diff options
48 files changed, 738 insertions, 825 deletions
diff --git a/.travis.yml b/.travis.yml index 6af1feef..dcf13d58 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,22 +1,40 @@ +sudo: required +dist: trusty language: c before_install: - - sudo add-apt-repository -y ppa:waja/precise-backports + # Trusty related fixed + # multiverse is no on trusty activated (https://github.com/travis-ci/travis-ci/issues/4979) + - sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu/ trusty multiverse" && sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu/ trusty-updates multiverse" + # /etc/hosts has IPv6 hosts (https://github.com/travis-ci/travis-ci/issues/4978) + - sudo [ $(ip addr show | grep "inet6 ::1" | wc -l) -lt "1" ] && sudo sed -i '/^::1/d' /etc/hosts + # Trusty has running ntpd on localhost, but we don't like that for our tests + - sudo killall -9 ntpd + # Trusty has no swap, lets create some + - sudo fallocate -l 20M /swapfile; sudo chmod 600 /swapfile; sudo mkswap /swapfile; sudo swapon /swapfile + - sudo add-apt-repository -y ppa:waja/trusty-backports - sudo apt-get update -qq - sudo apt-get purge -qq gawk - # ensure we have a test database in place for tests - - mysql -e "create database IF NOT EXISTS test;" -uroot + # http://docs.travis-ci.com/user/trusty-ci-environment/ indicates, no MySQL on Trusty (yet) + # # ensure we have a test database in place for tests + # - mysql -e "create database IF NOT EXISTS test;" -uroot install: - - sudo apt-get install -qq --no-install-recommends perl autotools-dev libdbi-dev libldap2-dev libpq-dev libmysqlclient-dev libfreeradius-client-dev libkrb5-dev libnet-snmp-perl procps + - sudo apt-get install -qq --no-install-recommends perl autotools-dev libdbi-dev libldap2-dev libpq-dev libmysqlclient-dev libradcli-dev libkrb5-dev libnet-snmp-perl procps - sudo apt-get install -qq --no-install-recommends libdbi0-dev libdbd-sqlite3 libssl-dev dnsutils snmp-mibs-downloader libsnmp-perl snmpd - sudo apt-get install -qq --no-install-recommends fping snmp netcat smbclient fping pure-ftpd apache2 postfix libhttp-daemon-ssl-perl - sudo apt-get install -qq --no-install-recommends libdbd-sybase-perl libnet-dns-perl - sudo apt-get install -qq --no-install-recommends slapd ldap-utils - sudo apt-get install -qq --no-install-recommends autoconf automake - sudo apt-get install -qq --no-install-recommends faketime + # Trusty related dependencies (not yet provided) + - sudo apt-get install -qq --no-install-recommends mariadb-client mariadb-server before_script: + # ensure we have a test database in place for tests + - mysql -e "create database IF NOT EXISTS test;" -uroot + # Detect LDAP configuration (seems volatile on trusty env) + - sed -e 's/cn=admin,dc=nodomain/'$(sudo /usr/sbin/slapcat|grep ^dn:|grep cn=|awk '{print $2}')'/' -i plugins/t/NPTest.cache.travis - tools/setup - ./configure --enable-libtap - make @@ -21,3 +21,4 @@ Ton Voon Jan Wagner Holger Weiss Michael Wirtgen +Oliver Skibbe @@ -6,21 +6,39 @@ This file documents the major additions and syntax changes between releases. thresholds New check_snmp "-N" option to specify SNMPv3 context name New check_nt "-l" parameters: seconds|minutes|hours|days - Make sure check_disk won't hang on hanging (network) file systems New check_mailq -s option which tells the plugin to use sudo(8) New -W/-C option for check_ldap to check number of entries (Gerhard Lausser) + The check_http -S/--ssl option now accepts the arguments "1.1" and "1.2" + to force TLSv1.1 and TLSv1.2 connections, respectively + The check_http -S/--ssl option now allows for specifying the desired + protocol with a "+" suffix to also accept newer versions + check_users: add support for range thresholds (John C. Frickson) + check_snmp: add ipv6 support (abrist) + check_http: report certificate expire date in UTC (pirtoo / ylfingr) + check_radius now supports the radcli library FIXES Let check_real terminate lines with CRLF when talking to the server, as mandated by 2326 Fix check_procs on HP-UX + check_smtp's -e/--expect option can now be combined with -S/--starttls + Fix incorrect performance data thresholds emitted by check_ups + check_http: fix host header port handling (odenbach) WARNINGS The format of the performance data emitted by check_mrtgtraf has been changed to comply with the development guidelines - check_ssh not returns CRITICAL for protocal/version errors + check_ssh now returns CRITICAL for protocol/version errors If a plugin is invoked with -h/--help or -V/--version, the exit status is now UNKNOWN + The superseded check_ntp.pl was removed, please use check_ntp_peer or + check_ntp_time instead + +2.1.2 16th October 2015 + FIXES + Fix incorrect performance data thresholds emitted by check_ups + Fix check_dhcp's option parsing to not crash with certain arguments + Fix check_snmp using correct timeout 2.1.1 2nd December 2014 FIXES @@ -29,6 +47,7 @@ This file documents the major additions and syntax changes between releases. Fix check_apt's handling of invalid regular expressions Fix check_real's server response processing Fix backslash escaping in check_tcp's --help output + Fix check_procs's unclosed filehandle in pst3 on Solaris 2.1 15th October 2014 ENHANCEMENTS diff --git a/NP-VERSION-GEN b/NP-VERSION-GEN index 12efad72..dd82bf11 100755 --- a/NP-VERSION-GEN +++ b/NP-VERSION-GEN @@ -6,7 +6,7 @@ SRC_ROOT=`dirname $0` NPVF=NP-VERSION-FILE -DEF_VER=2.1.1.git +DEF_VER=2.1.2.git LF=' ' diff --git a/REQUIREMENTS b/REQUIREMENTS index 303fd62b..ac7b5935 100644 --- a/REQUIREMENTS +++ b/REQUIREMENTS @@ -50,16 +50,18 @@ check_dbi: http://libdbi.sourceforge.net/ check_radius: - - Requires the FreeRADIUS Client library available from: + - Requires the radcli library available from: + http://radcli.github.io/radcli/ + - As an alternative, the FreeRADIUS Client library may be used: http://freeradius.org/freeradius-client/ - - As an alternative, the radiusclient-ng library may be used: + - As another alternative, the radiusclient-ng library may be used: http://sourceforge.net/projects/radiusclient-ng.berlios/ - This plugin also works with the original radiusclient library from ftp://ftp.cityline.net/pub/radiusclient/ RPM (rpmfind): radiusclient 0.3.2, radiusclient-devel-0.3.2 - However, you probably want to use the FreeRADIUS Client library, as - both radiusclient and radiusclient-ng are unmaintained and have known - issues. + However, you probably want to use either radcli or the FreeRADIUS + Client library, as both radiusclient and radiusclient-ng are + unmaintained and have known issues. check_snmp: - Requires the NET-SNMP package available from @@ -336,3 +336,8 @@ Nick Peelman Sebastian Herbszt Christopher Schultz Matthias Hähnel +Roberto Greiner +Peter (pirtoo) +ylfingr +Christian Kujau +Christopher Odenbach diff --git a/configure.ac b/configure.ac index ce1728e3..367e82a6 100644 --- a/configure.ac +++ b/configure.ac @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. AC_PREREQ(2.59) -AC_INIT(monitoring-plugins,2.1.1) +AC_INIT(monitoring-plugins,2.1.2) AC_CONFIG_SRCDIR(NPTest.pm) AC_CONFIG_FILES([gl/Makefile]) AC_CONFIG_AUX_DIR(build-aux) @@ -156,12 +156,6 @@ AC_CHECK_LIB(socket,socket,SOCKETLIBS="$SOCKETLIBS -lsocket") AC_CHECK_LIB(resolv,main,SOCKETLIBS="$SOCKETLIBS -lresolv") AC_SUBST(SOCKETLIBS) -dnl Check for POSIX thread libraries -AC_CHECK_HEADERS(pthread.h) -AC_CHECK_LIB(pthread,pthread_create,THREADLIBS="-lpthread", - AC_CHECK_LIB(pthread,pthread_create,THREADLIBS="-lpthread -lrt",-lrt)) -AC_SUBST(THREADLIBS) - dnl dnl check for math-related functions needing -lm AC_CHECK_HEADERS(math.h) @@ -279,26 +273,33 @@ AC_ARG_WITH([radius], [AS_HELP_STRING([--without-radius], [Skips the radius plug dnl Check for radius libraries AS_IF([test "x$with_radius" != "xno"], [ _SAVEDLIBS="$LIBS" - AC_CHECK_LIB(freeradius-client,rc_read_config) - if test "$ac_cv_lib_freeradius_client_rc_read_config" = "yes"; then + AC_CHECK_LIB(radcli,rc_read_config) + if test "$ac_cv_lib_radcli_rc_read_config" = "yes"; then EXTRAS="$EXTRAS check_radius\$(EXEEXT)" - RADIUSLIBS="-lfreeradius-client" + RADIUSLIBS="-lradcli" AC_SUBST(RADIUSLIBS) else - AC_CHECK_LIB(radiusclient-ng,rc_read_config) - if test "$ac_cv_lib_radiusclient_ng_rc_read_config" = "yes"; then + AC_CHECK_LIB(freeradius-client,rc_read_config) + if test "$ac_cv_lib_freeradius_client_rc_read_config" = "yes"; then EXTRAS="$EXTRAS check_radius\$(EXEEXT)" - RADIUSLIBS="-lradiusclient-ng" + RADIUSLIBS="-lfreeradius-client" AC_SUBST(RADIUSLIBS) else - AC_CHECK_LIB(radiusclient,rc_read_config) - if test "$ac_cv_lib_radiusclient_rc_read_config" = "yes"; then + AC_CHECK_LIB(radiusclient-ng,rc_read_config) + if test "$ac_cv_lib_radiusclient_ng_rc_read_config" = "yes"; then EXTRAS="$EXTRAS check_radius\$(EXEEXT)" - RADIUSLIBS="-lradiusclient" + RADIUSLIBS="-lradiusclient-ng" AC_SUBST(RADIUSLIBS) else - AC_MSG_WARN([Skipping radius plugin]) - AC_MSG_WARN([install radius libs to compile this plugin (see REQUIREMENTS).]) + AC_CHECK_LIB(radiusclient,rc_read_config) + if test "$ac_cv_lib_radiusclient_rc_read_config" = "yes"; then + EXTRAS="$EXTRAS check_radius\$(EXEEXT)" + RADIUSLIBS="-lradiusclient" + AC_SUBST(RADIUSLIBS) + else + AC_MSG_WARN([Skipping radius plugin]) + AC_MSG_WARN([install radius libs to compile this plugin (see REQUIREMENTS).]) + fi fi fi fi @@ -499,15 +500,15 @@ if ! test x"$with_openssl" = x"no"; then dnl Check for crypto lib _SAVEDLIBS="$LIBS" LIBS="-L${with_openssl}/lib" - AC_CHECK_LIB(crypto,CRYPTO_lock) - if test "$ac_cv_lib_crypto_CRYPTO_lock" = "yes"; then + AC_CHECK_LIB(crypto,CRYPTO_new_ex_data) + if test "$ac_cv_lib_crypto_CRYPTO_new_ex_data" = "yes"; then dnl Check for SSL lib AC_CHECK_LIB(ssl,main, SSLLIBS="-lssl -lcrypto",,-lcrypto) fi LIBS="$_SAVEDLIBS" dnl test headers and libs to decide whether check_http should use SSL - if test "$ac_cv_lib_crypto_CRYPTO_lock" = "yes"; then + if test "$ac_cv_lib_crypto_CRYPTO_new_ex_data" = "yes"; then if test "$ac_cv_lib_ssl_main" = "yes"; then if test "$FOUNDINCLUDE" = "yes"; then FOUNDOPENSSL="yes" diff --git a/doc/developer-guidelines.sgml b/doc/developer-guidelines.sgml index 228d3fa1..6f31f365 100644 --- a/doc/developer-guidelines.sgml +++ b/doc/developer-guidelines.sgml @@ -200,9 +200,8 @@ operation. Higher-level errors (such as name resolution errors, socket timeouts, etc) are outside of the control of plugins and should generally NOT be reported as UNKNOWN states. - </para> - <para>The --help or --version output should also result in Unknown state.</para> - </entry> + </para><para>The --help or --version output should also result in Unknown state. + </para></entry> </row> </tbody> </tgroup> @@ -613,7 +612,7 @@ The user should be allowed to specify -v multiple times to increase the verbosity level, as described in <xref linkend="verboselevels">.</para> - The exit code for version information or help should be UNKNOWN + <para>The exit code for version information or help should be UNKNOWN (3).</para> </section> diff --git a/gl/Makefile.am b/gl/Makefile.am index 54abb4c7..15135c8b 100644 --- a/gl/Makefile.am +++ b/gl/Makefile.am @@ -21,7 +21,7 @@ # the same distribution terms as the rest of that program. # # Generated by gnulib-tool. -# Reproduce by: gnulib-tool --import --dir=. --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=tests --aux-dir=build-aux --no-conditional-dependencies --no-libtool --macro-prefix=gl --no-vc-files base64 crypto/sha1 dirname environ floorf fsusage getaddrinfo gethostname getloadavg getopt-gnu gettext idpriv-droptemp mountlist regex setenv strcase strsep timegm unsetenv vasprintf vsnprintf +# Reproduce by: gnulib-tool --import --dir=. --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=tests --aux-dir=build-aux --no-conditional-dependencies --no-libtool --macro-prefix=gl --no-vc-files base64 crypto/sha1 dirname environ floorf fsusage getaddrinfo gethostname getloadavg getopt-gnu gettext idpriv-droptemp mountlist regex setenv strcase strcasestr strsep timegm unsetenv vasprintf vsnprintf AUTOMAKE_OPTIONS = 1.9.6 gnits subdir-objects @@ -1553,6 +1553,15 @@ EXTRA_libgnu_a_SOURCES += strcasecmp.c strncasecmp.c ## end gnulib module strcase +## begin gnulib module strcasestr-simple + + +EXTRA_DIST += str-two-way.h strcasestr.c + +EXTRA_libgnu_a_SOURCES += strcasestr.c + +## end gnulib module strcasestr-simple + ## begin gnulib module streq diff --git a/gl/m4/gnulib-cache.m4 b/gl/m4/gnulib-cache.m4 index d6fca2a3..90ad4aaa 100644 --- a/gl/m4/gnulib-cache.m4 +++ b/gl/m4/gnulib-cache.m4 @@ -27,7 +27,7 @@ # Specification in the form of a command-line invocation: -# gnulib-tool --import --dir=. --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=tests --aux-dir=build-aux --no-conditional-dependencies --no-libtool --macro-prefix=gl --no-vc-files base64 crypto/sha1 dirname environ floorf fsusage getaddrinfo gethostname getloadavg getopt-gnu gettext idpriv-droptemp mountlist regex setenv strcase strsep timegm unsetenv vasprintf vsnprintf +# gnulib-tool --import --dir=. --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=tests --aux-dir=build-aux --no-conditional-dependencies --no-libtool --macro-prefix=gl --no-vc-files base64 crypto/sha1 dirname environ floorf fsusage getaddrinfo gethostname getloadavg getopt-gnu gettext idpriv-droptemp mountlist regex setenv strcase strcasestr strsep timegm unsetenv vasprintf vsnprintf # Specification in the form of a few gnulib-tool.m4 macro invocations: gl_LOCAL_DIR([]) @@ -48,6 +48,7 @@ gl_MODULES([ regex setenv strcase + strcasestr strsep timegm unsetenv diff --git a/gl/m4/gnulib-comp.m4 b/gl/m4/gnulib-comp.m4 index 67a81566..9a4f5027 100644 --- a/gl/m4/gnulib-comp.m4 +++ b/gl/m4/gnulib-comp.m4 @@ -121,6 +121,8 @@ AC_DEFUN([gl_EARLY], # Code from module stdio: # Code from module stdlib: # Code from module strcase: + # Code from module strcasestr: + # Code from module strcasestr-simple: # Code from module streq: # Code from module strerror: # Code from module strerror-override: @@ -390,6 +392,17 @@ AC_DEFUN([gl_INIT], AC_LIBOBJ([strncasecmp]) gl_PREREQ_STRNCASECMP fi + gl_FUNC_STRCASESTR + if test $HAVE_STRCASESTR = 0 || test $REPLACE_STRCASESTR = 1; then + AC_LIBOBJ([strcasestr]) + gl_PREREQ_STRCASESTR + fi + gl_FUNC_STRCASESTR_SIMPLE + if test $HAVE_STRCASESTR = 0 || test $REPLACE_STRCASESTR = 1; then + AC_LIBOBJ([strcasestr]) + gl_PREREQ_STRCASESTR + fi + gl_STRING_MODULE_INDICATOR([strcasestr]) gl_FUNC_STRERROR if test $REPLACE_STRERROR = 1; then AC_LIBOBJ([strerror]) @@ -723,6 +736,7 @@ AC_DEFUN([gl_FILE_LIST], [ lib/stdlib.in.h lib/str-two-way.h lib/strcasecmp.c + lib/strcasestr.c lib/streq.h lib/strerror-override.c lib/strerror-override.h @@ -866,6 +880,7 @@ AC_DEFUN([gl_FILE_LIST], [ m4/stdio_h.m4 m4/stdlib_h.m4 m4/strcase.m4 + m4/strcasestr.m4 m4/strerror.m4 m4/string_h.m4 m4/strings_h.m4 diff --git a/gl/m4/strcasestr.m4 b/gl/m4/strcasestr.m4 new file mode 100644 index 00000000..8681a6a4 --- /dev/null +++ b/gl/m4/strcasestr.m4 @@ -0,0 +1,142 @@ +# strcasestr.m4 serial 21 +dnl Copyright (C) 2005, 2007-2013 Free Software Foundation, Inc. +dnl This file is free software; the Free Software Foundation +dnl gives unlimited permission to copy and/or distribute it, +dnl with or without modifications, as long as this notice is preserved. + +dnl Check that strcasestr is present and works. +AC_DEFUN([gl_FUNC_STRCASESTR_SIMPLE], +[ + AC_REQUIRE([gl_HEADER_STRING_H_DEFAULTS]) + + dnl Persuade glibc <string.h> to declare strcasestr(). + AC_REQUIRE([AC_USE_SYSTEM_EXTENSIONS]) + + AC_REQUIRE([gl_FUNC_MEMCHR]) + AC_CHECK_FUNCS([strcasestr]) + if test $ac_cv_func_strcasestr = no; then + HAVE_STRCASESTR=0 + else + if test "$gl_cv_func_memchr_works" != yes; then + REPLACE_STRCASESTR=1 + else + dnl Detect http://sourceware.org/bugzilla/show_bug.cgi?id=12092. + AC_CACHE_CHECK([whether strcasestr works], + [gl_cv_func_strcasestr_works_always], + [AC_RUN_IFELSE([AC_LANG_PROGRAM([[ +#include <string.h> /* for strcasestr */ +#define P "_EF_BF_BD" +#define HAYSTACK "F_BD_CE_BD" P P P P "_C3_88_20" P P P "_C3_A7_20" P +#define NEEDLE P P P P P +]], [[return !!strcasestr (HAYSTACK, NEEDLE); + ]])], + [gl_cv_func_strcasestr_works_always=yes], + [gl_cv_func_strcasestr_works_always=no], + [dnl glibc 2.12 and cygwin 1.7.7 have a known bug. uClibc is not + dnl affected, since it uses different source code for strcasestr + dnl than glibc. + dnl Assume that it works on all other platforms, even if it is not + dnl linear. + AC_EGREP_CPP([Lucky user], + [ +#ifdef __GNU_LIBRARY__ + #include <features.h> + #if ((__GLIBC__ == 2 && __GLIBC_MINOR__ > 12) || (__GLIBC__ > 2)) \ + || defined __UCLIBC__ + Lucky user + #endif +#elif defined __CYGWIN__ + #include <cygwin/version.h> + #if CYGWIN_VERSION_DLL_COMBINED > CYGWIN_VERSION_DLL_MAKE_COMBINED (1007, 7) + Lucky user + #endif +#else + Lucky user +#endif + ], + [gl_cv_func_strcasestr_works_always="guessing yes"], + [gl_cv_func_strcasestr_works_always="guessing no"]) + ]) + ]) + case "$gl_cv_func_strcasestr_works_always" in + *yes) ;; + *) + REPLACE_STRCASESTR=1 + ;; + esac + fi + fi +]) # gl_FUNC_STRCASESTR_SIMPLE + +dnl Additionally, check that strcasestr is efficient. +AC_DEFUN([gl_FUNC_STRCASESTR], +[ + AC_REQUIRE([gl_FUNC_STRCASESTR_SIMPLE]) + if test $HAVE_STRCASESTR = 1 && test $REPLACE_STRCASESTR = 0; then + AC_CACHE_CHECK([whether strcasestr works in linear time], + [gl_cv_func_strcasestr_linear], + [AC_RUN_IFELSE([AC_LANG_PROGRAM([[ +#include <signal.h> /* for signal */ +#include <string.h> /* for strcasestr */ +#include <stdlib.h> /* for malloc */ +#include <unistd.h> /* for alarm */ +static void quit (int sig) { exit (sig + 128); } +]], [[ + int result = 0; + size_t m = 1000000; + char *haystack = (char *) malloc (2 * m + 2); + char *needle = (char *) malloc (m + 2); + /* Failure to compile this test due to missing alarm is okay, + since all such platforms (mingw) also lack strcasestr. */ + signal (SIGALRM, quit); + alarm (5); + /* Check for quadratic performance. */ + if (haystack && needle) + { + memset (haystack, 'A', 2 * m); + haystack[2 * m] = 'B'; + haystack[2 * m + 1] = 0; + memset (needle, 'A', m); + needle[m] = 'B'; + needle[m + 1] = 0; + if (!strcasestr (haystack, needle)) + result |= 1; + } + return result; + ]])], + [gl_cv_func_strcasestr_linear=yes], [gl_cv_func_strcasestr_linear=no], + [dnl Only glibc > 2.12 and cygwin > 1.7.7 are known to have a + dnl strcasestr that works in linear time. + AC_EGREP_CPP([Lucky user], + [ +#include <features.h> +#ifdef __GNU_LIBRARY__ + #if ((__GLIBC__ == 2 && __GLIBC_MINOR__ > 12) || (__GLIBC__ > 2)) \ + && !defined __UCLIBC__ + Lucky user + #endif +#endif +#ifdef __CYGWIN__ + #include <cygwin/version.h> + #if CYGWIN_VERSION_DLL_COMBINED > CYGWIN_VERSION_DLL_MAKE_COMBINED (1007, 7) + Lucky user + #endif +#endif + ], + [gl_cv_func_strcasestr_linear="guessing yes"], + [gl_cv_func_strcasestr_linear="guessing no"]) + ]) + ]) + case "$gl_cv_func_strcasestr_linear" in + *yes) ;; + *) + REPLACE_STRCASESTR=1 + ;; + esac + fi +]) # gl_FUNC_STRCASESTR + +# Prerequisites of lib/strcasestr.c. +AC_DEFUN([gl_PREREQ_STRCASESTR], [ + : +]) diff --git a/gl/strcasestr.c b/gl/strcasestr.c new file mode 100644 index 00000000..53474a45 --- /dev/null +++ b/gl/strcasestr.c @@ -0,0 +1,82 @@ +/* Case-insensitive searching in a string. + Copyright (C) 2005-2013 Free Software Foundation, Inc. + Written by Bruno Haible <bruno@clisp.org>, 2005. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, see <http://www.gnu.org/licenses/>. */ + +#include <config.h> + +/* Specification. */ +#include <string.h> + +#include <ctype.h> +#include <stdbool.h> +#include <strings.h> + +#define TOLOWER(Ch) (isupper (Ch) ? tolower (Ch) : (Ch)) + +/* Two-Way algorithm. */ +#define RETURN_TYPE char * +#define AVAILABLE(h, h_l, j, n_l) \ + (!memchr ((h) + (h_l), '\0', (j) + (n_l) - (h_l)) \ + && ((h_l) = (j) + (n_l))) +#define CANON_ELEMENT(c) TOLOWER (c) +#define CMP_FUNC(p1, p2, l) \ + strncasecmp ((const char *) (p1), (const char *) (p2), l) +#include "str-two-way.h" + +/* Find the first occurrence of NEEDLE in HAYSTACK, using + case-insensitive comparison. This function gives unspecified + results in multibyte locales. */ +char * +strcasestr (const char *haystack_start, const char *needle_start) +{ + const char *haystack = haystack_start; + const char *needle = needle_start; + size_t needle_len; /* Length of NEEDLE. */ + size_t haystack_len; /* Known minimum length of HAYSTACK. */ + bool ok = true; /* True if NEEDLE is prefix of HAYSTACK. */ + + /* Determine length of NEEDLE, and in the process, make sure + HAYSTACK is at least as long (no point processing all of a long + NEEDLE if HAYSTACK is too short). */ + while (*haystack && *needle) + { + ok &= (TOLOWER ((unsigned char) *haystack) + == TOLOWER ((unsigned char) *needle)); + haystack++; + needle++; + } + if (*needle) + return NULL; + if (ok) + return (char *) haystack_start; + needle_len = needle - needle_start; + haystack = haystack_start + 1; + haystack_len = needle_len - 1; + + /* Perform the search. Abstract memory is considered to be an array + of 'unsigned char' values, not an array of 'char' values. See + ISO C 99 section 6.2.6.1. */ + if (needle_len < LONG_NEEDLE_THRESHOLD) + return two_way_short_needle ((const unsigned char *) haystack, + haystack_len, + (const unsigned char *) needle_start, + needle_len); + return two_way_long_needle ((const unsigned char *) haystack, haystack_len, + (const unsigned char *) needle_start, + needle_len); +} + +#undef LONG_NEEDLE_THRESHOLD diff --git a/plugins-root/check_dhcp.c b/plugins-root/check_dhcp.c index 3723e61a..88b7ca10 100644 --- a/plugins-root/check_dhcp.c +++ b/plugins-root/check_dhcp.c @@ -229,7 +229,7 @@ struct in_addr requested_address; int process_arguments(int, char **); int call_getopt(int, char **); -int validate_arguments(void); +int validate_arguments(int, int); void print_usage(void); void print_help(void); @@ -463,10 +463,9 @@ int send_dhcp_discover(int sock){ discover_packet.hlen=ETHERNET_HARDWARE_ADDRESS_LENGTH; /* - * transaction ID is supposed to be random. We won't use the address so - * we don't care about high entropy here. time(2) is good enough. + * transaction ID is supposed to be random. */ - srand(time(NULL)); + srand(time(NULL)^getpid()); packet_xid=random(); discover_packet.xid=htonl(packet_xid); @@ -692,17 +691,11 @@ int receive_dhcp_packet(void *buffer, int buffer_size, int sock, int timeout, st } else{ - - /* why do we need to peek first? i don't know, its a hack. without it, the source address of the first packet received was - not being interpreted correctly. sigh... */ bzero(&source_address,sizeof(source_address)); address_size=sizeof(source_address); recv_result=recvfrom(sock,(char *)buffer,buffer_size,MSG_PEEK,(struct sockaddr *)&source_address,&address_size); if(verbose) - printf("recv_result_1: %d\n",recv_result); - recv_result=recvfrom(sock,(char *)buffer,buffer_size,0,(struct sockaddr *)&source_address,&address_size); - if(verbose) - printf("recv_result_2: %d\n",recv_result); + printf("recv_result: %d\n",recv_result); if(recv_result==-1){ if(verbose){ @@ -1059,29 +1052,19 @@ int get_results(void){ /* process command-line arguments */ int process_arguments(int argc, char **argv){ - int c; + int arg_index; if(argc<1) return ERROR; - c=0; - while((c+=(call_getopt(argc-c,&argv[c])))<argc){ - - /* - if(is_option(argv[c])) - continue; - */ - } - - return validate_arguments(); + arg_index = call_getopt(argc,argv); + return validate_arguments(argc,arg_index); } int call_getopt(int argc, char **argv){ - int c=0; - int i=0; - + extern int optind; int option_index = 0; static struct option long_options[] = { @@ -1098,25 +1081,14 @@ int call_getopt(int argc, char **argv){ }; while(1){ - c=getopt_long(argc,argv,"+hVvt:s:r:t:i:m:u",long_options,&option_index); + int c=0; - i++; + c=getopt_long(argc,argv,"+hVvt:s:r:t:i:m:u",long_options,&option_index); if(c==-1||c==EOF||c==1) break; switch(c){ - case 'w': - case 'r': - case 't': - case 'i': - i++; - break; - default: - break; - } - - switch(c){ case 's': /* DHCP server address */ resolve_host(optarg,&dhcp_ip); @@ -1181,12 +1153,14 @@ int call_getopt(int argc, char **argv){ break; } } - - return i; + return optind; } -int validate_arguments(void){ +int validate_arguments(int argc, int arg_index){ + + if(argc-optind > 0) + usage(_("Got unexpected non-option argument")); return OK; } diff --git a/plugins-root/pst3.c b/plugins-root/pst3.c index ee9d108d..c3589f0a 100644 --- a/plugins-root/pst3.c +++ b/plugins-root/pst3.c @@ -139,8 +139,10 @@ try_again: if((ps_fd = open(ps_name, O_RDONLY)) == -1) continue; - if((as_fd = open(as_name, O_RDONLY)) == -1) + if((as_fd = open(as_name, O_RDONLY)) == -1) { + close(ps_fd); continue; + } if(read(ps_fd, &psinfo, sizeof(psinfo)) != sizeof(psinfo)) { int err = errno; diff --git a/plugins-scripts/Makefile.am b/plugins-scripts/Makefile.am index 69703244..ea65aed1 100644 --- a/plugins-scripts/Makefile.am +++ b/plugins-scripts/Makefile.am @@ -36,7 +36,8 @@ TESTS = @SCRIPT_TEST@ test: perl -I $(top_builddir) -I $(top_srcdir) ../test.pl perl -I $(top_builddir) -I $(top_srcdir) ../test.pl t/utils.t # utils.t is excluded from above, so manually ask to test - for PLSCRIPTS in *.pl; do perl -wc $$PLSCRIPTS || exit 1; done + for SCRIPT in *.pl; do perl -wc $$SCRIPT || exit 1; done + set -e; for SCRIPT in *.sh; do sh -n $$SCRIPT || exit 1; done test-debug: NPTEST_DEBUG=1 HARNESS_VERBOSE=1 perl -I $(top_builddir) -I $(top_srcdir) ../test.pl diff --git a/plugins-scripts/check_ifoperstatus.pl b/plugins-scripts/check_ifoperstatus.pl index 3eed4bcb..9ede1633 100755 --- a/plugins-scripts/check_ifoperstatus.pl +++ b/plugins-scripts/check_ifoperstatus.pl @@ -325,7 +325,7 @@ sub print_help() { printf " (Implies the use of -I)\n"; printf " -w (--warn =i|w|c) ignore|warn|crit if the interface is dormant (default critical)\n"; printf " -D (--admin-down =i|w|c) same for administratively down interfaces (default warning)\n"; - printf " -M (--maxmsgsize) Max message size - usefull only for v1 or v2c\n"; + printf " -M (--maxmsgsize) Max message size - useful only for v1 or v2c\n"; printf " -t (--timeout) seconds before the plugin times out (default=$TIMEOUT)\n"; printf " -V (--version) Plugin version\n"; printf " -h (--help) usage help \n\n"; diff --git a/plugins-scripts/check_ifstatus.pl b/plugins-scripts/check_ifstatus.pl index 9f2f7c31..32984e53 100755 --- a/plugins-scripts/check_ifstatus.pl +++ b/plugins-scripts/check_ifstatus.pl @@ -280,7 +280,7 @@ sub print_help() { printf " in hex with 0x prefix generated by using \"snmpkey\" utility\n"; printf " privacy password and authEngineID\n"; printf " -P (--privproto) privacy protocol (DES or AES; default: DES)\n"; - printf " -M (--maxmsgsize) Max message size - usefull only for v1 or v2c\n"; + printf " -M (--maxmsgsize) Max message size - useful only for v1 or v2c\n"; printf " -t (--timeout) seconds before the plugin times out (default=$TIMEOUT)\n"; printf " -V (--version) Plugin version\n"; printf " -h (--help) usage help \n\n"; diff --git a/plugins-scripts/check_ntp.pl b/plugins-scripts/check_ntp.pl deleted file mode 100755 index f4000019..00000000 --- a/plugins-scripts/check_ntp.pl +++ /dev/null @@ -1,472 +0,0 @@ -#!@PERL@ -w -# -# (c)1999 Ian Cass, Knowledge Matters Ltd. -# Read the GNU copyright stuff for all the legalese -# -# Check NTP time servers plugin. This plugin requires the ntpdate utility to -# be installed on the system, however since it's part of the ntp suite, you -# should already have it installed. -# -# -# Nothing clever done in this program - its a very simple bare basics hack to -# get the job done. -# -# Things to do... -# check @words[9] for time differences greater than +/- x secs & return a -# warning. -# -# (c) 1999 Mark Jewiss, Knowledge Matters Limited -# 22-9-1999, 12:45 -# -# Modified script to accept 2 parameters or set defaults. -# Now issues warning or critical alert is time difference is greater than the -# time passed. -# -# These changes have not been tested completely due to the unavailability of a -# server with the incorrect time. -# -# (c) 1999 Bo Kersey, VirCIO - Managed Server Solutions <bo@vircio.com> -# 22-10-99, 12:17 -# -# Modified the script to give useage if no parameters are input. -# -# Modified the script to check for negative as well as positive -# time differences. -# -# Modified the script to work with ntpdate 3-5.93e Wed Apr 14 20:23:03 EDT 1999 -# -# Modified the script to work with ntpdate's that return adjust or offset... -# -# -# Script modified 2000 June 01 by William Pietri <william@bianca.com> -# -# Modified script to handle weird cases: -# o NTP server doesn't respond (e.g., has died) -# o Server has correct time but isn't suitable synchronization -# source. This happens while starting up and if contact -# with master has been lost. -# -# Modifed to run under Embedded Perl (sghosh@users.sf.net) -# - combined logic some blocks together.. -# -# Added ntpdate check for stratum 16 desynch peer (James Fidell) Feb 03, 2003 -# -# ntpdate - offset is in seconds -# changed ntpdc to ntpq - jitter/dispersion is in milliseconds -# -# Patch for for regex for stratum1 refid. - -require 5.004; -use POSIX; -use strict; -use Getopt::Long; -use vars qw($opt_V $opt_h $opt_H $opt_t $opt_w $opt_c $opt_O $opt_j $opt_k $verbose $PROGNAME $def_jitter $ipv4 $ipv6); -use FindBin; -use lib "$FindBin::Bin"; -use utils qw($TIMEOUT %ERRORS &print_revision &support); - -$PROGNAME="check_ntp"; - -sub print_help (); -sub print_usage (); - -$ENV{'PATH'}='@TRUSTED_PATH@'; -$ENV{'BASH_ENV'}=''; -$ENV{'ENV'}=''; - -# defaults in sec -my $DEFAULT_OFFSET_WARN = 60; # 1 minute -my $DEFAULT_OFFSET_CRIT = 120; # 2 minutes -# default in millisec -my $DEFAULT_JITTER_WARN = 5000; # 5 sec -my $DEFAULT_JITTER_CRIT = 10000; # 10 sec - -Getopt::Long::Configure('bundling'); -GetOptions - ("V" => \$opt_V, "version" => \$opt_V, - "h" => \$opt_h, "help" => \$opt_h, - "v" => \$verbose, "verbose" => \$verbose, - "4" => \$ipv4, "use-ipv4" => \$ipv4, - "6" => \$ipv6, "use-ipv6" => \$ipv6, - "w=f" => \$opt_w, "warning=f" => \$opt_w, # offset|adjust warning if above this number - "c=f" => \$opt_c, "critical=f" => \$opt_c, # offset|adjust critical if above this number - "O" => \$opt_O, "zero-offset" => \$opt_O, # zero-offset bad - "j=s" => \$opt_j, "jwarn=i" => \$opt_j, # jitter warning if above this number - "k=s" => \$opt_k, "jcrit=i" => \$opt_k, # jitter critical if above this number - "t=s" => \$opt_t, "timeout=i" => \$opt_t, - "H=s" => \$opt_H, "hostname=s" => \$opt_H); - -if ($opt_V) { - print_revision($PROGNAME,'@NP_VERSION@'); - exit $ERRORS{'UNKNOWN'}; -} - -if ($opt_h) { - print_help(); - exit $ERRORS{'UNKNOWN'}; -} - -# jitter test params specified -if (defined $opt_j || defined $opt_k ) { - $def_jitter = 1; -} - -$opt_H = shift unless ($opt_H); -my $host = $1 if ($opt_H && $opt_H =~ m/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+|[a-zA-Z][-a-zA-Z0-9]+(\.[a-zA-Z][-a-zA-Z0-9]+)*)$/); -unless ($host) { - print "No target host specified\n"; - print_usage(); - exit $ERRORS{'UNKNOWN'}; -} - -my ($timeout, $owarn, $ocrit, $jwarn, $jcrit); - -$timeout = $TIMEOUT; -($opt_t) && ($opt_t =~ /^([0-9]+)$/) && ($timeout = $1); - -$owarn = $DEFAULT_OFFSET_WARN; -($opt_w) && ($opt_w =~ /^([0-9.]+)$/) && ($owarn = $1); - -$ocrit = $DEFAULT_OFFSET_CRIT; -($opt_c) && ($opt_c =~ /^([0-9.]+)$/) && ($ocrit = $1); - -$jwarn = $DEFAULT_JITTER_WARN; -($opt_j) && ($opt_j =~ /^([0-9]+)$/) && ($jwarn = $1); - -$jcrit = $DEFAULT_JITTER_CRIT; -($opt_k) && ($opt_k =~ /^([0-9]+)$/) && ($jcrit = $1); - -if ($ocrit < $owarn ) { - print "Critical offset should be larger than warning offset\n"; - print_usage(); - exit $ERRORS{"UNKNOWN"}; -} - -if ($def_jitter) { - if ($opt_k < $opt_j) { - print "Critical jitter should be larger than warning jitter\n"; - print_usage(); - exit $ERRORS{'UNKNOWN'}; - } -} - - -my $stratum = -1; -my $ignoreret = 0; -my $answer = undef; -my $offset = undef; -my $jitter = undef; -my $syspeer = undef; -my $candidate = 0; -my @candidates; -my $msg; # first line of output to print if format is invalid - -my $state = $ERRORS{'UNKNOWN'}; -my $ntpdate_error = $ERRORS{'UNKNOWN'}; -my $jitter_error = $ERRORS{'UNKNOWN'}; - -# some systems don't have a proper ntpq (migrated from ntpdc) -my $have_ntpq = undef; -if ($utils::PATH_TO_NTPQ && -x $utils::PATH_TO_NTPQ ) { - $have_ntpq = 1; -}else{ - $have_ntpq = 0; -} - -# Just in case of problems, let's not hang Nagios -$SIG{'ALRM'} = sub { - print ("ERROR: No response from ntp server (alarm)\n"); - exit $ERRORS{"UNKNOWN"}; -}; -alarm($timeout); - -# Determine protocol to be used for ntpdate and ntpq -my $ntpdate = $utils::PATH_TO_NTPDATE; -my $ntpq = $utils::PATH_TO_NTPQ; -if ($ipv4) { - $ntpdate .= " -4"; - $ntpq .= " -4"; -} -elsif ($ipv6) { - $ntpdate .= " -6"; - $ntpq .= " -6"; -} -# else don't use any flags - -### -### -### First, check ntpdate -### -### - -if (!open (NTPDATE, $ntpdate . " -q $host 2>&1 |")) { - print "Could not open $ntpdate: $!\n"; - exit $ERRORS{"UNKNOWN"}; -} - -my $out; -while (<NTPDATE>) { - #print if ($verbose); # noop - $msg = $_ unless ($msg); - $out .= "$_ "; - - if (/stratum\s(\d+)/) { - $stratum = $1; - } - - if (/(offset|adjust)\s+([-.\d]+)/i) { - $offset = $2; - - # An offset of 0.000000 with an error is probably bogus. Actually, - # it's probably always bogus, but let's be paranoid here. - # Has been reported that 0.0000 happens in a production environment - # on Solaris 8 so this check should be taken out - SF tracker 1150777 - if (defined $opt_O ) { - if ($offset == 0) { undef $offset;} - } - - $ntpdate_error = defined ($offset) ? $ERRORS{"OK"} : $ERRORS{"CRITICAL"}; - print "ntperr = $ntpdate_error \n" if $verbose; - - } - - if (/no server suitable for synchronization found/) { - if ($stratum == 16) { - $ntpdate_error = $ERRORS{"WARNING"}; - $msg = "Desynchronized peer server found"; - $ignoreret=1; - } - else { - $ntpdate_error = $ERRORS{"CRITICAL"}; - $msg = "No suitable peer server found - "; - } - } - -} -$out =~ s/\n//g; -close (NTPDATE) || - die $! ? "$out - Error closing $ntpdate pipe: $!" - : "$out - Exit status: $? from $ntpdate\n"; - -# declare an error if we also get a non-zero return code from ntpdate -# unless already set to critical -if ( $? && !$ignoreret ) { - print "stderr = $? : $! \n" if $verbose; - $ntpdate_error = $ntpdate_error == $ERRORS{"CRITICAL"} ? $ERRORS{"CRITICAL"} : $ERRORS{"UNKNOWN"} ; - print "ntperr = $ntpdate_error : $!\n" if $verbose; -} - -### -### -### Then scan xntpq/ntpq if it exists -### and look in the 11th column for jitter -### -# Field 1: Tally Code ( Space, 'x','.','-','+','#','*','o') -# Only match for '*' which implies sys.peer -# or 'o' which implies pps.peer -# If both exist, the last one is picked. -# Field 2: address of the remote peer -# Field 3: Refid of the clock (0.0.0.0 if unknown, WWWV/PPS/GPS/ACTS/USNO/PCS/... if Stratum1) -# Field 4: stratum (0-15) -# Field 5: Type of the peer: local (l), unicast (u), multicast (m) -# broadcast (b); not sure about multicast/broadcast -# Field 6: last packet receive (in seconds) -# Field 7: polling interval -# Field 8: reachability resgister (octal) -# Field 9: delay -# Field 10: offset -# Field 11: dispersion/jitter -# -# According to bug 773588 Some solaris xntpd implementations seemto match on -# "#" even though the docs say it exceeds maximum distance. Providing patch -# here which will generate a warining. - -if ($have_ntpq) { - - if ( open(NTPQ, $ntpq . " -np $host 2>&1 |") ) { - while (<NTPQ>) { - print $_ if ($verbose); - if ( /timed out/ ){ - $have_ntpq = 0 ; - last ; - } - # number of candidates on <host> for sys.peer - if (/^(\*|\+|\#|o])/) { - ++$candidate; - push (@candidates, $_); - print "Candidate count= $candidate\n" if ($verbose); - } - - # match sys.peer or pps.peer - if (/^(\*|o)(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s+(\S+)/) { - $syspeer = $2; - $stratum = $4; - $jitter = $11; - print "match $_ \n" if $verbose; - if ($jitter > $jcrit) { - print "Jitter_crit = $11 :$jcrit\n" if ($verbose); - $jitter_error = $ERRORS{'CRITICAL'}; - } elsif ($jitter > $jwarn ) { - print "Jitter_warn = $11 :$jwarn\n" if ($verbose); - $jitter_error = $ERRORS{'WARNING'}; - } else { - $jitter_error = $ERRORS{'OK'}; - } - } else { - print "No match!\n" if $verbose; - $jitter = '(not parsed)'; - } - - } - close NTPQ || - die $! ? "Error closing $ntpq pipe: $!" - : "Exit status: $? from $ntpq\n"; - - # if we did not match sys.peer or pps.peer but matched # candidates only - # generate a warning - # based on bug id 773588 - unless (defined $syspeer) { - if ($#candidates >=0) { - foreach my $c (@candidates) { - $c =~ /^(#)([-0-9.\s]+)\s+([-0-9A-Za-z_().]+)\s+([-0-9.]+)\s+([lumb-]+)\s+([-0-9m.]+)\s+([-0-9.]+)\s+([-0-9.]+)\s+([-0-9.]+)\s+([-0-9.]+)\s+([-0-9.]+)/; - $syspeer = $2; - $stratum = $4; - $jitter = $11; - print "candidate match $c \n" if $verbose; - if ($jitter > $jcrit) { - print "Candidate match - Jitter_crit = $11 :$jcrit\n" if ($verbose); - $jitter_error = $ERRORS{'CRITICAL'}; - }elsif ($jitter > $jwarn ) { - print "Candidate match - Jitter_warn = $11 :$jwarn \n" if ($verbose); - $jitter_error = $ERRORS{'WARNING'}; - } else { - $jitter_error = $ERRORS{'WARNING'}; - } - } - - } - } - } -} - - -if ($ntpdate_error != $ERRORS{'OK'}) { - $state = $ntpdate_error; - if ($ntpdate_error == $ERRORS{'WARNING'} ) { - $answer = $msg; - } - else { - $answer = $msg . "Server for ntp probably down"; - } - - if (defined($offset) && abs($offset) > $ocrit) { - $state = $ERRORS{'CRITICAL'}; - $answer = "Server Error and offset $offset sec > +/- $ocrit sec"; - } elsif (defined($offset) && abs($offset) > $owarn) { - $answer = "Server error and offset $offset sec > +/- $owarn sec"; - } elsif (defined($jitter) && abs($jitter) > $jcrit) { - $answer = "Server error and jitter $jitter msec > +/- $jcrit msec"; - } elsif (defined($jitter) && abs($jitter) > $jwarn) { - $answer = "Server error and jitter $jitter msec > +/- $jwarn msec"; - } - -} elsif ($have_ntpq && $jitter_error != $ERRORS{'OK'}) { - $state = $jitter_error; - $answer = "Jitter $jitter too high"; - if (defined($offset) && abs($offset) > $ocrit) { - $state = $ERRORS{'CRITICAL'}; - $answer = "Jitter error and offset $offset sec > +/- $ocrit sec"; - } elsif (defined($offset) && abs($offset) > $owarn) { - $answer = "Jitter error and offset $offset sec > +/- $owarn sec"; - } elsif (defined($jitter) && abs($jitter) > $jcrit) { - $answer = "Jitter error and jitter $jitter msec > +/- $jcrit msec"; - } elsif (defined($jitter) && abs($jitter) > $jwarn) { - $answer = "Jitter error and jitter $jitter msec > +/- $jwarn msec"; - } - -} elsif( !$have_ntpq ) { # no errors from ntpdate and no ntpq or ntpq timed out - if (abs($offset) > $ocrit) { - $state = $ERRORS{'CRITICAL'}; - $answer = "Offset $offset sec > +/- $ocrit sec"; - } elsif (abs($offset) > $owarn) { - $state = $ERRORS{'WARNING'}; - $answer = "Offset $offset sec > +/- $owarn sec"; - } elsif (( abs($offset) > $owarn) && $def_jitter ) { - $state = $ERRORS{'WARNING'}; - $answer = "Offset $offset sec > +/- $owarn sec, ntpq timed out"; - } elsif ( $def_jitter ) { - $state = $ERRORS{'WARNING'}; - $answer = "Offset $offset secs, ntpq timed out"; - } else{ - $state = $ERRORS{'OK'}; - $answer = "Offset $offset secs"; - } - - - -} else { # no errors from ntpdate or ntpq - if (abs($offset) > $ocrit) { - $state = $ERRORS{'CRITICAL'}; - $answer = "Offset $offset sec > +/- $ocrit sec, jitter $jitter msec"; - } elsif (abs($jitter) > $jcrit ) { - $state = $ERRORS{'CRITICAL'}; - $answer = "Jitter $jitter msec> +/- $jcrit msec, offset $offset sec"; - } elsif (abs($offset) > $owarn) { - $state = $ERRORS{'WARNING'}; - $answer = "Offset $offset sec > +/- $owarn sec, jitter $jitter msec"; - } elsif (abs($jitter) > $jwarn ) { - $state = $ERRORS{'WARNING'}; - $answer = "Jitter $jitter msec> +/- $jwarn msec, offset $offset sec"; - - } else { - $state = $ERRORS{'OK'}; - $answer = "Offset $offset secs, jitter $jitter msec, peer is stratum $stratum"; - } - -} - -foreach my $key (keys %ERRORS) { - if ($state==$ERRORS{$key}) { -# print ("NTP $key: $answer"); - print ("NTP $key: $answer|offset=$offset, jitter=" . $jitter/1000 . ",peer_stratum=$stratum\n"); - last; - } -} -exit $state; - - -#### -#### subs - -sub print_usage () { - print "Usage: $PROGNAME -H <host> [-46] [-O] [-w <warn>] [-c <crit>] [-j <warn>] [-k <crit>] [-v verbose]\n"; -} - -sub print_help () { - print_revision($PROGNAME,'@NP_VERSION@'); - print "Copyright (c) 2003 Bo Kersey/Karl DeBisschop\n"; - print "\n"; - print_usage(); - print " -Checks the local timestamp offset versus <host> with ntpdate -Checks the jitter/dispersion of clock signal between <host> and its sys.peer with ntpq\n --O (--zero-offset) - A zero offset on \"ntpdate\" will generate a CRITICAL.\n --w (--warning) - Clock offset in seconds at which a warning message will be generated.\n Defaults to $DEFAULT_OFFSET_WARN. --c (--critical) - Clock offset in seconds at which a critical message will be generated.\n Defaults to $DEFAULT_OFFSET_CRIT. --j (--jwarn) - Clock jitter in milliseconds at which a warning message will be generated.\n Defaults to $DEFAULT_JITTER_WARN. --k (--jcrit) - Clock jitter in milliseconds at which a critical message will be generated.\n Defaults to $DEFAULT_JITTER_CRIT. - - If jitter/dispersion is specified with -j or -k and ntpq times out, then a - warning is returned.\n --4 (--use-ipv4) - Use IPv4 connection --6 (--use-ipv6) - Use IPv6 connection -\n"; -support(); -} diff --git a/plugins/Makefile.am b/plugins/Makefile.am index 41906c53..0ddf9bd1 100644 --- a/plugins/Makefile.am +++ b/plugins/Makefile.am @@ -71,7 +71,7 @@ check_apt_LDADD = $(BASEOBJS) check_cluster_LDADD = $(BASEOBJS) check_dbi_LDADD = $(NETLIBS) $(DBILIBS) check_dig_LDADD = $(NETLIBS) -check_disk_LDADD = $(BASEOBJS) $(THREADLIBS) +check_disk_LDADD = $(BASEOBJS) check_dns_LDADD = $(NETLIBS) check_dummy_LDADD = $(BASEOBJS) check_fping_LDADD = $(NETLIBS) diff --git a/plugins/check_by_ssh.c b/plugins/check_by_ssh.c index 04bce38d..13d8bc3b 100644 --- a/plugins/check_by_ssh.c +++ b/plugins/check_by_ssh.c @@ -100,6 +100,13 @@ main (int argc, char **argv) result = cmd_run_array (commargv, &chld_out, &chld_err, 0); + if (verbose) { + for(i = 0; i < chld_out.lines; i++) + printf("stdout: %s\n", chld_out.line[i]); + for(i = 0; i < chld_err.lines; i++) + printf("stderr: %s\n", chld_err.line[i]); + } + if (skip_stdout == -1) /* --skip-stdout specified without argument */ skip_stdout = chld_out.lines; if (skip_stderr == -1) /* --skip-stderr specified without argument */ diff --git a/plugins/check_dig.c b/plugins/check_dig.c index db4b20eb..da4f0ded 100644 --- a/plugins/check_dig.c +++ b/plugins/check_dig.c @@ -48,7 +48,7 @@ void print_usage (void); #define UNDEFINED 0 #define DEFAULT_PORT 53 -#define DEFAULT_TRIES 3 +#define DEFAULT_TRIES 2 char *query_address = NULL; char *record_type = "A"; @@ -94,7 +94,7 @@ main (int argc, char **argv) timeout_interval_dig = timeout_interval / number_tries + number_tries; /* get the command to run */ - xasprintf (&command_line, "%s %s %s -p %d @%s %s %s +tries=%d +time=%d", + xasprintf (&command_line, "%s %s %s -p %d @%s %s %s +retry=%d +time=%d", PATH_TO_DIG, dig_args, query_transport, server_port, dns_server, query_address, record_type, number_tries, timeout_interval_dig); alarm (timeout_interval); @@ -125,7 +125,7 @@ main (int argc, char **argv) if (verbose) printf ("%s\n", chld_out.line[i]); - if (strstr (chld_out.line[i], (expected_address == NULL ? query_address : expected_address)) != NULL) { + if (strcasestr (chld_out.line[i], (expected_address == NULL ? query_address : expected_address)) != NULL) { msg = chld_out.line[i]; result = STATE_OK; diff --git a/plugins/check_disk.c b/plugins/check_disk.c index 9693bad3..4b5ba5fe 100644 --- a/plugins/check_disk.c +++ b/plugins/check_disk.c @@ -51,9 +51,6 @@ const char *email = "devel@monitoring-plugins.org"; # include <limits.h> #endif #include "regex.h" -#if HAVE_PTHREAD_H -# include <pthread.h> -#endif #ifdef __CYGWIN__ # include <windows.h> @@ -61,9 +58,6 @@ const char *email = "devel@monitoring-plugins.org"; # define ERROR -1 #endif -/* If nonzero, show inode information. */ -static int inode_format = 1; - /* If nonzero, show even filesystems with zero size or uninteresting types. */ static int show_all_fs = 1; @@ -133,7 +127,6 @@ void print_help (void); void print_usage (void); double calculate_percent(uintmax_t, uintmax_t); void stat_path (struct parameter_list *p); -void *do_stat_path (void *p); void get_stats (struct parameter_list *p, struct fs_usage *fsp); void get_path_stats (struct parameter_list *p, struct fs_usage *fsp); @@ -172,6 +165,7 @@ main (int argc, char **argv) int result = STATE_UNKNOWN; int disk_result = STATE_UNKNOWN; char *output; + char *ko_output; char *details; char *perf; char *preamble; @@ -182,7 +176,7 @@ main (int argc, char **argv) int temp_result; struct mount_entry *me; - struct fs_usage fsp, tmpfsp; + struct fs_usage fsp; struct parameter_list *temp_list, *path; #ifdef __CYGWIN__ @@ -191,6 +185,7 @@ main (int argc, char **argv) preamble = strdup (" - free space:"); output = strdup (""); + ko_output = strdup (""); details = strdup (""); perf = strdup (""); stat_buf = malloc(sizeof *stat_buf); @@ -355,9 +350,6 @@ main (int argc, char **argv) TRUE, 0, TRUE, path->dtotal_units)); - if (disk_result==STATE_OK && erronly && !verbose) - continue; - if(disk_result && verbose >= 1) { xasprintf(&flag_header, " %s [", state_text (disk_result)); } else { @@ -383,15 +375,27 @@ main (int argc, char **argv) (unsigned long)w_df, (unsigned long)c_df, w_dfp, c_dfp); */ + /* OS: #1420 save all not ok paths to different output, but only in case of error only option */ + if (disk_result!=STATE_OK && erronly) { + xasprintf (&ko_output, "%s%s %s %.0f %s (%.0f%%", + ko_output, flag_header, + (!strcmp(me->me_mountdir, "none") || display_mntp) ? me->me_devname : me->me_mountdir, + path->dfree_units, + units, + path->dfree_pct); + } + } + /* OS: #1420 only show offending paths if error only option is set, but show all paths if everything is ok */ + output = (erronly && result!=STATE_OK) ? ko_output : output; } if (verbose >= 2) xasprintf (&output, "%s%s", output, details); - printf ("DISK %s%s%s|%s\n", state_text (result), (erronly && result==STATE_OK) ? "" : preamble, output, perf); + printf ("DISK %s%s%s|%s\n", state_text (result), preamble, output, perf); return result; } @@ -427,9 +431,7 @@ process_arguments (int argc, char **argv) int c, err; struct parameter_list *se; struct parameter_list *temp_list = NULL, *previous = NULL; - struct parameter_list *temp_path_select_list = NULL; - struct mount_entry *me, *temp_me; - int result = OK; + struct mount_entry *me; regex_t re; int cflags = REG_NOSUB | REG_EXTENDED; int default_cflags = cflags; @@ -972,44 +974,6 @@ print_usage (void) void stat_path (struct parameter_list *p) { -#ifdef HAVE_PTHREAD_H - pthread_t stat_thread; - int statdone = 0; - int timer = timeout_interval; - struct timespec req, rem; - - req.tv_sec = 0; - pthread_create(&stat_thread, NULL, do_stat_path, p); - while (timer-- > 0) { - req.tv_nsec = 10000000; - nanosleep(&req, &rem); - if (pthread_kill(stat_thread, 0)) { - statdone = 1; - break; - } else { - req.tv_nsec = 990000000; - nanosleep(&req, &rem); - } - } - if (statdone == 1) { - pthread_join(stat_thread, NULL); - } else { - pthread_detach(stat_thread); - if (verbose >= 3) - printf("stat did not return within %ds on %s\n", timeout_interval, p->name); - printf("DISK %s - ", _("CRITICAL")); - die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("hangs"), _("Timeout")); - } -#else - do_stat_path(p); -#endif -} - -void * -do_stat_path (void *in) -{ - struct parameter_list *p = in; - /* Stat entry to check that dir exists and is accessible */ if (verbose >= 3) printf("calling stat on %s\n", p->name); @@ -1019,7 +983,6 @@ do_stat_path (void *in) printf("DISK %s - ", _("CRITICAL")); die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("is not accessible"), strerror(errno)); } - return NULL; } diff --git a/plugins/check_dns.c b/plugins/check_dns.c index d6bd2c0f..54ce7d16 100644 --- a/plugins/check_dns.c +++ b/plugins/check_dns.c @@ -81,7 +81,6 @@ main (int argc, char **argv) double elapsed_time; long microsec; struct timeval tv; - int multi_address; int parse_address = FALSE; /* This flag scans for Address: but only after Name: */ output chld_out, chld_err; size_t i; @@ -127,7 +126,7 @@ main (int argc, char **argv) if (verbose) puts(chld_out.line[i]); - if (strstr (chld_out.line[i], ".in-addr.arpa")) { + if (strcasestr (chld_out.line[i], ".in-addr.arpa")) { if ((temp_buffer = strstr (chld_out.line[i], "name = "))) addresses[n_addresses++] = strdup (temp_buffer + 7); else { @@ -249,11 +248,6 @@ main (int argc, char **argv) elapsed_time = (double)microsec / 1.0e6; if (result == STATE_OK) { - if (strchr (address, ',') == NULL) - multi_address = FALSE; - else - multi_address = TRUE; - result = get_status(elapsed_time, time_thresholds); if (result == STATE_OK) { printf ("DNS %s: ", _("OK")); diff --git a/plugins/check_http.c b/plugins/check_http.c index 68b470ce..e5ef7cc4 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c @@ -91,10 +91,12 @@ struct timeval tv_temp; int specify_port = FALSE; int server_port = HTTP_PORT; +int virtual_port = 0; char server_port_text[6] = ""; char server_type[6] = "http"; char *server_address; char *host_name; +int host_name_length; char *server_url; char *user_agent; int server_url_length; @@ -343,9 +345,20 @@ process_arguments (int argc, char **argv) parameters, like -S and -C combinations */ use_ssl = TRUE; if (c=='S' && optarg != NULL) { - ssl_version = atoi(optarg); - if (ssl_version < 1 || ssl_version > 3) - usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2) or 3 (SSLv3)")); + int got_plus = strchr(optarg, '+') != NULL; + + if (!strncmp (optarg, "1.2", 3)) + ssl_version = got_plus ? MP_TLSv1_2_OR_NEWER : MP_TLSv1_2; + else if (!strncmp (optarg, "1.1", 3)) + ssl_version = got_plus ? MP_TLSv1_1_OR_NEWER : MP_TLSv1_1; + else if (optarg[0] == '1') + ssl_version = got_plus ? MP_TLSv1_OR_NEWER : MP_TLSv1; + else if (optarg[0] == '3') + ssl_version = got_plus ? MP_SSLv3_OR_NEWER : MP_SSLv3; + else if (optarg[0] == '2') + ssl_version = got_plus ? MP_SSLv2_OR_NEWER : MP_SSLv2; + else + usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)")); } if (specify_port == FALSE) server_port = HTTPS_PORT; @@ -380,11 +393,25 @@ process_arguments (int argc, char **argv) case 'H': /* Host Name (virtual host) */ host_name = strdup (optarg); if (host_name[0] == '[') { - if ((p = strstr (host_name, "]:")) != NULL) /* [IPv6]:port */ - server_port = atoi (p + 2); + if ((p = strstr (host_name, "]:")) != NULL) { /* [IPv6]:port */ + virtual_port = atoi (p + 2); + /* cut off the port */ + host_name_length = strlen (host_name) - strlen (p) - 1; + free (host_name); + host_name = strndup (optarg, host_name_length); + if (specify_port == FALSE) + server_port = virtual_port; + } } else if ((p = strchr (host_name, ':')) != NULL - && strchr (++p, ':') == NULL) /* IPv4:port or host:port */ - server_port = atoi (p); + && strchr (++p, ':') == NULL) { /* IPv4:port or host:port */ + virtual_port = atoi (p); + /* cut off the port */ + host_name_length = strlen (host_name) - strlen (p) - 1; + free (host_name); + host_name = strndup (optarg, host_name_length); + if (specify_port == FALSE) + server_port = virtual_port; + } break; case 'I': /* Server IP-address */ server_address = strdup (optarg); @@ -539,9 +566,12 @@ process_arguments (int argc, char **argv) if (http_method == NULL) http_method = strdup ("GET"); - if (client_cert && !client_privkey) + if (client_cert && !client_privkey) usage4 (_("If you use a client certificate you must also specify a private key file")); + if (virtual_port == 0) + virtual_port = server_port; + return TRUE; } @@ -911,8 +941,8 @@ check_http (void) elapsed_time_ssl = (double)microsec_ssl / 1.0e6; if (check_cert == TRUE) { result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); - np_net_ssl_cleanup(); if (sd) close(sd); + np_net_ssl_cleanup(); return result; } } @@ -947,13 +977,13 @@ check_http (void) * 14.23). Some server applications/configurations cause trouble if the * (default) port is explicitly specified in the "Host:" header line. */ - if ((use_ssl == FALSE && server_port == HTTP_PORT) || - (use_ssl == TRUE && server_port == HTTPS_PORT) || + if ((use_ssl == FALSE && virtual_port == HTTP_PORT) || + (use_ssl == TRUE && virtual_port == HTTPS_PORT) || (server_address != NULL && strcmp(http_method, "CONNECT") == 0 && host_name != NULL && use_ssl == TRUE)) xasprintf (&buf, "%sHost: %s\r\n", buf, host_name); else - xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, server_port); + xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, virtual_port); } } @@ -1011,6 +1041,10 @@ check_http (void) microsec_firstbyte = deltime (tv_temp); elapsed_time_firstbyte = (double)microsec_firstbyte / 1.0e6; } + while (pos = memchr(buffer, '\0', i)) { + /* replace nul character with a blank */ + *pos = ' '; + } buffer[i] = '\0'; xasprintf (&full_page_new, "%s%s", full_page, buffer); free (full_page); @@ -1052,10 +1086,10 @@ check_http (void) die (STATE_CRITICAL, _("HTTP CRITICAL - No data received from host\n")); /* close the connection */ + if (sd) close(sd); #ifdef HAVE_SSL np_net_ssl_cleanup(); #endif - if (sd) close(sd); /* Save check time */ microsec = deltime (tv); @@ -1410,6 +1444,9 @@ redir (char *pos, char *status_line) MAX_PORT, server_type, server_address, server_port, server_url, display_html ? "</A>" : ""); + /* reset virtual port */ + virtual_port = server_port; + if (verbose) printf (_("Redirection to %s://%s:%d%s\n"), server_type, host_name ? host_name : server_address, server_port, server_url); @@ -1442,32 +1479,32 @@ char *perfd_time (double elapsed_time) return fperfdata ("time", elapsed_time, "s", thlds->warning?TRUE:FALSE, thlds->warning?thlds->warning->end:0, thlds->critical?TRUE:FALSE, thlds->critical?thlds->critical->end:0, - TRUE, 0, FALSE, 0); + TRUE, 0, TRUE, socket_timeout); } char *perfd_time_connect (double elapsed_time_connect) { - return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0); + return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout); } char *perfd_time_ssl (double elapsed_time_ssl) { - return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0); + return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout); } char *perfd_time_headers (double elapsed_time_headers) { - return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0); + return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout); } char *perfd_time_firstbyte (double elapsed_time_firstbyte) { - return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0); + return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout); } char *perfd_time_transfer (double elapsed_time_transfer) { - return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0); + return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout); } char *perfd_size (int page_len) @@ -1514,9 +1551,10 @@ print_help (void) printf (UT_IPv46); #ifdef HAVE_SSL - printf (" %s\n", "-S, --ssl=VERSION"); + printf (" %s\n", "-S, --ssl=VERSION[+]"); printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents")); - printf (" %s\n", _("auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3).")); + printf (" %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,")); + printf (" %s\n", _("1.2 = TLSv1.2). With a '+' suffix, newer versions are also accepted.")); printf (" %s\n", "--sni"); printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); diff --git a/plugins/check_ide_smart.c b/plugins/check_ide_smart.c index 8d540ca1..46621318 100644 --- a/plugins/check_ide_smart.c +++ b/plugins/check_ide_smart.c @@ -166,7 +166,6 @@ enum SmartCommand char *get_offline_text (int); int smart_read_values (int, values_t *); -int values_not_passed (values_t *, thresholds_t *); int nagios (values_t *, thresholds_t *); void print_value (value_t *, threshold_t *); void print_values (values_t *, thresholds_t *); @@ -340,31 +339,6 @@ smart_read_values (int fd, values_t * values) int -values_not_passed (values_t * p, thresholds_t * t) -{ - value_t * value = p->values; - threshold_t * threshold = t->thresholds; - int failed = 0; - int passed = 0; - int i; - for (i = 0; i < NR_ATTRIBUTES; i++) { - if (value->id && threshold->id && value->id == threshold->id) { - if (value->value < threshold->threshold) { - ++failed; - } - else { - ++passed; - } - } - ++value; - ++threshold; - } - return (passed ? -failed : 2); -} - - - -int nagios (values_t * p, thresholds_t * t) { value_t * value = p->values; diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c index e70d6a51..66be4b46 100644 --- a/plugins/check_ldap.c +++ b/plugins/check_ldap.c @@ -483,7 +483,7 @@ print_help (void) printf (" %s\n", "-W [--warn-entries]"); printf (" %s\n", _("Number of found entries to result in warning status")); - printf (" %s\n", "-W [--crit-entries]"); + printf (" %s\n", "-C [--crit-entries]"); printf (" %s\n", _("Number of found entries to result in critical status")); printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); diff --git a/plugins/check_load.c b/plugins/check_load.c index a96435f4..b1cc498f 100644 --- a/plugins/check_load.c +++ b/plugins/check_load.c @@ -160,7 +160,7 @@ main (int argc, char **argv) sscanf (input_buffer, "%*[^l]load averages: %lf, %lf, %lf", &la1, &la5, &la15); } else { - printf (_("could not parse load from uptime: %s\n"), result, PATH_TO_UPTIME); + printf (_("could not parse load from uptime %s: %s\n"), PATH_TO_UPTIME, result); return STATE_UNKNOWN; } diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c index 75efc289..5ac6c65b 100644 --- a/plugins/check_ntp.c +++ b/plugins/check_ntp.c @@ -297,7 +297,7 @@ void setup_request(ntp_message *p){ * this is done by filtering servers based on stratum, dispersion, and * finally round-trip delay. */ int best_offset_server(const ntp_server_results *slist, int nservers){ - int i=0, cserver=0, best_server=-1; + int cserver=0, best_server=-1; /* for each server */ for(cserver=0; cserver<nservers; cserver++){ @@ -356,7 +356,7 @@ int best_offset_server(const ntp_server_results *slist, int nservers){ * we have to do it in a way that our lazy macros don't handle currently :( */ double offset_request(const char *host, int *status){ int i=0, j=0, ga_result=0, num_hosts=0, *socklist=NULL, respnum=0; - int servers_completed=0, one_written=0, one_read=0, servers_readable=0, best_index=-1; + int servers_completed=0, one_read=0, servers_readable=0, best_index=-1; time_t now_time=0, start_ts=0; ntp_message *req=NULL; double avg_offset=0.; @@ -421,7 +421,6 @@ double offset_request(const char *host, int *status){ * been touched in the past second or so and is still lacking * some responses. for each of these servers, send a new request, * and update the "waiting" timestamp with the current time. */ - one_written=0; now_time=time(NULL); for(i=0; i<num_hosts; i++){ @@ -431,7 +430,6 @@ double offset_request(const char *host, int *status){ setup_request(&req[i]); write(socklist[i], &req[i], sizeof(ntp_message)); servers[i].waiting=now_time; - one_written=1; break; } } diff --git a/plugins/check_ntp_time.c b/plugins/check_ntp_time.c index 295f86f6..391b2df2 100644 --- a/plugins/check_ntp_time.c +++ b/plugins/check_ntp_time.c @@ -244,7 +244,7 @@ void setup_request(ntp_message *p){ * this is done by filtering servers based on stratum, dispersion, and * finally round-trip delay. */ int best_offset_server(const ntp_server_results *slist, int nservers){ - int i=0, cserver=0, best_server=-1; + int cserver=0, best_server=-1; /* for each server */ for(cserver=0; cserver<nservers; cserver++){ @@ -303,7 +303,7 @@ int best_offset_server(const ntp_server_results *slist, int nservers){ * we have to do it in a way that our lazy macros don't handle currently :( */ double offset_request(const char *host, int *status){ int i=0, j=0, ga_result=0, num_hosts=0, *socklist=NULL, respnum=0; - int servers_completed=0, one_written=0, one_read=0, servers_readable=0, best_index=-1; + int servers_completed=0, one_read=0, servers_readable=0, best_index=-1; time_t now_time=0, start_ts=0; ntp_message *req=NULL; double avg_offset=0.; @@ -368,7 +368,6 @@ double offset_request(const char *host, int *status){ * been touched in the past second or so and is still lacking * some responses. For each of these servers, send a new request, * and update the "waiting" timestamp with the current time. */ - one_written=0; now_time=time(NULL); for(i=0; i<num_hosts; i++){ @@ -378,7 +377,6 @@ double offset_request(const char *host, int *status){ setup_request(&req[i]); write(socklist[i], &req[i], sizeof(ntp_message)); servers[i].waiting=now_time; - one_written=1; break; } } @@ -635,7 +633,7 @@ void print_help(void){ printf("%s\n", _("Notes:")); printf(" %s\n", _("If you'd rather want to monitor an NTP server, please use")); printf(" %s\n", _("check_ntp_peer.")); - printf(" %s\n", _("--time-offset is usefull for compensating for servers with known")); + printf(" %s\n", _("--time-offset is useful for compensating for servers with known")); printf(" %s\n", _("and expected clock skew.")); printf("\n"); printf(UT_THRESHOLDS_NOTES); diff --git a/plugins/check_radius.c b/plugins/check_radius.c index 03cbb8b0..b3b8c829 100644 --- a/plugins/check_radius.c +++ b/plugins/check_radius.c @@ -36,7 +36,9 @@ const char *email = "devel@monitoring-plugins.org"; #include "utils.h" #include "netutils.h" -#if defined(HAVE_LIBFREERADIUS_CLIENT) +#if defined(HAVE_LIBRADCLI) +#include <radcli/radcli.h> +#elif defined(HAVE_LIBFREERADIUS_CLIENT) #include <freeradius-client.h> #elif defined(HAVE_LIBRADIUSCLIENT_NG) #include <radiusclient-ng.h> @@ -48,22 +50,24 @@ int process_arguments (int, char **); void print_help (void); void print_usage (void); -#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) +#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) || defined(HAVE_LIBRADCLI) #define my_rc_conf_str(a) rc_conf_str(rch,a) +#if defined(HAVE_LIBRADCLI) +#define my_rc_send_server(a,b) rc_send_server(rch,a,b,AUTH) +#else #define my_rc_send_server(a,b) rc_send_server(rch,a,b) -#ifdef HAVE_LIBFREERADIUS_CLIENT +#endif +#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADCLI) #define my_rc_buildreq(a,b,c,d,e,f) rc_buildreq(rch,a,b,c,d,(a)->secret,e,f) #else #define my_rc_buildreq(a,b,c,d,e,f) rc_buildreq(rch,a,b,c,d,e,f) #endif -#define my_rc_own_ipaddress() rc_own_ipaddress(rch) #define my_rc_avpair_add(a,b,c,d) rc_avpair_add(rch,a,b,c,-1,d) #define my_rc_read_dictionary(a) rc_read_dictionary(rch, a) #else #define my_rc_conf_str(a) rc_conf_str(a) #define my_rc_send_server(a,b) rc_send_server(a, b) #define my_rc_buildreq(a,b,c,d,e,f) rc_buildreq(a,b,c,d,e,f) -#define my_rc_own_ipaddress() rc_own_ipaddress() #define my_rc_avpair_add(a,b,c,d) rc_avpair_add(a, b, c, d) #define my_rc_read_dictionary(a) rc_read_dictionary(a) #endif @@ -76,7 +80,7 @@ void print_usage (void); int my_rc_read_config(char *); -#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) +#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) || defined(HAVE_LIBRADCLI) rc_handle *rch = NULL; #endif @@ -90,7 +94,6 @@ char *config_file = NULL; unsigned short port = PW_AUTH_UDP_PORT; int retries = 1; int verbose = FALSE; -ENV *env = NULL; /****************************************************************************** @@ -150,6 +153,8 @@ Please note that all tags must be lowercase to use the DocBook XML DTD. int main (int argc, char **argv) { + struct sockaddr_storage ss; + char name[HOST_NAME_MAX]; char msg[BUFFER_LEN]; SEND_DATA data; int result = STATE_UNKNOWN; @@ -185,15 +190,14 @@ main (int argc, char **argv) die (STATE_UNKNOWN, _("Invalid NAS-Identifier\n")); } - if (nasipaddress != NULL) { - if (rc_good_ipaddr (nasipaddress)) - die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n")); - if ((client_id = rc_get_ipaddr(nasipaddress)) == 0) - die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n")); - } else { - if ((client_id = my_rc_own_ipaddress ()) == 0) - die (STATE_UNKNOWN, _("Can't find local IP for NAS-IP-Address\n")); + if (nasipaddress == NULL) { + if (gethostname (name, sizeof(name)) != 0) + die (STATE_UNKNOWN, _("gethostname() failed!\n")); + nasipaddress = name; } + if (!dns_lookup (nasipaddress, &ss, AF_INET)) /* TODO: Support IPv6. */ + die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n")); + client_id = ntohl (((struct sockaddr_in *)&ss)->sin_addr.s_addr); if (my_rc_avpair_add (&(data.send_pairs), PW_NAS_IP_ADDRESS, &client_id, 0) == NULL) die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n")); @@ -399,7 +403,7 @@ print_usage (void) int my_rc_read_config(char * a) { -#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) +#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) || defined(HAVE_LIBRADCLI) rch = rc_read_config(a); return (rch == NULL) ? 1 : 0; #else diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c index 56040ff2..587a7245 100644 --- a/plugins/check_smtp.c +++ b/plugins/check_smtp.c @@ -59,10 +59,6 @@ enum { #define SMTP_STARTTLS "STARTTLS\r\n" #define SMTP_AUTH_LOGIN "AUTH LOGIN\r\n" -#ifndef HOST_MAX_BYTES -#define HOST_MAX_BYTES 255 -#endif - #define EHLO_SUPPORTS_STARTTLS 1 int process_arguments (int, char **); @@ -231,7 +227,7 @@ main (int argc, char **argv) send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0); recvlines(buffer, MAX_INPUT_BUFFER); /* wait for it */ - if (!strstr (buffer, server_expect)) { + if (!strstr (buffer, SMTP_EXPECT)) { printf (_("Server does not support STARTTLS\n")); smtp_quit(); return STATE_UNKNOWN; @@ -239,8 +235,8 @@ main (int argc, char **argv) result = np_net_ssl_init(sd); if(result != STATE_OK) { printf (_("CRITICAL - Cannot create SSL context.\n")); - np_net_ssl_cleanup(); close(sd); + np_net_ssl_cleanup(); return STATE_CRITICAL; } else { ssl_established = 1; @@ -276,6 +272,7 @@ main (int argc, char **argv) # ifdef USE_OPENSSL if ( check_cert ) { result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); + smtp_quit(); my_close(); return result; } @@ -581,11 +578,6 @@ process_arguments (int argc, char **argv) usage4 (_("Timeout interval must be a positive integer")); } break; - case 'S': - /* starttls */ - use_ssl = TRUE; - use_ehlo = TRUE; - break; case 'D': /* Check SSL cert validity */ #ifdef USE_OPENSSL @@ -607,9 +599,14 @@ process_arguments (int argc, char **argv) days_till_exp_warn = atoi (optarg); } check_cert = TRUE; + ignore_send_quit_failure = TRUE; #else usage (_("SSL support not available - install OpenSSL and recompile")); #endif + case 'S': + /* starttls */ + use_ssl = TRUE; + use_ehlo = TRUE; break; case '4': address_family = AF_INET; @@ -763,10 +760,12 @@ recvlines(char *buf, size_t bufsize) int my_close (void) { + int result; + result = close(sd); #ifdef HAVE_SSL - np_net_ssl_cleanup(); + np_net_ssl_cleanup(); #endif - return close(sd); + return result; } diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c index 28cc44dd..da9638c4 100644 --- a/plugins/check_snmp.c +++ b/plugins/check_snmp.c @@ -41,7 +41,6 @@ const char *email = "devel@monitoring-plugins.org"; #define DEFAULT_PORT "161" #define DEFAULT_MIBLIST "ALL" #define DEFAULT_PROTOCOL "1" -#define DEFAULT_TIMEOUT 1 #define DEFAULT_RETRIES 5 #define DEFAULT_AUTH_PROTOCOL "MD5" #define DEFAULT_PRIV_PROTOCOL "DES" @@ -153,7 +152,7 @@ state_data *previous_state; double *previous_value; size_t previous_size = OID_COUNT_STEP; int perf_labels = 1; - +char* ip_version = ""; static char *fix_snmp_range(char *th) { @@ -227,7 +226,7 @@ main (int argc, char **argv) outbuff = strdup (""); delimiter = strdup (" = "); output_delim = strdup (DEFAULT_OUTPUT_DELIMITER); - timeout_interval = DEFAULT_TIMEOUT; + timeout_interval = DEFAULT_SOCKET_TIMEOUT; retries = DEFAULT_RETRIES; np_init( (char *) progname, argc, argv ); @@ -681,6 +680,8 @@ process_arguments (int argc, char **argv) {"offset", required_argument, 0, L_OFFSET}, {"invert-search", no_argument, 0, L_INVERT_SEARCH}, {"perf-oids", no_argument, 0, 'O'}, + {"ipv4", no_argument, 0, '4'}, + {"ipv6", no_argument, 0, '6'}, {0, 0, 0, 0} }; @@ -698,7 +699,7 @@ process_arguments (int argc, char **argv) } while (1) { - c = getopt_long (argc, argv, "nhvVOt:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:", + c = getopt_long (argc, argv, "nhvVO46t:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:", longopts, &option); if (c == -1 || c == EOF) @@ -923,6 +924,13 @@ process_arguments (int argc, char **argv) case 'O': perf_labels=0; break; + case '4': + break; + case '6': + xasprintf(&ip_version, "udp6:"); + if(verbose>2) + printf("IPv6 detected! Will pass \"udp6:\" to snmpget.\n"); + break; } } @@ -1128,6 +1136,7 @@ print_help (void) printf (UT_HELP_VRSN); printf (UT_EXTRA_OPTS); + printf (UT_IPv46); printf (UT_HOST_PORT, 'p', DEFAULT_PORT); @@ -1246,5 +1255,5 @@ print_usage (void) printf ("[-C community] [-s string] [-r regex] [-R regexi] [-t timeout] [-e retries]\n"); printf ("[-l label] [-u units] [-p port-number] [-d delimiter] [-D output-delimiter]\n"); printf ("[-m miblist] [-P snmp version] [-N context] [-L seclevel] [-U secname]\n"); - printf ("[-a authproto] [-A authpasswd] [-x privproto] [-X privpasswd]\n"); + printf ("[-a authproto] [-A authpasswd] [-x privproto] [-X privpasswd] [-4|6]\n"); } diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c index 6dc9aa96..61333bd7 100644 --- a/plugins/check_tcp.c +++ b/plugins/check_tcp.c @@ -247,8 +247,8 @@ main (int argc, char **argv) } } if(result != STATE_OK){ - np_net_ssl_cleanup(); if(sd) close(sd); + np_net_ssl_cleanup(); return result; } #endif /* HAVE_SSL */ @@ -321,10 +321,10 @@ main (int argc, char **argv) if (server_quit != NULL) { my_send(server_quit, strlen(server_quit)); } + if (sd) close (sd); #ifdef HAVE_SSL np_net_ssl_cleanup(); #endif - if (sd) close (sd); microsec = deltime (tv); elapsed_time = (double)microsec / 1.0e6; diff --git a/plugins/check_ups.c b/plugins/check_ups.c index dc5a348b..e9e56a51 100644 --- a/plugins/check_ups.c +++ b/plugins/check_ups.c @@ -242,8 +242,8 @@ main (int argc, char **argv) } xasprintf (&data, "%s %s", data, perfdata ("battery", (long)ups_battery_percent, "%", - check_warn, (long)(1000*warning_value), - check_crit, (long)(1000*critical_value), + check_warn, (long)(warning_value), + check_crit, (long)(critical_value), TRUE, 0, TRUE, 100)); } else { xasprintf (&data, "%s %s", data, @@ -271,8 +271,8 @@ main (int argc, char **argv) } xasprintf (&data, "%s %s", data, perfdata ("load", (long)ups_load_percent, "%", - check_warn, (long)(1000*warning_value), - check_crit, (long)(1000*critical_value), + check_warn, (long)(warning_value), + check_crit, (long)(critical_value), TRUE, 0, TRUE, 100)); } else { xasprintf (&data, "%s %s", data, @@ -308,8 +308,8 @@ main (int argc, char **argv) } xasprintf (&data, "%s %s", data, perfdata ("temp", (long)ups_temperature, tunits, - check_warn, (long)(1000*warning_value), - check_crit, (long)(1000*critical_value), + check_warn, (long)(warning_value), + check_crit, (long)(critical_value), TRUE, 0, FALSE, 0)); } else { xasprintf (&data, "%s %s", data, diff --git a/plugins/check_users.c b/plugins/check_users.c index 54415a48..f6f4b362 100644 --- a/plugins/check_users.c +++ b/plugins/check_users.c @@ -54,15 +54,15 @@ int process_arguments (int, char **); void print_help (void); void print_usage (void); -int wusers = -1; -int cusers = -1; +char *warning_range = NULL; +char *critical_range = NULL; +thresholds *thlds = NULL; int main (int argc, char **argv) { int users = -1; int result = STATE_UNKNOWN; - char *perf; #if HAVE_WTSAPI32_H WTS_SESSION_INFO *wtsinfo; DWORD wtscount; @@ -77,8 +77,6 @@ main (int argc, char **argv) bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); - perf = strdup (""); - /* Parse extra opts if any */ argv = np_extra_opts (&argc, argv, progname); @@ -160,23 +158,15 @@ main (int argc, char **argv) #endif /* check the user count against warning and critical thresholds */ - if (users > cusers) - result = STATE_CRITICAL; - else if (users > wusers) - result = STATE_WARNING; - else if (users >= 0) - result = STATE_OK; + result = get_status((double)users, thlds); if (result == STATE_UNKNOWN) printf ("%s\n", _("Unable to read output")); else { - xasprintf (&perf, "%s", perfdata ("users", users, "", - TRUE, wusers, - TRUE, cusers, - TRUE, 0, - FALSE, 0)); - printf (_("USERS %s - %d users currently logged in |%s\n"), state_text (result), - users, perf); + printf (_("USERS %s - %d users currently logged in |%s\n"), + state_text(result), users, + sperfdata_int("users", users, "", warning_range, + critical_range, TRUE, 0, FALSE, 0)); } return result; @@ -215,33 +205,27 @@ process_arguments (int argc, char **argv) print_revision (progname, NP_VERSION); exit (STATE_UNKNOWN); case 'c': /* critical */ - if (!is_intnonneg (optarg)) - usage4 (_("Critical threshold must be a positive integer")); - else - cusers = atoi (optarg); + critical_range = optarg; break; case 'w': /* warning */ - if (!is_intnonneg (optarg)) - usage4 (_("Warning threshold must be a positive integer")); - else - wusers = atoi (optarg); + warning_range = optarg; break; } } c = optind; - if (wusers == -1 && argc > c) { - if (is_intnonneg (argv[c]) == FALSE) - usage4 (_("Warning threshold must be a positive integer")); - else - wusers = atoi (argv[c++]); - } - if (cusers == -1 && argc > c) { - if (is_intnonneg (argv[c]) == FALSE) - usage4 (_("Warning threshold must be a positive integer")); - else - cusers = atoi (argv[c]); - } + if (warning_range == NULL && argc > c) + warning_range = argv[c++]; + if (critical_range == NULL && argc > c) + critical_range = argv[c++]; + + /* this will abort in case of invalid ranges */ + set_thresholds (&thlds, warning_range, critical_range); + + if (thlds->warning->end < 0) + usage4 (_("Warning threshold must be a positive integer")); + if (thlds->critical->end < 0) + usage4 (_("Critical threshold must be a positive integer")); return OK; } diff --git a/plugins/common.h b/plugins/common.h index 01003b3b..8719b502 100644 --- a/plugins/common.h +++ b/plugins/common.h @@ -161,6 +161,13 @@ # endif #endif +/* openssl 1.1 does not set OPENSSL_NO_SSL2 by default but ships without ssl2 */ +#ifdef OPENSSL_VERSION_NUMBER +# if OPENSSL_VERSION_NUMBER >= 0x10100000 +# define OPENSSL_NO_SSL2 +# endif +#endif + /* * * Standard Values diff --git a/plugins/negate.c b/plugins/negate.c index beaed1ea..b320e356 100644 --- a/plugins/negate.c +++ b/plugins/negate.c @@ -59,8 +59,8 @@ static int state[4] = { int main (int argc, char **argv) { - int found = 0, result = STATE_UNKNOWN; - char *buf, *sub; + int result = STATE_UNKNOWN; + char *sub; char **command_line; output chld_out, chld_err; int i; diff --git a/plugins/netutils.c b/plugins/netutils.c index 705aaf09..1bb4f076 100644 --- a/plugins/netutils.c +++ b/plugins/netutils.c @@ -359,20 +359,21 @@ is_addr (const char *address) } int -resolve_host_or_addr (const char *address, int family) +dns_lookup (const char *in, struct sockaddr_storage *ss, int family) { struct addrinfo hints; struct addrinfo *res; int retval; - memset (&hints, 0, sizeof (hints)); + memset (&hints, 0, sizeof(struct addrinfo)); hints.ai_family = family; - retval = getaddrinfo (address, NULL, &hints, &res); + retval = getaddrinfo (in, NULL, &hints, &res); if (retval != 0) return FALSE; - else { - freeaddrinfo (res); - return TRUE; - } + + if (ss != NULL) + memcpy (ss, res->ai_addr, res->ai_addrlen); + freeaddrinfo (res); + return TRUE; } diff --git a/plugins/netutils.h b/plugins/netutils.h index c6fce901..d7ee0ddd 100644 --- a/plugins/netutils.h +++ b/plugins/netutils.h @@ -45,6 +45,10 @@ # endif /* UNIX_PATH_MAX */ #endif /* HAVE_SYS_UN_H */ +#ifndef HOST_MAX_BYTES +# define HOST_MAX_BYTES 255 +#endif + /* process_request and wrapper macros */ #define process_tcp_request(addr, port, sbuf, rbuf, rsize) \ process_request(addr, port, IPPROTO_TCP, sbuf, rbuf, rsize) @@ -71,8 +75,9 @@ int send_request (int sd, int proto, const char *send_buffer, char *recv_buffer, /* "is_*" wrapper macros and functions */ int is_host (const char *); int is_addr (const char *); -int resolve_host_or_addr (const char *, int); +int dns_lookup (const char *, struct sockaddr_storage *, int); void host_or_die(const char *str); +#define resolve_host_or_addr(addr, family) dns_lookup(addr, NULL, family) #define is_inet_addr(addr) resolve_host_or_addr(addr, AF_INET) #ifdef USE_IPV6 # define is_inet6_addr(addr) resolve_host_or_addr(addr, AF_INET6) @@ -91,6 +96,16 @@ RETSIGTYPE socket_timeout_alarm_handler (int) __attribute__((noreturn)); /* SSL-Related functionality */ #ifdef HAVE_SSL +# define MP_SSLv2 1 +# define MP_SSLv3 2 +# define MP_TLSv1 3 +# define MP_TLSv1_1 4 +# define MP_TLSv1_2 5 +# define MP_SSLv2_OR_NEWER 6 +# define MP_SSLv3_OR_NEWER 7 +# define MP_TLSv1_OR_NEWER 8 +# define MP_TLSv1_1_OR_NEWER 9 +# define MP_TLSv1_2_OR_NEWER 10 /* maybe this could be merged with the above np_net_connect, via some flags */ int np_net_ssl_init(int sd); int np_net_ssl_init_with_hostname(int sd, char *host_name); diff --git a/plugins/sslutils.c b/plugins/sslutils.c index c9882c69..b412ef3d 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c @@ -49,28 +49,78 @@ int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int versi int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int version, char *cert, char *privkey) { SSL_METHOD *method = NULL; + long options = 0; switch (version) { - case 0: /* Deafult to auto negotiation */ - method = SSLv23_client_method(); - break; - case 1: /* TLSv1 protocol */ - method = TLSv1_client_method(); - break; - case 2: /* SSLv2 protocol */ + case MP_SSLv2: /* SSLv2 protocol */ #if defined(USE_GNUTLS) || defined(OPENSSL_NO_SSL2) - printf(("%s\n", _("CRITICAL - SSL protocol version 2 is not supported by your SSL library."))); - return STATE_CRITICAL; + printf("%s\n", _("UNKNOWN - SSL protocol version 2 is not supported by your SSL library.")); + return STATE_UNKNOWN; #else method = SSLv2_client_method(); -#endif break; - case 3: /* SSLv3 protocol */ +#endif + case MP_SSLv3: /* SSLv3 protocol */ +#if defined(OPENSSL_NO_SSL3) + printf("%s\n", _("UNKNOWN - SSL protocol version 3 is not supported by your SSL library.")); + return STATE_UNKNOWN; +#else method = SSLv3_client_method(); break; - default: /* Unsupported */ - printf("%s\n", _("CRITICAL - Unsupported SSL protocol version.")); - return STATE_CRITICAL; +#endif + case MP_TLSv1: /* TLSv1 protocol */ +#if defined(OPENSSL_NO_TLS1) + printf("%s\n", _("UNKNOWN - TLS protocol version 1 is not supported by your SSL library.")); + return STATE_UNKNOWN; +#else + method = TLSv1_client_method(); + break; +#endif + case MP_TLSv1_1: /* TLSv1.1 protocol */ +#if !defined(SSL_OP_NO_TLSv1_1) + printf("%s\n", _("UNKNOWN - TLS protocol version 1.1 is not supported by your SSL library.")); + return STATE_UNKNOWN; +#else + method = TLSv1_1_client_method(); + break; +#endif + case MP_TLSv1_2: /* TLSv1.2 protocol */ +#if !defined(SSL_OP_NO_TLSv1_2) + printf("%s\n", _("UNKNOWN - TLS protocol version 1.2 is not supported by your SSL library.")); + return STATE_UNKNOWN; +#else + method = TLSv1_2_client_method(); + break; +#endif + case MP_TLSv1_2_OR_NEWER: +#if !defined(SSL_OP_NO_TLSv1_1) + printf("%s\n", _("UNKNOWN - Disabling TLSv1.1 is not supported by your SSL library.")); + return STATE_UNKNOWN; +#else + options |= SSL_OP_NO_TLSv1_1; +#endif + /* FALLTHROUGH */ + case MP_TLSv1_1_OR_NEWER: +#if !defined(SSL_OP_NO_TLSv1) + printf("%s\n", _("UNKNOWN - Disabling TLSv1 is not supported by your SSL library.")); + return STATE_UNKNOWN; +#else + options |= SSL_OP_NO_TLSv1; +#endif + /* FALLTHROUGH */ + case MP_TLSv1_OR_NEWER: +#if defined(SSL_OP_NO_SSLv3) + options |= SSL_OP_NO_SSLv3; +#endif + /* FALLTHROUGH */ + case MP_SSLv3_OR_NEWER: +#if defined(SSL_OP_NO_SSLv2) + options |= SSL_OP_NO_SSLv2; +#endif + case MP_SSLv2_OR_NEWER: + /* FALLTHROUGH */ + default: /* Default to auto negotiation */ + method = SSLv23_client_method(); } if (!initialized) { /* Initialize SSL context */ @@ -94,8 +144,9 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int #endif } #ifdef SSL_OP_NO_TICKET - SSL_CTX_set_options(c, SSL_OP_NO_TICKET); + options |= SSL_OP_NO_TICKET; #endif + SSL_CTX_set_options(c, options); SSL_CTX_set_mode(c, SSL_MODE_AUTO_RETRY); if ((s = SSL_new(c)) != NULL) { #ifdef SSL_set_tlsext_host_name @@ -146,6 +197,7 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ X509_NAME *subj=NULL; char timestamp[50] = ""; char cn[MAX_CN_LENGTH]= ""; + char *tz; int cnlen =-1; int status=STATE_UNKNOWN; @@ -213,10 +265,18 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ (tm->data[10 + offset] - '0') * 10 + (tm->data[11 + offset] - '0'); stamp.tm_isdst = -1; - time_left = difftime(timegm(&stamp), time(NULL)); + tm_t = timegm(&stamp); + time_left = difftime(tm_t, time(NULL)); days_left = time_left / 86400; - tm_t = mktime (&stamp); - strftime(timestamp, 50, "%c", localtime(&tm_t)); + tz = getenv("TZ"); + setenv("TZ", "GMT", 1); + tzset(); + strftime(timestamp, 50, "%c %z", localtime(&tm_t)); + if (tz) + setenv("TZ", tz, 1); + else + unsetenv("TZ"); + tzset(); if (days_left > 0 && days_left <= days_till_exp_warn) { printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, days_left, timestamp); diff --git a/plugins/t/NPTest.cache.travis b/plugins/t/NPTest.cache.travis index fe8aabdb..5d9c5ff7 100644 --- a/plugins/t/NPTest.cache.travis +++ b/plugins/t/NPTest.cache.travis @@ -11,7 +11,7 @@ 'NP_HOST_NONRESPONSIVE' => '10.0.0.1', 'NP_HOST_RESPONSIVE' => 'localhost', 'NP_HOST_SMB' => '', - 'NP_HOST_SNMP' => '', + 'NP_HOST_SNMP' => 'localhost', 'NP_HOST_TCP_FTP' => '', 'NP_HOST_TCP_HPJD' => '', 'NP_HOST_HPJD_PORT_INVALID' => '161', @@ -39,7 +39,7 @@ 'NP_SMB_SHARE_SPC' => '', 'NP_SMB_VALID_USER' => '', 'NP_SMB_VALID_USER_PASS' => '', - 'NP_SNMP_COMMUNITY' => '', + 'NP_SNMP_COMMUNITY' => 'public', 'NP_SSH_CONFIGFILE' => '~/.ssh/config', 'NP_SSH_HOST' => 'localhost', 'NP_SSH_IDENTITY' => '~/.ssh/id_dsa', diff --git a/plugins/t/check_http.t b/plugins/t/check_http.t index c2caec60..5a90f02a 100644 --- a/plugins/t/check_http.t +++ b/plugins/t/check_http.t @@ -9,7 +9,7 @@ use Test::More; use POSIX qw/mktime strftime/; use NPTest; -plan tests => 42; +plan tests => 49; my $successOutput = '/OK.*HTTP.*second/'; @@ -64,6 +64,32 @@ cmp_ok( $res->return_code, '==', 2, "Webserver $hostname_invalid not valid" ); # Is also possible to get a socket timeout if DNS is not responding fast enough like( $res->output, "/Unable to open TCP socket|Socket timeout after/", "Output OK"); +# host header checks +$res = NPTest->testCmd("./check_http -v -H $host_tcp_http"); +like( $res->output, '/^Host: '.$host_tcp_http.'\s*$/ms', "Host Header OK" ); + +$res = NPTest->testCmd("./check_http -v -H $host_tcp_http -p 80"); +like( $res->output, '/^Host: '.$host_tcp_http.'\s*$/ms', "Host Header OK" ); + +$res = NPTest->testCmd("./check_http -v -H $host_tcp_http:8080 -p 80"); +like( $res->output, '/^Host: '.$host_tcp_http.':8080\s*$/ms', "Host Header OK" ); + +$res = NPTest->testCmd("./check_http -v -H $host_tcp_http:8080 -p 80"); +like( $res->output, '/^Host: '.$host_tcp_http.':8080\s*$/ms', "Host Header OK" ); + +SKIP: { + skip "No internet access", 3 if $internet_access eq "no"; + + $res = NPTest->testCmd("./check_http -v -H www.verisign.com -S"); + like( $res->output, '/^Host: www.verisign.com\s*$/ms', "Host Header OK" ); + + $res = NPTest->testCmd("./check_http -v -H www.verisign.com:8080 -S -p 443"); + like( $res->output, '/^Host: www.verisign.com:8080\s*$/ms', "Host Header OK" ); + + $res = NPTest->testCmd("./check_http -v -H www.verisign.com:443 -S -p 443"); + like( $res->output, '/^Host: www.verisign.com\s*$/ms', "Host Header OK" ); +}; + SKIP: { skip "No host serving monitoring in index file", 7 unless $host_tcp_http2; @@ -121,9 +147,9 @@ SKIP: { $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./check_http -C 1 www.verisign.com"); like($res->output, qr/OK - Certificate 'www.verisign.com' will expire on/, "Catch cert output"); is( $res->return_code, 0, "Catch cert output exit code" ); - my($mon,$day,$hour,$min,$sec,$year) = ($res->output =~ /(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)\s+(\d+)\./); + my($mon,$day,$hour,$min,$sec,$year) = ($res->output =~ /(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)\s+(\d+)/); if(!defined $year) { - die("parsing date failed from: ".$res); + die("parsing date failed from: ".$res->output); } my $months = {'Jan' => 0, 'Feb' => 1, 'Mar' => 2, 'Apr' => 3, 'May' => 4, 'Jun' => 5, 'Jul' => 6, 'Aug' => 7, 'Sep' => 8, 'Oct' => 9, 'Nov' => 10, 'Dec' => 11}; my $ts = mktime($sec, $min, $hour, $day, $months->{$mon}, $year-1900); @@ -154,7 +180,7 @@ SKIP: { like ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' ); $res = NPTest->testCmd( - "./check_http --ssl www.e-paycobalt.com" + "./check_http --ssl -H www.e-paycobalt.com" ); cmp_ok( $res->return_code, "==", 0, "Can read https for www.e-paycobalt.com (uses AES certificate)" ); diff --git a/plugins/t/check_snmp.t b/plugins/t/check_snmp.t index 2d6c44a7..eff46ea1 100644 --- a/plugins/t/check_snmp.t +++ b/plugins/t/check_snmp.t @@ -10,7 +10,7 @@ use NPTest; BEGIN { plan skip_all => 'check_snmp is not compiled' unless -x "./check_snmp"; - plan tests => 61; + plan tests => 63; } my $res; @@ -45,7 +45,7 @@ is( $res->return_code, 3, "Invalid protocol" ); like( $res->output, "/check_snmp: Invalid SNMP version - 3c/" ); SKIP: { - skip "no snmp host defined", 48 if ( ! $host_snmp ); + skip "no snmp host defined", 50 if ( ! $host_snmp ); $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0 -w 1: -c 1:"); cmp_ok( $res->return_code, '==', 0, "Exit OK when querying uptime" ); @@ -153,6 +153,10 @@ SKIP: { $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0"); cmp_ok( $res->return_code, '==', 0, "Timetick used as a string"); like($res->output, '/^SNMP OK - Timeticks:\s\(\d+\)\s+(?:\d+ days?,\s+)?\d+:\d+:\d+\.\d+\s.*$/', "Timetick used as a string, result printed rather than parsed"); + + $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o HOST-RESOURCES-MIB::hrSWRunParameters.1"); + cmp_ok( $res->return_code, '==', 0, "Timetick used as a string"); + is( $res->output, 'SNMP OK - "" | ', "snmp response without datatype" ); } SKIP: { @@ -166,8 +170,8 @@ SKIP: { SKIP: { skip "no non responsive host defined", 2 if ( ! $host_nonresponsive ); $res = NPTest->testCmd( "./check_snmp -H $host_nonresponsive -C np_foobar -o system.sysUpTime.0 -w 1: -c 1:"); - cmp_ok( $res->return_code, '==', 3, "Exit UNKNOWN with non responsive host" ); - like($res->output, '/External command error: Timeout: No Response from /', "String matches timeout problem"); + cmp_ok( $res->return_code, '==', 2, "Exit CRITICAL with non responsive host" ); + like($res->output, '/Plugin timed out while executing system call/', "String matches timeout problem"); } SKIP: { diff --git a/plugins/t/check_users.t b/plugins/t/check_users.t index 39044bb5..088f3b52 100644 --- a/plugins/t/check_users.t +++ b/plugins/t/check_users.t @@ -13,7 +13,7 @@ use Test; use NPTest; use vars qw($tests); -BEGIN {$tests = 4; plan tests => $tests} +BEGIN {$tests = 8; plan tests => $tests} my $successOutput = '/^USERS OK - [0-9]+ users currently logged in/'; my $failureOutput = '/^USERS CRITICAL - [0-9]+ users currently logged in/'; @@ -22,6 +22,8 @@ my $t; $t += checkCmd( "./check_users 1000 1000", 0, $successOutput ); $t += checkCmd( "./check_users 0 0", 2, $failureOutput ); +$t += checkCmd( "./check_users -w 0:1000 -c 0:1000", 0, $successOutput ); +$t += checkCmd( "./check_users -w 0:0 -c 0:0", 2, $failureOutput ); exit(0) if defined($Test::Harness::VERSION); exit($tests - $t); diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t index e72d243a..1bc0ecb7 100755 --- a/plugins/tests/check_http.t +++ b/plugins/tests/check_http.t @@ -17,6 +17,8 @@ use Test::More; use NPTest; use FindBin qw($Bin); +$ENV{'LC_TIME'} = "C"; + my $common_tests = 70; my $ssl_only_tests = 8; # Check that all dependent modules are available @@ -186,21 +188,21 @@ SKIP: { $result = NPTest->testCmd( "$command -p $port_https -S -C 14" ); is( $result->return_code, 0, "$command -p $port_https -S -C 14" ); - is( $result->output, 'OK - Certificate \'Ton Voon\' will expire on Sun Mar 3 21:41:28 2019.', "output ok" ); + is( $result->output, 'OK - Certificate \'Ton Voon\' will expire on Sun Mar 3 21:41:28 2019 +0000.', "output ok" ); $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" ); is( $result->return_code, 1, "$command -p $port_https -S -C 14000" ); - like( $result->output, '/WARNING - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar 3 21:41:28 2019\)./', "output ok" ); + like( $result->output, '/WARNING - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar 3 21:41:28 2019 \+0000\)./', "output ok" ); # Expired cert tests $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" ); is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" ); - like( $result->output, '/CRITICAL - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar 3 21:41:28 2019\)./', "output ok" ); + like( $result->output, '/CRITICAL - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar 3 21:41:28 2019 \+0000\)./', "output ok" ); $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" ); is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" ); is( $result->output, - 'CRITICAL - Certificate \'Ton Voon\' expired on Thu Mar 5 00:13:16 2009.', + 'CRITICAL - Certificate \'Ton Voon\' expired on Thu Mar 5 00:13:16 2009 +0000.', "output ok" ); } diff --git a/plugins/utils.c b/plugins/utils.c index a864e4aa..231af92b 100644 --- a/plugins/utils.c +++ b/plugins/utils.c @@ -668,3 +668,44 @@ char *sperfdata (const char *label, return data; } + +char *sperfdata_int (const char *label, + int val, + const char *uom, + char *warn, + char *crit, + int minp, + int minv, + int maxp, + int maxv) +{ + char *data = NULL; + if (strpbrk (label, "'= ")) + xasprintf (&data, "'%s'=", label); + else + xasprintf (&data, "%s=", label); + + xasprintf (&data, "%s%d", data, val); + xasprintf (&data, "%s%s;", data, uom); + + if (warn!=NULL) + xasprintf (&data, "%s%s", data, warn); + + xasprintf (&data, "%s;", data); + + if (crit!=NULL) + xasprintf (&data, "%s%s", data, crit); + + xasprintf (&data, "%s;", data); + + if (minp) + xasprintf (&data, "%s%d", data, minv); + + if (maxp) { + xasprintf (&data, "%s;", data); + xasprintf (&data, "%s%d", data, maxv); + } + + return data; +} + diff --git a/plugins/utils.h b/plugins/utils.h index 4c4aaccc..a436e1ca 100644 --- a/plugins/utils.h +++ b/plugins/utils.h @@ -94,29 +94,17 @@ const char *state_text (int); #define max(a,b) (((a)>(b))?(a):(b)) #define min(a,b) (((a)<(b))?(a):(b)) -char *perfdata (const char *, - long int, - const char *, - int, - long int, - int, - long int, - int, - long int, - int, - long int); - -char *fperfdata (const char *, - double, - const char *, - int, - double, - int, - double, - int, - double, - int, - double); +char *perfdata (const char *, long int, const char *, int, long int, + int, long int, int, long int, int, long int); + +char *fperfdata (const char *, double, const char *, int, double, + int, double, int, double, int, double); + +char *sperfdata (const char *, double, const char *, char *, char *, + int, double, int, double); + +char *sperfdata_int (const char *, int, const char *, char *, char *, + int, int, int, int); /* The idea here is that, although not every plugin will use all of these, most will or should. Therefore, for consistency, these very common |