[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[monit-dev] [monit] r293 committed - bug #31129: do not require root to
From: |
monit |
Subject: |
[monit-dev] [monit] r293 committed - bug #31129: do not require root to use ping test. Privilege to create... |
Date: |
Tue, 28 Sep 2010 22:23:18 +0000 |
Revision: 293
Author: martin2812
Date: Tue Sep 28 15:09:00 2010
Log: bug #31129: do not require root to use ping test. Privilege to create
raw socket is still required, but on some platforms such as Solaris it
can be granted to non-root users too. If the user has no permission to
perform ping, monit will skip the icmp test and log message (in debug
mode only).
http://code.google.com/p/monit/source/detail?r=293
Modified:
/trunk/CHANGES.txt
/trunk/net.c
/trunk/p.y
/trunk/validate.c
=======================================
--- /trunk/CHANGES.txt Tue Sep 28 13:53:24 2010
+++ /trunk/CHANGES.txt Tue Sep 28 15:09:00 2010
@@ -13,6 +13,11 @@
* ICMP echo test (ping):
- bug #31128: do not log error if different response type is received
+ - bug #31129: do not require root to use ping test. Privilege to
create
+ raw socket is still required, but on some platforms such as Solaris
it
+ can be granted to non-root users too. If the user has no permission
to
+ perform ping, monit will skip the icmp test and log message (in
debug
+ mode only).
* Fix crash on MacOSX
=======================================
--- /trunk/net.c Tue Sep 28 13:42:31 2010
+++ /trunk/net.c Tue Sep 28 15:09:00 2010
@@ -648,7 +648,9 @@
* @param hostname The host to open a socket at
* @param timeout If response will not come within timeout seconds abort
* @param count How many pings to send
- * @return response time on succes, -1 on error
+ * @return response time on succes, -1 on error, -2 when monit has no
+ * permissions for raw socket (normally requires root or net_icmpaccess
+ * privilege on Solaris)
*/
double icmp_echo(const char *hostname, int timeout, int count) {
struct sockaddr_in sout;
@@ -681,7 +683,12 @@
}
if ((s = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0) {
- LogError("ICMP echo for %s -- socket failed: %s\n", hostname,
STRERROR);
+ if (errno == EACCES || errno == EPERM) {
+ DEBUG("ICMP echo for %s -- cannot create socket: %s\n", hostname,
STRERROR);
+ response = -2.;
+ } else {
+ LogError("ICMP echo for %s -- canot create socket: %s\n", hostname,
STRERROR);
+ }
goto error2;
}
=======================================
--- /trunk/p.y Fri Sep 24 11:47:07 2010
+++ /trunk/p.y Tue Sep 28 15:09:00 2010
@@ -2540,23 +2540,21 @@
* Add a new icmp object to the current service's icmp list
*/
static void addicmp(Icmp_T is) {
- if (!getuid()) {
- Icmp_T icmp;
-
- ASSERT(is);
-
- NEW(icmp);
- icmp->type = is->type;
- icmp->count = is->count;
- icmp->timeout = is->timeout;
- icmp->action = is->action;
- icmp->is_available = FALSE;
- icmp->response = -1;
-
- icmp->next = current->icmplist;
- current->icmplist = icmp;
- } else
- yyerror("icmp statements must be run as root");
+ Icmp_T icmp;
+
+ ASSERT(is);
+
+ NEW(icmp);
+ icmp->type = is->type;
+ icmp->count = is->count;
+ icmp->timeout = is->timeout;
+ icmp->action = is->action;
+ icmp->is_available = FALSE;
+ icmp->response = -1;
+
+ icmp->next = current->icmplist;
+ current->icmplist = icmp;
+
reset_icmpset();
}
=======================================
--- /trunk/validate.c Sun Sep 19 15:01:47 2010
+++ /trunk/validate.c Tue Sep 28 15:09:00 2010
@@ -488,7 +488,10 @@
icmp->response = icmp_echo(s->path, icmp->timeout, icmp->count);
- if (icmp->response < 0) {
+ if (icmp->response == -2) {
+ icmp->is_available = TRUE;
+ DEBUG("'%s' icmp ping skipped -- the monit user has no
permission to create raw socket, please run monit as root or add privilege
for net_icmpaccess\n", s->name);
+ } else if (icmp->response == -1) {
icmp->is_available = FALSE;
DEBUG("'%s' icmp ping failed\n", s->name);
Event_post(s, Event_Icmp, STATE_FAILED, icmp->action, "failed
ICMP test [%s]", icmpnames[icmp->type]);
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [monit-dev] [monit] r293 committed - bug #31129: do not require root to use ping test. Privilege to create...,
monit <=