* Ricardo Jose Maraschini ([email protected]) wrote:
> hya,
>
> aren't we supposed to check for exec permission on nagios binary file
> only after drop our privileges to nagios user?
> if that's right, the patch below make it happen after
> drop_privileges(). once we spawn our workers only when we're already
> running as nagios user, maybe the assumption above is right.
>
> another interesting think is that we keep calling
> getpid() function even if we already have pid on a variable, the patch
> below fixes it.
>
> a last think, iobroker_create() may return NULL. in that case what
> is the correct behaviour? exit nagios?
>
> ah, ok, i miss that, we are exiting with ERROR code only in one place,
> all the others go out with EXIT_FAILURE, so i've change it.
>
> comments? kicks? punchs?
>
> Index: base/nagios.c
> ===================================================================
> --- base/nagios.c (revision 2472)
> +++ base/nagios.c (working copy)
> @@ -430,24 +430,12 @@
> /* else start to monitor things... */
> else {
>
> - /*
> - * if we're called with a relative path we must make
> - * it absolute so we can launch our workers.
> - * If not, we needn't bother, as we're using execvp()
> - */
> - if (strchr(argv[0], '/')) {
> - nagios_binary_path = nspath_absolute(argv[0], NULL);
> - if (access(nagios_binary_path, X_OK) - logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: failed to access() %s: %s\n", nagios_binary_path, strerror(errno));
> - logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: Spawning workers will be impossible. Aborting.\n");
> - exit(EXIT_FAILURE);
> - }
> - }
> - else {
> - nagios_binary_path = strdup(argv[0]);
> - }
>
> nagios_iobs = iobroker_create();
> + if (nagios_iobs == NULL) {
> + logit(NSLOG_RUNTIME_ERROR, TRUE, "Unable to create io_broker. Aborting.\n");
> + exit(EXIT_FAILURE);
> + }
>
> /* keep monitoring things until we get a shutdown command */
> do {
> @@ -478,9 +466,29 @@
> logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR | NSLOG_CONFIG_ERROR, TRUE, "Failed to drop privileges. Aborting.");
>
> cleanup();
> - exit(ERROR);
> + exit(EXIT_FAILURE);
> }
>
> + /*
> + * if we're called with a relative path we must make
> + * it absolute so we can launch our workers.
> + * If not, we needn't bother, as we're using execvp()
> + */
> + if (nagios_binary_path == NULL) {
> +
> + if (strchr(argv[0], '/')) {
> + nagios_binary_path = nspath_absolute(argv[0], NULL);
> + } else {
> + nagios_binary_path = strdup(argv[0]);
> + }
> +
> + if (access(nagios_binary_path, X_OK) + logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: failed to access() %s: %s\n", nagios_binary_path, strerror(errno));
> + logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: Spawning workers will be impossible. Aborting.\n");
> + exit(EXIT_FAILURE);
> + }
> + }
> +
> #ifdef USE_EVENT_BROKER
> /* initialize modules */
> neb_init_modules();
> @@ -489,7 +497,7 @@
> timing_point("NEB module API initialized\n");
>
> /* this must be logged after we read config data, as user may have changed location of main log file */
> - logit(NSLOG_PROCESS_INFO, TRUE, "Nagios %s starting... (PID=%d)\n", PROGRAM_VERSION, (int)getpid());
> + logit(NSLOG_PROCESS_INFO, TRUE, "Nagios %s starting... (PID=%d)\n", PROGRAM_VERSION, nagios_pid);
>
> /* log the local time - may be different than clock time due to timezone offset */
> now = time(NULL);
> @@ -545,13 +553,13 @@
>
> /* there was a problem reading the config files */
> if(result != OK)
> - logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR | NSLOG_CONFIG_ERROR, TRUE, "Bailing out due to one or more errors encountered in the configuration files. Run Nagios from the command line with the -v option to verify your config before restarting. (PID=%d)", (int)getpid());
> + logit(NSLOG_PROCESS_INFO | NSLOG_RUNTIME_ERROR | NSLOG_CONFIG_ERROR, TRUE, "Bailing out due to one or more errors encountered in the configuration files. Run Nagios from the command li
...[email truncated]...
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]