[Pkg-nagios-changes] [pkg-nagios] r851 - in
nagios-nsca/trunk/debian: . patches po
Sean Finney
seanius at costa.debian.org
Sun Mar 12 10:27:33 UTC 2006
Author: seanius
Date: 2006-03-12 10:27:32 +0000 (Sun, 12 Mar 2006)
New Revision: 851
Added:
nagios-nsca/trunk/debian/config
nagios-nsca/trunk/debian/prerm
Modified:
nagios-nsca/trunk/debian/changelog
nagios-nsca/trunk/debian/nsca.templates
nagios-nsca/trunk/debian/patches/05_nsca_chroot.dpatch
nagios-nsca/trunk/debian/po/templates.pot
nagios-nsca/trunk/debian/postinst
nagios-nsca/trunk/debian/postrm
nagios-nsca/trunk/debian/rules
Log:
the great thing about 4 hour trainrides...
chrooting support and debconf-based support for activating/deactivating
the initscript should now be complete, though some further testing would
be a good thing.
Modified: nagios-nsca/trunk/debian/changelog
===================================================================
--- nagios-nsca/trunk/debian/changelog 2006-02-24 19:24:00 UTC (rev 850)
+++ nagios-nsca/trunk/debian/changelog 2006-03-12 10:27:32 UTC (rev 851)
@@ -3,11 +3,14 @@
* NOT RELEASED YET
[sean finney]
- * (INCOMPLETE) Add debconf logic for whether nsca service should
- be installed at boot time.
- * (INCOMPLETE) initial work at chrooting support. there are some
- system calls that still need to be moved before the chroot()'ing
- code, and there are some problems with syslog()'ing too.
+ * add debconf support for whether nsca service should
+ be installed at boot time. if nagios/nagios2 is installed
+ the default behaviour is to start/stop the daemon. otherwise,
+ the default is to not activate it. this should make a single nsca
+ package useful for both "central server" and "satellite"
+ installations, as well as making it easier for admins to run
+ it out of inetd configurations as well.
+ * nsca now supports chrooting when run in daemon mode.
[marc haber]
* remove install calls from debian/rules, use dh_install to ease
Added: nagios-nsca/trunk/debian/config
===================================================================
--- nagios-nsca/trunk/debian/config 2006-02-24 19:24:00 UTC (rev 850)
+++ nagios-nsca/trunk/debian/config 2006-03-12 10:27:32 UTC (rev 851)
@@ -0,0 +1,33 @@
+#!/bin/sh -e
+
+if [ ! "$1" = "configure" ] && [ ! "$1" = "reconfigure" ]; then exit 0; fi
+
+. /usr/share/debconf/confmodule
+
+# if nsca's init script is already configured, we must reflect
+# that as the source of configuration, not debconf itself.
+set +e
+invoke-rc.d --query nsca start
+invoke_said=$?
+set -e
+
+case $invoke_said in
+# 101 == disabled, 104 == enabled. do nothing for either
+101|104)
+;;
+*)
+ if which nagios >/dev/null 2>&2 || which nagios2 >/dev/null; then
+ default_run_nsca_daemon="true"
+ else
+ default_run_nsca_daemon="false"
+ fi
+;;
+esac
+
+db_fget nsca/run-nsca-daemon seen
+seen="$RET"
+if [ "$seen" = "false" ]; then
+ db_set nsca/run-nsca-daemon "$default_run_nsca_daemon"
+fi
+db_input medium nsca/run-nsca-daemon || true
+db_go || true
Modified: nagios-nsca/trunk/debian/nsca.templates
===================================================================
--- nagios-nsca/trunk/debian/nsca.templates 2006-02-24 19:24:00 UTC (rev 850)
+++ nagios-nsca/trunk/debian/nsca.templates 2006-03-12 10:27:32 UTC (rev 851)
@@ -8,4 +8,6 @@
If the system on which you are installing nsca also runs the nagios
daemon, you should most likely choose this option. If you are installing
nsca on a remote "satellite" system for the purpose of sending service
- checks to a central nagios host, you should not choose this option.
+ checks to a central nagios host, you should not choose this option. If
+ you wish to run nsca as a service through inetd/xinetd, you should
+ also not choose this option.
Modified: nagios-nsca/trunk/debian/patches/05_nsca_chroot.dpatch
===================================================================
--- nagios-nsca/trunk/debian/patches/05_nsca_chroot.dpatch 2006-02-24 19:24:00 UTC (rev 850)
+++ nagios-nsca/trunk/debian/patches/05_nsca_chroot.dpatch 2006-03-12 10:27:32 UTC (rev 851)
@@ -5,9 +5,9 @@
## DP: No description.
@DPATCH@
-diff -urNad nsca-2.5~/sample-config/nsca.cfg.in nsca-2.5/sample-config/nsca.cfg.in
---- nsca-2.5~/sample-config/nsca.cfg.in 2006-02-24 19:26:49.000000000 +0100
-+++ nsca-2.5/sample-config/nsca.cfg.in 2006-02-24 19:26:49.000000000 +0100
+diff -urNad --exclude=CVS --exclude=.svn ./sample-config/nsca.cfg.in /home/sean/tmp/dpep-work.UkPN7v/nsca-2.5/sample-config/nsca.cfg.in
+--- ./sample-config/nsca.cfg.in 2006-03-11 17:55:13.000000000 +0100
++++ /home/sean/tmp/dpep-work.UkPN7v/nsca-2.5/sample-config/nsca.cfg.in 2006-03-11 17:55:13.000000000 +0100
@@ -42,13 +42,22 @@
nsca_group=@nsca_grp@
@@ -21,7 +21,7 @@
+# NOTE: if you specify this option, the command file will be opened
+# relative to this directory.
+
-+#nsca_chroot=@nsca_chroot@
++#nsca_chroot=/var/run/nagios/rw
# DEBUGGING OPTION
@@ -32,10 +32,23 @@
debug=0
-diff -urNad nsca-2.5~/src/nsca.c nsca-2.5/src/nsca.c
---- nsca-2.5~/src/nsca.c 2006-02-24 19:26:49.000000000 +0100
-+++ nsca-2.5/src/nsca.c 2006-02-24 19:27:45.000000000 +0100
-@@ -54,6 +54,8 @@
+diff -urNad --exclude=CVS --exclude=.svn ./src/nsca.c /home/sean/tmp/dpep-work.UkPN7v/nsca-2.5/src/nsca.c
+--- ./src/nsca.c 2006-03-11 17:55:13.000000000 +0100
++++ /home/sean/tmp/dpep-work.UkPN7v/nsca-2.5/src/nsca.c 2006-03-11 17:55:32.000000000 +0100
+@@ -40,8 +40,11 @@
+ static int open_command_file(void);
+ static void close_command_file(void);
+ static void install_child_handler(void);
+-static int drop_privileges(char *,char *);
++static int get_user_info(const char *user, uid_t *uid);
++static int get_group_info(const char *group, gid_t *gid);
++static int drop_privileges(const char *,uid_t,gid_t);
+ static int write_check_result(char *,char *,int,char *,time_t);
++static void do_chroot(void);
+ static void do_exit(int);
+
+ static enum { OPTIONS_ERROR, SINGLE_PROCESS_DAEMON, MULTI_PROCESS_DAEMON, INETD } mode=SINGLE_PROCESS_DAEMON;
+@@ -54,6 +57,8 @@
char *nsca_user=NULL;
char *nsca_group=NULL;
@@ -44,34 +57,57 @@
int show_help=FALSE;
int show_license=FALSE;
int show_version=FALSE;
-@@ -143,7 +145,7 @@
+@@ -88,6 +93,8 @@
+ int main(int argc, char **argv){
+ char buffer[MAX_INPUT_BUFFER];
+ int result;
++ uid_t uid=-1;
++ gid_t gid=-1;
+ /* process command-line arguments */
+@@ -143,7 +150,7 @@
+
+
/* open a connection to the syslog facility */
- openlog("nsca",LOG_PID,LOG_DAEMON);
+ openlog("nsca",LOG_PID|LOG_NDELAY,LOG_DAEMON);
/* make sure the config file uses an absolute path */
if(config_file[0]!='/'){
-@@ -175,6 +177,17 @@
+@@ -175,11 +182,13 @@
/* generate the CRC 32 table */
generate_crc32_table();
-+ /* chroot if configured to do so */
-+ if(nsca_chroot != NULL){
-+ if(chdir(nsca_chroot)){
-+ syslog(LOG_ERR, "can not chdir into chroot directory.");
-+ do_exit(STATE_UNKNOWN);
-+ }
-+ if(chroot(".")){
-+ syslog(LOG_ERR, "can not perform chroot operation.");
-+ do_exit(STATE_UNKNOWN);
-+ }
-+ }
-
+-
/* how should we handle client connections? */
switch(mode){
-@@ -411,6 +424,9 @@
+
+ case INETD:
++ /* chroot if configured */
++ do_chroot();
++
+ /* if we're running under inetd, handle one connection and get out */
+ handle_connection(0,NULL);
+ break;
+@@ -209,8 +218,15 @@
+ open("/dev/null",O_WRONLY);
+ open("/dev/null",O_WRONLY);
+
++ /* get group information before chrooting */
++ get_user_info(nsca_user, &uid);
++ get_group_info(nsca_group, &gid);
++
++ /* chroot if configured */
++ do_chroot();
++
+ /* drop privileges */
+- drop_privileges(nsca_user,nsca_group);
++ drop_privileges(nsca_user,uid,gid);
+
+ /* wait for connections */
+ wait_for_connections();
+@@ -411,6 +427,9 @@
else if(!strcmp(varname,"nsca_group"))
nsca_group=strdup(varvalue);
@@ -81,3 +117,152 @@
else{
syslog(LOG_ERR,"Unknown option specified in config file '%s' - Line %d\n",filename,line);
+@@ -1144,62 +1163,71 @@
+ return OK;
+ }
+
++/* get user information */
++static int get_user_info(const char *user, uid_t *uid){
++ const struct passwd *pw=NULL;
++
++ if(user!=NULL){
++ /* see if this is a user name */
++ if(strspn(user,"0123456789")<strlen(user)){
++ pw=(struct passwd *)getpwnam(user);
++ if(pw!=NULL)
++ *uid=(uid_t)(pw->pw_uid);
++ else
++ syslog(LOG_ERR,"Warning: Could not get passwd entry for '%s'",user);
++ endpwent();
++ }
++
++ /* else we were passed the UID */
++ else
++ *uid=(uid_t)atoi(user);
+
++ } else
++ *uid=geteuid();
+
+-/* drops privileges */
+-static int drop_privileges(char *user, char *group){
+- uid_t uid=-1;
+- gid_t gid=-1;
+- struct group *grp;
+- struct passwd *pw;
++ return OK;
++}
+
+- /* set effective group ID */
++
++/* get group information */
++static int get_group_info(const char *group, gid_t *gid){
++ const struct group *grp=NULL;
++
++ /* get group ID */
+ if(group!=NULL){
+-
+ /* see if this is a group name */
+ if(strspn(group,"0123456789")<strlen(group)){
+ grp=(struct group *)getgrnam(group);
+ if(grp!=NULL)
+- gid=(gid_t)(grp->gr_gid);
++ *gid=(gid_t)(grp->gr_gid);
+ else
+ syslog(LOG_ERR,"Warning: Could not get group entry for '%s'",group);
+ endgrent();
+- }
++ }
+
+ /* else we were passed the GID */
+ else
+- gid=(gid_t)atoi(group);
++ *gid=(gid_t)atoi(group);
++ } else
++ *gid=getegid();
+
+- /* set effective group ID if other than current EGID */
+- if(gid!=getegid()){
++ return OK;
++}
+
+- if(setgid(gid)==-1)
+- syslog(LOG_ERR,"Warning: Could not set effective GID=%d",(int)gid);
+- }
+- }
+
++/* drops privileges */
++static int drop_privileges(const char *user, uid_t uid, gid_t gid){
++ struct group *grp;
++ struct passwd *pw;
+
+- /* set effective user ID */
+- if(user!=NULL){
+-
+- /* see if this is a user name */
+- if(strspn(user,"0123456789")<strlen(user)){
+- pw=(struct passwd *)getpwnam(user);
+- if(pw!=NULL)
+- uid=(uid_t)(pw->pw_uid);
+- else
+- syslog(LOG_ERR,"Warning: Could not get passwd entry for '%s'",user);
+- endpwent();
+- }
++ /* set effective group ID if other than current EGID */
++ if(gid!=getegid()){
++ if(setgid(gid)==-1)
++ syslog(LOG_ERR,"Warning: Could not set effective GID=%d",(int)gid);
++ }
+
+- /* else we were passed the UID */
+- else
+- uid=(uid_t)atoi(user);
+-
+ #ifdef HAVE_INITGROUPS
+-
+ if(uid!=geteuid()){
+-
+ /* initialize supplementary groups */
+ if(initgroups(user,gid)==-1){
+ if(errno==EPERM)
+@@ -1207,14 +1235,34 @@
+ else{
+ syslog(LOG_ERR,"Warning: Possibly root user failed dropping privileges with initgroups()");
+ return ERROR;
+- }
+- }
+- }
++ }
++ }
++ }
+ #endif
+
+ if(setuid(uid)==-1)
+- syslog(LOG_ERR,"Warning: Could not set effective UID=%d",(int)uid);
+- }
++ syslog(LOG_ERR,"Error: Could not set effective UID=%d",(int)uid);
+
+- return OK;
+- }
++ return OK;
++}
++
++/* perform the chroot() operation if configured to do so */
++void do_chroot(void){
++ int retval=0;
++ const char *err=NULL;
++
++ if(nsca_chroot != NULL){
++ retval=chdir(nsca_chroot);
++ if(retval!=0){
++ err=strerror(errno);
++ syslog(LOG_ERR, "can not chdir into chroot directory: %s", err);
++ do_exit(STATE_UNKNOWN);
++ }
++ retval=chroot(".");
++ if(retval!=0){
++ err=strerror(errno);
++ syslog(LOG_ERR, "can not chroot: %s", err);
++ do_exit(STATE_UNKNOWN);
++ }
++ }
++}
Modified: nagios-nsca/trunk/debian/po/templates.pot
===================================================================
--- nagios-nsca/trunk/debian/po/templates.pot 2006-02-24 19:24:00 UTC (rev 850)
+++ nagios-nsca/trunk/debian/po/templates.pot 2006-03-12 10:27:32 UTC (rev 851)
@@ -16,7 +16,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2006-02-22 12:40+0100\n"
+"POT-Creation-Date: 2006-03-11 18:47+0100\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL at ADDRESS>\n"
"Language-Team: LANGUAGE <LL at li.org>\n"
@@ -26,13 +26,13 @@
#. Type: boolean
#. Description
-#: ../nsca.templates:4
+#: ../nsca.templates:3
msgid "Should the nsca daemon be enabled by default?"
msgstr ""
#. Type: boolean
#. Description
-#: ../nsca.templates:4
+#: ../nsca.templates:3
msgid ""
"The nsca daemon is the process that handles results service checks sent via "
"send_nsca on remote hosts. Typically the nsca daemon is only needed on "
@@ -41,10 +41,12 @@
#. Type: boolean
#. Description
-#: ../nsca.templates:4
+#: ../nsca.templates:3
msgid ""
"If the system on which you are installing nsca also runs the nagios daemon, "
"you should most likely choose this option. If you are installing nsca on a "
"remote \"satellite\" system for the purpose of sending service checks to a "
-"central nagios host, you should not choose this option."
+"central nagios host, you should not choose this option. If you wish to run "
+"nsca as a service through inetd/xinetd, you should also not choose this "
+"option."
msgstr ""
Modified: nagios-nsca/trunk/debian/postinst
===================================================================
--- nagios-nsca/trunk/debian/postinst 2006-02-24 19:24:00 UTC (rev 850)
+++ nagios-nsca/trunk/debian/postinst 2006-03-12 10:27:32 UTC (rev 851)
@@ -1,17 +1,45 @@
#! /bin/sh
+. /usr/share/debconf/confmodule
+
pkg=nsca
case "$1" in
- configure)
- ;;
- abort-upgrade|abort-remove|abort-deconfigure)
- exit 0
- ;;
- *)
- echo "postinst called with unknown argument"
- exit 1
- ;;
+configure)
+ db_get nsca/run-nsca-daemon
+ runnsca="$RET"
+ ;;
+abort-upgrade|abort-remove|abort-deconfigure)
+ exit 0
+ ;;
+*)
+ echo "postinst called with unknown argument"
+ exit 1
+ ;;
esac
+# do this manually to allow the debconf setting to control it:
+# (don't worry, the debconf setting respects the local modifications)
+if [ -x "/etc/init.d/nsca" ]; then
+ # if runnsca is set to either true/false, that means the user
+ # has just provided an answer (we unset it after every run). in
+ # any case that means we have to remove runlevel links first
+ if [ -n "$runnsca" ]; then
+ update-rc.d -f nsca remove >/dev/null 2>&1
+ fi
+
+ if [ "$runnsca" = "false" ]; then
+ update-rc.d nsca stop 16 2 3 4 5 .
+ else
+ update-rc.d nsca defaults >/dev/null
+ if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
+ invoke-rc.d nsca start || exit 0
+ else
+ /etc/init.d/nsca start || exit 0
+ fi
+ fi
+fi
+
+db_reset nsca/run-nsca-daemon
+
#DEBHELPER#
Modified: nagios-nsca/trunk/debian/postrm
===================================================================
--- nagios-nsca/trunk/debian/postrm 2006-02-24 19:24:00 UTC (rev 850)
+++ nagios-nsca/trunk/debian/postrm 2006-03-12 10:27:32 UTC (rev 851)
@@ -1,4 +1,4 @@
-#! /bin/sh
+#!/bin/sh -e
if [ "$1" = "purge" ] ; then
# to remain backwards-compatible with inetd and the like:
@@ -7,4 +7,8 @@
fi
fi
+if [ "$1" = "purge" ] ; then
+ update-rc.d nsca remove >/dev/null || exit 0
+fi
+
#DEBHELPER#
Added: nagios-nsca/trunk/debian/prerm
===================================================================
--- nagios-nsca/trunk/debian/prerm 2006-02-24 19:24:00 UTC (rev 850)
+++ nagios-nsca/trunk/debian/prerm 2006-03-12 10:27:32 UTC (rev 851)
@@ -0,0 +1,11 @@
+#!/bin/sh -e
+
+if [ -x "/etc/init.d/nsca" ]; then
+ if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
+ invoke-rc.d nsca stop || exit 0
+ else
+ /etc/init.d/nsca stop || exit 0
+ fi
+fi
+
+#DEBHELPER#
Modified: nagios-nsca/trunk/debian/rules
===================================================================
--- nagios-nsca/trunk/debian/rules 2006-02-24 19:24:00 UTC (rev 850)
+++ nagios-nsca/trunk/debian/rules 2006-03-12 10:27:32 UTC (rev 851)
@@ -57,7 +57,7 @@
dh_installchangelogs $(dhbuildpackages) Changelog
dh_installdocs $(dhbuildpackages) README
dh_installexamples $(dhbuildpackages)
- dh_installinit $(dhbuildpackages) -u defaults 30
+ dh_installinit $(dhbuildpackages) -n -u defaults 30
dh_installman $(dhbuildpackages)
dh_install $(dhbuildpackages)
for p in ${buildpackages}; do \
More information about the Pkg-nagios-changes
mailing list