Module: check_mk
Branch: master
Commit: d596ab305b431a1d1e077ef409e914ad61464227
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=d596ab305b431a…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Fri May 30 12:20:03 2014 +0200
windows agent: now able to include and execute additional local and plugin scripts as
different user
In the <tt>[local]</tt> and <tt>[plugin]</tt> sections the new
option <tt>include</tt> has been introduced.
With this option you can configure additional local and plugin directories, which should
get parsed.
You can also configure the the scripts in the given directories should be executed as a
different user.
<br><br>
Example configuration:<br>
F+:check_mk.ini
[plugin]
# The scripts in the following folder are executed as user \\ab
include \\ab = C:\users\ab\plugins
# The scripts in the following folder are executed without any changes to the user
permission
include - = C:\scripts\plugin
F-:
<b>Important:</b> Keep in mind that the agent needs the permission to run
scripts as other user. Internally it uses the windows command <tt>runas
/User:</tt>
which prompts for a password if the windows agent has no permission to change to this
user.
---
.werks/929 | 24 ++++++++++++
ChangeLog | 1 +
agents/windows/check_mk_agent-64.exe | Bin 206848 -> 206848 bytes
agents/windows/check_mk_agent.cc | 70 +++++++++++++++++++++++++---------
agents/windows/check_mk_agent.exe | Bin 176640 -> 176640 bytes
agents/windows/install_agent-64.exe | Bin 159073 -> 159303 bytes
agents/windows/install_agent.exe | Bin 156101 -> 156405 bytes
7 files changed, 78 insertions(+), 17 deletions(-)
diff --git a/.werks/929 b/.werks/929
new file mode 100644
index 0000000..e988c6f
--- /dev/null
+++ b/.werks/929
@@ -0,0 +1,24 @@
+Title: windows agent: now able to include and execute additional local and plugin scripts
as different user
+Level: 2
+Component: checks
+Version: 1.2.5i3
+Date: 1401444688
+Class: feature
+
+In the <tt>[local]</tt> and <tt>[plugin]</tt> sections the new
option <tt>include</tt> has been introduced.
+With this option you can configure additional local and plugin directories, which should
get parsed.
+You can also configure the the scripts in the given directories should be executed as a
different user.
+<br><br>
+Example configuration:<br>
+
+F+:check_mk.ini
+[plugin]
+ # The scripts in the following folder are executed as user \\ab
+ include \\ab = C:\users\ab\plugins
+ # The scripts in the following folder are executed without any changes to the user
permission
+ include - = C:\scripts\plugin
+F-:
+
+<b>Important:</b> Keep in mind that the agent needs the permission to run
+scripts as other user. Internally it uses the windows command <tt>runas
/User:</tt>
+which prompts for a password if the windows agent has no permission to change to this
user.
diff --git a/ChangeLog b/ChangeLog
index 0bcc9df..2cce4dc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -67,6 +67,7 @@
* 0927 windows agent: now able to evaluate logfiles written in unicode (2 bytes per
character)...
* 0165 ups checks now supports also GE devices (Thanks to Andy Taylor)...
* 0928 runas: new plugin script to include and execute mrpe, local and plugin scripts
as different user...
+ * 0929 windows agent: now able to include and execute additional local and plugin
scripts as different user...
* 0777 FIX: special agent emcvnx: did not work with security file authentication...
* 0786 FIX: zfsget: fixed compatibility with older Solaris agents...
* 0809 FIX: brocade_fcport: Fixed recently introduced problem with port speed
detection
diff --git a/agents/windows/check_mk_agent-64.exe b/agents/windows/check_mk_agent-64.exe
index aa78f06..f18a121 100755
Binary files a/agents/windows/check_mk_agent-64.exe and
b/agents/windows/check_mk_agent-64.exe differ
diff --git a/agents/windows/check_mk_agent.cc b/agents/windows/check_mk_agent.cc
index e78e261..f4b6ce3 100755
--- a/agents/windows/check_mk_agent.cc
+++ b/agents/windows/check_mk_agent.cc
@@ -170,7 +170,15 @@ enum script_status {
enum script_type {
PLUGIN,
- LOCAL
+ LOCAL,
+ MRPE
+};
+
+// Used by mrpe and local/plugins scripts
+struct runas_include{
+ char path[256];
+ char user[256];
+ script_type type;
};
struct script_container {
@@ -183,6 +191,7 @@ struct script_container {
time_t buffer_time;
char *buffer;
char *buffer_work;
+ char *run_as_user;
script_type type;
script_execution_mode execution_mode;
script_status status;
@@ -223,6 +232,9 @@ execution_mode_configs_t execution_mode_configs_local,
execution_mode_configs_pl
typedef map<string, script_container*> script_containers_t;
script_containers_t script_containers;
+typedef vector<runas_include*> script_include_t;
+script_include_t g_script_includes;
+
// Command definitions for MRPE
struct mrpe_entry {
char run_as_user[256];
@@ -231,10 +243,6 @@ struct mrpe_entry {
char service_description[256];
};
-struct mrpe_include{
- char path[256];
- char user[256];
-};
struct process_entry {
unsigned long long process_id;
@@ -349,10 +357,10 @@ winperf_counters_t g_winperf_counters;
// Configuration of mrpe entries
typedef vector<mrpe_entry*> mrpe_entries_t;
-typedef vector<mrpe_include*> mrpe_include_t;
+typedef vector<runas_include*> mrpe_include_t;
mrpe_entries_t g_mrpe_entries;
mrpe_entries_t g_included_mrpe_entries;
-mrpe_include_t g_mrpe_include;
+mrpe_include_t g_mrpe_includes;
// Configuration of execution suffixed
typedef vector<char *> execute_suffixes_t;
@@ -2508,6 +2516,21 @@ bool handle_script_config_variable(char *var, char *value,
script_type type)
execution_mode_configs_plugin.push_back(entry);
else
execution_mode_configs_local.push_back(entry);
+ } else if (!strncmp(var, "include", 7)) {
+ char *user = NULL;
+ if (strlen(var) > 7)
+ user = lstrip(var + 7);
+
+ runas_include* tmp = new runas_include();
+ memset(tmp, 0, sizeof(tmp));
+
+ if (user)
+ snprintf(tmp->user, sizeof(tmp->user), user);
+
+ tmp->type = type;
+ snprintf(tmp->path, sizeof(tmp->path), value);
+ g_script_includes.push_back(tmp);
+ return true;
}
return true;
}
@@ -2890,8 +2913,8 @@ void update_mrpe_includes()
FILE *file;
char line[512];
int lineno = 0;
- for (mrpe_include_t::iterator it_include = g_mrpe_include.begin();
- it_include != g_mrpe_include.end(); it_include++)
+ for (mrpe_include_t::iterator it_include = g_mrpe_includes.begin();
+ it_include != g_mrpe_includes.end(); it_include++)
{
char* path = (*it_include)->path;
file = fopen(path, "r");
@@ -3906,13 +3929,13 @@ bool handle_mrpe_config_variable(char *var, char *value)
if (strlen(var) > 7)
user = lstrip(var + 7);
- mrpe_include* tmp = new mrpe_include();
+ runas_include* tmp = new runas_include();
memset(tmp, 0, sizeof(tmp));
if (user)
snprintf(tmp->user, sizeof(tmp->user), user);
snprintf(tmp->path, sizeof(tmp->path), value);
- g_mrpe_include.push_back(tmp);
+ g_mrpe_includes.push_back(tmp);
return true;
}
return false;
@@ -4346,9 +4369,8 @@ DWORD WINAPI DataCollectionThread( LPVOID lpParam )
return 0;
}
-void determine_available_scripts(script_type type)
+void determine_available_scripts(char *dirname, script_type type, char* run_as_user)
{
- char *dirname = type == PLUGIN ? g_plugins_dir : g_local_dir;
DIR *dir = opendir(dirname);
if (dir) {
struct dirent *de;
@@ -4359,6 +4381,7 @@ void determine_available_scripts(script_type type)
char path[512];
snprintf(path, sizeof(path), "%s\\%s", dirname, name);
char newpath[512];
+ char command_with_user[1024];
// If the path in question is a directory -> continue
DWORD dwAttr = GetFileAttributes(path);
if(dwAttr != INVALID_FILE_ATTRIBUTES && (dwAttr &
FILE_ATTRIBUTE_DIRECTORY)) {
@@ -4366,19 +4389,25 @@ void determine_available_scripts(script_type type)
}
char *command = add_interpreter(path, newpath);
+ if (run_as_user != NULL && strlen(run_as_user) > 1)
+ snprintf(command_with_user, sizeof(command_with_user), "runas
/User:%s %s", run_as_user, command);
+ else
+ snprintf(command_with_user, sizeof(command_with_user),
"%s", command);
+
// Look if there is already an script_container available for this
program
script_container* cont = NULL;
- script_containers_t::iterator it_cont =
script_containers.find(string(command));
+ script_containers_t::iterator it_cont =
script_containers.find(string(command_with_user));
if (it_cont == script_containers.end()) {
// create new entry for this program
cont = new script_container();
- cont->path = strdup(command);
+ cont->path = strdup(command_with_user);
cont->script_path = strdup(path);
cont->buffer_time = 0;
cont->buffer = NULL;
cont->buffer_work = NULL;
cont->type = type;
cont->should_terminate = 0;
+ cont->run_as_user = run_as_user;
cont->execution_mode = get_script_execution_mode(name, type);
cont->timeout = get_script_timeout(name, type);
cont->max_retries = get_script_max_retries(name, type);
@@ -4446,9 +4475,16 @@ void output_data(SOCKET &out)
output_crash_log(out);
update_script_statistics();
+
+
// Check if there are new scripts available
- determine_available_scripts(PLUGIN);
- determine_available_scripts(LOCAL);
+ // Scripts in default paths
+ determine_available_scripts(g_plugins_dir, PLUGIN, NULL);
+ determine_available_scripts(g_local_dir, LOCAL, NULL);
+ // Scripts included with user permissions
+ for (script_include_t::iterator it_include = g_script_includes.begin();
+ it_include != g_script_includes.end(); it_include++)
+ determine_available_scripts((*it_include)->path, (*it_include)->type,
(*it_include)->user);
if (enabled_sections & SECTION_CHECK_MK)
section_check_mk(out);
diff --git a/agents/windows/check_mk_agent.exe b/agents/windows/check_mk_agent.exe
index 80557de..913fad9 100755
Binary files a/agents/windows/check_mk_agent.exe and b/agents/windows/check_mk_agent.exe
differ
diff --git a/agents/windows/install_agent-64.exe b/agents/windows/install_agent-64.exe
index 9d6090e..fb44400 100755
Binary files a/agents/windows/install_agent-64.exe and
b/agents/windows/install_agent-64.exe differ
diff --git a/agents/windows/install_agent.exe b/agents/windows/install_agent.exe
index 1583053..6f09170 100755
Binary files a/agents/windows/install_agent.exe and b/agents/windows/install_agent.exe
differ