[icinga-checkins] icinga.org: icinga-core/master: Fix duplicate read while having ssl

git at icinga.org git at icinga.org
Sun Oct 11 08:53:54 CEST 2009


Module: icinga-core
Branch: master
Commit: b6d0b1a2d94d9782b8c8e4d60be573306bcc358e
URL:    https://git.icinga.org/?p=icinga-core.git;a=commit;h=b6d0b1a2d94d9782b8c8e4d60be573306bcc358e

Author: Hendrik Baecker <andurin at process-zero.de>
Date:   Sat Sep 26 15:49:44 2009 +0200

Fix duplicate read while having ssl

---

 module/idoutils/src/ido2db.c |   19 +++++++++++++++++
 module/idoutils/src/idomod.c |    9 ++++++++
 module/idoutils/src/io.c     |   45 +++++++++++++++++++++++++++++++++++++++++-
 3 files changed, 72 insertions(+), 1 deletions(-)

diff --git a/module/idoutils/src/ido2db.c b/module/idoutils/src/ido2db.c
index c9ca85f..941c0de 100644
--- a/module/idoutils/src/ido2db.c
+++ b/module/idoutils/src/ido2db.c
@@ -410,6 +410,14 @@ int ndo2db_process_config_var(char *arg){
 		ndo2db_debug_verbosity=atoi(val);
 	else if(!strcmp(var,"max_debug_file_size"))
 		ndo2db_max_debug_file_size=strtoul(val,NULL,0);
+	else if(!strcmp(var,"use_ssl")){
+		if (strlen(val) == 1) {
+			if (isdigit((int)val[strlen(val)-1]) == NDO_TRUE)
+				use_ssl = atoi(val);
+			else
+				use_ssl = 0;
+		}
+	}
 
 	ndo2db_log_debug_info(NDO2DB_DEBUGL_PROCESSINFO, 2, "ndo2db_process_config_var() trim_db_interval=%lu\n", ndo2db_db_settings.trim_db_interval);
 	ndo2db_log_debug_info(NDO2DB_DEBUGL_PROCESSINFO, 2, "ndo2db_process_config_var() end\n");
@@ -968,7 +976,18 @@ int ndo2db_handle_client_connection(int sd){
 	/* read all data from client */
 	while(1){
 
+#ifdef HAVE_SSL
+		if(use_ssl==NDO_FALSE)
+			result=read(sd,buf,sizeof(buf)-1);
+		else{
+			result=SSL_read(ssl,buf,sizeof(buf)-1);
+			if(result==-1 && (SSL_get_error(ssl,result)==SSL_ERROR_WANT_READ)){
+				syslog(LOG_ERR,"SSL read error\n");
+			}
+		}
+#else
 		result=read(sd,buf,sizeof(buf)-1);
+#endif
 
 		/* bail out on hard errors */
 		if(result==-1) {
diff --git a/module/idoutils/src/idomod.c b/module/idoutils/src/idomod.c
index 916adeb..284089f 100644
--- a/module/idoutils/src/idomod.c
+++ b/module/idoutils/src/idomod.c
@@ -413,6 +413,15 @@ int ndomod_process_config_var(char *arg){
 	else if(!strcmp(var,"buffer_file"))
 		ndomod_buffer_file=strdup(val);
 
+	else if(!strcmp(var,"use_ssl")){
+		if (strlen(val) == 1) {
+			if (isdigit((int)val[strlen(val)-1]) == NDO_TRUE)
+				use_ssl = atoi(val);
+			else
+				use_ssl = 0;
+			}
+	}
+
 	else
 		return NDO_ERROR;
 
diff --git a/module/idoutils/src/io.c b/module/idoutils/src/io.c
index a45c5ca..fcebc51 100644
--- a/module/idoutils/src/io.c
+++ b/module/idoutils/src/io.c
@@ -11,6 +11,14 @@
 #include "../include/common.h"
 #include "../include/io.h"
 
+#ifdef HAVE_SSL
+SSL_METHOD *meth;
+SSL_CTX *ctx;
+SSL *ssl;
+int use_ssl=NDO_FALSE;
+#else
+int use_ssl=NDO_FALSE;
+#endif
 
 
 
@@ -182,6 +190,23 @@ int ndo_sink_open(char *name, int fd, int type, int port, int flags, int *nfd){
 		if(name==NULL)
 			return NDO_ERROR;
 		
+#ifdef HAVE_SSL
+		if(use_ssl==NDO_TRUE){
+			SSL_library_init();
+			SSLeay_add_ssl_algorithms();
+			meth=SSLv23_client_method();
+			SSL_load_error_strings();
+
+			if((ctx=SSL_CTX_new(meth))==NULL){
+					printf("IDOUtils: Error - could not create SSL context.\n");
+					return NDO_ERROR;
+			}
+			/* ADDED 01/19/2004 */
+			/* use only TLSv1 protocol */
+			SSL_CTX_set_options(ctx,SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+		}
+#endif
+
 		/* clear the address */
 		bzero((char *)&server_address_i,sizeof(server_address_i));
 
@@ -208,7 +233,25 @@ int ndo_sink_open(char *name, int fd, int type, int port, int flags, int *nfd){
 			close(newfd);
 			return NDO_ERROR;
 		        }
-	        }
+
+#ifdef HAVE_SSL
+		if(use_ssl==NDO_TRUE){
+			if((ssl=SSL_new(ctx))!=NULL){
+				SSL_CTX_set_cipher_list(ctx,"ADH");
+				SSL_set_fd(ssl,newfd);
+				if((rc=SSL_connect(ssl))!=1){
+					printf("Error - Could not complete SSL handshake.\n");
+					SSL_CTX_free(ctx);
+					close(newfd);
+					return NDO_ERROR;
+				}
+			} else {
+				printf("IDOUtils: Error - Could not create SSL connection structure.\n");
+				return NDO_ERROR;
+			}
+		}
+#endif
+		}
 
 	/* unknown sink type */
 	else





More information about the icinga-checkins mailing list