PINES-ldirectord.patch

--- /usr/sbin/ldirectord    2019-05-08 16:53:17.000000000 -0400
+++ ldirectord  2019-09-11 13:00:24.857759067 -0400
@@ -130,10 +130,10 @@

 If defined in a virtual server section then the global value is overridden.

-If undefined then the value of checktimeout is used.  checktimeout is
+If undefined then the value of connecttimeout is used.  connecttimeout is
 also a global value that may be overridden by a per-virtual setting.

-If both negotiatetimeout and checktimeout are unset, the default is used.
+If both negotiatetimeout and connecttimeout are unset, the default is used.

 Default: 30 seconds

@@ -214,9 +214,6 @@
 real servers for a virtual service are down or when the first real server
 comes up again. In the first case, it is called with "start" as its first
 argument, in the latter with "stop".
-Additional parameters are vserver with vport (vserver:vport) as second param
-and protocol (tcp/udp) as third param to identify the virtual service
-within the fallback script.

 If defined in a virtual server section then the global value is overridden.

@@ -341,12 +338,6 @@

 Default: I<yes>

-B<readdquiescent = >B<yes> | B<no>
-
-If I<yes>, then when real or failback servers are determined
-to be down, they are readded to the kernel's LVS table with weight 0 if
-they do not exist in the table. Setting the value to no, allows manually
-removing the realserver to manually disable all persistent connections.

 B<cleanstop = >B<yes> | B<no>

@@ -576,8 +567,6 @@

 For a DNS check this should be any one the A record's addresses or
 any one of the PTR record's names.
-In case of dynamic DNS answers (different answers on the same question)
-a regex to match multiple addresses or PTR record names could also defined.

 For a MySQL check, the receive setting is not used.

@@ -602,7 +591,7 @@
 For FTP, IMAP, LDAP, MySQL, Oracle, POP and PostgreSQL, the username
 used to log in.

-For Radius the username is used for the attribute User-Name.
+For Radius the passwd is used for the attribute User-Name.

 For SIP, the username is used as both the to and from address for an
 OPTIONS query.
@@ -705,13 +694,6 @@

 Default: no separate logging of service checks.

-B<ops = >B<yes> | B<no>
-
-Specify that a virtual service uses one-packet scheduling. This option
-can be used only for UDP services. If this option is specified, all connections
-are created only to schedule one packet. Option is useful to schedule
-UDP packets from same client port to different real servers.
-
 =head1 IPv6

 Directives for IPv6 are virtual6, real6, fallback6.
@@ -723,9 +705,7 @@

 B<checktype: >B<connect> | B<external> | B<external-perl> | B<negotiate> | B<off> | B<on> | B<checktimeout>I<N>

-B<service: >B<dns> | B<http> | B<https> | B<nntp> | B<none> | B<simpletcp> | B<sip>
-
-Note: When using a service type with http or https, you need to install perl module perl-Net-INET6Glue.
+B<service: >B<dns> | B<nntp> | B<none> | B<simpletcp> | B<sip>


 =head1 FILES
@@ -753,6 +733,8 @@

 =cut

+#Disable SSL Verification
+$ENV{'PERL_LWP_SSL_VERIFY_HOSTNAME'} = 0;
 use strict;
 # Set defaults for configuration variables in the "set_defaults" function
 use vars qw(
@@ -769,7 +751,6 @@
        $CHECKCOUNT
        $FAILURECOUNT
        $QUIESCENT
-       $READDQUIESCENT
        $FORKING
        $EMAILALERT
        $EMAILALERTFREQ
@@ -849,12 +830,7 @@
 #use English;
 #use Time::HiRes qw( gettimeofday tv_interval );
 use Socket;
-use Socket6 qw(NI_NUMERICHOST NI_NUMERICSERV NI_NAMEREQD getaddrinfo getnameinfo inet_pton inet_ntop);
-# Workaround warnning messages : Three "_in6" symbols redefined.
-eval "use Socket6 qw(pack_sockaddr_in6)" unless defined &pack_sockaddr_in6;
-eval "use Socket6 qw(sockaddr_in6)" unless defined &sockaddr_in6;
-eval "use Socket6 qw(unpack_sockaddr_in6)" unless defined &unpack_sockaddr_in6;
-
+use Socket6;
 use Sys::Hostname;
 use POSIX qw(setsid :sys_wait_h);
 use Sys::Syslog qw(:DEFAULT setlogsock);
@@ -1281,7 +1257,6 @@
    $MAINTDIR         = undef;
    $NEGOTIATETIMEOUT = -1;
    $QUIESCENT        = "no";
-   $READDQUIESCENT   = "no";
    $SUPERVISED       = "no";
    $SMTP             = undef;
 }
@@ -1381,7 +1356,6 @@
            $vsrv{num_connects} = 0;
            $vsrv{httpmethod} = "GET";
            $vsrv{secret} = "";
-           $vsrv{ops} = "no";
            push(@VIRTUAL, \%vsrv);
            while(<CFGFILE>) {
                $line++;
@@ -1515,12 +1489,6 @@
                    } else {
                        &config_error($line, "invalid protocol");
                    }
-               } elsif ($rcmd  =~ /^ops\s*=\s*(.*)/) {
-                   if ($1 eq "yes" || $1 eq "no") {
-                       $vsrv{ops} = $1;
-                   } else {
-                       &config_error($line, "ops must be 'yes' or 'no'");
-                   }
                } elsif ($rcmd =~ /^service\s*=\s*(.*)/) {
                    $1 =~ /(\w+)/ && ($1 eq "dns"   ||
                              $1 eq "ftp"   ||
@@ -1731,11 +1699,6 @@
                or &config_error($line,
                    "quiescent must be 'yes' or 'no'");
            $QUIESCENT = $1;
-       } elsif ($linedata  =~ /^readdquiescent\s*=\s*(.*)/) {
-           ($1 eq "yes" || $1 eq "no")
-               or &config_error($line,
-                   "readdquiescent must be 'yes' or 'no'");
-           $READDQUIESCENT = $1;
        } elsif  ($linedata  =~ /^emailalert\s*=\s*(.*)/) {
            $EMAILALERT = read_emailalert($line, $1);
        } elsif  ($linedata  =~ /^emailalertfreq\s*=\s*(\d*)/) {
@@ -2011,7 +1974,7 @@
                " (could not resolve host)");
        }
        if( defined($port) ){
-           $resolved_port=&ld_getservbyname($port,"");
+           $resolved_port=&ld_getservbyname($port);
            unless( defined($resolved_port) ){
                &config_error($line,
                    "invalid port ($port) for real server" .
@@ -2108,7 +2071,7 @@
    my $new_rsrv;
    my $rsrv;

-   $new_rsrv = {"server"=>$ip, "port"=>$port, "failcount"=>0};
+   $new_rsrv = {"server"=>$ip, "port"=>$port};

    $flags =~ /(\w+)(.*)/ && ($1 eq "gate" || $1 eq "masq" || $1 eq "ipip")
        or &config_error($line, "forward method must be gate, masq or ipip");
@@ -2263,9 +2226,6 @@
            $$v{proto} = "-f";
        }
        $$v{flags} = "$$v{proto} " .  &get_virtual_option($v) . " ";
-       if ($$v{protocol} eq "udp" && $$v{ops} eq "yes") {
-           $$v{flags} .= "-o ";
-       }
        $$v{flags} .= "-s $$v{scheduler} " if defined ($$v{scheduler});
        if (defined $$v{persistent}) {
            $$v{flags} .= "-p $$v{persistent} ";
@@ -2500,7 +2460,7 @@
    my ($v) = (@_);

    if ($v->{"protocol"} eq "fwm") {
-       return &get_virtual($v) . " "  . $v->{protocol} . (($v->{addressfamily} == AF_INET6) ? "6" : "");
+       return &get_virtual($v) . " "  . $v->{protocol} . ($v->{addressfamily} == AF_INET6 ? "6" : "");
    }
    else {
        return &get_virtual($v) . " "  . $v->{protocol};
@@ -2572,12 +2532,7 @@
    }

    for my $k (keys (%$server_down)) {
-       my $v = $server_down->{$k};
-       if ($READDQUIESCENT eq "no") {
-           # Ensure that the server is initially added
-           service_set(@$v[0], @$v[1], "up", {force => 1});
-       }
-       # Remove Server
+       my $v = $server_down->{$k};
        service_set(@$v[0], @$v[1], "down", {force => 1});
        delete($server_down->{$k});
        #sleep 5;
@@ -2855,22 +2810,16 @@
    }
    my ($v, $r) = @_;

-   my $host = $$r{server};
+   $$r{url} =~ /(http|https):\/\/([^:\/]+)(:([^\/]+))?(\/.*)/;
+   my $host = $2;
+   #my $port = $3;
+   my $uri = $4;
    my $virtualhost = (defined $$v{virtualhost} ? $$v{virtualhost} : $host);

    &ld_debug(2, "check_http: url=\"$$r{url}\" "
        . "virtualhost=\"$virtualhost\"");

-   if (inet_pton(AF_INET6,&ld_strip_brackets($host))) {
-       no warnings 'once';
-       require Net::INET6Glue::INET_is_INET6;
-       # Workaround for Net-HTTP IPv6 Address URLs Broken
-       @LWP::Protocol::http::EXTRA_SOCK_OPTS = (PeerAddr => $host,
-                            PeerHost => &ld_strip_brackets($host),
-                            Host => &ld_strip_brackets($host));
-   }
-
-   my $ua = new LWP::UserAgent(ssl_opts => { verify_hostname => 0 });
+   my $ua = new LWP::UserAgent();

    my $h = undef;
    if ($$v{service} eq "http_proxy") {
@@ -2911,16 +2860,14 @@
    }

    if ($$v{service} eq "https") {
-                &ld_debug(2, "SSL-Cipher: " .
-                        ($res->header('Client-SSL-Cipher') || '<not set>'));
-                &ld_debug(2, "SSL-Cert-Subject: " .
-                        ($res->header('Client-SSL-Cert-Subject') || '<not set>'));
-                &ld_debug(2, "SSL-Cert-Issuer: " .
-                        ($res->header('Client-SSL-Cert-Issuer') || '<not set>'));
+       &ld_debug(2, "SSL-Cipher: " .
+           $res->header('Client-SSL-Cipher'));
+       &ld_debug(2, "SSL-Cert-Subject: " .
+           $res->header('Client-SSL-Cert-Subject'));
+       &ld_debug(2, "SSL-Cert-Issuer: " .
+           $res->header('Client-SSL-Cert-Issuer'));
    }

-   &ld_debug(2, "Return status: " . $res->status_line);
-
    my $recstr = $$r{receive};
    if ($res->is_success && (!($recstr =~ /.+/) ||
                $res->content =~ /$recstr/)) {
@@ -3060,55 +3007,36 @@
    require Net::LDAP;
    my $port = ld_checkport($v, $r);

-   my $result;
-   my $recstr = $$r{receive};
-
    &ld_debug(2, "Checking ldap server=$$r{server} port=$port");
-   eval {
-       local $SIG{'__DIE__'} = "DEFAULT";
-       local $SIG{'ALRM'} = sub { die "Timeout Alarm" };
-       &ld_debug(4, "Timeout is $$v{checktimeout}");
-       &ld_debug(2, "Starting Check");
-       alarm $$v{checktimeout};

-       my $ldap = Net::LDAP->new("$$r{server}", port => $port,
+   my $recstr = $$r{receive};
+   my $ldap = Net::LDAP->new("$$r{server}", port => $port,
                    timeout => $$v{negotiatetimeout});
-       if(!$ldap) {
-           service_set($v, $r, "down", {do_log => 1}, "Connection failed");
-           &ld_debug(4, "Connection failed");
-           alarm 0; # Cancel the alarm
-           return $SERVICE_DOWN;
-       }
-
-       my $mesg;
-       if ($$v{login} && $$v{passwd}) {
-           $mesg = $ldap->bind($$v{login}, password=>$$v{passwd}) ;
-       }
-       else {
-           $mesg = $ldap->bind ;
-       }
-       if ($mesg->is_error) {
-           service_set($v, $r, "down", {do_log => 1}, "Bind failed");
-           &ld_debug(4, "Bind failed");
-           alarm 0; # Cancel the alarm
-           return $SERVICE_DOWN;
-       }
-
-       &ld_debug(4, "Base : " . substr($$r{request},1));
-       $result = $ldap->search (
-           base    => substr($$r{request},1) . "",
-           scope   => "base",
-           filter  => "(objectClass=*)"
-           );
+   if(!$ldap) {
+       service_set($v, $r, "down", {do_log => 1}, "Connection failed");
+       &ld_debug(4, "Connection failed");
+       return $SERVICE_DOWN;
+   }

-       alarm 0; # Cancel the alarm
-   };
+   my $mesg;
+   if ($$v{login} && $$v{passwd}) {
+       $mesg = $ldap->bind($$v{login}, password=>$$v{passwd}) ;
+   }
+   else {
+       $mesg = $ldap->bind ;
+   }
+   if ($mesg->is_error) {
+       service_set($v, $r, "down", {do_log => 1}, "Bind failed");
+       &ld_debug(4, "Bind failed");
+       return $SERVICE_DOWN;
+   }

-   if (!defined($result)) {
-       service_set($v, $r, "down", {do_log => 1}, "No answer received");
-                &ld_debug(2, "check timeout alarm");
-                return $SERVICE_DOWN;
-        }
+   &ld_debug(4, "Base : " . substr($$r{request},1));
+   my $result = $ldap->search (
+       base    => substr($$r{request},1) . "",
+       scope   => "base",
+       filter  => "(objectClass=*)"
+       );

    if($result->count != 1) {
        service_set($v, $r, "down", {do_log => 1}, "No answer received");
@@ -3637,7 +3565,6 @@
    my $request;
    my $server;
    my ($v,$r) = @_;
-   my $port = ld_checkport($v, $r);
    {
        # Net::DNS makes unguarded calls to eval
        # which throw a fatal exception if they fail
@@ -3665,7 +3592,6 @@
        local $SIG{'ALRM'} = sub { die "timeout\n"; };
        alarm($$v{negotiatetimeout});
        $res->nameservers($server);
-       $res->port($port);
        if ($$v{"protocol"} eq "tcp") {
            $res->usevc(1);
        }
@@ -3678,10 +3604,9 @@
        return $SERVICE_DOWN;
    }

-   my $recstr = $$r{receive};
    foreach $rr ($query->answer) {
-       if (($rr->type eq "A" and length($recstr) and $rr->address =~ /$recstr/) or
-           ($rr->type eq "PTR" and length($recstr) and $rr->ptrdname =~ /$recstr/)) {
+       if (($rr->type eq "A" and $rr->address eq $$r{"receive"}) or
+           ($rr->type eq "PTR" and $rr->ptrdname eq $$r{"receive"})) {
            service_set($v, $r, "up", {do_log => 1}, "Success");
            return $SERVICE_UP;
        }
@@ -3916,23 +3841,20 @@
        if (defined($or)) {
            &system_wrapper("$IPVSADM -e "
                    . "$ipvsadm_args $rforw -w 0");
-           &ld_log("Quiescent $log_args (Weight set to 0)");
-           &ld_emailalert_send("Quiescent $log_args (Weight set to 0)",
-                   $v, $rservice, $currenttime);
        }
-       elsif ($READDQUIESCENT eq "yes") {
+       else {
            &system_wrapper("$IPVSADM -a "
                    . "$ipvsadm_args $rforw -w 0");
-           &ld_log("Readd Quiescent $log_args (Weight set to 0)");
-           &ld_emailalert_send("Quiescent $log_args (Weight set to 0)",
-                   $v, $rservice, $currenttime);
        }
+       &ld_log("Quiescent $log_args (Weight set to 0)");
+       &ld_emailalert_send("Quiescent $log_args (Weight set to 0)",
+                   $v, $rservice, $currenttime);
    }
    else {
        &system_wrapper("$IPVSADM -d $ipvsadm_args");
        &ld_log("Deleted $log_args");
        &ld_emailalert_send("Deleted $log_args", $v,
-                   $rservice, $tag eq "fallback" ? 0 : $currenttime);
+                   $rservice, $currenttime);
    }
 }

@@ -4246,9 +4168,9 @@
    $v->{fallbackcommand_status} = $status;

    if (defined($v->{fallbackcommand})) {
-       &system_wrapper($v->{fallbackcommand} . " " . $status . " " . $v->{server} . ":" . $v->{port} . " " . $v->{protocol});
+       &system_wrapper($v->{fallbackcommand} . " " . $status);
    } elsif (defined($FALLBACKCOMMAND)) {
-       &system_wrapper($FALLBACKCOMMAND . " " . $status . " " . $v->{server} . ":" . $v->{port} . " " . $v->{protocol});
+       &system_wrapper($FALLBACKCOMMAND . " " . $status);
    }
 }

@@ -4477,14 +4399,13 @@
    my $smtp = Net::SMTP->new($smtp_server);

    if ($smtp) {
-       my $myusername = getpwuid( $< );
-       $smtp->mail("$myusername\@$hostname");
+       $smtp->mail("$ENV{USER}\@$hostname");
        $smtp->to($to_addr);
        $smtp->data();
        if($EMAILALERTFROM) {
            $smtp->datasend("From: $EMAILALERTFROM\n");
        } else {
-           $smtp->datasend("From: $myusername\@$hostname\n");
+           $smtp->datasend("From: $ENV{USER}\@$hostname\n");
        }
        $smtp->datasend("To: $to_addr\n");
        $smtp->datasend("Subject: $subject\n\n");
@@ -4906,7 +4827,7 @@
    my ($v) = (@_);

    if ($v->{"protocol"} eq "fwm") {
-       return $v->{"protocol"} . (($v->{addressfamily} == AF_INET6)?"6":"") . ":" .  &get_virtual($v);
+       return $v->{"protocol"} . ($v->{addressfamily} == AF_INET6?"6":"") . ":" .  &get_virtual($v);
    }
    else {
        return $v->{"protocol"} . ":" .  &get_virtual($v);