
/* free memory */
free(command_name);
command_name=NULL;
for(x=0;x<MAX_COMMAND_ARGUMENTS;x++){
free(macro_argv[x]);
macro_argv[x]=NULL;
}
#ifdef HAVE_SSL
if(ssl){
SSL_shutdown(ssl);
SSL_free(ssl);
}
#endif
return;
}
/* log info to syslog facility */
if(debug==TRUE)
syslog(LOG_DEBUG,"Host is asking for command '%s' to be run...",receive_packet.buffer);
/* disable connection alarm - a new alarm will be setup during my_system */
alarm(0);
/* if this is the version check command, just spew it out */
if(!strcmp(command_name,NRPE_HELLO_COMMAND)){
snprintf(buffer,sizeof(buffer),"NRPE v%s",PROGRAM_VERSION);
buffer[sizeof(buffer)-1]='\x0';
/* log info to syslog facility */
if(debug==TRUE)
syslog(LOG_DEBUG,"Response: %s",buffer);
result=STATE_OK;
}
/* find the command we're supposed to run */
else{
temp_command=find_command(command_name);
if(temp_command==NULL){
snprintf(buffer,sizeof(buffer),"NRPE: Command '%s' not defined",command_name);
buffer[sizeof(buffer)-1]='\x0';
/* log error to syslog facility */
if(debug==TRUE)
syslog(LOG_DEBUG,"%s",buffer);
result=STATE_CRITICAL;
}
else{
/* process command line */
if(command_prefix==NULL)
strncpy(raw_command,temp_command->command_line,sizeof(raw_command)-1);
else
snprintf(raw_command,sizeof(raw_command)-1,"%s %s",command_prefix,temp_command->command_line);
raw_command[sizeof(raw_command)-1]='\x0';
process_macros(raw_command,processed_command,sizeof(processed_command));
/* log info to syslog facility */
if(debug==TRUE)
syslog(LOG_DEBUG,"Running command: %s",processed_command);
/* run the command */
strcpy(buffer,"");
result=my_system(processed_command,command_timeout,&early_timeout,buffer,sizeof(buffer));
/* log debug info */
if(debug==TRUE)
syslog(LOG_DEBUG,"Command completed with return code %d and output: %s",result,buffer);
/* see if the command timed out */
if(early_timeout==TRUE)
snprintf(buffer,sizeof(buffer)-1,"NRPE: Command timed out after %d seconds\n",command_timeout);
else if(!strcmp(buffer,""))
snprintf(buffer,sizeof(buffer)-1,"NRPE: Unable to read output\n");
buffer[sizeof(buffer)-1]='\x0';
/* check return code bounds */
if((result<0) || (result>3)){
/* log error to syslog facility */
syslog(LOG_ERR,"Bad return code for [%s]: %d", buffer,result);
result=STATE_UNKNOWN;
}
}
}
/* free memory */
free(command_name);
command_name=NULL;
for(x=0;x<MAX_COMMAND_ARGUMENTS;x++){
free(macro_argv[x]);
macro_argv[x]=NULL;
}
/* strip newline character from end of output buffer */
if(buffer[strlen(buffer)-1]=='\n')
buffer[strlen(buffer)-1]='\x0';
/* clear the response packet buffer */
bzero(&send_packet,sizeof(send_packet));
/* fill the packet with semi-random data */
randomize_buffer((char *)&send_packet,sizeof(send_packet));
/* initialize response packet data */
send_packet.packet_version=(int16_t)htons(NRPE_PACKET_VERSION_2);
send_packet.packet_type=(int16_t)htons(RESPONSE_PACKET);
send_packet.result_code=(int16_t)htons(result);
strncpy(&send_packet.buffer[0],buffer,MAX_PACKETBUFFER_LENGTH);
send_packet.buffer[MAX_PACKETBUFFER_LENGTH-1]='\x0';
/* calculate the crc 32 value of the packet */
send_packet.crc32_value=(u_int32_t)0L;
calculated_crc32=calculate_crc32((char *)&send_packet,sizeof(send_packet));
send_packet.crc32_value=(u_int32_t)htonl(calculated_crc32);
/***** ENCRYPT RESPONSE *****/
/* send the response back to the client */
bytes_to_send=sizeof(send_packet);
if(use_ssl==FALSE)
sendall(sock,(char *)&send_packet,&bytes_to_send);
#ifdef HAVE_SSL
else
SSL_write(ssl,&send_packet,bytes_to_send);
#endif
#ifdef HAVE_SSL
if(ssl){
SSL_shutdown(ssl);
SSL_free(ssl);
}
#endif
/* log info to syslog facility */
if(debug==TRUE)
syslog(LOG_DEBUG,"Return Code: %d, Output: %s",result,buffer);
return;
}
int main(int argc, char **argv) {
int sd;
int rc;
int result;
data_packet send_packet;
int bytes_to_send;
char input[MAX_INPUT_BUFFER];
char input_buffer[MAX_INPUT_BUFFER];
char *temp_ptr;
char host_name[MAX_HOSTNAME_LENGTH];
char svc_description[MAX_DESCRIPTION_LENGTH];
char plugin_output[MAX_PLUGINOUTPUT_LENGTH];
int total_packets = 0;
int16_t return_code;
u_int32_t calculated_crc32;
char *inputptr, *ptr1, *ptr2, *ptr3, *ptr4;
/* process command-line arguments */
result = process_arguments(argc, argv);
if (result != OK || show_help == TRUE || show_license == TRUE || show_version == TRUE) {
if (result != OK)
printf("Incorrect command line arguments supplied\n");
printf("\n");
printf("NSCA Client %s\n", PROGRAM_VERSION);
printf("Copyright (c) 2010-2012 Icinga Development Team and Community Contributors (http://www.icinga.org)\n");
printf("Copyright (c) 2000-2007 Ethan Galstad (www.nagios.org)\n");
printf("Last Modified: %s\n", MODIFICATION_DATE);
printf("License: GPL v2\n");
printf("Encryption Routines: ");
#ifdef HAVE_LIBMCRYPT
printf("AVAILABLE");
#else
printf("NOT AVAILABLE");
#endif
printf("\n");
printf("\n");
}
if (result != OK || show_help == TRUE) {
printf("Usage: %s -H <host_address> [-p port] [-to to_sec] [-d delim] [-c config_file]\n", argv[0]);
printf("\n");
printf("Options:\n");
printf(" <host_address> = The IP address of the host running the NSCA daemon\n");
printf(" [port] = The port on which the daemon is running - default is %s\n", DEFAULT_SERVER_PORT);
printf(" [to_sec] = Number of seconds before connection attempt times out.\n");
printf(" (default timeout is %d seconds)\n", DEFAULT_SOCKET_TIMEOUT);
printf(" [delim] = Delimiter to use when parsing input (defaults to a tab)\n");
printf(" [config_file] = Name of config file to use\n");
printf("\n");
printf("Note:\n");
printf("This utility is used to send passive check results to the NSCA daemon. Host and\n");
printf("Service check data that is to be sent to the NSCA daemon is read from standard\n");
printf("input. Input should be provided in the following format (tab-delimited unless\n");
printf("overriden with -d command line argument, one entry per line):\n");
printf("\n");
printf("Service Checks:\n");
printf("<host_name>[tab]<svc_description>[tab]<return_code>[tab]<plugin_output>[newline]\n\n");
printf("Host Checks:\n");
printf("<host_name>[tab]<return_code>[tab]<plugin_output>[newline]\n\n");
printf("When submitting multiple simultaneous results, separate each set with the ETB\n");
printf("character (^W or 0x17)\n");
printf("\n");
}
if (show_license == TRUE)
display_license();
if (result != OK || show_help == TRUE || show_license == TRUE || show_version == TRUE)
do_exit(STATE_UNKNOWN);
/* read the config file */
result = read_config_file(config_file);
/* exit if there are errors... */
if (result == ERROR) {
printf("Error: Config file '%s' contained errors...\n", config_file);
do_exit(STATE_CRITICAL);
}
/* generate the CRC 32 table */
generate_crc32_table();
/* initialize alarm signal handling */
signal(SIGALRM, alarm_handler);
/* set socket timeout */
alarm(socket_timeout);
time(&start_time);
/* try to connect to the host at the given port number */
result = my_tcp_connect(server_name, server_port, &sd);
/* we couldn't connect */
if (result != STATE_OK) {
printf("Error: Could not connect to host %s on port %s\n", server_name, server_port);
do_exit(STATE_CRITICAL);
}
#ifdef DEBUG
printf("Connected okay...\n");
#endif
/* read the initialization packet containing the IV and timestamp */
result = read_init_packet(sd);
if (result != OK) {
printf("Error: Could not read init packet from server\n");
close(sd);
do_exit(STATE_CRITICAL);
}
#ifdef DEBUG
printf("Got init packet from server\n");
#endif
/* initialize encryption/decryption routines with the IV we received from the server */
if (encrypt_init(password, encryption_method, received_iv, &CI) != OK) {
printf("Error: Failed to initialize encryption libraries for method %d\n", encryption_method);
close(sd);
do_exit(STATE_CRITICAL);
}
#ifdef DEBUG
printf("Initialized encryption routines\n");
#endif
/**** WE'RE CONNECTED AND READY TO SEND ****/
/* read all data from STDIN until there isn't anymore */
while (!feof(stdin)) {
int c = getc(stdin);
if (c == -1) {
break;
}
int pos = 0;
while (c != 23) {
if (c == -1) { // in case we don't terminate properly, or are in single-input mode.
break;
}
input_buffer[pos] = c;
c = getc(stdin);
pos++;
}
input_buffer[pos] = 0;
strip(input_buffer);
if (!strcmp(input_buffer, ""))
continue;
/* get the host name */
ptr1 = strtok(input_buffer, delimiter);
if (ptr1 == NULL)
continue;
/* get the service description or return code */
ptr2 = strtok(NULL, delimiter);
if (ptr2 == NULL)
continue;
/* get the return code or plugin output */
ptr3 = strtok(NULL, delimiter);
if (ptr3 == NULL)
continue;
/* get the plugin output - if NULL, this is a host check result */
ptr4 = strtok(NULL, "\x0");
strncpy(host_name, ptr1, sizeof(host_name) - 1);
host_name[sizeof(host_name) - 1] = '\x0';
if (ptr4 == NULL) {
strcpy(svc_description, "");
return_code = atoi(ptr2);
ptr3 = escape_newlines(ptr3);
strncpy(plugin_output, ptr3, sizeof(plugin_output) - 1);
} else {
strncpy(svc_description, ptr2, sizeof(svc_description) - 1);
return_code = atoi(ptr3);
ptr4 = escape_newlines(ptr4);
strncpy(plugin_output, ptr4, sizeof(plugin_output) - 1);
}
svc_description[sizeof(svc_description) - 1] = '\x0';
plugin_output[sizeof(plugin_output) - 1] = '\x0';
/* increment count of packets we're sending */
total_packets++;
/* clear the packet buffer */
bzero(&send_packet, sizeof(send_packet));
/* fill the packet with semi-random data */
randomize_buffer((char *)&send_packet, sizeof(send_packet));
/* copy the data we want to send into the packet */
send_packet.packet_version = (int16_t)htons(NSCA_PACKET_VERSION_3);
send_packet.return_code = (int16_t)htons(return_code);
strcpy(&send_packet.host_name[0], host_name);
strcpy(&send_packet.svc_description[0], svc_description);
strcpy(&send_packet.plugin_output[0], plugin_output);
/* use timestamp provided by the server */
send_packet.timestamp = (u_int32_t)htonl(packet_timestamp);
/* calculate the crc 32 value of the packet */
send_packet.crc32_value = (u_int32_t)0L;
calculated_crc32 = calculate_crc32((char *)&send_packet, sizeof(send_packet));
send_packet.crc32_value = (u_int32_t)htonl(calculated_crc32);
/* encrypt the packet */
encrypt_buffer((char *)&send_packet, sizeof(send_packet), password, encryption_method, CI);
/* send the packet */
bytes_to_send = sizeof(send_packet);
rc = sendall(sd, (char *)&send_packet, &bytes_to_send);
/* there was an error sending the packet */
if (rc == -1) {
printf("Error: Could not send data to host\n");
close(sd);
do_exit(STATE_UNKNOWN);
}
/* for some reason we didn't send all the bytes we were supposed to */
else if (bytes_to_send < sizeof(send_packet)) {
printf("Warning: Sent only %d of %d bytes to host\n", rc, sizeof(send_packet));
close(sd);
return STATE_UNKNOWN;
}
}
#ifdef DEBUG
printf("Done sending data\n");
#endif
/* close the connection */
close(sd);
printf("%d data packet(s) sent to host successfully.\n", total_packets);
/* exit cleanly */
do_exit(STATE_OK);
/* no compiler complaints here... */
return STATE_OK;
}
int main(int argc, char **argv){
u_int32_t packet_crc32;
u_int32_t calculated_crc32;
int16_t result;
int rc;
packet send_packet;
packet receive_packet;
int bytes_to_send;
int bytes_to_recv;
result=process_arguments(argc,argv);
if(result!=OK || show_help==TRUE || show_license==TRUE || show_version==TRUE){
if(result!=OK)
printf("Incorrect command line arguments supplied\n");
printf("\n");
printf("NRPE Plugin for Nagios\n");
printf("Copyright (c) 1999-2008 Ethan Galstad ([email protected])\n");
printf("Version: %s\n",PROGRAM_VERSION);
printf("Last Modified: %s\n",MODIFICATION_DATE);
printf("License: GPL v2 with exemptions (-l for more info)\n");
#ifdef HAVE_SSL
printf("SSL/TLS Available: Anonymous DH Mode, OpenSSL 0.9.6 or higher required\n");
#endif
printf("\n");
}
if(result!=OK || show_help==TRUE){
printf("Usage: check_nrpe -H <host> [ -b <bindaddr> ] [-4] [-6] [-n] [-u] [-p <port>] [-t <timeout>] [-c <command>] [-a <arglist...>]\n");
printf("\n");
printf("Options:\n");
printf(" -n = Do no use SSL\n");
printf(" -u = Make socket timeouts return an UNKNOWN state instead of CRITICAL\n");
printf(" <host> = The address of the host running the NRPE daemon\n");
printf(" <bindaddr> = bind to local address\n");
printf(" -4 = user ipv4 only\n");
printf(" -6 = user ipv6 only\n");
printf(" [port] = The port on which the daemon is running (default=%d)\n",DEFAULT_SERVER_PORT);
printf(" [timeout] = Number of seconds before connection times out (default=%d)\n",DEFAULT_SOCKET_TIMEOUT);
printf(" [command] = The name of the command that the remote daemon should run\n");
printf(" [arglist] = Optional arguments that should be passed to the command. Multiple\n");
printf(" arguments should be separated by a space. If provided, this must be\n");
printf(" the last option supplied on the command line.\n");
printf("\n");
printf("Note:\n");
printf("This plugin requires that you have the NRPE daemon running on the remote host.\n");
printf("You must also have configured the daemon to associate a specific plugin command\n");
printf("with the [command] option you are specifying here. Upon receipt of the\n");
printf("[command] argument, the NRPE daemon will run the appropriate plugin command and\n");
printf("send the plugin output and return code back to *this* plugin. This allows you\n");
printf("to execute plugins on remote hosts and 'fake' the results to make Nagios think\n");
printf("the plugin is being run locally.\n");
printf("\n");
}
if(show_license==TRUE)
display_license();
if(result!=OK || show_help==TRUE || show_license==TRUE || show_version==TRUE)
exit(STATE_UNKNOWN);
/* generate the CRC 32 table */
generate_crc32_table();
#ifdef HAVE_SSL
/* initialize SSL */
if(use_ssl==TRUE){
SSL_library_init();
SSLeay_add_ssl_algorithms();
meth=SSLv23_client_method();
SSL_load_error_strings();
if((ctx=SSL_CTX_new(meth))==NULL){
printf("CHECK_NRPE: Error - could not create SSL context.\n");
exit(STATE_CRITICAL);
}
/* ADDED 01/19/2004 */
/* use only TLSv1 protocol */
SSL_CTX_set_options(ctx,SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
}
#endif
/* initialize alarm signal handling */
signal(SIGALRM,alarm_handler);
/* set socket timeout */
alarm(socket_timeout);
/* try to connect to the host at the given port number */
if((sd=my_connect(server_name, &hostaddr, server_port, address_family,
bind_address)) < 0 ) {
exit (255);
}
else {
result=STATE_OK;
}
#ifdef HAVE_SSL
/* do SSL handshake */
if(result==STATE_OK && use_ssl==TRUE){
if((ssl=SSL_new(ctx))!=NULL){
SSL_CTX_set_cipher_list(ctx,"ADH");
SSL_set_fd(ssl,sd);
if((rc=SSL_connect(ssl))!=1){
printf("CHECK_NRPE: Error - Could not complete SSL handshake.\n");
#ifdef DEBUG
printf("SSL_connect=%d\n",rc);
/*
rc=SSL_get_error(ssl,rc);
printf("SSL_get_error=%d\n",rc);
printf("ERR_get_error=%lu\n",ERR_get_error());
printf("%s\n",ERR_error_string(rc,NULL));
*/
ERR_print_errors_fp(stdout);
#endif
result=STATE_CRITICAL;
}
}
else{
printf("CHECK_NRPE: Error - Could not create SSL connection structure.\n");
result=STATE_CRITICAL;
}
/* bail if we had errors */
if(result!=STATE_OK){
SSL_CTX_free(ctx);
close(sd);
exit(result);
}
}
#endif
/* we're connected and ready to go */
if(result==STATE_OK){
/* clear the packet buffer */
bzero(&send_packet,sizeof(send_packet));
/* fill the packet with semi-random data */
randomize_buffer((char *)&send_packet,sizeof(send_packet));
/* initialize packet data */
send_packet.packet_version=(int16_t)htons(NRPE_PACKET_VERSION_2);
send_packet.packet_type=(int16_t)htons(QUERY_PACKET);
strncpy(&send_packet.buffer[0],query,MAX_PACKETBUFFER_LENGTH);
send_packet.buffer[MAX_PACKETBUFFER_LENGTH-1]='\x0';
/* calculate the crc 32 value of the packet */
send_packet.crc32_value=(u_int32_t)0L;
calculated_crc32=calculate_crc32((char *)&send_packet,sizeof(send_packet));
send_packet.crc32_value=(u_int32_t)htonl(calculated_crc32);
/***** ENCRYPT REQUEST *****/
/* send the packet */
bytes_to_send=sizeof(send_packet);
if(use_ssl==FALSE)
rc=sendall(sd,(char *)&send_packet,&bytes_to_send);
#ifdef HAVE_SSL
else{
rc=SSL_write(ssl,&send_packet,bytes_to_send);
if(rc<0)
rc=-1;
}
#endif
if(rc==-1){
printf("CHECK_NRPE: Error sending query to host.\n");
close(sd);
return STATE_UNKNOWN;
}
/* wait for the response packet */
bytes_to_recv=sizeof(receive_packet);
if(use_ssl==FALSE)
rc=recvall(sd,(char *)&receive_packet,&bytes_to_recv,socket_timeout);
#ifdef HAVE_SSL
else
rc=SSL_read(ssl,&receive_packet,bytes_to_recv);
#endif
/* reset timeout */
alarm(0);
/* close the connection */
#ifdef HAVE_SSL
if(use_ssl==TRUE){
SSL_shutdown(ssl);
SSL_free(ssl);
SSL_CTX_free(ctx);
}
#endif
graceful_close(sd,1000);
/* recv() error */
if(rc<0){
printf("CHECK_NRPE: Error receiving data from daemon.\n");
return STATE_UNKNOWN;
}
/* server disconnected */
else if(rc==0){
printf("CHECK_NRPE: Received 0 bytes from daemon. Check the remote server logs for error messages.\n");
return STATE_UNKNOWN;
}
/* receive underflow */
else if(bytes_to_recv<sizeof(receive_packet)){
printf("CHECK_NRPE: Receive underflow - only %d bytes received (%d expected).\n",bytes_to_recv,sizeof(receive_packet));
return STATE_UNKNOWN;
}
/***** DECRYPT RESPONSE *****/
/* check the crc 32 value */
packet_crc32=ntohl(receive_packet.crc32_value);
receive_packet.crc32_value=0L;
calculated_crc32=calculate_crc32((char *)&receive_packet,sizeof(receive_packet));
if(packet_crc32!=calculated_crc32){
printf("CHECK_NRPE: Response packet had invalid CRC32.\n");
close(sd);
return STATE_UNKNOWN;
}
/* check packet version */
if(ntohs(receive_packet.packet_version)!=NRPE_PACKET_VERSION_2){
printf("CHECK_NRPE: Invalid packet version received from server.\n");
close(sd);
return STATE_UNKNOWN;
}
/* check packet type */
if(ntohs(receive_packet.packet_type)!=RESPONSE_PACKET){
printf("CHECK_NRPE: Invalid packet type received from server.\n");
close(sd);
return STATE_UNKNOWN;
}
/* get the return code from the remote plugin */
result=(int16_t)ntohs(receive_packet.result_code);
/* print the output returned by the daemon */
receive_packet.buffer[MAX_PACKETBUFFER_LENGTH-1]='\x0';
if(!strcmp(receive_packet.buffer,""))
printf("CHECK_NRPE: No output returned from daemon.\n");
else
printf("%s\n",receive_packet.buffer);
}
/* reset the alarm */
else
alarm(0);
return result;
}
