Changeset b9498ef in nscp

Timestamp:

08/15/11 18:40:17 (21 months ago)

Author:

Michael Medin <michael@…>

Branches:

master, 0.4.0, 0.4.1, 0.4.2

Children:

fe75eff

Parents:

2c95d22

Message:

2011-08-15 MickeM

• Readded allowed hosts function
• Moved default socket options to /settings/default/socket
• Added more default socket options

Files:

• changelog (modified) (1 diff)
• include/NSCAPI.h (modified) (1 diff)
• include/check_nt/server/server.cpp (modified) (5 diffs)
• include/check_nt/server/server.hpp (modified) (4 diffs)
• include/nrpe/client/socket.hpp (modified) (3 diffs)
• include/nrpe/server/server.cpp (modified) (5 diffs)
• include/nrpe/server/server.hpp (modified) (4 diffs)
• include/nsca/nsca_socket.hpp (modified) (3 diffs)
• include/socket/socket_helpers.cpp (added)
• include/socket/socket_helpers.hpp (added)
• include/socket_helpers.hpp (modified) (1 diff)
• include/strEx.h (modified) (1 diff)
• modules/NRPEClient/CMakeLists.txt (modified) (2 diffs)
• modules/NRPEServer/CMakeLists.txt (modified) (2 diffs)
• modules/NRPEServer/NRPEServer.cpp (modified) (4 diffs)
• modules/NRPEServer/NRPEServer.h (modified) (1 diff)
• modules/NSCAAgent/CMakeLists.txt (modified) (2 diffs)
• modules/NSCAAgent/NSCAAgent.cpp (modified) (1 diff)
• modules/NSCAAgent/stdafx.h (modified) (1 diff)
• modules/NSClientServer/CMakeLists.txt (modified) (2 diffs)
• modules/NSClientServer/NSClientServer.cpp (modified) (4 diffs)
• modules/NSClientServer/NSClientServer.h (modified) (1 diff)
• modules/PythonScript/script_wrapper.cpp (modified) (1 diff)

changelog

@@ -3 +3 @@
  * Fix configuration GUI (low priority)
  * Add API for rehashing the daemon (or implement it the API is there but does nothing)
- * Improved socket performance (would be nice if we could be used as a "hub")
  * Fixa dependonservice LanManWorkStation (old win)
  * Fix RtlStringFromGUID problem on NT4
+
+2011-08-15 MickeM
+ * Readded allowed hosts function
+ * Moved default socket options to /settings/default/socket
+ * Added more default socket options
 
 2011-08-14 MickeM

include/NSCAPI.h

@@ -116 +116 @@
     std::wstring msg_;
     nscapi_exception(std::wstring msg) : msg_(msg) {}
+
+
+    virtual ~nscapi_exception() throw() {}
     std::string what() {
       return utf8::cvt<std::string>(msg_);

include/check_nt/server/server.cpp

@@ -14 +14 @@
 
 
-    const int server::connection_info::backlog_default = 0;
-
-    server::server(connection_info info)
-      : thread_pool_size_(info.thread_pool_size)
+    server::server(connection_info infoo)
+      : info_(infoo)
       , acceptor_(io_service_)
       , accept_strand_(io_service_)
-      , request_handler_(info.request_handler) // nrpe::length::get_payload_length())
+      , request_handler_(infoo.request_handler) // nrpe::length::get_payload_length())
       , context_(io_service_, boost::asio::ssl::context::sslv23)
-      , use_ssl_(info.use_ssl)
     {
       if (!request_handler_)
@@ -29 +26 @@
       ip::tcp::resolver resolver(io_service_);
       ip::tcp::resolver::iterator endpoint_iterator;
-      if (info.address.empty()) {
-        endpoint_iterator = resolver.resolve(ip::tcp::resolver::query(info.get_port()));
+      if (info_.address.empty()) {
+        endpoint_iterator = resolver.resolve(ip::tcp::resolver::query(info_.get_port()));
       } else {
-        endpoint_iterator = resolver.resolve(ip::tcp::resolver::query(info.get_address(), info.get_port()));
+        endpoint_iterator = resolver.resolve(ip::tcp::resolver::query(info_.get_address(), info_.get_port()));
       }
       ip::tcp::resolver::iterator end;
       if (endpoint_iterator == end) {
-        request_handler_->log_error(__FILE__, __LINE__, std::wstring(_T("Failed to lookup: ")) + info.get_endpoint_str());
+        request_handler_->log_error(__FILE__, __LINE__, std::wstring(_T("Failed to lookup: ")) + info_.get_endpoint_str());
         return;
       }
-      if (info.use_ssl) {
+      if (info_.use_ssl) {
         SSL_CTX_set_cipher_list(context_.impl(), "ADH");
-        request_handler_->log_debug(__FILE__, __LINE__, _T("Using cert: ") + to_wstring(info.certificate));
-        context_.use_tmp_dh_file(to_string(info.certificate));
+        request_handler_->log_debug(__FILE__, __LINE__, _T("Using cert: ") + to_wstring(info_.certificate));
+        context_.use_tmp_dh_file(to_string(info_.certificate));
         context_.set_verify_mode(boost::asio::ssl::context::verify_none);
       }
 
-      new_connection_.reset(check_nt::server::factories::create(io_service_, context_, request_handler_, use_ssl_));
+      new_connection_.reset(check_nt::server::factories::create(io_service_, context_, request_handler_, info_.use_ssl));
 
       ip::tcp::endpoint endpoint = *endpoint_iterator;
       acceptor_.open(endpoint.protocol());
       acceptor_.set_option(ip::tcp::acceptor::reuse_address(true));
-      request_handler_->log_debug(__FILE__, __LINE__, _T("Attempting to bind to: ") + info.get_endpoint_str());
+      request_handler_->log_debug(__FILE__, __LINE__, _T("Attempting to bind to: ") + info_.get_endpoint_str());
       acceptor_.bind(endpoint);
-      if (info.back_log == connection_info::backlog_default)
+      if (info_.back_log == connection_info::backlog_default)
         acceptor_.listen();
       else
-        acceptor_.listen(info.back_log);
+        acceptor_.listen(info_.back_log);
 
       acceptor_.async_accept(new_connection_->socket(),
@@ -63 +60 @@
           )
         );
-      request_handler_->log_debug(__FILE__, __LINE__, _T("Bound to: ") + info.get_endpoint_str());
+      request_handler_->log_debug(__FILE__, __LINE__, _T("Bound to: ") + info_.get_endpoint_str());
 
       //io_service_.post(boost::bind(&Server::startAccept, this));
@@ -73 +70 @@
     void server::start() {
       // Create a pool of threads to run all of the io_services.
-      for (std::size_t i = 0; i < thread_pool_size_; ++i) {
+      for (std::size_t i = 0; i < info_.thread_pool_size; ++i) {
         boost::shared_ptr<boost::thread> thread(
           new boost::thread( boost::bind(&boost::asio::io_service::run, &io_service_) ));
         threads_.push_back(thread);
       }
-      request_handler_->log_debug(__FILE__, __LINE__, _T("Thredpool containes: ") + to_wstring(thread_pool_size_));
+      request_handler_->log_debug(__FILE__, __LINE__, _T("Thredpool containes: ") + to_wstring(info_.thread_pool_size));
 
       // Wait for all threads in the pool to exit.
@@ -93 +90 @@
     void server::handle_accept(const boost::system::error_code& e) {
       if (!e) {
+        std::list<std::string> errors;
         std::string s = new_connection_->socket().remote_endpoint().address().to_string();
-        request_handler_->log_debug(__FILE__, __LINE__, _T("Accepting connection from: ") + to_wstring(s));
+        if (info_.allowed_hosts.is_allowed(new_connection_->socket().remote_endpoint().address().to_v4().to_ulong(), errors)) {
+          request_handler_->log_debug(__FILE__, __LINE__, _T("Accepting connection from: ") + to_wstring(s));
+          new_connection_->start();
+        } else {
+          BOOST_FOREACH(const std::string &e, errors) {
+            request_handler_->log_error(__FILE__, __LINE__, utf8::cvt<std::wstring>(e));
+          }
+          request_handler_->log_error(__FILE__, __LINE__, _T("Rejcted connection from: ") + to_wstring(s));
+          new_connection_->stop();
+        }
 
-        new_connection_->start();
-        new_connection_.reset(check_nt::server::factories::create(io_service_, context_, request_handler_, use_ssl_));
+        new_connection_.reset(check_nt::server::factories::create(io_service_, context_, request_handler_, info_.use_ssl));
 
         acceptor_.async_accept(new_connection_->socket(),

include/check_nt/server/server.hpp

@@ -1 +1 @@
 #pragma once
 
-#include <boost/asio.hpp>
 #include <string>
 #include <vector>
+
 #include <boost/noncopyable.hpp>
 #include <boost/shared_ptr.hpp>
 #include <boost/thread.hpp>
+#include <boost/asio.hpp>
+
+#include <socket/socket_helpers.hpp>
 #include <check_nt/server/connection.hpp>
 #include "handler.hpp"
@@ -35 +38 @@
     class server : private boost::noncopyable {
     public:
-      struct connection_info {
-        static const int backlog_default;
-        connection_info(boost::shared_ptr<check_nt::server::handler> request_handler_) : request_handler(request_handler_), back_log(backlog_default) {}
-        std::string address;
-        unsigned int port;
-        std::string get_port() { return to_string(port); }
-        std::string get_address() { return to_string(address); }
-        unsigned int thread_pool_size;
-        int back_log;
-        bool use_ssl;
-        bool allow_args;
-        bool allow_nasty;
-        unsigned int timeout;
+      struct connection_info  : public socket_helpers::connection_info {
+        connection_info(boost::shared_ptr<check_nt::server::handler> request_handler_) : request_handler(request_handler_) {}
+        connection_info(const connection_info &other) 
+          : socket_helpers::connection_info(other)
+          , request_handler(other.request_handler)
+        {}
+        connection_info& operator=(const connection_info &other) {
+          socket_helpers::connection_info::operator=(other);
+          request_handler = other.request_handler;
+          return *this;
+        }
+
         boost::shared_ptr<check_nt::server::handler> request_handler;
-        std::wstring certificate;
-        std::wstring get_endpoint_str() {
-          return to_wstring(address) + _T(":") + to_wstring(port);
-        }
       };
 
@@ -73 +71 @@
       void handle_accept(const boost::system::error_code& e);
 
-      /// The number of threads that will call io_service::run().
-      std::size_t thread_pool_size_;
-
       /// The io_service used to perform asynchronous operations.
       boost::asio::io_service io_service_;
@@ -93 +88 @@
       boost::asio::ssl::context context_;
 
-      bool use_ssl_;
-
       /// The strand for handleTcpAccept(), handleSslAccept() and handleStop()
       boost::asio::strand accept_strand_;
+
+      connection_info info_;
 
     };

include/nrpe/client/socket.hpp

@@ -3 +3 @@
 #include <boost/shared_ptr.hpp>
 
-#include <socket_helpers.hpp>
+#include <socket/socket_helpers.hpp>
 #include <nsca/nsca_packet.hpp>
 
@@ -69 +69 @@
     }
     virtual void read_with_timeout(std::vector<char> &buf, boost::posix_time::seconds timeout) {
-      socketHelpers::io::read_with_timeout(*socket_, get_socket(), boost::asio::buffer(buf), timeout);
+      socket_helpers::io::read_with_timeout(*socket_, get_socket(), boost::asio::buffer(buf), timeout);
     }
     virtual void write_with_timeout(std::vector<char> &buf, boost::posix_time::seconds timeout) {
-      socketHelpers::io::write_with_timeout(*socket_, get_socket(), boost::asio::buffer(buf), timeout);
+      socket_helpers::io::write_with_timeout(*socket_, get_socket(), boost::asio::buffer(buf), timeout);
     }
   };
@@ -106 +106 @@
 
     virtual void write_with_timeout(std::vector<char> &buf, boost::posix_time::seconds timeout) {
-      socketHelpers::io::write_with_timeout(*ssl_socket_, get_socket(), boost::asio::buffer(buf), timeout);
+      socket_helpers::io::write_with_timeout(*ssl_socket_, get_socket(), boost::asio::buffer(buf), timeout);
     }
 
     virtual void read_with_timeout(std::vector<char> &buf, boost::posix_time::seconds timeout) {
-      socketHelpers::io::read_with_timeout(*ssl_socket_, get_socket(), boost::asio::buffer(buf), timeout);
+      socket_helpers::io::read_with_timeout(*ssl_socket_, get_socket(), boost::asio::buffer(buf), timeout);
     }
   };

include/nrpe/server/server.cpp

@@ -14 +14 @@
 
 
-    const int server::connection_info::backlog_default = 0;
-
     server::server(connection_info info)
-      : thread_pool_size_(info.thread_pool_size)
-      , acceptor_(io_service_)
+      : acceptor_(io_service_)
       , accept_strand_(io_service_)
       , request_handler_(info.request_handler) // nrpe::length::get_payload_length())
       , context_(io_service_, boost::asio::ssl::context::sslv23)
-      , use_ssl_(info.use_ssl)
+      , info_(info)
     {
       if (!request_handler_)
@@ -29 +26 @@
       ip::tcp::resolver resolver(io_service_);
       ip::tcp::resolver::iterator endpoint_iterator;
-      if (info.address.empty()) {
-        endpoint_iterator = resolver.resolve(ip::tcp::resolver::query(info.get_port()));
+      if (info_.address.empty()) {
+        endpoint_iterator = resolver.resolve(ip::tcp::resolver::query(info_.get_port()));
       } else {
-        endpoint_iterator = resolver.resolve(ip::tcp::resolver::query(info.get_address(), info.get_port()));
+        endpoint_iterator = resolver.resolve(ip::tcp::resolver::query(info_.get_address(), info_.get_port()));
       }
       ip::tcp::resolver::iterator end;
       if (endpoint_iterator == end) {
-        request_handler_->log_error(__FILE__, __LINE__, std::wstring(_T("Failed to lookup: ")) + info.get_endpoint_str());
+        request_handler_->log_error(__FILE__, __LINE__, std::wstring(_T("Failed to lookup: ")) + info_.get_endpoint_str());
         return;
       }
-      if (info.use_ssl) {
+      if (info_.use_ssl) {
         SSL_CTX_set_cipher_list(context_.impl(), "ADH");
-        request_handler_->log_debug(__FILE__, __LINE__, _T("Using cert: ") + to_wstring(info.certificate));
-        context_.use_tmp_dh_file(to_string(info.certificate));
+        request_handler_->log_debug(__FILE__, __LINE__, _T("Using cert: ") + to_wstring(info_.certificate));
+        context_.use_tmp_dh_file(to_string(info_.certificate));
         context_.set_verify_mode(boost::asio::ssl::context::verify_none);
       }
 
-      new_connection_.reset(nrpe::server::factories::create(io_service_, context_, request_handler_, use_ssl_));
+      new_connection_.reset(nrpe::server::factories::create(io_service_, context_, request_handler_, info_.use_ssl));
 
       ip::tcp::endpoint endpoint = *endpoint_iterator;
       acceptor_.open(endpoint.protocol());
       acceptor_.set_option(ip::tcp::acceptor::reuse_address(true));
-      request_handler_->log_debug(__FILE__, __LINE__, _T("Attempting to bind to: ") + info.get_endpoint_str());
+      request_handler_->log_debug(__FILE__, __LINE__, _T("Attempting to bind to: ") + info_.get_endpoint_str());
       acceptor_.bind(endpoint);
-      if (info.back_log == connection_info::backlog_default)
+      if (info_.back_log == connection_info::backlog_default)
         acceptor_.listen();
       else
-        acceptor_.listen(info.back_log);
+        acceptor_.listen(info_.back_log);
 
       acceptor_.async_accept(new_connection_->socket(),
@@ -63 +60 @@
           )
         );
-      request_handler_->log_debug(__FILE__, __LINE__, _T("Bound to: ") + info.get_endpoint_str());
+      request_handler_->log_debug(__FILE__, __LINE__, _T("Bound to: ") + info_.get_endpoint_str());
 
       //io_service_.post(boost::bind(&Server::startAccept, this));
@@ -73 +70 @@
     void server::start() {
       // Create a pool of threads to run all of the io_services.
-      for (std::size_t i = 0; i < thread_pool_size_; ++i) {
+      for (std::size_t i = 0; i < info_.thread_pool_size; ++i) {
         boost::shared_ptr<boost::thread> thread(
           new boost::thread( boost::bind(&boost::asio::io_service::run, &io_service_) ));
         threads_.push_back(thread);
       }
-      request_handler_->log_debug(__FILE__, __LINE__, _T("Thredpool containes: ") + to_wstring(thread_pool_size_));
+      request_handler_->log_debug(__FILE__, __LINE__, _T("Thredpool containes: ") + to_wstring(info_.thread_pool_size));
 
       // Wait for all threads in the pool to exit.
@@ -93 +90 @@
     void server::handle_accept(const boost::system::error_code& e) {
       if (!e) {
+        std::list<std::string> errors;
         std::string s = new_connection_->socket().remote_endpoint().address().to_string();
-        request_handler_->log_debug(__FILE__, __LINE__, _T("Accepting connection from: ") + to_wstring(s));
+        if (info_.allowed_hosts.is_allowed(new_connection_->socket().remote_endpoint().address().to_v4().to_ulong(), errors)) {
+          request_handler_->log_debug(__FILE__, __LINE__, _T("Accepting connection from: ") + to_wstring(s));
+          new_connection_->start();
+        } else {
+          BOOST_FOREACH(const std::string &e, errors) {
+            request_handler_->log_error(__FILE__, __LINE__, utf8::cvt<std::wstring>(e));
+          }
+          request_handler_->log_error(__FILE__, __LINE__, _T("Rejcted connection from: ") + to_wstring(s));
+          new_connection_->stop();
+        }
 
-        new_connection_->start();
-        new_connection_.reset(nrpe::server::factories::create(io_service_, context_, request_handler_, use_ssl_));
+        new_connection_.reset(nrpe::server::factories::create(io_service_, context_, request_handler_, info_.use_ssl));
 
         acceptor_.async_accept(new_connection_->socket(),

include/nrpe/server/server.hpp

@@ -4 +4 @@
 #include <string>
 #include <vector>
+
 #include <boost/noncopyable.hpp>
 #include <boost/shared_ptr.hpp>
 #include <boost/thread.hpp>
+
+#include <socket/socket_helpers.hpp>
 #include <nrpe/server/connection.hpp>
+
 #include "handler.hpp"
 
@@ -33 +37 @@
     };
 
-    class server : private boost::noncopyable {
+    class server : boost::noncopyable {
     public:
-      struct connection_info {
-        static const int backlog_default;
-        connection_info(boost::shared_ptr<nrpe::server::handler> request_handler_) : request_handler(request_handler_), back_log(backlog_default) {}
-        std::string address;
-        unsigned int port;
-        std::string get_port() { return to_string(port); }
-        std::string get_address() { return to_string(address); }
-        unsigned int thread_pool_size;
-        int back_log;
-        bool use_ssl;
+      struct connection_info : public socket_helpers::connection_info {
+        connection_info(boost::shared_ptr<nrpe::server::handler> request_handler) : request_handler(request_handler) {}
+        connection_info(const connection_info &other) 
+          : socket_helpers::connection_info(other)
+          , allow_args(other.allow_args)
+          , allow_nasty(other.allow_nasty)
+          , request_handler(other.request_handler)
+        {}
+        connection_info& operator=(const connection_info &other) {
+          socket_helpers::connection_info::operator=(other);
+          allow_args = other.allow_args;
+          allow_nasty = other.allow_nasty;
+          request_handler = other.request_handler;
+          return *this;
+        }
         bool allow_args;
         bool allow_nasty;
-        unsigned int timeout;
         boost::shared_ptr<nrpe::server::handler> request_handler;
-        std::wstring certificate;
-        std::wstring get_endpoint_str() {
-          return to_wstring(address) + _T(":") + to_wstring(port);
-        }
       };
 
@@ -74 +78 @@
 
       /// The number of threads that will call io_service::run().
-      std::size_t thread_pool_size_;
+      //std::size_t thread_pool_size_;
 
       /// The io_service used to perform asynchronous operations.
@@ -93 +97 @@
       boost::asio::ssl::context context_;
 
-      bool use_ssl_;
+      //bool use_ssl_;
 
       /// The strand for handleTcpAccept(), handleSslAccept() and handleStop()
       boost::asio::strand accept_strand_;
+      connection_info info_;
 
     };

include/nsca/nsca_socket.hpp

@@ -3 +3 @@
 #include <boost/shared_ptr.hpp>
 
-#include <socket_helpers.hpp>
+#include <socket/socket_helpers.hpp>
 
 #include <nsca/nsca_packet.hpp>
@@ -67 +67 @@
     }
     virtual void read_with_timeout(std::vector<char> &buf, boost::posix_time::seconds timeout) {
-      socketHelpers::io::read_with_timeout(*socket_, get_socket(), boost::asio::buffer(buf), timeout);
+      socket_helpers::io::read_with_timeout(*socket_, get_socket(), boost::asio::buffer(buf), timeout);
     }
     virtual void write_with_timeout(std::string &buf, boost::posix_time::seconds timeout) {
-      socketHelpers::io::write_with_timeout(*socket_, get_socket(), boost::asio::buffer(buf), timeout);
+      socket_helpers::io::write_with_timeout(*socket_, get_socket(), boost::asio::buffer(buf), timeout);
     }
     /*
@@ -107 +107 @@
 
     virtual void write_with_timeout(std::vector<char> &buf, boost::posix_time::seconds timeout) {
-      socketHelpers::io::write_with_timeout(*ssl_socket_, get_socket(), boost::asio::buffer(buf), timeout);
+      socket_helpers::io::write_with_timeout(*ssl_socket_, get_socket(), boost::asio::buffer(buf), timeout);
     }
 
     virtual void read_with_timeout(std::vector<char> &buf, boost::posix_time::seconds timeout) {
-      socketHelpers::io::read_with_timeout(*ssl_socket_, get_socket(), boost::asio::buffer(buf), timeout);
+      socket_helpers::io::read_with_timeout(*ssl_socket_, get_socket(), boost::asio::buffer(buf), timeout);
     }
   };

include/socket_helpers.hpp

@@ -4 +4 @@
 #include <boost/bind.hpp>
 #include <boost/optional.hpp>
-
-namespace socketHelpers {
-  class allowedHosts {
-    struct host_record {
-      host_record() : mask(0) {}
-      host_record(std::wstring r) : mask(0), record(r) {}
-      std::wstring record;
-      std::wstring host;
-      u_long in_addr;
-      unsigned long mask;
-    };
-  public:
-    typedef std::list<host_record> host_list; 
-    typedef std::list<std::wstring> string_list; 
-  private:
-    host_list allowed_list_;
-    string_list lookup_list;
-    bool cachedAddresses_;
-  public:
-    allowedHosts() : cachedAddresses_(true) {}
-
-    unsigned int lookupMask(std::wstring mask) {
-      unsigned int masklen = 32;
-      if (!mask.empty()) {
-        std::wstring::size_type pos = mask.find_first_of(_T("0123456789"));
-        if (pos != std::wstring::npos) {
-          masklen = strEx::stoi(mask.substr(pos));
-        }
-      }
-      if (masklen > 32)
-        masklen = 32;
-      return (~((unsigned int)0))>>(32-masklen);
-    }
-    void lookupList(boost::asio::io_service& io_service) {
-      allowed_list_.clear();
-      for (string_list::iterator it = lookup_list.begin();it!=lookup_list.end();++it) {
-        std::wstring host = (*it);
-        host_record tmp_record;
-        if (!host.empty()) {
-          try {
-            std::wstring::size_type pos = host.find('/');
-            if (pos == std::wstring::npos) {
-              tmp_record.host = host;
-              tmp_record.mask = lookupMask(_T(""));
-            } else {
-              tmp_record.host = host.substr(0, pos);
-              tmp_record.mask = lookupMask(host.substr(pos));
-            }
-            boost::asio::ip::tcp::resolver resolver(io_service);
-            boost::asio::ip::tcp::resolver::query query(utf8::cvt<std::string>(tmp_record.host), "");
-            boost::asio::ip::tcp::resolver::iterator endpoint_iterator = resolver.resolve(query);
-            boost::asio::ip::tcp::resolver::iterator end;
-            for (;endpoint_iterator != end; ++endpoint_iterator) {
-              tmp_record.in_addr = endpoint_iterator->endpoint().address().to_v4().to_ulong();
-              tmp_record.host = utf8::cvt<std::wstring>(endpoint_iterator->endpoint().address().to_string());
-              allowed_list_.push_back(tmp_record);
-            }
-            /*
-            std::cerr << "Added: " 
-              + simpleSocket::Socket::inet_ntoa((*it).in_addr)
-              + " with mask "
-              + simpleSocket::Socket::inet_ntoa((*it).mask)
-              + " from "
-              + (*it).record <<
-              std::endl;
-              */
-          } catch (std::exception &e) {
-            std::cerr << "Filed to lookup host: " << e.what() << std::endl;
-          } catch (...) {
-            std::wcerr << _T("Filed to lookup host: ") << std::endl;
-          }
-        }
-      }
-    }
-
-    void setAllowedHosts(const std::list<std::wstring> list, bool cachedAddresses, boost::asio::io_service& io_service) {
-      for (std::list<std::wstring>::const_iterator it = list.begin(); it != list.end(); ++it) {
-        if (!(*it).empty())
-          lookup_list.push_back(*it);
-      }
-      cachedAddresses_ = cachedAddresses;
-      lookupList(io_service);
-    }
-    bool matchHost(host_record allowed, struct in_addr remote) {
-      /*
-      if ((allowed.in_addr&allowed.mask)==(remote.S_un.S_addr&allowed.mask)) {
-        std::cerr << "Matched: " << simpleSocket::Socket::inet_ntoa(allowed.in_addr)  << " with " << 
-          simpleSocket::Socket::inet_ntoa(remote.S_un.S_addr) << std::endl;
-      }
-      */
-      return true; //((allowed.in_addr&allowed.mask)==(remote.S_un.S_addr&allowed.mask));
-    }
-    bool inAllowedHosts(boost::asio::io_service& io_service, struct in_addr remote) {
-      if (lookup_list.empty())
-        return true;
-      if (!cachedAddresses_) {
-        lookupList(io_service);
-      }
-      for (host_list::const_iterator cit = allowed_list_.begin();cit!=allowed_list_.end();++cit) {
-        if (matchHost((*cit), remote))
-          return true;
-      }
-      return false;
-    }
-    std::wstring to_string() {
-      std::wstring ret;
-      BOOST_FOREACH(host_record r, allowed_list_) {
-        if (!ret.empty()) ret += _T(", ");
-        ret += r.host;
-      }
-      return ret;
-    }
-  };
-
-  namespace io {
-    void set_result(boost::optional<boost::system::error_code>* a, boost::system::error_code b) {
-      a->reset(b);
-    } 
-
-    template <typename AsyncReadStream, typename RawSocket, typename MutableBufferSequence>
-    void read_with_timeout(AsyncReadStream& sock, RawSocket& rawSocket, const MutableBufferSequence& buffers, boost::posix_time::time_duration duration) {
-      boost::optional<boost::system::error_code> timer_result;
-      boost::asio::deadline_timer timer(sock.get_io_service());
-      timer.expires_from_now(duration);
-      timer.async_wait(boost::bind(set_result, &timer_result, _1));
-
-      boost::optional<boost::system::error_code> read_result;
-      async_read(sock, buffers, boost::bind(set_result, &read_result, _1));
-
-      sock.get_io_service().reset();
-      while (sock.get_io_service().run_one()) {
-        if (read_result)
-          timer.cancel();
-        else if (timer_result)
-          rawSocket.close();
-      }
-
-      if (*read_result)
-        throw boost::system::system_error(*read_result);
-    } 
-
-    template <typename AsyncWriteStream, typename RawSocket, typename MutableBufferSequence>
-    void write_with_timeout(AsyncWriteStream& sock, RawSocket& rawSocket, const MutableBufferSequence& buffers, boost::posix_time::time_duration duration) {
-      boost::optional<boost::system::error_code> timer_result;
-      boost::asio::deadline_timer timer(sock.get_io_service());
-      timer.expires_from_now(duration);
-      timer.async_wait(boost::bind(set_result, &timer_result, _1));
-
-      boost::optional<boost::system::error_code> read_result;
-      async_write(sock, buffers, boost::bind(set_result, &read_result, _1));
-
-      sock.get_io_service().reset();
-      while (sock.get_io_service().run_one()) {
-        if (read_result)
-          timer.cancel();
-        else if (timer_result)
-          rawSocket.close();
-      }
-
-      if (*read_result)
-        throw boost::system::system_error(*read_result);
-    }
-
-  }
-}
-
+// 
+// namespace socketHelpers {
+//  class allowedHosts {
+//    struct host_record {
+//      host_record() : mask(0) {}
+//      host_record(std::wstring r) : mask(0), record(r) {}
+//      std::wstring record;
+//      std::wstring host;
+//      u_long in_addr;
+//      unsigned long mask;
+//    };
+//  public:
+//    typedef std::list<host_record> host_list; 
+//    typedef std::list<std::wstring> string_list; 
+//  private:
+//    host_list allowed_list_;
+//    string_list lookup_list;
+//    bool cachedAddresses_;
+//  public:
+//    allowedHosts() : cachedAddresses_(true) {}
+// 
+//    unsigned int lookupMask(std::wstring mask) {
+//      unsigned int masklen = 32;
+//      if (!mask.empty()) {
+//        std::wstring::size_type pos = mask.find_first_of(_T("0123456789"));
+//        if (pos != std::wstring::npos) {
+//          masklen = strEx::stoi(mask.substr(pos));
+//        }
+//      }
+//      if (masklen > 32)
+//        masklen = 32;
+//      return (~((unsigned int)0))>>(32-masklen);
+//    }
+//    void lookupList(boost::asio::io_service& io_service) {
+//      allowed_list_.clear();
+//      for (string_list::iterator it = lookup_list.begin();it!=lookup_list.end();++it) {
+//        std::wstring host = (*it);
+//        host_record tmp_record;
+//        if (!host.empty()) {
+//          try {
+//            std::wstring::size_type pos = host.find('/');
+//            if (pos == std::wstring::npos) {
+//              tmp_record.host = host;
+//              tmp_record.mask = lookupMask(_T(""));
+//            } else {
+//              tmp_record.host = host.substr(0, pos);
+//              tmp_record.mask = lookupMask(host.substr(pos));
+//            }
+//            boost::asio::ip::tcp::resolver resolver(io_service);
+//            boost::asio::ip::tcp::resolver::query query(utf8::cvt<std::string>(tmp_record.host), "");
+//            boost::asio::ip::tcp::resolver::iterator endpoint_iterator = resolver.resolve(query);
+//            boost::asio::ip::tcp::resolver::iterator end;
+//            for (;endpoint_iterator != end; ++endpoint_iterator) {
+//              tmp_record.in_addr = endpoint_iterator->endpoint().address().to_v4().to_ulong();
+//              tmp_record.host = utf8::cvt<std::wstring>(endpoint_iterator->endpoint().address().to_string());
+//              allowed_list_.push_back(tmp_record);
+//            }
+//            /*
+//            std::cerr << "Added: " 
+//              + simpleSocket::Socket::inet_ntoa((*it).in_addr)
+//              + " with mask "
+//              + simpleSocket::Socket::inet_ntoa((*it).mask)
+//              + " from "
+//              + (*it).record <<
+//              std::endl;
+//              */
+//          } catch (std::exception &e) {
+//            std::cerr << "Filed to lookup host: " << e.what() << std::endl;
+//          } catch (...) {
+//            std::wcerr << _T("Filed to lookup host: ") << std::endl;
+//          }
+//        }
+//      }
+//    }
+// 
+//    void setAllowedHosts(const std::list<std::wstring> list, bool cachedAddresses, boost::asio::io_service& io_service) {
+//      for (std::list<std::wstring>::const_iterator it = list.begin(); it != list.end(); ++it) {
+//        if (!(*it).empty())
+//          lookup_list.push_back(*it);
+//      }
+//      cachedAddresses_ = cachedAddresses;
+//      lookupList(io_service);
+//    }
+//    bool matchHost(host_record allowed, struct in_addr remote) {
+//      /*
+//      if ((allowed.in_addr&allowed.mask)==(remote.S_un.S_addr&allowed.mask)) {
+//        std::cerr << "Matched: " << simpleSocket::Socket::inet_ntoa(allowed.in_addr)  << " with " << 
+//          simpleSocket::Socket::inet_ntoa(remote.S_un.S_addr) << std::endl;
+//      }
+//      */
+//      return true; //((allowed.in_addr&allowed.mask)==(remote.S_un.S_addr&allowed.mask));
+//    }
+//    bool inAllowedHosts(boost::asio::io_service& io_service, struct in_addr remote) {
+//      if (lookup_list.empty())
+//        return true;
+//      if (!cachedAddresses_) {
+//        lookupList(io_service);
+//      }
+//      for (host_list::const_iterator cit = allowed_list_.begin();cit!=allowed_list_.end();++cit) {
+//        if (matchHost((*cit), remote))
+//          return true;
+//      }
+//      return false;
+//    }
+//    std::wstring to_string() {
+//      std::wstring ret;
+//      BOOST_FOREACH(host_record r, allowed_list_) {
+//        if (!ret.empty()) ret += _T(", ");
+//        ret += r.host;
+//      }
+//      return ret;
+//    }
+//  };
+// 
+// }
+// 

include/strEx.h

@@ -334 +334 @@
     return boost::lexical_cast<int>(s.c_str());
   }
+  inline int stoi(std::string s) {
+    return boost::lexical_cast<int>(s.c_str());
+  }
   inline double stod(std::wstring s) {
     return boost::lexical_cast<double>(s.c_str());

modules/NRPEClient/CMakeLists.txt

@@ -9 +9 @@
   "${TARGET}.cpp"
   ${NSCP_INCLUDEDIR}/nrpe/packet.cpp
+  ${NSCP_INCLUDEDIR}/socket/socket_helpers.cpp
 
   ${NSCP_DEF_PLUGIN_CPP}
@@ -20 +21 @@
     "${TARGET}.h"
     "${TARGET}.def"
-    ${NSCP_INCLUDEDIR}/socket_helpers.hpp
     ${NSCP_INCLUDEDIR}/nrpe/packet.hpp
     ${NSCP_INCLUDEDIR}/nrpe/client/socket.hpp
     ${NSCP_INCLUDEDIR}/swap_bytes.hpp
+    ${NSCP_INCLUDEDIR}/socket/socket_helpers.hpp
 
     ${NSCP_DEF_PLUGIN_HPP}

modules/NRPEServer/CMakeLists.txt

@@ -17 +17 @@
   ${NSCP_INCLUDEDIR}/nrpe/server/ssl_connection.cpp
   ${NSCP_INCLUDEDIR}/nrpe/packet.cpp
+  ${NSCP_INCLUDEDIR}/socket/socket_helpers.cpp
 
   ${NSCP_DEF_PLUGIN_CPP}
@@ -35 +36 @@
     ${NSCP_INCLUDEDIR}/nrpe/server/handler.hpp
     ${NSCP_INCLUDEDIR}/nrpe/server/parser.hpp
-    ${NSCP_INCLUDEDIR}/socket_helpers.hpp
     ${NSCP_INCLUDEDIR}/nrpe/packet.hpp
     ${NSCP_INCLUDEDIR}/swap_bytes.hpp
+    ${NSCP_INCLUDEDIR}/socket/socket_helpers.hpp
 
     ${NSCP_DEF_PLUGIN_HPP}

modules/NRPEServer/NRPEServer.cpp

@@ -38 +38 @@
 NRPEListener::~NRPEListener() {}
 
-std::wstring getAllowedHosts() {
-  return SETTINGS_GET_STRING_FALLBACK(nrpe::ALLOWED_HOSTS, protocol_def::ALLOWED_HOSTS);
-}
-bool getCacheAllowedHosts() {
-  return SETTINGS_GET_BOOL_FALLBACK(nrpe::CACHE_ALLOWED, protocol_def::CACHE_ALLOWED);
-}
-
-
-
 bool NRPEListener::loadModule() {
   return false;
@@ -73 +64 @@
       _T("PORT NUMBER"), _T("Port to use for NRPE."))
 
+      (_T("payload length"), sh::int_fun_key<unsigned int>(boost::bind(&nrpe::server::handler::set_payload_length, info_.request_handler, _1), 1024),
+      _T("PAYLOAD LENGTH"), _T("Length of payload to/from the NRPE agent. This is a hard specific value so you have to \"configure\" (read recompile) your NRPE agent to use the same value for it to work."))
+
+      (_T("allow arguments"), sh::bool_fun_key<bool>(boost::bind(&nrpe::server::handler::set_allow_arguments, info_.request_handler, _1), false),
+      _T("COMMAND ARGUMENT PROCESSING"), _T("This option determines whether or not the we will allow clients to specify arguments to commands that are executed."))
+
+      (_T("allow nasty characters"), sh::bool_fun_key<bool>(boost::bind(&nrpe::server::handler::set_allow_nasty_arguments, info_.request_handler, _1), false),
+      _T("COMMAND ALLOW NASTY META CHARS"), _T("This option determines whether or not the we will allow clients to specify nasty (as in |`&><'\"\\[]{}) characters in arguments."))
+
+      (_T("performance data"), sh::bool_fun_key<bool>(boost::bind(&nrpe::server::handler::set_perf_data, info_.request_handler, _1), true),
+      _T("PERFORMANCE DATA"), _T("Send performance data back to nagios (set this to 0 to remove all performance data)."))
+
+      ;
+
+    settings.alias().add_parent(_T("/settings/default")).add_key_to_settings()
+
       (_T("thread pool"), sh::uint_key(&info_.thread_pool_size, 10),
       _T("THREAD POOL"), _T(""))
 
+      (_T("bind to"), sh::string_key(&info_.address),
+      _T("BIND TO ADDRESS"), _T("Allows you to bind server to a specific local address. This has to be a dotted ip address not a host name. Leaving this blank will bind to all available IP addresses."))
+
+      (_T("socket queue size"), sh::int_key(&info_.back_log, 0),
+      _T("LISTEN QUEUE"), _T("Number of sockets to queue before starting to refuse new incoming connections. This can be used to tweak the amount of simultaneous sockets that the server accepts."))
+
+      (_T("allowed hosts"), sh::string_fun_key<std::wstring>(boost::bind(&socket_helpers::allowed_hosts_manager::set_source, &info_.allowed_hosts, _1), _T("127.0.0.1")),
+      _T("ALLOWED HOSTS"), _T("A comaseparated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges."))
+
+      (_T("cache allowed hosts"), sh::bool_key(&info_.allowed_hosts.cached, true),
+      _T("CACHE ALLOWED HOSTS"), _T("If hostnames should be cached, improves speed and security somewhat but wont allow you to have dynamic IPs for your nagios server."))
+
       (_T("timeout"), sh::uint_key(&info_.timeout, 30),
       _T("TIMEOUT"), _T("Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out."))
@@ -82 +101 @@
       _T("ENABLE SSL ENCRYPTION"), _T("This option controls if SSL should be enabled."))
 
-      (_T("payload length"), sh::int_fun_key<unsigned int>(boost::bind(&nrpe::server::handler::set_payload_length, info_.request_handler, _1), 1024),
-      _T("PAYLOAD LENGTH"), _T("Length of payload to/from the NRPE agent. This is a hard specific value so you have to \"configure\" (read recompile) your NRPE agent to use the same value for it to work."))
-
-      (_T("allow arguments"), sh::bool_fun_key<bool>(boost::bind(&nrpe::server::handler::set_allow_arguments, info_.request_handler, _1), false),
-      _T("COMMAND ARGUMENT PROCESSING"), _T("This option determines whether or not the we will allow clients to specify arguments to commands that are executed."))
-
-      (_T("allow nasty characters"), sh::bool_fun_key<bool>(boost::bind(&nrpe::server::handler::set_allow_nasty_arguments, info_.request_handler, _1), false),
-      _T("COMMAND ALLOW NASTY META CHARS"), _T("This option determines whether or not the we will allow clients to specify nasty (as in |`&><'\"\\[]{}) characters in arguments."))
-
-      (_T("performance data"), sh::bool_fun_key<bool>(boost::bind(&nrpe::server::handler::set_perf_data, info_.request_handler, _1), true),
-      _T("PERFORMANCE DATA"), _T("Send performance data back to nagios (set this to 0 to remove all performance data)."))
-
       (_T("certificate"), sh::wpath_key(&info_.certificate, _T("${certificate-path}/nrpe_dh_512.pem")),
       _T("SSL CERTIFICATE"), _T(""))
+
       ;
-
-    settings.alias().add_parent(_T("/settings/default")).add_key_to_settings()
-
-      (_T("bind to"), sh::string_key(&info_.address),
-      _T("BIND TO ADDRESS"), _T("Allows you to bind server to a specific local address. This has to be a dotted ip address not a host name. Leaving this blank will bind to all available IP addresses."))
-
-      (_T("socket queue size"), sh::int_key(&info_.back_log, 0),
-      _T("LISTEN QUEUE"), _T("Number of sockets to queue before starting to refuse new incoming connections. This can be used to tweak the amount of simultaneous sockets that the server accepts."))
-
-      ;
-
-
 
     settings.register_all();
@@ -124 +120 @@
       NSC_LOG_ERROR_STD(_T("Certificate not found: ") + info_.certificate);
 
+
+    std::list<std::string> errors;
+    info_.allowed_hosts.refresh(errors);
+    BOOST_FOREACH(const std::string &e, errors) {
+      NSC_LOG_ERROR_STD(utf8::cvt<std::wstring>(e));
+    }
+    NSC_DEBUG_MSG_STD(_T("Allowed hosts definition: ") + info_.allowed_hosts.to_wstring());
+
     boost::asio::io_service io_service_;
-
-    allowedHosts.setAllowedHosts(strEx::splitEx(getAllowedHosts(), _T(",")), getCacheAllowedHosts(), io_service_);
-    NSC_DEBUG_MSG_STD(_T("Allowed hosts: ") + allowedHosts.to_string());
 
     if (mode == NSCAPI::normalStart) {

modules/NRPEServer/NRPEServer.h

@@ -37 +37 @@
   };
 
-  socketHelpers::allowedHosts allowedHosts;
   nrpe::server::server::connection_info info_;
 

modules/NSCAAgent/CMakeLists.txt

@@ -8 +8 @@
   stdafx.cpp
   "${TARGET}.cpp"
+  ${NSCP_INCLUDEDIR}/socket/socket_helpers.cpp
 
   ${NSCP_DEF_PLUGIN_CPP}
@@ -31 +32 @@
     ${NSCP_INCLUDEDIR}/nsca/nsca_enrypt.hpp
     ${NSCP_INCLUDEDIR}/swap_bytes.hpp
+    ${NSCP_INCLUDEDIR}/socket/socket_helpers.hpp
 
     ${NSCP_DEF_PLUGIN_HPP}

modules/NSCAAgent/NSCAAgent.cpp

@@ -107 +107 @@
     settings.notify();
 
+  } catch (nscapi::nscapi_exception &e) {
+    NSC_LOG_ERROR_STD(_T("Failed to register command: ") + e.msg_);
+    return false;
   } catch (std::exception &e) {
     NSC_LOG_ERROR_STD(_T("Exception caught: ") + utf8::cvt<std::wstring>(e.what()));
-    return false;
-  } catch (nscapi::nscapi_exception &e) {
-    NSC_LOG_ERROR_STD(_T("Failed to register command: ") + e.msg_);
     return false;
   } catch (...) {

modules/NSCAAgent/stdafx.h

@@ -26 +26 @@
 #include <iostream>
 #include <string>
-#include <hash_map>
 #include <list>
 

modules/NSClientServer/CMakeLists.txt

@@ -17 +17 @@
   ${NSCP_INCLUDEDIR}/check_nt/server/ssl_connection.cpp
   ${NSCP_INCLUDEDIR}/check_nt/packet.cpp
+  ${NSCP_INCLUDEDIR}/socket/socket_helpers.cpp
 
   ${NSCP_DEF_PLUGIN_CPP}
@@ -35 +36 @@
     ${NSCP_INCLUDEDIR}/check_nt/server/handler.hpp
     ${NSCP_INCLUDEDIR}/check_nt/server/parser.hpp
-    ${NSCP_INCLUDEDIR}/socket_helpers.hpp
     ${NSCP_INCLUDEDIR}/check_nt/packet.hpp
     ${NSCP_INCLUDEDIR}/swap_bytes.hpp
+    ${NSCP_INCLUDEDIR}/socket/socket_helpers.hpp
 
     ${NSCP_DEF_PLUGIN_HPP}

modules/NSClientServer/NSClientServer.cpp

@@ -67 +67 @@
       _T("PORT NUMBER"), _T("Port to use for check_nt."))
 
+      (_T("performance data"), sh::bool_fun_key<bool>(boost::bind(&check_nt::server::handler::set_perf_data, info_.request_handler, _1), true),
+      _T("PERFORMANCE DATA"), _T("Send performance data back to nagios (set this to 0 to remove all performance data)."))
+
+      ;
+
+    settings.alias().add_parent(_T("/settings/default/socket")).add_key_to_settings()
+
       (_T("thread pool"), sh::uint_key(&info_.thread_pool_size, 10),
       _T("THREAD POOL"), _T(""))
 
+      (_T("bind to"), sh::string_key(&info_.address),
+      _T("BIND TO ADDRESS"), _T("Allows you to bind server to a specific local address. This has to be a dotted ip address not a host name. Leaving this blank will bind to all available IP addresses."))
+
+      (_T("socket queue size"), sh::int_key(&info_.back_log, 0),
+      _T("LISTEN QUEUE"), _T("Number of sockets to queue before starting to refuse new incoming connections. This can be used to tweak the amount of simultaneous sockets that the server accepts."))
+
+      (_T("allowed hosts"), sh::string_fun_key<std::wstring>(boost::bind(&socket_helpers::allowed_hosts_manager::set_source, &info_.allowed_hosts, _1), _T("127.0.0.1")),
+      _T("ALLOWED HOSTS"), _T("A comaseparated list of allowed hosts. You can use netmasks (/ syntax) or * to create ranges."))
+
+      (_T("cache allowed hosts"), sh::bool_key(&info_.allowed_hosts.cached, true),
+      _T("CACHE ALLOWED HOSTS"), _T("If hostnames should be cached, improves speed and security somewhat but wont allow you to have dynamic IPs for your nagios server."))
+
       (_T("timeout"), sh::uint_key(&info_.timeout, 30),
       _T("TIMEOUT"), _T("Timeout when reading packets on incoming sockets. If the data has not arrived within this time we will bail out."))
@@ -76 +95 @@
       _T("ENABLE SSL ENCRYPTION"), _T("This option controls if SSL should be enabled."))
 
-      (_T("allow arguments"), sh::bool_fun_key<bool>(boost::bind(&check_nt::server::handler::set_allow_arguments, info_.request_handler, _1), false),
-      _T("COMMAND ARGUMENT PROCESSING"), _T("This option determines whether or not the we will allow clients to specify arguments to commands that are executed."))
-
-      (_T("allow nasty characters"), sh::bool_fun_key<bool>(boost::bind(&check_nt::server::handler::set_allow_nasty_arguments, info_.request_handler, _1), false),
-      _T("COMMAND ALLOW NASTY META CHARS"), _T("This option determines whether or not the we will allow clients to specify nasty (as in |`&><'\"\\[]{}) characters in arguments."))
-
-      (_T("performance data"), sh::bool_fun_key<bool>(boost::bind(&check_nt::server::handler::set_perf_data, info_.request_handler, _1), true),
-      _T("PERFORMANCE DATA"), _T("Send performance data back to nagios (set this to 0 to remove all performance data)."))
-
       (_T("certificate"), sh::wpath_key(&info_.certificate, _T("${certificate-path}/nrpe_dh_512.pem")),
       _T("SSL CERTIFICATE"), _T(""))
+
       ;
 
     settings.alias().add_parent(_T("/settings/default")).add_key_to_settings()
 
-      (_T("bind to"), sh::string_key(&info_.address),
-      _T("BIND TO ADDRESS"), _T("Allows you to bind server to a specific local address. This has to be a dotted ip address not a host name. Leaving this blank will bind to all available IP addresses."))
-
-      (_T("socket queue size"), sh::int_key(&info_.back_log, 0),
-      _T("LISTEN QUEUE"), _T("Number of sockets to queue before starting to refuse new incoming connections. This can be used to tweak the amount of simultaneous sockets that the server accepts."))
-
-      ;
-
-
+      (_T("password"), sh::string_fun_key<std::wstring>(boost::bind(&check_nt::server::handler::set_password, info_.request_handler, _1), _T("")),
+      _T("PASSWORD"), _T("Password used to authenticate againast server"))
+      ;
 
     settings.register_all();
@@ -105 +110 @@
   } catch (...) {}
 
-//  allowedHosts.setAllowedHosts(strEx::splitEx(getAllowedHosts(), _T(",")), getCacheAllowedHosts());
-//  unsigned short port = SETTINGS_GET_INT(nsclient::PORT);
-//  std::wstring host = SETTINGS_GET_STRING(nsclient::BINDADDR);
-//  unsigned int backLog = SETTINGS_GET_INT(nsclient::LISTENQUE);
-//  socketTimeout_ = SETTINGS_GET_INT(nsclient::READ_TIMEOUT);
-
-
-  info_.request_handler->set_password(_T("TODO"));
-
 #ifndef USE_SSL
   if (info_.use_ssl) {
@@ -122 +118 @@
     NSC_LOG_ERROR_STD(_T("Certificate not found: ") + info_.certificate);
 
+
+  std::list<std::string> errors;
+  info_.allowed_hosts.refresh(errors);
+  BOOST_FOREACH(const std::string &e, errors) {
+    NSC_LOG_ERROR_STD(utf8::cvt<std::wstring>(e));
+  }
+  NSC_DEBUG_MSG_STD(_T("Allowed hosts definition: ") + info_.allowed_hosts.to_wstring());
+
   boost::asio::io_service io_service_;
-
-  allowedHosts.setAllowedHosts(strEx::splitEx(getAllowedHosts(), _T(",")), getCacheAllowedHosts(), io_service_);
-  NSC_DEBUG_MSG_STD(_T("Allowed hosts: ") + allowedHosts.to_string());
 
   if (mode == NSCAPI::normalStart) {
     try {
-
-
-
           if (info_.use_ssl) {
 #ifdef USE_SSL

modules/NSClientServer/NSClientServer.h

@@ -28 +28 @@
 private:
 
-  socketHelpers::allowedHosts allowedHosts;
   check_nt::server::server::connection_info info_;
   boost::shared_ptr<check_nt::server::server> server_;

modules/PythonScript/script_wrapper.cpp

@@ -265 +265 @@
 
 void script_wrapper::command_wrapper::simple_submit(std::string channel, std::string command, status code, std::string message, std::string perf) {
-  core->submit_simple_message(utf8::cvt<std::wstring>(channel), utf8::cvt<std::wstring>(command), code, utf8::cvt<std::wstring>(message), utf8::cvt<std::wstring>(perf));
+  NSCAPI::nagiosReturn c = NSCAPI::returnUNKNOWN;
+  if (code == OK)
+    c = NSCAPI::returnOK;
+  if (code == WARN)
+    c = NSCAPI::returnWARN;
+  if (code == CRIT)
+    c = NSCAPI::returnCRIT;
+  std::wstring wmessage = utf8::cvt<std::wstring>(message);
+  std::wstring wperf = utf8::cvt<std::wstring>(perf);
+  core->submit_simple_message(utf8::cvt<std::wstring>(channel), utf8::cvt<std::wstring>(command), c, wmessage, wperf);
 }