Changeset 72eea1f in nscp

Timestamp:

02/20/12 23:51:38 (15 months ago)

Author:

Michael Medin <michael@…>

Branches:

master, 0.4.0, 0.4.1, 0.4.2

Children:

c74d7b6

Parents:

523576e

Message:

• Fixed NRPE buffer issue
• Added test case for 65K NRPE buffer length as well as 1Mb
• Added support for not regexp as operator to filters (Eventlog) (#463)
• Added support for computer as filter keyword and format keyword in EventLog? (#442) "filter=computer = 'foo'" syntax=%computer%
• Improved messages rendering of eventlog messages a bit

Files:

• changelog (modified) (1 diff)
• include/nrpe/client/socket.hpp (modified) (1 diff)
• include/nrpe/server/connection.cpp (modified) (2 diffs)
• include/nrpe/server/connection.hpp (modified) (1 diff)
• include/nrpe/server/ssl_connection.cpp (modified) (1 diff)
• include/nrpe/server/ssl_connection.hpp (modified) (1 diff)
• include/nrpe/server/tcp_connection.cpp (modified) (1 diff)
• include/nrpe/server/tcp_connection.hpp (modified) (1 diff)
• include/parsers/operators.cpp (modified) (3 diffs)
• include/parsers/where/expression_ast.hpp (modified) (1 diff)
• include/parsers/where/grammar/grammar.cpp (modified) (1 diff)
• include/socket/socket_helpers.hpp (modified) (5 diffs)
• modules/CheckEventLog/CheckEventLog.cpp (modified) (2 diffs)
• modules/CheckEventLog/eventlog_record.hpp (modified) (6 diffs)
• modules/CheckEventLog/filter.cpp (modified) (2 diffs)
• modules/CheckEventLog/filter.hpp (modified) (1 diff)
• scripts/python/test_eventlog.py (modified) (2 diffs)
• scripts/python/test_nrpe.py (modified) (2 diffs)
• version.hpp (modified) (1 diff)
• version.txt (modified) (1 diff)

changelog

@@ -4 +4 @@
  * Fixa dependonservice LanManWorkStation (old win)
  * Fix RtlStringFromGUID problem on NT4
+
+2012-02-19 MickeM
+ * Fixed NRPE buffer issue
+ * Added test case for 65K NRPE buffer length as well as 1Mb 
+ * Added support for not regexp as operator to filters (Eventlog) (#463)
+ * Added support for computer as filter keyword and format keyword in EventLog (#442)
+   "filter=computer = 'foo'" syntax=%computer%
+ * Improved messages rendering of eventlog messages a bit 
 
 2012-02-19 MickeM

include/nrpe/client/socket.hpp

@@ -5 +5 @@
 #include <socket/socket_helpers.hpp>
 //#include <nsca/nsca_packet.hpp>
+#include <iostream>
 
 using boost::asio::ip::tcp;

include/nrpe/server/connection.cpp

@@ -84 +84 @@
               response = handler_->create_error(_T("Unknown error handling NRPE packet"));
             }
-
             std::vector<boost::asio::const_buffer> buffers;
             buffers.push_back(buf(response.get_buffer()));
             start_write_request(buffers);
-            cancel_timer();
+          } else {
+            continue_read_request(buffer_);
           }
         }
@@ -101 +101 @@
     }
 
-    void connection::handle_write_response(const boost::system::error_code& e) {
+    void connection::handle_write_response(const boost::system::error_code& e, std::size_t bytes_transferred) {
       if (!e) {
+        cancel_timer();
+        handler_->log_debug(__FILE__, __LINE__, _T("Wrote data: ") + strEx::itos(bytes_transferred));
         // Initiate graceful connection closure.
         boost::system::error_code ignored_ec;

include/nrpe/server/connection.hpp

@@ -35 +35 @@
 
       virtual void start_read_request(buffer_type &buffer, int timeout) = 0;
+      virtual void continue_read_request(buffer_type &buffer) = 0;
       virtual void start_write_request(const std::vector<boost::asio::const_buffer>& response) = 0;
       //virtual void start_handle_handsc_request(nrpe::packet response) = 0;
 
       void handle_read_request(const boost::system::error_code& e, std::size_t bytes_transferred);
-      void handle_write_response(const boost::system::error_code& e);
+      void handle_write_response(const boost::system::error_code& e, std::size_t bytes_transferred);
       virtual void handle_handshake(const boost::system::error_code& e) {} 
 

include/nrpe/server/ssl_connection.cpp

@@ -50 +50 @@
         );
     }
+    void ssl_connection::continue_read_request(buffer_type &buffer) {
+      socket_.async_read_some(
+        boost::asio::buffer(buffer),
+        strand_.wrap(
+        boost::bind(&connection::handle_read_request, shared_from_this(), boost::asio::placeholders::error, boost::asio::placeholders::bytes_transferred)
+        )
+        );
+    }
 
     void ssl_connection::start_write_request(const std::vector<boost::asio::const_buffer>& response) {
       boost::asio::async_write(socket_, response,
         strand_.wrap(
-          boost::bind(&connection::handle_write_response, shared_from_this(),boost::asio::placeholders::error)
+          boost::bind(&connection::handle_write_response, shared_from_this(), boost::asio::placeholders::error, boost::asio::placeholders::bytes_transferred)
           )
         );

include/nrpe/server/ssl_connection.hpp

@@ -33 +33 @@
 
       virtual void start_read_request(connection::buffer_type &buffer, int timeout);
+      void continue_read_request(buffer_type &buffer);
       virtual void start_write_request(const std::vector<boost::asio::const_buffer>& response);
       void handle_handshake(const boost::system::error_code& error);

include/nrpe/server/tcp_connection.cpp

@@ -33 +33 @@
         );
     }
+    void tcp_connection::continue_read_request(buffer_type &buffer) {
+      socket_.async_read_some(
+        boost::asio::buffer(buffer),
+        strand_.wrap(
+        boost::bind(&connection::handle_read_request, shared_from_this(), boost::asio::placeholders::error, boost::asio::placeholders::bytes_transferred)
+        )
+        );
+    }
     void tcp_connection::start_write_request(const std::vector<boost::asio::const_buffer>& response) {
       boost::asio::async_write(socket_, response,
         strand_.wrap(
-          boost::bind(&connection::handle_write_response, shared_from_this(),boost::asio::placeholders::error)
+          boost::bind(&connection::handle_write_response, shared_from_this(),boost::asio::placeholders::error, boost::asio::placeholders::bytes_transferred)
           )
         );

include/nrpe/server/tcp_connection.hpp

@@ -29 +29 @@
 
       virtual void start_read_request(connection::buffer_type &buffer, int timeout);
+      void continue_read_request(buffer_type &buffer);
       virtual void start_write_request(const std::vector<boost::asio::const_buffer>& response);
 

include/parsers/operators.cpp

@@ -96 +96 @@
       struct operator_gt : public simple_bool_binary_operator_impl {
         bool eval_int(value_type type, filter_handler handler, const expression_ast &left, const expression_ast & right) const {
-          if (debug_enabled && debug_level > 10)
-            std::cout << "(op_gt) " << left.get_int(handler) << " > " << right.get_int(handler) << std::endl;
+          if (debug_enabled && debug_level > 10) {
+            long long lhs = left.get_int(handler);
+            long long rhs = right.get_int(handler);
+            std::cout << "(op_gt) " << lhs << " > " << rhs << std::endl;
+          }
           return left.get_int(handler) > right.get_int(handler);
         }
@@ -179 +182 @@
             boost::wregex re(regexp);
             return boost::regex_match(str, re);
+          } catch (const boost::bad_expression e) {
+            handler->error(_T("Invalid syntax in regular expression:") + regexp);
+            return false;
+          } catch (...) {
+            handler->error(_T("Invalid syntax in regular expression:") + regexp);
+            return false;
+          }
+        };
+      };
+      struct operator_not_regexp : public simple_bool_binary_operator_impl {
+        bool eval_int(value_type type, filter_handler handler, const expression_ast &left, const expression_ast & right) const {
+          handler->error(_T("Regular expression not supported on numbers..."));
+          return false;
+        }
+        bool eval_string(value_type type, filter_handler handler, const expression_ast &left, const expression_ast & right) const { 
+          std::wstring str = left.get_string(handler);
+          std::wstring regexp = right.get_string(handler);
+          if (debug_enabled)
+            std::wcout << _T("(op_regexp) ") << str << _T(" regexp ") << regexp << std::endl;
+          try {
+            boost::wregex re(regexp);
+            return !boost::regex_match(str, re);
           } catch (const boost::bad_expression e) {
             handler->error(_T("Invalid syntax in regular expression:") + regexp);
@@ -398 +423 @@
       if (op == op_regexp)
         return bin_op_type(new operator_impl::operator_regexp());
+      if (op == op_regexp)
+        return bin_op_type(new operator_impl::operator_not_regexp());
 
       

include/parsers/where/expression_ast.hpp

@@ -34 +34 @@
 
     enum operators {
-      op_eq, op_le, op_lt, op_gt, op_ge, op_ne, op_in, op_nin, op_or, op_and, op_inv, op_not, op_like, op_not_like, op_binand, op_binor, op_regexp
+      op_eq, op_le, op_lt, op_gt, op_ge, op_ne, op_in, op_nin, op_or, op_and, op_inv, op_not, op_like, op_not_like, op_binand, op_binor, op_regexp, op_not_regexp
     };
 

include/parsers/where/grammar/grammar.cpp

@@ -180 +180 @@
           | ascii::no_case[qi::lit("regexp")]         [_val = op_regexp]
           | ascii::no_case[qi::lit("not like")]       [_val = op_not_like]
+          | ascii::no_case[qi::lit("not regexp")]       [_val = op_not_regexp]
           ;
 

include/socket/socket_helpers.hpp

@@ -172 +172 @@
           }
         }
+        return false;
       }
 
@@ -194 +195 @@
       sock.get_io_service().reset();
       while (sock.get_io_service().run_one()) {
-        if (read_result)
+        if (read_result) {
           timer.cancel();
-        else if (timer_result)
+          return true;
+        }
+        else if (timer_result) {
           rawSocket.close();
-      }
-
-      if (*read_result)
+          return false;
+        }
+      }
+
+      if (read_result && *read_result)
         throw boost::system::system_error(*read_result);
-      return true;
+      return false;
     }
 
@@ -250 +255 @@
           }
         }
+        return false;
       }
       void set_result(boost::optional<boost::system::error_code>* a, boost::system::error_code ec) {
@@ -271 +277 @@
       sock.get_io_service().reset();
       while (sock.get_io_service().run_one()) {
-        if (read_result)
+        if (read_result) {
           timer.cancel();
-        else if (timer_result) {
+          return true;
+        } else if (timer_result) {
           rawSocket.close();
           return false;
@@ -287 +294 @@
       if (*read_result)
         throw boost::system::system_error(*read_result);
-      return true;
+      return false;
     }
   }

modules/CheckEventLog/CheckEventLog.cpp

@@ -546 +546 @@
               uniq_record.message = record.render(fargs->bShowDescriptions, fargs->syntax);
             } else if (!fargs->bShowDescriptions) {
-              uniq_record.message = record.eventSource();
+              uniq_record.message = record.get_source();
             } else {
-              uniq_record.message = record.eventSource();
+              uniq_record.message = record.get_source();
               uniq_record.message += _T("(") + EventLogRecord::translateType(record.eventType()) + _T(", ") + 
                 strEx::itos(record.eventID()) + _T(", ") + EventLogRecord::translateSeverity(record.severity()) + _T(")");
@@ -561 +561 @@
             strEx::append_list(message, record.render(fargs->bShowDescriptions, fargs->syntax));
           } else if (!fargs->bShowDescriptions) {
-            strEx::append_list(message, record.eventSource());
+            strEx::append_list(message, record.get_source());
           } else {
-            strEx::append_list(message, record.eventSource());
+            strEx::append_list(message, record.get_source());
             message += _T("(") + EventLogRecord::translateType(record.eventType()) + _T(", ") + 
               strEx::itos(record.eventID()) + _T(", ") + EventLogRecord::translateSeverity(record.severity()) + _T(")");

modules/CheckEventLog/eventlog_record.hpp

@@ -3 +3 @@
 #include "simple_registry.hpp"
 #include <config.h>
+#include <boost/tuple/tuple.hpp>
 
 class EventLogRecord {
@@ -23 +24 @@
     return pevlr_->TimeWritten;
   }
-  inline std::wstring eventSource() const {
+  inline std::wstring get_source() const {
     return reinterpret_cast<const WCHAR*>(reinterpret_cast<const BYTE*>(pevlr_) + sizeof(EVENTLOGRECORD));
+  }
+  inline std::wstring get_computer() const {
+    size_t len = wcslen(reinterpret_cast<const WCHAR*>(reinterpret_cast<const BYTE*>(pevlr_) + sizeof(EVENTLOGRECORD)));
+    return reinterpret_cast<const WCHAR*>(reinterpret_cast<const BYTE*>(pevlr_) + sizeof(EVENTLOGRECORD) + (len+1)*sizeof(wchar_t));
   }
   inline DWORD eventID() const {
@@ -141 +146 @@
   std::wstring get_dll() const {
     try {
-      return simple_registry::registry_key::get_string(HKEY_LOCAL_MACHINE, _T("SYSTEM\\CurrentControlSet\\Services\\EventLog\\") + file_ + (std::wstring)_T("\\") + eventSource(), _T("EventMessageFile"));
+      return simple_registry::registry_key::get_string(HKEY_LOCAL_MACHINE, _T("SYSTEM\\CurrentControlSet\\Services\\EventLog\\") + file_ + (std::wstring)_T("\\") + get_source(), _T("EventMessageFile"));
     } catch (simple_registry::registry_exception &e) {
-      NSC_LOG_ERROR_STD(_T("Could not extract DLL for eventsource: ") + eventSource() + _T(": ") + e.what());
+      NSC_LOG_ERROR_STD(_T("Could not extract DLL for eventsource: ") + get_source() + _T(": ") + e.what());
       return _T("");
     }
@@ -170 +175 @@
 
   };
+
+  boost::tuple<DWORD,std::wstring> wrapped_format(HMODULE hDLL, DWORD dwLang, DWORD id, tchar_array &buffer) const {
+    LPVOID lpMsgBuf;
+    unsigned long dwRet = FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER|FORMAT_MESSAGE_FROM_HMODULE|FORMAT_MESSAGE_ARGUMENT_ARRAY|FORMAT_MESSAGE_IGNORE_INSERTS,hDLL,
+      id,dwLang,(LPTSTR)&lpMsgBuf,0,reinterpret_cast<va_list*>(buffer.get_buffer_unsafe()));
+    if (dwRet == 0) {
+      return boost::tuple<DWORD,std::wstring>(GetLastError(), _T(""));
+    }
+    LocalFree(lpMsgBuf);
+    dwRet = FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER|FORMAT_MESSAGE_FROM_HMODULE|FORMAT_MESSAGE_ARGUMENT_ARRAY,hDLL,
+      id,dwLang,(LPTSTR)&lpMsgBuf,0,reinterpret_cast<va_list*>(buffer.get_buffer_unsafe()));
+    if (dwRet == 0)
+      return boost::make_tuple(GetLastError(), _T(""));
+    std::wstring msg = reinterpret_cast<wchar_t*>(lpMsgBuf);
+    LocalFree(lpMsgBuf);
+    return boost::make_tuple(0, msg);
+  }
   std::wstring render_message(DWORD dwLang = 0) const {
     std::vector<std::wstring> args;
     const TCHAR* p = reinterpret_cast<const TCHAR*>(reinterpret_cast<const BYTE*>(pevlr_) + pevlr_->StringOffset);
 
-    tchar_array buffer(pevlr_->NumStrings);
-    for (unsigned int i =0;i<pevlr_->NumStrings;i++) {
+    tchar_array buffer(pevlr_->NumStrings+10);
+    for (unsigned int i = 0;i<pevlr_->NumStrings;i++) {
       unsigned int len = buffer.set(i, p);
       p = &(p[len+1]);
+    }
+    for (unsigned int i = pevlr_->NumStrings;i<pevlr_->NumStrings+10;i++) {
+      unsigned int len = buffer.set(i, _T(""));
     }
     std::wstring ret;
@@ -190 +215 @@
           continue;
         }
-        LPVOID lpMsgBuf;
         if (dwLang == 0)
           dwLang = MAKELANGID(LANG_NEUTRAL,SUBLANG_DEFAULT);
-        unsigned long dwRet = FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER|FORMAT_MESSAGE_FROM_HMODULE|FORMAT_MESSAGE_ARGUMENT_ARRAY,hDLL,
-          pevlr_->EventID,dwLang,(LPTSTR)&lpMsgBuf,0,reinterpret_cast<va_list*>(buffer.get_buffer_unsafe()));
-        if (dwRet == 0) {
-          DWORD err = GetLastError();
+        boost::tuple<DWORD,std::wstring> formated_data = wrapped_format(hDLL, dwLang, pevlr_->EventID, buffer);
+        if (formated_data.get<0>() != 0) {
           FreeLibrary(hDLL);
-          if (err == 317) {
+          if (formated_data.get<0>() == 15100) {
+            // Invalid MUI file (wrong language)
             msg = _T("");
             continue;
           }
-          msg = _T("failed to lookup error code: ") + strEx::itos(eventID()) + _T(" from DLL: ") + (*cit) + _T("( reson: ") + strEx::itos(err) + _T(")");
+          if (formated_data.get<0>() == 317) {
+            // Missing message
+            msg = _T("");
+            continue;
+          }
+          msg = _T("failed to lookup error code: ") + strEx::itos(eventID()) + _T(" from DLL: ") + (*cit) + _T("( reason: ") + strEx::itos(formated_data.get<0>()) + _T(")");
           continue;
         }
-        msg = reinterpret_cast<wchar_t*>(lpMsgBuf);
-        LocalFree(lpMsgBuf);
         FreeLibrary(hDLL);
+        msg = formated_data.get<1>();
       } catch (...) {
         msg = _T("Unknown exception getting message");
@@ -256 +283 @@
     }
 
-    strEx::replace(syntax, _T("%source%"), eventSource());
+    strEx::replace(syntax, _T("%source%"), get_source());
+    strEx::replace(syntax, _T("%computer%"), get_computer());
     strEx::replace(syntax, _T("%generated%"), strEx::format_date(get_time_generated(), date_format));
     strEx::replace(syntax, _T("%written%"), strEx::format_date(get_time_written(), date_format));

modules/CheckEventLog/filter.cpp

@@ -52 +52 @@
     (_T("message"), (type_string))
     (_T("strings"), (type_string))
+    (_T("computer"), (type_string))
     (_T("written"), (type_date))
     (_T("generated"), (type_date));
@@ -80 +81 @@
   else if (key == _T("strings"))
     ret = &filter_obj::get_strings;
+  else if (key == _T("computer"))
+    ret = &filter_obj::get_computer;
   else
     NSC_DEBUG_MSG_STD(_T("Failed to bind (string): ") + key);

modules/CheckEventLog/filter.hpp

@@ -33 +33 @@
     }
     std::wstring get_source() {
-      return record.eventSource(); 
+      return record.get_source(); 
+    }
+    std::wstring get_computer() {
+      return record.get_computer(); 
     }
     long long get_el_type() {

scripts/python/test_eventlog.py

@@ -77 +77 @@
     log('%s'%self.last_message)
     result.assert_equals(self.last_message, 'error Application Error: ', 'Verify that message is sent through')
+    
+    (res, msg, perf) = Core.get().simple_query('CheckEventLog', ['file=Application', 'debug=true', 'warn=gt:1', 'filter=generated gt -2h', 'syntax=:%computer%:, %source%', 'descriptions'])
+    log('===>> %s <==='%msg)
+    result.add_message(self.test_create('Application Error', 1000, '0', 'error', ['a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a']), 'Testing to create a log message')
+    
     return result
 
@@ -87 +92 @@
     
     conf.set_string('/settings/pytest_eventlog/real-time', 'enabled', 'true')
+    #conf.set_string('/settings/pytest_eventlog/real-time', 'filter', 'generated gt -2h')
     conf.set_string('/settings/pytest_eventlog/real-time', 'maximum age', '5s')
     conf.set_string('/settings/pytest_eventlog/real-time', 'destination', 'pytest_evlog')

scripts/python/test_nrpe.py

@@ -188 +188 @@
         log('Waiting for %s (%s/%s)'%(uid,alias,target))
         sleep(500)
-    if found:
-      return result
-    return None
+    if not found:
+      result.add_message(False, 'Testing to recieve message using %s'%alias)
+    return result
 
   def test_one(self, ssl=True, length=1024, state = status.UNKNOWN, tag = 'TODO'):
@@ -232 +232 @@
     result.add(self.do_one_test(ssl=False))
     result.add(self.do_one_test(ssl=True, length=4096))
+    result.add(self.do_one_test(ssl=True, length=65536))
+    result.add(self.do_one_test(ssl=True, length=1048576))
     return result
     

version.hpp

@@ -1 +1 @@
 #ifndef VERSION_HPP
 #define VERSION_HPP
-#define PRODUCTVER     0,4,0,135
-#define STRPRODUCTVER  "0,4,0,135"
-#define STRPRODUCTDATE "2012-02-19"
+#define PRODUCTVER     0,4,0,136
+#define STRPRODUCTVER  "0,4,0,136"
+#define STRPRODUCTDATE "2012-02-20"
 #endif // VERSION_HPP

version.txt

@@ -1 +1 @@
 version=0.4.0
-build=135
-date=2012-02-19
+build=136
+date=2012-02-20