This message is in MIME format.
---MOQ10428202058884fab3c1d3fe88c928059037866568
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Ethan,
Here are the diffs for the current code, and the changes to the Makefile =
are.
LDFLAGS=3D-I/usr/local/ssl/include -L/usr/local/ssl/lib -R/usr/local/ssl/=
lib
SOCKETLIBS=3D -lnsl -lsocket -lcrypto
Things that need to be changed.=20
- My coding is not the greatest, and parts of this were taken from openss=
l=20
samples so there is always room for improvement.
- The encryption PW is a static variable right now that I want to move to=
the=20
config file and command line.
- The Encryption Key salt is a static set right now and I want to make it=
more=20
dynamic. I don't want to get into a whole diffe key exchange setup though=
so I=20
was thinking basing it on date or day and hour. This just ensures that ea=
ch day=20
or hour the encoded data would be different.
- While doing my best to not use strcpy's and only using length limited b=
uffer=20
commands I have not completed all the buffer checking overview. Encrypted=
data=20
is weird in that you can't do strlen functions or other so the length has=
to be=20
tracked. That is why I Hex convert the encrypted data to make it suitable=
for=20
transport.
- This only encrypts the packet buffer.
All comments and code changes welcome.
This is based on NRPE 1.6 source.
Thanks for your time.
Derrick
Quoting Ethan Galstad :
> Can you post a copy to the list? I'm about to start adding crypto=20
> support to NRPE for support of command arguments and want to compare=20
> this with libmcrypt before deciding what to use. Thanks.
>=20
>=20
> On 15 Jan 2003 at 11:57, local.coder wrote:
>=20
> > Hello all,
> >=20
> > Been a while since I have made any changes and posted but this time i=
t's
> kind=20
> > of a biggy. I have been working on NRPE for the last few days and hav=
e
> added in=20
> > tcp buffer encryption for the data going to and from check_nrpe to NR=
PE for
> a=20
> > local requirement and wanted to get the code into the tree for others=
to
> use.=20
> > Based on input from Ethan way back I have opted to use the Openssl li=
bs for
>=20
> > encryption so as to limit extra needs and options and to allow for ea=
sy=20
> > adaptation and selection of encryption routines. However I am not the
> worlds=20
> > best programmer and would like at least one other person to review my
> diff's or=20
> > full code for check_nrpe.c and nrpe.c to validate I haven't made any =
huge=20
> > mistakes or missed something major. So if anyone would like to have a=
spin
> with=20
> > it please email me and once it's all cleaned up I will post the diff'=
s to
> here=20
> > for the tree if everyone wants it.=20
> >=20
> > I also have not put in all the happy Define's that say only compile t=
his if
>=20
> > openssl is installed so that may take me some more time as is.
> >=20
> > Thoughts & comments welcome,
> > Derrick
> >=20
> >=20
> >=20
> >=20
> > -------------------------------------------------------
> > This SF.NET email is sponsored by: A Thawte Code Signing Certificate=20
> > is essential in establishing user confidence by providing assurance o=
f=20
> > authenticity and code integrity. Download our Free Code Signing guide=
:
> > http://ads.sourceforge.net/cgi-bin/redi ... thaw0028en
> > _______________________________________________
> > Nagios-devel mailing list
> > Nagios-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/lis ... gios-devel
> >=20
>=20
>=20
>=20
> Ethan Galstad,
> Nagios Developer
> ---
> Email: nagios@nagios.org
> Website: http://www.nagios.org
>=20
>=20
>=20
> -------------------------------------------------------
> This SF.NET email is sponsored by: Thawte.com
> Understand how to protect your customers personal information by
> implementing
> SSL on your Apache Web Server. Click here to get our FREE Thawte Apache=
=20
> Guide: http://ads.sourceforge.net/cgi-bin/redi ... thaw0029en
> _______________________________________________
> Nagios-devel
...[email truncated]...
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: moe@novageeks.org