diff options
Diffstat (limited to 'plugins')
52 files changed, 661 insertions, 305 deletions
diff --git a/plugins/Makefile.am b/plugins/Makefile.am index 41906c53..0ddf9bd1 100644 --- a/plugins/Makefile.am +++ b/plugins/Makefile.am @@ -71,7 +71,7 @@ check_apt_LDADD = $(BASEOBJS) check_cluster_LDADD = $(BASEOBJS) check_dbi_LDADD = $(NETLIBS) $(DBILIBS) check_dig_LDADD = $(NETLIBS) -check_disk_LDADD = $(BASEOBJS) $(THREADLIBS) +check_disk_LDADD = $(BASEOBJS) check_dns_LDADD = $(NETLIBS) check_dummy_LDADD = $(BASEOBJS) check_fping_LDADD = $(NETLIBS) diff --git a/plugins/check_apt.c b/plugins/check_apt.c index 8747f904..a639a411 100644 --- a/plugins/check_apt.c +++ b/plugins/check_apt.c @@ -160,10 +160,10 @@ int process_arguments (int argc, char **argv) { switch(c) { case 'h': print_help(); - exit(STATE_OK); + exit(STATE_UNKNOWN); case 'V': print_revision(progname, NP_VERSION); - exit(STATE_OK); + exit(STATE_UNKNOWN); case 'v': verbose++; break; diff --git a/plugins/check_by_ssh.c b/plugins/check_by_ssh.c index a877f888..13d8bc3b 100644 --- a/plugins/check_by_ssh.c +++ b/plugins/check_by_ssh.c @@ -100,6 +100,13 @@ main (int argc, char **argv) result = cmd_run_array (commargv, &chld_out, &chld_err, 0); + if (verbose) { + for(i = 0; i < chld_out.lines; i++) + printf("stdout: %s\n", chld_out.line[i]); + for(i = 0; i < chld_err.lines; i++) + printf("stderr: %s\n", chld_err.line[i]); + } + if (skip_stdout == -1) /* --skip-stdout specified without argument */ skip_stdout = chld_out.lines; if (skip_stderr == -1) /* --skip-stderr specified without argument */ @@ -209,10 +216,10 @@ process_arguments (int argc, char **argv) switch (c) { case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'v': /* help */ verbose = TRUE; break; diff --git a/plugins/check_cluster.c b/plugins/check_cluster.c index cf699e1f..b86e501d 100644 --- a/plugins/check_cluster.c +++ b/plugins/check_cluster.c @@ -200,7 +200,7 @@ int process_arguments(int argc, char **argv){ case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); break; case 'H': /* help */ diff --git a/plugins/check_dbi.c b/plugins/check_dbi.c index a3d033f4..826eb8d9 100644 --- a/plugins/check_dbi.c +++ b/plugins/check_dbi.c @@ -368,10 +368,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'c': /* critical range */ critical_range = optarg; diff --git a/plugins/check_dig.c b/plugins/check_dig.c index d899b119..473d4b97 100644 --- a/plugins/check_dig.c +++ b/plugins/check_dig.c @@ -125,7 +125,7 @@ main (int argc, char **argv) if (verbose) printf ("%s\n", chld_out.line[i]); - if (strstr (chld_out.line[i], (expected_address == NULL ? query_address : expected_address)) != NULL) { + if (strcasestr (chld_out.line[i], (expected_address == NULL ? query_address : expected_address)) != NULL) { msg = chld_out.line[i]; result = STATE_OK; @@ -223,10 +223,10 @@ process_arguments (int argc, char **argv) switch (c) { case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'H': /* hostname */ host_or_die(optarg); dns_server = optarg; diff --git a/plugins/check_disk.c b/plugins/check_disk.c index eb573f5f..874a0ee0 100644 --- a/plugins/check_disk.c +++ b/plugins/check_disk.c @@ -51,9 +51,6 @@ const char *email = "devel@monitoring-plugins.org"; # include <limits.h> #endif #include "regex.h" -#if HAVE_PTHREAD_H -# include <pthread.h> -#endif #ifdef __CYGWIN__ # include <windows.h> @@ -133,7 +130,6 @@ void print_help (void); void print_usage (void); double calculate_percent(uintmax_t, uintmax_t); void stat_path (struct parameter_list *p); -void *do_stat_path (void *p); void get_stats (struct parameter_list *p, struct fs_usage *fsp); void get_path_stats (struct parameter_list *p, struct fs_usage *fsp); @@ -766,10 +762,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case '?': /* help */ usage (_("Unknown argument")); } @@ -972,44 +968,6 @@ print_usage (void) void stat_path (struct parameter_list *p) { -#ifdef HAVE_PTHREAD_H - pthread_t stat_thread; - int statdone = 0; - int timer = timeout_interval; - struct timespec req, rem; - - req.tv_sec = 0; - pthread_create(&stat_thread, NULL, do_stat_path, p); - while (timer-- > 0) { - req.tv_nsec = 10000000; - nanosleep(&req, &rem); - if (pthread_kill(stat_thread, 0)) { - statdone = 1; - break; - } else { - req.tv_nsec = 990000000; - nanosleep(&req, &rem); - } - } - if (statdone == 1) { - pthread_join(stat_thread, NULL); - } else { - pthread_detach(stat_thread); - if (verbose >= 3) - printf("stat did not return within %ds on %s\n", timeout_interval, p->name); - printf("DISK %s - ", _("CRITICAL")); - die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("hangs"), _("Timeout")); - } -#else - do_stat_path(p); -#endif -} - -void * -do_stat_path (void *in) -{ - struct parameter_list *p = in; - /* Stat entry to check that dir exists and is accessible */ if (verbose >= 3) printf("calling stat on %s\n", p->name); @@ -1019,7 +977,6 @@ do_stat_path (void *in) printf("DISK %s - ", _("CRITICAL")); die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("is not accessible"), strerror(errno)); } - return NULL; } diff --git a/plugins/check_dns.c b/plugins/check_dns.c index 22121226..54ce7d16 100644 --- a/plugins/check_dns.c +++ b/plugins/check_dns.c @@ -81,7 +81,6 @@ main (int argc, char **argv) double elapsed_time; long microsec; struct timeval tv; - int multi_address; int parse_address = FALSE; /* This flag scans for Address: but only after Name: */ output chld_out, chld_err; size_t i; @@ -127,7 +126,7 @@ main (int argc, char **argv) if (verbose) puts(chld_out.line[i]); - if (strstr (chld_out.line[i], ".in-addr.arpa")) { + if (strcasestr (chld_out.line[i], ".in-addr.arpa")) { if ((temp_buffer = strstr (chld_out.line[i], "name = "))) addresses[n_addresses++] = strdup (temp_buffer + 7); else { @@ -249,11 +248,6 @@ main (int argc, char **argv) elapsed_time = (double)microsec / 1.0e6; if (result == STATE_OK) { - if (strchr (address, ',') == NULL) - multi_address = FALSE; - else - multi_address = TRUE; - result = get_status(elapsed_time, time_thresholds); if (result == STATE_OK) { printf ("DNS %s: ", _("OK")); @@ -395,10 +389,10 @@ process_arguments (int argc, char **argv) switch (c) { case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'v': /* version */ verbose = TRUE; break; diff --git a/plugins/check_dummy.c b/plugins/check_dummy.c index 3ed68717..212a1344 100644 --- a/plugins/check_dummy.c +++ b/plugins/check_dummy.c @@ -52,11 +52,11 @@ main (int argc, char **argv) usage4 (_("Could not parse arguments")); else if (strcmp (argv[1], "-V") == 0 || strcmp (argv[1], "--version") == 0) { print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); } else if (strcmp (argv[1], "-h") == 0 || strcmp (argv[1], "--help") == 0) { print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); } else if (!is_integer (argv[1])) usage4 (_("Arguments to check_dummy must be an integer")); diff --git a/plugins/check_fping.c b/plugins/check_fping.c index 46046b4f..da1ce1a6 100644 --- a/plugins/check_fping.c +++ b/plugins/check_fping.c @@ -105,7 +105,7 @@ main (int argc, char **argv) xasprintf(&option_string, "%s-I %s ", option_string, sourceif); #ifdef PATH_TO_FPING6 - if (address_family == AF_INET6) + if (address_family != AF_INET && is_inet6_addr(server)) fping_prog = strdup(PATH_TO_FPING6); else fping_prog = strdup(PATH_TO_FPING); @@ -314,10 +314,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'v': /* verbose mode */ verbose = TRUE; break; diff --git a/plugins/check_game.c b/plugins/check_game.c index 29e59e2f..709dae1b 100644 --- a/plugins/check_game.c +++ b/plugins/check_game.c @@ -196,10 +196,10 @@ process_arguments (int argc, char **argv) switch (c) { case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'v': /* version */ verbose = TRUE; break; diff --git a/plugins/check_hpjd.c b/plugins/check_hpjd.c index 5fe06984..f159f5a2 100644 --- a/plugins/check_hpjd.c +++ b/plugins/check_hpjd.c @@ -350,10 +350,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case '?': /* help */ usage5 (); } diff --git a/plugins/check_http.c b/plugins/check_http.c index 51679975..2038f4a1 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c @@ -267,11 +267,11 @@ process_arguments (int argc, char **argv) break; case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); break; case 't': /* timeout period */ if (!is_intnonneg (optarg)) @@ -343,9 +343,20 @@ process_arguments (int argc, char **argv) parameters, like -S and -C combinations */ use_ssl = TRUE; if (c=='S' && optarg != NULL) { - ssl_version = atoi(optarg); - if (ssl_version < 1 || ssl_version > 3) - usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2) or 3 (SSLv3)")); + int got_plus = strchr(optarg, '+') != NULL; + + if (!strncmp (optarg, "1.2", 3)) + ssl_version = got_plus ? MP_TLSv1_2_OR_NEWER : MP_TLSv1_2; + else if (!strncmp (optarg, "1.1", 3)) + ssl_version = got_plus ? MP_TLSv1_1_OR_NEWER : MP_TLSv1_1; + else if (optarg[0] == '1') + ssl_version = got_plus ? MP_TLSv1_OR_NEWER : MP_TLSv1; + else if (optarg[0] == '3') + ssl_version = got_plus ? MP_SSLv3_OR_NEWER : MP_SSLv3; + else if (optarg[0] == '2') + ssl_version = got_plus ? MP_SSLv2_OR_NEWER : MP_SSLv2; + else + usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)")); } if (specify_port == FALSE) server_port = HTTPS_PORT; @@ -869,17 +880,42 @@ check_http (void) double elapsed_time_transfer = 0.0; int page_len = 0; int result = STATE_OK; + char *force_host_header = NULL; /* try to connect to the host at the given port number */ gettimeofday (&tv_temp, NULL); if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK) die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); microsec_connect = deltime (tv_temp); + + /* if we are called with the -I option, the -j method is CONNECT and */ + /* we received -S for SSL, then we tunnel the request through a proxy*/ + /* @20100414, public[at]frank4dd.com, http://www.frank4dd.com/howto */ + + if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0 + && host_name != NULL && use_ssl == TRUE) { + + if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT); + asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent); + asprintf (&buf, "%sProxy-Connection: keep-alive\r\n", buf); + asprintf (&buf, "%sHost: %s\r\n", buf, host_name); + /* we finished our request, send empty line with CRLF */ + asprintf (&buf, "%s%s", buf, CRLF); + if (verbose) printf ("%s\n", buf); + send(sd, buf, strlen (buf), 0); + buf[0]='\0'; + + if (verbose) printf ("Receive response from proxy\n"); + read (sd, buffer, MAX_INPUT_BUFFER-1); + if (verbose) printf ("%s", buffer); + /* Here we should check if we got HTTP/1.1 200 Connection established */ + } #ifdef HAVE_SSL elapsed_time_connect = (double)microsec_connect / 1.0e6; if (use_ssl == TRUE) { gettimeofday (&tv_temp, NULL); result = np_net_ssl_init_with_hostname_version_and_cert(sd, (use_sni ? host_name : NULL), ssl_version, client_cert, client_privkey); + if (verbose) printf ("SSL initialized\n"); if (result != STATE_OK) die (STATE_CRITICAL, NULL); microsec_ssl = deltime (tv_temp); @@ -893,29 +929,51 @@ check_http (void) } #endif /* HAVE_SSL */ - xasprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent); + if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0 + && host_name != NULL && use_ssl == TRUE) + asprintf (&buf, "%s %s %s\r\n%s\r\n", "GET", server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent); + else + asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent); /* tell HTTP/1.1 servers not to keep the connection alive */ xasprintf (&buf, "%sConnection: close\r\n", buf); + /* check if Host header is explicitly set in options */ + if (http_opt_headers_count) { + for (i = 0; i < http_opt_headers_count ; i++) { + if (strncmp(http_opt_headers[i], "Host:", 5) == 0) { + force_host_header = http_opt_headers[i]; + } + } + } + /* optionally send the host header info */ if (host_name) { - /* - * Specify the port only if we're using a non-default port (see RFC 2616, - * 14.23). Some server applications/configurations cause trouble if the - * (default) port is explicitly specified in the "Host:" header line. - */ - if ((use_ssl == FALSE && server_port == HTTP_PORT) || - (use_ssl == TRUE && server_port == HTTPS_PORT)) - xasprintf (&buf, "%sHost: %s\r\n", buf, host_name); - else - xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, server_port); + if (force_host_header) { + xasprintf (&buf, "%s%s\r\n", buf, force_host_header); + } + else { + /* + * Specify the port only if we're using a non-default port (see RFC 2616, + * 14.23). Some server applications/configurations cause trouble if the + * (default) port is explicitly specified in the "Host:" header line. + */ + if ((use_ssl == FALSE && server_port == HTTP_PORT) || + (use_ssl == TRUE && server_port == HTTPS_PORT) || + (server_address != NULL && strcmp(http_method, "CONNECT") == 0 + && host_name != NULL && use_ssl == TRUE)) + xasprintf (&buf, "%sHost: %s\r\n", buf, host_name); + else + xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, server_port); + } } /* optionally send any other header tag */ if (http_opt_headers_count) { for (i = 0; i < http_opt_headers_count ; i++) { - xasprintf (&buf, "%s%s\r\n", buf, http_opt_headers[i]); + if (force_host_header != http_opt_headers[i]) { + xasprintf (&buf, "%s%s\r\n", buf, http_opt_headers[i]); + } } /* This cannot be free'd here because a redirection will then try to access this and segfault */ /* Covered in a testcase in tests/check_http.t */ @@ -1467,9 +1525,10 @@ print_help (void) printf (UT_IPv46); #ifdef HAVE_SSL - printf (" %s\n", "-S, --ssl=VERSION"); + printf (" %s\n", "-S, --ssl=VERSION[+]"); printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents")); - printf (" %s\n", _("auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3).")); + printf (" %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,")); + printf (" %s\n", _("1.2 = TLSv1.2). With a '+' suffix, newer versions are also accepted.")); printf (" %s\n", "--sni"); printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); @@ -1496,7 +1555,7 @@ print_help (void) printf (" %s\n", _("URL to GET or POST (default: /)")); printf (" %s\n", "-P, --post=STRING"); printf (" %s\n", _("URL encoded http POST data")); - printf (" %s\n", "-j, --method=STRING (for example: HEAD, OPTIONS, TRACE, PUT, DELETE)"); + printf (" %s\n", "-j, --method=STRING (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT)"); printf (" %s\n", _("Set HTTP method.")); printf (" %s\n", "-N, --no-body"); printf (" %s\n", _("Don't wait for document body: stop reading after headers.")); @@ -1570,7 +1629,7 @@ print_help (void) printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 14 days,")); printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when")); - printf (" %s\n", _("the certificate is expired.")); + printf (" %s\n\n", _("the certificate is expired.")); printf ("\n"); printf (" %s\n\n", "CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14"); printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,")); @@ -1578,6 +1637,13 @@ print_help (void) printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned.")); printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days")); + printf (" %s\n\n", "CHECK SSL WEBSERVER CONTENT VIA PROXY USING HTTP 1.1 CONNECT: "); + printf (" %s\n", _("check_http -I 192.168.100.35 -p 80 -u https://www.verisign.com/ -S -j CONNECT -H www.verisign.com ")); + printf (" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>")); + printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds")); + printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,")); + printf (" %s\n", _("a STATE_CRITICAL will be returned.")); + #endif printf (UT_SUPPORT); diff --git a/plugins/check_ide_smart.c b/plugins/check_ide_smart.c index 47605e96..8d540ca1 100644 --- a/plugins/check_ide_smart.c +++ b/plugins/check_ide_smart.c @@ -234,10 +234,10 @@ main (int argc, char *argv[]) break; case 'h': print_help (); - return STATE_OK; + return STATE_UNKNOWN; case 'V': print_revision (progname, NP_VERSION); - return STATE_OK; + return STATE_UNKNOWN; default: usage5 (); } @@ -249,7 +249,7 @@ main (int argc, char *argv[]) if (!device) { print_help (); - return STATE_OK; + return STATE_UNKNOWN; } fd = open (device, OPEN_MODE); diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c index c371be97..66be4b46 100644 --- a/plugins/check_ldap.c +++ b/plugins/check_ldap.c @@ -1,29 +1,29 @@ /***************************************************************************** -* +* * Monitoring check_ldap plugin -* +* * License: GPL * Copyright (c) 2000-2008 Monitoring Plugins Development Team -* +* * Description: -* +* * This file contains the check_ldap plugin -* -* +* +* * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. -* +* * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. -* +* * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. -* -* +* +* *****************************************************************************/ /* progname may be check_ldaps */ @@ -67,7 +67,10 @@ int ld_protocol = DEFAULT_PROTOCOL; #endif double warn_time = UNDEFINED; double crit_time = UNDEFINED; +thresholds *entries_thresholds = NULL; struct timeval tv; +char* warn_entries = NULL; +char* crit_entries = NULL; int starttls = FALSE; int ssl_on_connect = FALSE; int verbose = 0; @@ -94,6 +97,12 @@ main (int argc, char *argv[]) int tls; int version=3; + /* for entry counting */ + + LDAPMessage *next_entry; + int status_entries = STATE_OK; + int num_entries = 0; + setlocale (LC_ALL, ""); bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); @@ -197,12 +206,14 @@ main (int argc, char *argv[]) } /* do a search of all objectclasses in the base dn */ - if (ldap_search_s (ld, ld_base, LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result) + if (ldap_search_s (ld, ld_base, (crit_entries!=NULL || warn_entries!=NULL) ? LDAP_SCOPE_SUBTREE : LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result) != LDAP_SUCCESS) { if (verbose) ldap_perror(ld, "ldap_search"); printf (_("Could not search/find objectclasses in %s\n"), ld_base); return STATE_CRITICAL; + } else if (crit_entries!=NULL || warn_entries!=NULL) { + num_entries = ldap_count_entries(ld, result); } /* unbind from the ldap server */ @@ -223,14 +234,42 @@ main (int argc, char *argv[]) else status = STATE_OK; + if(entries_thresholds != NULL) { + if (verbose) { + printf ("entries found: %d\n", num_entries); + print_thresholds("entry threasholds", entries_thresholds); + } + status_entries = get_status(num_entries, entries_thresholds); + if (status_entries == STATE_CRITICAL) { + status = STATE_CRITICAL; + } else if (status != STATE_CRITICAL) { + status = status_entries; + } + } + /* print out the result */ - printf (_("LDAP %s - %.3f seconds response time|%s\n"), - state_text (status), - elapsed_time, - fperfdata ("time", elapsed_time, "s", - (int)warn_time, warn_time, - (int)crit_time, crit_time, - TRUE, 0, FALSE, 0)); + if (crit_entries!=NULL || warn_entries!=NULL) { + printf (_("LDAP %s - found %d entries in %.3f seconds|%s %s\n"), + state_text (status), + num_entries, + elapsed_time, + fperfdata ("time", elapsed_time, "s", + (int)warn_time, warn_time, + (int)crit_time, crit_time, + TRUE, 0, FALSE, 0), + sperfdata ("entries", (double)num_entries, "", + warn_entries, + crit_entries, + TRUE, 0.0, FALSE, 0.0)); + } else { + printf (_("LDAP %s - %.3f seconds response time|%s\n"), + state_text (status), + elapsed_time, + fperfdata ("time", elapsed_time, "s", + (int)warn_time, warn_time, + (int)crit_time, crit_time, + TRUE, 0, FALSE, 0)); + } return status; } @@ -263,6 +302,8 @@ process_arguments (int argc, char **argv) {"port", required_argument, 0, 'p'}, {"warn", required_argument, 0, 'w'}, {"crit", required_argument, 0, 'c'}, + {"warn-entries", required_argument, 0, 'W'}, + {"crit-entries", required_argument, 0, 'C'}, {"verbose", no_argument, 0, 'v'}, {0, 0, 0, 0} }; @@ -276,7 +317,7 @@ process_arguments (int argc, char **argv) } while (1) { - c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:", longopts, &option); + c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:W:", longopts, &option); if (c == -1 || c == EOF) break; @@ -284,10 +325,10 @@ process_arguments (int argc, char **argv) switch (c) { case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 't': /* timeout period */ if (!is_intnonneg (optarg)) usage2 (_("Timeout interval must be a positive integer"), optarg); @@ -318,6 +359,12 @@ process_arguments (int argc, char **argv) case 'c': crit_time = strtod (optarg, NULL); break; + case 'W': + warn_entries = optarg; + break; + case 'C': + crit_entries = optarg; + break; #ifdef HAVE_LDAP_SET_OPTION case '2': ld_protocol = 2; @@ -381,6 +428,10 @@ validate_arguments () if (ld_base==NULL) usage4 (_("Please specify the LDAP base\n")); + if (crit_entries!=NULL || warn_entries!=NULL) { + set_thresholds(&entries_thresholds, + warn_entries, crit_entries); + } return OK; } @@ -430,6 +481,11 @@ print_help (void) printf (UT_WARN_CRIT); + printf (" %s\n", "-W [--warn-entries]"); + printf (" %s\n", _("Number of found entries to result in warning status")); + printf (" %s\n", "-C [--crit-entries]"); + printf (" %s\n", _("Number of found entries to result in critical status")); + printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); printf (UT_VERBOSE); @@ -441,6 +497,7 @@ print_help (void) printf (" %s\n", _("'SSL on connect' will be used no matter how the plugin was called.")); printf (" %s\n", _("This detection is deprecated, please use 'check_ldap' with the '--starttls' or '--ssl' flags")); printf (" %s\n", _("to define the behaviour explicitly instead.")); + printf (" %s\n", _("The parameters --warn-entries and --crit-entries are optional.")); printf (UT_SUPPORT); } diff --git a/plugins/check_load.c b/plugins/check_load.c index cde63e56..a96435f4 100644 --- a/plugins/check_load.c +++ b/plugins/check_load.c @@ -251,10 +251,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case '?': /* help */ usage5 (); } diff --git a/plugins/check_mrtg.c b/plugins/check_mrtg.c index cf3fe044..1fda5492 100644 --- a/plugins/check_mrtg.c +++ b/plugins/check_mrtg.c @@ -234,10 +234,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case '?': /* help */ usage5 (); } diff --git a/plugins/check_mrtgtraf.c b/plugins/check_mrtgtraf.c index 3b038cf1..eb66f622 100644 --- a/plugins/check_mrtgtraf.c +++ b/plugins/check_mrtgtraf.c @@ -270,10 +270,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case '?': /* help */ usage5 (); } diff --git a/plugins/check_mysql.c b/plugins/check_mysql.c index 216626bc..5773afd9 100644 --- a/plugins/check_mysql.c +++ b/plugins/check_mysql.c @@ -444,10 +444,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'v': verbose++; break; diff --git a/plugins/check_mysql_query.c b/plugins/check_mysql_query.c index 71ab7768..49a14dd3 100644 --- a/plugins/check_mysql_query.c +++ b/plugins/check_mysql_query.c @@ -250,10 +250,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'q': xasprintf(&sql_query, "%s", optarg); break; diff --git a/plugins/check_nagios.c b/plugins/check_nagios.c index 791b6dbe..40d68f03 100644 --- a/plugins/check_nagios.c +++ b/plugins/check_nagios.c @@ -235,10 +235,10 @@ process_arguments (int argc, char **argv) switch (c) { case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'F': /* status log */ status_log = optarg; break; diff --git a/plugins/check_nt.c b/plugins/check_nt.c index f621b0a8..59c135db 100644 --- a/plugins/check_nt.c +++ b/plugins/check_nt.c @@ -553,10 +553,10 @@ int process_arguments(int argc, char **argv){ usage5 (); case 'h': /* help */ print_help(); - exit(STATE_OK); + exit(STATE_UNKNOWN); case 'V': /* version */ print_revision(progname, NP_VERSION); - exit(STATE_OK); + exit(STATE_UNKNOWN); case 'H': /* hostname */ server_address = optarg; break; diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c index a7d278de..75efc289 100644 --- a/plugins/check_ntp.c +++ b/plugins/check_ntp.c @@ -691,11 +691,11 @@ int process_arguments(int argc, char **argv){ switch (c) { case 'h': print_help(); - exit(STATE_OK); + exit(STATE_UNKNOWN); break; case 'V': print_revision(progname, NP_VERSION); - exit(STATE_OK); + exit(STATE_UNKNOWN); break; case 'v': verbose++; diff --git a/plugins/check_ntp_peer.c b/plugins/check_ntp_peer.c index 44424af5..c656b0f5 100644 --- a/plugins/check_ntp_peer.c +++ b/plugins/check_ntp_peer.c @@ -448,11 +448,11 @@ int process_arguments(int argc, char **argv){ switch (c) { case 'h': print_help(); - exit(STATE_OK); + exit(STATE_UNKNOWN); break; case 'V': print_revision(progname, NP_VERSION); - exit(STATE_OK); + exit(STATE_UNKNOWN); break; case 'v': verbose++; diff --git a/plugins/check_ntp_time.c b/plugins/check_ntp_time.c index f2762ef5..1cc8cbfb 100644 --- a/plugins/check_ntp_time.c +++ b/plugins/check_ntp_time.c @@ -475,11 +475,11 @@ int process_arguments(int argc, char **argv){ switch (c) { case 'h': print_help(); - exit(STATE_OK); + exit(STATE_UNKNOWN); break; case 'V': print_revision(progname, NP_VERSION); - exit(STATE_OK); + exit(STATE_UNKNOWN); break; case 'v': verbose++; diff --git a/plugins/check_nwstat.c b/plugins/check_nwstat.c index 1a7bfa16..e7e8de05 100644 --- a/plugins/check_nwstat.c +++ b/plugins/check_nwstat.c @@ -1354,10 +1354,10 @@ int process_arguments(int argc, char **argv) { usage5 (); case 'h': /* help */ print_help(); - exit(STATE_OK); + exit(STATE_UNKNOWN); case 'V': /* version */ print_revision(progname, NP_VERSION); - exit(STATE_OK); + exit(STATE_UNKNOWN); case 'H': /* hostname */ server_address=optarg; break; diff --git a/plugins/check_overcr.c b/plugins/check_overcr.c index af5eb9b9..9a4d25fa 100644 --- a/plugins/check_overcr.c +++ b/plugins/check_overcr.c @@ -340,10 +340,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'H': /* hostname */ server_address = optarg; break; diff --git a/plugins/check_pgsql.c b/plugins/check_pgsql.c index 9bad1ec5..2eb699e8 100644 --- a/plugins/check_pgsql.c +++ b/plugins/check_pgsql.c @@ -302,10 +302,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 't': /* timeout period */ if (!is_integer (optarg)) usage2 (_("Timeout interval must be a positive integer"), optarg); diff --git a/plugins/check_ping.c b/plugins/check_ping.c index dbc5c3e4..423ecbe5 100644 --- a/plugins/check_ping.c +++ b/plugins/check_ping.c @@ -224,11 +224,11 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); break; case 't': /* timeout period */ timeout_interval = atoi (optarg); diff --git a/plugins/check_procs.c b/plugins/check_procs.c index 402aac53..4bcc56bc 100644 --- a/plugins/check_procs.c +++ b/plugins/check_procs.c @@ -428,10 +428,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 't': /* timeout period */ if (!is_integer (optarg)) usage2 (_("Timeout interval must be a positive integer"), optarg); diff --git a/plugins/check_radius.c b/plugins/check_radius.c index b2943475..03cbb8b0 100644 --- a/plugins/check_radius.c +++ b/plugins/check_radius.c @@ -259,10 +259,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (OK); + exit (STATE_UNKNOWN); case 'v': /* verbose mode */ verbose = TRUE; break; diff --git a/plugins/check_real.c b/plugins/check_real.c index 00bd4d20..6491e6e9 100644 --- a/plugins/check_real.c +++ b/plugins/check_real.c @@ -359,10 +359,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case '?': /* usage */ usage5 (); } diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c index 24304534..1996c6d3 100644 --- a/plugins/check_smtp.c +++ b/plugins/check_smtp.c @@ -231,7 +231,7 @@ main (int argc, char **argv) send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0); recvlines(buffer, MAX_INPUT_BUFFER); /* wait for it */ - if (!strstr (buffer, server_expect)) { + if (!strstr (buffer, SMTP_EXPECT)) { printf (_("Server does not support STARTTLS\n")); smtp_quit(); return STATE_UNKNOWN; @@ -276,6 +276,7 @@ main (int argc, char **argv) # ifdef USE_OPENSSL if ( check_cert ) { result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); + smtp_quit(); my_close(); return result; } @@ -581,11 +582,6 @@ process_arguments (int argc, char **argv) usage4 (_("Timeout interval must be a positive integer")); } break; - case 'S': - /* starttls */ - use_ssl = TRUE; - use_ehlo = TRUE; - break; case 'D': /* Check SSL cert validity */ #ifdef USE_OPENSSL @@ -607,9 +603,14 @@ process_arguments (int argc, char **argv) days_till_exp_warn = atoi (optarg); } check_cert = TRUE; + ignore_send_quit_failure = TRUE; #else usage (_("SSL support not available - install OpenSSL and recompile")); #endif + case 'S': + /* starttls */ + use_ssl = TRUE; + use_ehlo = TRUE; break; case '4': address_family = AF_INET; @@ -623,10 +624,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case '?': /* help */ usage5 (); } diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c index 9d966faa..da9638c4 100644 --- a/plugins/check_snmp.c +++ b/plugins/check_snmp.c @@ -41,7 +41,6 @@ const char *email = "devel@monitoring-plugins.org"; #define DEFAULT_PORT "161" #define DEFAULT_MIBLIST "ALL" #define DEFAULT_PROTOCOL "1" -#define DEFAULT_TIMEOUT 1 #define DEFAULT_RETRIES 5 #define DEFAULT_AUTH_PROTOCOL "MD5" #define DEFAULT_PRIV_PROTOCOL "DES" @@ -153,7 +152,7 @@ state_data *previous_state; double *previous_value; size_t previous_size = OID_COUNT_STEP; int perf_labels = 1; - +char* ip_version = ""; static char *fix_snmp_range(char *th) { @@ -227,7 +226,7 @@ main (int argc, char **argv) outbuff = strdup (""); delimiter = strdup (" = "); output_delim = strdup (DEFAULT_OUTPUT_DELIMITER); - timeout_interval = DEFAULT_TIMEOUT; + timeout_interval = DEFAULT_SOCKET_TIMEOUT; retries = DEFAULT_RETRIES; np_init( (char *) progname, argc, argv ); @@ -418,6 +417,9 @@ main (int argc, char **argv) else if (strstr (response, "INTEGER: ")) { show = strstr (response, "INTEGER: ") + 9; } + else if (strstr (response, "OID: ")) { + show = strstr (response, "OID: ") + 5; + } else if (strstr (response, "STRING: ")) { show = strstr (response, "STRING: ") + 8; conv = "%.10g"; @@ -678,6 +680,8 @@ process_arguments (int argc, char **argv) {"offset", required_argument, 0, L_OFFSET}, {"invert-search", no_argument, 0, L_INVERT_SEARCH}, {"perf-oids", no_argument, 0, 'O'}, + {"ipv4", no_argument, 0, '4'}, + {"ipv6", no_argument, 0, '6'}, {0, 0, 0, 0} }; @@ -695,7 +699,7 @@ process_arguments (int argc, char **argv) } while (1) { - c = getopt_long (argc, argv, "nhvVOt:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:", + c = getopt_long (argc, argv, "nhvVO46t:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:", longopts, &option); if (c == -1 || c == EOF) @@ -706,10 +710,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'v': /* verbose */ verbose++; break; @@ -920,6 +924,13 @@ process_arguments (int argc, char **argv) case 'O': perf_labels=0; break; + case '4': + break; + case '6': + xasprintf(&ip_version, "udp6:"); + if(verbose>2) + printf("IPv6 detected! Will pass \"udp6:\" to snmpget.\n"); + break; } } @@ -1125,6 +1136,7 @@ print_help (void) printf (UT_HELP_VRSN); printf (UT_EXTRA_OPTS); + printf (UT_IPv46); printf (UT_HOST_PORT, 'p', DEFAULT_PORT); @@ -1243,5 +1255,5 @@ print_usage (void) printf ("[-C community] [-s string] [-r regex] [-R regexi] [-t timeout] [-e retries]\n"); printf ("[-l label] [-u units] [-p port-number] [-d delimiter] [-D output-delimiter]\n"); printf ("[-m miblist] [-P snmp version] [-N context] [-L seclevel] [-U secname]\n"); - printf ("[-a authproto] [-A authpasswd] [-x privproto] [-X privpasswd]\n"); + printf ("[-a authproto] [-A authpasswd] [-x privproto] [-X privpasswd] [-4|6]\n"); } diff --git a/plugins/check_ssh.c b/plugins/check_ssh.c index 3658965e..8ccbd5a7 100644 --- a/plugins/check_ssh.c +++ b/plugins/check_ssh.c @@ -128,10 +128,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'v': /* verbose */ verbose = TRUE; break; diff --git a/plugins/check_swap.c b/plugins/check_swap.c index 25e0bacd..4d5a4071 100644 --- a/plugins/check_swap.c +++ b/plugins/check_swap.c @@ -470,10 +470,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case '?': /* error */ usage5 (); } diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c index 63f9fd9c..6dc9aa96 100644 --- a/plugins/check_tcp.c +++ b/plugins/check_tcp.c @@ -237,7 +237,7 @@ main (int argc, char **argv) gettimeofday (&tv, NULL); result = np_net_connect (server_address, server_port, &sd, PROTOCOL); - if (result == STATE_CRITICAL) return STATE_CRITICAL; + if (result == STATE_CRITICAL) return econn_refuse_state; #ifdef HAVE_SSL if (flags & FLAG_SSL){ @@ -463,10 +463,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'v': /* verbose mode */ flags |= FLAG_VERBOSE; match_flags |= NP_MATCH_VERBOSE; @@ -577,7 +577,8 @@ process_arguments (int argc, char **argv) if ((temp=strchr(optarg,','))!=NULL) { *temp='\0'; if (!is_intnonneg (optarg)) - usage2 (_("Invalid certificate expiration period"), optarg); days_till_exp_warn = atoi(optarg); + usage2 (_("Invalid certificate expiration period"), optarg); + days_till_exp_warn = atoi (optarg); *temp=','; temp++; if (!is_intnonneg (temp)) diff --git a/plugins/check_time.c b/plugins/check_time.c index 3943742a..baf8c591 100644 --- a/plugins/check_time.c +++ b/plugins/check_time.c @@ -231,10 +231,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'H': /* hostname */ if (is_host (optarg) == FALSE) usage2 (_("Invalid hostname/address"), optarg); diff --git a/plugins/check_ups.c b/plugins/check_ups.c index 099881d0..e9e56a51 100644 --- a/plugins/check_ups.c +++ b/plugins/check_ups.c @@ -242,8 +242,8 @@ main (int argc, char **argv) } xasprintf (&data, "%s %s", data, perfdata ("battery", (long)ups_battery_percent, "%", - check_warn, (long)(1000*warning_value), - check_crit, (long)(1000*critical_value), + check_warn, (long)(warning_value), + check_crit, (long)(critical_value), TRUE, 0, TRUE, 100)); } else { xasprintf (&data, "%s %s", data, @@ -271,8 +271,8 @@ main (int argc, char **argv) } xasprintf (&data, "%s %s", data, perfdata ("load", (long)ups_load_percent, "%", - check_warn, (long)(1000*warning_value), - check_crit, (long)(1000*critical_value), + check_warn, (long)(warning_value), + check_crit, (long)(critical_value), TRUE, 0, TRUE, 100)); } else { xasprintf (&data, "%s %s", data, @@ -308,8 +308,8 @@ main (int argc, char **argv) } xasprintf (&data, "%s %s", data, perfdata ("temp", (long)ups_temperature, tunits, - check_warn, (long)(1000*warning_value), - check_crit, (long)(1000*critical_value), + check_warn, (long)(warning_value), + check_crit, (long)(critical_value), TRUE, 0, FALSE, 0)); } else { xasprintf (&data, "%s %s", data, @@ -558,10 +558,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); } } diff --git a/plugins/check_users.c b/plugins/check_users.c index a009f20b..f6f4b362 100644 --- a/plugins/check_users.c +++ b/plugins/check_users.c @@ -54,15 +54,15 @@ int process_arguments (int, char **); void print_help (void); void print_usage (void); -int wusers = -1; -int cusers = -1; +char *warning_range = NULL; +char *critical_range = NULL; +thresholds *thlds = NULL; int main (int argc, char **argv) { int users = -1; int result = STATE_UNKNOWN; - char *perf; #if HAVE_WTSAPI32_H WTS_SESSION_INFO *wtsinfo; DWORD wtscount; @@ -77,8 +77,6 @@ main (int argc, char **argv) bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); - perf = strdup (""); - /* Parse extra opts if any */ argv = np_extra_opts (&argc, argv, progname); @@ -160,23 +158,15 @@ main (int argc, char **argv) #endif /* check the user count against warning and critical thresholds */ - if (users > cusers) - result = STATE_CRITICAL; - else if (users > wusers) - result = STATE_WARNING; - else if (users >= 0) - result = STATE_OK; + result = get_status((double)users, thlds); if (result == STATE_UNKNOWN) printf ("%s\n", _("Unable to read output")); else { - xasprintf (&perf, "%s", perfdata ("users", users, "", - TRUE, wusers, - TRUE, cusers, - TRUE, 0, - FALSE, 0)); - printf (_("USERS %s - %d users currently logged in |%s\n"), state_text (result), - users, perf); + printf (_("USERS %s - %d users currently logged in |%s\n"), + state_text(result), users, + sperfdata_int("users", users, "", warning_range, + critical_range, TRUE, 0, FALSE, 0)); } return result; @@ -210,38 +200,32 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'c': /* critical */ - if (!is_intnonneg (optarg)) - usage4 (_("Critical threshold must be a positive integer")); - else - cusers = atoi (optarg); + critical_range = optarg; break; case 'w': /* warning */ - if (!is_intnonneg (optarg)) - usage4 (_("Warning threshold must be a positive integer")); - else - wusers = atoi (optarg); + warning_range = optarg; break; } } c = optind; - if (wusers == -1 && argc > c) { - if (is_intnonneg (argv[c]) == FALSE) - usage4 (_("Warning threshold must be a positive integer")); - else - wusers = atoi (argv[c++]); - } - if (cusers == -1 && argc > c) { - if (is_intnonneg (argv[c]) == FALSE) - usage4 (_("Warning threshold must be a positive integer")); - else - cusers = atoi (argv[c]); - } + if (warning_range == NULL && argc > c) + warning_range = argv[c++]; + if (critical_range == NULL && argc > c) + critical_range = argv[c++]; + + /* this will abort in case of invalid ranges */ + set_thresholds (&thlds, warning_range, critical_range); + + if (thlds->warning->end < 0) + usage4 (_("Warning threshold must be a positive integer")); + if (thlds->critical->end < 0) + usage4 (_("Critical threshold must be a positive integer")); return OK; } diff --git a/plugins/netutils.c b/plugins/netutils.c index 83f8942f..705aaf09 100644 --- a/plugins/netutils.c +++ b/plugins/netutils.c @@ -161,6 +161,10 @@ process_request (const char *server_address, int server_port, int proto, int np_net_connect (const char *host_name, int port, int *sd, int proto) { + /* send back STATE_UNKOWN if there's an error + send back STATE_OK if we connect + send back STATE_CRITICAL if we can't connect. + Let upstream figure out what to send to the user. */ struct addrinfo hints; struct addrinfo *r, *res; struct sockaddr_un su; @@ -250,16 +254,14 @@ np_net_connect (const char *host_name, int port, int *sd, int proto) else if (was_refused) { switch (econn_refuse_state) { /* a user-defined expected outcome */ case STATE_OK: - case STATE_WARNING: /* user wants WARN or OK on refusal */ - return econn_refuse_state; - break; - case STATE_CRITICAL: /* user did not set econn_refuse_state */ + case STATE_WARNING: /* user wants WARN or OK on refusal, or... */ + case STATE_CRITICAL: /* user did not set econn_refuse_state, or wanted critical */ if (is_socket) printf("connect to file socket %s: %s\n", host_name, strerror(errno)); else printf("connect to address %s and port %d: %s\n", host_name, port, strerror(errno)); - return econn_refuse_state; + return STATE_CRITICAL; break; default: /* it's a logic error if we do not end up in STATE_(OK|WARNING|CRITICAL) */ return STATE_UNKNOWN; diff --git a/plugins/netutils.h b/plugins/netutils.h index c6fce901..2766029e 100644 --- a/plugins/netutils.h +++ b/plugins/netutils.h @@ -91,6 +91,16 @@ RETSIGTYPE socket_timeout_alarm_handler (int) __attribute__((noreturn)); /* SSL-Related functionality */ #ifdef HAVE_SSL +# define MP_SSLv2 1 +# define MP_SSLv3 2 +# define MP_TLSv1 3 +# define MP_TLSv1_1 4 +# define MP_TLSv1_2 5 +# define MP_SSLv2_OR_NEWER 6 +# define MP_SSLv3_OR_NEWER 7 +# define MP_TLSv1_OR_NEWER 8 +# define MP_TLSv1_1_OR_NEWER 9 +# define MP_TLSv1_2_OR_NEWER 10 /* maybe this could be merged with the above np_net_connect, via some flags */ int np_net_ssl_init(int sd); int np_net_ssl_init_with_hostname(int sd, char *host_name); diff --git a/plugins/sslutils.c b/plugins/sslutils.c index d0ae4741..b412ef3d 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c @@ -49,28 +49,78 @@ int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int versi int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int version, char *cert, char *privkey) { SSL_METHOD *method = NULL; + long options = 0; switch (version) { - case 0: /* Deafult to auto negotiation */ - method = SSLv23_client_method(); - break; - case 1: /* TLSv1 protocol */ - method = TLSv1_client_method(); - break; - case 2: /* SSLv2 protocol */ + case MP_SSLv2: /* SSLv2 protocol */ #if defined(USE_GNUTLS) || defined(OPENSSL_NO_SSL2) - printf(("%s\n", _("CRITICAL - SSL protocol version 2 is not supported by your SSL library."))); - return STATE_CRITICAL; + printf("%s\n", _("UNKNOWN - SSL protocol version 2 is not supported by your SSL library.")); + return STATE_UNKNOWN; #else method = SSLv2_client_method(); -#endif break; - case 3: /* SSLv3 protocol */ +#endif + case MP_SSLv3: /* SSLv3 protocol */ +#if defined(OPENSSL_NO_SSL3) + printf("%s\n", _("UNKNOWN - SSL protocol version 3 is not supported by your SSL library.")); + return STATE_UNKNOWN; +#else method = SSLv3_client_method(); break; - default: /* Unsupported */ - printf("%s\n", _("CRITICAL - Unsupported SSL protocol version.")); - return STATE_CRITICAL; +#endif + case MP_TLSv1: /* TLSv1 protocol */ +#if defined(OPENSSL_NO_TLS1) + printf("%s\n", _("UNKNOWN - TLS protocol version 1 is not supported by your SSL library.")); + return STATE_UNKNOWN; +#else + method = TLSv1_client_method(); + break; +#endif + case MP_TLSv1_1: /* TLSv1.1 protocol */ +#if !defined(SSL_OP_NO_TLSv1_1) + printf("%s\n", _("UNKNOWN - TLS protocol version 1.1 is not supported by your SSL library.")); + return STATE_UNKNOWN; +#else + method = TLSv1_1_client_method(); + break; +#endif + case MP_TLSv1_2: /* TLSv1.2 protocol */ +#if !defined(SSL_OP_NO_TLSv1_2) + printf("%s\n", _("UNKNOWN - TLS protocol version 1.2 is not supported by your SSL library.")); + return STATE_UNKNOWN; +#else + method = TLSv1_2_client_method(); + break; +#endif + case MP_TLSv1_2_OR_NEWER: +#if !defined(SSL_OP_NO_TLSv1_1) + printf("%s\n", _("UNKNOWN - Disabling TLSv1.1 is not supported by your SSL library.")); + return STATE_UNKNOWN; +#else + options |= SSL_OP_NO_TLSv1_1; +#endif + /* FALLTHROUGH */ + case MP_TLSv1_1_OR_NEWER: +#if !defined(SSL_OP_NO_TLSv1) + printf("%s\n", _("UNKNOWN - Disabling TLSv1 is not supported by your SSL library.")); + return STATE_UNKNOWN; +#else + options |= SSL_OP_NO_TLSv1; +#endif + /* FALLTHROUGH */ + case MP_TLSv1_OR_NEWER: +#if defined(SSL_OP_NO_SSLv3) + options |= SSL_OP_NO_SSLv3; +#endif + /* FALLTHROUGH */ + case MP_SSLv3_OR_NEWER: +#if defined(SSL_OP_NO_SSLv2) + options |= SSL_OP_NO_SSLv2; +#endif + case MP_SSLv2_OR_NEWER: + /* FALLTHROUGH */ + default: /* Default to auto negotiation */ + method = SSLv23_client_method(); } if (!initialized) { /* Initialize SSL context */ @@ -94,8 +144,9 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int #endif } #ifdef SSL_OP_NO_TICKET - SSL_CTX_set_options(c, SSL_OP_NO_TICKET); + options |= SSL_OP_NO_TICKET; #endif + SSL_CTX_set_options(c, options); SSL_CTX_set_mode(c, SSL_MODE_AUTO_RETRY); if ((s = SSL_new(c)) != NULL) { #ifdef SSL_set_tlsext_host_name @@ -144,7 +195,10 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ # ifdef USE_OPENSSL X509 *certificate=NULL; X509_NAME *subj=NULL; + char timestamp[50] = ""; char cn[MAX_CN_LENGTH]= ""; + char *tz; + int cnlen =-1; int status=STATE_UNKNOWN; @@ -153,7 +207,7 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ struct tm stamp; float time_left; int days_left; - char timestamp[50] = ""; + int time_remaining; time_t tm_t; certificate=SSL_get_peer_certificate(s); @@ -207,32 +261,55 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0'); stamp.tm_min = (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0'); - stamp.tm_sec = 0; + stamp.tm_sec = + (tm->data[10 + offset] - '0') * 10 + (tm->data[11 + offset] - '0'); stamp.tm_isdst = -1; - time_left = difftime(timegm(&stamp), time(NULL)); + tm_t = timegm(&stamp); + time_left = difftime(tm_t, time(NULL)); days_left = time_left / 86400; - tm_t = mktime (&stamp); - strftime(timestamp, 50, "%c", localtime(&tm_t)); + tz = getenv("TZ"); + setenv("TZ", "GMT", 1); + tzset(); + strftime(timestamp, 50, "%c %z", localtime(&tm_t)); + if (tz) + setenv("TZ", tz, 1); + else + unsetenv("TZ"); + tzset(); if (days_left > 0 && days_left <= days_till_exp_warn) { printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, days_left, timestamp); if (days_left > days_till_exp_crit) - return STATE_WARNING; + status = STATE_WARNING; else - return STATE_CRITICAL; + status = STATE_CRITICAL; + } else if (days_left == 0 && time_left > 0) { + if (time_left >= 3600) + time_remaining = (int) time_left / 3600; + else + time_remaining = (int) time_left / 60; + + printf (_("%s - Certificate '%s' expires in %u %s (%s)\n"), + (days_left>days_till_exp_crit) ? "WARNING" : "CRITICAL", cn, time_remaining, + time_left >= 3600 ? "hours" : "minutes", timestamp); + + if ( days_left > days_till_exp_crit) + status = STATE_WARNING; + else + status = STATE_CRITICAL; } else if (time_left < 0) { printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp); status=STATE_CRITICAL; } else if (days_left == 0) { - printf (_("%s - Certificate '%s' expires today (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp); + printf (_("%s - Certificate '%s' just expired (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp); if (days_left > days_till_exp_crit) - return STATE_WARNING; + status = STATE_WARNING; else - return STATE_CRITICAL; + status = STATE_CRITICAL; } else { printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp); - status=STATE_OK; + status = STATE_OK; } X509_free(certificate); return status; diff --git a/plugins/t/NPTest.cache.travis b/plugins/t/NPTest.cache.travis index 4ebfb90e..fe8aabdb 100644 --- a/plugins/t/NPTest.cache.travis +++ b/plugins/t/NPTest.cache.travis @@ -17,13 +17,15 @@ 'NP_HOST_HPJD_PORT_INVALID' => '161', 'NP_HOST_HPJD_PORT_VALID' => '', 'NP_HOST_TCP_HTTP' => 'localhost', - 'NP_HOST_TCP_HTTP2' => 'labs.consol.de', + 'NP_HOST_TCP_HTTP2' => 'test.monitoring-plugins.org', 'NP_HOST_TCP_IMAP' => 'imap.web.de', + 'NP_HOST_TCP_LDAP' => 'localhost', 'NP_HOST_TCP_POP' => 'pop.web.de', 'NP_HOST_TCP_SMTP' => 'localhost', 'NP_HOST_TCP_SMTP_NOTLS' => '', 'NP_HOST_TCP_SMTP_TLS' => '', 'NP_INTERNET_ACCESS' => 'yes', + 'NP_LDAP_BASE_DN' => 'cn=admin,dc=nodomain', 'NP_MOUNTPOINT2_VALID' => '', 'NP_MOUNTPOINT_VALID' => '/', 'NP_MYSQL_SERVER' => 'localhost', diff --git a/plugins/t/check_http.t b/plugins/t/check_http.t index 2539a289..f514ca6f 100644 --- a/plugins/t/check_http.t +++ b/plugins/t/check_http.t @@ -6,9 +6,10 @@ use strict; use Test::More; +use POSIX qw/mktime strftime/; use NPTest; -plan tests => 30; +plan tests => 42; my $successOutput = '/OK.*HTTP.*second/'; @@ -34,6 +35,8 @@ my $host_tcp_http2 = getTestParameter( "NP_HOST_TCP_HTTP2", "A host providing an index page containing the string 'monitoring'", "test.monitoring-plugins.org" ); +my $faketime = -x '/usr/bin/faketime' ? 1 : 0; + $res = NPTest->testCmd( "./check_http $host_tcp_http -wt 300 -ct 600" @@ -47,10 +50,10 @@ $res = NPTest->testCmd( like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" ); $res = NPTest->testCmd( - "./check_http $host_nonresponsive -wt 1 -ct 2" + "./check_http $host_nonresponsive -wt 1 -ct 2 -t 3" ); cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" ); -cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 10 seconds", "Output OK"); +cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 3 seconds", "Output OK"); $res = NPTest->testCmd( "./check_http $hostname_invalid -wt 1 -ct 2" @@ -112,12 +115,46 @@ SKIP: { $res = NPTest->testCmd( "./check_http www.verisign.com -C 1" ); cmp_ok( $res->output, 'eq', $saved_cert_output, "Old syntax for cert checking still works"); + # run some certificate checks with faketime + SKIP: { + skip "No faketime binary found", 12 if !$faketime; + $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./check_http -C 1 www.verisign.com"); + like($res->output, qr/OK - Certificate 'www.verisign.com' will expire on/, "Catch cert output"); + is( $res->return_code, 0, "Catch cert output exit code" ); + my($mon,$day,$hour,$min,$sec,$year) = ($res->output =~ /(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)\s+(\d+)/); + if(!defined $year) { + die("parsing date failed from: ".$res->output); + } + my $months = {'Jan' => 0, 'Feb' => 1, 'Mar' => 2, 'Apr' => 3, 'May' => 4, 'Jun' => 5, 'Jul' => 6, 'Aug' => 7, 'Sep' => 8, 'Oct' => 9, 'Nov' => 10, 'Dec' => 11}; + my $ts = mktime($sec, $min, $hour, $day, $months->{$mon}, $year-1900); + my $time = strftime("%Y-%m-%d %H:%M:%S", localtime($ts)); + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_http -C 1 www.verisign.com"); + like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' just expired/, "Output on expire date"); + is( $res->return_code, 2, "Output on expire date" ); + + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-1))."' ./check_http -C 1 www.verisign.com"); + like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 0 minutes/, "cert expires in 1 second output"); + is( $res->return_code, 2, "cert expires in 1 second exit code" ); + + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-120))."' ./check_http -C 1 www.verisign.com"); + like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 2 minutes/, "cert expires in 2 minutes output"); + is( $res->return_code, 2, "cert expires in 2 minutes exit code" ); + + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-7200))."' ./check_http -C 1 www.verisign.com"); + like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 2 hours/, "cert expires in 2 hours output"); + is( $res->return_code, 2, "cert expires in 2 hours exit code" ); + + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_http -C 1 www.verisign.com"); + like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expired on/, "Certificate expired output"); + is( $res->return_code, 2, "Certificate expired exit code" ); + }; + $res = NPTest->testCmd( "./check_http --ssl www.verisign.com -E" ); like ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' ); like ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' ); $res = NPTest->testCmd( - "./check_http --ssl www.e-paycobalt.com" + "./check_http --ssl -H www.e-paycobalt.com" ); cmp_ok( $res->return_code, "==", 0, "Can read https for www.e-paycobalt.com (uses AES certificate)" ); diff --git a/plugins/t/check_ldap.t b/plugins/t/check_ldap.t new file mode 100644 index 00000000..b8944d4b --- /dev/null +++ b/plugins/t/check_ldap.t @@ -0,0 +1,80 @@ +#!/usr/bin/env perl -I .. +# +# Lightweight Directory Access Protocol (LDAP) Test via check_ldap +# +# + +use strict; +use warnings; +use Test::More; +use NPTest; + +my $host_tcp_ldap = getTestParameter("NP_HOST_TCP_LDAP", + "A host providing the LDAP Service", + "localhost" ); + +my $ldap_base_dn = getTestParameter("NP_LDAP_BASE_DN", + "A base dn for the LDAP Service", + "cn=admin" ); + +my $host_nonresponsive = getTestParameter("host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1", + "The hostname of system not responsive to network requests" ); + +my $hostname_invalid = getTestParameter("hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost", + "An invalid (not known to DNS) hostname" ); + +my($result, $cmd); +my $command = './check_ldap'; + +plan tests => 16; + +SKIP: { + skip "NP_HOST_NONRESPONSIVE not set", 2 if ! $host_nonresponsive; + + $result = NPTest->testCmd("$command -H $host_nonresponsive -b ou=blah -t 2 -w 1 -c 1"); + is( $result->return_code, 2, "$command -H $host_nonresponsive -b ou=blah -t 5 -w 2 -c 3" ); + is( $result->output, 'CRITICAL - Socket timeout after 2 seconds', "output ok" ); +}; + +SKIP: { + skip "NP_HOSTNAME_INVALID not set", 2 if ! $hostname_invalid; + + $result = NPTest->testCmd("$command -H $hostname_invalid -b ou=blah -t 5"); + is( $result->return_code, 2, "$command -H $hostname_invalid -b ou=blah -t 5" ); + is( $result->output, 'Could not bind to the LDAP server', "output ok" ); +}; + +SKIP: { + skip "NP_HOST_TCP_LDAP not set", 12 if ! $host_tcp_ldap; + skip "NP_LDAP_BASE_DN not set", 12 if ! $ldap_base_dn; + + $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3"; + $result = NPTest->testCmd($cmd); + is( $result->return_code, 0, $cmd ); + like( $result->output, '/^LDAP OK - \d+.\d+ seconds response time\|time=\d+\.\d+s;2\.0+;3\.0+;0\.0+$/', "output ok" ); + + $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 10000000 -C 10000001"; + $result = NPTest->testCmd($cmd); + is( $result->return_code, 0, $cmd ); + like( $result->output, '/^LDAP OK - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;10000000;10000001;0\.0+$/', "output ok" ); + + $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 10000000: -C 10000001:"; + $result = NPTest->testCmd($cmd); + is( $result->return_code, 2, $cmd ); + like( $result->output, '/^LDAP CRITICAL - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;10000000:;10000001:;0\.0+$/', "output ok" ); + + $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 0 -C 0"; + $result = NPTest->testCmd($cmd); + is( $result->return_code, 2, $cmd ); + like( $result->output, '/^LDAP CRITICAL - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;0;0;0\.0+$/', "output ok" ); + + $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 10000000: -C 10000001"; + $result = NPTest->testCmd($cmd); + is( $result->return_code, 1, $cmd ); + like( $result->output, '/^LDAP WARNING - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;10000000:;10000001;0\.0+$/', "output ok" ); + + $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -C 10000001"; + $result = NPTest->testCmd($cmd); + is( $result->return_code, 0, $cmd ); + like( $result->output, '/^LDAP OK - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;;10000001;0\.0+$/', "output ok" ); +}; diff --git a/plugins/t/check_snmp.t b/plugins/t/check_snmp.t index 2d6c44a7..aefd872a 100644 --- a/plugins/t/check_snmp.t +++ b/plugins/t/check_snmp.t @@ -166,8 +166,8 @@ SKIP: { SKIP: { skip "no non responsive host defined", 2 if ( ! $host_nonresponsive ); $res = NPTest->testCmd( "./check_snmp -H $host_nonresponsive -C np_foobar -o system.sysUpTime.0 -w 1: -c 1:"); - cmp_ok( $res->return_code, '==', 3, "Exit UNKNOWN with non responsive host" ); - like($res->output, '/External command error: Timeout: No Response from /', "String matches timeout problem"); + cmp_ok( $res->return_code, '==', 2, "Exit CRITICAL with non responsive host" ); + like($res->output, '/Plugin timed out while executing system call/', "String matches timeout problem"); } SKIP: { diff --git a/plugins/t/check_users.t b/plugins/t/check_users.t index 39044bb5..088f3b52 100644 --- a/plugins/t/check_users.t +++ b/plugins/t/check_users.t @@ -13,7 +13,7 @@ use Test; use NPTest; use vars qw($tests); -BEGIN {$tests = 4; plan tests => $tests} +BEGIN {$tests = 8; plan tests => $tests} my $successOutput = '/^USERS OK - [0-9]+ users currently logged in/'; my $failureOutput = '/^USERS CRITICAL - [0-9]+ users currently logged in/'; @@ -22,6 +22,8 @@ my $t; $t += checkCmd( "./check_users 1000 1000", 0, $successOutput ); $t += checkCmd( "./check_users 0 0", 2, $failureOutput ); +$t += checkCmd( "./check_users -w 0:1000 -c 0:1000", 0, $successOutput ); +$t += checkCmd( "./check_users -w 0:0 -c 0:0", 2, $failureOutput ); exit(0) if defined($Test::Harness::VERSION); exit($tests - $t); diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t index d93a0ecf..5984d489 100755 --- a/plugins/tests/check_http.t +++ b/plugins/tests/check_http.t @@ -186,21 +186,21 @@ SKIP: { $result = NPTest->testCmd( "$command -p $port_https -S -C 14" ); is( $result->return_code, 0, "$command -p $port_https -S -C 14" ); - is( $result->output, 'OK - Certificate \'Ton Voon\' will expire on Sun Mar 3 21:41:00 2019.', "output ok" ); + is( $result->output, 'OK - Certificate \'Ton Voon\' will expire on Sun Mar 3 21:41:28 2019 +0000.', "output ok" ); $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" ); is( $result->return_code, 1, "$command -p $port_https -S -C 14000" ); - like( $result->output, '/WARNING - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar 3 21:41:00 2019\)./', "output ok" ); + like( $result->output, '/WARNING - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar 3 21:41:28 2019 \+0000\)./', "output ok" ); # Expired cert tests $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" ); is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" ); - like( $result->output, '/CRITICAL - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar 3 21:41:00 2019\)./', "output ok" ); + like( $result->output, '/CRITICAL - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar 3 21:41:28 2019 \+0000\)./', "output ok" ); $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" ); is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" ); is( $result->output, - 'CRITICAL - Certificate \'Ton Voon\' expired on Thu Mar 5 00:13:00 2009.', + 'CRITICAL - Certificate \'Ton Voon\' expired on Thu Mar 5 00:13:16 2009 +0000.', "output ok" ); } diff --git a/plugins/tests/check_snmp.t b/plugins/tests/check_snmp.t index 2fd033d2..73a68b20 100755 --- a/plugins/tests/check_snmp.t +++ b/plugins/tests/check_snmp.t @@ -128,7 +128,7 @@ sleep 1; $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" ); is($res->return_code, 1, "WARNING - due to going above rate calculation" ); -is($res->output, "SNMP RATE WARNING - *666* | iso.3.6.1.4.1.8072.3.2.67.10=666 "); +is($res->output, "SNMP RATE WARNING - *666* | iso.3.6.1.4.1.8072.3.2.67.10=666;600 "); $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" ); is($res->return_code, 3, "UNKNOWN - basically the divide by zero error" ); @@ -209,7 +209,7 @@ is($res->output, 'SNMP OK - "stringtests" | ', "OK as inverted string no match" $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.12 -w 4:5" ); is($res->return_code, 1, "Numeric in string test" ); -is($res->output, 'SNMP WARNING - *3.5* | iso.3.6.1.4.1.8072.3.2.67.12=3.5 ', "WARNING threshold checks for string masquerading as number" ); +is($res->output, 'SNMP WARNING - *3.5* | iso.3.6.1.4.1.8072.3.2.67.12=3.5;4:5 ', "WARNING threshold checks for string masquerading as number" ); $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.13" ); is($res->return_code, 0, "Not really numeric test" ); @@ -225,29 +225,29 @@ is($res->output, 'SNMP OK - "CUSTOM CHECK OK: foo is 12345" | ', "String check w $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" ); is($res->return_code, 0, "Negative integer check OK" ); -is($res->output, 'SNMP OK - -2 | iso.3.6.1.4.1.8072.3.2.67.16=-2 ', "Negative integer check OK output" ); +is($res->output, 'SNMP OK - -2 | iso.3.6.1.4.1.8072.3.2.67.16=-2;-2:;-3: ', "Negative integer check OK output" ); $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" ); is($res->return_code, 1, "Negative integer check WARNING" ); -is($res->output, 'SNMP WARNING - *-3* | iso.3.6.1.4.1.8072.3.2.67.16=-3 ', "Negative integer check WARNING output" ); +is($res->output, 'SNMP WARNING - *-3* | iso.3.6.1.4.1.8072.3.2.67.16=-3;-2:;-3: ', "Negative integer check WARNING output" ); $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" ); is($res->return_code, 2, "Negative integer check CRITICAL" ); -is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.16=-4 ', "Negative integer check CRITICAL output" ); +is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.16=-4;-2:;-3: ', "Negative integer check CRITICAL output" ); $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.17 -w -3: -c -6:" ); is($res->return_code, 1, "Negative integer as string, WARNING" ); -is($res->output, 'SNMP WARNING - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4 ', "Negative integer as string, WARNING output" ); +is($res->output, 'SNMP WARNING - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4;-3:;-6: ', "Negative integer as string, WARNING output" ); $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.17 -w -2: -c -3:" ); is($res->return_code, 2, "Negative integer as string, CRITICAL" ); -is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4 ', "Negative integer as string, CRITICAL output" ); +is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4;-2:;-3: ', "Negative integer as string, CRITICAL output" ); -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -c ~:-6.5" ); +$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -c '~:-6.5'" ); is($res->return_code, 0, "Negative float OK" ); -is($res->output, 'SNMP OK - -6.6 | iso.3.6.1.4.1.8072.3.2.67.18=-6.6 ', "Negative float OK output" ); +is($res->output, 'SNMP OK - -6.6 | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;;~:-6.5 ', "Negative float OK output" ); -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -w ~:-6.65 -c ~:-6.55" ); +$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -w '~:-6.65' -c '~:-6.55'" ); is($res->return_code, 1, "Negative float WARNING" ); -is($res->output, 'SNMP WARNING - *-6.6* | iso.3.6.1.4.1.8072.3.2.67.18=-6.6 ', "Negative float WARNING output" ); +is($res->output, 'SNMP WARNING - *-6.6* | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;~:-6.65;~:-6.55 ', "Negative float WARNING output" ); diff --git a/plugins/utils.c b/plugins/utils.c index 58b153d8..231af92b 100644 --- a/plugins/utils.c +++ b/plugins/utils.c @@ -144,8 +144,6 @@ usage5 (void) void print_revision (const char *command_name, const char *revision) { - char plugin_revision[STRLEN]; - printf ("%s v%s (%s %s)\n", command_name, revision, PACKAGE, VERSION); } @@ -630,3 +628,84 @@ char *fperfdata (const char *label, return data; } + +char *sperfdata (const char *label, + double val, + const char *uom, + char *warn, + char *crit, + int minp, + double minv, + int maxp, + double maxv) +{ + char *data = NULL; + if (strpbrk (label, "'= ")) + xasprintf (&data, "'%s'=", label); + else + xasprintf (&data, "%s=", label); + + xasprintf (&data, "%s%f", data, val); + xasprintf (&data, "%s%s;", data, uom); + + if (warn!=NULL) + xasprintf (&data, "%s%s", data, warn); + + xasprintf (&data, "%s;", data); + + if (crit!=NULL) + xasprintf (&data, "%s%s", data, crit); + + xasprintf (&data, "%s;", data); + + if (minp) + xasprintf (&data, "%s%f", data, minv); + + if (maxp) { + xasprintf (&data, "%s;", data); + xasprintf (&data, "%s%f", data, maxv); + } + + return data; +} + +char *sperfdata_int (const char *label, + int val, + const char *uom, + char *warn, + char *crit, + int minp, + int minv, + int maxp, + int maxv) +{ + char *data = NULL; + if (strpbrk (label, "'= ")) + xasprintf (&data, "'%s'=", label); + else + xasprintf (&data, "%s=", label); + + xasprintf (&data, "%s%d", data, val); + xasprintf (&data, "%s%s;", data, uom); + + if (warn!=NULL) + xasprintf (&data, "%s%s", data, warn); + + xasprintf (&data, "%s;", data); + + if (crit!=NULL) + xasprintf (&data, "%s%s", data, crit); + + xasprintf (&data, "%s;", data); + + if (minp) + xasprintf (&data, "%s%d", data, minv); + + if (maxp) { + xasprintf (&data, "%s;", data); + xasprintf (&data, "%s%d", data, maxv); + } + + return data; +} + diff --git a/plugins/utils.h b/plugins/utils.h index 4c4aaccc..a436e1ca 100644 --- a/plugins/utils.h +++ b/plugins/utils.h @@ -94,29 +94,17 @@ const char *state_text (int); #define max(a,b) (((a)>(b))?(a):(b)) #define min(a,b) (((a)<(b))?(a):(b)) -char *perfdata (const char *, - long int, - const char *, - int, - long int, - int, - long int, - int, - long int, - int, - long int); - -char *fperfdata (const char *, - double, - const char *, - int, - double, - int, - double, - int, - double, - int, - double); +char *perfdata (const char *, long int, const char *, int, long int, + int, long int, int, long int, int, long int); + +char *fperfdata (const char *, double, const char *, int, double, + int, double, int, double, int, double); + +char *sperfdata (const char *, double, const char *, char *, char *, + int, double, int, double); + +char *sperfdata_int (const char *, int, const char *, char *, char *, + int, int, int, int); /* The idea here is that, although not every plugin will use all of these, most will or should. Therefore, for consistency, these very common |