nagios_binary_path X_OK perm validation an misc changes

Ricardo Jose Maraschini ricardo.maraschini at opservices.com.br
Wed Nov 14 13:11:22 CET 2012


hya,

aren't we supposed to check for exec permission on nagios binary file
only after drop our privileges to nagios user?
if that's right, the patch below make it happen after
drop_privileges(). once we spawn our workers only when we're already
running as nagios user, maybe the assumption above is right.

another interesting think is that we keep calling
getpid() function even if we already have pid on a variable, the patch
below fixes it.

a last think, iobroker_create() may return NULL. in that case what
is the correct behaviour? exit nagios?

ah, ok, i miss that, we are exiting with ERROR code only in one place,
all the others go out with EXIT_FAILURE, so i've change it.

comments? kicks? punchs? 

Index: base/nagios.c
===================================================================
--- base/nagios.c	(revision 2472)
+++ base/nagios.c	(working copy)
@@ -430,24 +430,12 @@
 	/* else start to monitor things... */
 	else {
 
-		/*
-		 * if we're called with a relative path we must make
-		 * it absolute so we can launch our workers.
-		 * If not, we needn't bother, as we're using execvp()
-		 */
-		if (strchr(argv[0], '/')) {
-			nagios_binary_path = nspath_absolute(argv[0], NULL);
-			if (access(nagios_binary_path, X_OK) < 0) {
-				logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: failed to access() %s: %s\n", nagios_binary_path, strerror(errno));
-				logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: Spawning workers will be impossible. Aborting.\n");
-				exit(EXIT_FAILURE);
-				}
-			}
-		else {
-			nagios_binary_path = strdup(argv[0]);
-		}
 
 		nagios_iobs = iobroker_create();
+		if (nagios_iobs == NULL) {
+			logit(NSLOG_RUNTIME_ERROR, TRUE, "Unable to create io_broker. Aborting.\n");
+			exit(EXIT_FAILURE);
+		}
 
 		/* keep monitoring things until we get a shutdown command */
 		do {
@@ -478,9 +466,29 @@
 				logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR | NSLOG_CONFIG_ERROR, TRUE, "Failed to drop privileges.  Aborting.");
 
 				cleanup();
-				exit(ERROR);
+				exit(EXIT_FAILURE);
 				}
 
+			/*
+			 * if we're called with a relative path we must make
+			 * it absolute so we can launch our workers.
+			 * If not, we needn't bother, as we're using execvp()
+			 */
+			if (nagios_binary_path == NULL) {
+
+				if (strchr(argv[0], '/')) {
+					nagios_binary_path = nspath_absolute(argv[0], NULL);
+				} else {
+					nagios_binary_path = strdup(argv[0]);
+				}
+
+				if (access(nagios_binary_path, X_OK) < 0) {
+					logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: failed to access() %s: %s\n", nagios_binary_path, strerror(errno));
+					logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: Spawning workers will be impossible. Aborting.\n");
+					exit(EXIT_FAILURE);
+				}
+			}
+
 #ifdef USE_EVENT_BROKER
 			/* initialize modules */
 			neb_init_modules();
@@ -489,7 +497,7 @@
 			timing_point("NEB module API initialized\n");
 
 			/* this must be logged after we read config data, as user may have changed location of main log file */
-			logit(NSLOG_PROCESS_INFO, TRUE, "Nagios %s starting... (PID=%d)\n", PROGRAM_VERSION, (int)getpid());
+			logit(NSLOG_PROCESS_INFO, TRUE, "Nagios %s starting... (PID=%d)\n", PROGRAM_VERSION, nagios_pid);
 
 			/* log the local time - may be different than clock time due to timezone offset */
 			now = time(NULL);
@@ -545,13 +553,13 @@
 
 			/* there was a problem reading the config files */
 			if(result != OK)
-				logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR | NSLOG_CONFIG_ERROR, TRUE, "Bailing out due to one or more errors encountered in the configuration files. Run Nagios from the command line with the -v option to verify your config before restarting. (PID=%d)", (int)getpid());
+				logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR | NSLOG_CONFIG_ERROR, TRUE, "Bailing out due to one or more errors encountered in the configuration files. Run Nagios from the command line with the -v option to verify your config before restarting. (PID=%d)", nagios_pid);
 
 			else {
 
 				/* run the pre-flight check to make sure everything looks okay*/
 				if((result = pre_flight_check()) != OK)
-					logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR | NSLOG_VERIFICATION_ERROR, TRUE, "Bailing out due to errors encountered while running the pre-flight check.  Run Nagios from the command line with the -v option to verify your config before restarting. (PID=%d)\n", (int)getpid());
+					logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR | NSLOG_VERIFICATION_ERROR, TRUE, "Bailing out due to errors encountered while running the pre-flight check.  Run Nagios from the command line with the -v option to verify your config before restarting. (PID=%d)\n", nagios_pid);
 				}
 
 			/* an error occurred that prevented us from (re)starting */
@@ -594,7 +602,7 @@
 
 				/* we had an error daemonizing, so bail... */
 				if(result == ERROR) {
-					logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR, TRUE, "Bailing out due to failure to daemonize. (PID=%d)", (int)getpid());
+					logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR, TRUE, "Bailing out due to failure to daemonize. (PID=%d)", nagios_pid);
 
 #ifdef USE_EVENT_BROKER
 					/* send program data to broker */
@@ -604,12 +612,13 @@
 					exit(ERROR);
 					}
 
-				asprintf(&buffer, "Finished daemonizing... (New PID=%d)\n", (int)getpid());
+				/* get new PID */
+				nagios_pid = (int)getpid();
+
+				asprintf(&buffer, "Finished daemonizing... (New PID=%d)\n", nagios_pid);
 				write_to_all_logs(buffer, NSLOG_PROCESS_INFO);
 				my_free(buffer);
 
-				/* get new PID */
-				nagios_pid = (int)getpid();
 				}
 
 			/* initialize status data unless we're starting */

------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov




More information about the Developers mailing list