tyler.durden/centreon-plugins
1
0
Fork 0
mirror of https://github.com/centreon/centreon-plugins.git synced 2025-07-28 16:14:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

secure(nrpe): ssl-options use safe module (#3097)

Browse Source
This commit is contained in:
qgarnier 2021-09-10 16:01:09 +02:00 committed by GitHub
parent b0092b6046
commit 6d5a07925a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 55 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
centreon/plugins/nrpe.pm
View File

@ -22,6 +22,7 @@ package centreon::plugins::nrpe;
use strict; use strict;
use warnings; use warnings;
use centreon::plugins::misc;
use Convert::Binary::C; use Convert::Binary::C;
use Digest::CRC 'crc32'; use Digest::CRC 'crc32';
use IO::Socket; use IO::Socket;
@ -87,22 +88,65 @@ sub check_options {
$self->{nrpe_params}->{Domain} = AF_INET6; $self->{nrpe_params}->{Domain} = AF_INET6;
} }
$self->{ssl_context} = ''; $self->{ssl_context} = {};
my $append = '';
foreach (@{$options{option_results}->{ssl_opt}}) { foreach (@{$options{option_results}->{ssl_opt}}) {
if ($_ ne '' && $_ =~ /.*=>.*/) { if (/(SSL_[A-Za-z_]+)\s+=>\s*(\S+)/) {
$self->{ssl_context} .= $append . $_; my $value = $2;
$append = ', '; $value = $self->assign_eval(eval => $value);
$self->{ssl_context}->{$1} = $value;
} }
} }
} }
sub load_eval {
my ($self) = @_;
my ($code) = centreon::plugins::misc::mymodule_load(
output => $self->{output}, module => 'Safe',
no_quit => 1
);
if ($code == 0) {
$self->{safe} = Safe->new();
$self->{safe}->permit_only(':base_core', 'rv2gv', 'padany');
$self->{safe}->share('$values');
$self->{safe}->share('$assign_var');
$self->{safe}->share_from('IO::Socket::SSL', [
'SSL_VERIFY_NONE', 'SSL_VERIFY_PEER', 'SSL_VERIFY_FAIL_IF_NO_PEER_CERT', 'SSL_VERIFY_CLIENT_ONCE',
'SSL_RECEIVED_SHUTDOWN', 'SSL_SENT_SHUTDOWN',
'SSL_OCSP_NO_STAPLE', 'SSL_OCSP_MUST_STAPLE', 'SSL_OCSP_FAIL_HARD', 'SSL_OCSP_FULL_CHAIN', 'SSL_OCSP_TRY_STAPLE'
]);
}
$self->{safe_test} = 1;
}
sub assign_eval {
my ($self, %options) = @_;
$self->load_eval() if (!defined($self->{safe_test}) || $self->{safe_test} == 0);
our $assign_var;
if (defined($self->{safe})) {
our $values = $options{values};
$self->{safe}->reval("\$assign_var = $options{eval}", 1);
if ($@) {
die 'Unsafe code evaluation: ' . $@;
}
} else {
my $values = $options{values};
eval "\$assign_var = $options{eval}";
}
return $assign_var;
}
sub create_socket { sub create_socket {
my ($self, %options) = @_; my ($self, %options) = @_;
my $socket; my $socket;
if ($self->{ssl_context} ne '') { if (scalar(keys %{$self->{ssl_context}} > 0)) {
$socket = IO::Socket::SSL->new(%{$self->{nrpe_params}}, eval $self->{ssl_context}); $socket = IO::Socket::SSL->new(%{$self->{nrpe_params}}, %{$self->{ssl_context}});
if (!$socket) { if (!$socket) {
$self->{output}->add_option_msg(short_msg => "Failed to establish SSL connection: $!, ssl_error=$SSL_ERROR"); $self->{output}->add_option_msg(short_msg => "Failed to establish SSL connection: $!, ssl_error=$SSL_ERROR");
$self->{output}->option_exit(); $self->{output}->option_exit();
@ -454,8 +498,8 @@ Timeout in secondes (Default: 10).
=item B<--ssl-opt> =item B<--ssl-opt>
Set SSL Options (--ssl-opt="SSL_version => 'TLSv1'" --ssl-opt="SSL_verify_mode => 0" Set SSL Options (--ssl-opt="SSL_version => 'TLSv1'" --ssl-opt="SSL_verify_mode => SSL_VERIFY_NONE"
--ssl-opt="SSL_cipher_list => ALL"). --ssl-opt="SSL_cipher_list => 'ALL'").
=back =back

2
centreon/plugins/output.pm
View File

@ -911,6 +911,8 @@ sub load_eval {
$self->{safe}->share('$values'); $self->{safe}->share('$values');
$self->{safe}->share('$assign_var'); $self->{safe}->share('$assign_var');
} }
$self->{safe_test} = 1;
} }
sub test_eval { sub test_eval {