nagios_binary_path X_OK perm validation an misc changes

Ricardo Jose Maraschini ricardo.maraschini at opservices.com.br
Tue Nov 27 17:26:20 CET 2012
Previous message: nagios_binary_path X_OK perm validation an misc changes
Next message: nagios_binary_path X_OK perm validation an misc changes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
* Ricardo Jose Maraschini (ricardo.maraschini at opservices.com.br) wrote:
> hya,
> 
> aren't we supposed to check for exec permission on nagios binary file
> only after drop our privileges to nagios user?
> if that's right, the patch below make it happen after
> drop_privileges(). once we spawn our workers only when we're already
> running as nagios user, maybe the assumption above is right.
> 
> another interesting think is that we keep calling
> getpid() function even if we already have pid on a variable, the patch
> below fixes it.
> 
> a last think, iobroker_create() may return NULL. in that case what
> is the correct behaviour? exit nagios?
> 
> ah, ok, i miss that, we are exiting with ERROR code only in one place,
> all the others go out with EXIT_FAILURE, so i've change it.
> 
> comments? kicks? punchs? 
> 
> Index: base/nagios.c
> ===================================================================
> --- base/nagios.c	(revision 2472)
> +++ base/nagios.c	(working copy)
> @@ -430,24 +430,12 @@
>  	/* else start to monitor things... */
>  	else {
>  
> -		/*
> -		 * if we're called with a relative path we must make
> -		 * it absolute so we can launch our workers.
> -		 * If not, we needn't bother, as we're using execvp()
> -		 */
> -		if (strchr(argv[0], '/')) {
> -			nagios_binary_path = nspath_absolute(argv[0], NULL);
> -			if (access(nagios_binary_path, X_OK) < 0) {
> -				logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: failed to access() %s: %s\n", nagios_binary_path, strerror(errno));
> -				logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: Spawning workers will be impossible. Aborting.\n");
> -				exit(EXIT_FAILURE);
> -				}
> -			}
> -		else {
> -			nagios_binary_path = strdup(argv[0]);
> -		}
>  
>  		nagios_iobs = iobroker_create();
> +		if (nagios_iobs == NULL) {
> +			logit(NSLOG_RUNTIME_ERROR, TRUE, "Unable to create io_broker. Aborting.\n");
> +			exit(EXIT_FAILURE);
> +		}
>  
>  		/* keep monitoring things until we get a shutdown command */
>  		do {
> @@ -478,9 +466,29 @@
>  				logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR | NSLOG_CONFIG_ERROR, TRUE, "Failed to drop privileges.  Aborting.");
>  
>  				cleanup();
> -				exit(ERROR);
> +				exit(EXIT_FAILURE);
>  				}
>  
> +			/*
> +			 * if we're called with a relative path we must make
> +			 * it absolute so we can launch our workers.
> +			 * If not, we needn't bother, as we're using execvp()
> +			 */
> +			if (nagios_binary_path == NULL) {
> +
> +				if (strchr(argv[0], '/')) {
> +					nagios_binary_path = nspath_absolute(argv[0], NULL);
> +				} else {
> +					nagios_binary_path = strdup(argv[0]);
> +				}
> +
> +				if (access(nagios_binary_path, X_OK) < 0) {
> +					logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: failed to access() %s: %s\n", nagios_binary_path, strerror(errno));
> +					logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: Spawning workers will be impossible. Aborting.\n");
> +					exit(EXIT_FAILURE);
> +				}
> +			}
> +
>  #ifdef USE_EVENT_BROKER
>  			/* initialize modules */
>  			neb_init_modules();
> @@ -489,7 +497,7 @@
>  			timing_point("NEB module API initialized\n");
>  
>  			/* this must be logged after we read config data, as user may have changed location of main log file */
> -			logit(NSLOG_PROCESS_INFO, TRUE, "Nagios %s starting... (PID=%d)\n", PROGRAM_VERSION, (int)getpid());
> +			logit(NSLOG_PROCESS_INFO, TRUE, "Nagios %s starting... (PID=%d)\n", PROGRAM_VERSION, nagios_pid);
>  
>  			/* log the local time - may be different than clock time due to timezone offset */
>  			now = time(NULL);
> @@ -545,13 +553,13 @@
>  
>  			/* there was a problem reading the config files */
>  			if(result != OK)
> -				logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR | NSLOG_CONFIG_ERROR, TRUE, "Bailing out due to one or more errors encountered in the configuration files. Run Nagios from the command line with the -v option to verify your config before restarting. (PID=%d)", (int)getpid());
> +				logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR | NSLOG_CONFIG_ERROR, TRUE, "Bailing out due to one or more errors encountered in the configuration files. Run Nagios from the command line with the -v option to verify your config before restarting. (PID=%d)", nagios_pid);
>  
>  			else {
>  
>  				/* run the pre-flight check to make sure everything looks okay*/
>  				if((result = pre_flight_check()) != OK)
> -					logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR | NSLOG_VERIFICATION_ERROR, TRUE, "Bailing out due to errors encountered while running the pre-flight check.  Run Nagios from the command line with the -v option to verify your config before restarting. (PID=%d)\n", (int)getpid());
> +					logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR | NSLOG_VERIFICATION_ERROR, TRUE, "Bailing out due to errors encountered while running the pre-flight check.  Run Nagios from the command line with the -v option to verify your config before restarting. (PID=%d)\n", nagios_pid);
>  				}
>  
>  			/* an error occurred that prevented us from (re)starting */
> @@ -594,7 +602,7 @@
>  
>  				/* we had an error daemonizing, so bail... */
>  				if(result == ERROR) {
> -					logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR, TRUE, "Bailing out due to failure to daemonize. (PID=%d)", (int)getpid());
> +					logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR, TRUE, "Bailing out due to failure to daemonize. (PID=%d)", nagios_pid);
>  
>  #ifdef USE_EVENT_BROKER
>  					/* send program data to broker */
> @@ -604,12 +612,13 @@
>  					exit(ERROR);
>  					}
>  
> -				asprintf(&buffer, "Finished daemonizing... (New PID=%d)\n", (int)getpid());
> +				/* get new PID */
> +				nagios_pid = (int)getpid();
> +
> +				asprintf(&buffer, "Finished daemonizing... (New PID=%d)\n", nagios_pid);
>  				write_to_all_logs(buffer, NSLOG_PROCESS_INFO);
>  				my_free(buffer);
>  
> -				/* get new PID */
> -				nagios_pid = (int)getpid();
>  				}
>  
>  			/* initialize status data unless we're starting */


any answer on this one?

------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
Previous message: nagios_binary_path X_OK perm validation an misc changes
Next message: nagios_binary_path X_OK perm validation an misc changes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Developers mailing list