Checkmk git commits August 2017

checkmk-commits@lists.checkmk.com

10 participants
201 discussions

5082 FIX gude_powerbanks: Adapted discovery of powerbanks

by Simon Betz

Module: check_mk Branch: master Commit: e276acb069a72745000cf60ec410a4a9cd00f3ed URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=e276acb069a727… Author: Simon Betz <si(a)mathias-kettner.de> Date: Fri Aug 4 09:49:00 2017 +0200 5082 FIX gude_powerbanks: Adapted discovery of powerbanks Devices with OID_END=38 are 12 port power switches with two powerbanks. Means each powerbank has 6 outlets. Here we can use ChanStatus in order to find out if one powerbank is enabled/used. Devices with OID_END=19 are simple switch outlets: 1 Port and 1 powerbank Once it's plugged in, the state is "on". Thus we use PortState in discovering function. Change-Id: I7311aca83abd3ae055e466114b43f7eab44e0d4e --- .werks/5082 | 17 +++++++++++++ checks/gude_powerbanks | 68 +++++++++++++++++++++++++++++++------------------- 2 files changed, 60 insertions(+), 25 deletions(-) diff --git a/.werks/5082 b/.werks/5082 new file mode 100644 index 0000000..54b0e8d --- /dev/null +++ b/.werks/5082 @@ -0,0 +1,17 @@ +Title: gude_powerbanks: Adapted discovery of powerbanks +Level: 1 +Component: checks +Class: fix +Compatible: compat +Edition: cre +State: unknown +Version: 1.5.0i1 +Date: 1501832832 + +Devices with OID_END=38 are 12 port power switches with two powerbanks. +Means each powerbank has 6 outlets. Here we can use ChanStatus in order +to find out if one powerbank is enabled/used. + +Devices with OID_END=19 are simple switch outlets: 1 Port and 1 powerbank +Once it's plugged in, the state is "on". Thus we use PortState in +discovering function. diff --git a/checks/gude_powerbanks b/checks/gude_powerbanks index 428b14d..faaa792 100644 --- a/checks/gude_powerbanks +++ b/checks/gude_powerbanks @@ -25,9 +25,14 @@ # Boston, MA 02110-1301 USA. -# 19:1100, 38:822X -# .1.3.6.1.4.1.28507.**.1.5.2.1.2.1 0 --> GUDEADS-EPC****-MIB::epc****OVPStatus.1 -# .1.3.6.1.4.1.28507.**.1.5.2.1.2.2 1 --> GUDEADS-EPC****-MIB::epc****OVPStatus.2 +# Knowledge from customer: +# Devices with OID_END=38 are 12 port power switches with two powerbanks. +# Means each powerbank has 6 outlets. Here we can use ChanStatus in order +# to find out if one powerbank is enabled/used. +# +# Device with OID_END=19 is a simple switch outlet: 1 Port and 1 powerbank +# Once it's plugged in, the state is "on". Thus we use PortState in +# discovering function. factory_settings["gude_powerbank_default_levels"] = { @@ -37,20 +42,24 @@ factory_settings["gude_powerbank_default_levels"] = { def parse_gude_powerbanks(info): + map_port_states = {"0" : (2, "off"), + "1" : (0, "on"),} + map_channel_states = {"0" : (2, "data not active"), + "1" : (0, "data valid"),} + + ports = dict(info[0]) parsed = {} for oid_idx, device_state, energy_str, active_power_str, \ - current_str, volt_str, freq_str, appower_str in info: + current_str, volt_str, freq_str, appower_str in info[1]: oid, idx = oid_idx.split(".") - if oid in [ "19" ]: - map_device_states = { "0" : (2, "off"), - "1" : (0, "on") } - if oid in [ "38" ]: - map_device_states = { "0" : (2, "data not active"), - "1" : (0, "data valid") } + if oid in ["19"]: + device_state = map_port_states[ports[oid_idx]] + if oid in ["38"]: + device_state = map_channel_states[device_state] parsed.setdefault(idx, { - "device_state" : map_device_states[device_state] + "device_state" : device_state }) for what, key, factor in [ @@ -65,22 +74,31 @@ def parse_gude_powerbanks(info): return parsed +def inventory_gude_powerbanks(parsed): + return [(powerbank, {}) for powerbank, attrs in parsed.items() + if attrs["device_state"][1] not in ["off", "data not active"]] + + check_info['gude_powerbanks'] = { - 'parse_function' : parse_gude_powerbanks, - 'inventory_function' : inventory_elphase, - 'check_function' : check_elphase, - 'service_description' : 'Powerbank %s', + 'parse_function' : parse_gude_powerbanks, + 'inventory_function' : inventory_gude_powerbanks, + 'check_function' : check_elphase, + 'service_description' : 'Powerbank %s', 'has_perfdata' : True, - 'snmp_info' : ('.1.3.6.1.4.1.28507', [ '19', '38' ], [ - OID_END, - "1.5.1.2.1.2", # GUDEADS-EPC****-MIB::epc****OVPStatus - "1.5.1.2.1.3", # GUDEADS-EPC****-MIB::epc****AbsEnergyActive - "1.5.1.2.1.4", # GUDEADS-EPC****-MIB::epc****PowerActive - "1.5.1.2.1.5", # GUDEADS-EPC****-MIB::epc****Current - "1.5.1.2.1.6", # GUDEADS-EPC****-MIB::epc****Voltage - "1.5.1.2.1.7", # GUDEADS-EPC****-MIB::epc****Frequency - "1.5.1.2.1.10", # GUDEADS-EPC****-MIB::epc****PowerApparent - ]), + 'snmp_info' : [('.1.3.6.1.4.1.28507', ['19', '38'], [ + OID_END, + "1.3.1.2.1.3", # GUDEADS=EPC****-MIB::epc****PortState + ]), + ('.1.3.6.1.4.1.28507', ['19', '38'], [ + OID_END, + "1.5.1.2.1.2", # GUDEADS-EPC****-MIB::epc****ChanStatus + "1.5.1.2.1.3", # GUDEADS-EPC****-MIB::epc****AbsEnergyActive + "1.5.1.2.1.4", # GUDEADS-EPC****-MIB::epc****PowerActive + "1.5.1.2.1.5", # GUDEADS-EPC****-MIB::epc****Current + "1.5.1.2.1.6", # GUDEADS-EPC****-MIB::epc****Voltage + "1.5.1.2.1.7", # GUDEADS-EPC****-MIB::epc****Frequency + "1.5.1.2.1.10", # GUDEADS-EPC****-MIB::epc****PowerApparent + ])], 'snmp_scan_function' : lambda oid: oid(".1.3.6.1.2.1.1.2.0").startswith(".1.3.6.1.4.1.28507.19") or \ oid(".1.3.6.1.2.1.1.2.0").startswith(".1.3.6.1.4.1.28507.38"), 'default_levels_variable' : 'gude_powerbank_default_levels',

7 years, 2 months

4787 HPE MCS 200: Added new checks for cooling device

by Marcel Arentz

Module: check_mk Branch: master Commit: b9d7e08ec8d63de6d9c9a2332d2556316bc14f91 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=b9d7e08ec8d63d… Author: Marcel Arentz <ma(a)mathias-kettner.de> Date: Tue Jun 6 12:08:43 2017 +0200 4787 HPE MCS 200: Added new checks for cooling device Change-Id: I4e194c0ee3ec61feab3ab904b79f3de2ecf374a8 --- .werks/4787 | 10 ++++ checkman/hp_mcs_sensors | 12 +++++ checkman/hp_mcs_sensors.fan | 13 +++++ checkman/hp_mcs_system | 15 ++++++ checks/hp_mcs.include | 28 +++++++++++ checks/hp_mcs_sensors | 120 ++++++++++++++++++++++++++++++++++++++++++++ checks/hp_mcs_system | 62 +++++++++++++++++++++++ 7 files changed, 260 insertions(+) Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=b9d7e08ec8…

7 years, 2 months

5025 FIX Make communication with smartping helpers more robust

by Sven Panne

Module: check_mk Branch: master Commit: 414116d637d3aa3dfec66d883e1fc723eece1b5e URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=414116d637d3aa… Author: Sven Panne <sp(a)mathias-kettner.de> Date: Thu Aug 3 14:36:44 2017 +0200 5025 FIX Make communication with smartping helpers more robust When the communication between the Micro Core and the smartping helpers (icmpsender/icmpreceiver) fails, we restart the latter, but we forgot to flush an internal buffer. In some cases this could lead to more communication problems later. This has been fixed. Change-Id: Ie412d21c66be994a5d292aebdeedf4274dd8dd89 --- .werks/5025 | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.werks/5025 b/.werks/5025 new file mode 100644 index 0000000..dd1ea20 --- /dev/null +++ b/.werks/5025 @@ -0,0 +1,13 @@ +Title: Make communication with smartping helpers more robust +Level: 1 +Component: core +Compatible: compat +Edition: cee +Version: 1.5.0i1 +Date: 1501763656 +Class: fix + +When the communication between the Micro Core and the smartping helpers +(icmpsender/icmpreceiver) fails, we restart the latter, but we forgot to +flush an internal buffer. In some cases this could lead to more +communication problems later. This has been fixed.

7 years, 2 months

5081 FIX Reporting: Fixed converting old title format into new one

by Simon Betz

Module: check_mk Branch: master Commit: 777017907ec9484b37f2d2a9012ef28faa702291 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=777017907ec948… Author: Simon Betz <si(a)mathias-kettner.de> Date: Thu Aug 3 11:24:54 2017 +0200 5081 FIX Reporting: Fixed converting old title format into new one Change-Id: If8f0411c3cbbaae9c04488898da8eec0a30db511 --- .werks/5081 | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.werks/5081 b/.werks/5081 new file mode 100644 index 0000000..adfabdf --- /dev/null +++ b/.werks/5081 @@ -0,0 +1,11 @@ +Title: Reporting: Fixed converting old title format into new one +Level: 1 +Component: reporting +Class: fix +Compatible: compat +Edition: cee +State: unknown +Version: 1.5.0i1 +Date: 1501752255 + +

7 years, 2 months

5080 mssql_blocked_sessions: Put details about session ID, blocking ID, wait data and type into longoutput

by Simon Betz

Module: check_mk Branch: master Commit: 5edaa55f869d23acd8de0b71c59040583b784280 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=5edaa55f869d23… Author: Simon Betz <si(a)mathias-kettner.de> Date: Thu Aug 3 09:38:49 2017 +0200 5080 mssql_blocked_sessions: Put details about session ID, blocking ID, wait data and type into longoutput Previously above details were displayed in service details which causes overcrowding. Now a summary about which session IDs are blocked by how much blocking IDs is shown and etails can be found in the long output of the service. Change-Id: Ia77c95b599c75568ff9f1e49c1d68f9e1231fe06 --- .werks/5080 | 13 +++++++++++++ checks/mssql_blocked_sessions | 39 +++++++++++++++++++++++++-------------- 2 files changed, 38 insertions(+), 14 deletions(-) diff --git a/.werks/5080 b/.werks/5080 new file mode 100644 index 0000000..10316a4 --- /dev/null +++ b/.werks/5080 @@ -0,0 +1,13 @@ +Title: mssql_blocked_sessions: Put details about session ID, blocking ID, wait data and type into longoutput +Level: 1 +Component: checks +Compatible: compat +Edition: cre +Version: 1.5.0i1 +Date: 1501745629 +Class: feature + +Previously above details were displayed in service details +which causes overcrowding. Now a summary about which session +IDs are blocked by how much blocking IDs is shown and etails +can be found in the long output of the service. diff --git a/checks/mssql_blocked_sessions b/checks/mssql_blocked_sessions index dc3877a..a9e163a 100644 --- a/checks/mssql_blocked_sessions +++ b/checks/mssql_blocked_sessions @@ -34,20 +34,17 @@ # sessions independent of instances anymore. Use same service description # schema as "mssql_instance". -factory_settings['mssql_blocked_sessions_default_levels'] = { - 'state' : 2, -} + +factory_settings['mssql_blocked_sessions_default_levels'] = {'state': 2} + def inventory_mssql_blocked_sessions(info): return [(None, {})] -def check_mssql_blocked_sessions(_no_item, params, info): - if not info: - yield 0, "No blocked sessions" - return - - state = params['state'] +def check_mssql_blocked_sessions(_no_item, params, info): + summary = {} + details = [] ignored_waittypes = set() for line in info: if "blocked" in line[0].lower(): @@ -59,6 +56,7 @@ def check_mssql_blocked_sessions(_no_item, params, info): ignored_waittypes.add(wait_type) continue + state = 0 if params.has_key('waittime'): warn, crit = params['waittime'] wait_duration_sec = float(wait_duration_ms) / 1000 @@ -66,14 +64,27 @@ def check_mssql_blocked_sessions(_no_item, params, info): state = 2 elif wait_duration_sec >= warn: state = 1 - else: - state = 0 - yield state, "Session %s blocked by %s (Wait %s ms, Type: %s)" % \ - (session_id, blocking_session_id, wait_duration_ms, wait_type) + summary.setdefault(session_id, set()) + summary[session_id].add(blocking_session_id) + details.append((state, "Session %s blocked by %s (Wait %s ms, Type: %s)" % \ + (session_id, blocking_session_id, wait_duration_ms, wait_type))) + + if summary: + yield params['state'], "Summary: %s" % \ + ", ".join(["%s blocked by %s ID(s)" % (k, len(v)) + for k,v in summary.items()]) + + fst_state, fst_infotext = details[0] + yield fst_state, "\nDetails:\n%s" % fst_infotext + for state, infotext in details[1:]: + yield state, "\n%s" % infotext + + else: + yield 0, "No blocked sessions" if ignored_waittypes: - yield 0, "Ignored wait types: %s" % ", ".join(ignored_waittypes) + yield 0, "\nIgnored wait types: %s" % ", ".join(ignored_waittypes) check_info['mssql_blocked_sessions'] = {

7 years, 2 months

Refactored windows_tasks check plugin

by Simon Betz

Module: check_mk Branch: master Commit: e3c1de0a3861c335537f01fce475277a2adea34d URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=e3c1de0a3861c3… Author: Simon Betz <si(a)mathias-kettner.de> Date: Thu Aug 3 07:49:16 2017 +0200 Refactored windows_tasks check plugin Change-Id: Idb6016c4dd20c497de0810574ee50ac0aacc7b67 --- checks/windows_tasks | 93 +++++++++++++++++++++++++++++----------------------- 1 file changed, 52 insertions(+), 41 deletions(-) diff --git a/checks/windows_tasks b/checks/windows_tasks index 1468c29..20fb62f 100644 --- a/checks/windows_tasks +++ b/checks/windows_tasks @@ -55,7 +55,8 @@ #- '-2147216609': instance of this task already running -> being taken care of by the separate monitor #- '-2147750687': task already running -> being taken care of by the separate monitor -def windows_tasks_convert(info): + +def parse_windows_tasks(info): data = {} last_task = False for line in info: @@ -69,48 +70,58 @@ def windows_tasks_convert(info): data[last_task] = {} return data -def inventory_windows_tasks(info): - info = windows_tasks_convert(info) - return [ (n, None) for n, v in info.items() if v.get('Scheduled Task State') == "Enabled"] - -def check_windows_tasks(item, _no_params, info): - info = windows_tasks_convert(info) - for name, values in info.items(): - if name == item: - last_result = saveint(values['Last Result']) - state = 0 - label = "" - msg = [] - if last_result not in [ 0, 1, 267009, 267014, 267045, -2147216609, -2147750687 ]: - state = 2 - label = "(!!)" - msg.append("Service in state: %s%s" % ( last_result, label ) ) - if last_result == 267009: - msg[-1] += " (currently running)" - elif last_result == 267014: - msg[-1] += " (terminated by user)" - elif last_result == 267045: - msg[-1] += " (queued)" - elif last_result == -2147216609: - msg[-1] += " (an instance of the task already running)" - elif last_result == -2147750687: - msg[-1] += " (task already running)" - - if values['Scheduled Task State'] != 'Enabled': - msg.append("Task not Enabled(!!)") - state = 2 - - if "Last Run Time" in values: - msg.append("last run time: %s" % values["Last Run Time"]) - - if "Next Run Time" in values: - msg.append("next run time: %s" % values["Next Run Time"]) - - return state, ", ".join(msg) - - return 3, "Task not found on server" + +def inventory_windows_tasks(parsed): + return [(n, None) for n, v in parsed.items() + if v.get('Scheduled Task State') == "Enabled"] + + +def check_windows_tasks(item, _no_params, parsed): + if item not in parsed: + yield 3, "Task not found on server" + return + + map_codes = { + "267009": "currently running", + "267014": "terminated by user", + "267045": "queued", + "-2147216609": "an instance of the task already running", + "-2147750687": "task already running", + } + + data = parsed[item] + last_result = data['Last Result'] + if last_result in map_codes: + infotext = "Service Status: %s (%s)" % (map_codes[last_result], last_result) + else: + infotext = "Service status: %s" % last_result + + state = 0 + if last_result not in [ + "0", "1", "267009", "267014", "267045", + "-2147216609", "-2147750687", + ]: + state = 2 + yield state, infotext + + if data['Scheduled Task State'] != 'Enabled': + yield 2, "Task not enabled" + + additional_infos = [] + for key, title in [ + ("Last Run Time", "Last run time"), + ("Next Run Time", "Next run time"), + ]: + if key in data: + additional_infos.append("%s: %s" % (title, data[key])) + + if additional_infos: + yield 0, ", ".join(additional_infos) + + check_info["windows_tasks"] = { + "parse_function" : parse_windows_tasks, "check_function" : check_windows_tasks, "inventory_function" : inventory_windows_tasks, "service_description" : "Task %s",

7 years, 2 months

5079 FIX windows_tasks: Adapted man page; Some OK states were missing

by Simon Betz

Module: check_mk Branch: master Commit: 8721b1efea19a2b0c7fe2c4330acaa7d8d13c248 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=8721b1efea19a2… Author: Simon Betz <si(a)mathias-kettner.de> Date: Thu Aug 3 07:48:06 2017 +0200 5079 FIX windows_tasks: Adapted man page; Some OK states were missing Change-Id: I2d92d6c8194b0fd79d8c0c0ef6504ee742156e3b --- .werks/5079 | 11 +++++++++++ checkman/windows_tasks | 3 ++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/.werks/5079 b/.werks/5079 new file mode 100644 index 0000000..700e8a0 --- /dev/null +++ b/.werks/5079 @@ -0,0 +1,11 @@ +Title: windows_tasks: Adapted man page; Some OK states were missing +Level: 1 +Component: checks +Class: fix +Compatible: compat +Edition: cre +State: unknown +Version: 1.5.0i1 +Date: 1501739058 + + diff --git a/checkman/windows_tasks b/checkman/windows_tasks index 74a8b35..61425d5 100644 --- a/checkman/windows_tasks +++ b/checkman/windows_tasks @@ -6,7 +6,8 @@ distribution: check_mk description: The Windows Task Scheduler Checks controlls the last return state of windows task scripts. The check goes to {WARNING} state, if the task is disabled. If the Script from the Task returns - another return code as 0, the Check goes {CRITICAL}. + another return code as "0", "1", "267009", "267014", "267045", "-2147216609", "-2147750687" + the Check goes {CRITICAL}. In order to run, its needed to copy the windows_tasks.ps1 script to the plugin folder of the agent. inventory:

7 years, 2 months

Fixed problem reported by pylint

by Lars Michelsen

Module: check_mk Branch: master Commit: 33d93b1b9c62c9f7ee7353ff9e093006758bda87 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=33d93b1b9c62c9… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Wed Aug 2 17:10:55 2017 +0200 Fixed problem reported by pylint Change-Id: Ia81af3a7ae862c20d985bddc34da0f6c9602c741 --- web/htdocs/backup.py | 1 + 1 file changed, 1 insertion(+) diff --git a/web/htdocs/backup.py b/web/htdocs/backup.py index 3bac667..916a9d3 100644 --- a/web/htdocs/backup.py +++ b/web/htdocs/backup.py @@ -843,6 +843,7 @@ class PageEditBackupJob(object): class PageAbstractBackupJobState(object): def __init__(self): super(PageAbstractBackupJobState, self).__init__() + self._job = None self._ident = None

7 years, 2 months

5050 FIX Fixed error "You need to specify a backup job." when restoring a backup

by Lars Michelsen

Module: check_mk Branch: master Commit: b1c021fe4ee31fd07426ae14bf9f3d9baa6fca32 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=b1c021fe4ee31f… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Wed Aug 2 16:11:36 2017 +0200 5050 FIX Fixed error "You need to specify a backup job." when restoring a backup Change-Id: I7b7cccda4e84c1f8d85206f49ffe6bcf30865ad6 --- .werks/5050 | 11 +++++++++++ web/htdocs/backup.py | 36 +++++++++++++++++++++++------------- 2 files changed, 34 insertions(+), 13 deletions(-) diff --git a/.werks/5050 b/.werks/5050 new file mode 100644 index 0000000..1208f3b --- /dev/null +++ b/.werks/5050 @@ -0,0 +1,11 @@ +Title: Fixed error "You need to specify a backup job." when restoring a backup +Level: 1 +Component: wato +Class: fix +Compatible: compat +Edition: cre +State: unknown +Version: 1.5.0i1 +Date: 1501683066 + + diff --git a/web/htdocs/backup.py b/web/htdocs/backup.py index 159fc72..3bac667 100644 --- a/web/htdocs/backup.py +++ b/web/htdocs/backup.py @@ -840,19 +840,10 @@ class PageEditBackupJob(object): -class PageBackupJobState(object): +class PageAbstractBackupJobState(object): def __init__(self): - super(PageBackupJobState, self).__init__() - job_ident = html.var("job") - if job_ident != None: - try: - self._job = self.jobs().get(job_ident) - except KeyError: - raise MKUserError("job", _("This backup job does not exist.")) - - self._ident = job_ident - else: - raise MKUserError("job", _("You need to specify a backup job.")) + super(PageAbstractBackupJobState, self).__init__() + self._ident = None def jobs(self): @@ -927,6 +918,25 @@ class PageBackupJobState(object): html.close_table() +class PageBackupJobState(PageAbstractBackupJobState): + def __init__(self): + super(PageBackupJobState, self).__init__() + self._from_vars() + + + def _from_vars(self): + job_ident = html.var("job") + if job_ident != None: + try: + self._job = self.jobs().get(job_ident) + except KeyError: + raise MKUserError("job", _("This backup job does not exist.")) + + self._ident = job_ident + else: + raise MKUserError("job", _("You need to specify a backup job.")) + + #. # .--Targets-------------------------------------------------------------. # | _____ _ | @@ -1830,7 +1840,7 @@ class PageBackupRestore(object): -class PageBackupRestoreState(PageBackupJobState): +class PageBackupRestoreState(PageAbstractBackupJobState): def __init__(self): super(PageBackupRestoreState, self).__init__() self._job = RestoreJob(None, None) # TODO: target_ident and backup_ident needed?

7 years, 2 months

5051 FIX Fixed backup/restore of encrypted backups

by Lars Michelsen

Module: check_mk Branch: master Commit: e55afe0e4ac4a79a6f8f4e7f70ac04698b037746 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=e55afe0e4ac4a7… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Wed Aug 2 16:36:41 2017 +0200 5051 FIX Fixed backup/restore of encrypted backups It was not possible to perform encrypted backups since version 1.4.0b5. An error message "NotImplementedError("Use module Crypto.Cipher.PKCS1_OAEP instead“)" was displayed in the log when trying to create such a backup. Workaround: Disable encrypted backups and perform unencrypted ones. Encrypted backups created with previous versions need to be restored with 1.4.0b4 or older. Change-Id: Ib3bd6798cc104b0ee1b1a5e9a7872223df7fe78b --- .werks/5051 | 18 ++++++++++++++++++ bin/mkbackup | 39 +++++++++++++++++++++++---------------- 2 files changed, 41 insertions(+), 16 deletions(-) diff --git a/.werks/5051 b/.werks/5051 new file mode 100644 index 0000000..3254b81 --- /dev/null +++ b/.werks/5051 @@ -0,0 +1,18 @@ +Title: Fixed backup/restore of encrypted backups +Level: 1 +Component: wato +Class: fix +Compatible: compat +Edition: cre +State: unknown +Version: 1.5.0i1 +Date: 1501684381 + +It was not possible to perform encrypted backups since version 1.4.0b5. An error +message "NotImplementedError("Use module Crypto.Cipher.PKCS1_OAEP instead“)" was +displayed in the log when trying to create such a backup. + +Workaround: Disable encrypted backups and perform unencrypted ones. + +Encrypted backups created with previous versions need to be restored with 1.4.0b4 +or older. diff --git a/bin/mkbackup b/bin/mkbackup index c9d1a36..96010a4 100755 --- a/bin/mkbackup +++ b/bin/mkbackup @@ -53,7 +53,7 @@ from tarfile import TarFile, ReadError from hashlib import md5 from OpenSSL import crypto -from Crypto.Cipher import AES +from Crypto.Cipher import AES, PKCS1_OAEP from Crypto.PublicKey import RSA import Crypto.Util.number @@ -836,7 +836,10 @@ class BackupStream(MKBackupStream): # Write out a file version marker and the encrypted secret key, preceded by # a length indication. All separated by \0. - return "%d\0%d\0%s\0" % (1, len(encrypted_secret_key), encrypted_secret_key) + # Version 1: Encrypted secret key written with pubkey.encrypt(). Worked with + # early versions of 1.4 until moving from PyCryto to PyCryptodome + # Version 2: Use PKCS1_OAEP for encrypting the encrypted_secret_key. + return "%d\0%d\0%s\0" % (2, len(encrypted_secret_key), encrypted_secret_key) def _read_chunk(self): @@ -878,16 +881,13 @@ class BackupStream(MKBackupStream): # logic from http://stackoverflow.com/questions/6309958/encrypting-a-file-with-rsa-in-py… + # Since our packages moved from PyCrypto to PyCryptodome we need to change this to use PKCS1_OAEP. def _derive_key(self, pubkey, key_length): secret_key = os.urandom(key_length) - # Padding (see explanations below) - plaintext_length = (Crypto.Util.number.size(pubkey.n) - 2) / 8 - padding = '\xff' + os.urandom(16) - padding += '\0' * (plaintext_length - len(padding) - len(secret_key)) - # Encrypt the secret key with the RSA public key - encrypted_secret_key = pubkey.encrypt(padding + secret_key, None)[0] + cipher_rsa = PKCS1_OAEP.new(pubkey) + encrypted_secret_key = cipher_rsa.encrypt(secret_key) return secret_key, encrypted_secret_key @@ -898,8 +898,8 @@ class RestoreStream(MKBackupStream): if not self._encrypt(): return - encrypted_secret_key = self._read_encrypted_secret_key() - secret_key = self._decrypt_secret_key(encrypted_secret_key) + file_version, encrypted_secret_key = self._read_encrypted_secret_key() + secret_key = self._decrypt_secret_key(file_version, encrypted_secret_key) self._cipher = AES.new(secret_key, AES.MODE_CBC, self._iv) @@ -945,8 +945,8 @@ class RestoreStream(MKBackupStream): return buf file_version = read_field() - if file_version != "1": - raise MKGeneralException("Failed to process backup file (invalid version)") + if file_version not in [ "1", "2" ]: + raise MKGeneralException("Failed to process backup file (invalid version %r)" % file_version) try: key_len = int(read_field()) @@ -961,7 +961,7 @@ class RestoreStream(MKBackupStream): if self._stream.read(1) != "\0": raise MKGeneralException("Failed to parse the encrypted backup file (header broken)") - return encrypted_secret_key + return file_version, encrypted_secret_key def _get_encryption_private_key(self): @@ -988,10 +988,17 @@ class RestoreStream(MKBackupStream): raise MKGeneralException("Failed to load private key (wrong passphrase?)") - def _decrypt_secret_key(self, encrypted_secret_key): + def _decrypt_secret_key(self, file_version, encrypted_secret_key): private_key = self._get_encryption_private_key() - secret_key_with_padding = private_key.decrypt(encrypted_secret_key) - return secret_key_with_padding[-32:] + + if file_version == "1": + raise MKGeneralException("You can not restore this backup using your current Check_MK " + "version. You need to use a Check_MK 1.4 version that has " + "been released before 2017-03-24. The last compatible " + "release is 1.4.0b4.") + else: + cipher_rsa = PKCS1_OAEP.new(private_key) + return cipher_rsa.decrypt(encrypted_secret_key) # Returns the base path for the backup to work with. In backup mode, this is

7 years, 2 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Checkmk git commits August 2017