Replace "plugins-scripts/subst.in" foo

Remove the buggy and complex awk(1) magic in "plugins-scripts/subst.in" in favor of simple sed(1) substitutions. The plugins in the "plugins-scripts" directory now always use the PATH specified via "./configure --trusted-path", or the default PATH hard-coded in "configure.ac". Fixes #1242.
2026-04-21 06:08:38 -04:00 · 2014-02-28 13:28:33 +01:00 · 2014-02-28 13:28:33 +01:00 · c08d6a429b
commit c08d6a429b
parent e260efb256
20 changed files with 53 additions and 103 deletions
--- a/2
+++ b/2
@ -25,6 +25,8 @@ This file documents the major additions and syntax changes between releases.
 	  renamed MP_STATE_DIRECTORY. The old variable will continue to work in v1.6.x
 	check_swap used to allow returning OK on a system without swap when only percent thresholds
 	  were used. This is no longer the case and one must now use -n/--no-swap=<state>
+	The Perl and Shell plugins now use the PATH specified via ./configure's --trusted-path
+	  option, or "/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" by default

 1.5 2nd October 2013
 	ENHANCEMENTS
--- a/configure.ac
+++ b/configure.ac
@ -10,6 +10,7 @@ AM_MAINTAINER_MODE([enable])
 AC_CONFIG_HEADERS([config.h])
 AC_CANONICAL_HOST

+DEFAULT_PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
 RELEASE=1
 AC_SUBST(RELEASE)

@ -75,7 +76,8 @@ AC_DEFINE_UNQUOTED(CGIURL,"$CGIURL",[URL of CGI programs])
 AC_ARG_WITH(trusted_path,
 	ACX_HELP_STRING([--with-trusted-path=PATH],
 		[sets trusted path for executables called by scripts]),
-	with_trusted_path=$withval)
+	with_trusted_path=$withval,
+	with_trusted_path=$DEFAULT_PATH)
 AC_SUBST(with_trusted_path)

 EXTRAS=
@ -1781,7 +1783,6 @@ AC_OUTPUT(
  lib/tests/Makefile
  plugins-root/Makefile
  plugins-scripts/Makefile
-  plugins-scripts/subst
  plugins-scripts/utils.pm
  plugins-scripts/utils.sh
  perlmods/Makefile
--- a/plugins-scripts/Makefile.am
+++ b/plugins-scripts/Makefile.am
@ -23,6 +23,11 @@ EXTRA_DIST=check_breeze.pl check_disk_smb.pl check_flexlm.pl check_ircd.pl \
 	check_ifstatus.pl check_ifoperstatus.pl check_wave.pl check_mailq.pl check_file_age.pl \
 	utils.sh.in utils.pm.in t

+EDIT = sed \
+  -e 's|[@]NP_VERSION[@]|$(NP_VERSION)|g' \
+  -e 's|[@]TRUSTED_PATH[@]|$(with_trusted_path)|g' \
+  -e 's|[@]PERL[@]|$(PERL)|g'
+
 TESTS_ENVIRONMENT=perl -I $(top_builddir) -I $(top_srcdir)

 TESTS = @SCRIPT_TEST@
@ -38,11 +43,11 @@ test-debug:
 CLEANFILES=$(libexec_SCRIPTS)

 .pl :
-	NP_VERSION=$(NP_VERSION) $(AWK) -f ./subst $< > $@
+	$(EDIT) $< > $@
 	chmod +x $@

 .sh :
-	NP_VERSION=$(NP_VERSION) $(AWK) -f ./subst $< > $@
+	$(EDIT) $< > $@
 	chmod +x $@

 clean-local:
--- a/plugins-scripts/check_breeze.pl
+++ b/plugins-scripts/check_breeze.pl
@ -1,4 +1,4 @@
-#!/usr/bin/perl -wT
+#!@PERL@ -wT


 use strict;
@ -13,7 +13,7 @@ $PROGNAME = "check_breeze";
 sub print_help ();
 sub print_usage ();

-$ENV{'PATH'}='@trusted_path@';
+$ENV{'PATH'}='@TRUSTED_PATH@';
 $ENV{'BASH_ENV'}=''; 
 $ENV{'ENV'}='';

--- a/plugins-scripts/check_disk_smb.pl
+++ b/plugins-scripts/check_disk_smb.pl
@ -1,4 +1,4 @@
-#!/usr/bin/perl -w
+#!@PERL@ -w
 #
 #
 # check_disk.pl <host> <share> <user> <pass> [warn] [critical] [port]
@ -33,7 +33,7 @@ sub print_usage ();

 $PROGNAME = "check_disk_smb";

-$ENV{'PATH'}='@trusted_path@';
+$ENV{'PATH'}='@TRUSTED_PATH@';
 $ENV{'BASH_ENV'}=''; 
 $ENV{'ENV'}='';

--- a/plugins-scripts/check_file_age.pl
+++ b/plugins-scripts/check_file_age.pl
@ -1,4 +1,4 @@
-#!/bin/perl -w
+#!@PERL@ -w

 # check_file_age.pl Copyright (C) 2003 Steven Grimm <koreth-nagios@midwinter.com>
 #
@ -36,7 +36,7 @@ my ($result, $message, $age, $size, $st);

 $PROGNAME="check_file_age";

-$ENV{'PATH'}='@trusted_path@';
+$ENV{'PATH'}='@TRUSTED_PATH@';
 $ENV{'BASH_ENV'}=''; 
 $ENV{'ENV'}='';

--- a/plugins-scripts/check_flexlm.pl
+++ b/plugins-scripts/check_flexlm.pl
@ -1,4 +1,4 @@
-#!/usr/bin/perl -w
+#!@PERL@ -w
 #
 # usage: 
 #    check_flexlm.pl license_file
@ -44,7 +44,7 @@ $PROGNAME="check_flexlm";
 sub print_help ();
 sub print_usage ();

-$ENV{'PATH'}='@trusted_path@';
+$ENV{'PATH'}='@TRUSTED_PATH@';
 $ENV{'BASH_ENV'}=''; 
 $ENV{'ENV'}='';

--- a/plugins-scripts/check_ifoperstatus.pl
+++ b/plugins-scripts/check_ifoperstatus.pl
@ -1,4 +1,4 @@
-#!/usr/local/bin/perl -w
+#!@PERL@ -w
 #
 # check_ifoperstatus.pl - monitoring plugin
 #
@ -49,7 +49,7 @@ sub usage ($);
 sub print_usage ();
 sub process_arguments ();

-$ENV{'PATH'}='@trusted_path@';
+$ENV{'PATH'}='@TRUSTED_PATH@';
 $ENV{'BASH_ENV'}=''; 
 $ENV{'ENV'}='';

--- a/plugins-scripts/check_ifstatus.pl
+++ b/plugins-scripts/check_ifstatus.pl
@ -1,4 +1,4 @@
-#!/usr/local/bin/perl -w
+#!@PERL@ -w
 #
 # check_ifstatus.pl - monitoring plugin
 # 
@ -47,7 +47,7 @@ sub usage ($);
 sub print_usage ();
 sub process_arguments ();

-$ENV{'PATH'}='@trusted_path@';
+$ENV{'PATH'}='@TRUSTED_PATH@';
 $ENV{'BASH_ENV'}=''; 
 $ENV{'ENV'}='';

--- a/plugins-scripts/check_ircd.pl
+++ b/plugins-scripts/check_ircd.pl
@ -1,4 +1,4 @@
-#!/usr/bin/perl -wT
+#!@PERL@ -wT

 # -----------------------------------------------------------------------------
 # File Name:		check_ircd.pl
@ -62,7 +62,7 @@ sub bindRemote ($$);

 # -------------------------------------------------------------[ Enviroment ]--

-$ENV{'PATH'}='@trusted_path@';
+$ENV{'PATH'}='@TRUSTED_PATH@';
 $ENV{'BASH_ENV'}=''; 
 $ENV{'ENV'}='';

--- a/plugins-scripts/check_log.sh
+++ b/plugins-scripts/check_log.sh
@ -58,18 +58,12 @@
 # Paths to commands used in this script.  These
 # may have to be modified to match your system setup.

-GREP="/bin/egrep"
-DIFF="/bin/diff"
-TAIL="/bin/tail"
-CAT="/bin/cat"
-RM="/bin/rm"
-CHMOD="/bin/chmod"
-TOUCH="/bin/touch"
-
 PROGNAME=`/bin/basename $0`
 PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`
 REVISION="@NP_VERSION@"
-PATH="@trusted_path@"
+PATH="@TRUSTED_PATH@"
+
+export PATH

 . $PROGPATH/utils.sh

@ -177,7 +171,7 @@ fi
 # the old diff file and exit

 if [ ! -e $oldlog ]; then
-    $CAT $logfile > $oldlog
+    cat $logfile > $oldlog
    echo "Log check data initialized..."
    exit $STATE_OK
 fi
@ -191,20 +185,20 @@ if [ -x /bin/mktemp ]; then
 else
    tempdiff=`/bin/date '+%H%M%S'`
    tempdiff="/tmp/check_log.${tempdiff}"
-    $TOUCH $tempdiff
-    $CHMOD 600 $tempdiff
+    touch $tempdiff
+    chmod 600 $tempdiff
 fi

-$DIFF $logfile $oldlog | $GREP -v "^>" > $tempdiff
+diff $logfile $oldlog | grep -v "^>" > $tempdiff

 # Count the number of matching log entries we have
-count=`$GREP -c "$query" $tempdiff`
+count=`grep -c "$query" $tempdiff`

 # Get the last matching entry in the diff file
-lastentry=`$GREP "$query" $tempdiff | $TAIL -1`
+lastentry=`grep "$query" $tempdiff | tail -1`

-$RM -f $tempdiff
-$CAT $logfile > $oldlog
+rm -f $tempdiff
+cat $logfile > $oldlog

 if [ "$count" = "0" ]; then # no matches, exit with no error
    echo "Log check ok - 0 pattern matches found"
--- a/plugins-scripts/check_mailq.pl
+++ b/plugins-scripts/check_mailq.pl
@ -1,4 +1,4 @@
-#!/usr/local/bin/perl -w
+#!@PERL@ -w

 # check_mailq - check to see how many messages are in the smtp queue awating
 #   transmittal.  
@ -40,7 +40,7 @@ sub print_help ();
 sub print_usage ();
 sub process_arguments ();

-$ENV{'PATH'}='@trusted_path@';
+$ENV{'PATH'}='@TRUSTED_PATH@';
 $ENV{'BASH_ENV'}=''; 
 $ENV{'ENV'}='';
 $PROGNAME = "check_mailq";
--- a/plugins-scripts/check_mssql.pl
+++ b/plugins-scripts/check_mssql.pl
@ -1,4 +1,4 @@
-#!/usr/bin/perl -w
+#!@PERL@ -w

 #
 # Copyright 2003 Roy Sigurd Karlsbakk
@ -35,7 +35,7 @@ use strict;

 my $PROGNAME = "check_mssql";

-$ENV{'PATH'}='@trusted_path@';
+$ENV{'PATH'}='@TRUSTED_PATH@';
 $ENV{'BASH_ENV'}=''; 
 $ENV{'ENV'}='';

--- a/plugins-scripts/check_netdns.pl
+++ b/plugins-scripts/check_netdns.pl
@ -1,4 +1,4 @@
-#!/usr/bin/perl -w
+#!@PERL@ -w

 # Perl version of check_dns plugin which calls DNS directly instead of
 # relying on nslookup (which has bugs)
@ -33,7 +33,7 @@ use utils ;

 my $PROGNAME = "check_netdns";

-$ENV{'PATH'}='@trusted_path@';
+$ENV{'PATH'}='@TRUSTED_PATH@';
 $ENV{'BASH_ENV'}=''; 
 $ENV{'ENV'}='';

--- a/plugins-scripts/check_ntp.pl
+++ b/plugins-scripts/check_ntp.pl
@ -1,4 +1,4 @@
-#!/usr/bin/perl -w
+#!@PERL@ -w
 #
 # (c)1999 Ian Cass, Knowledge Matters Ltd.
 # Read the GNU copyright stuff for all the legalese
@ -69,7 +69,7 @@ $PROGNAME="check_ntp";
 sub print_help ();
 sub print_usage ();

-$ENV{'PATH'}='@trusted_path@';
+$ENV{'PATH'}='@TRUSTED_PATH@';
 $ENV{'BASH_ENV'}='';
 $ENV{'ENV'}='';

--- a/plugins-scripts/check_oracle.sh
+++ b/plugins-scripts/check_oracle.sh
@ -9,7 +9,7 @@
 PROGNAME=`basename $0`
 PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`
 REVISION="@NP_VERSION@"
-PATH="@trusted_path@"
+PATH="@TRUSTED_PATH@"

 . $PROGPATH/utils.sh

--- a/plugins-scripts/check_rpc.pl
+++ b/plugins-scripts/check_rpc.pl
@ -1,4 +1,4 @@
-#!/usr/local/bin/perl -w
+#!@PERL@ -w
 #
 # check_rpc plugin for monitoring
 #
@ -37,7 +37,7 @@ sub print_help ();
 sub print_usage ();
 sub in ($$);

-$ENV{'PATH'}='@trusted_path@';
+$ENV{'PATH'}='@TRUSTED_PATH@';
 $ENV{'BASH_ENV'}=''; 
 $ENV{'ENV'}='';
 $ENV{'LC_ALL'}='C';
--- a/plugins-scripts/check_sensors.sh
+++ b/plugins-scripts/check_sensors.sh
@ -3,8 +3,9 @@
 PROGNAME=`basename $0`
 PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`
 REVISION="@NP_VERSION@"
-TRUSTED_PATH="@trusted_path@"
-PATH=${TRUSTED_PATH:-"/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"}
+PATH="@TRUSTED_PATH@"
+
+export PATH

 . $PROGPATH/utils.sh

--- a/plugins-scripts/check_wave.pl
+++ b/plugins-scripts/check_wave.pl
@ -1,4 +1,4 @@
-#!/usr/bin/perl -wT
+#!@PERL@ -wT
 #


@ -16,7 +16,7 @@ $PROGNAME = "check_wave";
 sub print_help ();
 sub print_usage ();

-$ENV{'PATH'}='@trusted_path@';
+$ENV{'PATH'}='@TRUSTED_PATH@';
 $ENV{'BASH_ENV'}='';
 $ENV{'ENV'}='';

--- a/plugins-scripts/subst.in
+++ b/plugins-scripts/subst.in
@ -1,53 +0,0 @@
-#!/usr/bin/awk
-
-function which(c,path) {
-	cmd = "test -x " c;
-
-	if (system(cmd)==0) {
-		return c;
-	} 
-
-	sub(/\/.*\//,"",c);
-  for (dir in path) {
-			cmd = "test -x " path[dir] "/" c;
-			if (system(cmd)==0) {
-					return path[dir] "/" c;
-			} 
-	}
-
-
-	return c;
-}
-
-BEGIN {
-	split(ENVIRON["PATH"] ":/sbin:/usr/sbin",path,/:/);
-
-}
-
-# Plugin revision
-/@NP_VERSION@/ {sub(/@NP_VERSION@/,ENVIRON["NP_VERSION"]);}
-
-# scripting language (first line)
-
-/^#! ?\/.*\/python/ {sub(/^#! ?\/.*\/python/,"#! @PYTHON@");}
-/^#! ?\/.*\/perl/ {sub(/^#! ?\/.*\/perl/,"#! @PERL@");}
-/^#! ?\/.*\/[a-z]{0,2}awk/ {sub(/^#! ?\/.*\/[a-z]{0,2}awk/,"#! @AWK@");}
-/^#! ?\/.*\/sh/ {sub(/^#! ?\/.*\/sh/,"#! @SHELL@");}
-
-# If a script contains a reference to a fully qualified command,
-# subst will replace the fully qualified command with whatever is
-# returned from the which subroutine. run before changes to INC to add libexecdir
-# FIXME: Prepend executables with a substitution keyword instead.
-#
-/^[^#]/ && /(\/.*)?\/(bin|sbin|lib|libexec)\// {
-	match($0,/(\/.*)?\/(bin|sbin|lib|libexec)\/[-_a-zA-Z0-9]+/);
-	c=substr($0,RSTART,RLENGTH);
-	sub(c,which(c,path));
-}
-
-# Trusted path mechanism
-/@trusted_path@/ {sub(/@trusted_path@/,"@with_trusted_path@");}
-
-{
-	print;
-}