aboutsummaryrefslogtreecommitdiff
path: root/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'plugins')
-rw-r--r--plugins/Makefile.am2
-rw-r--r--plugins/check_apt.c4
-rw-r--r--plugins/check_by_ssh.c11
-rw-r--r--plugins/check_cluster.c2
-rw-r--r--plugins/check_dbi.c4
-rw-r--r--plugins/check_dig.c6
-rw-r--r--plugins/check_disk.c47
-rw-r--r--plugins/check_dns.c6
-rw-r--r--plugins/check_dummy.c4
-rw-r--r--plugins/check_fping.c6
-rw-r--r--plugins/check_game.c4
-rw-r--r--plugins/check_hpjd.c4
-rw-r--r--plugins/check_http.c108
-rw-r--r--plugins/check_ide_smart.c6
-rw-r--r--plugins/check_ldap.c99
-rw-r--r--plugins/check_load.c4
-rw-r--r--plugins/check_mrtg.c4
-rw-r--r--plugins/check_mrtgtraf.c4
-rw-r--r--plugins/check_mysql.c4
-rw-r--r--plugins/check_mysql_query.c4
-rw-r--r--plugins/check_nagios.c4
-rw-r--r--plugins/check_nt.c4
-rw-r--r--plugins/check_ntp.c4
-rw-r--r--plugins/check_ntp_peer.c4
-rw-r--r--plugins/check_ntp_time.c4
-rw-r--r--plugins/check_nwstat.c4
-rw-r--r--plugins/check_overcr.c4
-rw-r--r--plugins/check_pgsql.c4
-rw-r--r--plugins/check_ping.c4
-rw-r--r--plugins/check_procs.c4
-rw-r--r--plugins/check_radius.c4
-rw-r--r--plugins/check_real.c4
-rw-r--r--plugins/check_smtp.c17
-rw-r--r--plugins/check_snmp.c26
-rw-r--r--plugins/check_ssh.c4
-rw-r--r--plugins/check_swap.c4
-rw-r--r--plugins/check_tcp.c9
-rw-r--r--plugins/check_time.c4
-rw-r--r--plugins/check_ups.c16
-rw-r--r--plugins/check_users.c64
-rw-r--r--plugins/netutils.c12
-rw-r--r--plugins/netutils.h10
-rw-r--r--plugins/sslutils.c129
-rw-r--r--plugins/t/NPTest.cache.travis4
-rw-r--r--plugins/t/check_http.t45
-rw-r--r--plugins/t/check_ldap.t80
-rw-r--r--plugins/t/check_snmp.t4
-rw-r--r--plugins/t/check_users.t4
-rwxr-xr-xplugins/tests/check_http.t8
-rwxr-xr-xplugins/tests/check_snmp.t22
-rw-r--r--plugins/utils.c83
-rw-r--r--plugins/utils.h34
52 files changed, 661 insertions, 299 deletions
diff --git a/plugins/Makefile.am b/plugins/Makefile.am
index 41906c53..0ddf9bd1 100644
--- a/plugins/Makefile.am
+++ b/plugins/Makefile.am
@@ -71,7 +71,7 @@ check_apt_LDADD = $(BASEOBJS)
check_cluster_LDADD = $(BASEOBJS)
check_dbi_LDADD = $(NETLIBS) $(DBILIBS)
check_dig_LDADD = $(NETLIBS)
-check_disk_LDADD = $(BASEOBJS) $(THREADLIBS)
+check_disk_LDADD = $(BASEOBJS)
check_dns_LDADD = $(NETLIBS)
check_dummy_LDADD = $(BASEOBJS)
check_fping_LDADD = $(NETLIBS)
diff --git a/plugins/check_apt.c b/plugins/check_apt.c
index 8747f904..a639a411 100644
--- a/plugins/check_apt.c
+++ b/plugins/check_apt.c
@@ -160,10 +160,10 @@ int process_arguments (int argc, char **argv) {
switch(c) {
case 'h':
print_help();
- exit(STATE_OK);
+ exit(STATE_UNKNOWN);
case 'V':
print_revision(progname, NP_VERSION);
- exit(STATE_OK);
+ exit(STATE_UNKNOWN);
case 'v':
verbose++;
break;
diff --git a/plugins/check_by_ssh.c b/plugins/check_by_ssh.c
index a877f888..13d8bc3b 100644
--- a/plugins/check_by_ssh.c
+++ b/plugins/check_by_ssh.c
@@ -100,6 +100,13 @@ main (int argc, char **argv)
result = cmd_run_array (commargv, &chld_out, &chld_err, 0);
+ if (verbose) {
+ for(i = 0; i < chld_out.lines; i++)
+ printf("stdout: %s\n", chld_out.line[i]);
+ for(i = 0; i < chld_err.lines; i++)
+ printf("stderr: %s\n", chld_err.line[i]);
+ }
+
if (skip_stdout == -1) /* --skip-stdout specified without argument */
skip_stdout = chld_out.lines;
if (skip_stderr == -1) /* --skip-stderr specified without argument */
@@ -209,10 +216,10 @@ process_arguments (int argc, char **argv)
switch (c) {
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'v': /* help */
verbose = TRUE;
break;
diff --git a/plugins/check_cluster.c b/plugins/check_cluster.c
index cf699e1f..b86e501d 100644
--- a/plugins/check_cluster.c
+++ b/plugins/check_cluster.c
@@ -200,7 +200,7 @@ int process_arguments(int argc, char **argv){
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
break;
case 'H': /* help */
diff --git a/plugins/check_dbi.c b/plugins/check_dbi.c
index a3d033f4..826eb8d9 100644
--- a/plugins/check_dbi.c
+++ b/plugins/check_dbi.c
@@ -368,10 +368,10 @@ process_arguments (int argc, char **argv)
usage5 ();
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'c': /* critical range */
critical_range = optarg;
diff --git a/plugins/check_dig.c b/plugins/check_dig.c
index d899b119..473d4b97 100644
--- a/plugins/check_dig.c
+++ b/plugins/check_dig.c
@@ -125,7 +125,7 @@ main (int argc, char **argv)
if (verbose)
printf ("%s\n", chld_out.line[i]);
- if (strstr (chld_out.line[i], (expected_address == NULL ? query_address : expected_address)) != NULL) {
+ if (strcasestr (chld_out.line[i], (expected_address == NULL ? query_address : expected_address)) != NULL) {
msg = chld_out.line[i];
result = STATE_OK;
@@ -223,10 +223,10 @@ process_arguments (int argc, char **argv)
switch (c) {
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'H': /* hostname */
host_or_die(optarg);
dns_server = optarg;
diff --git a/plugins/check_disk.c b/plugins/check_disk.c
index eb573f5f..874a0ee0 100644
--- a/plugins/check_disk.c
+++ b/plugins/check_disk.c
@@ -51,9 +51,6 @@ const char *email = "devel@monitoring-plugins.org";
# include <limits.h>
#endif
#include "regex.h"
-#if HAVE_PTHREAD_H
-# include <pthread.h>
-#endif
#ifdef __CYGWIN__
# include <windows.h>
@@ -133,7 +130,6 @@ void print_help (void);
void print_usage (void);
double calculate_percent(uintmax_t, uintmax_t);
void stat_path (struct parameter_list *p);
-void *do_stat_path (void *p);
void get_stats (struct parameter_list *p, struct fs_usage *fsp);
void get_path_stats (struct parameter_list *p, struct fs_usage *fsp);
@@ -766,10 +762,10 @@ process_arguments (int argc, char **argv)
break;
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case '?': /* help */
usage (_("Unknown argument"));
}
@@ -972,44 +968,6 @@ print_usage (void)
void
stat_path (struct parameter_list *p)
{
-#ifdef HAVE_PTHREAD_H
- pthread_t stat_thread;
- int statdone = 0;
- int timer = timeout_interval;
- struct timespec req, rem;
-
- req.tv_sec = 0;
- pthread_create(&stat_thread, NULL, do_stat_path, p);
- while (timer-- > 0) {
- req.tv_nsec = 10000000;
- nanosleep(&req, &rem);
- if (pthread_kill(stat_thread, 0)) {
- statdone = 1;
- break;
- } else {
- req.tv_nsec = 990000000;
- nanosleep(&req, &rem);
- }
- }
- if (statdone == 1) {
- pthread_join(stat_thread, NULL);
- } else {
- pthread_detach(stat_thread);
- if (verbose >= 3)
- printf("stat did not return within %ds on %s\n", timeout_interval, p->name);
- printf("DISK %s - ", _("CRITICAL"));
- die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("hangs"), _("Timeout"));
- }
-#else
- do_stat_path(p);
-#endif
-}
-
-void *
-do_stat_path (void *in)
-{
- struct parameter_list *p = in;
-
/* Stat entry to check that dir exists and is accessible */
if (verbose >= 3)
printf("calling stat on %s\n", p->name);
@@ -1019,7 +977,6 @@ do_stat_path (void *in)
printf("DISK %s - ", _("CRITICAL"));
die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("is not accessible"), strerror(errno));
}
- return NULL;
}
diff --git a/plugins/check_dns.c b/plugins/check_dns.c
index 0316e407..54ce7d16 100644
--- a/plugins/check_dns.c
+++ b/plugins/check_dns.c
@@ -126,7 +126,7 @@ main (int argc, char **argv)
if (verbose)
puts(chld_out.line[i]);
- if (strstr (chld_out.line[i], ".in-addr.arpa")) {
+ if (strcasestr (chld_out.line[i], ".in-addr.arpa")) {
if ((temp_buffer = strstr (chld_out.line[i], "name = ")))
addresses[n_addresses++] = strdup (temp_buffer + 7);
else {
@@ -389,10 +389,10 @@ process_arguments (int argc, char **argv)
switch (c) {
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'v': /* version */
verbose = TRUE;
break;
diff --git a/plugins/check_dummy.c b/plugins/check_dummy.c
index 3ed68717..212a1344 100644
--- a/plugins/check_dummy.c
+++ b/plugins/check_dummy.c
@@ -52,11 +52,11 @@ main (int argc, char **argv)
usage4 (_("Could not parse arguments"));
else if (strcmp (argv[1], "-V") == 0 || strcmp (argv[1], "--version") == 0) {
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
}
else if (strcmp (argv[1], "-h") == 0 || strcmp (argv[1], "--help") == 0) {
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
}
else if (!is_integer (argv[1]))
usage4 (_("Arguments to check_dummy must be an integer"));
diff --git a/plugins/check_fping.c b/plugins/check_fping.c
index 46046b4f..da1ce1a6 100644
--- a/plugins/check_fping.c
+++ b/plugins/check_fping.c
@@ -105,7 +105,7 @@ main (int argc, char **argv)
xasprintf(&option_string, "%s-I %s ", option_string, sourceif);
#ifdef PATH_TO_FPING6
- if (address_family == AF_INET6)
+ if (address_family != AF_INET && is_inet6_addr(server))
fping_prog = strdup(PATH_TO_FPING6);
else
fping_prog = strdup(PATH_TO_FPING);
@@ -314,10 +314,10 @@ process_arguments (int argc, char **argv)
usage5 ();
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'v': /* verbose mode */
verbose = TRUE;
break;
diff --git a/plugins/check_game.c b/plugins/check_game.c
index 29e59e2f..709dae1b 100644
--- a/plugins/check_game.c
+++ b/plugins/check_game.c
@@ -196,10 +196,10 @@ process_arguments (int argc, char **argv)
switch (c) {
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'v': /* version */
verbose = TRUE;
break;
diff --git a/plugins/check_hpjd.c b/plugins/check_hpjd.c
index 5fe06984..f159f5a2 100644
--- a/plugins/check_hpjd.c
+++ b/plugins/check_hpjd.c
@@ -350,10 +350,10 @@ process_arguments (int argc, char **argv)
break;
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case '?': /* help */
usage5 ();
}
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 51679975..2038f4a1 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -267,11 +267,11 @@ process_arguments (int argc, char **argv)
break;
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
break;
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
break;
case 't': /* timeout period */
if (!is_intnonneg (optarg))
@@ -343,9 +343,20 @@ process_arguments (int argc, char **argv)
parameters, like -S and -C combinations */
use_ssl = TRUE;
if (c=='S' && optarg != NULL) {
- ssl_version = atoi(optarg);
- if (ssl_version < 1 || ssl_version > 3)
- usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2) or 3 (SSLv3)"));
+ int got_plus = strchr(optarg, '+') != NULL;
+
+ if (!strncmp (optarg, "1.2", 3))
+ ssl_version = got_plus ? MP_TLSv1_2_OR_NEWER : MP_TLSv1_2;
+ else if (!strncmp (optarg, "1.1", 3))
+ ssl_version = got_plus ? MP_TLSv1_1_OR_NEWER : MP_TLSv1_1;
+ else if (optarg[0] == '1')
+ ssl_version = got_plus ? MP_TLSv1_OR_NEWER : MP_TLSv1;
+ else if (optarg[0] == '3')
+ ssl_version = got_plus ? MP_SSLv3_OR_NEWER : MP_SSLv3;
+ else if (optarg[0] == '2')
+ ssl_version = got_plus ? MP_SSLv2_OR_NEWER : MP_SSLv2;
+ else
+ usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)"));
}
if (specify_port == FALSE)
server_port = HTTPS_PORT;
@@ -869,17 +880,42 @@ check_http (void)
double elapsed_time_transfer = 0.0;
int page_len = 0;
int result = STATE_OK;
+ char *force_host_header = NULL;
/* try to connect to the host at the given port number */
gettimeofday (&tv_temp, NULL);
if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK)
die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
microsec_connect = deltime (tv_temp);
+
+ /* if we are called with the -I option, the -j method is CONNECT and */
+ /* we received -S for SSL, then we tunnel the request through a proxy*/
+ /* @20100414, public[at]frank4dd.com, http://www.frank4dd.com/howto */
+
+ if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
+ && host_name != NULL && use_ssl == TRUE) {
+
+ if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT);
+ asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent);
+ asprintf (&buf, "%sProxy-Connection: keep-alive\r\n", buf);
+ asprintf (&buf, "%sHost: %s\r\n", buf, host_name);
+ /* we finished our request, send empty line with CRLF */
+ asprintf (&buf, "%s%s", buf, CRLF);
+ if (verbose) printf ("%s\n", buf);
+ send(sd, buf, strlen (buf), 0);
+ buf[0]='\0';
+
+ if (verbose) printf ("Receive response from proxy\n");
+ read (sd, buffer, MAX_INPUT_BUFFER-1);
+ if (verbose) printf ("%s", buffer);
+ /* Here we should check if we got HTTP/1.1 200 Connection established */
+ }
#ifdef HAVE_SSL
elapsed_time_connect = (double)microsec_connect / 1.0e6;
if (use_ssl == TRUE) {
gettimeofday (&tv_temp, NULL);
result = np_net_ssl_init_with_hostname_version_and_cert(sd, (use_sni ? host_name : NULL), ssl_version, client_cert, client_privkey);
+ if (verbose) printf ("SSL initialized\n");
if (result != STATE_OK)
die (STATE_CRITICAL, NULL);
microsec_ssl = deltime (tv_temp);
@@ -893,29 +929,51 @@ check_http (void)
}
#endif /* HAVE_SSL */
- xasprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
+ if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
+ && host_name != NULL && use_ssl == TRUE)
+ asprintf (&buf, "%s %s %s\r\n%s\r\n", "GET", server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
+ else
+ asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
/* tell HTTP/1.1 servers not to keep the connection alive */
xasprintf (&buf, "%sConnection: close\r\n", buf);
+ /* check if Host header is explicitly set in options */
+ if (http_opt_headers_count) {
+ for (i = 0; i < http_opt_headers_count ; i++) {
+ if (strncmp(http_opt_headers[i], "Host:", 5) == 0) {
+ force_host_header = http_opt_headers[i];
+ }
+ }
+ }
+
/* optionally send the host header info */
if (host_name) {
- /*
- * Specify the port only if we're using a non-default port (see RFC 2616,
- * 14.23). Some server applications/configurations cause trouble if the
- * (default) port is explicitly specified in the "Host:" header line.
- */
- if ((use_ssl == FALSE && server_port == HTTP_PORT) ||
- (use_ssl == TRUE && server_port == HTTPS_PORT))
- xasprintf (&buf, "%sHost: %s\r\n", buf, host_name);
- else
- xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, server_port);
+ if (force_host_header) {
+ xasprintf (&buf, "%s%s\r\n", buf, force_host_header);
+ }
+ else {
+ /*
+ * Specify the port only if we're using a non-default port (see RFC 2616,
+ * 14.23). Some server applications/configurations cause trouble if the
+ * (default) port is explicitly specified in the "Host:" header line.
+ */
+ if ((use_ssl == FALSE && server_port == HTTP_PORT) ||
+ (use_ssl == TRUE && server_port == HTTPS_PORT) ||
+ (server_address != NULL && strcmp(http_method, "CONNECT") == 0
+ && host_name != NULL && use_ssl == TRUE))
+ xasprintf (&buf, "%sHost: %s\r\n", buf, host_name);
+ else
+ xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, server_port);
+ }
}
/* optionally send any other header tag */
if (http_opt_headers_count) {
for (i = 0; i < http_opt_headers_count ; i++) {
- xasprintf (&buf, "%s%s\r\n", buf, http_opt_headers[i]);
+ if (force_host_header != http_opt_headers[i]) {
+ xasprintf (&buf, "%s%s\r\n", buf, http_opt_headers[i]);
+ }
}
/* This cannot be free'd here because a redirection will then try to access this and segfault */
/* Covered in a testcase in tests/check_http.t */
@@ -1467,9 +1525,10 @@ print_help (void)
printf (UT_IPv46);
#ifdef HAVE_SSL
- printf (" %s\n", "-S, --ssl=VERSION");
+ printf (" %s\n", "-S, --ssl=VERSION[+]");
printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents"));
- printf (" %s\n", _("auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3)."));
+ printf (" %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,"));
+ printf (" %s\n", _("1.2 = TLSv1.2). With a '+' suffix, newer versions are also accepted."));
printf (" %s\n", "--sni");
printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");
@@ -1496,7 +1555,7 @@ print_help (void)
printf (" %s\n", _("URL to GET or POST (default: /)"));
printf (" %s\n", "-P, --post=STRING");
printf (" %s\n", _("URL encoded http POST data"));
- printf (" %s\n", "-j, --method=STRING (for example: HEAD, OPTIONS, TRACE, PUT, DELETE)");
+ printf (" %s\n", "-j, --method=STRING (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT)");
printf (" %s\n", _("Set HTTP method."));
printf (" %s\n", "-N, --no-body");
printf (" %s\n", _("Don't wait for document body: stop reading after headers."));
@@ -1570,7 +1629,7 @@ print_help (void)
printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 14 days,"));
printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when"));
- printf (" %s\n", _("the certificate is expired."));
+ printf (" %s\n\n", _("the certificate is expired."));
printf ("\n");
printf (" %s\n\n", "CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14");
printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,"));
@@ -1578,6 +1637,13 @@ print_help (void)
printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned."));
printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days"));
+ printf (" %s\n\n", "CHECK SSL WEBSERVER CONTENT VIA PROXY USING HTTP 1.1 CONNECT: ");
+ printf (" %s\n", _("check_http -I 192.168.100.35 -p 80 -u https://www.verisign.com/ -S -j CONNECT -H www.verisign.com "));
+ printf (" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>"));
+ printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds"));
+ printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,"));
+ printf (" %s\n", _("a STATE_CRITICAL will be returned."));
+
#endif
printf (UT_SUPPORT);
diff --git a/plugins/check_ide_smart.c b/plugins/check_ide_smart.c
index 47605e96..8d540ca1 100644
--- a/plugins/check_ide_smart.c
+++ b/plugins/check_ide_smart.c
@@ -234,10 +234,10 @@ main (int argc, char *argv[])
break;
case 'h':
print_help ();
- return STATE_OK;
+ return STATE_UNKNOWN;
case 'V':
print_revision (progname, NP_VERSION);
- return STATE_OK;
+ return STATE_UNKNOWN;
default:
usage5 ();
}
@@ -249,7 +249,7 @@ main (int argc, char *argv[])
if (!device) {
print_help ();
- return STATE_OK;
+ return STATE_UNKNOWN;
}
fd = open (device, OPEN_MODE);
diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c
index c371be97..66be4b46 100644
--- a/plugins/check_ldap.c
+++ b/plugins/check_ldap.c
@@ -1,29 +1,29 @@
/*****************************************************************************
-*
+*
* Monitoring check_ldap plugin
-*
+*
* License: GPL
* Copyright (c) 2000-2008 Monitoring Plugins Development Team
-*
+*
* Description:
-*
+*
* This file contains the check_ldap plugin
-*
-*
+*
+*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
-*
+*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
-*
+*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
-*
-*
+*
+*
*****************************************************************************/
/* progname may be check_ldaps */
@@ -67,7 +67,10 @@ int ld_protocol = DEFAULT_PROTOCOL;
#endif
double warn_time = UNDEFINED;
double crit_time = UNDEFINED;
+thresholds *entries_thresholds = NULL;
struct timeval tv;
+char* warn_entries = NULL;
+char* crit_entries = NULL;
int starttls = FALSE;
int ssl_on_connect = FALSE;
int verbose = 0;
@@ -94,6 +97,12 @@ main (int argc, char *argv[])
int tls;
int version=3;
+ /* for entry counting */
+
+ LDAPMessage *next_entry;
+ int status_entries = STATE_OK;
+ int num_entries = 0;
+
setlocale (LC_ALL, "");
bindtextdomain (PACKAGE, LOCALEDIR);
textdomain (PACKAGE);
@@ -197,12 +206,14 @@ main (int argc, char *argv[])
}
/* do a search of all objectclasses in the base dn */
- if (ldap_search_s (ld, ld_base, LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result)
+ if (ldap_search_s (ld, ld_base, (crit_entries!=NULL || warn_entries!=NULL) ? LDAP_SCOPE_SUBTREE : LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result)
!= LDAP_SUCCESS) {
if (verbose)
ldap_perror(ld, "ldap_search");
printf (_("Could not search/find objectclasses in %s\n"), ld_base);
return STATE_CRITICAL;
+ } else if (crit_entries!=NULL || warn_entries!=NULL) {
+ num_entries = ldap_count_entries(ld, result);
}
/* unbind from the ldap server */
@@ -223,14 +234,42 @@ main (int argc, char *argv[])
else
status = STATE_OK;
+ if(entries_thresholds != NULL) {
+ if (verbose) {
+ printf ("entries found: %d\n", num_entries);
+ print_thresholds("entry threasholds", entries_thresholds);
+ }
+ status_entries = get_status(num_entries, entries_thresholds);
+ if (status_entries == STATE_CRITICAL) {
+ status = STATE_CRITICAL;
+ } else if (status != STATE_CRITICAL) {
+ status = status_entries;
+ }
+ }
+
/* print out the result */
- printf (_("LDAP %s - %.3f seconds response time|%s\n"),
- state_text (status),
- elapsed_time,
- fperfdata ("time", elapsed_time, "s",
- (int)warn_time, warn_time,
- (int)crit_time, crit_time,
- TRUE, 0, FALSE, 0));
+ if (crit_entries!=NULL || warn_entries!=NULL) {
+ printf (_("LDAP %s - found %d entries in %.3f seconds|%s %s\n"),
+ state_text (status),
+ num_entries,
+ elapsed_time,
+ fperfdata ("time", elapsed_time, "s",
+ (int)warn_time, warn_time,
+ (int)crit_time, crit_time,
+ TRUE, 0, FALSE, 0),
+ sperfdata ("entries", (double)num_entries, "",
+ warn_entries,
+ crit_entries,
+ TRUE, 0.0, FALSE, 0.0));
+ } else {
+ printf (_("LDAP %s - %.3f seconds response time|%s\n"),
+ state_text (status),
+ elapsed_time,
+ fperfdata ("time", elapsed_time, "s",
+ (int)warn_time, warn_time,
+ (int)crit_time, crit_time,
+ TRUE, 0, FALSE, 0));
+ }
return status;
}
@@ -263,6 +302,8 @@ process_arguments (int argc, char **argv)
{"port", required_argument, 0, 'p'},
{"warn", required_argument, 0, 'w'},
{"crit", required_argument, 0, 'c'},
+ {"warn-entries", required_argument, 0, 'W'},
+ {"crit-entries", required_argument, 0, 'C'},
{"verbose", no_argument, 0, 'v'},
{0, 0, 0, 0}
};
@@ -276,7 +317,7 @@ process_arguments (int argc, char **argv)
}
while (1) {
- c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:", longopts, &option);
+ c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:W:", longopts, &option);
if (c == -1 || c == EOF)
break;
@@ -284,10 +325,10 @@ process_arguments (int argc, char **argv)
switch (c) {
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 't': /* timeout period */
if (!is_intnonneg (optarg))
usage2 (_("Timeout interval must be a positive integer"), optarg);
@@ -318,6 +359,12 @@ process_arguments (int argc, char **argv)
case 'c':
crit_time = strtod (optarg, NULL);
break;
+ case 'W':
+ warn_entries = optarg;
+ break;
+ case 'C':
+ crit_entries = optarg;
+ break;
#ifdef HAVE_LDAP_SET_OPTION
case '2':
ld_protocol = 2;
@@ -381,6 +428,10 @@ validate_arguments ()
if (ld_base==NULL)
usage4 (_("Please specify the LDAP base\n"));
+ if (crit_entries!=NULL || warn_entries!=NULL) {
+ set_thresholds(&entries_thresholds,
+ warn_entries, crit_entries);
+ }
return OK;
}
@@ -430,6 +481,11 @@ print_help (void)
printf (UT_WARN_CRIT);
+ printf (" %s\n", "-W [--warn-entries]");
+ printf (" %s\n", _("Number of found entries to result in warning status"));
+ printf (" %s\n", "-C [--crit-entries]");
+ printf (" %s\n", _("Number of found entries to result in critical status"));
+
printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
printf (UT_VERBOSE);
@@ -441,6 +497,7 @@ print_help (void)
printf (" %s\n", _("'SSL on connect' will be used no matter how the plugin was called."));
printf (" %s\n", _("This detection is deprecated, please use 'check_ldap' with the '--starttls' or '--ssl' flags"));
printf (" %s\n", _("to define the behaviour explicitly instead."));
+ printf (" %s\n", _("The parameters --warn-entries and --crit-entries are optional."));
printf (UT_SUPPORT);
}
diff --git a/plugins/check_load.c b/plugins/check_load.c
index cde63e56..a96435f4 100644
--- a/plugins/check_load.c
+++ b/plugins/check_load.c
@@ -251,10 +251,10 @@ process_arguments (int argc, char **argv)
break;
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case '?': /* help */
usage5 ();
}
diff --git a/plugins/check_mrtg.c b/plugins/check_mrtg.c
index cf3fe044..1fda5492 100644
--- a/plugins/check_mrtg.c
+++ b/plugins/check_mrtg.c
@@ -234,10 +234,10 @@ process_arguments (int argc, char **argv)
break;
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case '?': /* help */
usage5 ();
}
diff --git a/plugins/check_mrtgtraf.c b/plugins/check_mrtgtraf.c
index 3b038cf1..eb66f622 100644
--- a/plugins/check_mrtgtraf.c
+++ b/plugins/check_mrtgtraf.c
@@ -270,10 +270,10 @@ process_arguments (int argc, char **argv)
break;
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case '?': /* help */
usage5 ();
}
diff --git a/plugins/check_mysql.c b/plugins/check_mysql.c
index 216626bc..5773afd9 100644
--- a/plugins/check_mysql.c
+++ b/plugins/check_mysql.c
@@ -444,10 +444,10 @@ process_arguments (int argc, char **argv)
break;
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'v':
verbose++;
break;
diff --git a/plugins/check_mysql_query.c b/plugins/check_mysql_query.c
index 71ab7768..49a14dd3 100644
--- a/plugins/check_mysql_query.c
+++ b/plugins/check_mysql_query.c
@@ -250,10 +250,10 @@ process_arguments (int argc, char **argv)
break;
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'q':
xasprintf(&sql_query, "%s", optarg);
break;
diff --git a/plugins/check_nagios.c b/plugins/check_nagios.c
index 791b6dbe..40d68f03 100644
--- a/plugins/check_nagios.c
+++ b/plugins/check_nagios.c
@@ -235,10 +235,10 @@ process_arguments (int argc, char **argv)
switch (c) {
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'F': /* status log */
status_log = optarg;
break;
diff --git a/plugins/check_nt.c b/plugins/check_nt.c
index f621b0a8..59c135db 100644
--- a/plugins/check_nt.c
+++ b/plugins/check_nt.c
@@ -553,10 +553,10 @@ int process_arguments(int argc, char **argv){
usage5 ();
case 'h': /* help */
print_help();
- exit(STATE_OK);
+ exit(STATE_UNKNOWN);
case 'V': /* version */
print_revision(progname, NP_VERSION);
- exit(STATE_OK);
+ exit(STATE_UNKNOWN);
case 'H': /* hostname */
server_address = optarg;
break;
diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c
index a7d278de..75efc289 100644
--- a/plugins/check_ntp.c
+++ b/plugins/check_ntp.c
@@ -691,11 +691,11 @@ int process_arguments(int argc, char **argv){
switch (c) {
case 'h':
print_help();
- exit(STATE_OK);
+ exit(STATE_UNKNOWN);
break;
case 'V':
print_revision(progname, NP_VERSION);
- exit(STATE_OK);
+ exit(STATE_UNKNOWN);
break;
case 'v':
verbose++;
diff --git a/plugins/check_ntp_peer.c b/plugins/check_ntp_peer.c
index 44424af5..c656b0f5 100644
--- a/plugins/check_ntp_peer.c
+++ b/plugins/check_ntp_peer.c
@@ -448,11 +448,11 @@ int process_arguments(int argc, char **argv){
switch (c) {
case 'h':
print_help();
- exit(STATE_OK);
+ exit(STATE_UNKNOWN);
break;
case 'V':
print_revision(progname, NP_VERSION);
- exit(STATE_OK);
+ exit(STATE_UNKNOWN);
break;
case 'v':
verbose++;
diff --git a/plugins/check_ntp_time.c b/plugins/check_ntp_time.c
index e344f8b7..295f86f6 100644
--- a/plugins/check_ntp_time.c
+++ b/plugins/check_ntp_time.c
@@ -477,11 +477,11 @@ int process_arguments(int argc, char **argv){
switch (c) {
case 'h':
print_help();
- exit(STATE_OK);
+ exit(STATE_UNKNOWN);
break;
case 'V':
print_revision(progname, NP_VERSION);
- exit(STATE_OK);
+ exit(STATE_UNKNOWN);
break;
case 'v':
verbose++;
diff --git a/plugins/check_nwstat.c b/plugins/check_nwstat.c
index 1a7bfa16..e7e8de05 100644
--- a/plugins/check_nwstat.c
+++ b/plugins/check_nwstat.c
@@ -1354,10 +1354,10 @@ int process_arguments(int argc, char **argv) {
usage5 ();
case 'h': /* help */
print_help();
- exit(STATE_OK);
+ exit(STATE_UNKNOWN);
case 'V': /* version */
print_revision(progname, NP_VERSION);
- exit(STATE_OK);
+ exit(STATE_UNKNOWN);
case 'H': /* hostname */
server_address=optarg;
break;
diff --git a/plugins/check_overcr.c b/plugins/check_overcr.c
index af5eb9b9..9a4d25fa 100644
--- a/plugins/check_overcr.c
+++ b/plugins/check_overcr.c
@@ -340,10 +340,10 @@ process_arguments (int argc, char **argv)
usage5 ();
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'H': /* hostname */
server_address = optarg;
break;
diff --git a/plugins/check_pgsql.c b/plugins/check_pgsql.c
index 9bad1ec5..2eb699e8 100644
--- a/plugins/check_pgsql.c
+++ b/plugins/check_pgsql.c
@@ -302,10 +302,10 @@ process_arguments (int argc, char **argv)
usage5 ();
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 't': /* timeout period */
if (!is_integer (optarg))
usage2 (_("Timeout interval must be a positive integer"), optarg);
diff --git a/plugins/check_ping.c b/plugins/check_ping.c
index dbc5c3e4..423ecbe5 100644
--- a/plugins/check_ping.c
+++ b/plugins/check_ping.c
@@ -224,11 +224,11 @@ process_arguments (int argc, char **argv)
usage5 ();
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
break;
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
break;
case 't': /* timeout period */
timeout_interval = atoi (optarg);
diff --git a/plugins/check_procs.c b/plugins/check_procs.c
index 402aac53..4bcc56bc 100644
--- a/plugins/check_procs.c
+++ b/plugins/check_procs.c
@@ -428,10 +428,10 @@ process_arguments (int argc, char **argv)
usage5 ();
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 't': /* timeout period */
if (!is_integer (optarg))
usage2 (_("Timeout interval must be a positive integer"), optarg);
diff --git a/plugins/check_radius.c b/plugins/check_radius.c
index b2943475..03cbb8b0 100644
--- a/plugins/check_radius.c
+++ b/plugins/check_radius.c
@@ -259,10 +259,10 @@ process_arguments (int argc, char **argv)
usage5 ();
case 'h': /* help */
print_help ();
- exit (OK);
+ exit (STATE_UNKNOWN);
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (OK);
+ exit (STATE_UNKNOWN);
case 'v': /* verbose mode */
verbose = TRUE;
break;
diff --git a/plugins/check_real.c b/plugins/check_real.c
index 00bd4d20..6491e6e9 100644
--- a/plugins/check_real.c
+++ b/plugins/check_real.c
@@ -359,10 +359,10 @@ process_arguments (int argc, char **argv)
break;
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case '?': /* usage */
usage5 ();
}
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index 24304534..1996c6d3 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -231,7 +231,7 @@ main (int argc, char **argv)
send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0);
recvlines(buffer, MAX_INPUT_BUFFER); /* wait for it */
- if (!strstr (buffer, server_expect)) {
+ if (!strstr (buffer, SMTP_EXPECT)) {
printf (_("Server does not support STARTTLS\n"));
smtp_quit();
return STATE_UNKNOWN;
@@ -276,6 +276,7 @@ main (int argc, char **argv)
# ifdef USE_OPENSSL
if ( check_cert ) {
result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
+ smtp_quit();
my_close();
return result;
}
@@ -581,11 +582,6 @@ process_arguments (int argc, char **argv)
usage4 (_("Timeout interval must be a positive integer"));
}
break;
- case 'S':
- /* starttls */
- use_ssl = TRUE;
- use_ehlo = TRUE;
- break;
case 'D':
/* Check SSL cert validity */
#ifdef USE_OPENSSL
@@ -607,9 +603,14 @@ process_arguments (int argc, char **argv)
days_till_exp_warn = atoi (optarg);
}
check_cert = TRUE;
+ ignore_send_quit_failure = TRUE;
#else
usage (_("SSL support not available - install OpenSSL and recompile"));
#endif
+ case 'S':
+ /* starttls */
+ use_ssl = TRUE;
+ use_ehlo = TRUE;
break;
case '4':
address_family = AF_INET;
@@ -623,10 +624,10 @@ process_arguments (int argc, char **argv)
break;
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case '?': /* help */
usage5 ();
}
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c
index 9d966faa..da9638c4 100644
--- a/plugins/check_snmp.c
+++ b/plugins/check_snmp.c
@@ -41,7 +41,6 @@ const char *email = "devel@monitoring-plugins.org";
#define DEFAULT_PORT "161"
#define DEFAULT_MIBLIST "ALL"
#define DEFAULT_PROTOCOL "1"
-#define DEFAULT_TIMEOUT 1
#define DEFAULT_RETRIES 5
#define DEFAULT_AUTH_PROTOCOL "MD5"
#define DEFAULT_PRIV_PROTOCOL "DES"
@@ -153,7 +152,7 @@ state_data *previous_state;
double *previous_value;
size_t previous_size = OID_COUNT_STEP;
int perf_labels = 1;
-
+char* ip_version = "";
static char *fix_snmp_range(char *th)
{
@@ -227,7 +226,7 @@ main (int argc, char **argv)
outbuff = strdup ("");
delimiter = strdup (" = ");
output_delim = strdup (DEFAULT_OUTPUT_DELIMITER);
- timeout_interval = DEFAULT_TIMEOUT;
+ timeout_interval = DEFAULT_SOCKET_TIMEOUT;
retries = DEFAULT_RETRIES;
np_init( (char *) progname, argc, argv );
@@ -418,6 +417,9 @@ main (int argc, char **argv)
else if (strstr (response, "INTEGER: ")) {
show = strstr (response, "INTEGER: ") + 9;
}
+ else if (strstr (response, "OID: ")) {
+ show = strstr (response, "OID: ") + 5;
+ }
else if (strstr (response, "STRING: ")) {
show = strstr (response, "STRING: ") + 8;
conv = "%.10g";
@@ -678,6 +680,8 @@ process_arguments (int argc, char **argv)
{"offset", required_argument, 0, L_OFFSET},
{"invert-search", no_argument, 0, L_INVERT_SEARCH},
{"perf-oids", no_argument, 0, 'O'},
+ {"ipv4", no_argument, 0, '4'},
+ {"ipv6", no_argument, 0, '6'},
{0, 0, 0, 0}
};
@@ -695,7 +699,7 @@ process_arguments (int argc, char **argv)
}
while (1) {
- c = getopt_long (argc, argv, "nhvVOt:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:",
+ c = getopt_long (argc, argv, "nhvVO46t:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:",
longopts, &option);
if (c == -1 || c == EOF)
@@ -706,10 +710,10 @@ process_arguments (int argc, char **argv)
usage5 ();
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'v': /* verbose */
verbose++;
break;
@@ -920,6 +924,13 @@ process_arguments (int argc, char **argv)
case 'O':
perf_labels=0;
break;
+ case '4':
+ break;
+ case '6':
+ xasprintf(&ip_version, "udp6:");
+ if(verbose>2)
+ printf("IPv6 detected! Will pass \"udp6:\" to snmpget.\n");
+ break;
}
}
@@ -1125,6 +1136,7 @@ print_help (void)
printf (UT_HELP_VRSN);
printf (UT_EXTRA_OPTS);
+ printf (UT_IPv46);
printf (UT_HOST_PORT, 'p', DEFAULT_PORT);
@@ -1243,5 +1255,5 @@ print_usage (void)
printf ("[-C community] [-s string] [-r regex] [-R regexi] [-t timeout] [-e retries]\n");
printf ("[-l label] [-u units] [-p port-number] [-d delimiter] [-D output-delimiter]\n");
printf ("[-m miblist] [-P snmp version] [-N context] [-L seclevel] [-U secname]\n");
- printf ("[-a authproto] [-A authpasswd] [-x privproto] [-X privpasswd]\n");
+ printf ("[-a authproto] [-A authpasswd] [-x privproto] [-X privpasswd] [-4|6]\n");
}
diff --git a/plugins/check_ssh.c b/plugins/check_ssh.c
index 3658965e..8ccbd5a7 100644
--- a/plugins/check_ssh.c
+++ b/plugins/check_ssh.c
@@ -128,10 +128,10 @@ process_arguments (int argc, char **argv)
usage5 ();
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'v': /* verbose */
verbose = TRUE;
break;
diff --git a/plugins/check_swap.c b/plugins/check_swap.c
index 25e0bacd..4d5a4071 100644
--- a/plugins/check_swap.c
+++ b/plugins/check_swap.c
@@ -470,10 +470,10 @@ process_arguments (int argc, char **argv)
break;
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case '?': /* error */
usage5 ();
}
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c
index 63f9fd9c..6dc9aa96 100644
--- a/plugins/check_tcp.c
+++ b/plugins/check_tcp.c
@@ -237,7 +237,7 @@ main (int argc, char **argv)
gettimeofday (&tv, NULL);
result = np_net_connect (server_address, server_port, &sd, PROTOCOL);
- if (result == STATE_CRITICAL) return STATE_CRITICAL;
+ if (result == STATE_CRITICAL) return econn_refuse_state;
#ifdef HAVE_SSL
if (flags & FLAG_SSL){
@@ -463,10 +463,10 @@ process_arguments (int argc, char **argv)
usage5 ();
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'v': /* verbose mode */
flags |= FLAG_VERBOSE;
match_flags |= NP_MATCH_VERBOSE;
@@ -577,7 +577,8 @@ process_arguments (int argc, char **argv)
if ((temp=strchr(optarg,','))!=NULL) {
*temp='\0';
if (!is_intnonneg (optarg))
- usage2 (_("Invalid certificate expiration period"), optarg); days_till_exp_warn = atoi(optarg);
+ usage2 (_("Invalid certificate expiration period"), optarg);
+ days_till_exp_warn = atoi (optarg);
*temp=',';
temp++;
if (!is_intnonneg (temp))
diff --git a/plugins/check_time.c b/plugins/check_time.c
index 3943742a..baf8c591 100644
--- a/plugins/check_time.c
+++ b/plugins/check_time.c
@@ -231,10 +231,10 @@ process_arguments (int argc, char **argv)
usage5 ();
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'H': /* hostname */
if (is_host (optarg) == FALSE)
usage2 (_("Invalid hostname/address"), optarg);
diff --git a/plugins/check_ups.c b/plugins/check_ups.c
index 099881d0..e9e56a51 100644
--- a/plugins/check_ups.c
+++ b/plugins/check_ups.c
@@ -242,8 +242,8 @@ main (int argc, char **argv)
}
xasprintf (&data, "%s %s", data,
perfdata ("battery", (long)ups_battery_percent, "%",
- check_warn, (long)(1000*warning_value),
- check_crit, (long)(1000*critical_value),
+ check_warn, (long)(warning_value),
+ check_crit, (long)(critical_value),
TRUE, 0, TRUE, 100));
} else {
xasprintf (&data, "%s %s", data,
@@ -271,8 +271,8 @@ main (int argc, char **argv)
}
xasprintf (&data, "%s %s", data,
perfdata ("load", (long)ups_load_percent, "%",
- check_warn, (long)(1000*warning_value),
- check_crit, (long)(1000*critical_value),
+ check_warn, (long)(warning_value),
+ check_crit, (long)(critical_value),
TRUE, 0, TRUE, 100));
} else {
xasprintf (&data, "%s %s", data,
@@ -308,8 +308,8 @@ main (int argc, char **argv)
}
xasprintf (&data, "%s %s", data,
perfdata ("temp", (long)ups_temperature, tunits,
- check_warn, (long)(1000*warning_value),
- check_crit, (long)(1000*critical_value),
+ check_warn, (long)(warning_value),
+ check_crit, (long)(critical_value),
TRUE, 0, FALSE, 0));
} else {
xasprintf (&data, "%s %s", data,
@@ -558,10 +558,10 @@ process_arguments (int argc, char **argv)
break;
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
}
}
diff --git a/plugins/check_users.c b/plugins/check_users.c
index a009f20b..f6f4b362 100644
--- a/plugins/check_users.c
+++ b/plugins/check_users.c
@@ -54,15 +54,15 @@ int process_arguments (int, char **);
void print_help (void);
void print_usage (void);
-int wusers = -1;
-int cusers = -1;
+char *warning_range = NULL;
+char *critical_range = NULL;
+thresholds *thlds = NULL;
int
main (int argc, char **argv)
{
int users = -1;
int result = STATE_UNKNOWN;
- char *perf;
#if HAVE_WTSAPI32_H
WTS_SESSION_INFO *wtsinfo;
DWORD wtscount;
@@ -77,8 +77,6 @@ main (int argc, char **argv)
bindtextdomain (PACKAGE, LOCALEDIR);
textdomain (PACKAGE);
- perf = strdup ("");
-
/* Parse extra opts if any */
argv = np_extra_opts (&argc, argv, progname);
@@ -160,23 +158,15 @@ main (int argc, char **argv)
#endif
/* check the user count against warning and critical thresholds */
- if (users > cusers)
- result = STATE_CRITICAL;
- else if (users > wusers)
- result = STATE_WARNING;
- else if (users >= 0)
- result = STATE_OK;
+ result = get_status((double)users, thlds);
if (result == STATE_UNKNOWN)
printf ("%s\n", _("Unable to read output"));
else {
- xasprintf (&perf, "%s", perfdata ("users", users, "",
- TRUE, wusers,
- TRUE, cusers,
- TRUE, 0,
- FALSE, 0));
- printf (_("USERS %s - %d users currently logged in |%s\n"), state_text (result),
- users, perf);
+ printf (_("USERS %s - %d users currently logged in |%s\n"),
+ state_text(result), users,
+ sperfdata_int("users", users, "", warning_range,
+ critical_range, TRUE, 0, FALSE, 0));
}
return result;
@@ -210,38 +200,32 @@ process_arguments (int argc, char **argv)
usage5 ();
case 'h': /* help */
print_help ();
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'V': /* version */
print_revision (progname, NP_VERSION);
- exit (STATE_OK);
+ exit (STATE_UNKNOWN);
case 'c': /* critical */
- if (!is_intnonneg (optarg))
- usage4 (_("Critical threshold must be a positive integer"));
- else
- cusers = atoi (optarg);
+ critical_range = optarg;
break;
case 'w': /* warning */
- if (!is_intnonneg (optarg))
- usage4 (_("Warning threshold must be a positive integer"));
- else
- wusers = atoi (optarg);
+ warning_range = optarg;
break;
}
}
c = optind;
- if (wusers == -1 && argc > c) {
- if (is_intnonneg (argv[c]) == FALSE)
- usage4 (_("Warning threshold must be a positive integer"));
- else
- wusers = atoi (argv[c++]);
- }
- if (cusers == -1 && argc > c) {
- if (is_intnonneg (argv[c]) == FALSE)
- usage4 (_("Warning threshold must be a positive integer"));
- else
- cusers = atoi (argv[c]);
- }
+ if (warning_range == NULL && argc > c)
+ warning_range = argv[c++];
+ if (critical_range == NULL && argc > c)
+ critical_range = argv[c++];
+
+ /* this will abort in case of invalid ranges */
+ set_thresholds (&thlds, warning_range, critical_range);
+
+ if (thlds->warning->end < 0)
+ usage4 (_("Warning threshold must be a positive integer"));
+ if (thlds->critical->end < 0)
+ usage4 (_("Critical threshold must be a positive integer"));
return OK;
}
diff --git a/plugins/netutils.c b/plugins/netutils.c
index 83f8942f..705aaf09 100644
--- a/plugins/netutils.c
+++ b/plugins/netutils.c
@@ -161,6 +161,10 @@ process_request (const char *server_address, int server_port, int proto,
int
np_net_connect (const char *host_name, int port, int *sd, int proto)
{
+ /* send back STATE_UNKOWN if there's an error
+ send back STATE_OK if we connect
+ send back STATE_CRITICAL if we can't connect.
+ Let upstream figure out what to send to the user. */
struct addrinfo hints;
struct addrinfo *r, *res;
struct sockaddr_un su;
@@ -250,16 +254,14 @@ np_net_connect (const char *host_name, int port, int *sd, int proto)
else if (was_refused) {
switch (econn_refuse_state) { /* a user-defined expected outcome */
case STATE_OK:
- case STATE_WARNING: /* user wants WARN or OK on refusal */
- return econn_refuse_state;
- break;
- case STATE_CRITICAL: /* user did not set econn_refuse_state */
+ case STATE_WARNING: /* user wants WARN or OK on refusal, or... */
+ case STATE_CRITICAL: /* user did not set econn_refuse_state, or wanted critical */
if (is_socket)
printf("connect to file socket %s: %s\n", host_name, strerror(errno));
else
printf("connect to address %s and port %d: %s\n",
host_name, port, strerror(errno));
- return econn_refuse_state;
+ return STATE_CRITICAL;
break;
default: /* it's a logic error if we do not end up in STATE_(OK|WARNING|CRITICAL) */
return STATE_UNKNOWN;
diff --git a/plugins/netutils.h b/plugins/netutils.h
index c6fce901..2766029e 100644
--- a/plugins/netutils.h
+++ b/plugins/netutils.h
@@ -91,6 +91,16 @@ RETSIGTYPE socket_timeout_alarm_handler (int) __attribute__((noreturn));
/* SSL-Related functionality */
#ifdef HAVE_SSL
+# define MP_SSLv2 1
+# define MP_SSLv3 2
+# define MP_TLSv1 3
+# define MP_TLSv1_1 4
+# define MP_TLSv1_2 5
+# define MP_SSLv2_OR_NEWER 6
+# define MP_SSLv3_OR_NEWER 7
+# define MP_TLSv1_OR_NEWER 8
+# define MP_TLSv1_1_OR_NEWER 9
+# define MP_TLSv1_2_OR_NEWER 10
/* maybe this could be merged with the above np_net_connect, via some flags */
int np_net_ssl_init(int sd);
int np_net_ssl_init_with_hostname(int sd, char *host_name);
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index d0ae4741..b412ef3d 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -49,28 +49,78 @@ int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int versi
int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int version, char *cert, char *privkey) {
SSL_METHOD *method = NULL;
+ long options = 0;
switch (version) {
- case 0: /* Deafult to auto negotiation */
- method = SSLv23_client_method();
- break;
- case 1: /* TLSv1 protocol */
- method = TLSv1_client_method();
- break;
- case 2: /* SSLv2 protocol */
+ case MP_SSLv2: /* SSLv2 protocol */
#if defined(USE_GNUTLS) || defined(OPENSSL_NO_SSL2)
- printf(("%s\n", _("CRITICAL - SSL protocol version 2 is not supported by your SSL library.")));
- return STATE_CRITICAL;
+ printf("%s\n", _("UNKNOWN - SSL protocol version 2 is not supported by your SSL library."));
+ return STATE_UNKNOWN;
#else
method = SSLv2_client_method();
-#endif
break;
- case 3: /* SSLv3 protocol */
+#endif
+ case MP_SSLv3: /* SSLv3 protocol */
+#if defined(OPENSSL_NO_SSL3)
+ printf("%s\n", _("UNKNOWN - SSL protocol version 3 is not supported by your SSL library."));
+ return STATE_UNKNOWN;
+#else
method = SSLv3_client_method();
break;
- default: /* Unsupported */
- printf("%s\n", _("CRITICAL - Unsupported SSL protocol version."));
- return STATE_CRITICAL;
+#endif
+ case MP_TLSv1: /* TLSv1 protocol */
+#if defined(OPENSSL_NO_TLS1)
+ printf("%s\n", _("UNKNOWN - TLS protocol version 1 is not supported by your SSL library."));
+ return STATE_UNKNOWN;
+#else
+ method = TLSv1_client_method();
+ break;
+#endif
+ case MP_TLSv1_1: /* TLSv1.1 protocol */
+#if !defined(SSL_OP_NO_TLSv1_1)
+ printf("%s\n", _("UNKNOWN - TLS protocol version 1.1 is not supported by your SSL library."));
+ return STATE_UNKNOWN;
+#else
+ method = TLSv1_1_client_method();
+ break;
+#endif
+ case MP_TLSv1_2: /* TLSv1.2 protocol */
+#if !defined(SSL_OP_NO_TLSv1_2)
+ printf("%s\n", _("UNKNOWN - TLS protocol version 1.2 is not supported by your SSL library."));
+ return STATE_UNKNOWN;
+#else
+ method = TLSv1_2_client_method();
+ break;
+#endif
+ case MP_TLSv1_2_OR_NEWER:
+#if !defined(SSL_OP_NO_TLSv1_1)
+ printf("%s\n", _("UNKNOWN - Disabling TLSv1.1 is not supported by your SSL library."));
+ return STATE_UNKNOWN;
+#else
+ options |= SSL_OP_NO_TLSv1_1;
+#endif
+ /* FALLTHROUGH */
+ case MP_TLSv1_1_OR_NEWER:
+#if !defined(SSL_OP_NO_TLSv1)
+ printf("%s\n", _("UNKNOWN - Disabling TLSv1 is not supported by your SSL library."));
+ return STATE_UNKNOWN;
+#else
+ options |= SSL_OP_NO_TLSv1;
+#endif
+ /* FALLTHROUGH */
+ case MP_TLSv1_OR_NEWER:
+#if defined(SSL_OP_NO_SSLv3)
+ options |= SSL_OP_NO_SSLv3;
+#endif
+ /* FALLTHROUGH */
+ case MP_SSLv3_OR_NEWER:
+#if defined(SSL_OP_NO_SSLv2)
+ options |= SSL_OP_NO_SSLv2;
+#endif
+ case MP_SSLv2_OR_NEWER:
+ /* FALLTHROUGH */
+ default: /* Default to auto negotiation */
+ method = SSLv23_client_method();
}
if (!initialized) {
/* Initialize SSL context */
@@ -94,8 +144,9 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
#endif
}
#ifdef SSL_OP_NO_TICKET
- SSL_CTX_set_options(c, SSL_OP_NO_TICKET);
+ options |= SSL_OP_NO_TICKET;
#endif
+ SSL_CTX_set_options(c, options);
SSL_CTX_set_mode(c, SSL_MODE_AUTO_RETRY);
if ((s = SSL_new(c)) != NULL) {
#ifdef SSL_set_tlsext_host_name
@@ -144,7 +195,10 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
# ifdef USE_OPENSSL
X509 *certificate=NULL;
X509_NAME *subj=NULL;
+ char timestamp[50] = "";
char cn[MAX_CN_LENGTH]= "";
+ char *tz;
+
int cnlen =-1;
int status=STATE_UNKNOWN;
@@ -153,7 +207,7 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
struct tm stamp;
float time_left;
int days_left;
- char timestamp[50] = "";
+ int time_remaining;
time_t tm_t;
certificate=SSL_get_peer_certificate(s);
@@ -207,32 +261,55 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
(tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0');
stamp.tm_min =
(tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0');
- stamp.tm_sec = 0;
+ stamp.tm_sec =
+ (tm->data[10 + offset] - '0') * 10 + (tm->data[11 + offset] - '0');
stamp.tm_isdst = -1;
- time_left = difftime(timegm(&stamp), time(NULL));
+ tm_t = timegm(&stamp);
+ time_left = difftime(tm_t, time(NULL));
days_left = time_left / 86400;
- tm_t = mktime (&stamp);
- strftime(timestamp, 50, "%c", localtime(&tm_t));
+ tz = getenv("TZ");
+ setenv("TZ", "GMT", 1);
+ tzset();
+ strftime(timestamp, 50, "%c %z", localtime(&tm_t));
+ if (tz)
+ setenv("TZ", tz, 1);
+ else
+ unsetenv("TZ");
+ tzset();
if (days_left > 0 && days_left <= days_till_exp_warn) {
printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, days_left, timestamp);
if (days_left > days_till_exp_crit)
- return STATE_WARNING;
+ status = STATE_WARNING;
else
- return STATE_CRITICAL;
+ status = STATE_CRITICAL;
+ } else if (days_left == 0 && time_left > 0) {
+ if (time_left >= 3600)
+ time_remaining = (int) time_left / 3600;
+ else
+ time_remaining = (int) time_left / 60;
+
+ printf (_("%s - Certificate '%s' expires in %u %s (%s)\n"),
+ (days_left>days_till_exp_crit) ? "WARNING" : "CRITICAL", cn, time_remaining,
+ time_left >= 3600 ? "hours" : "minutes", timestamp);
+
+ if ( days_left > days_till_exp_crit)
+ status = STATE_WARNING;
+ else
+ status = STATE_CRITICAL;
} else if (time_left < 0) {
printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp);
status=STATE_CRITICAL;
} else if (days_left == 0) {
- printf (_("%s - Certificate '%s' expires today (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp);
+ printf (_("%s - Certificate '%s' just expired (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp);
if (days_left > days_till_exp_crit)
- return STATE_WARNING;
+ status = STATE_WARNING;
else
- return STATE_CRITICAL;
+ status = STATE_CRITICAL;
} else {
printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp);
- status=STATE_OK;
+ status = STATE_OK;
}
X509_free(certificate);
return status;
diff --git a/plugins/t/NPTest.cache.travis b/plugins/t/NPTest.cache.travis
index 4ebfb90e..fe8aabdb 100644
--- a/plugins/t/NPTest.cache.travis
+++ b/plugins/t/NPTest.cache.travis
@@ -17,13 +17,15 @@
'NP_HOST_HPJD_PORT_INVALID' => '161',
'NP_HOST_HPJD_PORT_VALID' => '',
'NP_HOST_TCP_HTTP' => 'localhost',
- 'NP_HOST_TCP_HTTP2' => 'labs.consol.de',
+ 'NP_HOST_TCP_HTTP2' => 'test.monitoring-plugins.org',
'NP_HOST_TCP_IMAP' => 'imap.web.de',
+ 'NP_HOST_TCP_LDAP' => 'localhost',
'NP_HOST_TCP_POP' => 'pop.web.de',
'NP_HOST_TCP_SMTP' => 'localhost',
'NP_HOST_TCP_SMTP_NOTLS' => '',
'NP_HOST_TCP_SMTP_TLS' => '',
'NP_INTERNET_ACCESS' => 'yes',
+ 'NP_LDAP_BASE_DN' => 'cn=admin,dc=nodomain',
'NP_MOUNTPOINT2_VALID' => '',
'NP_MOUNTPOINT_VALID' => '/',
'NP_MYSQL_SERVER' => 'localhost',
diff --git a/plugins/t/check_http.t b/plugins/t/check_http.t
index 2539a289..f514ca6f 100644
--- a/plugins/t/check_http.t
+++ b/plugins/t/check_http.t
@@ -6,9 +6,10 @@
use strict;
use Test::More;
+use POSIX qw/mktime strftime/;
use NPTest;
-plan tests => 30;
+plan tests => 42;
my $successOutput = '/OK.*HTTP.*second/';
@@ -34,6 +35,8 @@ my $host_tcp_http2 = getTestParameter( "NP_HOST_TCP_HTTP2",
"A host providing an index page containing the string 'monitoring'",
"test.monitoring-plugins.org" );
+my $faketime = -x '/usr/bin/faketime' ? 1 : 0;
+
$res = NPTest->testCmd(
"./check_http $host_tcp_http -wt 300 -ct 600"
@@ -47,10 +50,10 @@ $res = NPTest->testCmd(
like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" );
$res = NPTest->testCmd(
- "./check_http $host_nonresponsive -wt 1 -ct 2"
+ "./check_http $host_nonresponsive -wt 1 -ct 2 -t 3"
);
cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" );
-cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 10 seconds", "Output OK");
+cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 3 seconds", "Output OK");
$res = NPTest->testCmd(
"./check_http $hostname_invalid -wt 1 -ct 2"
@@ -112,12 +115,46 @@ SKIP: {
$res = NPTest->testCmd( "./check_http www.verisign.com -C 1" );
cmp_ok( $res->output, 'eq', $saved_cert_output, "Old syntax for cert checking still works");
+ # run some certificate checks with faketime
+ SKIP: {
+ skip "No faketime binary found", 12 if !$faketime;
+ $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./check_http -C 1 www.verisign.com");
+ like($res->output, qr/OK - Certificate 'www.verisign.com' will expire on/, "Catch cert output");
+ is( $res->return_code, 0, "Catch cert output exit code" );
+ my($mon,$day,$hour,$min,$sec,$year) = ($res->output =~ /(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)\s+(\d+)/);
+ if(!defined $year) {
+ die("parsing date failed from: ".$res->output);
+ }
+ my $months = {'Jan' => 0, 'Feb' => 1, 'Mar' => 2, 'Apr' => 3, 'May' => 4, 'Jun' => 5, 'Jul' => 6, 'Aug' => 7, 'Sep' => 8, 'Oct' => 9, 'Nov' => 10, 'Dec' => 11};
+ my $ts = mktime($sec, $min, $hour, $day, $months->{$mon}, $year-1900);
+ my $time = strftime("%Y-%m-%d %H:%M:%S", localtime($ts));
+ $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_http -C 1 www.verisign.com");
+ like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' just expired/, "Output on expire date");
+ is( $res->return_code, 2, "Output on expire date" );
+
+ $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-1))."' ./check_http -C 1 www.verisign.com");
+ like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 0 minutes/, "cert expires in 1 second output");
+ is( $res->return_code, 2, "cert expires in 1 second exit code" );
+
+ $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-120))."' ./check_http -C 1 www.verisign.com");
+ like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 2 minutes/, "cert expires in 2 minutes output");
+ is( $res->return_code, 2, "cert expires in 2 minutes exit code" );
+
+ $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-7200))."' ./check_http -C 1 www.verisign.com");
+ like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 2 hours/, "cert expires in 2 hours output");
+ is( $res->return_code, 2, "cert expires in 2 hours exit code" );
+
+ $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_http -C 1 www.verisign.com");
+ like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expired on/, "Certificate expired output");
+ is( $res->return_code, 2, "Certificate expired exit code" );
+ };
+
$res = NPTest->testCmd( "./check_http --ssl www.verisign.com -E" );
like ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
like ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' );
$res = NPTest->testCmd(
- "./check_http --ssl www.e-paycobalt.com"
+ "./check_http --ssl -H www.e-paycobalt.com"
);
cmp_ok( $res->return_code, "==", 0, "Can read https for www.e-paycobalt.com (uses AES certificate)" );
diff --git a/plugins/t/check_ldap.t b/plugins/t/check_ldap.t
new file mode 100644
index 00000000..b8944d4b
--- /dev/null
+++ b/plugins/t/check_ldap.t
@@ -0,0 +1,80 @@
+#!/usr/bin/env perl -I ..
+#
+# Lightweight Directory Access Protocol (LDAP) Test via check_ldap
+#
+#
+
+use strict;
+use warnings;
+use Test::More;
+use NPTest;
+
+my $host_tcp_ldap = getTestParameter("NP_HOST_TCP_LDAP",
+ "A host providing the LDAP Service",
+ "localhost" );
+
+my $ldap_base_dn = getTestParameter("NP_LDAP_BASE_DN",
+ "A base dn for the LDAP Service",
+ "cn=admin" );
+
+my $host_nonresponsive = getTestParameter("host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1",
+ "The hostname of system not responsive to network requests" );
+
+my $hostname_invalid = getTestParameter("hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost",
+ "An invalid (not known to DNS) hostname" );
+
+my($result, $cmd);
+my $command = './check_ldap';
+
+plan tests => 16;
+
+SKIP: {
+ skip "NP_HOST_NONRESPONSIVE not set", 2 if ! $host_nonresponsive;
+
+ $result = NPTest->testCmd("$command -H $host_nonresponsive -b ou=blah -t 2 -w 1 -c 1");
+ is( $result->return_code, 2, "$command -H $host_nonresponsive -b ou=blah -t 5 -w 2 -c 3" );
+ is( $result->output, 'CRITICAL - Socket timeout after 2 seconds', "output ok" );
+};
+
+SKIP: {
+ skip "NP_HOSTNAME_INVALID not set", 2 if ! $hostname_invalid;
+
+ $result = NPTest->testCmd("$command -H $hostname_invalid -b ou=blah -t 5");
+ is( $result->return_code, 2, "$command -H $hostname_invalid -b ou=blah -t 5" );
+ is( $result->output, 'Could not bind to the LDAP server', "output ok" );
+};
+
+SKIP: {
+ skip "NP_HOST_TCP_LDAP not set", 12 if ! $host_tcp_ldap;
+ skip "NP_LDAP_BASE_DN not set", 12 if ! $ldap_base_dn;
+
+ $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3";
+ $result = NPTest->testCmd($cmd);
+ is( $result->return_code, 0, $cmd );
+ like( $result->output, '/^LDAP OK - \d+.\d+ seconds response time\|time=\d+\.\d+s;2\.0+;3\.0+;0\.0+$/', "output ok" );
+
+ $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 10000000 -C 10000001";
+ $result = NPTest->testCmd($cmd);
+ is( $result->return_code, 0, $cmd );
+ like( $result->output, '/^LDAP OK - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;10000000;10000001;0\.0+$/', "output ok" );
+
+ $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 10000000: -C 10000001:";
+ $result = NPTest->testCmd($cmd);
+ is( $result->return_code, 2, $cmd );
+ like( $result->output, '/^LDAP CRITICAL - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;10000000:;10000001:;0\.0+$/', "output ok" );
+
+ $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 0 -C 0";
+ $result = NPTest->testCmd($cmd);
+ is( $result->return_code, 2, $cmd );
+ like( $result->output, '/^LDAP CRITICAL - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;0;0;0\.0+$/', "output ok" );
+
+ $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 10000000: -C 10000001";
+ $result = NPTest->testCmd($cmd);
+ is( $result->return_code, 1, $cmd );
+ like( $result->output, '/^LDAP WARNING - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;10000000:;10000001;0\.0+$/', "output ok" );
+
+ $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -C 10000001";
+ $result = NPTest->testCmd($cmd);
+ is( $result->return_code, 0, $cmd );
+ like( $result->output, '/^LDAP OK - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;;10000001;0\.0+$/', "output ok" );
+};
diff --git a/plugins/t/check_snmp.t b/plugins/t/check_snmp.t
index 2d6c44a7..aefd872a 100644
--- a/plugins/t/check_snmp.t
+++ b/plugins/t/check_snmp.t
@@ -166,8 +166,8 @@ SKIP: {
SKIP: {
skip "no non responsive host defined", 2 if ( ! $host_nonresponsive );
$res = NPTest->testCmd( "./check_snmp -H $host_nonresponsive -C np_foobar -o system.sysUpTime.0 -w 1: -c 1:");
- cmp_ok( $res->return_code, '==', 3, "Exit UNKNOWN with non responsive host" );
- like($res->output, '/External command error: Timeout: No Response from /', "String matches timeout problem");
+ cmp_ok( $res->return_code, '==', 2, "Exit CRITICAL with non responsive host" );
+ like($res->output, '/Plugin timed out while executing system call/', "String matches timeout problem");
}
SKIP: {
diff --git a/plugins/t/check_users.t b/plugins/t/check_users.t
index 39044bb5..088f3b52 100644
--- a/plugins/t/check_users.t
+++ b/plugins/t/check_users.t
@@ -13,7 +13,7 @@ use Test;
use NPTest;
use vars qw($tests);
-BEGIN {$tests = 4; plan tests => $tests}
+BEGIN {$tests = 8; plan tests => $tests}
my $successOutput = '/^USERS OK - [0-9]+ users currently logged in/';
my $failureOutput = '/^USERS CRITICAL - [0-9]+ users currently logged in/';
@@ -22,6 +22,8 @@ my $t;
$t += checkCmd( "./check_users 1000 1000", 0, $successOutput );
$t += checkCmd( "./check_users 0 0", 2, $failureOutput );
+$t += checkCmd( "./check_users -w 0:1000 -c 0:1000", 0, $successOutput );
+$t += checkCmd( "./check_users -w 0:0 -c 0:0", 2, $failureOutput );
exit(0) if defined($Test::Harness::VERSION);
exit($tests - $t);
diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t
index d93a0ecf..5984d489 100755
--- a/plugins/tests/check_http.t
+++ b/plugins/tests/check_http.t
@@ -186,21 +186,21 @@ SKIP: {
$result = NPTest->testCmd( "$command -p $port_https -S -C 14" );
is( $result->return_code, 0, "$command -p $port_https -S -C 14" );
- is( $result->output, 'OK - Certificate \'Ton Voon\' will expire on Sun Mar 3 21:41:00 2019.', "output ok" );
+ is( $result->output, 'OK - Certificate \'Ton Voon\' will expire on Sun Mar 3 21:41:28 2019 +0000.', "output ok" );
$result = NPTest->testCmd( "$command -p $port_https -S -C 14000" );
is( $result->return_code, 1, "$command -p $port_https -S -C 14000" );
- like( $result->output, '/WARNING - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar 3 21:41:00 2019\)./', "output ok" );
+ like( $result->output, '/WARNING - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar 3 21:41:28 2019 \+0000\)./', "output ok" );
# Expired cert tests
$result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" );
is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" );
- like( $result->output, '/CRITICAL - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar 3 21:41:00 2019\)./', "output ok" );
+ like( $result->output, '/CRITICAL - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar 3 21:41:28 2019 \+0000\)./', "output ok" );
$result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" );
is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" );
is( $result->output,
- 'CRITICAL - Certificate \'Ton Voon\' expired on Thu Mar 5 00:13:00 2009.',
+ 'CRITICAL - Certificate \'Ton Voon\' expired on Thu Mar 5 00:13:16 2009 +0000.',
"output ok" );
}
diff --git a/plugins/tests/check_snmp.t b/plugins/tests/check_snmp.t
index 2fd033d2..73a68b20 100755
--- a/plugins/tests/check_snmp.t
+++ b/plugins/tests/check_snmp.t
@@ -128,7 +128,7 @@ sleep 1;
$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
is($res->return_code, 1, "WARNING - due to going above rate calculation" );
-is($res->output, "SNMP RATE WARNING - *666* | iso.3.6.1.4.1.8072.3.2.67.10=666 ");
+is($res->output, "SNMP RATE WARNING - *666* | iso.3.6.1.4.1.8072.3.2.67.10=666;600 ");
$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
is($res->return_code, 3, "UNKNOWN - basically the divide by zero error" );
@@ -209,7 +209,7 @@ is($res->output, 'SNMP OK - "stringtests" | ', "OK as inverted string no match"
$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.12 -w 4:5" );
is($res->return_code, 1, "Numeric in string test" );
-is($res->output, 'SNMP WARNING - *3.5* | iso.3.6.1.4.1.8072.3.2.67.12=3.5 ', "WARNING threshold checks for string masquerading as number" );
+is($res->output, 'SNMP WARNING - *3.5* | iso.3.6.1.4.1.8072.3.2.67.12=3.5;4:5 ', "WARNING threshold checks for string masquerading as number" );
$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.13" );
is($res->return_code, 0, "Not really numeric test" );
@@ -225,29 +225,29 @@ is($res->output, 'SNMP OK - "CUSTOM CHECK OK: foo is 12345" | ', "String check w
$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" );
is($res->return_code, 0, "Negative integer check OK" );
-is($res->output, 'SNMP OK - -2 | iso.3.6.1.4.1.8072.3.2.67.16=-2 ', "Negative integer check OK output" );
+is($res->output, 'SNMP OK - -2 | iso.3.6.1.4.1.8072.3.2.67.16=-2;-2:;-3: ', "Negative integer check OK output" );
$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" );
is($res->return_code, 1, "Negative integer check WARNING" );
-is($res->output, 'SNMP WARNING - *-3* | iso.3.6.1.4.1.8072.3.2.67.16=-3 ', "Negative integer check WARNING output" );
+is($res->output, 'SNMP WARNING - *-3* | iso.3.6.1.4.1.8072.3.2.67.16=-3;-2:;-3: ', "Negative integer check WARNING output" );
$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" );
is($res->return_code, 2, "Negative integer check CRITICAL" );
-is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.16=-4 ', "Negative integer check CRITICAL output" );
+is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.16=-4;-2:;-3: ', "Negative integer check CRITICAL output" );
$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.17 -w -3: -c -6:" );
is($res->return_code, 1, "Negative integer as string, WARNING" );
-is($res->output, 'SNMP WARNING - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4 ', "Negative integer as string, WARNING output" );
+is($res->output, 'SNMP WARNING - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4;-3:;-6: ', "Negative integer as string, WARNING output" );
$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.17 -w -2: -c -3:" );
is($res->return_code, 2, "Negative integer as string, CRITICAL" );
-is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4 ', "Negative integer as string, CRITICAL output" );
+is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4;-2:;-3: ', "Negative integer as string, CRITICAL output" );
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -c ~:-6.5" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -c '~:-6.5'" );
is($res->return_code, 0, "Negative float OK" );
-is($res->output, 'SNMP OK - -6.6 | iso.3.6.1.4.1.8072.3.2.67.18=-6.6 ', "Negative float OK output" );
+is($res->output, 'SNMP OK - -6.6 | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;;~:-6.5 ', "Negative float OK output" );
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -w ~:-6.65 -c ~:-6.55" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -w '~:-6.65' -c '~:-6.55'" );
is($res->return_code, 1, "Negative float WARNING" );
-is($res->output, 'SNMP WARNING - *-6.6* | iso.3.6.1.4.1.8072.3.2.67.18=-6.6 ', "Negative float WARNING output" );
+is($res->output, 'SNMP WARNING - *-6.6* | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;~:-6.65;~:-6.55 ', "Negative float WARNING output" );
diff --git a/plugins/utils.c b/plugins/utils.c
index 58b153d8..231af92b 100644
--- a/plugins/utils.c
+++ b/plugins/utils.c
@@ -144,8 +144,6 @@ usage5 (void)
void
print_revision (const char *command_name, const char *revision)
{
- char plugin_revision[STRLEN];
-
printf ("%s v%s (%s %s)\n",
command_name, revision, PACKAGE, VERSION);
}
@@ -630,3 +628,84 @@ char *fperfdata (const char *label,
return data;
}
+
+char *sperfdata (const char *label,
+ double val,
+ const char *uom,
+ char *warn,
+ char *crit,
+ int minp,
+ double minv,
+ int maxp,
+ double maxv)
+{
+ char *data = NULL;
+ if (strpbrk (label, "'= "))
+ xasprintf (&data, "'%s'=", label);
+ else
+ xasprintf (&data, "%s=", label);
+
+ xasprintf (&data, "%s%f", data, val);
+ xasprintf (&data, "%s%s;", data, uom);
+
+ if (warn!=NULL)
+ xasprintf (&data, "%s%s", data, warn);
+
+ xasprintf (&data, "%s;", data);
+
+ if (crit!=NULL)
+ xasprintf (&data, "%s%s", data, crit);
+
+ xasprintf (&data, "%s;", data);
+
+ if (minp)
+ xasprintf (&data, "%s%f", data, minv);
+
+ if (maxp) {
+ xasprintf (&data, "%s;", data);
+ xasprintf (&data, "%s%f", data, maxv);
+ }
+
+ return data;
+}
+
+char *sperfdata_int (const char *label,
+ int val,
+ const char *uom,
+ char *warn,
+ char *crit,
+ int minp,
+ int minv,
+ int maxp,
+ int maxv)
+{
+ char *data = NULL;
+ if (strpbrk (label, "'= "))
+ xasprintf (&data, "'%s'=", label);
+ else
+ xasprintf (&data, "%s=", label);
+
+ xasprintf (&data, "%s%d", data, val);
+ xasprintf (&data, "%s%s;", data, uom);
+
+ if (warn!=NULL)
+ xasprintf (&data, "%s%s", data, warn);
+
+ xasprintf (&data, "%s;", data);
+
+ if (crit!=NULL)
+ xasprintf (&data, "%s%s", data, crit);
+
+ xasprintf (&data, "%s;", data);
+
+ if (minp)
+ xasprintf (&data, "%s%d", data, minv);
+
+ if (maxp) {
+ xasprintf (&data, "%s;", data);
+ xasprintf (&data, "%s%d", data, maxv);
+ }
+
+ return data;
+}
+
diff --git a/plugins/utils.h b/plugins/utils.h
index 4c4aaccc..a436e1ca 100644
--- a/plugins/utils.h
+++ b/plugins/utils.h
@@ -94,29 +94,17 @@ const char *state_text (int);
#define max(a,b) (((a)>(b))?(a):(b))
#define min(a,b) (((a)<(b))?(a):(b))
-char *perfdata (const char *,
- long int,
- const char *,
- int,
- long int,
- int,
- long int,
- int,
- long int,
- int,
- long int);
-
-char *fperfdata (const char *,
- double,
- const char *,
- int,
- double,
- int,
- double,
- int,
- double,
- int,
- double);
+char *perfdata (const char *, long int, const char *, int, long int,
+ int, long int, int, long int, int, long int);
+
+char *fperfdata (const char *, double, const char *, int, double,
+ int, double, int, double, int, double);
+
+char *sperfdata (const char *, double, const char *, char *, char *,
+ int, double, int, double);
+
+char *sperfdata_int (const char *, int, const char *, char *, char *,
+ int, int, int, int);
/* The idea here is that, although not every plugin will use all of these,
most will or should. Therefore, for consistency, these very common