nagios_binary_path X_OK perm validation an misc changes
Ricardo Jose Maraschini
ricardo.maraschini at opservices.com.br
Tue Nov 27 17:26:20 CET 2012
* Ricardo Jose Maraschini (ricardo.maraschini at opservices.com.br) wrote:
> hya,
>
> aren't we supposed to check for exec permission on nagios binary file
> only after drop our privileges to nagios user?
> if that's right, the patch below make it happen after
> drop_privileges(). once we spawn our workers only when we're already
> running as nagios user, maybe the assumption above is right.
>
> another interesting think is that we keep calling
> getpid() function even if we already have pid on a variable, the patch
> below fixes it.
>
> a last think, iobroker_create() may return NULL. in that case what
> is the correct behaviour? exit nagios?
>
> ah, ok, i miss that, we are exiting with ERROR code only in one place,
> all the others go out with EXIT_FAILURE, so i've change it.
>
> comments? kicks? punchs?
>
> Index: base/nagios.c
> ===================================================================
> --- base/nagios.c (revision 2472)
> +++ base/nagios.c (working copy)
> @@ -430,24 +430,12 @@
> /* else start to monitor things... */
> else {
>
> - /*
> - * if we're called with a relative path we must make
> - * it absolute so we can launch our workers.
> - * If not, we needn't bother, as we're using execvp()
> - */
> - if (strchr(argv[0], '/')) {
> - nagios_binary_path = nspath_absolute(argv[0], NULL);
> - if (access(nagios_binary_path, X_OK) < 0) {
> - logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: failed to access() %s: %s\n", nagios_binary_path, strerror(errno));
> - logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: Spawning workers will be impossible. Aborting.\n");
> - exit(EXIT_FAILURE);
> - }
> - }
> - else {
> - nagios_binary_path = strdup(argv[0]);
> - }
>
> nagios_iobs = iobroker_create();
> + if (nagios_iobs == NULL) {
> + logit(NSLOG_RUNTIME_ERROR, TRUE, "Unable to create io_broker. Aborting.\n");
> + exit(EXIT_FAILURE);
> + }
>
> /* keep monitoring things until we get a shutdown command */
> do {
> @@ -478,9 +466,29 @@
> logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR | NSLOG_CONFIG_ERROR, TRUE, "Failed to drop privileges. Aborting.");
>
> cleanup();
> - exit(ERROR);
> + exit(EXIT_FAILURE);
> }
>
> + /*
> + * if we're called with a relative path we must make
> + * it absolute so we can launch our workers.
> + * If not, we needn't bother, as we're using execvp()
> + */
> + if (nagios_binary_path == NULL) {
> +
> + if (strchr(argv[0], '/')) {
> + nagios_binary_path = nspath_absolute(argv[0], NULL);
> + } else {
> + nagios_binary_path = strdup(argv[0]);
> + }
> +
> + if (access(nagios_binary_path, X_OK) < 0) {
> + logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: failed to access() %s: %s\n", nagios_binary_path, strerror(errno));
> + logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: Spawning workers will be impossible. Aborting.\n");
> + exit(EXIT_FAILURE);
> + }
> + }
> +
> #ifdef USE_EVENT_BROKER
> /* initialize modules */
> neb_init_modules();
> @@ -489,7 +497,7 @@
> timing_point("NEB module API initialized\n");
>
> /* this must be logged after we read config data, as user may have changed location of main log file */
> - logit(NSLOG_PROCESS_INFO, TRUE, "Nagios %s starting... (PID=%d)\n", PROGRAM_VERSION, (int)getpid());
> + logit(NSLOG_PROCESS_INFO, TRUE, "Nagios %s starting... (PID=%d)\n", PROGRAM_VERSION, nagios_pid);
>
> /* log the local time - may be different than clock time due to timezone offset */
> now = time(NULL);
> @@ -545,13 +553,13 @@
>
> /* there was a problem reading the config files */
> if(result != OK)
> - logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR | NSLOG_CONFIG_ERROR, TRUE, "Bailing out due to one or more errors encountered in the configuration files. Run Nagios from the command line with the -v option to verify your config before restarting. (PID=%d)", (int)getpid());
> + logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR | NSLOG_CONFIG_ERROR, TRUE, "Bailing out due to one or more errors encountered in the configuration files. Run Nagios from the command line with the -v option to verify your config before restarting. (PID=%d)", nagios_pid);
>
> else {
>
> /* run the pre-flight check to make sure everything looks okay*/
> if((result = pre_flight_check()) != OK)
> - logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR | NSLOG_VERIFICATION_ERROR, TRUE, "Bailing out due to errors encountered while running the pre-flight check. Run Nagios from the command line with the -v option to verify your config before restarting. (PID=%d)\n", (int)getpid());
> + logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR | NSLOG_VERIFICATION_ERROR, TRUE, "Bailing out due to errors encountered while running the pre-flight check. Run Nagios from the command line with the -v option to verify your config before restarting. (PID=%d)\n", nagios_pid);
> }
>
> /* an error occurred that prevented us from (re)starting */
> @@ -594,7 +602,7 @@
>
> /* we had an error daemonizing, so bail... */
> if(result == ERROR) {
> - logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR, TRUE, "Bailing out due to failure to daemonize. (PID=%d)", (int)getpid());
> + logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR, TRUE, "Bailing out due to failure to daemonize. (PID=%d)", nagios_pid);
>
> #ifdef USE_EVENT_BROKER
> /* send program data to broker */
> @@ -604,12 +612,13 @@
> exit(ERROR);
> }
>
> - asprintf(&buffer, "Finished daemonizing... (New PID=%d)\n", (int)getpid());
> + /* get new PID */
> + nagios_pid = (int)getpid();
> +
> + asprintf(&buffer, "Finished daemonizing... (New PID=%d)\n", nagios_pid);
> write_to_all_logs(buffer, NSLOG_PROCESS_INFO);
> my_free(buffer);
>
> - /* get new PID */
> - nagios_pid = (int)getpid();
> }
>
> /* initialize status data unless we're starting */
any answer on this one?
------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
More information about the Developers
mailing list