Changeset 1a5449e in nscp for modules/NRPEListener

Timestamp:

03/26/05 23:29:52 (8 years ago)

Author:

Michael Medin <michael@…>

Branches:

master, 0.4.0, 0.4.1, 0.4.2, stable

Children:

452fd41

Parents:

c4f6204

Message:

+ NRPE Support (very basic, no encryption, and nothing fancy)

• Socket classes rewritten + Added NSCModuleHelper::getSettingsSection to the API

Location:

modules/NRPEListener

Files:

• NRPEListener.cpp (modified) (2 diffs)
• NRPEListener.h (modified) (2 diffs)
• NRPEListener.vcproj (modified) (1 diff)
• NRPESocket.cpp (modified) (4 diffs)
• NRPESocket.h (modified) (3 diffs)

modules/NRPEListener/NRPEListener.cpp

@@ -20 +20 @@
 }
 
+#define DEFAULT_NRPE_PORT 5666
+
 
 bool NRPEListener::loadModule() {
-  socketThreadManager.createThread(NULL);
+  timeout = NSCModuleHelper::getSettingsInt("NRPE", "commandTimeout", 60);
+  std::list<std::string> commands = NSCModuleHelper::getSettingsSection("NRPE Handlers");
+  std::list<std::string>::iterator it;
+  for (it = commands.begin(); it != commands.end(); it++) {
+    strEx::token t = strEx::getToken(*it, '=');
+    if (t.first.substr(0,7) == "command") {
+      strEx::token t2 = strEx::getToken(t.first, '[');
+      t2 = strEx::getToken(t2.second, ']');
+      t.first = t2.first;
+    }
+    if (t.first.empty() || t.second.empty()) {
+      NSC_LOG_ERROR_STD("Invalid command definition: " + (*it));
+    } else
+      addCommand(t.first, t.second);
+  }
+
+  simpleSocket::Socket::WSAStartup();
+  socket.StartListen(NSCModuleHelper::getSettingsInt("NRPE", "port", DEFAULT_NRPE_PORT));
   return true;
 }
 bool NRPEListener::unloadModule() {
-  socketThreadManager.exitThread();
+  socket.close();
+  simpleSocket::Socket::WSACleanup();
   return true;
 }
 
 std::string NRPEListener::getModuleName() {
-  return "CheckDisk Various Disk related checks.";
+  return "NRPE module.";
 }
 NSCModuleWrapper::module_version NRPEListener::getModuleVersion() {
@@ -47 +67 @@
 
 NSCAPI::nagiosReturn NRPEListener::handleCommand(const std::string command, const unsigned int argLen, char **char_args, std::string &message, std::string &perf) {
-  return NSCAPI::returnIgnored;
+  commandList::iterator it = commands.find(command);
+  if (it == commands.end())
+    return NSCAPI::returnIgnored;
+
+  std::string str = (*it).second;
+  if (NSCModuleHelper::getSettingsInt("NRPE", "AllowArguments", 0) == 0) {
+    arrayBuffer::arrayList arr = arrayBuffer::arrayBuffer2list(argLen, char_args);
+    arrayBuffer::arrayList::const_iterator cit = arr.begin();
+    int i=0;
+
+    for (;cit!=arr.end();it++,i++) {
+      strEx::replace(str, "ARG" + strEx::itos(i), (*cit));
+    }
+  }
+
+  if (NSCModuleHelper::getSettingsInt("NRPE", "AllowNastyMetaChars", 0) == 0) {
+    if (str.find_first_of(NASTY_METACHARS) != std::string::npos) {
+      NSC_LOG_ERROR("Request command contained illegal metachars!");
+      return NSCAPI::returnIgnored;
+    }
+  }
+
+  return executeNRPECommand(str, message, perf);
+}
+#define MAX_INPUT_BUFFER 1024
+
+int NRPEListener::executeNRPECommand(std::string command, std::string &msg, std::string &perf)
+{
+  NSCAPI::nagiosReturn result;
+  PROCESS_INFORMATION pi;
+  STARTUPINFO si;
+  HANDLE hChildOutR, hChildOutW, hChildInR, hChildInW;
+  SECURITY_ATTRIBUTES sec;
+  DWORD dwstate, dwexitcode;
+  int retval;
+
+
+  // Set up members of SECURITY_ATTRIBUTES structure. 
+
+  sec.nLength = sizeof(SECURITY_ATTRIBUTES);
+  sec.bInheritHandle = TRUE;
+  sec.lpSecurityDescriptor = NULL;
+
+  // Create Pipes
+  CreatePipe(&hChildInR, &hChildInW, &sec, 0);
+  CreatePipe(&hChildOutR, &hChildOutW, &sec, 0);
+
+  // Set up members of STARTUPINFO structure. 
+
+  ZeroMemory(&si, sizeof(STARTUPINFO));
+  si.cb = sizeof(STARTUPINFO);
+  si.dwFlags = STARTF_USESTDHANDLES;
+  si.hStdInput = hChildInR;
+  si.hStdOutput = hChildOutW;
+  si.hStdError = hChildOutW;
+
+
+  // CreateProcess doesn't work with a const command
+  char *cmd = new char[command.length()+1];
+  strncpy(cmd, command.c_str(), command.length());
+  cmd[command.length()] = 0;
+
+  // Create the child process. 
+  BOOL processOK = CreateProcess(NULL, cmd,        // command line 
+    NULL, // process security attributes 
+    NULL, // primary thread security attributes 
+    TRUE, // handles are inherited 
+    0,    // creation flags 
+    NULL, // use parent's environment 
+    NULL, // use parent's current directory 
+    &si,  // STARTUPINFO pointer 
+    &pi); // receives PROCESS_INFORMATION 
+  delete [] cmd;
+
+  if (processOK) {
+    dwstate = WaitForSingleObject(pi.hProcess, 1000*timeout);
+    CloseHandle(hChildInR);
+    CloseHandle(hChildInW);
+    CloseHandle(hChildOutW);
+
+    if (dwstate == WAIT_TIMEOUT) {
+      TerminateProcess(pi.hProcess, 5);
+      msg = "The check didn't respond within the timeout period!";
+      result = NSCAPI::returnUNKNOWN;
+    } else {
+      DWORD dwread;
+      char *buf = new char[MAX_INPUT_BUFFER+1];
+      retval = ReadFile(hChildOutR, buf, MAX_INPUT_BUFFER, &dwread, NULL);
+      if (!retval || dwread == 0) {
+        msg = "No output available from command...";
+      } else {
+        buf[dwread] = 0;
+        msg = buf;
+        strEx::token t = strEx::getToken(msg, '\n');
+        t = strEx::getToken(t.first, '|');
+        msg = t.first;
+        perf = t.second;
+      }
+      delete [] buf;
+      result = NSCHelper::int2nagios(GetExitCodeProcess(pi.hProcess, &dwexitcode));
+    }
+    CloseHandle(pi.hThread);
+    CloseHandle(pi.hProcess);
+    CloseHandle(hChildOutR);
+  }
+  else {
+    msg = "NRPE_NT failed to create process, exiting...";
+    result = NSCAPI::returnUNKNOWN;
+    CloseHandle(hChildInR);
+    CloseHandle(hChildInW);
+    CloseHandle(hChildOutW);
+    CloseHandle(pi.hThread);
+    CloseHandle(pi.hProcess);
+    CloseHandle(hChildOutR);
+  }
+  return result;
 }
 

modules/NRPEListener/NRPEListener.h

@@ -4 +4 @@
 #include "NRPESocket.h"
 #include <Socket.h>
+#include <map>
 
 class NRPEListener {
 private:
-  NRPESocketThread socketThreadManager;
+  NRPESocket socket;
+  typedef std::map<std::string, std::string> commandList;
+  commandList commands;
+  unsigned int timeout;
 
 public:
@@ -20 +24 @@
   bool hasMessageHandler();
   NSCAPI::nagiosReturn handleCommand(const std::string command, const unsigned int argLen, char **char_args, std::string &message, std::string &perf);
+
+private:
+  int executeNRPECommand(std::string command, std::string &msg, std::string &perf);
+  void addCommand(std::string key, std::string args) {
+    commands[key] = args;
+  }
 };
 

modules/NRPEListener/NRPEListener.vcproj

@@ -122 +122 @@
       UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}">
       <File
+        RelativePath="..\..\include\arrayBuffer.cpp">
+      </File>
+      <File
         RelativePath=".\NRPEListener.cpp">
       </File>

modules/NRPEListener/NRPESocket.cpp

@@ -6 +6 @@
  * Default c-tor
  */
-NRPESocket::NRPESocket(): SimpleSocketListsner(DEFAULT_NRPE_PORT) {
+NRPESocket::NRPESocket() {
 }
 
@@ -12 +12 @@
 }
 
+
+
 typedef short int16_t;
 typedef unsigned long u_int32_t;
 
-typedef struct packet_struct{
-  int16_t   packet_version;
-  int16_t   packet_type;
-  u_int32_t crc32_value;
-  int16_t   result_code;
-  char      buffer[1024];
-}packet;
-
 static unsigned long crc32_table[256];
-
-/* build the crc table - must be called before calculating the crc value */
+static bool hascrc32 = false;
 void generate_crc32_table(void){
   unsigned long crc, poly;
   int i, j;
-
   poly=0xEDB88320L;
   for(i=0;i<256;i++){
@@ -41 +33 @@
     crc32_table[i]=crc;
   }
-
-  return;
+  hascrc32 = true;
 }
-
-/* calculates the CRC 32 value for a buffer */
-unsigned long calculate_crc32(char *buffer, int buffer_size){
+unsigned long calculate_crc32(const char *buffer, int buffer_size){
+  if (!hascrc32)
+    generate_crc32_table();
   register unsigned long crc;
   int this_char;
@@ -61 +52 @@
 }
 
-void NRPESocket::onAccept(SOCKET client) {
-  NSC_DEBUG_MSG("Accepting connection from remote host");
 
-  SimpleSocketListsner::readAllDataBlock block = SimpleSocketListsner::readAll(client);
-  packet *p = reinterpret_cast<packet*>(block.first);
-  // @todo Verify versions and stuff, and ofcource add SSL (but thats in the future :)
-  NSC_DEBUG_MSG_STD("Incoming data: " + p->buffer);
+class NRPEPacket {
+public:
+  static const short queryPacket = 1;
+  static const short responsePacket = 2;
+  static const short version2 = 2;
+private:
+  typedef struct packet {
+    int16_t   packet_version;
+    int16_t   packet_type;
+    u_int32_t crc32_value;
+    int16_t   result_code;
+    char      buffer[1024];
+  } packet;
+  std::string payload_;
+  short type_;
+  short version_;
+  NSCAPI::nagiosReturn result_;
+  unsigned int crc32_;
+  unsigned int calculatedCRC32_;
+  char *tmpBuffer;
+public:
+  NRPEPacket(const char *buffer) : tmpBuffer(NULL) {
+    const packet *p = reinterpret_cast<const packet*>(buffer);
+    type_ = ntohs(p->packet_type);
+    assert( (type_ == queryPacket)||(type_ == responsePacket));
+    version_ = ntohs(p->packet_version);
+    assert(version_ == version2);
+    crc32_ = ntohl(p->crc32_value);
+    // Verify CRC32
+    // @todo Fix this, currently we need a const buffer so we cannot change the crc to 0.
+    char * tb = new char[getBufferLength()];
+    memcpy(tb, buffer, getBufferLength());
+    packet *p2 = reinterpret_cast<packet*>(tb);
+    p2->crc32_value = 0;
+    calculatedCRC32_ = calculate_crc32(tb, getBufferLength());
+    delete [] tb;
+    // Verify CRC32 end
+    result_ = NSCHelper::int2nagios(ntohs(p->result_code));
+    payload_ = std::string(p->buffer);
+  }
+  NRPEPacket(short type, short version, NSCAPI::nagiosReturn result, std::string payLoad) 
+    : tmpBuffer(NULL) 
+    ,type_(type)
+    ,version_(version)
+    ,result_(result)
+    ,payload_(payLoad)
+  {
+  }
+  ~NRPEPacket() {
+    delete [] tmpBuffer;
+  }
+  unsigned short getVersion() const { return version_; }
+  unsigned short getType() const { return type_; }
+  unsigned short getResult() const { return result_; }
+  std::string getPayload() const { return payload_; }
+  const char* getBuffer() {
+    delete [] tmpBuffer;
+    tmpBuffer = new char[getBufferLength()];
+    packet *p = reinterpret_cast<packet*>(tmpBuffer);
+    p->result_code = htons(NSCHelper::nagios2int(result_));
+    p->packet_type = htons(type_);
+    p->packet_version = htons(version_);
+    p->crc32_value = 0;
+    strncpy(p->buffer, payload_.c_str(), 1023);
+    p->buffer[1024] = 0;
+    p->crc32_value = htonl(calculate_crc32(tmpBuffer, getBufferLength()));
+    return tmpBuffer;
+  }
+  bool verifyCRC() {
+    return calculatedCRC32_ == crc32_;
+  }
+  const unsigned int getBufferLength() const {
+    return sizeof(packet);
+  }
+};
 
-  charEx::token cmd = charEx::getToken(p->buffer, '!');
+void NRPESocket::onAccept(simpleSocket::Socket client) {
+  simpleSocket::DataBuffer block;
+  client.readAll(block);
+  NRPEPacket p(block.getBuffer());
+  if (p.getType() != NRPEPacket::queryPacket) {
+    NSC_LOG_ERROR("Request is not a query.");
+    client.close();
+    return;
+  }
+  if (p.getVersion() != NRPEPacket::version2) {
+    NSC_LOG_ERROR("Request had unsupported version.");
+    client.close();
+    return;
+  }
+  if (!p.verifyCRC()) {
+    NSC_LOG_ERROR("Request had invalid checksum.");
+    client.close();
+    return;
+  }
+  strEx::token cmd = strEx::getToken(p.getPayload(), '!');
   std::string msg, perf;
-  NSCAPI::nagiosReturn ret = NSCModuleHelper::InjectSplitAndCommand(cmd.first.c_str(), cmd.second, '!', msg, perf);
-//QUERY_PACKET
-  packet p2;
-  strncpy(p2.buffer, (msg+"|"+perf).c_str(), 1023);
-  p2.buffer[1023] = 0;
-  p2.packet_type = htons(2);
-  p2.packet_version = htons(2);
-  p2.result_code = htons(static_cast<int>(ret));
+  NSC_DEBUG_MSG_STD("Command: " + cmd.first);
+  NSC_DEBUG_MSG_STD("Arguments: " + cmd.second);
 
-  generate_crc32_table();
-  p2.crc32_value = 0;
-  p2.crc32_value = htonl(calculate_crc32(reinterpret_cast<char*>(&p2),sizeof(p2)));
-  send(client, reinterpret_cast<char*>(&p2), sizeof(p2), 0);
+  if (NSCModuleHelper::getSettingsInt("NRPE", "AllowArguments", 0) == 0) {
+    if (!cmd.second.empty()) {
+      NSC_LOG_ERROR("Request contained arguments (not currently allowed).");
+      client.close();
+      return;
+    }
+  }
+  if (NSCModuleHelper::getSettingsInt("NRPE", "AllowNastyMetaChars", 0) == 0) {
+    if (cmd.first.find_first_of(NASTY_METACHARS) != std::string::npos) {
+      NSC_LOG_ERROR("Request command contained illegal metachars!");
+      client.close();
+      return;
+    }
+    if (cmd.second.find_first_of(NASTY_METACHARS) != std::string::npos) {
+      NSC_LOG_ERROR("Request arguments contained illegal metachars!");
+      client.close();
+      return;
+    }
+  }
 
-  delete [] block.first;
-  closesocket(client);
+  NSCAPI::nagiosReturn ret = NSCModuleHelper::InjectSplitAndCommand(cmd.first, cmd.second, '!', msg, perf);
+  if (perf.empty()) {
+    NRPEPacket p2(NRPEPacket::responsePacket, NRPEPacket::version2, ret, msg);
+    client.send(p2.getBuffer(), p2.getBufferLength(), 0);
+  } else {
+    NRPEPacket p2(NRPEPacket::responsePacket, NRPEPacket::version2, ret, msg + "|" + perf);
+    client.send(p2.getBuffer(), p2.getBufferLength(), 0);
+  }
+  client.close();
 }
 

modules/NRPEListener/NRPESocket.h

@@ -5 +5 @@
 #include <WinSock2.h>
 #include <Socket.h>
+#include <string.h>
 /**
  * @ingroup NSClient++
@@ -30 +31 @@
  */
 
-#define DEFAULT_NRPE_PORT 5666
 
+#define NASTY_METACHARS         "|`&><'\"\\[]{}"        /* This may need to be modified for windows directory seperator */
 
-class NRPESocket : public SimpleSocketListsner {
+class NRPESocket : public simpleSocket::Listener {
 private:
 
@@ -41 +42 @@
 
 private:
-  virtual void onAccept(SOCKET client);
+  virtual void onAccept(simpleSocket::Socket client);
 };
 
 
-typedef Thread<NRPESocket> NRPESocketThread; // Thread manager