diff options
Diffstat (limited to 'plugins')
86 files changed, 6444 insertions, 1400 deletions
diff --git a/plugins/Makefile.am b/plugins/Makefile.am index 0ddf9bd1..3fde54d6 100644 --- a/plugins/Makefile.am +++ b/plugins/Makefile.am @@ -38,7 +38,9 @@ check_tcp_programs = check_ftp check_imap check_nntp check_pop \ EXTRA_PROGRAMS = check_mysql check_radius check_pgsql check_snmp check_hpjd \ check_swap check_fping check_ldap check_game check_dig \ check_nagios check_by_ssh check_dns check_nt check_ide_smart \ - check_procs check_mysql_query check_apt check_dbi + check_procs check_mysql_query check_apt check_dbi check_curl + +SUBDIRS = picohttpparser EXTRA_DIST = t tests @@ -69,6 +71,9 @@ test-debug: check_apt_LDADD = $(BASEOBJS) check_cluster_LDADD = $(BASEOBJS) +check_curl_CFLAGS = $(AM_CFLAGS) $(LIBCURLCFLAGS) $(URIPARSERCFLAGS) $(LIBCURLINCLUDE) $(URIPARSERINCLUDE) -Ipicohttpparser +check_curl_CPPFLAGS = $(AM_CPPFLAGS) $(LIBCURLCFLAGS) $(URIPARSERCFLAGS) $(LIBCURLINCLUDE) $(URIPARSERINCLUDE) -Ipicohttpparser +check_curl_LDADD = $(NETLIBS) $(LIBCURLLIBS) $(SSLOBJS) $(URIPARSERLIBS) picohttpparser/libpicohttpparser.a check_dbi_LDADD = $(NETLIBS) $(DBILIBS) check_dig_LDADD = $(NETLIBS) check_disk_LDADD = $(BASEOBJS) @@ -89,7 +94,7 @@ check_mysql_query_CFLAGS = $(AM_CFLAGS) $(MYSQLCFLAGS) check_mysql_query_CPPFLAGS = $(AM_CPPFLAGS) $(MYSQLINCLUDE) check_mysql_query_LDADD = $(NETLIBS) $(MYSQLLIBS) check_nagios_LDADD = $(BASEOBJS) -check_nt_LDADD = $(NETLIBS) +check_nt_LDADD = $(NETLIBS) check_ntp_LDADD = $(NETLIBS) $(MATHLIBS) check_ntp_peer_LDADD = $(NETLIBS) $(MATHLIBS) check_nwstat_LDADD = $(NETLIBS) diff --git a/plugins/check_apt.c b/plugins/check_apt.c index 07622c2f..d7be5750 100644 --- a/plugins/check_apt.c +++ b/plugins/check_apt.c @@ -66,13 +66,19 @@ char* construct_cmdline(upgrade_type u, const char *opts); /* run an apt-get update */ int run_update(void); /* run an apt-get upgrade */ -int run_upgrade(int *pkgcount, int *secpkgcount); +int run_upgrade(int *pkgcount, int *secpkgcount, char ***pkglist, char ***secpkglist); /* add another clause to a regexp */ char* add_to_regexp(char *expr, const char *next); +/* extract package name from Inst line */ +char* pkg_name(char *line); +/* string comparison function for qsort */ +int cmpstringp(const void *p1, const void *p2); /* configuration variables */ static int verbose = 0; /* -v */ +static int list = 0; /* list packages available for upgrade */ static int do_update = 0; /* whether to call apt-get update */ +static int only_critical = 0; /* whether to warn about non-critical updates */ static upgrade_type upgrade = UPGRADE; /* which type of upgrade to do */ static char *upgrade_opts = NULL; /* options to override defaults for upgrade */ static char *update_opts = NULL; /* options to override defaults for update */ @@ -80,13 +86,16 @@ static char *do_include = NULL; /* regexp to only include certain packages */ static char *do_exclude = NULL; /* regexp to only exclude certain packages */ static char *do_critical = NULL; /* regexp specifying critical packages */ static char *input_filename = NULL; /* input filename for testing */ +/* number of packages available for upgrade to return WARNING status */ +static int packages_warning = 1; /* other global variables */ static int stderr_warning = 0; /* if a cmd issued output on stderr */ static int exec_warning = 0; /* if a cmd exited non-zero */ int main (int argc, char **argv) { - int result=STATE_UNKNOWN, packages_available=0, sec_count=0; + int result=STATE_UNKNOWN, packages_available=0, sec_count=0, i=0; + char **packages_list=NULL, **secpackages_list=NULL; /* Parse extra opts if any */ argv=np_extra_opts(&argc, argv, progname); @@ -106,11 +115,11 @@ int main (int argc, char **argv) { if(do_update) result = run_update(); /* apt-get upgrade */ - result = max_state(result, run_upgrade(&packages_available, &sec_count)); + result = max_state(result, run_upgrade(&packages_available, &sec_count, &packages_list, &secpackages_list)); if(sec_count > 0){ result = max_state(result, STATE_CRITICAL); - } else if(packages_available > 0){ + } else if(packages_available >= packages_warning && only_critical == 0){ result = max_state(result, STATE_WARNING); } else if(result > STATE_UNKNOWN){ result = STATE_UNKNOWN; @@ -129,6 +138,18 @@ int main (int argc, char **argv) { sec_count ); + if(list) { + qsort(secpackages_list, sec_count, sizeof(char*), cmpstringp); + qsort(packages_list, packages_available-sec_count, sizeof(char*), cmpstringp); + + for(i = 0; i < sec_count; i++) + printf("%s (security)\n", secpackages_list[i]); + if (only_critical == 0) { + for(i = 0; i < packages_available - sec_count; i++) + printf("%s\n", packages_list[i]); + } + } + return result; } @@ -145,25 +166,28 @@ int process_arguments (int argc, char **argv) { {"upgrade", optional_argument, 0, 'U'}, {"no-upgrade", no_argument, 0, 'n'}, {"dist-upgrade", optional_argument, 0, 'd'}, + {"list", no_argument, 0, 'l'}, {"include", required_argument, 0, 'i'}, {"exclude", required_argument, 0, 'e'}, {"critical", required_argument, 0, 'c'}, + {"only-critical", no_argument, 0, 'o'}, {"input-file", required_argument, 0, INPUT_FILE_OPT}, + {"packages-warning", required_argument, 0, 'w'}, {0, 0, 0, 0} }; while(1) { - c = getopt_long(argc, argv, "hVvt:u::U::d::ni:e:c:", longopts, NULL); + c = getopt_long(argc, argv, "hVvt:u::U::d::nli:e:c:ow:", longopts, NULL); if(c == -1 || c == EOF || c == 1) break; switch(c) { case 'h': print_help(); - exit(STATE_OK); + exit(STATE_UNKNOWN); case 'V': print_revision(progname, NP_VERSION); - exit(STATE_OK); + exit(STATE_UNKNOWN); case 'v': verbose++; break; @@ -194,6 +218,9 @@ int process_arguments (int argc, char **argv) { if(update_opts==NULL) die(STATE_UNKNOWN, "strdup failed"); } break; + case 'l': + list=1; + break; case 'i': do_include=add_to_regexp(do_include, optarg); break; @@ -203,9 +230,15 @@ int process_arguments (int argc, char **argv) { case 'c': do_critical=add_to_regexp(do_critical, optarg); break; + case 'o': + only_critical=1; + break; case INPUT_FILE_OPT: input_filename = optarg; break; + case 'w': + packages_warning = atoi(optarg); + break; default: /* print short usage statement if args not parsable */ usage5(); @@ -217,14 +250,14 @@ int process_arguments (int argc, char **argv) { /* run an apt-get upgrade */ -int run_upgrade(int *pkgcount, int *secpkgcount){ +int run_upgrade(int *pkgcount, int *secpkgcount, char ***pkglist, char ***secpkglist){ int i=0, result=STATE_UNKNOWN, regres=0, pc=0, spc=0; struct output chld_out, chld_err; regex_t ireg, ereg, sreg; char *cmdline=NULL, rerrbuf[64]; /* initialize ereg as it is possible it is printed while uninitialized */ - memset(&ereg, "\0", sizeof(ereg.buffer)); + memset(&ereg, '\0', sizeof(ereg.buffer)); if(upgrade==NO_UPGRADE) return STATE_OK; @@ -273,6 +306,11 @@ int run_upgrade(int *pkgcount, int *secpkgcount){ cmdline); } + *pkglist=malloc(sizeof(char *) * chld_out.lines); + if(!pkglist) die(STATE_UNKNOWN, "malloc failed!\n"); + *secpkglist=malloc(sizeof(char *) * chld_out.lines); + if(!secpkglist) die(STATE_UNKNOWN, "malloc failed!\n"); + /* parse the output, which should only consist of lines like * * Inst package .... @@ -297,6 +335,9 @@ int run_upgrade(int *pkgcount, int *secpkgcount){ if(regexec(&sreg, chld_out.line[i], 0, NULL, 0)==0){ spc++; if(verbose) printf("*"); + (*secpkglist)[spc-1] = pkg_name(chld_out.line[i]); + } else { + (*pkglist)[pc-spc-1] = pkg_name(chld_out.line[i]); } if(verbose){ printf("*%s\n", chld_out.line[i]); @@ -363,6 +404,31 @@ int run_update(void){ return result; } +char* pkg_name(char *line){ + char *start=NULL, *space=NULL, *pkg=NULL; + int len=0; + + start = line + strlen(PKGINST_PREFIX); + len = strlen(start); + + space = index(start, ' '); + if(space!=NULL){ + len = space - start; + } + + pkg=malloc(sizeof(char)*(len+1)); + if(!pkg) die(STATE_UNKNOWN, "malloc failed!\n"); + + strncpy(pkg, start, len); + pkg[len]='\0'; + + return pkg; +} + +int cmpstringp(const void *p1, const void *p2){ + return strcmp(* (char * const *) p1, * (char * const *) p2); +} + char* add_to_regexp(char *expr, const char *next){ char *re=NULL; @@ -445,8 +511,11 @@ print_help (void) printf (" %s\n", "-d, --dist-upgrade=OPTS"); printf (" %s\n", _("Perform a dist-upgrade instead of normal upgrade. Like with -U OPTS")); printf (" %s\n", _("can be provided to override the default options.")); - printf (" %s\n", " -n, --no-upgrade"); + printf (" %s\n", "-n, --no-upgrade"); printf (" %s\n", _("Do not run the upgrade. Probably not useful (without -u at least).")); + printf (" %s\n", "-l, --list"); + printf (" %s\n", _("List packages available for upgrade. Packages are printed sorted by")); + printf (" %s\n", _("name with security packages listed first.")); printf (" %s\n", "-i, --include=REGEXP"); printf (" %s\n", _("Include only packages matching REGEXP. Can be specified multiple times")); printf (" %s\n", _("the values will be combined together. Any packages matching this list")); @@ -463,7 +532,14 @@ print_help (void) printf (" %s\n", _("upgrades for Debian and Ubuntu:")); printf (" \t\%s\n", SECURITY_RE); printf (" %s\n", _("Note that the package must first match the include list before its")); - printf (" %s\n\n", _("information is compared against the critical list.")); + printf (" %s\n", _("information is compared against the critical list.")); + printf (" %s\n", "-o, --only-critical"); + printf (" %s\n", _("Only warn about upgrades matching the critical list. The total number")); + printf (" %s\n", _("of upgrades will be printed, but any non-critical upgrades will not cause")); + printf (" %s\n", _("the plugin to return WARNING status.")); + printf (" %s\n", "-w, --packages-warning"); + printf (" %s\n", _("Minumum number of packages available for upgrade to return WARNING status.")); + printf (" %s\n\n", _("Default is 1 package.")); printf ("%s\n\n", _("The following options require root privileges and should be used with care:")); printf (" %s\n", "-u, --update=OPTS"); @@ -481,5 +557,5 @@ void print_usage(void) { printf ("%s\n", _("Usage:")); - printf ("%s [[-d|-u|-U]opts] [-n] [-t timeout]\n", progname); + printf ("%s [[-d|-u|-U]opts] [-n] [-l] [-t timeout] [-w packages-warning]\n", progname); } diff --git a/plugins/check_by_ssh.c b/plugins/check_by_ssh.c index bc172c97..39d49070 100644 --- a/plugins/check_by_ssh.c +++ b/plugins/check_by_ssh.c @@ -101,6 +101,13 @@ main (int argc, char **argv) result = cmd_run_array (commargv, &chld_out, &chld_err, 0); + if (verbose) { + for(i = 0; i < chld_out.lines; i++) + printf("stdout: %s\n", chld_out.line[i]); + for(i = 0; i < chld_err.lines; i++) + printf("stderr: %s\n", chld_err.line[i]); + } + if (skip_stdout == -1) /* --skip-stdout specified without argument */ skip_stdout = chld_out.lines; if (skip_stderr == -1) /* --skip-stderr specified without argument */ @@ -214,10 +221,10 @@ process_arguments (int argc, char **argv) switch (c) { case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'v': /* help */ verbose = TRUE; break; @@ -228,7 +235,6 @@ process_arguments (int argc, char **argv) timeout_interval = atoi (optarg); break; case 'H': /* host */ - host_or_die(optarg); hostname = optarg; break; case 'p': /* port number */ @@ -330,7 +336,6 @@ process_arguments (int argc, char **argv) if (c <= argc) { die (STATE_UNKNOWN, _("%s: You must provide a host name\n"), progname); } - host_or_die(argv[c]); hostname = argv[c++]; } diff --git a/plugins/check_cluster.c b/plugins/check_cluster.c index cf699e1f..e1ede9f7 100644 --- a/plugins/check_cluster.c +++ b/plugins/check_cluster.c @@ -143,6 +143,7 @@ int main(int argc, char **argv){ int process_arguments(int argc, char **argv){ int c; + char *ptr; int option=0; static struct option longopts[]={ {"data", required_argument,0,'d'}, @@ -188,6 +189,15 @@ int process_arguments(int argc, char **argv){ case 'd': /* data values */ data_vals=(char *)strdup(optarg); + /* validate data */ + for (ptr=data_vals;ptr!=NULL;ptr+=2){ + if (ptr[0]<'0' || ptr[0]>'3') + return ERROR; + if (ptr[1]=='\0') + break; + if (ptr[1]!=',') + return ERROR; + } break; case 'l': /* text label */ @@ -200,7 +210,7 @@ int process_arguments(int argc, char **argv){ case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); break; case 'H': /* help */ diff --git a/plugins/check_curl.c b/plugins/check_curl.c new file mode 100644 index 00000000..14cc8463 --- /dev/null +++ b/plugins/check_curl.c @@ -0,0 +1,2467 @@ +/***************************************************************************** +* +* Monitoring check_curl plugin +* +* License: GPL +* Copyright (c) 1999-2019 Monitoring Plugins Development Team +* +* Description: +* +* This file contains the check_curl plugin +* +* This plugin tests the HTTP service on the specified host. It can test +* normal (http) and secure (https) servers, follow redirects, search for +* strings and regular expressions, check connection times, and report on +* certificate expiration times. +* +* This plugin uses functions from the curl library, see +* http://curl.haxx.se +* +* This program is free software: you can redistribute it and/or modify +* it under the terms of the GNU General Public License as published by +* the Free Software Foundation, either version 3 of the License, or +* (at your option) any later version. +* +* This program is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU General Public License for more details. +* +* You should have received a copy of the GNU General Public License +* along with this program. If not, see <http://www.gnu.org/licenses/>. +* +* +*****************************************************************************/ +const char *progname = "check_curl"; + +const char *copyright = "2006-2019"; +const char *email = "devel@monitoring-plugins.org"; + +#include <ctype.h> + +#include "common.h" +#include "utils.h" + +#ifndef LIBCURL_PROTOCOL_HTTP +#error libcurl compiled without HTTP support, compiling check_curl plugin does not makes a lot of sense +#endif + +#include "curl/curl.h" +#include "curl/easy.h" + +#include "picohttpparser.h" + +#include "uriparser/Uri.h" + +#include <arpa/inet.h> + +#if defined(HAVE_SSL) && defined(USE_OPENSSL) +#include <openssl/opensslv.h> +#endif + +#include <netdb.h> + +#define MAKE_LIBCURL_VERSION(major, minor, patch) ((major)*0x10000 + (minor)*0x100 + (patch)) + +#define DEFAULT_BUFFER_SIZE 2048 +#define DEFAULT_SERVER_URL "/" +#define HTTP_EXPECT "HTTP/" +#define DEFAULT_MAX_REDIRS 15 +#define INET_ADDR_MAX_SIZE INET6_ADDRSTRLEN +enum { + MAX_IPV4_HOSTLENGTH = 255, + HTTP_PORT = 80, + HTTPS_PORT = 443, + MAX_PORT = 65535 +}; + +enum { + STICKY_NONE = 0, + STICKY_HOST = 1, + STICKY_PORT = 2 +}; + +enum { + FOLLOW_HTTP_CURL = 0, + FOLLOW_LIBCURL = 1 +}; + +/* for buffers for header and body */ +typedef struct { + char *buf; + size_t buflen; + size_t bufsize; +} curlhelp_write_curlbuf; + +/* for buffering the data sent in PUT */ +typedef struct { + char *buf; + size_t buflen; + off_t pos; +} curlhelp_read_curlbuf; + +/* for parsing the HTTP status line */ +typedef struct { + int http_major; /* major version of the protocol, always 1 (HTTP/0.9 + * never reached the big internet most likely) */ + int http_minor; /* minor version of the protocol, usually 0 or 1 */ + int http_code; /* HTTP return code as in RFC 2145 */ + int http_subcode; /* Microsoft IIS extension, HTTP subcodes, see + * http://support.microsoft.com/kb/318380/en-us */ + const char *msg; /* the human readable message */ + char *first_line; /* a copy of the first line */ +} curlhelp_statusline; + +/* to know the underlying SSL library used by libcurl */ +typedef enum curlhelp_ssl_library { + CURLHELP_SSL_LIBRARY_UNKNOWN, + CURLHELP_SSL_LIBRARY_OPENSSL, + CURLHELP_SSL_LIBRARY_LIBRESSL, + CURLHELP_SSL_LIBRARY_GNUTLS, + CURLHELP_SSL_LIBRARY_NSS +} curlhelp_ssl_library; + +enum { + REGS = 2, + MAX_RE_SIZE = 1024 +}; +#include "regex.h" +regex_t preg; +regmatch_t pmatch[REGS]; +char regexp[MAX_RE_SIZE]; +int cflags = REG_NOSUB | REG_EXTENDED | REG_NEWLINE; +int errcode; +int invert_regex = 0; + +char *server_address = NULL; +char *host_name = NULL; +char *server_url = 0; +char server_ip[DEFAULT_BUFFER_SIZE]; +struct curl_slist *server_ips = NULL; +int specify_port = FALSE; +unsigned short server_port = HTTP_PORT; +unsigned short virtual_port = 0; +int host_name_length; +char output_header_search[30] = ""; +char output_string_search[30] = ""; +char *warning_thresholds = NULL; +char *critical_thresholds = NULL; +int days_till_exp_warn, days_till_exp_crit; +thresholds *thlds; +char user_agent[DEFAULT_BUFFER_SIZE]; +int verbose = 0; +int show_extended_perfdata = FALSE; +int show_body = FALSE; +int min_page_len = 0; +int max_page_len = 0; +int redir_depth = 0; +int max_depth = DEFAULT_MAX_REDIRS; +char *http_method = NULL; +char *http_post_data = NULL; +char *http_content_type = NULL; +CURL *curl; +struct curl_slist *header_list = NULL; +curlhelp_write_curlbuf body_buf; +curlhelp_write_curlbuf header_buf; +curlhelp_statusline status_line; +curlhelp_read_curlbuf put_buf; +char http_header[DEFAULT_BUFFER_SIZE]; +long code; +long socket_timeout = DEFAULT_SOCKET_TIMEOUT; +double total_time; +double time_connect; +double time_appconnect; +double time_headers; +double time_firstbyte; +char errbuf[CURL_ERROR_SIZE+1]; +CURLcode res; +char url[DEFAULT_BUFFER_SIZE]; +char msg[DEFAULT_BUFFER_SIZE]; +char perfstring[DEFAULT_BUFFER_SIZE]; +char header_expect[MAX_INPUT_BUFFER] = ""; +char string_expect[MAX_INPUT_BUFFER] = ""; +char server_expect[MAX_INPUT_BUFFER] = HTTP_EXPECT; +int server_expect_yn = 0; +char user_auth[MAX_INPUT_BUFFER] = ""; +char proxy_auth[MAX_INPUT_BUFFER] = ""; +char **http_opt_headers; +int http_opt_headers_count = 0; +int display_html = FALSE; +int onredirect = STATE_OK; +int followmethod = FOLLOW_HTTP_CURL; +int followsticky = STICKY_NONE; +int use_ssl = FALSE; +int use_sni = TRUE; +int check_cert = FALSE; +typedef union { + struct curl_slist* to_info; + struct curl_certinfo* to_certinfo; +} cert_ptr_union; +cert_ptr_union cert_ptr; +int ssl_version = CURL_SSLVERSION_DEFAULT; +char *client_cert = NULL; +char *client_privkey = NULL; +char *ca_cert = NULL; +int verify_peer_and_host = FALSE; +int is_openssl_callback = FALSE; +#if defined(HAVE_SSL) && defined(USE_OPENSSL) +X509 *cert = NULL; +#endif /* defined(HAVE_SSL) && defined(USE_OPENSSL) */ +int no_body = FALSE; +int maximum_age = -1; +int address_family = AF_UNSPEC; +curlhelp_ssl_library ssl_library = CURLHELP_SSL_LIBRARY_UNKNOWN; +int curl_http_version = CURL_HTTP_VERSION_NONE; +int automatic_decompression = FALSE; + +int process_arguments (int, char**); +void handle_curl_option_return_code (CURLcode res, const char* option); +int check_http (void); +void redir (curlhelp_write_curlbuf*); +char *perfd_time (double microsec); +char *perfd_time_connect (double microsec); +char *perfd_time_ssl (double microsec); +char *perfd_time_firstbyte (double microsec); +char *perfd_time_headers (double microsec); +char *perfd_time_transfer (double microsec); +char *perfd_size (int page_len); +void print_help (void); +void print_usage (void); +void print_curl_version (void); +int curlhelp_initwritebuffer (curlhelp_write_curlbuf*); +int curlhelp_buffer_write_callback (void*, size_t , size_t , void*); +void curlhelp_freewritebuffer (curlhelp_write_curlbuf*); +int curlhelp_initreadbuffer (curlhelp_read_curlbuf *, const char *, size_t); +int curlhelp_buffer_read_callback (void *, size_t , size_t , void *); +void curlhelp_freereadbuffer (curlhelp_read_curlbuf *); +curlhelp_ssl_library curlhelp_get_ssl_library (CURL*); +const char* curlhelp_get_ssl_library_string (curlhelp_ssl_library); +int net_noopenssl_check_certificate (cert_ptr_union*, int, int); + +int curlhelp_parse_statusline (const char*, curlhelp_statusline *); +void curlhelp_free_statusline (curlhelp_statusline *); +char *get_header_value (const struct phr_header* headers, const size_t nof_headers, const char* header); +int check_document_dates (const curlhelp_write_curlbuf *, char (*msg)[DEFAULT_BUFFER_SIZE]); +int get_content_length (const curlhelp_write_curlbuf* header_buf, const curlhelp_write_curlbuf* body_buf); + +#if defined(HAVE_SSL) && defined(USE_OPENSSL) +int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int days_till_exp_crit); +#endif /* defined(HAVE_SSL) && defined(USE_OPENSSL) */ + +void remove_newlines (char *); +void test_file (char *); + +int +main (int argc, char **argv) +{ + int result = STATE_UNKNOWN; + + setlocale (LC_ALL, ""); + bindtextdomain (PACKAGE, LOCALEDIR); + textdomain (PACKAGE); + + /* Parse extra opts if any */ + argv = np_extra_opts (&argc, argv, progname); + + /* set defaults */ + snprintf( user_agent, DEFAULT_BUFFER_SIZE, "%s/v%s (monitoring-plugins %s, %s)", + progname, NP_VERSION, VERSION, curl_version()); + + /* parse arguments */ + if (process_arguments (argc, argv) == ERROR) + usage4 (_("Could not parse arguments")); + + if (display_html == TRUE) + printf ("<A HREF=\"%s://%s:%d%s\" target=\"_blank\">", + use_ssl ? "https" : "http", + host_name ? host_name : server_address, + virtual_port ? virtual_port : server_port, + server_url); + + result = check_http (); + return result; +} + +#ifdef HAVE_SSL +#ifdef USE_OPENSSL + +int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) +{ + /* TODO: we get all certificates of the chain, so which ones + * should we test? + * TODO: is the last certificate always the server certificate? + */ + cert = X509_STORE_CTX_get_current_cert(x509_ctx); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + X509_up_ref(cert); +#endif + if (verbose>=2) { + puts("* SSL verify callback with certificate:"); + X509_NAME *subject, *issuer; + printf("* issuer:\n"); + issuer = X509_get_issuer_name( cert ); + X509_NAME_print_ex_fp(stdout, issuer, 5, XN_FLAG_MULTILINE); + printf("* curl verify_callback:\n* subject:\n"); + subject = X509_get_subject_name( cert ); + X509_NAME_print_ex_fp(stdout, subject, 5, XN_FLAG_MULTILINE); + puts(""); + } + return 1; +} + +CURLcode sslctxfun(CURL *curl, SSL_CTX *sslctx, void *parm) +{ + SSL_CTX_set_verify(sslctx, SSL_VERIFY_PEER, verify_callback); + + return CURLE_OK; +} + +#endif /* USE_OPENSSL */ +#endif /* HAVE_SSL */ + +/* returns a string "HTTP/1.x" or "HTTP/2" */ +static char *string_statuscode (int major, int minor) +{ + static char buf[10]; + + switch (major) { + case 1: + snprintf (buf, sizeof (buf), "HTTP/%d.%d", major, minor); + break; + case 2: + case 3: + snprintf (buf, sizeof (buf), "HTTP/%d", major); + break; + default: + /* assuming here HTTP/N with N>=4 */ + snprintf (buf, sizeof (buf), "HTTP/%d", major); + break; + } + + return buf; +} + +/* Checks if the server 'reply' is one of the expected 'statuscodes' */ +static int +expected_statuscode (const char *reply, const char *statuscodes) +{ + char *expected, *code; + int result = 0; + + if ((expected = strdup (statuscodes)) == NULL) + die (STATE_UNKNOWN, _("HTTP UNKNOWN - Memory allocation error\n")); + + for (code = strtok (expected, ","); code != NULL; code = strtok (NULL, ",")) + if (strstr (reply, code) != NULL) { + result = 1; + break; + } + + free (expected); + return result; +} + +void +handle_curl_option_return_code (CURLcode res, const char* option) +{ + if (res != CURLE_OK) { + snprintf (msg, DEFAULT_BUFFER_SIZE, _("Error while setting cURL option '%s': cURL returned %d - %s"), + option, res, curl_easy_strerror(res)); + die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); + } +} + +int +lookup_host (const char *host, char *buf, size_t buflen) +{ + struct addrinfo hints, *res, *result; + int errcode; + void *ptr; + + memset (&hints, 0, sizeof (hints)); + hints.ai_family = address_family; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags |= AI_CANONNAME; + + errcode = getaddrinfo (host, NULL, &hints, &result); + if (errcode != 0) + return errcode; + + res = result; + + while (res) { + inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen); + switch (res->ai_family) { + case AF_INET: + ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr; + break; + case AF_INET6: + ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr; + break; + } + inet_ntop (res->ai_family, ptr, buf, buflen); + if (verbose >= 1) + printf ("* getaddrinfo IPv%d address: %s\n", + res->ai_family == PF_INET6 ? 6 : 4, buf); + res = res->ai_next; + } + + freeaddrinfo(result); + + return 0; +} + +int +check_http (void) +{ + int result = STATE_OK; + int page_len = 0; + int i; + char *force_host_header = NULL; + struct curl_slist *host = NULL; + char addrstr[100]; + char dnscache[DEFAULT_BUFFER_SIZE]; + + /* initialize curl */ + if (curl_global_init (CURL_GLOBAL_DEFAULT) != CURLE_OK) + die (STATE_UNKNOWN, "HTTP UNKNOWN - curl_global_init failed\n"); + + if ((curl = curl_easy_init()) == NULL) + die (STATE_UNKNOWN, "HTTP UNKNOWN - curl_easy_init failed\n"); + + if (verbose >= 1) + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_VERBOSE, TRUE), "CURLOPT_VERBOSE"); + + /* print everything on stdout like check_http would do */ + handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_STDERR, stdout), "CURLOPT_STDERR"); + + if (automatic_decompression) +#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 21, 6) + handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_ACCEPT_ENCODING, ""), "CURLOPT_ACCEPT_ENCODING"); +#else + handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_ENCODING, ""), "CURLOPT_ENCODING"); +#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 21, 6) */ + + /* initialize buffer for body of the answer */ + if (curlhelp_initwritebuffer(&body_buf) < 0) + die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating buffer for body\n"); + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEFUNCTION, (curl_write_callback)curlhelp_buffer_write_callback), "CURLOPT_WRITEFUNCTION"); + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEDATA, (void *)&body_buf), "CURLOPT_WRITEDATA"); + + /* initialize buffer for header of the answer */ + if (curlhelp_initwritebuffer( &header_buf ) < 0) + die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating buffer for header\n" ); + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_HEADERFUNCTION, (curl_write_callback)curlhelp_buffer_write_callback), "CURLOPT_HEADERFUNCTION"); + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEHEADER, (void *)&header_buf), "CURLOPT_WRITEHEADER"); + + /* set the error buffer */ + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_ERRORBUFFER, errbuf), "CURLOPT_ERRORBUFFER"); + + /* set timeouts */ + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CONNECTTIMEOUT, socket_timeout), "CURLOPT_CONNECTTIMEOUT"); + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_TIMEOUT, socket_timeout), "CURLOPT_TIMEOUT"); + + // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy + if(use_ssl && host_name != NULL) { + if ( (res=lookup_host (server_address, addrstr, 100)) != 0) { + snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"), + server_address, res, gai_strerror (res)); + die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); + } + snprintf (dnscache, DEFAULT_BUFFER_SIZE, "%s:%d:%s", host_name, server_port, addrstr); + host = curl_slist_append(NULL, dnscache); + curl_easy_setopt(curl, CURLOPT_RESOLVE, host); + if (verbose>=1) + printf ("* curl CURLOPT_RESOLVE: %s\n", dnscache); + } + + /* compose URL: use the address we want to connect to, set Host: header later */ + snprintf (url, DEFAULT_BUFFER_SIZE, "%s://%s:%d%s", + use_ssl ? "https" : "http", + use_ssl & host_name != NULL ? host_name : server_address, + server_port, + server_url + ); + + if (verbose>=1) + printf ("* curl CURLOPT_URL: %s\n", url); + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_URL, url), "CURLOPT_URL"); + + /* extract proxy information for legacy proxy https requests */ + if (!strcmp(http_method, "CONNECT") || strstr(server_url, "http") == server_url) { + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_PROXY, server_address), "CURLOPT_PROXY"); + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_PROXYPORT, (long)server_port), "CURLOPT_PROXYPORT"); + if (verbose>=2) + printf ("* curl CURLOPT_PROXY: %s:%d\n", server_address, server_port); + http_method = "GET"; + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_URL, server_url), "CURLOPT_URL"); + } + + /* disable body for HEAD request */ + if (http_method && !strcmp (http_method, "HEAD" )) { + no_body = TRUE; + } + + /* set HTTP protocol version */ + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_HTTP_VERSION, curl_http_version), "CURLOPT_HTTP_VERSION"); + + /* set HTTP method */ + if (http_method) { + if (!strcmp(http_method, "POST")) + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_POST, 1), "CURLOPT_POST"); + else if (!strcmp(http_method, "PUT")) + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_UPLOAD, 1), "CURLOPT_UPLOAD"); + else + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CUSTOMREQUEST, http_method), "CURLOPT_CUSTOMREQUEST"); + } + + /* check if Host header is explicitly set in options */ + if (http_opt_headers_count) { + for (i = 0; i < http_opt_headers_count ; i++) { + if (strncmp(http_opt_headers[i], "Host:", 5) == 0) { + force_host_header = http_opt_headers[i]; + } + } + } + + /* set hostname (virtual hosts), not needed if CURLOPT_CONNECT_TO is used, but left in anyway */ + if(host_name != NULL && force_host_header == NULL) { + if((virtual_port != HTTP_PORT && !use_ssl) || (virtual_port != HTTPS_PORT && use_ssl)) { + snprintf(http_header, DEFAULT_BUFFER_SIZE, "Host: %s:%d", host_name, virtual_port); + } else { + snprintf(http_header, DEFAULT_BUFFER_SIZE, "Host: %s", host_name); + } + header_list = curl_slist_append (header_list, http_header); + } + + /* always close connection, be nice to servers */ + snprintf (http_header, DEFAULT_BUFFER_SIZE, "Connection: close"); + header_list = curl_slist_append (header_list, http_header); + + /* attach additional headers supplied by the user */ + /* optionally send any other header tag */ + if (http_opt_headers_count) { + for (i = 0; i < http_opt_headers_count ; i++) { + header_list = curl_slist_append (header_list, http_opt_headers[i]); + } + /* This cannot be free'd here because a redirection will then try to access this and segfault */ + /* Covered in a testcase in tests/check_http.t */ + /* free(http_opt_headers); */ + } + + /* set HTTP headers */ + handle_curl_option_return_code (curl_easy_setopt( curl, CURLOPT_HTTPHEADER, header_list ), "CURLOPT_HTTPHEADER"); + +#ifdef LIBCURL_FEATURE_SSL + + /* set SSL version, warn about unsecure or unsupported versions */ + if (use_ssl) { + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLVERSION, ssl_version), "CURLOPT_SSLVERSION"); + } + + /* client certificate and key to present to server (SSL) */ + if (client_cert) + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLCERT, client_cert), "CURLOPT_SSLCERT"); + if (client_privkey) + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLKEY, client_privkey), "CURLOPT_SSLKEY"); + if (ca_cert) { + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CAINFO, ca_cert), "CURLOPT_CAINFO"); + } + if (ca_cert || verify_peer_and_host) { + /* per default if we have a CA verify both the peer and the + * hostname in the certificate, can be switched off later */ + handle_curl_option_return_code (curl_easy_setopt( curl, CURLOPT_SSL_VERIFYPEER, 1), "CURLOPT_SSL_VERIFYPEER"); + handle_curl_option_return_code (curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 2), "CURLOPT_SSL_VERIFYHOST"); + } else { + /* backward-compatible behaviour, be tolerant in checks + * TODO: depending on more options have aspects we want + * to be less tolerant about ssl verfications + */ + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSL_VERIFYPEER, 0), "CURLOPT_SSL_VERIFYPEER"); + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSL_VERIFYHOST, 0), "CURLOPT_SSL_VERIFYHOST"); + } + + /* detect SSL library used by libcurl */ + ssl_library = curlhelp_get_ssl_library (curl); + + /* try hard to get a stack of certificates to verify against */ + if (check_cert) { +#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 1) + /* inform curl to report back certificates */ + switch (ssl_library) { + case CURLHELP_SSL_LIBRARY_OPENSSL: + case CURLHELP_SSL_LIBRARY_LIBRESSL: + /* set callback to extract certificate with OpenSSL context function (works with + * OpenSSL-style libraries only!) */ +#ifdef USE_OPENSSL + /* libcurl and monitoring plugins built with OpenSSL, good */ + handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun), "CURLOPT_SSL_CTX_FUNCTION"); + is_openssl_callback = TRUE; +#else /* USE_OPENSSL */ +#endif /* USE_OPENSSL */ + /* libcurl is built with OpenSSL, monitoring plugins, so falling + * back to manually extracting certificate information */ + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CERTINFO, 1L), "CURLOPT_CERTINFO"); + break; + + case CURLHELP_SSL_LIBRARY_NSS: +#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) + /* NSS: support for CERTINFO is implemented since 7.34.0 */ + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CERTINFO, 1L), "CURLOPT_CERTINFO"); +#else /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */ + die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates (libcurl linked with SSL library '%s' is too old)\n", curlhelp_get_ssl_library_string (ssl_library)); +#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */ + break; + + case CURLHELP_SSL_LIBRARY_GNUTLS: +#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 42, 0) + /* GnuTLS: support for CERTINFO is implemented since 7.42.0 */ + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CERTINFO, 1L), "CURLOPT_CERTINFO"); +#else /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 42, 0) */ + die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates (libcurl linked with SSL library '%s' is too old)\n", curlhelp_get_ssl_library_string (ssl_library)); +#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 42, 0) */ + break; + + case CURLHELP_SSL_LIBRARY_UNKNOWN: + default: + die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates (unknown SSL library '%s', must implement first)\n", curlhelp_get_ssl_library_string (ssl_library)); + break; + } +#else /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 1) */ + /* old libcurl, our only hope is OpenSSL, otherwise we are out of luck */ + if (ssl_library == CURLHELP_SSL_LIBRARY_OPENSSL || ssl_library == CURLHELP_SSL_LIBRARY_LIBRESSL) + handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun), "CURLOPT_SSL_CTX_FUNCTION"); + else + die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates (no CURLOPT_SSL_CTX_FUNCTION, no OpenSSL library or libcurl too old and has no CURLOPT_CERTINFO)\n"); +#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 1) */ + } + +#endif /* LIBCURL_FEATURE_SSL */ + + /* set default or user-given user agent identification */ + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_USERAGENT, user_agent), "CURLOPT_USERAGENT"); + + /* proxy-authentication */ + if (strcmp(proxy_auth, "")) + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_PROXYUSERPWD, proxy_auth), "CURLOPT_PROXYUSERPWD"); + + /* authentication */ + if (strcmp(user_auth, "")) + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_USERPWD, user_auth), "CURLOPT_USERPWD"); + + /* TODO: parameter auth method, bitfield of following methods: + * CURLAUTH_BASIC (default) + * CURLAUTH_DIGEST + * CURLAUTH_DIGEST_IE + * CURLAUTH_NEGOTIATE + * CURLAUTH_NTLM + * CURLAUTH_NTLM_WB + * + * convenience tokens for typical sets of methods: + * CURLAUTH_ANYSAFE: most secure, without BASIC + * or CURLAUTH_ANY: most secure, even BASIC if necessary + * + * handle_curl_option_return_code (curl_easy_setopt( curl, CURLOPT_HTTPAUTH, (long)CURLAUTH_DIGEST ), "CURLOPT_HTTPAUTH"); + */ + + /* handle redirections */ + if (onredirect == STATE_DEPENDENT) { + if( followmethod == FOLLOW_LIBCURL ) { + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_FOLLOWLOCATION, 1), "CURLOPT_FOLLOWLOCATION"); + + /* default -1 is infinite, not good, could lead to zombie plugins! + Setting it to one bigger than maximal limit to handle errors nicely below + */ + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_MAXREDIRS, max_depth+1), "CURLOPT_MAXREDIRS"); + + /* for now allow only http and https (we are a http(s) check plugin in the end) */ +#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4) + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS), "CURLOPT_REDIRECT_PROTOCOLS"); +#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4) */ + + /* TODO: handle the following aspects of redirection, make them + * command line options too later: + CURLOPT_POSTREDIR: method switch + CURLINFO_REDIRECT_URL: custom redirect option + CURLOPT_REDIRECT_PROTOCOLS: allow people to step outside safe protocols + CURLINFO_REDIRECT_COUNT: get the number of redirects, print it, maybe a range option here is nice like for expected page size? + */ + } else { + /* old style redirection is handled below */ + } + } + + /* no-body */ + if (no_body) + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_NOBODY, 1), "CURLOPT_NOBODY"); + + /* IPv4 or IPv6 forced DNS resolution */ + if (address_family == AF_UNSPEC) + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_WHATEVER), "CURLOPT_IPRESOLVE(CURL_IPRESOLVE_WHATEVER)"); + else if (address_family == AF_INET) + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4), "CURLOPT_IPRESOLVE(CURL_IPRESOLVE_V4)"); +#if defined (USE_IPV6) && defined (LIBCURL_FEATURE_IPV6) + else if (address_family == AF_INET6) + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V6), "CURLOPT_IPRESOLVE(CURL_IPRESOLVE_V6)"); +#endif + + /* either send http POST data (any data, not only POST)*/ + if (!strcmp(http_method, "POST") ||!strcmp(http_method, "PUT")) { + /* set content of payload for POST and PUT */ + if (http_content_type) { + snprintf (http_header, DEFAULT_BUFFER_SIZE, "Content-Type: %s", http_content_type); + header_list = curl_slist_append (header_list, http_header); + } + /* NULL indicates "HTTP Continue" in libcurl, provide an empty string + * in case of no POST/PUT data */ + if (!http_post_data) + http_post_data = ""; + if (!strcmp(http_method, "POST")) { + /* POST method, set payload with CURLOPT_POSTFIELDS */ + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_POSTFIELDS, http_post_data), "CURLOPT_POSTFIELDS"); + } else if (!strcmp(http_method, "PUT")) { + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_READFUNCTION, (curl_read_callback)curlhelp_buffer_read_callback), "CURLOPT_READFUNCTION"); + curlhelp_initreadbuffer (&put_buf, http_post_data, strlen (http_post_data)); + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_READDATA, (void *)&put_buf), "CURLOPT_READDATA"); + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_INFILESIZE, (curl_off_t)strlen (http_post_data)), "CURLOPT_INFILESIZE"); + } + } + + /* do the request */ + res = curl_easy_perform(curl); + + if (verbose>=2 && http_post_data) + printf ("**** REQUEST CONTENT ****\n%s\n", http_post_data); + + /* free header and server IP resolve lists, we don't need it anymore */ + curl_slist_free_all (header_list); header_list = NULL; + curl_slist_free_all (server_ips); server_ips = NULL; + + /* Curl errors, result in critical Nagios state */ + if (res != CURLE_OK) { + snprintf (msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host on port %d: cURL returned %d - %s"), + server_port, res, errbuf[0] ? errbuf : curl_easy_strerror(res)); + die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); + } + + /* certificate checks */ +#ifdef LIBCURL_FEATURE_SSL + if (use_ssl == TRUE) { + if (check_cert == TRUE) { + if (is_openssl_callback) { +#ifdef USE_OPENSSL + /* check certificate with OpenSSL functions, curl has been built against OpenSSL + * and we actually have OpenSSL in the monitoring tools + */ + result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); + return result; +#else /* USE_OPENSSL */ + die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n"); +#endif /* USE_OPENSSL */ + } else { + int i; + struct curl_slist *slist; + + cert_ptr.to_info = NULL; + res = curl_easy_getinfo (curl, CURLINFO_CERTINFO, &cert_ptr.to_info); + if (!res && cert_ptr.to_info) { +#ifdef USE_OPENSSL + /* We have no OpenSSL in libcurl, but we can use OpenSSL for X509 cert parsing + * We only check the first certificate and assume it's the one of the server + */ + const char* raw_cert = NULL; + for (i = 0; i < cert_ptr.to_certinfo->num_of_certs; i++) { + for (slist = cert_ptr.to_certinfo->certinfo[i]; slist; slist = slist->next) { + if (verbose >= 2) + printf ("%d ** %s\n", i, slist->data); + if (strncmp (slist->data, "Cert:", 5) == 0) { + raw_cert = &slist->data[5]; + goto GOT_FIRST_CERT; + } + } + } +GOT_FIRST_CERT: + if (!raw_cert) { + snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates from CERTINFO information - certificate data was empty")); + die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); + } + BIO* cert_BIO = BIO_new (BIO_s_mem()); + BIO_write (cert_BIO, raw_cert, strlen(raw_cert)); + cert = PEM_read_bio_X509 (cert_BIO, NULL, NULL, NULL); + if (!cert) { + snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot read certificate from CERTINFO information - BIO error")); + die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); + } + BIO_free (cert_BIO); + result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); + return result; +#else /* USE_OPENSSL */ + /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal, + * so we use the libcurl CURLINFO data + */ + result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit); + return result; +#endif /* USE_OPENSSL */ + } else { + snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates - cURL returned %d - %s"), + res, curl_easy_strerror(res)); + die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); + } + } + } + } +#endif /* LIBCURL_FEATURE_SSL */ + + /* we got the data and we executed the request in a given time, so we can append + * performance data to the answer always + */ + handle_curl_option_return_code (curl_easy_getinfo (curl, CURLINFO_TOTAL_TIME, &total_time), "CURLINFO_TOTAL_TIME"); + page_len = get_content_length(&header_buf, &body_buf); + if(show_extended_perfdata) { + handle_curl_option_return_code (curl_easy_getinfo(curl, CURLINFO_CONNECT_TIME, &time_connect), "CURLINFO_CONNECT_TIME"); + handle_curl_option_return_code (curl_easy_getinfo(curl, CURLINFO_APPCONNECT_TIME, &time_appconnect), "CURLINFO_APPCONNECT_TIME"); + handle_curl_option_return_code (curl_easy_getinfo(curl, CURLINFO_PRETRANSFER_TIME, &time_headers), "CURLINFO_PRETRANSFER_TIME"); + handle_curl_option_return_code (curl_easy_getinfo(curl, CURLINFO_STARTTRANSFER_TIME, &time_firstbyte), "CURLINFO_STARTTRANSFER_TIME"); + snprintf(perfstring, DEFAULT_BUFFER_SIZE, "%s %s %s %s %s %s %s", + perfd_time(total_time), + perfd_size(page_len), + perfd_time_connect(time_connect), + use_ssl == TRUE ? perfd_time_ssl (time_appconnect-time_connect) : "", + perfd_time_headers(time_headers - time_appconnect), + perfd_time_firstbyte(time_firstbyte - time_headers), + perfd_time_transfer(total_time-time_firstbyte) + ); + } else { + snprintf(perfstring, DEFAULT_BUFFER_SIZE, "%s %s", + perfd_time(total_time), + perfd_size(page_len) + ); + } + + /* return a CRITICAL status if we couldn't read any data */ + if (strlen(header_buf.buf) == 0 && strlen(body_buf.buf) == 0) + die (STATE_CRITICAL, _("HTTP CRITICAL - No header received from host\n")); + + /* get status line of answer, check sanity of HTTP code */ + if (curlhelp_parse_statusline (header_buf.buf, &status_line) < 0) { + snprintf (msg, DEFAULT_BUFFER_SIZE, "Unparsable status line in %.3g seconds response time|%s\n", + total_time, perfstring); + /* we cannot know the major/minor version here for sure as we cannot parse the first line */ + die (STATE_CRITICAL, "HTTP CRITICAL HTTP/x.x %ld unknown - %s", code, msg); + } + + /* get result code from cURL */ + handle_curl_option_return_code (curl_easy_getinfo (curl, CURLINFO_RESPONSE_CODE, &code), "CURLINFO_RESPONSE_CODE"); + if (verbose>=2) + printf ("* curl CURLINFO_RESPONSE_CODE is %ld\n", code); + + /* print status line, header, body if verbose */ + if (verbose >= 2) { + printf ("**** HEADER ****\n%s\n**** CONTENT ****\n%s\n", header_buf.buf, + (no_body ? " [[ skipped ]]" : body_buf.buf)); + } + + /* make sure the status line matches the response we are looking for */ + if (!expected_statuscode(status_line.first_line, server_expect)) { + if (server_port == HTTP_PORT) + snprintf(msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host: %s\n"), status_line.first_line); + else + snprintf(msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host on port %d: %s\n"), server_port, status_line.first_line); + die (STATE_CRITICAL, "HTTP CRITICAL - %s%s%s", msg, + show_body ? "\n" : "", + show_body ? body_buf.buf : ""); + } + + if( server_expect_yn ) { + snprintf(msg, DEFAULT_BUFFER_SIZE, _("Status line output matched \"%s\" - "), server_expect); + if (verbose) + printf ("%s\n",msg); + result = STATE_OK; + } + else { + /* illegal return codes result in a critical state */ + if (code >= 600 || code < 100) { + die (STATE_CRITICAL, _("HTTP CRITICAL: Invalid Status (%d, %.40s)\n"), status_line.http_code, status_line.msg); + /* server errors result in a critical state */ + } else if (code >= 500) { + result = STATE_CRITICAL; + /* client errors result in a warning state */ + } else if (code >= 400) { + result = STATE_WARNING; + /* check redirected page if specified */ + } else if (code >= 300) { + if (onredirect == STATE_DEPENDENT) { + if( followmethod == FOLLOW_LIBCURL ) { + code = status_line.http_code; + } else { + /* old check_http style redirection, if we come + * back here, we are in the same status as with + * the libcurl method + */ + redir (&header_buf); + } + } else { + /* this is a specific code in the command line to + * be returned when a redirection is encoutered + */ + } + result = max_state_alt (onredirect, result); + /* all other codes are considered ok */ + } else { + result = STATE_OK; + } + } + + /* libcurl redirection internally, handle error states here */ + if( followmethod == FOLLOW_LIBCURL ) { + handle_curl_option_return_code (curl_easy_getinfo (curl, CURLINFO_REDIRECT_COUNT, &redir_depth), "CURLINFO_REDIRECT_COUNT"); + if (verbose >= 2) + printf(_("* curl LIBINFO_REDIRECT_COUNT is %d\n"), redir_depth); + if (redir_depth > max_depth) { + snprintf (msg, DEFAULT_BUFFER_SIZE, "maximum redirection depth %d exceeded in libcurl", + max_depth); + die (STATE_WARNING, "HTTP WARNING - %s", msg); + } + } + + /* check status codes, set exit status accordingly */ + if( status_line.http_code != code ) { + die (STATE_CRITICAL, _("HTTP CRITICAL %s %d %s - different HTTP codes (cUrl has %ld)\n"), + string_statuscode (status_line.http_major, status_line.http_minor), + status_line.http_code, status_line.msg, code); + } + + if (maximum_age >= 0) { + result = max_state_alt(check_document_dates(&header_buf, &msg), result); + } + + /* Page and Header content checks go here */ + + if (strlen (header_expect)) { + if (!strstr (header_buf.buf, header_expect)) { + strncpy(&output_header_search[0],header_expect,sizeof(output_header_search)); + if(output_header_search[sizeof(output_header_search)-1]!='\0') { + bcopy("...",&output_header_search[sizeof(output_header_search)-4],4); + } + snprintf (msg, DEFAULT_BUFFER_SIZE, _("%sheader '%s' not found on '%s://%s:%d%s', "), msg, output_header_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url); + result = STATE_CRITICAL; + } + } + + if (strlen (string_expect)) { + if (!strstr (body_buf.buf, string_expect)) { + strncpy(&output_string_search[0],string_expect,sizeof(output_string_search)); + if(output_string_search[sizeof(output_string_search)-1]!='\0') { + bcopy("...",&output_string_search[sizeof(output_string_search)-4],4); + } + snprintf (msg, DEFAULT_BUFFER_SIZE, _("%sstring '%s' not found on '%s://%s:%d%s', "), msg, output_string_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url); + result = STATE_CRITICAL; + } + } + + if (strlen (regexp)) { + errcode = regexec (&preg, body_buf.buf, REGS, pmatch, 0); + if ((errcode == 0 && invert_regex == 0) || (errcode == REG_NOMATCH && invert_regex == 1)) { + /* OK - No-op to avoid changing the logic around it */ + result = max_state_alt(STATE_OK, result); + } + else if ((errcode == REG_NOMATCH && invert_regex == 0) || (errcode == 0 && invert_regex == 1)) { + if (invert_regex == 0) + snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spattern not found, "), msg); + else + snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spattern found, "), msg); + result = STATE_CRITICAL; + } + else { + regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER); + snprintf (msg, DEFAULT_BUFFER_SIZE, _("%sExecute Error: %s, "), msg, errbuf); + result = STATE_UNKNOWN; + } + } + + /* make sure the page is of an appropriate size */ + if ((max_page_len > 0) && (page_len > max_page_len)) { + snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spage size %d too large, "), msg, page_len); + result = max_state_alt(STATE_WARNING, result); + } else if ((min_page_len > 0) && (page_len < min_page_len)) { + snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spage size %d too small, "), msg, page_len); + result = max_state_alt(STATE_WARNING, result); + } + + /* -w, -c: check warning and critical level */ + result = max_state_alt(get_status(total_time, thlds), result); + + /* Cut-off trailing characters */ + if(msg[strlen(msg)-2] == ',') + msg[strlen(msg)-2] = '\0'; + else + msg[strlen(msg)-3] = '\0'; + + /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */ + die (result, "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n%s%s", + state_text(result), string_statuscode (status_line.http_major, status_line.http_minor), + status_line.http_code, status_line.msg, + strlen(msg) > 0 ? " - " : "", + msg, page_len, total_time, + (display_html ? "</A>" : ""), + perfstring, + (show_body ? body_buf.buf : ""), + (show_body ? "\n" : "") ); + + /* proper cleanup after die? */ + curlhelp_free_statusline(&status_line); + curl_easy_cleanup (curl); + curl_global_cleanup (); + curlhelp_freewritebuffer (&body_buf); + curlhelp_freewritebuffer (&header_buf); + if (!strcmp (http_method, "PUT")) { + curlhelp_freereadbuffer (&put_buf); + } + + return result; +} + +int +uri_strcmp (const UriTextRangeA range, const char* s) +{ + if (!range.first) return -1; + if (range.afterLast - range.first < strlen (s)) return -1; + return strncmp (s, range.first, min( range.afterLast - range.first, strlen (s))); +} + +char* +uri_string (const UriTextRangeA range, char* buf, size_t buflen) +{ + if (!range.first) return "(null)"; + strncpy (buf, range.first, max (buflen-1, range.afterLast - range.first)); + buf[max (buflen-1, range.afterLast - range.first)] = '\0'; + buf[range.afterLast - range.first] = '\0'; + return buf; +} + +void +redir (curlhelp_write_curlbuf* header_buf) +{ + char *location = NULL; + curlhelp_statusline status_line; + struct phr_header headers[255]; + size_t nof_headers = 255; + size_t msglen; + char buf[DEFAULT_BUFFER_SIZE]; + char ipstr[INET_ADDR_MAX_SIZE]; + int new_port; + char *new_host; + char *new_url; + + int res = phr_parse_response (header_buf->buf, header_buf->buflen, + &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, + headers, &nof_headers, 0); + + location = get_header_value (headers, nof_headers, "location"); + + if (verbose >= 2) + printf(_("* Seen redirect location %s\n"), location); + + if (++redir_depth > max_depth) + die (STATE_WARNING, + _("HTTP WARNING - maximum redirection depth %d exceeded - %s%s\n"), + max_depth, location, (display_html ? "</A>" : "")); + + UriParserStateA state; + UriUriA uri; + state.uri = &uri; + if (uriParseUriA (&state, location) != URI_SUCCESS) { + if (state.errorCode == URI_ERROR_SYNTAX) { + die (STATE_UNKNOWN, + _("HTTP UNKNOWN - Could not parse redirect location '%s'%s\n"), + location, (display_html ? "</A>" : "")); + } else if (state.errorCode == URI_ERROR_MALLOC) { + die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate URL\n")); + } + } + + if (verbose >= 2) { + printf (_("** scheme: %s\n"), + uri_string (uri.scheme, buf, DEFAULT_BUFFER_SIZE)); + printf (_("** host: %s\n"), + uri_string (uri.hostText, buf, DEFAULT_BUFFER_SIZE)); + printf (_("** port: %s\n"), + uri_string (uri.portText, buf, DEFAULT_BUFFER_SIZE)); + if (uri.hostData.ip4) { + inet_ntop (AF_INET, uri.hostData.ip4->data, ipstr, sizeof (ipstr)); + printf (_("** IPv4: %s\n"), ipstr); + } + if (uri.hostData.ip6) { + inet_ntop (AF_INET, uri.hostData.ip6->data, ipstr, sizeof (ipstr)); + printf (_("** IPv6: %s\n"), ipstr); + } + if (uri.pathHead) { + printf (_("** path: ")); + const UriPathSegmentA* p = uri.pathHead; + for (; p; p = p->next) { + printf ("/%s", uri_string (p->text, buf, DEFAULT_BUFFER_SIZE)); + } + puts (""); + } + if (uri.query.first) { + printf (_("** query: %s\n"), + uri_string (uri.query, buf, DEFAULT_BUFFER_SIZE)); + } + if (uri.fragment.first) { + printf (_("** fragment: %s\n"), + uri_string (uri.fragment, buf, DEFAULT_BUFFER_SIZE)); + } + } + + use_ssl = !uri_strcmp (uri.scheme, "https"); + + /* we do a sloppy test here only, because uriparser would have failed + * above, if the port would be invalid, we just check for MAX_PORT + */ + if (uri.portText.first) { + new_port = atoi (uri_string (uri.portText, buf, DEFAULT_BUFFER_SIZE)); + } else { + new_port = HTTP_PORT; + if (use_ssl) + new_port = HTTPS_PORT; + } + if (new_port > MAX_PORT) + die (STATE_UNKNOWN, + _("HTTP UNKNOWN - Redirection to port above %d - %s%s\n"), + MAX_PORT, location, display_html ? "</A>" : ""); + + /* by RFC 7231 relative URLs in Location should be taken relative to + * the original URL, so wy try to form a new absolute URL here + */ + if (!uri.scheme.first && !uri.hostText.first) { + new_host = strdup (host_name ? host_name : server_address); + } else { + new_host = strdup (uri_string (uri.hostText, buf, DEFAULT_BUFFER_SIZE)); + } + + /* compose new path */ + /* TODO: handle fragments and query part of URL */ + new_url = (char *)calloc( 1, DEFAULT_BUFFER_SIZE); + if (uri.pathHead) { + const UriPathSegmentA* p = uri.pathHead; + for (; p; p = p->next) { + strncat (new_url, "/", DEFAULT_BUFFER_SIZE); + strncat (new_url, uri_string (p->text, buf, DEFAULT_BUFFER_SIZE), DEFAULT_BUFFER_SIZE-1); + } + } + + if (server_port==new_port && + !strncmp(server_address, new_host, MAX_IPV4_HOSTLENGTH) && + (host_name && !strncmp(host_name, new_host, MAX_IPV4_HOSTLENGTH)) && + !strcmp(server_url, new_url)) + die (STATE_CRITICAL, + _("HTTP CRITICAL - redirection creates an infinite loop - %s://%s:%d%s%s\n"), + use_ssl ? "https" : "http", new_host, new_port, new_url, (display_html ? "</A>" : "")); + + /* set new values for redirected request */ + + if (!(followsticky & STICKY_HOST)) { + free (server_address); + server_address = strndup (new_host, MAX_IPV4_HOSTLENGTH); + } + if (!(followsticky & STICKY_PORT)) { + server_port = (unsigned short)new_port; + } + + free (host_name); + host_name = strndup (new_host, MAX_IPV4_HOSTLENGTH); + + /* reset virtual port */ + virtual_port = server_port; + + free(new_host); + free (server_url); + server_url = new_url; + + uriFreeUriMembersA (&uri); + + if (verbose) + printf (_("Redirection to %s://%s:%d%s\n"), use_ssl ? "https" : "http", + host_name ? host_name : server_address, server_port, server_url); + + /* TODO: the hash component MUST be taken from the original URL and + * attached to the URL in Location + */ + + check_http (); +} + +/* check whether a file exists */ +void +test_file (char *path) +{ + if (access(path, R_OK) == 0) + return; + usage2 (_("file does not exist or is not readable"), path); +} + +int +process_arguments (int argc, char **argv) +{ + char *p; + int c = 1; + char *temp; + + enum { + INVERT_REGEX = CHAR_MAX + 1, + SNI_OPTION, + CA_CERT_OPTION, + HTTP_VERSION_OPTION, + AUTOMATIC_DECOMPRESSION + }; + + int option = 0; + int got_plus = 0; + static struct option longopts[] = { + STD_LONG_OPTS, + {"link", no_argument, 0, 'L'}, + {"nohtml", no_argument, 0, 'n'}, + {"ssl", optional_argument, 0, 'S'}, + {"sni", no_argument, 0, SNI_OPTION}, + {"post", required_argument, 0, 'P'}, + {"method", required_argument, 0, 'j'}, + {"IP-address", required_argument, 0, 'I'}, + {"url", required_argument, 0, 'u'}, + {"port", required_argument, 0, 'p'}, + {"authorization", required_argument, 0, 'a'}, + {"proxy-authorization", required_argument, 0, 'b'}, + {"header-string", required_argument, 0, 'd'}, + {"string", required_argument, 0, 's'}, + {"expect", required_argument, 0, 'e'}, + {"regex", required_argument, 0, 'r'}, + {"ereg", required_argument, 0, 'r'}, + {"eregi", required_argument, 0, 'R'}, + {"linespan", no_argument, 0, 'l'}, + {"onredirect", required_argument, 0, 'f'}, + {"certificate", required_argument, 0, 'C'}, + {"client-cert", required_argument, 0, 'J'}, + {"private-key", required_argument, 0, 'K'}, + {"ca-cert", required_argument, 0, CA_CERT_OPTION}, + {"verify-cert", no_argument, 0, 'D'}, + {"useragent", required_argument, 0, 'A'}, + {"header", required_argument, 0, 'k'}, + {"no-body", no_argument, 0, 'N'}, + {"max-age", required_argument, 0, 'M'}, + {"content-type", required_argument, 0, 'T'}, + {"pagesize", required_argument, 0, 'm'}, + {"invert-regex", no_argument, NULL, INVERT_REGEX}, + {"use-ipv4", no_argument, 0, '4'}, + {"use-ipv6", no_argument, 0, '6'}, + {"extended-perfdata", no_argument, 0, 'E'}, + {"show-body", no_argument, 0, 'B'}, + {"http-version", required_argument, 0, HTTP_VERSION_OPTION}, + {"enable-automatic-decompression", no_argument, 0, AUTOMATIC_DECOMPRESSION}, + {0, 0, 0, 0} + }; + + if (argc < 2) + return ERROR; + + /* support check_http compatible arguments */ + for (c = 1; c < argc; c++) { + if (strcmp ("-to", argv[c]) == 0) + strcpy (argv[c], "-t"); + if (strcmp ("-hn", argv[c]) == 0) + strcpy (argv[c], "-H"); + if (strcmp ("-wt", argv[c]) == 0) + strcpy (argv[c], "-w"); + if (strcmp ("-ct", argv[c]) == 0) + strcpy (argv[c], "-c"); + if (strcmp ("-nohtml", argv[c]) == 0) + strcpy (argv[c], "-n"); + } + + server_url = strdup(DEFAULT_SERVER_URL); + + while (1) { + c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:DnlLS::m:M:NEB", longopts, &option); + if (c == -1 || c == EOF || c == 1) + break; + + switch (c) { + case 'h': + print_help(); + exit(STATE_UNKNOWN); + break; + case 'V': + print_revision(progname, NP_VERSION); + print_curl_version(); + exit(STATE_UNKNOWN); + break; + case 'v': + verbose++; + break; + case 't': /* timeout period */ + if (!is_intnonneg (optarg)) + usage2 (_("Timeout interval must be a positive integer"), optarg); + else + socket_timeout = (int)strtol (optarg, NULL, 10); + break; + case 'c': /* critical time threshold */ + critical_thresholds = optarg; + break; + case 'w': /* warning time threshold */ + warning_thresholds = optarg; + break; + case 'H': /* virtual host */ + host_name = strdup (optarg); + if (host_name[0] == '[') { + if ((p = strstr (host_name, "]:")) != NULL) { /* [IPv6]:port */ + virtual_port = atoi (p + 2); + /* cut off the port */ + host_name_length = strlen (host_name) - strlen (p) - 1; + free (host_name); + host_name = strndup (optarg, host_name_length); + } + } else if ((p = strchr (host_name, ':')) != NULL + && strchr (++p, ':') == NULL) { /* IPv4:port or host:port */ + virtual_port = atoi (p); + /* cut off the port */ + host_name_length = strlen (host_name) - strlen (p) - 1; + free (host_name); + host_name = strndup (optarg, host_name_length); + } + break; + case 'I': /* internet address */ + server_address = strdup (optarg); + break; + case 'u': /* URL path */ + server_url = strdup (optarg); + break; + case 'p': /* Server port */ + if (!is_intnonneg (optarg)) + usage2 (_("Invalid port number, expecting a non-negative number"), optarg); + else { + if( strtol(optarg, NULL, 10) > MAX_PORT) + usage2 (_("Invalid port number, supplied port number is too big"), optarg); + server_port = (unsigned short)strtol(optarg, NULL, 10); + specify_port = TRUE; + } + break; + case 'a': /* authorization info */ + strncpy (user_auth, optarg, MAX_INPUT_BUFFER - 1); + user_auth[MAX_INPUT_BUFFER - 1] = 0; + break; + case 'b': /* proxy-authorization info */ + strncpy (proxy_auth, optarg, MAX_INPUT_BUFFER - 1); + proxy_auth[MAX_INPUT_BUFFER - 1] = 0; + break; + case 'P': /* HTTP POST data in URL encoded format; ignored if settings already */ + if (! http_post_data) + http_post_data = strdup (optarg); + if (! http_method) + http_method = strdup("POST"); + break; + case 'j': /* Set HTTP method */ + if (http_method) + free(http_method); + http_method = strdup (optarg); + break; + case 'A': /* useragent */ + strncpy (user_agent, optarg, DEFAULT_BUFFER_SIZE); + user_agent[DEFAULT_BUFFER_SIZE-1] = '\0'; + break; + case 'k': /* Additional headers */ + if (http_opt_headers_count == 0) + http_opt_headers = malloc (sizeof (char *) * (++http_opt_headers_count)); + else + http_opt_headers = realloc (http_opt_headers, sizeof (char *) * (++http_opt_headers_count)); + http_opt_headers[http_opt_headers_count - 1] = optarg; + break; + case 'L': /* show html link */ + display_html = TRUE; + break; + case 'n': /* do not show html link */ + display_html = FALSE; + break; + case 'C': /* Check SSL cert validity */ +#ifdef LIBCURL_FEATURE_SSL + if ((temp=strchr(optarg,','))!=NULL) { + *temp='\0'; + if (!is_intnonneg (optarg)) + usage2 (_("Invalid certificate expiration period"), optarg); + days_till_exp_warn = atoi(optarg); + *temp=','; + temp++; + if (!is_intnonneg (temp)) + usage2 (_("Invalid certificate expiration period"), temp); + days_till_exp_crit = atoi (temp); + } + else { + days_till_exp_crit=0; + if (!is_intnonneg (optarg)) + usage2 (_("Invalid certificate expiration period"), optarg); + days_till_exp_warn = atoi (optarg); + } + check_cert = TRUE; + goto enable_ssl; +#endif + case 'J': /* use client certificate */ +#ifdef LIBCURL_FEATURE_SSL + test_file(optarg); + client_cert = optarg; + goto enable_ssl; +#endif + case 'K': /* use client private key */ +#ifdef LIBCURL_FEATURE_SSL + test_file(optarg); + client_privkey = optarg; + goto enable_ssl; +#endif +#ifdef LIBCURL_FEATURE_SSL + case CA_CERT_OPTION: /* use CA chain file */ + test_file(optarg); + ca_cert = optarg; + goto enable_ssl; +#endif +#ifdef LIBCURL_FEATURE_SSL + case 'D': /* verify peer certificate & host */ + verify_peer_and_host = TRUE; + break; +#endif + case 'S': /* use SSL */ +#ifdef LIBCURL_FEATURE_SSL + enable_ssl: + use_ssl = TRUE; + /* ssl_version initialized to CURL_SSLVERSION_DEFAULT as a default. + * Only set if it's non-zero. This helps when we include multiple + * parameters, like -S and -C combinations */ + ssl_version = CURL_SSLVERSION_DEFAULT; + if (c=='S' && optarg != NULL) { + char *plus_ptr = strchr(optarg, '+'); + if (plus_ptr) { + got_plus = 1; + *plus_ptr = '\0'; + } + + if (optarg[0] == '2') + ssl_version = CURL_SSLVERSION_SSLv2; + else if (optarg[0] == '3') + ssl_version = CURL_SSLVERSION_SSLv3; + else if (!strcmp (optarg, "1") || !strcmp (optarg, "1.0")) +#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) + ssl_version = CURL_SSLVERSION_TLSv1_0; +#else + ssl_version = CURL_SSLVERSION_DEFAULT; +#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */ + else if (!strcmp (optarg, "1.1")) +#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) + ssl_version = CURL_SSLVERSION_TLSv1_1; +#else + ssl_version = CURL_SSLVERSION_DEFAULT; +#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */ + else if (!strcmp (optarg, "1.2")) +#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) + ssl_version = CURL_SSLVERSION_TLSv1_2; +#else + ssl_version = CURL_SSLVERSION_DEFAULT; +#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */ + else if (!strcmp (optarg, "1.3")) +#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0) + ssl_version = CURL_SSLVERSION_TLSv1_3; +#else + ssl_version = CURL_SSLVERSION_DEFAULT; +#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0) */ + else + usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2, 1.3 (with optional '+' suffix)")); + } +#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) + if (got_plus) { + switch (ssl_version) { + case CURL_SSLVERSION_TLSv1_3: + ssl_version |= CURL_SSLVERSION_MAX_TLSv1_3; + break; + case CURL_SSLVERSION_TLSv1_2: + case CURL_SSLVERSION_TLSv1_1: + case CURL_SSLVERSION_TLSv1_0: + ssl_version |= CURL_SSLVERSION_MAX_DEFAULT; + break; + } + } else { + switch (ssl_version) { + case CURL_SSLVERSION_TLSv1_3: + ssl_version |= CURL_SSLVERSION_MAX_TLSv1_3; + break; + case CURL_SSLVERSION_TLSv1_2: + ssl_version |= CURL_SSLVERSION_MAX_TLSv1_2; + break; + case CURL_SSLVERSION_TLSv1_1: + ssl_version |= CURL_SSLVERSION_MAX_TLSv1_1; + break; + case CURL_SSLVERSION_TLSv1_0: + ssl_version |= CURL_SSLVERSION_MAX_TLSv1_0; + break; + } + } +#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) */ + if (verbose >= 2) + printf(_("* Set SSL/TLS version to %d\n"), ssl_version); + if (specify_port == FALSE) + server_port = HTTPS_PORT; + break; +#else /* LIBCURL_FEATURE_SSL */ + /* -C -J and -K fall through to here without SSL */ + usage4 (_("Invalid option - SSL is not available")); + break; + case SNI_OPTION: /* --sni is parsed, but ignored, the default is TRUE with libcurl */ + use_sni = TRUE; + break; +#endif /* LIBCURL_FEATURE_SSL */ + case 'f': /* onredirect */ + if (!strcmp (optarg, "ok")) + onredirect = STATE_OK; + else if (!strcmp (optarg, "warning")) + onredirect = STATE_WARNING; + else if (!strcmp (optarg, "critical")) + onredirect = STATE_CRITICAL; + else if (!strcmp (optarg, "unknown")) + onredirect = STATE_UNKNOWN; + else if (!strcmp (optarg, "follow")) + onredirect = STATE_DEPENDENT; + else if (!strcmp (optarg, "stickyport")) + onredirect = STATE_DEPENDENT, followmethod = FOLLOW_HTTP_CURL, followsticky = STICKY_HOST|STICKY_PORT; + else if (!strcmp (optarg, "sticky")) + onredirect = STATE_DEPENDENT, followmethod = FOLLOW_HTTP_CURL, followsticky = STICKY_HOST; + else if (!strcmp (optarg, "follow")) + onredirect = STATE_DEPENDENT, followmethod = FOLLOW_HTTP_CURL, followsticky = STICKY_NONE; + else if (!strcmp (optarg, "curl")) + onredirect = STATE_DEPENDENT, followmethod = FOLLOW_LIBCURL; + else usage2 (_("Invalid onredirect option"), optarg); + if (verbose >= 2) + printf(_("* Following redirects set to %s\n"), state_text(onredirect)); + break; + case 'd': /* string or substring */ + strncpy (header_expect, optarg, MAX_INPUT_BUFFER - 1); + header_expect[MAX_INPUT_BUFFER - 1] = 0; + break; + case 's': /* string or substring */ + strncpy (string_expect, optarg, MAX_INPUT_BUFFER - 1); + string_expect[MAX_INPUT_BUFFER - 1] = 0; + break; + case 'e': /* string or substring */ + strncpy (server_expect, optarg, MAX_INPUT_BUFFER - 1); + server_expect[MAX_INPUT_BUFFER - 1] = 0; + server_expect_yn = 1; + break; + case 'T': /* Content-type */ + http_content_type = strdup (optarg); + break; + case 'l': /* linespan */ + cflags &= ~REG_NEWLINE; + break; + case 'R': /* regex */ + cflags |= REG_ICASE; + case 'r': /* regex */ + strncpy (regexp, optarg, MAX_RE_SIZE - 1); + regexp[MAX_RE_SIZE - 1] = 0; + errcode = regcomp (&preg, regexp, cflags); + if (errcode != 0) { + (void) regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER); + printf (_("Could Not Compile Regular Expression: %s"), errbuf); + return ERROR; + } + break; + case INVERT_REGEX: + invert_regex = 1; + break; + case '4': + address_family = AF_INET; + break; + case '6': +#if defined (USE_IPV6) && defined (LIBCURL_FEATURE_IPV6) + address_family = AF_INET6; +#else + usage4 (_("IPv6 support not available")); +#endif + break; + case 'm': /* min_page_length */ + { + char *tmp; + if (strchr(optarg, ':') != (char *)NULL) { + /* range, so get two values, min:max */ + tmp = strtok(optarg, ":"); + if (tmp == NULL) { + printf("Bad format: try \"-m min:max\"\n"); + exit (STATE_WARNING); + } else + min_page_len = atoi(tmp); + + tmp = strtok(NULL, ":"); + if (tmp == NULL) { + printf("Bad format: try \"-m min:max\"\n"); + exit (STATE_WARNING); + } else + max_page_len = atoi(tmp); + } else + min_page_len = atoi (optarg); + break; + } + case 'N': /* no-body */ + no_body = TRUE; + break; + case 'M': /* max-age */ + { + int L = strlen(optarg); + if (L && optarg[L-1] == 'm') + maximum_age = atoi (optarg) * 60; + else if (L && optarg[L-1] == 'h') + maximum_age = atoi (optarg) * 60 * 60; + else if (L && optarg[L-1] == 'd') + maximum_age = atoi (optarg) * 60 * 60 * 24; + else if (L && (optarg[L-1] == 's' || + isdigit (optarg[L-1]))) + maximum_age = atoi (optarg); + else { + fprintf (stderr, "unparsable max-age: %s\n", optarg); + exit (STATE_WARNING); + } + if (verbose >= 2) + printf ("* Maximal age of document set to %d seconds\n", maximum_age); + } + break; + case 'E': /* show extended perfdata */ + show_extended_perfdata = TRUE; + break; + case 'B': /* print body content after status line */ + show_body = TRUE; + break; + case HTTP_VERSION_OPTION: + curl_http_version = CURL_HTTP_VERSION_NONE; + if (strcmp (optarg, "1.0") == 0) { + curl_http_version = CURL_HTTP_VERSION_1_0; + } else if (strcmp (optarg, "1.1") == 0) { + curl_http_version = CURL_HTTP_VERSION_1_1; + } else if ((strcmp (optarg, "2.0") == 0) || (strcmp (optarg, "2") == 0)) { +#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 33, 0) + curl_http_version = CURL_HTTP_VERSION_2_0; +#else + curl_http_version = CURL_HTTP_VERSION_NONE; +#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 33, 0) */ + } else { + fprintf (stderr, "unkown http-version parameter: %s\n", optarg); + exit (STATE_WARNING); + } + break; + case AUTOMATIC_DECOMPRESSION: + automatic_decompression = TRUE; + break; + case '?': + /* print short usage statement if args not parsable */ + usage5 (); + break; + } + } + + c = optind; + + if (server_address == NULL && c < argc) + server_address = strdup (argv[c++]); + + if (host_name == NULL && c < argc) + host_name = strdup (argv[c++]); + + if (server_address == NULL) { + if (host_name == NULL) + usage4 (_("You must specify a server address or host name")); + else + server_address = strdup (host_name); + } + + set_thresholds(&thlds, warning_thresholds, critical_thresholds); + + if (critical_thresholds && thlds->critical->end>(double)socket_timeout) + socket_timeout = (int)thlds->critical->end + 1; + if (verbose >= 2) + printf ("* Socket timeout set to %ld seconds\n", socket_timeout); + + if (http_method == NULL) + http_method = strdup ("GET"); + + if (client_cert && !client_privkey) + usage4 (_("If you use a client certificate you must also specify a private key file")); + + if (virtual_port == 0) + virtual_port = server_port; + else { + if ((use_ssl && server_port == HTTPS_PORT) || (!use_ssl && server_port == HTTP_PORT)) + if(specify_port == FALSE) + server_port = virtual_port; + } + + return TRUE; +} + +char *perfd_time (double elapsed_time) +{ + return fperfdata ("time", elapsed_time, "s", + thlds->warning?TRUE:FALSE, thlds->warning?thlds->warning->end:0, + thlds->critical?TRUE:FALSE, thlds->critical?thlds->critical->end:0, + TRUE, 0, TRUE, socket_timeout); +} + +char *perfd_time_connect (double elapsed_time_connect) +{ + return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout); +} + +char *perfd_time_ssl (double elapsed_time_ssl) +{ + return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout); +} + +char *perfd_time_headers (double elapsed_time_headers) +{ + return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout); +} + +char *perfd_time_firstbyte (double elapsed_time_firstbyte) +{ + return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout); +} + +char *perfd_time_transfer (double elapsed_time_transfer) +{ + return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout); +} + +char *perfd_size (int page_len) +{ + return perfdata ("size", page_len, "B", + (min_page_len>0?TRUE:FALSE), min_page_len, + (min_page_len>0?TRUE:FALSE), 0, + TRUE, 0, FALSE, 0); +} + +void +print_help (void) +{ + print_revision (progname, NP_VERSION); + + printf ("Copyright (c) 1999 Ethan Galstad <nagios@nagios.org>\n"); + printf (COPYRIGHT, copyright, email); + + printf ("%s\n", _("This plugin tests the HTTP service on the specified host. It can test")); + printf ("%s\n", _("normal (http) and secure (https) servers, follow redirects, search for")); + printf ("%s\n", _("strings and regular expressions, check connection times, and report on")); + printf ("%s\n", _("certificate expiration times.")); + printf ("\n"); + printf ("%s\n", _("It makes use of libcurl to do so. It tries to be as compatible to check_http")); + printf ("%s\n", _("as possible.")); + + printf ("\n\n"); + + print_usage (); + + printf (_("NOTE: One or both of -H and -I must be specified")); + + printf ("\n"); + + printf (UT_HELP_VRSN); + printf (UT_EXTRA_OPTS); + + printf (" %s\n", "-H, --hostname=ADDRESS"); + printf (" %s\n", _("Host name argument for servers using host headers (virtual host)")); + printf (" %s\n", _("Append a port to include it in the header (eg: example.com:5000)")); + printf (" %s\n", "-I, --IP-address=ADDRESS"); + printf (" %s\n", _("IP address or name (use numeric address if possible to bypass DNS lookup).")); + printf (" %s\n", "-p, --port=INTEGER"); + printf (" %s", _("Port number (default: ")); + printf ("%d)\n", HTTP_PORT); + + printf (UT_IPv46); + +#ifdef LIBCURL_FEATURE_SSL + printf (" %s\n", "-S, --ssl=VERSION[+]"); + printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents")); + printf (" %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,")); + printf (" %s\n", _("1.2 = TLSv1.2, 1.3 = TLSv1.3). With a '+' suffix, newer versions are also accepted.")); + printf (" %s\n", _("Note: SSLv2 and SSLv3 are deprecated and are usually disabled in libcurl")); + printf (" %s\n", "--sni"); + printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); +#if LIBCURL_VERSION_NUM >= 0x071801 + printf (" %s\n", _("Note: --sni is the default in libcurl as SSLv2 and SSLV3 are deprecated and")); + printf (" %s\n", _(" SNI only really works since TLSv1.0")); +#else + printf (" %s\n", _("Note: SNI is not supported in libcurl before 7.18.1")); +#endif + printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); + printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); + printf (" %s\n", _("(when this option is used the URL is not checked.)")); + printf (" %s\n", "-J, --client-cert=FILE"); + printf (" %s\n", _("Name of file that contains the client certificate (PEM format)")); + printf (" %s\n", _("to be used in establishing the SSL session")); + printf (" %s\n", "-K, --private-key=FILE"); + printf (" %s\n", _("Name of file containing the private key (PEM format)")); + printf (" %s\n", _("matching the client certificate")); + printf (" %s\n", "--ca-cert=FILE"); + printf (" %s\n", _("CA certificate file to verify peer against")); + printf (" %s\n", "-D, --verify-cert"); + printf (" %s\n", _("Verify the peer's SSL certificate and hostname")); +#endif + + printf (" %s\n", "-e, --expect=STRING"); + printf (" %s\n", _("Comma-delimited list of strings, at least one of them is expected in")); + printf (" %s", _("the first (status) line of the server response (default: ")); + printf ("%s)\n", HTTP_EXPECT); + printf (" %s\n", _("If specified skips all other status line logic (ex: 3xx, 4xx, 5xx processing)")); + printf (" %s\n", "-d, --header-string=STRING"); + printf (" %s\n", _("String to expect in the response headers")); + printf (" %s\n", "-s, --string=STRING"); + printf (" %s\n", _("String to expect in the content")); + printf (" %s\n", "-u, --url=PATH"); + printf (" %s\n", _("URL to GET or POST (default: /)")); + printf (" %s\n", "-P, --post=STRING"); + printf (" %s\n", _("URL encoded http POST data")); + printf (" %s\n", "-j, --method=STRING (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT)"); + printf (" %s\n", _("Set HTTP method.")); + printf (" %s\n", "-N, --no-body"); + printf (" %s\n", _("Don't wait for document body: stop reading after headers.")); + printf (" %s\n", _("(Note that this still does an HTTP GET or POST, not a HEAD.)")); + printf (" %s\n", "-M, --max-age=SECONDS"); + printf (" %s\n", _("Warn if document is more than SECONDS old. the number can also be of")); + printf (" %s\n", _("the form \"10m\" for minutes, \"10h\" for hours, or \"10d\" for days.")); + printf (" %s\n", "-T, --content-type=STRING"); + printf (" %s\n", _("specify Content-Type header media type when POSTing\n")); + printf (" %s\n", "-l, --linespan"); + printf (" %s\n", _("Allow regex to span newlines (must precede -r or -R)")); + printf (" %s\n", "-r, --regex, --ereg=STRING"); + printf (" %s\n", _("Search page for regex STRING")); + printf (" %s\n", "-R, --eregi=STRING"); + printf (" %s\n", _("Search page for case-insensitive regex STRING")); + printf (" %s\n", "--invert-regex"); + printf (" %s\n", _("Return CRITICAL if found, OK if not\n")); + printf (" %s\n", "-a, --authorization=AUTH_PAIR"); + printf (" %s\n", _("Username:password on sites with basic authentication")); + printf (" %s\n", "-b, --proxy-authorization=AUTH_PAIR"); + printf (" %s\n", _("Username:password on proxy-servers with basic authentication")); + printf (" %s\n", "-A, --useragent=STRING"); + printf (" %s\n", _("String to be sent in http header as \"User Agent\"")); + printf (" %s\n", "-k, --header=STRING"); + printf (" %s\n", _("Any other tags to be sent in http header. Use multiple times for additional headers")); + printf (" %s\n", "-E, --extended-perfdata"); + printf (" %s\n", _("Print additional performance data")); + printf (" %s\n", "-B, --show-body"); + printf (" %s\n", _("Print body content below status line")); + printf (" %s\n", "-L, --link"); + printf (" %s\n", _("Wrap output in HTML link (obsoleted by urlize)")); + printf (" %s\n", "-f, --onredirect=<ok|warning|critical|follow|sticky|stickyport|curl>"); + printf (" %s\n", _("How to handle redirected pages. sticky is like follow but stick to the")); + printf (" %s\n", _("specified IP address. stickyport also ensures port stays the same.")); + printf (" %s\n", _("follow uses the old redirection algorithm of check_http.")); + printf (" %s\n", _("curl uses CURL_FOLLOWLOCATION built into libcurl.")); + printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>"); + printf (" %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)")); + printf ("\n"); + printf (" %s\n", "--http-version=VERSION"); + printf (" %s\n", _("Connect via specific HTTP protocol.")); + printf (" %s\n", _("1.0 = HTTP/1.0, 1.1 = HTTP/1.1, 2.0 = HTTP/2 (HTTP/2 will fail without -S)")); + printf (" %s\n", "--enable-automatic-decompression"); + printf (" %s\n", _("Enable automatic decompression of body (CURLOPT_ACCEPT_ENCODING).")); + printf ("\n"); + + printf (UT_WARN_CRIT); + + printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); + + printf (UT_VERBOSE); + + printf ("\n"); + printf ("%s\n", _("Notes:")); + printf (" %s\n", _("This plugin will attempt to open an HTTP connection with the host.")); + printf (" %s\n", _("Successful connects return STATE_OK, refusals and timeouts return STATE_CRITICAL")); + printf (" %s\n", _("other errors return STATE_UNKNOWN. Successful connects, but incorrect response")); + printf (" %s\n", _("messages from the host result in STATE_WARNING return values. If you are")); + printf (" %s\n", _("checking a virtual server that uses 'host headers' you must supply the FQDN")); + printf (" %s\n", _("(fully qualified domain name) as the [host_name] argument.")); + +#ifdef LIBCURL_FEATURE_SSL + printf ("\n"); + printf (" %s\n", _("This plugin can also check whether an SSL enabled web server is able to")); + printf (" %s\n", _("serve content (optionally within a specified time) or whether the X509 ")); + printf (" %s\n", _("certificate is still valid for the specified number of days.")); + printf ("\n"); + printf (" %s\n", _("Please note that this plugin does not check if the presented server")); + printf (" %s\n", _("certificate matches the hostname of the server, or if the certificate")); + printf (" %s\n", _("has a valid chain of trust to one of the locally installed CAs.")); + printf ("\n"); + printf ("%s\n", _("Examples:")); + printf (" %s\n\n", "CHECK CONTENT: check_curl -w 5 -c 10 --ssl -H www.verisign.com"); + printf (" %s\n", _("When the 'www.verisign.com' server returns its content within 5 seconds,")); + printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds")); + printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,")); + printf (" %s\n", _("a STATE_CRITICAL will be returned.")); + printf ("\n"); + printf (" %s\n\n", "CHECK CERTIFICATE: check_curl -H www.verisign.com -C 14"); + printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 14 days,")); + printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); + printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when")); + printf (" %s\n\n", _("the certificate is expired.")); + printf ("\n"); + printf (" %s\n\n", "CHECK CERTIFICATE: check_curl -H www.verisign.com -C 30,14"); + printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,")); + printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); + printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned.")); + printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days")); +#endif + + printf ("\n %s\n", "CHECK WEBSERVER CONTENT VIA PROXY:"); + printf (" %s\n", _("It is recommended to use an environment proxy like:")); + printf (" %s\n", _("http_proxy=http://192.168.100.35:3128 ./check_curl -H www.monitoring-plugins.org")); + printf (" %s\n", _("legacy proxy requests in check_http style still work:")); + printf (" %s\n", _("check_curl -I 192.168.100.35 -p 3128 -u http://www.monitoring-plugins.org/ -H www.monitoring-plugins.org")); + +#ifdef LIBCURL_FEATURE_SSL + printf ("\n %s\n", "CHECK SSL WEBSERVER CONTENT VIA PROXY USING HTTP 1.1 CONNECT: "); + printf (" %s\n", _("It is recommended to use an environment proxy like:")); + printf (" %s\n", _("https_proxy=http://192.168.100.35:3128 ./check_curl -H www.verisign.com -S")); + printf (" %s\n", _("legacy proxy requests in check_http style still work:")); + printf (" %s\n", _("check_curl -I 192.168.100.35 -p 3128 -u https://www.verisign.com/ -S -j CONNECT -H www.verisign.com ")); + printf (" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>")); + printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds")); + printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,")); + printf (" %s\n", _("a STATE_CRITICAL will be returned.")); + +#endif + + printf (UT_SUPPORT); + +} + + + +void +print_usage (void) +{ + printf ("%s\n", _("Usage:")); + printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname); + printf (" [-J <client certificate file>] [-K <private key>] [--ca-cert <CA certificate file>] [-D]\n"); + printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n"); + printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport|curl>]\n"); + printf (" [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); + printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n"); + printf (" [-A string] [-k string] [-S <version>] [--sni]\n"); + printf (" [-T <content-type>] [-j method]\n"); + printf (" [--http-version=<version>]\n"); + printf (" %s -H <vhost> | -I <IP-address> -C <warn_age>[,<crit_age>]\n",progname); + printf (" [-p <port>] [-t <timeout>] [-4|-6] [--sni]\n"); + printf ("\n"); +#ifdef LIBCURL_FEATURE_SSL + printf ("%s\n", _("In the first form, make an HTTP request.")); + printf ("%s\n\n", _("In the second form, connect to the server and check the TLS certificate.")); +#endif + printf ("%s\n", _("WARNING: check_curl is experimental. Please use")); + printf ("%s\n\n", _("check_http if you need a stable version.")); +} + +void +print_curl_version (void) +{ + printf( "%s\n", curl_version()); +} + +int +curlhelp_initwritebuffer (curlhelp_write_curlbuf *buf) +{ + buf->bufsize = DEFAULT_BUFFER_SIZE; + buf->buflen = 0; + buf->buf = (char *)malloc ((size_t)buf->bufsize); + if (buf->buf == NULL) return -1; + return 0; +} + +int +curlhelp_buffer_write_callback (void *buffer, size_t size, size_t nmemb, void *stream) +{ + curlhelp_write_curlbuf *buf = (curlhelp_write_curlbuf *)stream; + + while (buf->bufsize < buf->buflen + size * nmemb + 1) { + buf->bufsize *= buf->bufsize * 2; + buf->buf = (char *)realloc (buf->buf, buf->bufsize); + if (buf->buf == NULL) return -1; + } + + memcpy (buf->buf + buf->buflen, buffer, size * nmemb); + buf->buflen += size * nmemb; + buf->buf[buf->buflen] = '\0'; + + return (int)(size * nmemb); +} + +int +curlhelp_buffer_read_callback (void *buffer, size_t size, size_t nmemb, void *stream) +{ + curlhelp_read_curlbuf *buf = (curlhelp_read_curlbuf *)stream; + + size_t n = min (nmemb * size, buf->buflen - buf->pos); + + memcpy (buffer, buf->buf + buf->pos, n); + buf->pos += n; + + return (int)n; +} + +void +curlhelp_freewritebuffer (curlhelp_write_curlbuf *buf) +{ + free (buf->buf); + buf->buf = NULL; +} + +int +curlhelp_initreadbuffer (curlhelp_read_curlbuf *buf, const char *data, size_t datalen) +{ + buf->buflen = datalen; + buf->buf = (char *)malloc ((size_t)buf->buflen); + if (buf->buf == NULL) return -1; + memcpy (buf->buf, data, datalen); + buf->pos = 0; + return 0; +} + +void +curlhelp_freereadbuffer (curlhelp_read_curlbuf *buf) +{ + free (buf->buf); + buf->buf = NULL; +} + +/* TODO: where to put this, it's actually part of sstrings2 (logically)? + */ +const char* +strrstr2(const char *haystack, const char *needle) +{ + int counter; + size_t len; + const char *prev_pos; + const char *pos; + + if (haystack == NULL || needle == NULL) + return NULL; + + if (haystack[0] == '\0' || needle[0] == '\0') + return NULL; + + counter = 0; + prev_pos = NULL; + pos = haystack; + len = strlen (needle); + for (;;) { + pos = strstr (pos, needle); + if (pos == NULL) { + if (counter == 0) + return NULL; + else + return prev_pos; + } + counter++; + prev_pos = pos; + pos += len; + if (*pos == '\0') return prev_pos; + } +} + +int +curlhelp_parse_statusline (const char *buf, curlhelp_statusline *status_line) +{ + char *first_line_end; + char *p; + size_t first_line_len; + char *pp; + const char *start; + char *first_line_buf; + + /* find last start of a new header */ + start = strrstr2 (buf, "\r\nHTTP/"); + if (start != NULL) { + start += 2; + buf = start; + } + + first_line_end = strstr(buf, "\r\n"); + if (first_line_end == NULL) return -1; + + first_line_len = (size_t)(first_line_end - buf); + status_line->first_line = (char *)malloc (first_line_len + 1); + if (status_line->first_line == NULL) return -1; + memcpy (status_line->first_line, buf, first_line_len); + status_line->first_line[first_line_len] = '\0'; + first_line_buf = strdup( status_line->first_line ); + + /* protocol and version: "HTTP/x.x" SP or "HTTP/2" SP */ + + p = strtok(first_line_buf, "/"); + if( p == NULL ) { free( first_line_buf ); return -1; } + if( strcmp( p, "HTTP" ) != 0 ) { free( first_line_buf ); return -1; } + + p = strtok( NULL, " " ); + if( p == NULL ) { free( first_line_buf ); return -1; } + if( strchr( p, '.' ) != NULL ) { + + /* HTTP 1.x case */ + char *ppp; + ppp = strtok( p, "." ); + status_line->http_major = (int)strtol( p, &pp, 10 ); + if( *pp != '\0' ) { free( first_line_buf ); return -1; } + ppp = strtok( NULL, " " ); + status_line->http_minor = (int)strtol( p, &pp, 10 ); + if( *pp != '\0' ) { free( first_line_buf ); return -1; } + p += 4; /* 1.x SP */ + } else { + /* HTTP 2 case */ + status_line->http_major = (int)strtol( p, &pp, 10 ); + status_line->http_minor = 0; + p += 2; /* 2 SP */ + } + + /* status code: "404" or "404.1", then SP */ + + p = strtok( p, " " ); + if( p == NULL ) { free( first_line_buf ); return -1; } + if( strchr( p, '.' ) != NULL ) { + char *ppp; + ppp = strtok( p, "." ); + status_line->http_code = (int)strtol( ppp, &pp, 10 ); + if( *pp != '\0' ) { free( first_line_buf ); return -1; } + ppp = strtok( NULL, "" ); + status_line->http_subcode = (int)strtol( ppp, &pp, 10 ); + if( *pp != '\0' ) { free( first_line_buf ); return -1; } + p += 6; /* 400.1 SP */ + } else { + status_line->http_code = (int)strtol( p, &pp, 10 ); + status_line->http_subcode = -1; + if( *pp != '\0' ) { free( first_line_buf ); return -1; } + p += 4; /* 400 SP */ + } + + /* Human readable message: "Not Found" CRLF */ + + p = strtok( p, "" ); + if( p == NULL ) { status_line->msg = ""; return 0; } + status_line->msg = status_line->first_line + ( p - first_line_buf ); + free( first_line_buf ); + + return 0; +} + +void +curlhelp_free_statusline (curlhelp_statusline *status_line) +{ + free (status_line->first_line); +} + +void +remove_newlines (char *s) +{ + char *p; + + for (p = s; *p != '\0'; p++) + if (*p == '\r' || *p == '\n') + *p = ' '; +} + +char * +get_header_value (const struct phr_header* headers, const size_t nof_headers, const char* header) +{ + int i; + for( i = 0; i < nof_headers; i++ ) { + if(headers[i].name != NULL && strncasecmp( header, headers[i].name, max( headers[i].name_len, 4 ) ) == 0 ) { + return strndup( headers[i].value, headers[i].value_len ); + } + } + return NULL; +} + +int +check_document_dates (const curlhelp_write_curlbuf *header_buf, char (*msg)[DEFAULT_BUFFER_SIZE]) +{ + char *server_date = NULL; + char *document_date = NULL; + int date_result = STATE_OK; + curlhelp_statusline status_line; + struct phr_header headers[255]; + size_t nof_headers = 255; + size_t msglen; + + int res = phr_parse_response (header_buf->buf, header_buf->buflen, + &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, + headers, &nof_headers, 0); + + server_date = get_header_value (headers, nof_headers, "date"); + document_date = get_header_value (headers, nof_headers, "last-modified"); + + if (!server_date || !*server_date) { + snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sServer date unknown, "), *msg); + date_result = max_state_alt(STATE_UNKNOWN, date_result); + } else if (!document_date || !*document_date) { + snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sDocument modification date unknown, "), *msg); + date_result = max_state_alt(STATE_CRITICAL, date_result); + } else { + time_t srv_data = curl_getdate (server_date, NULL); + time_t doc_data = curl_getdate (document_date, NULL); + if (verbose >= 2) + printf ("* server date: '%s' (%d), doc_date: '%s' (%d)\n", server_date, (int)srv_data, document_date, (int)doc_data); + if (srv_data <= 0) { + snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sServer date \"%100s\" unparsable, "), *msg, server_date); + date_result = max_state_alt(STATE_CRITICAL, date_result); + } else if (doc_data <= 0) { + snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sDocument date \"%100s\" unparsable, "), *msg, document_date); + date_result = max_state_alt(STATE_CRITICAL, date_result); + } else if (doc_data > srv_data + 30) { + snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sDocument is %d seconds in the future, "), *msg, (int)doc_data - (int)srv_data); + date_result = max_state_alt(STATE_CRITICAL, date_result); + } else if (doc_data < srv_data - maximum_age) { + int n = (srv_data - doc_data); + if (n > (60 * 60 * 24 * 2)) { + snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sLast modified %.1f days ago, "), *msg, ((float) n) / (60 * 60 * 24)); + date_result = max_state_alt(STATE_CRITICAL, date_result); + } else { + snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sLast modified %d:%02d:%02d ago, "), *msg, n / (60 * 60), (n / 60) % 60, n % 60); + date_result = max_state_alt(STATE_CRITICAL, date_result); + } + } + } + + if (server_date) free (server_date); + if (document_date) free (document_date); + + return date_result; +} + + +int +get_content_length (const curlhelp_write_curlbuf* header_buf, const curlhelp_write_curlbuf* body_buf) +{ + const char *s; + int content_length = 0; + char *copy; + struct phr_header headers[255]; + size_t nof_headers = 255; + size_t msglen; + char *content_length_s = NULL; + curlhelp_statusline status_line; + + int res = phr_parse_response (header_buf->buf, header_buf->buflen, + &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, + headers, &nof_headers, 0); + + content_length_s = get_header_value (headers, nof_headers, "content-length"); + if (!content_length_s) { + return header_buf->buflen + body_buf->buflen; + } + content_length_s += strspn (content_length_s, " \t"); + content_length = atoi (content_length_s); + if (content_length != body_buf->buflen) { + /* TODO: should we warn if the actual and the reported body length don't match? */ + } + + if (content_length_s) free (content_length_s); + + return header_buf->buflen + body_buf->buflen; +} + +/* TODO: is there a better way in libcurl to check for the SSL library? */ +curlhelp_ssl_library +curlhelp_get_ssl_library (CURL* curl) +{ + curl_version_info_data* version_data; + char *ssl_version; + char *library; + curlhelp_ssl_library ssl_library = CURLHELP_SSL_LIBRARY_UNKNOWN; + + version_data = curl_version_info (CURLVERSION_NOW); + if (version_data == NULL) return CURLHELP_SSL_LIBRARY_UNKNOWN; + + ssl_version = strdup (version_data->ssl_version); + if (ssl_version == NULL ) return CURLHELP_SSL_LIBRARY_UNKNOWN; + + library = strtok (ssl_version, "/"); + if (library == NULL) return CURLHELP_SSL_LIBRARY_UNKNOWN; + + if (strcmp (library, "OpenSSL") == 0) + ssl_library = CURLHELP_SSL_LIBRARY_OPENSSL; + else if (strcmp (library, "LibreSSL") == 0) + ssl_library = CURLHELP_SSL_LIBRARY_LIBRESSL; + else if (strcmp (library, "GnuTLS") == 0) + ssl_library = CURLHELP_SSL_LIBRARY_GNUTLS; + else if (strcmp (library, "NSS") == 0) + ssl_library = CURLHELP_SSL_LIBRARY_NSS; + + if (verbose >= 2) + printf ("* SSL library string is : %s %s (%d)\n", version_data->ssl_version, library, ssl_library); + + free (ssl_version); + + return ssl_library; +} + +const char* +curlhelp_get_ssl_library_string (curlhelp_ssl_library ssl_library) +{ + switch (ssl_library) { + case CURLHELP_SSL_LIBRARY_OPENSSL: + return "OpenSSL"; + case CURLHELP_SSL_LIBRARY_LIBRESSL: + return "LibreSSL"; + case CURLHELP_SSL_LIBRARY_GNUTLS: + return "GnuTLS"; + case CURLHELP_SSL_LIBRARY_NSS: + return "NSS"; + case CURLHELP_SSL_LIBRARY_UNKNOWN: + default: + return "unknown"; + } +} + +#ifdef LIBCURL_FEATURE_SSL +#ifndef USE_OPENSSL +time_t +parse_cert_date (const char *s) +{ + struct tm tm; + time_t date; + char *res; + + if (!s) return -1; + + /* Jan 17 14:25:12 2020 GMT */ + res = strptime (s, "%Y-%m-%d %H:%M:%S GMT", &tm); + /* Sep 11 12:00:00 2020 GMT */ + if (res == NULL) strptime (s, "%Y %m %d %H:%M:%S GMT", &tm); + date = mktime (&tm); + + return date; +} + +/* TODO: this needs cleanup in the sslutils.c, maybe we the #else case to + * OpenSSL could be this function + */ +int +net_noopenssl_check_certificate (cert_ptr_union* cert_ptr, int days_till_exp_warn, int days_till_exp_crit) +{ + int i; + struct curl_slist* slist; + int cname_found = 0; + char* start_date_str = NULL; + char* end_date_str = NULL; + time_t start_date; + time_t end_date; + char *tz; + float time_left; + int days_left; + int time_remaining; + char timestamp[50] = ""; + int status = STATE_UNKNOWN; + + if (verbose >= 2) + printf ("**** REQUEST CERTIFICATES ****\n"); + + for (i = 0; i < cert_ptr->to_certinfo->num_of_certs; i++) { + for (slist = cert_ptr->to_certinfo->certinfo[i]; slist; slist = slist->next) { + /* find first common name in subject, + * TODO: check alternative subjects for + * TODO: have a decent parser here and not a hack + * multi-host certificate, check wildcards + */ + if (strncasecmp (slist->data, "Subject:", 8) == 0) { + int d = 3; + char* p = strstr (slist->data, "CN="); + if (p == NULL) { + d = 5; + p = strstr (slist->data, "CN = "); + } + if (p != NULL) { + if (strncmp (host_name, p+d, strlen (host_name)) == 0) { + cname_found = 1; + } + } + } else if (strncasecmp (slist->data, "Start Date:", 11) == 0) { + start_date_str = &slist->data[11]; + } else if (strncasecmp (slist->data, "Expire Date:", 12) == 0) { + end_date_str = &slist->data[12]; + } else if (strncasecmp (slist->data, "Cert:", 5) == 0) { + goto HAVE_FIRST_CERT; + } + if (verbose >= 2) + printf ("%d ** %s\n", i, slist->data); + } + } +HAVE_FIRST_CERT: + + if (verbose >= 2) + printf ("**** REQUEST CERTIFICATES ****\n"); + + if (!cname_found) { + printf("%s\n",_("CRITICAL - Cannot retrieve certificate subject.")); + return STATE_CRITICAL; + } + + start_date = parse_cert_date (start_date_str); + if (start_date <= 0) { + snprintf (msg, DEFAULT_BUFFER_SIZE, _("WARNING - Unparsable 'Start Date' in certificate: '%s'"), + start_date_str); + puts (msg); + return STATE_WARNING; + } + + end_date = parse_cert_date (end_date_str); + if (end_date <= 0) { + snprintf (msg, DEFAULT_BUFFER_SIZE, _("WARNING - Unparsable 'Expire Date' in certificate: '%s'"), + start_date_str); + puts (msg); + return STATE_WARNING; + } + + time_left = difftime (end_date, time(NULL)); + days_left = time_left / 86400; + tz = getenv("TZ"); + setenv("TZ", "GMT", 1); + tzset(); + strftime(timestamp, 50, "%c %z", localtime(&end_date)); + if (tz) + setenv("TZ", tz, 1); + else + unsetenv("TZ"); + tzset(); + + if (days_left > 0 && days_left <= days_till_exp_warn) { + printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", host_name, days_left, timestamp); + if (days_left > days_till_exp_crit) + status = STATE_WARNING; + else + status = STATE_CRITICAL; + } else if (days_left == 0 && time_left > 0) { + if (time_left >= 3600) + time_remaining = (int) time_left / 3600; + else + time_remaining = (int) time_left / 60; + + printf (_("%s - Certificate '%s' expires in %u %s (%s)\n"), + (days_left>days_till_exp_crit) ? "WARNING" : "CRITICAL", host_name, time_remaining, + time_left >= 3600 ? "hours" : "minutes", timestamp); + + if ( days_left > days_till_exp_crit) + status = STATE_WARNING; + else + status = STATE_CRITICAL; + } else if (time_left < 0) { + printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), host_name, timestamp); + status=STATE_CRITICAL; + } else if (days_left == 0) { + printf (_("%s - Certificate '%s' just expired (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", host_name, timestamp); + if (days_left > days_till_exp_crit) + status = STATE_WARNING; + else + status = STATE_CRITICAL; + } else { + printf(_("OK - Certificate '%s' will expire on %s.\n"), host_name, timestamp); + status = STATE_OK; + } + return status; +} +#endif /* USE_OPENSSL */ +#endif /* LIBCURL_FEATURE_SSL */ diff --git a/plugins/check_dbi.c b/plugins/check_dbi.c index a3d033f4..ced13d05 100644 --- a/plugins/check_dbi.c +++ b/plugins/check_dbi.c @@ -35,6 +35,7 @@ const char *email = "devel@monitoring-plugins.org"; #include "common.h" #include "utils.h" +#include "utils_cmd.h" #include "netutils.h" @@ -368,10 +369,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'c': /* critical range */ critical_range = optarg; diff --git a/plugins/check_dig.c b/plugins/check_dig.c index d899b119..5d85ae26 100644 --- a/plugins/check_dig.c +++ b/plugins/check_dig.c @@ -48,7 +48,7 @@ void print_usage (void); #define UNDEFINED 0 #define DEFAULT_PORT 53 -#define DEFAULT_TRIES 3 +#define DEFAULT_TRIES 2 char *query_address = NULL; char *record_type = "A"; @@ -94,7 +94,7 @@ main (int argc, char **argv) timeout_interval_dig = timeout_interval / number_tries + number_tries; /* get the command to run */ - xasprintf (&command_line, "%s %s %s -p %d @%s %s %s +tries=%d +time=%d", + xasprintf (&command_line, "%s %s %s -p %d @%s %s %s +retry=%d +time=%d", PATH_TO_DIG, dig_args, query_transport, server_port, dns_server, query_address, record_type, number_tries, timeout_interval_dig); alarm (timeout_interval); @@ -125,7 +125,7 @@ main (int argc, char **argv) if (verbose) printf ("%s\n", chld_out.line[i]); - if (strstr (chld_out.line[i], (expected_address == NULL ? query_address : expected_address)) != NULL) { + if (strcasestr (chld_out.line[i], (expected_address == NULL ? query_address : expected_address)) != NULL) { msg = chld_out.line[i]; result = STATE_OK; @@ -223,10 +223,10 @@ process_arguments (int argc, char **argv) switch (c) { case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'H': /* hostname */ host_or_die(optarg); dns_server = optarg; @@ -331,7 +331,7 @@ print_help (void) printf ("Copyright (c) 2000 Karl DeBisschop <kdebisschop@users.sourceforge.net>\n"); printf (COPYRIGHT, copyright, email); - printf (_("This plugin test the DNS service on the specified host using dig")); + printf (_("This plugin tests the DNS service on the specified host using dig")); printf ("\n\n"); diff --git a/plugins/check_disk.c b/plugins/check_disk.c index 0d73a4f1..54befcad 100644 --- a/plugins/check_disk.c +++ b/plugins/check_disk.c @@ -1,29 +1,29 @@ /***************************************************************************** -* +* * Monitoring check_disk plugin -* +* * License: GPL * Copyright (c) 1999-2008 Monitoring Plugins Development Team -* +* * Description: -* +* * This file contains the check_disk plugin -* -* +* +* * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. -* +* * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. -* +* * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. -* -* +* +* *****************************************************************************/ const char *progname = "check_disk"; @@ -46,7 +46,7 @@ const char *email = "devel@monitoring-plugins.org"; #include <stdarg.h> #include "fsusage.h" #include "mountlist.h" -#include "intprops.h" /* necessary for TYPE_MAXIMUM */ +#include "intprops.h" /* necessary for TYPE_MAXIMUM */ #if HAVE_LIMITS_H # include <limits.h> #endif @@ -58,9 +58,6 @@ const char *email = "devel@monitoring-plugins.org"; # define ERROR -1 #endif -/* If nonzero, show inode information. */ -static int inode_format = 1; - /* If nonzero, show even filesystems with zero size or uninteresting types. */ static int show_all_fs = 1; @@ -144,6 +141,7 @@ int erronly = FALSE; int display_mntp = FALSE; int exact_match = FALSE; int freespace_ignore_reserved = FALSE; +int display_inodes_perfdata = FALSE; char *warn_freespace_units = NULL; char *crit_freespace_units = NULL; char *warn_freespace_percent = NULL; @@ -170,15 +168,14 @@ main (int argc, char **argv) char *output; char *details; char *perf; + char *perf_ilabel; char *preamble; char *flag_header; double inode_space_pct; - double warning_high_tide; - double critical_high_tide; int temp_result; struct mount_entry *me; - struct fs_usage fsp, tmpfsp; + struct fs_usage fsp; struct parameter_list *temp_list, *path; #ifdef __CYGWIN__ @@ -189,6 +186,7 @@ main (int argc, char **argv) output = strdup (""); details = strdup (""); perf = strdup (""); + perf_ilabel = strdup (""); stat_buf = malloc(sizeof *stat_buf); setlocale (LC_ALL, ""); @@ -245,17 +243,17 @@ main (int argc, char **argv) #ifdef __CYGWIN__ if (strncmp(path->name, "/cygdrive/", 10) != 0 || strlen(path->name) > 11) - continue; + continue; snprintf(mountdir, sizeof(mountdir), "%s:\\", me->me_mountdir + 10); if (GetDriveType(mountdir) != DRIVE_FIXED) - me->me_remote = 1; + me->me_remote = 1; #endif /* Filters */ /* Remove filesystems already seen */ if (np_seen_name(seen, me->me_mountdir)) { continue; - } + } np_add_name(&seen, me->me_mountdir); if (path->group == NULL) { @@ -288,8 +286,17 @@ main (int argc, char **argv) get_stats (path, &fsp); if (verbose >= 3) { - printf ("For %s, used_pct=%g free_pct=%g used_units=%g free_units=%g total_units=%g used_inodes_pct=%g free_inodes_pct=%g fsp.fsu_blocksize=%llu mult=%llu\n", - me->me_mountdir, path->dused_pct, path->dfree_pct, path->dused_units, path->dfree_units, path->dtotal_units, path->dused_inodes_percent, path->dfree_inodes_percent, fsp.fsu_blocksize, mult); + printf ("For %s, used_pct=%g free_pct=%g used_units=%llu free_units=%llu total_units=%llu used_inodes_pct=%g free_inodes_pct=%g fsp.fsu_blocksize=%llu mult=%llu\n", + me->me_mountdir, + path->dused_pct, + path->dfree_pct, + path->dused_units, + path->dfree_units, + path->dtotal_units, + path->dused_inodes_percent, + path->dfree_inodes_percent, + fsp.fsu_blocksize, + mult); } /* Threshold comparisons */ @@ -326,54 +333,79 @@ main (int argc, char **argv) */ /* *_high_tide must be reinitialized at each run */ - warning_high_tide = UINT_MAX; - critical_high_tide = UINT_MAX; + uint64_t warning_high_tide = UINT64_MAX; if (path->freespace_units->warning != NULL) { - warning_high_tide = path->dtotal_units - path->freespace_units->warning->end; + warning_high_tide = (path->dtotal_units - path->freespace_units->warning->end) * mult; } if (path->freespace_percent->warning != NULL) { - warning_high_tide = abs( min( (double) warning_high_tide, (double) (1.0 - path->freespace_percent->warning->end/100)*path->dtotal_units )); + warning_high_tide = min( warning_high_tide, (uint64_t)((1.0 - path->freespace_percent->warning->end/100) * (path->dtotal_units * mult)) ); } + + uint64_t critical_high_tide = UINT64_MAX; + if (path->freespace_units->critical != NULL) { - critical_high_tide = path->dtotal_units - path->freespace_units->critical->end; + critical_high_tide = (path->dtotal_units - path->freespace_units->critical->end) * mult; } if (path->freespace_percent->critical != NULL) { - critical_high_tide = abs( min( (double) critical_high_tide, (double) (1.0 - path->freespace_percent->critical->end/100)*path->dtotal_units )); + critical_high_tide = min( critical_high_tide, (uint64_t)((1.0 - path->freespace_percent->critical->end/100) * (path->dtotal_units * mult)) ); } - /* Nb: *_high_tide are unset when == UINT_MAX */ + /* Nb: *_high_tide are unset when == UINT64_MAX */ xasprintf (&perf, "%s %s", perf, - perfdata ((!strcmp(me->me_mountdir, "none") || display_mntp) ? me->me_devname : me->me_mountdir, - path->dused_units, units, - (warning_high_tide != UINT_MAX ? TRUE : FALSE), warning_high_tide, - (critical_high_tide != UINT_MAX ? TRUE : FALSE), critical_high_tide, - TRUE, 0, - TRUE, path->dtotal_units)); + perfdata_uint64 ( + (!strcmp(me->me_mountdir, "none") || display_mntp) ? me->me_devname : me->me_mountdir, + path->dused_units * mult, "B", + (warning_high_tide == UINT64_MAX ? FALSE : TRUE), warning_high_tide, + (critical_high_tide == UINT64_MAX ? FALSE : TRUE), critical_high_tide, + TRUE, 0, + TRUE, path->dtotal_units * mult)); + + if (display_inodes_perfdata) { + /* *_high_tide must be reinitialized at each run */ + warning_high_tide = UINT64_MAX; + critical_high_tide = UINT64_MAX; + + if (path->freeinodes_percent->warning != NULL) { + warning_high_tide = llabs( min( (double) warning_high_tide, (double) (1.0 - path->freeinodes_percent->warning->end/100)*path->inodes_total )); + } + if (path->freeinodes_percent->critical != NULL) { + critical_high_tide = llabs( min( (double) critical_high_tide, (double) (1.0 - path->freeinodes_percent->critical->end/100)*path->inodes_total )); + } + + xasprintf (&perf_ilabel, "%s (inodes)", (!strcmp(me->me_mountdir, "none") || display_mntp) ? me->me_devname : me->me_mountdir); + /* Nb: *_high_tide are unset when == UINT64_MAX */ + xasprintf (&perf, "%s %s", perf, + perfdata_uint64 (perf_ilabel, + path->inodes_used, "", + (warning_high_tide != UINT64_MAX ? TRUE : FALSE), warning_high_tide, + (critical_high_tide != UINT64_MAX ? TRUE : FALSE), critical_high_tide, + TRUE, 0, + TRUE, path->inodes_total)); + } if (disk_result==STATE_OK && erronly && !verbose) continue; - if(disk_result && verbose >= 1) { - xasprintf(&flag_header, " %s [", state_text (disk_result)); - } else { - xasprintf(&flag_header, ""); - } - xasprintf (&output, "%s%s %s %.0f %s (%.0f%%", - output, flag_header, - (!strcmp(me->me_mountdir, "none") || display_mntp) ? me->me_devname : me->me_mountdir, - path->dfree_units, - units, - path->dfree_pct); - if (path->dused_inodes_percent < 0) { - xasprintf(&output, "%s inode=-)%s;", output, (disk_result ? "]" : "")); - } else { - xasprintf(&output, "%s inode=%.0f%%)%s;", output, path->dfree_inodes_percent, ((disk_result && verbose >= 1) ? "]" : "")); - } + if(disk_result && verbose >= 1) { + xasprintf(&flag_header, " %s [", state_text (disk_result)); + } else { + xasprintf(&flag_header, ""); + } + xasprintf (&output, "%s%s %s %llu%s (%.0f%%", + output, flag_header, + (!strcmp(me->me_mountdir, "none") || display_mntp) ? me->me_devname : me->me_mountdir, + path->dfree_units, + units, + path->dfree_pct); + if (path->dused_inodes_percent < 0) { + xasprintf(&output, "%s inode=-)%s;", output, (disk_result ? "]" : "")); + } else { + xasprintf(&output, "%s inode=%.0f%%)%s;", output, path->dfree_inodes_percent, ((disk_result && verbose >= 1) ? "]" : "")); + } free(flag_header); /* TODO: Need to do a similar debug line - xasprintf (&details, _("%s\n\ -%.0f of %.0f %s (%.0f%% inode=%.0f%%) free on %s (type %s mounted on %s) warn:%lu crit:%lu warn%%:%.0f%% crit%%:%.0f%%"), + xasprintf (&details, _("%s\n\%.0f of %.0f %s (%.0f%% inode=%.0f%%) free on %s (type %s mounted on %s) warn:%lu crit:%lu warn%%:%.0f%% crit%%:%.0f%%"), details, dfree_units, dtotal_units, units, dfree_pct, inode_space_pct, me->me_devname, me->me_type, me->me_mountdir, (unsigned long)w_df, (unsigned long)c_df, w_dfp, c_dfp); @@ -423,9 +455,7 @@ process_arguments (int argc, char **argv) int c, err; struct parameter_list *se; struct parameter_list *temp_list = NULL, *previous = NULL; - struct parameter_list *temp_path_select_list = NULL; - struct mount_entry *me, *temp_me; - int result = OK; + struct mount_entry *me; regex_t re; int cflags = REG_NOSUB | REG_EXTENDED; int default_cflags = cflags; @@ -460,6 +490,7 @@ process_arguments (int argc, char **argv) {"ignore-eregi-partition", required_argument, 0, 'I'}, {"local", no_argument, 0, 'l'}, {"stat-remote-fs", no_argument, 0, 'L'}, + {"iperfdata", no_argument, 0, 'P'}, {"mountpoint", no_argument, 0, 'M'}, {"errors-only", no_argument, 0, 'e'}, {"exact-match", no_argument, 0, 'E'}, @@ -482,7 +513,7 @@ process_arguments (int argc, char **argv) strcpy (argv[c], "-t"); while (1) { - c = getopt_long (argc, argv, "+?VqhvefCt:c:w:K:W:u:p:x:X:N:mklLg:R:r:i:I:MEA", longopts, &option); + c = getopt_long (argc, argv, "+?VqhvefCt:c:w:K:W:u:p:x:X:N:mklLPg:R:r:i:I:MEA", longopts, &option); if (c == -1 || c == EOF) break; @@ -535,14 +566,14 @@ process_arguments (int argc, char **argv) } break; - case 'W': /* warning inode threshold */ + case 'W': /* warning inode threshold */ if (*optarg == '@') { warn_freeinodes_percent = optarg; } else { xasprintf(&warn_freeinodes_percent, "@%s", optarg); } break; - case 'K': /* critical inode threshold */ + case 'K': /* critical inode threshold */ if (*optarg == '@') { crit_freeinodes_percent = optarg; } else { @@ -552,21 +583,24 @@ process_arguments (int argc, char **argv) case 'u': if (units) free(units); - if (! strcmp (optarg, "bytes")) { + if (! strcasecmp (optarg, "bytes")) { mult = (uintmax_t)1; units = strdup ("B"); - } else if (! strcmp (optarg, "kB")) { + } else if ( (! strcmp (optarg, "kB")) || (!strcmp(optarg, "KiB")) ) { mult = (uintmax_t)1024; - units = strdup ("kB"); - } else if (! strcmp (optarg, "MB")) { + units = strdup ("kiB"); + } else if ( (! strcmp (optarg, "MB")) || (!strcmp(optarg, "MiB")) ) { mult = (uintmax_t)1024 * 1024; - units = strdup ("MB"); - } else if (! strcmp (optarg, "GB")) { + units = strdup ("MiB"); + } else if ( (! strcmp (optarg, "GB")) || (!strcmp(optarg, "GiB")) ) { mult = (uintmax_t)1024 * 1024 * 1024; - units = strdup ("GB"); - } else if (! strcmp (optarg, "TB")) { + units = strdup ("GiB"); + } else if ( (! strcmp (optarg, "TB")) || (!strcmp(optarg, "TiB")) ) { mult = (uintmax_t)1024 * 1024 * 1024 * 1024; - units = strdup ("TB"); + units = strdup ("TiB"); + } else if ( (! strcmp (optarg, "PB")) || (!strcmp(optarg, "PiB")) ) { + mult = (uintmax_t)1024 * 1024 * 1024 * 1024 * 1024; + units = strdup ("PiB"); } else { die (STATE_UNKNOWN, _("unit type %s not known\n"), optarg); } @@ -577,19 +611,23 @@ process_arguments (int argc, char **argv) mult = 1024; if (units) free(units); - units = strdup ("kB"); + units = strdup ("kiB"); break; case 'm': /* display mountpoint */ mult = 1024 * 1024; if (units) free(units); - units = strdup ("MB"); + units = strdup ("MiB"); break; case 'L': stat_remote_fs = 1; + /* fallthrough */ case 'l': show_local_fs = 1; break; + case 'P': + display_inodes_perfdata = 1; + break; case 'p': /* select path */ if (! (warn_freespace_units || crit_freespace_units || warn_freespace_percent || crit_freespace_percent || warn_usedspace_units || crit_usedspace_units || @@ -762,10 +800,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case '?': /* help */ usage (_("Unknown argument")); } @@ -786,7 +824,7 @@ process_arguments (int argc, char **argv) } if (units == NULL) { - units = strdup ("MB"); + units = strdup ("MiB"); mult = (uintmax_t)1024 * 1024; } @@ -909,6 +947,8 @@ print_help (void) printf (" %s\n", _("Display only devices/mountpoints with errors")); printf (" %s\n", "-f, --freespace-ignore-reserved"); printf (" %s\n", _("Don't account root-reserved blocks into freespace in perfdata")); + printf (" %s\n", "-P, --iperfdata"); + printf (" %s\n", _("Display inode usage in perfdata")); printf (" %s\n", "-g, --group=NAME"); printf (" %s\n", _("Group paths. Thresholds apply to (free-)space of all partitions together")); printf (" %s\n", "-k, --kilobytes"); @@ -998,50 +1038,59 @@ get_stats (struct parameter_list *p, struct fs_usage *fsp) { if (p_list->group && ! (strcmp(p_list->group, p->group))) { stat_path(p_list); get_fs_usage (p_list->best_match->me_mountdir, p_list->best_match->me_devname, &tmpfsp); - get_path_stats(p_list, &tmpfsp); + get_path_stats(p_list, &tmpfsp); if (verbose >= 3) - printf("Group %s: adding %llu blocks sized %llu, (%s) used_units=%g free_units=%g total_units=%g fsu_blocksize=%llu mult=%llu\n", - p_list->group, tmpfsp.fsu_bavail, tmpfsp.fsu_blocksize, p_list->best_match->me_mountdir, p_list->dused_units, p_list->dfree_units, - p_list->dtotal_units, mult); - - /* prevent counting the first FS of a group twice since its parameter_list entry + printf("Group %s: adding %llu blocks sized %llu, (%s) used_units=%lu free_units=%llu total_units=%llu mult=%llu\n", + p_list->group, + tmpfsp.fsu_blocks, + tmpfsp.fsu_blocksize, + p_list->best_match->me_mountdir, + p_list->dused_units, + p_list->dfree_units, + p_list->dtotal_units, + mult); + + /* prevent counting the first FS of a group twice since its parameter_list entry * is used to carry the information of all file systems of the entire group */ if (! first) { p->total += p_list->total; p->available += p_list->available; p->available_to_root += p_list->available_to_root; p->used += p_list->used; - + p->dused_units += p_list->dused_units; p->dfree_units += p_list->dfree_units; p->dtotal_units += p_list->dtotal_units; p->inodes_total += p_list->inodes_total; p->inodes_free += p_list->inodes_free; + p->inodes_free_to_root += p_list->inodes_free_to_root; + p->inodes_used += p_list->inodes_used; } first = 0; } - if (verbose >= 3) - printf("Group %s now has: used_units=%g free_units=%g total_units=%g fsu_blocksize=%llu mult=%llu\n", - p->group, tmpfsp.fsu_bavail, tmpfsp.fsu_blocksize, p->best_match->me_mountdir, p->dused_units, - p->dfree_units, p->dtotal_units, mult); + if (verbose >= 3) + printf("Group %s now has: used_units=%llu free_units=%llu total_units=%llu fsu_blocksize=%llu mult=%llu\n", + p->group, + p->dused_units, + p->dfree_units, + p->dtotal_units, + tmpfsp.fsu_blocksize, + mult); } /* modify devname and mountdir for output */ p->best_match->me_mountdir = p->best_match->me_devname = p->group; } /* finally calculate percentages for either plain FS or summed up group */ - p->dused_pct = calculate_percent( p->used, p->used + p->available ); /* used + available can never be > uintmax */ + p->dused_pct = calculate_percent( p->used, p->used + p->available ); /* used + available can never be > uintmax */ p->dfree_pct = 100 - p->dused_pct; p->dused_inodes_percent = calculate_percent(p->inodes_total - p->inodes_free, p->inodes_total); p->dfree_inodes_percent = 100 - p->dused_inodes_percent; - + } void get_path_stats (struct parameter_list *p, struct fs_usage *fsp) { - /* 2007-12-08 - Workaround for Gnulib reporting insanely high available - * space on BSD (the actual value should be negative but fsp->fsu_bavail - * is unsigned) */ - p->available = fsp->fsu_bavail > fsp->fsu_bfree ? 0 : fsp->fsu_bavail; + p->available = fsp->fsu_bavail; p->available_to_root = fsp->fsu_bfree; p->used = fsp->fsu_blocks - fsp->fsu_bfree; if (freespace_ignore_reserved) { @@ -1051,11 +1100,22 @@ get_path_stats (struct parameter_list *p, struct fs_usage *fsp) { /* default behaviour : take all the blocks into account */ p->total = fsp->fsu_blocks; } - + p->dused_units = p->used*fsp->fsu_blocksize/mult; p->dfree_units = p->available*fsp->fsu_blocksize/mult; p->dtotal_units = p->total*fsp->fsu_blocksize/mult; - p->inodes_total = fsp->fsu_files; /* Total file nodes. */ - p->inodes_free = fsp->fsu_ffree; /* Free file nodes. */ + /* Free file nodes. Not sure the workaround is required, but in case...*/ + p->inodes_free = fsp->fsu_favail > fsp->fsu_ffree ? 0 : fsp->fsu_favail; + p->inodes_free_to_root = fsp->fsu_ffree; /* Free file nodes for root. */ + p->inodes_used = fsp->fsu_files - fsp->fsu_ffree; + if (freespace_ignore_reserved) { + /* option activated : we substract the root-reserved inodes from the total */ + /* not all OS report fsp->fsu_favail, only the ones with statvfs syscall */ + /* for others, fsp->fsu_ffree == fsp->fsu_favail */ + p->inodes_total = fsp->fsu_files - p->inodes_free_to_root + p->inodes_free; + } else { + /* default behaviour : take all the inodes into account */ + p->inodes_total = fsp->fsu_files; + } np_add_name(&seen, p->best_match->me_mountdir); } diff --git a/plugins/check_dns.c b/plugins/check_dns.c index 22121226..9de6caf5 100644 --- a/plugins/check_dns.c +++ b/plugins/check_dns.c @@ -41,7 +41,9 @@ const char *email = "devel@monitoring-plugins.org"; int process_arguments (int, char **); int validate_arguments (void); -int error_scan (char *); +int error_scan (char *, int *); +int ip_match_cidr(const char *, const char *); +unsigned long ip2long(const char *); void print_help (void); void print_usage (void); @@ -52,8 +54,10 @@ char ptr_server[ADDRESS_LENGTH] = ""; int verbose = FALSE; char **expected_address = NULL; int expected_address_cnt = 0; +int expect_nxdomain = FALSE; int expect_authority = FALSE; +int all_match = FALSE; thresholds *time_thresholds = NULL; static int @@ -81,10 +85,10 @@ main (int argc, char **argv) double elapsed_time; long microsec; struct timeval tv; - int multi_address; int parse_address = FALSE; /* This flag scans for Address: but only after Name: */ output chld_out, chld_err; size_t i; + int is_nxdomain = FALSE; setlocale (LC_ALL, ""); bindtextdomain (PACKAGE, LOCALEDIR); @@ -127,7 +131,7 @@ main (int argc, char **argv) if (verbose) puts(chld_out.line[i]); - if (strstr (chld_out.line[i], ".in-addr.arpa")) { + if (strcasestr (chld_out.line[i], ".in-addr.arpa") || strcasestr (chld_out.line[i], ".ip6.arpa")) { if ((temp_buffer = strstr (chld_out.line[i], "name = "))) addresses[n_addresses++] = strdup (temp_buffer + 7); else { @@ -167,8 +171,8 @@ main (int argc, char **argv) temp_buffer++; /* Strip leading spaces */ - for (; *temp_buffer != '\0' && *temp_buffer == ' '; temp_buffer++) - /* NOOP */; + while (*temp_buffer == ' ') + temp_buffer++; strip(temp_buffer); if (temp_buffer==NULL || strlen(temp_buffer)==0) { @@ -184,7 +188,7 @@ main (int argc, char **argv) } - result = error_scan (chld_out.line[i]); + result = error_scan (chld_out.line[i], &is_nxdomain); if (result != STATE_OK) { msg = strchr (chld_out.line[i], ':'); if(msg) msg++; @@ -197,13 +201,20 @@ main (int argc, char **argv) if (verbose) puts(chld_err.line[i]); - if (error_scan (chld_err.line[i]) != STATE_OK) { - result = max_state (result, error_scan (chld_err.line[i])); + if (error_scan (chld_err.line[i], &is_nxdomain) != STATE_OK) { + result = max_state (result, error_scan (chld_err.line[i], &is_nxdomain)); msg = strchr(input_buffer, ':'); - if(msg) msg++; + if(msg) + msg++; + else + msg = input_buffer; } } + if (is_nxdomain && !expect_nxdomain) { + die (STATE_CRITICAL, _("Domain '%s' was not found by the server\n"), query_address); + } + if (addresses) { int i,slen; char *adrp; @@ -227,11 +238,27 @@ main (int argc, char **argv) if (result == STATE_OK && expected_address_cnt > 0) { result = STATE_CRITICAL; temp_buffer = ""; + unsigned long expect_match = (1 << expected_address_cnt) - 1; + unsigned long addr_match = (1 << n_addresses) - 1; + for (i=0; i<expected_address_cnt; i++) { - /* check if we get a match and prepare an error string */ - if (strcmp(address, expected_address[i]) == 0) result = STATE_OK; + int j; + /* check if we get a match on 'raw' ip or cidr */ + for (j=0; j<n_addresses; j++) { + if ( strcmp(addresses[j], expected_address[i]) == 0 + || ip_match_cidr(addresses[j], expected_address[i]) ) { + result = STATE_OK; + addr_match &= ~(1 << j); + expect_match &= ~(1 << i); + } + } + + /* prepare an error string */ xasprintf(&temp_buffer, "%s%s; ", temp_buffer, expected_address[i]); } + /* check if expected_address must cover all in addresses and none may be missing */ + if (all_match && (expect_match != 0 || addr_match != 0)) + result = STATE_CRITICAL; if (result == STATE_CRITICAL) { /* Strip off last semicolon... */ temp_buffer[strlen(temp_buffer)-2] = '\0'; @@ -239,6 +266,16 @@ main (int argc, char **argv) } } + if (expect_nxdomain) { + if (!is_nxdomain) { + result = STATE_CRITICAL; + xasprintf(&msg, _("Domain '%s' was found by the server: '%s'\n"), query_address, address); + } else { + if (address != NULL) free(address); + address = "NXDOMAIN"; + } + } + /* check if authoritative */ if (result == STATE_OK && expect_authority && non_authoritative) { result = STATE_CRITICAL; @@ -249,11 +286,6 @@ main (int argc, char **argv) elapsed_time = (double)microsec / 1.0e6; if (result == STATE_OK) { - if (strchr (address, ',') == NULL) - multi_address = FALSE; - else - multi_address = TRUE; - result = get_status(elapsed_time, time_thresholds); if (result == STATE_OK) { printf ("DNS %s: ", _("OK")); @@ -295,12 +327,43 @@ main (int argc, char **argv) return result; } +int +ip_match_cidr(const char *addr, const char *cidr_ro) +{ + char *subnet, *mask_c, *cidr = strdup(cidr_ro); + int mask; + subnet = strtok(cidr, "/"); + mask_c = strtok(NULL, "\0"); + if (!subnet || !mask_c) + return FALSE; + mask = atoi(mask_c); + + /* https://www.cryptobells.com/verifying-ips-in-a-subnet-in-php/ */ + return (ip2long(addr) & ~((1 << (32 - mask)) - 1)) == (ip2long(subnet) >> (32 - mask)) << (32 - mask); +} +unsigned long +ip2long(const char* src) { + unsigned long ip[4]; + /* http://computer-programming-forum.com/47-c-language/1376ffb92a12c471.htm */ + return (sscanf(src, "%3lu.%3lu.%3lu.%3lu", + &ip[0], &ip[1], &ip[2], &ip[3]) == 4 && + ip[0] < 256 && ip[1] < 256 && + ip[2] < 256 && ip[3] < 256) + ? ip[0] << 24 | ip[1] << 16 | ip[2] << 8 | ip[3] + : 0; +} int -error_scan (char *input_buffer) +error_scan (char *input_buffer, int *is_nxdomain) { + const int nxdomain = strstr (input_buffer, "Non-existent") || + strstr (input_buffer, "** server can't find") || + strstr (input_buffer, "** Can't find") || + strstr (input_buffer, "NXDOMAIN"); + if (nxdomain) *is_nxdomain = TRUE; + /* the DNS lookup timed out */ if (strstr (input_buffer, _("Note: nslookup is deprecated and may be removed from future releases.")) || strstr (input_buffer, _("Consider using the `dig' or `host' programs instead. Run nslookup with")) || @@ -310,6 +373,8 @@ error_scan (char *input_buffer) /* DNS server is not running... */ else if (strstr (input_buffer, "No response from server")) die (STATE_CRITICAL, _("No response from DNS %s\n"), dns_server); + else if (strstr (input_buffer, "no servers could be reached")) + die (STATE_CRITICAL, _("No response from DNS %s\n"), dns_server); /* Host name is valid, but server doesn't have records... */ else if (strstr (input_buffer, "No records")) @@ -317,7 +382,7 @@ error_scan (char *input_buffer) /* Connection was refused */ else if (strstr (input_buffer, "Connection refused") || - strstr (input_buffer, "Couldn't find server") || + strstr (input_buffer, "Couldn't find server") || strstr (input_buffer, "Refused") || (strstr (input_buffer, "** server can't find") && strstr (input_buffer, ": REFUSED"))) @@ -331,12 +396,6 @@ error_scan (char *input_buffer) else if (strstr (input_buffer, "No information")) die (STATE_CRITICAL, _("No information returned by DNS server at %s\n"), dns_server); - /* Host or domain name does not exist */ - else if (strstr (input_buffer, "Non-existent") || - strstr (input_buffer, "** server can't find") || - strstr (input_buffer,"NXDOMAIN")) - die (STATE_CRITICAL, _("Domain %s was not found by the server\n"), query_address); - /* Network is unreachable */ else if (strstr (input_buffer, "Network is unreachable")) die (STATE_CRITICAL, _("Network is unreachable\n")); @@ -373,7 +432,9 @@ process_arguments (int argc, char **argv) {"server", required_argument, 0, 's'}, {"reverse-server", required_argument, 0, 'r'}, {"expected-address", required_argument, 0, 'a'}, + {"expect-nxdomain", no_argument, 0, 'n'}, {"expect-authority", no_argument, 0, 'A'}, + {"all", no_argument, 0, 'L'}, {"warning", required_argument, 0, 'w'}, {"critical", required_argument, 0, 'c'}, {0, 0, 0, 0} @@ -387,7 +448,7 @@ process_arguments (int argc, char **argv) strcpy (argv[c], "-t"); while (1) { - c = getopt_long (argc, argv, "hVvAt:H:s:r:a:w:c:", long_opts, &opt_index); + c = getopt_long (argc, argv, "hVvALnt:H:s:r:a:w:c:", long_opts, &opt_index); if (c == -1 || c == EOF) break; @@ -395,10 +456,10 @@ process_arguments (int argc, char **argv) switch (c) { case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'v': /* version */ verbose = TRUE; break; @@ -428,13 +489,33 @@ process_arguments (int argc, char **argv) case 'a': /* expected address */ if (strlen (optarg) >= ADDRESS_LENGTH) die (STATE_UNKNOWN, _("Input buffer overflow\n")); - expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**)); - expected_address[expected_address_cnt] = strdup(optarg); - expected_address_cnt++; + if (strchr(optarg, ',') != NULL) { + char *comma = strchr(optarg, ','); + while (comma != NULL) { + expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**)); + expected_address[expected_address_cnt] = strndup(optarg, comma - optarg); + expected_address_cnt++; + optarg = comma + 1; + comma = strchr(optarg, ','); + } + expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**)); + expected_address[expected_address_cnt] = strdup(optarg); + expected_address_cnt++; + } else { + expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**)); + expected_address[expected_address_cnt] = strdup(optarg); + expected_address_cnt++; + } + break; + case 'n': /* expect NXDOMAIN */ + expect_nxdomain = TRUE; break; case 'A': /* expect authority */ expect_authority = TRUE; break; + case 'L': /* all must match */ + all_match = TRUE; + break; case 'w': warning = optarg; break; @@ -470,8 +551,15 @@ process_arguments (int argc, char **argv) int validate_arguments () { - if (query_address[0] == 0) + if (query_address[0] == 0) { + printf ("missing --host argument\n"); + return ERROR; + } + + if (expected_address_cnt > 0 && expect_nxdomain) { + printf ("--expected-address and --expect-nxdomain cannot be combined\n"); return ERROR; + } return OK; } @@ -500,17 +588,22 @@ print_help (void) printf (" %s\n", _("The name or address you want to query")); printf (" -s, --server=HOST\n"); printf (" %s\n", _("Optional DNS server you want to use for the lookup")); - printf (" -a, --expected-address=IP-ADDRESS|HOST\n"); - printf (" %s\n", _("Optional IP-ADDRESS you expect the DNS server to return. HOST must end with")); - printf (" %s\n", _("a dot (.). This option can be repeated multiple times (Returns OK if any")); - printf (" %s\n", _("value match). If multiple addresses are returned at once, you have to match")); - printf (" %s\n", _("the whole string of addresses separated with commas (sorted alphabetically).")); + printf (" -a, --expected-address=IP-ADDRESS|CIDR|HOST\n"); + printf (" %s\n", _("Optional IP-ADDRESS/CIDR you expect the DNS server to return. HOST must end")); + printf (" %s\n", _("with a dot (.). This option can be repeated multiple times (Returns OK if any")); + printf (" %s\n", _("value matches).")); + printf (" -n, --expect-nxdomain\n"); + printf (" %s\n", _("Expect the DNS server to return NXDOMAIN (i.e. the domain was not found)")); + printf (" %s\n", _("Cannot be used together with -a")); printf (" -A, --expect-authority\n"); printf (" %s\n", _("Optionally expect the DNS server to be authoritative for the lookup")); printf (" -w, --warning=seconds\n"); printf (" %s\n", _("Return warning if elapsed time exceeds value. Default off")); printf (" -c, --critical=seconds\n"); printf (" %s\n", _("Return critical if elapsed time exceeds value. Default off")); + printf (" -L, --all\n"); + printf (" %s\n", _("Return critical if the list of expected addresses does not match all addresses")); + printf (" %s\n", _("returned. Default off")); printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); @@ -522,5 +615,5 @@ void print_usage (void) { printf ("%s\n", _("Usage:")); - printf ("%s -H host [-s server] [-a expected-address] [-A] [-t timeout] [-w warn] [-c crit]\n", progname); + printf ("%s -H host [-s server] [-a expected-address] [-n] [-A] [-t timeout] [-w warn] [-c crit] [-L]\n", progname); } diff --git a/plugins/check_dummy.c b/plugins/check_dummy.c index 3ed68717..212a1344 100644 --- a/plugins/check_dummy.c +++ b/plugins/check_dummy.c @@ -52,11 +52,11 @@ main (int argc, char **argv) usage4 (_("Could not parse arguments")); else if (strcmp (argv[1], "-V") == 0 || strcmp (argv[1], "--version") == 0) { print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); } else if (strcmp (argv[1], "-h") == 0 || strcmp (argv[1], "--help") == 0) { print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); } else if (!is_integer (argv[1])) usage4 (_("Arguments to check_dummy must be an integer")); diff --git a/plugins/check_fping.c b/plugins/check_fping.c index 46046b4f..521d0fef 100644 --- a/plugins/check_fping.c +++ b/plugins/check_fping.c @@ -105,7 +105,7 @@ main (int argc, char **argv) xasprintf(&option_string, "%s-I %s ", option_string, sourceif); #ifdef PATH_TO_FPING6 - if (address_family == AF_INET6) + if (address_family != AF_INET && is_inet6_addr(server)) fping_prog = strdup(PATH_TO_FPING6); else fping_prog = strdup(PATH_TO_FPING); @@ -184,7 +184,7 @@ textscan (char *buf) int status = STATE_UNKNOWN; if (strstr (buf, "not found")) { - die (STATE_CRITICAL, _("FPING UNKNOW - %s not found\n"), server_name); + die (STATE_CRITICAL, _("FPING UNKNOWN - %s not found\n"), server_name); } else if (strstr (buf, "is unreachable") || strstr (buf, "Unreachable")) { @@ -314,10 +314,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'v': /* verbose mode */ verbose = TRUE; break; diff --git a/plugins/check_game.c b/plugins/check_game.c index 29e59e2f..a534b69b 100644 --- a/plugins/check_game.c +++ b/plugins/check_game.c @@ -196,10 +196,10 @@ process_arguments (int argc, char **argv) switch (c) { case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'v': /* version */ verbose = TRUE; break; @@ -318,7 +318,7 @@ print_help (void) printf ("%s\n", _("Notes:")); printf (" %s\n", _("This plugin uses the 'qstat' command, the popular game server status query tool.")); printf (" %s\n", _("If you don't have the package installed, you will need to download it from")); - printf (" %s\n", _("http://www.activesw.com/people/steve/qstat.html before you can use this plugin.")); + printf (" %s\n", _("https://github.com/multiplay/qstat before you can use this plugin.")); printf (UT_SUPPORT); } diff --git a/plugins/check_hpjd.c b/plugins/check_hpjd.c index 5fe06984..c4b44178 100644 --- a/plugins/check_hpjd.c +++ b/plugins/check_hpjd.c @@ -66,7 +66,8 @@ void print_usage (void); char *community = NULL; char *address = NULL; -char *port = NULL; +unsigned int port = 0; +int check_paper_out = 1; int main (int argc, char **argv) @@ -120,8 +121,12 @@ main (int argc, char **argv) HPJD_GD_DOOR_OPEN, HPJD_GD_PAPER_OUTPUT, HPJD_GD_STATUS_DISPLAY); /* get the command to run */ - sprintf (command_line, "%s -OQa -m : -v 1 -c %s %s:%hd %s", PATH_TO_SNMPGET, community, - address, port, query_string); + sprintf (command_line, "%s -OQa -m : -v 1 -c %s %s:%u %s", + PATH_TO_SNMPGET, + community, + address, + port, + query_string); /* run the command */ child_process = spopen (command_line); @@ -240,7 +245,8 @@ main (int argc, char **argv) strcpy (errmsg, _("Paper Jam")); } else if (paper_out) { - result = STATE_WARNING; + if (check_paper_out) + result = STATE_WARNING; strcpy (errmsg, _("Out of Paper")); } else if (line_status == OFFLINE) { @@ -325,7 +331,7 @@ process_arguments (int argc, char **argv) while (1) { - c = getopt_long (argc, argv, "+hVH:C:p:", longopts, &option); + c = getopt_long (argc, argv, "+hVH:C:p:D", longopts, &option); if (c == -1 || c == EOF || c == 1) break; @@ -347,13 +353,15 @@ process_arguments (int argc, char **argv) usage2 (_("Port must be a positive short integer"), optarg); else port = atoi(optarg); + case 'D': /* disable paper out check*/ + check_paper_out = 0; break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case '?': /* help */ usage5 (); } @@ -376,11 +384,8 @@ process_arguments (int argc, char **argv) community = strdup (DEFAULT_COMMUNITY); } - if (port == NULL) { - if (argv[c] != NULL ) - port = argv[c]; - else - port = atoi (DEFAULT_PORT); + if (port == 0) { + port = atoi(DEFAULT_PORT); } return validate_arguments (); @@ -420,6 +425,8 @@ print_help (void) printf (" %s", _("Specify the port to check ")); printf (_("(default=%s)"), DEFAULT_PORT); printf ("\n"); + printf (" %s\n", "-D"); + printf (" %s", _("Disable paper check ")); printf (UT_SUPPORT); } @@ -430,5 +437,5 @@ void print_usage (void) { printf ("%s\n", _("Usage:")); - printf ("%s -H host [-C community] [-p port]\n", progname); + printf ("%s -H host [-C community] [-p port] [-D]\n", progname); } diff --git a/plugins/check_http.c b/plugins/check_http.c index 51679975..34fb4f01 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c @@ -72,7 +72,7 @@ int maximum_age = -1; enum { REGS = 2, - MAX_RE_SIZE = 256 + MAX_RE_SIZE = 1024 }; #include "regex.h" regex_t preg; @@ -91,10 +91,12 @@ struct timeval tv_temp; int specify_port = FALSE; int server_port = HTTP_PORT; +int virtual_port = 0; char server_port_text[6] = ""; char server_type[6] = "http"; char *server_address; char *host_name; +int host_name_length; char *server_url; char *user_agent; int server_url_length; @@ -118,12 +120,14 @@ int use_ssl = FALSE; int use_sni = FALSE; int verbose = FALSE; int show_extended_perfdata = FALSE; +int show_body = FALSE; int sd; int min_page_len = 0; int max_page_len = 0; int redir_depth = 0; int max_depth = 15; char *http_method; +char *http_method_proxy; char *http_post_data; char *http_content_type; char buffer[MAX_INPUT_BUFFER]; @@ -237,6 +241,7 @@ process_arguments (int argc, char **argv) {"use-ipv4", no_argument, 0, '4'}, {"use-ipv6", no_argument, 0, '6'}, {"extended-perfdata", no_argument, 0, 'E'}, + {"show-body", no_argument, 0, 'B'}, {0, 0, 0, 0} }; @@ -257,7 +262,7 @@ process_arguments (int argc, char **argv) } while (1) { - c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:nlLS::m:M:NE", longopts, &option); + c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:nlLS::m:M:NEB", longopts, &option); if (c == -1 || c == EOF) break; @@ -267,11 +272,11 @@ process_arguments (int argc, char **argv) break; case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); break; case 't': /* timeout period */ if (!is_intnonneg (optarg)) @@ -343,9 +348,20 @@ process_arguments (int argc, char **argv) parameters, like -S and -C combinations */ use_ssl = TRUE; if (c=='S' && optarg != NULL) { - ssl_version = atoi(optarg); - if (ssl_version < 1 || ssl_version > 3) - usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2) or 3 (SSLv3)")); + int got_plus = strchr(optarg, '+') != NULL; + + if (!strncmp (optarg, "1.2", 3)) + ssl_version = got_plus ? MP_TLSv1_2_OR_NEWER : MP_TLSv1_2; + else if (!strncmp (optarg, "1.1", 3)) + ssl_version = got_plus ? MP_TLSv1_1_OR_NEWER : MP_TLSv1_1; + else if (optarg[0] == '1') + ssl_version = got_plus ? MP_TLSv1_OR_NEWER : MP_TLSv1; + else if (optarg[0] == '3') + ssl_version = got_plus ? MP_SSLv3_OR_NEWER : MP_SSLv3; + else if (optarg[0] == '2') + ssl_version = got_plus ? MP_SSLv2_OR_NEWER : MP_SSLv2; + else + usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)")); } if (specify_port == FALSE) server_port = HTTPS_PORT; @@ -380,11 +396,25 @@ process_arguments (int argc, char **argv) case 'H': /* Host Name (virtual host) */ host_name = strdup (optarg); if (host_name[0] == '[') { - if ((p = strstr (host_name, "]:")) != NULL) /* [IPv6]:port */ - server_port = atoi (p + 2); + if ((p = strstr (host_name, "]:")) != NULL) { /* [IPv6]:port */ + virtual_port = atoi (p + 2); + /* cut off the port */ + host_name_length = strlen (host_name) - strlen (p) - 1; + free (host_name); + host_name = strndup (optarg, host_name_length); + if (specify_port == FALSE) + server_port = virtual_port; + } } else if ((p = strchr (host_name, ':')) != NULL - && strchr (++p, ':') == NULL) /* IPv4:port or host:port */ - server_port = atoi (p); + && strchr (++p, ':') == NULL) { /* IPv4:port or host:port */ + virtual_port = atoi (p); + /* cut off the port */ + host_name_length = strlen (host_name) - strlen (p) - 1; + free (host_name); + host_name = strndup (optarg, host_name_length); + if (specify_port == FALSE) + server_port = virtual_port; + } break; case 'I': /* Server IP-address */ server_address = strdup (optarg); @@ -419,6 +449,12 @@ process_arguments (int argc, char **argv) if (http_method) free(http_method); http_method = strdup (optarg); + char *tmp; + if ((tmp = strstr(http_method, ":")) > 0) { + tmp[0] = '\0'; + http_method = http_method; + http_method_proxy = ++tmp; + } break; case 'd': /* string or substring */ strncpy (header_expect, optarg, MAX_INPUT_BUFFER - 1); @@ -513,6 +549,9 @@ process_arguments (int argc, char **argv) case 'E': /* show extended perfdata */ show_extended_perfdata = TRUE; break; + case 'B': /* print body content after status line */ + show_body = TRUE; + break; } } @@ -539,9 +578,15 @@ process_arguments (int argc, char **argv) if (http_method == NULL) http_method = strdup ("GET"); - if (client_cert && !client_privkey) + if (http_method_proxy == NULL) + http_method_proxy = strdup ("GET"); + + if (client_cert && !client_privkey) usage4 (_("If you use a client certificate you must also specify a private key file")); + if (virtual_port == 0) + virtual_port = server_port; + return TRUE; } @@ -869,53 +914,115 @@ check_http (void) double elapsed_time_transfer = 0.0; int page_len = 0; int result = STATE_OK; + char *force_host_header = NULL; /* try to connect to the host at the given port number */ gettimeofday (&tv_temp, NULL); if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK) die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); microsec_connect = deltime (tv_temp); + + /* if we are called with the -I option, the -j method is CONNECT and */ + /* we received -S for SSL, then we tunnel the request through a proxy*/ + /* @20100414, public[at]frank4dd.com, http://www.frank4dd.com/howto */ + + if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0 + && host_name != NULL && use_ssl == TRUE) { + + if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT); + asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent); + if (strlen(proxy_auth)) { + base64_encode_alloc (proxy_auth, strlen (proxy_auth), &auth); + xasprintf (&buf, "%sProxy-Authorization: Basic %s\r\n", buf, auth); + } + /* optionally send any other header tag */ + if (http_opt_headers_count) { + for (i = 0; i < http_opt_headers_count ; i++) { + if (force_host_header != http_opt_headers[i]) { + xasprintf (&buf, "%s%s\r\n", buf, http_opt_headers[i]); + } + } + /* This cannot be free'd here because a redirection will then try to access this and segfault */ + /* Covered in a testcase in tests/check_http.t */ + /* free(http_opt_headers); */ + } + asprintf (&buf, "%sProxy-Connection: keep-alive\r\n", buf); + asprintf (&buf, "%sHost: %s\r\n", buf, host_name); + /* we finished our request, send empty line with CRLF */ + asprintf (&buf, "%s%s", buf, CRLF); + if (verbose) printf ("%s\n", buf); + send(sd, buf, strlen (buf), 0); + buf[0]='\0'; + + if (verbose) printf ("Receive response from proxy\n"); + read (sd, buffer, MAX_INPUT_BUFFER-1); + if (verbose) printf ("%s", buffer); + /* Here we should check if we got HTTP/1.1 200 Connection established */ + } #ifdef HAVE_SSL elapsed_time_connect = (double)microsec_connect / 1.0e6; if (use_ssl == TRUE) { gettimeofday (&tv_temp, NULL); result = np_net_ssl_init_with_hostname_version_and_cert(sd, (use_sni ? host_name : NULL), ssl_version, client_cert, client_privkey); + if (verbose) printf ("SSL initialized\n"); if (result != STATE_OK) die (STATE_CRITICAL, NULL); microsec_ssl = deltime (tv_temp); elapsed_time_ssl = (double)microsec_ssl / 1.0e6; if (check_cert == TRUE) { result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); - np_net_ssl_cleanup(); if (sd) close(sd); + np_net_ssl_cleanup(); return result; } } #endif /* HAVE_SSL */ - xasprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent); + if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0 + && host_name != NULL && use_ssl == TRUE) + asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method_proxy, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent); + else + asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent); /* tell HTTP/1.1 servers not to keep the connection alive */ xasprintf (&buf, "%sConnection: close\r\n", buf); + /* check if Host header is explicitly set in options */ + if (http_opt_headers_count) { + for (i = 0; i < http_opt_headers_count ; i++) { + if (strncmp(http_opt_headers[i], "Host:", 5) == 0) { + force_host_header = http_opt_headers[i]; + } + } + } + /* optionally send the host header info */ if (host_name) { - /* - * Specify the port only if we're using a non-default port (see RFC 2616, - * 14.23). Some server applications/configurations cause trouble if the - * (default) port is explicitly specified in the "Host:" header line. - */ - if ((use_ssl == FALSE && server_port == HTTP_PORT) || - (use_ssl == TRUE && server_port == HTTPS_PORT)) - xasprintf (&buf, "%sHost: %s\r\n", buf, host_name); - else - xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, server_port); + if (force_host_header) { + xasprintf (&buf, "%s%s\r\n", buf, force_host_header); + } + else { + /* + * Specify the port only if we're using a non-default port (see RFC 2616, + * 14.23). Some server applications/configurations cause trouble if the + * (default) port is explicitly specified in the "Host:" header line. + */ + if ((use_ssl == FALSE && virtual_port == HTTP_PORT) || + (use_ssl == TRUE && virtual_port == HTTPS_PORT) || + (server_address != NULL && strcmp(http_method, "CONNECT") == 0 + && host_name != NULL && use_ssl == TRUE)) + xasprintf (&buf, "%sHost: %s\r\n", buf, host_name); + else + xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, virtual_port); + } } /* optionally send any other header tag */ if (http_opt_headers_count) { for (i = 0; i < http_opt_headers_count ; i++) { - xasprintf (&buf, "%s%s\r\n", buf, http_opt_headers[i]); + if (force_host_header != http_opt_headers[i]) { + xasprintf (&buf, "%s%s\r\n", buf, http_opt_headers[i]); + } } /* This cannot be free'd here because a redirection will then try to access this and segfault */ /* Covered in a testcase in tests/check_http.t */ @@ -964,6 +1071,10 @@ check_http (void) microsec_firstbyte = deltime (tv_temp); elapsed_time_firstbyte = (double)microsec_firstbyte / 1.0e6; } + while (pos = memchr(buffer, '\0', i)) { + /* replace nul character with a blank */ + *pos = ' '; + } buffer[i] = '\0'; xasprintf (&full_page_new, "%s%s", full_page, buffer); free (full_page); @@ -1005,10 +1116,10 @@ check_http (void) die (STATE_CRITICAL, _("HTTP CRITICAL - No data received from host\n")); /* close the connection */ + if (sd) close(sd); #ifdef HAVE_SSL np_net_ssl_cleanup(); #endif - if (sd) close(sd); /* Save check time */ microsec = deltime (tv); @@ -1059,6 +1170,8 @@ check_http (void) xasprintf (&msg, _("Invalid HTTP response received from host on port %d: %s\n"), server_port, status_line); + if (show_body) + xasprintf (&msg, _("%s\n%s"), msg, page); die (STATE_CRITICAL, "HTTP CRITICAL - %s", msg); } @@ -1209,6 +1322,9 @@ check_http (void) perfd_time (elapsed_time), perfd_size (page_len)); + if (show_body) + xasprintf (&msg, _("%s\n%s"), msg, page); + result = max_state_alt(get_status(elapsed_time, thlds), result); die (result, "HTTP %s: %s\n", state_text(result), msg); @@ -1337,8 +1453,8 @@ redir (char *pos, char *status_line) !strncmp(server_address, addr, MAX_IPV4_HOSTLENGTH) && (host_name && !strncmp(host_name, addr, MAX_IPV4_HOSTLENGTH)) && !strcmp(server_url, url)) - die (STATE_WARNING, - _("HTTP WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"), + die (STATE_CRITICAL, + _("HTTP CRITICAL - redirection creates an infinite loop - %s://%s:%d%s%s\n"), type, addr, i, url, (display_html ? "</A>" : "")); strcpy (server_type, type); @@ -1363,6 +1479,9 @@ redir (char *pos, char *status_line) MAX_PORT, server_type, server_address, server_port, server_url, display_html ? "</A>" : ""); + /* reset virtual port */ + virtual_port = server_port; + if (verbose) printf (_("Redirection to %s://%s:%d%s\n"), server_type, host_name ? host_name : server_address, server_port, server_url); @@ -1395,32 +1514,32 @@ char *perfd_time (double elapsed_time) return fperfdata ("time", elapsed_time, "s", thlds->warning?TRUE:FALSE, thlds->warning?thlds->warning->end:0, thlds->critical?TRUE:FALSE, thlds->critical?thlds->critical->end:0, - TRUE, 0, FALSE, 0); + TRUE, 0, TRUE, socket_timeout); } char *perfd_time_connect (double elapsed_time_connect) { - return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0); + return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout); } char *perfd_time_ssl (double elapsed_time_ssl) { - return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0); + return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout); } char *perfd_time_headers (double elapsed_time_headers) { - return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0); + return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout); } char *perfd_time_firstbyte (double elapsed_time_firstbyte) { - return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0); + return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout); } char *perfd_time_transfer (double elapsed_time_transfer) { - return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0); + return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout); } char *perfd_size (int page_len) @@ -1448,6 +1567,10 @@ print_help (void) print_usage (); +#ifdef HAVE_SSL + printf (_("In the first form, make an HTTP request.")); + printf (_("In the second form, connect to the server and check the TLS certificate.")); +#endif printf (_("NOTE: One or both of -H and -I must be specified")); printf ("\n"); @@ -1467,9 +1590,10 @@ print_help (void) printf (UT_IPv46); #ifdef HAVE_SSL - printf (" %s\n", "-S, --ssl=VERSION"); + printf (" %s\n", "-S, --ssl=VERSION[+]"); printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents")); - printf (" %s\n", _("auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3).")); + printf (" %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,")); + printf (" %s\n", _("1.2 = TLSv1.2). With a '+' suffix, newer versions are also accepted.")); printf (" %s\n", "--sni"); printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); @@ -1496,7 +1620,7 @@ print_help (void) printf (" %s\n", _("URL to GET or POST (default: /)")); printf (" %s\n", "-P, --post=STRING"); printf (" %s\n", _("URL encoded http POST data")); - printf (" %s\n", "-j, --method=STRING (for example: HEAD, OPTIONS, TRACE, PUT, DELETE)"); + printf (" %s\n", "-j, --method=STRING (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT, CONNECT:POST)"); printf (" %s\n", _("Set HTTP method.")); printf (" %s\n", "-N, --no-body"); printf (" %s\n", _("Don't wait for document body: stop reading after headers.")); @@ -1526,6 +1650,8 @@ print_help (void) printf (" %s\n", _("Any other tags to be sent in http header. Use multiple times for additional headers")); printf (" %s\n", "-E, --extended-perfdata"); printf (" %s\n", _("Print additional performance data")); + printf (" %s\n", "-B, --show-body"); + printf (" %s\n", _("Print body content below status line")); printf (" %s\n", "-L, --link"); printf (" %s\n", _("Wrap output in HTML link (obsoleted by urlize)")); printf (" %s\n", "-f, --onredirect=<ok|warning|critical|follow|sticky|stickyport>"); @@ -1544,7 +1670,7 @@ print_help (void) printf ("%s\n", _("Notes:")); printf (" %s\n", _("This plugin will attempt to open an HTTP connection with the host.")); printf (" %s\n", _("Successful connects return STATE_OK, refusals and timeouts return STATE_CRITICAL")); - printf (" %s\n", _("other errors return STATE_UNKNOWN. Successful connects, but incorrect reponse")); + printf (" %s\n", _("other errors return STATE_UNKNOWN. Successful connects, but incorrect response")); printf (" %s\n", _("messages from the host result in STATE_WARNING return values. If you are")); printf (" %s\n", _("checking a virtual server that uses 'host headers' you must supply the FQDN")); printf (" %s\n", _("(fully qualified domain name) as the [host_name] argument.")); @@ -1570,7 +1696,7 @@ print_help (void) printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 14 days,")); printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when")); - printf (" %s\n", _("the certificate is expired.")); + printf (" %s\n\n", _("the certificate is expired.")); printf ("\n"); printf (" %s\n\n", "CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14"); printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,")); @@ -1578,6 +1704,14 @@ print_help (void) printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned.")); printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days")); + printf (" %s\n\n", "CHECK SSL WEBSERVER CONTENT VIA PROXY USING HTTP 1.1 CONNECT: "); + printf (" %s\n", _("check_http -I 192.168.100.35 -p 80 -u https://www.verisign.com/ -S -j CONNECT -H www.verisign.com ")); + printf (" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>")); + printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds")); + printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,")); + printf (" %s\n", _("a STATE_CRITICAL will be returned. By adding a colon to the method you can set the method used")); + printf (" %s\n", _("inside the proxied connection: -j CONNECT:POST")); + #endif printf (UT_SUPPORT); @@ -1596,6 +1730,8 @@ print_usage (void) printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n"); printf (" [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n"); - printf (" [-A string] [-k string] [-S <version>] [--sni] [-C <warn_age>[,<crit_age>]]\n"); + printf (" [-A string] [-k string] [-S <version>] [--sni]\n"); printf (" [-T <content-type>] [-j method]\n"); + printf (" %s -H <vhost> | -I <IP-address> -C <warn_age>[,<crit_age>]\n",progname); + printf (" [-p <port>] [-t <timeout>] [-4|-6] [--sni]\n"); } diff --git a/plugins/check_ide_smart.c b/plugins/check_ide_smart.c index 47605e96..0160d98b 100644 --- a/plugins/check_ide_smart.c +++ b/plugins/check_ide_smart.c @@ -166,7 +166,6 @@ enum SmartCommand char *get_offline_text (int); int smart_read_values (int, values_t *); -int values_not_passed (values_t *, thresholds_t *); int nagios (values_t *, thresholds_t *); void print_value (value_t *, threshold_t *); void print_values (values_t *, thresholds_t *); @@ -234,10 +233,10 @@ main (int argc, char *argv[]) break; case 'h': print_help (); - return STATE_OK; + return STATE_UNKNOWN; case 'V': print_revision (progname, NP_VERSION); - return STATE_OK; + return STATE_UNKNOWN; default: usage5 (); } @@ -249,7 +248,7 @@ main (int argc, char *argv[]) if (!device) { print_help (); - return STATE_OK; + return STATE_UNKNOWN; } fd = open (device, OPEN_MODE); @@ -284,7 +283,7 @@ get_offline_text (int status) return offline_status_text[i].text; } } - return "UNKNOW"; + return "UNKNOWN"; } @@ -340,31 +339,6 @@ smart_read_values (int fd, values_t * values) int -values_not_passed (values_t * p, thresholds_t * t) -{ - value_t * value = p->values; - threshold_t * threshold = t->thresholds; - int failed = 0; - int passed = 0; - int i; - for (i = 0; i < NR_ATTRIBUTES; i++) { - if (value->id && threshold->id && value->id == threshold->id) { - if (value->value < threshold->threshold) { - ++failed; - } - else { - ++passed; - } - } - ++value; - ++threshold; - } - return (passed ? -failed : 2); -} - - - -int nagios (values_t * p, thresholds_t * t) { value_t * value = p->values; diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c index c371be97..845a4f52 100644 --- a/plugins/check_ldap.c +++ b/plugins/check_ldap.c @@ -1,29 +1,29 @@ /***************************************************************************** -* +* * Monitoring check_ldap plugin -* +* * License: GPL * Copyright (c) 2000-2008 Monitoring Plugins Development Team -* +* * Description: -* +* * This file contains the check_ldap plugin -* -* +* +* * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. -* +* * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. -* +* * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. -* -* +* +* *****************************************************************************/ /* progname may be check_ldaps */ @@ -67,7 +67,10 @@ int ld_protocol = DEFAULT_PROTOCOL; #endif double warn_time = UNDEFINED; double crit_time = UNDEFINED; +thresholds *entries_thresholds = NULL; struct timeval tv; +char* warn_entries = NULL; +char* crit_entries = NULL; int starttls = FALSE; int ssl_on_connect = FALSE; int verbose = 0; @@ -94,6 +97,12 @@ main (int argc, char *argv[]) int tls; int version=3; + /* for entry counting */ + + LDAPMessage *next_entry; + int status_entries = STATE_OK; + int num_entries = 0; + setlocale (LC_ALL, ""); bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); @@ -197,12 +206,14 @@ main (int argc, char *argv[]) } /* do a search of all objectclasses in the base dn */ - if (ldap_search_s (ld, ld_base, LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result) + if (ldap_search_s (ld, ld_base, (crit_entries!=NULL || warn_entries!=NULL) ? LDAP_SCOPE_SUBTREE : LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result) != LDAP_SUCCESS) { if (verbose) ldap_perror(ld, "ldap_search"); printf (_("Could not search/find objectclasses in %s\n"), ld_base); return STATE_CRITICAL; + } else if (crit_entries!=NULL || warn_entries!=NULL) { + num_entries = ldap_count_entries(ld, result); } /* unbind from the ldap server */ @@ -223,14 +234,42 @@ main (int argc, char *argv[]) else status = STATE_OK; + if(entries_thresholds != NULL) { + if (verbose) { + printf ("entries found: %d\n", num_entries); + print_thresholds("entry thresholds", entries_thresholds); + } + status_entries = get_status(num_entries, entries_thresholds); + if (status_entries == STATE_CRITICAL) { + status = STATE_CRITICAL; + } else if (status != STATE_CRITICAL) { + status = status_entries; + } + } + /* print out the result */ - printf (_("LDAP %s - %.3f seconds response time|%s\n"), - state_text (status), - elapsed_time, - fperfdata ("time", elapsed_time, "s", - (int)warn_time, warn_time, - (int)crit_time, crit_time, - TRUE, 0, FALSE, 0)); + if (crit_entries!=NULL || warn_entries!=NULL) { + printf (_("LDAP %s - found %d entries in %.3f seconds|%s %s\n"), + state_text (status), + num_entries, + elapsed_time, + fperfdata ("time", elapsed_time, "s", + (int)warn_time, warn_time, + (int)crit_time, crit_time, + TRUE, 0, FALSE, 0), + sperfdata ("entries", (double)num_entries, "", + warn_entries, + crit_entries, + TRUE, 0.0, FALSE, 0.0)); + } else { + printf (_("LDAP %s - %.3f seconds response time|%s\n"), + state_text (status), + elapsed_time, + fperfdata ("time", elapsed_time, "s", + (int)warn_time, warn_time, + (int)crit_time, crit_time, + TRUE, 0, FALSE, 0)); + } return status; } @@ -263,6 +302,8 @@ process_arguments (int argc, char **argv) {"port", required_argument, 0, 'p'}, {"warn", required_argument, 0, 'w'}, {"crit", required_argument, 0, 'c'}, + {"warn-entries", required_argument, 0, 'W'}, + {"crit-entries", required_argument, 0, 'C'}, {"verbose", no_argument, 0, 'v'}, {0, 0, 0, 0} }; @@ -276,7 +317,7 @@ process_arguments (int argc, char **argv) } while (1) { - c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:", longopts, &option); + c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:W:", longopts, &option); if (c == -1 || c == EOF) break; @@ -284,10 +325,10 @@ process_arguments (int argc, char **argv) switch (c) { case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 't': /* timeout period */ if (!is_intnonneg (optarg)) usage2 (_("Timeout interval must be a positive integer"), optarg); @@ -318,6 +359,12 @@ process_arguments (int argc, char **argv) case 'c': crit_time = strtod (optarg, NULL); break; + case 'W': + warn_entries = optarg; + break; + case 'C': + crit_entries = optarg; + break; #ifdef HAVE_LDAP_SET_OPTION case '2': ld_protocol = 2; @@ -381,6 +428,13 @@ validate_arguments () if (ld_base==NULL) usage4 (_("Please specify the LDAP base\n")); + if (crit_entries!=NULL || warn_entries!=NULL) { + set_thresholds(&entries_thresholds, + warn_entries, crit_entries); + } + if (ld_passwd==NULL) + ld_passwd = getenv("LDAP_PASSWORD"); + return OK; } @@ -414,7 +468,7 @@ print_help (void) printf (" %s\n", "-D [--bind]"); printf (" %s\n", _("ldap bind DN (if required)")); printf (" %s\n", "-P [--pass]"); - printf (" %s\n", _("ldap password (if required)")); + printf (" %s\n", _("ldap password (if required, or set the password through environment variable 'LDAP_PASSWORD')")); printf (" %s\n", "-T [--starttls]"); printf (" %s\n", _("use starttls mechanism introduced in protocol version 3")); printf (" %s\n", "-S [--ssl]"); @@ -430,6 +484,11 @@ print_help (void) printf (UT_WARN_CRIT); + printf (" %s\n", "-W [--warn-entries]"); + printf (" %s\n", _("Number of found entries to result in warning status")); + printf (" %s\n", "-C [--crit-entries]"); + printf (" %s\n", _("Number of found entries to result in critical status")); + printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); printf (UT_VERBOSE); @@ -441,6 +500,7 @@ print_help (void) printf (" %s\n", _("'SSL on connect' will be used no matter how the plugin was called.")); printf (" %s\n", _("This detection is deprecated, please use 'check_ldap' with the '--starttls' or '--ssl' flags")); printf (" %s\n", _("to define the behaviour explicitly instead.")); + printf (" %s\n", _("The parameters --warn-entries and --crit-entries are optional.")); printf (UT_SUPPORT); } diff --git a/plugins/check_load.c b/plugins/check_load.c index cde63e56..0e4de54e 100644 --- a/plugins/check_load.c +++ b/plugins/check_load.c @@ -33,6 +33,7 @@ const char *copyright = "1999-2007"; const char *email = "devel@monitoring-plugins.org"; #include "common.h" +#include "runcmd.h" #include "utils.h" #include "popen.h" @@ -52,6 +53,9 @@ static int process_arguments (int argc, char **argv); static int validate_arguments (void); void print_help (void); void print_usage (void); +static int print_top_consuming_processes(); + +static int n_procs_to_show = 0; /* strictly for pretty-print usage in loops */ static const int nums[3] = { 1, 5, 15 }; @@ -160,7 +164,7 @@ main (int argc, char **argv) sscanf (input_buffer, "%*[^l]load averages: %lf, %lf, %lf", &la1, &la5, &la15); } else { - printf (_("could not parse load from uptime: %s\n"), result, PATH_TO_UPTIME); + printf (_("could not parse load from uptime %s: %s\n"), PATH_TO_UPTIME, result); return STATE_UNKNOWN; } @@ -205,11 +209,14 @@ main (int argc, char **argv) else if(la[i] > wload[i]) result = STATE_WARNING; } - printf("%s - %s|", state_text(result), status_line); + printf("LOAD %s - %s|", state_text(result), status_line); for(i = 0; i < 3; i++) printf("load%d=%.3f;%.3f;%.3f;0; ", nums[i], la[i], wload[i], cload[i]); putchar('\n'); + if (n_procs_to_show > 0) { + print_top_consuming_processes(); + } return result; } @@ -227,6 +234,7 @@ process_arguments (int argc, char **argv) {"percpu", no_argument, 0, 'r'}, {"version", no_argument, 0, 'V'}, {"help", no_argument, 0, 'h'}, + {"procs-to-show", required_argument, 0, 'n'}, {0, 0, 0, 0} }; @@ -234,7 +242,7 @@ process_arguments (int argc, char **argv) return ERROR; while (1) { - c = getopt_long (argc, argv, "Vhrc:w:", longopts, &option); + c = getopt_long (argc, argv, "Vhrc:w:n:", longopts, &option); if (c == -1 || c == EOF) break; @@ -251,10 +259,13 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); + case 'n': + n_procs_to_show = atoi(optarg); + break; case '?': /* help */ usage5 (); } @@ -324,6 +335,9 @@ print_help (void) printf (" %s\n", _("the load average format is the same used by \"uptime\" and \"w\"")); printf (" %s\n", "-r, --percpu"); printf (" %s\n", _("Divide the load averages by the number of CPUs (when possible)")); + printf (" %s\n", "-n, --procs-to-show=NUMBER_OF_PROCS"); + printf (" %s\n", _("Number of processes to show when printing the top consuming processes.")); + printf (" %s\n", _("NUMBER_OF_PROCS=0 disables this feature. Default value is 0")); printf (UT_SUPPORT); } @@ -332,5 +346,48 @@ void print_usage (void) { printf ("%s\n", _("Usage:")); - printf ("%s [-r] -w WLOAD1,WLOAD5,WLOAD15 -c CLOAD1,CLOAD5,CLOAD15\n", progname); + printf ("%s [-r] -w WLOAD1,WLOAD5,WLOAD15 -c CLOAD1,CLOAD5,CLOAD15 [-n NUMBER_OF_PROCS]\n", progname); +} + +#ifdef PS_USES_PROCPCPU +int cmpstringp(const void *p1, const void *p2) { + int procuid = 0; + int procpid = 0; + int procppid = 0; + int procvsz = 0; + int procrss = 0; + float procpcpu = 0; + char procstat[8]; +#ifdef PS_USES_PROCETIME + char procetime[MAX_INPUT_BUFFER]; +#endif /* PS_USES_PROCETIME */ + char procprog[MAX_INPUT_BUFFER]; + int pos; + sscanf (* (char * const *) p1, PS_FORMAT, PS_VARLIST); + float procpcpu1 = procpcpu; + sscanf (* (char * const *) p2, PS_FORMAT, PS_VARLIST); + return procpcpu1 < procpcpu; +} +#endif /* PS_USES_PROCPCPU */ + +static int print_top_consuming_processes() { + int i = 0; + struct output chld_out, chld_err; + if(np_runcmd(PS_COMMAND, &chld_out, &chld_err, 0) != 0){ + fprintf(stderr, _("'%s' exited with non-zero status.\n"), PS_COMMAND); + return STATE_UNKNOWN; + } + if (chld_out.lines < 2) { + fprintf(stderr, _("some error occurred getting procs list.\n")); + return STATE_UNKNOWN; + } +#ifdef PS_USES_PROCPCPU + qsort(chld_out.line + 1, chld_out.lines - 1, sizeof(char*), cmpstringp); +#endif /* PS_USES_PROCPCPU */ + int lines_to_show = chld_out.lines < (n_procs_to_show + 1) + ? chld_out.lines : n_procs_to_show + 1; + for (i = 0; i < lines_to_show; i += 1) { + printf("%s\n", chld_out.line[i]); + } + return OK; } diff --git a/plugins/check_mrtg.c b/plugins/check_mrtg.c index cf3fe044..1fda5492 100644 --- a/plugins/check_mrtg.c +++ b/plugins/check_mrtg.c @@ -234,10 +234,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case '?': /* help */ usage5 (); } diff --git a/plugins/check_mrtgtraf.c b/plugins/check_mrtgtraf.c index 3b038cf1..eb66f622 100644 --- a/plugins/check_mrtgtraf.c +++ b/plugins/check_mrtgtraf.c @@ -270,10 +270,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case '?': /* help */ usage5 (); } diff --git a/plugins/check_mysql.c b/plugins/check_mysql.c index 216626bc..0cba50e6 100644 --- a/plugins/check_mysql.c +++ b/plugins/check_mysql.c @@ -379,6 +379,9 @@ process_arguments (int argc, char **argv) if (is_host (optarg)) { db_host = optarg; } + else if (*optarg == '/') { + db_socket = optarg; + } else { usage2 (_("Invalid hostname/address"), optarg); } @@ -444,10 +447,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'v': verbose++; break; diff --git a/plugins/check_mysql_query.c b/plugins/check_mysql_query.c index 71ab7768..ac2fb15d 100644 --- a/plugins/check_mysql_query.c +++ b/plugins/check_mysql_query.c @@ -136,18 +136,18 @@ main (int argc, char **argv) die (STATE_CRITICAL, "QUERY %s: Fetch row error - %s\n", _("CRITICAL"), error); } - /* free the result */ - mysql_free_result (res); - - /* close the connection */ - mysql_close (&mysql); - if (! is_numeric(row[0])) { die (STATE_CRITICAL, "QUERY %s: %s - '%s'\n", _("CRITICAL"), _("Is not a numeric"), row[0]); } value = strtod(row[0], NULL); + /* free the result */ + mysql_free_result (res); + + /* close the connection */ + mysql_close (&mysql); + if (verbose >= 3) printf("mysql result: %f\n", value); @@ -250,10 +250,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'q': xasprintf(&sql_query, "%s", optarg); break; diff --git a/plugins/check_nagios.c b/plugins/check_nagios.c index 791b6dbe..40d68f03 100644 --- a/plugins/check_nagios.c +++ b/plugins/check_nagios.c @@ -235,10 +235,10 @@ process_arguments (int argc, char **argv) switch (c) { case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'F': /* status log */ status_log = optarg; break; diff --git a/plugins/check_nt.c b/plugins/check_nt.c index fefbfb7a..59c135db 100644 --- a/plugins/check_nt.c +++ b/plugins/check_nt.c @@ -197,19 +197,40 @@ int main(int argc, char **argv){ case CHECK_UPTIME: - xasprintf(&send_buffer, "%s&3", req_password); - fetch_data (server_address, server_port, send_buffer); - uptime=strtoul(recv_buffer,NULL,10); - updays = uptime / 86400; - uphours = (uptime % 86400) / 3600; - upminutes = ((uptime % 86400) % 3600) / 60; - xasprintf(&output_message,_("System Uptime - %u day(s) %u hour(s) %u minute(s)|uptime=%lu"), updays, uphours, upminutes, uptime); - if (check_critical_value==TRUE && uptime <= critical_value) - return_code=STATE_CRITICAL; - else if (check_warning_value==TRUE && uptime <= warning_value) - return_code=STATE_WARNING; - else - return_code=STATE_OK; + if (value_list == NULL) { + value_list = "minutes"; + } + if (strncmp(value_list, "seconds", strlen("seconds") + 1 ) && + strncmp(value_list, "minutes", strlen("minutes") + 1) && + strncmp(value_list, "hours", strlen("hours") + 1) && + strncmp(value_list, "days", strlen("days") + 1)) { + + output_message = strdup (_("wrong -l argument")); + } else { + xasprintf(&send_buffer, "%s&3", req_password); + fetch_data (server_address, server_port, send_buffer); + uptime=strtoul(recv_buffer,NULL,10); + updays = uptime / 86400; + uphours = (uptime % 86400) / 3600; + upminutes = ((uptime % 86400) % 3600) / 60; + + if (!strncmp(value_list, "minutes", strlen("minutes"))) + uptime = uptime / 60; + else if (!strncmp(value_list, "hours", strlen("hours"))) + uptime = uptime / 3600; + else if (!strncmp(value_list, "days", strlen("days"))) + uptime = uptime / 86400; + /* else uptime in seconds, nothing to do */ + + xasprintf(&output_message,_("System Uptime - %u day(s) %u hour(s) %u minute(s) |uptime=%lu"),updays, uphours, upminutes, uptime); + + if (check_critical_value==TRUE && uptime <= critical_value) + return_code=STATE_CRITICAL; + else if (check_warning_value==TRUE && uptime <= warning_value) + return_code=STATE_WARNING; + else + return_code=STATE_OK; + } break; case CHECK_USEDDISKSPACE: @@ -532,10 +553,10 @@ int process_arguments(int argc, char **argv){ usage5 (); case 'h': /* help */ print_help(); - exit(STATE_OK); + exit(STATE_UNKNOWN); case 'V': /* version */ print_revision(progname, NP_VERSION); - exit(STATE_OK); + exit(STATE_UNKNOWN); case 'H': /* hostname */ server_address = optarg; break; @@ -713,7 +734,9 @@ void print_help(void) printf (" %s\n", "ie: -l 60,90,95,120,90,95"); printf (" %s\n", "UPTIME ="); printf (" %s\n", _("Get the uptime of the machine.")); - printf (" %s\n", _("No specific parameters. No warning or critical threshold")); + printf (" %s\n", _("-l <unit> ")); + printf (" %s\n", _("<unit> = seconds, minutes, hours, or days. (default: minutes)")); + printf (" %s\n", _("Thresholds will use the unit specified above.")); printf (" %s\n", "USEDDISKSPACE ="); printf (" %s\n", _("Size and percentage of disk use.")); printf (" %s\n", _("Request a -l parameter containing the drive letter only.")); diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c index 09a923eb..914b40ce 100644 --- a/plugins/check_ntp.c +++ b/plugins/check_ntp.c @@ -297,7 +297,7 @@ void setup_request(ntp_message *p){ * this is done by filtering servers based on stratum, dispersion, and * finally round-trip delay. */ int best_offset_server(const ntp_server_results *slist, int nservers){ - int i=0, cserver=0, best_server=-1; + int cserver=0, best_server=-1; /* for each server */ for(cserver=0; cserver<nservers; cserver++){ @@ -356,7 +356,7 @@ int best_offset_server(const ntp_server_results *slist, int nservers){ * we have to do it in a way that our lazy macros don't handle currently :( */ double offset_request(const char *host, int *status){ int i=0, j=0, ga_result=0, num_hosts=0, *socklist=NULL, respnum=0; - int servers_completed=0, one_written=0, one_read=0, servers_readable=0, best_index=-1; + int servers_completed=0, one_read=0, servers_readable=0, best_index=-1; time_t now_time=0, start_ts=0; ntp_message *req=NULL; double avg_offset=0.; @@ -421,7 +421,6 @@ double offset_request(const char *host, int *status){ * been touched in the past second or so and is still lacking * some responses. for each of these servers, send a new request, * and update the "waiting" timestamp with the current time. */ - one_written=0; now_time=time(NULL); for(i=0; i<num_hosts; i++){ @@ -431,7 +430,6 @@ double offset_request(const char *host, int *status){ setup_request(&req[i]); write(socklist[i], &req[i], sizeof(ntp_message)); servers[i].waiting=now_time; - one_written=1; break; } } @@ -517,14 +515,13 @@ setup_control_request(ntp_control_message *p, uint8_t opcode, uint16_t seq){ double jitter_request(const char *host, int *status){ int conn=-1, i, npeers=0, num_candidates=0, syncsource_found=0; int run=0, min_peer_sel=PEER_INCLUDED, num_selected=0, num_valid=0; - int peers_size=0, peer_offset=0, bytes_read=0; + int peers_size=0, peer_offset=0; ntp_assoc_status_pair *peers=NULL; ntp_control_message req; const char *getvar = "jitter"; double rval = 0.0, jitter = -1.0; char *startofvalue=NULL, *nptr=NULL; void *tmp; - int ntp_cm_ints = sizeof(uint16_t) * 5 + sizeof(uint8_t) * 2; /* Long-winded explanation: * Getting the jitter requires a number of steps: @@ -551,7 +548,7 @@ double jitter_request(const char *host, int *status){ DBG(print_ntp_control_message(&req)); /* Attempt to read the largest size packet possible */ req.count=htons(MAX_CM_SIZE); - DBG(printf("recieving READSTAT response")) + DBG(printf("receiving READSTAT response")) read(conn, &req, SIZEOF_NTPCM(req)); DBG(print_ntp_control_message(&req)); /* Each peer identifier is 4 bytes in the data section, which @@ -591,6 +588,9 @@ double jitter_request(const char *host, int *status){ for (i = 0; i < npeers; i++){ /* Only query this server if it is the current sync source */ if (PEER_SEL(peers[i].status) >= min_peer_sel){ + char jitter_data[MAX_CM_SIZE+1]; + size_t jitter_data_count; + num_selected++; setup_control_request(&req, OP_READVAR, 2); req.assoc = peers[i].assoc; @@ -608,16 +608,8 @@ double jitter_request(const char *host, int *status){ DBG(print_ntp_control_message(&req)); req.count = htons(MAX_CM_SIZE); - DBG(printf("recieving READVAR response...\n")); - - /* cov-66524 - req.data not null terminated before usage. Also covers verifying struct was returned correctly*/ - if ((bytes_read = read(conn, &req, SIZEOF_NTPCM(req))) == -1) - die(STATE_UNKNOWN, _("Cannot read from socket: %s"), strerror(errno)); - if (bytes_read != ntp_cm_ints + req.count) - die(STATE_UNKNOWN, _("Invalid NTP response: %d bytes read does not equal %d plus %d data segment"), bytes_read, ntp_cm_ints, req.count); - /* else null terminate */ - strncpy(req.data[req.count], "\0", 1); - + DBG(printf("receiving READVAR response...\n")); + read(conn, &req, SIZEOF_NTPCM(req)); DBG(print_ntp_control_message(&req)); if(req.op&REM_ERROR && strstr(getvar, "jitter")) { @@ -632,7 +624,14 @@ double jitter_request(const char *host, int *status){ if(verbose) { printf("parsing jitter from peer %.2x: ", ntohs(peers[i].assoc)); } - startofvalue = strchr(req.data, '='); + if((jitter_data_count = ntohs(req.count)) >= sizeof(jitter_data)){ + die(STATE_UNKNOWN, + _("jitter response too large (%lu bytes)\n"), + (unsigned long)jitter_data_count); + } + memcpy(jitter_data, req.data, jitter_data_count); + jitter_data[jitter_data_count] = '\0'; + startofvalue = strchr(jitter_data, '='); if(startofvalue != NULL) { startofvalue++; jitter = strtod(startofvalue, &nptr); @@ -690,11 +689,11 @@ int process_arguments(int argc, char **argv){ switch (c) { case 'h': print_help(); - exit(STATE_OK); + exit(STATE_UNKNOWN); break; case 'V': print_revision(progname, NP_VERSION); - exit(STATE_OK); + exit(STATE_UNKNOWN); break; case 'v': verbose++; diff --git a/plugins/check_ntp_peer.c b/plugins/check_ntp_peer.c index 44424af5..6842842f 100644 --- a/plugins/check_ntp_peer.c +++ b/plugins/check_ntp_peer.c @@ -245,7 +245,7 @@ int ntp_request(const char *host, double *offset, int *offset_result, double *ji do { /* Attempt to read the largest size packet possible */ req.count=htons(MAX_CM_SIZE); - DBG(printf("recieving READSTAT response")) + DBG(printf("receiving READSTAT response")) if(read(conn, &req, SIZEOF_NTPCM(req)) == -1) die(STATE_CRITICAL, "NTP CRITICAL: No response from NTP server\n"); DBG(print_ntp_control_message(&req)); @@ -448,11 +448,11 @@ int process_arguments(int argc, char **argv){ switch (c) { case 'h': print_help(); - exit(STATE_OK); + exit(STATE_UNKNOWN); break; case 'V': print_revision(progname, NP_VERSION); - exit(STATE_OK); + exit(STATE_UNKNOWN); break; case 'v': verbose++; diff --git a/plugins/check_ntp_time.c b/plugins/check_ntp_time.c index e344f8b7..391b2df2 100644 --- a/plugins/check_ntp_time.c +++ b/plugins/check_ntp_time.c @@ -244,7 +244,7 @@ void setup_request(ntp_message *p){ * this is done by filtering servers based on stratum, dispersion, and * finally round-trip delay. */ int best_offset_server(const ntp_server_results *slist, int nservers){ - int i=0, cserver=0, best_server=-1; + int cserver=0, best_server=-1; /* for each server */ for(cserver=0; cserver<nservers; cserver++){ @@ -303,7 +303,7 @@ int best_offset_server(const ntp_server_results *slist, int nservers){ * we have to do it in a way that our lazy macros don't handle currently :( */ double offset_request(const char *host, int *status){ int i=0, j=0, ga_result=0, num_hosts=0, *socklist=NULL, respnum=0; - int servers_completed=0, one_written=0, one_read=0, servers_readable=0, best_index=-1; + int servers_completed=0, one_read=0, servers_readable=0, best_index=-1; time_t now_time=0, start_ts=0; ntp_message *req=NULL; double avg_offset=0.; @@ -368,7 +368,6 @@ double offset_request(const char *host, int *status){ * been touched in the past second or so and is still lacking * some responses. For each of these servers, send a new request, * and update the "waiting" timestamp with the current time. */ - one_written=0; now_time=time(NULL); for(i=0; i<num_hosts; i++){ @@ -378,7 +377,6 @@ double offset_request(const char *host, int *status){ setup_request(&req[i]); write(socklist[i], &req[i], sizeof(ntp_message)); servers[i].waiting=now_time; - one_written=1; break; } } @@ -477,11 +475,11 @@ int process_arguments(int argc, char **argv){ switch (c) { case 'h': print_help(); - exit(STATE_OK); + exit(STATE_UNKNOWN); break; case 'V': print_revision(progname, NP_VERSION); - exit(STATE_OK); + exit(STATE_UNKNOWN); break; case 'v': verbose++; @@ -635,7 +633,7 @@ void print_help(void){ printf("%s\n", _("Notes:")); printf(" %s\n", _("If you'd rather want to monitor an NTP server, please use")); printf(" %s\n", _("check_ntp_peer.")); - printf(" %s\n", _("--time-offset is usefull for compensating for servers with known")); + printf(" %s\n", _("--time-offset is useful for compensating for servers with known")); printf(" %s\n", _("and expected clock skew.")); printf("\n"); printf(UT_THRESHOLDS_NOTES); diff --git a/plugins/check_nwstat.c b/plugins/check_nwstat.c index 1a7bfa16..e7e8de05 100644 --- a/plugins/check_nwstat.c +++ b/plugins/check_nwstat.c @@ -1354,10 +1354,10 @@ int process_arguments(int argc, char **argv) { usage5 (); case 'h': /* help */ print_help(); - exit(STATE_OK); + exit(STATE_UNKNOWN); case 'V': /* version */ print_revision(progname, NP_VERSION); - exit(STATE_OK); + exit(STATE_UNKNOWN); case 'H': /* hostname */ server_address=optarg; break; diff --git a/plugins/check_overcr.c b/plugins/check_overcr.c index af5eb9b9..9a4d25fa 100644 --- a/plugins/check_overcr.c +++ b/plugins/check_overcr.c @@ -340,10 +340,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'H': /* hostname */ server_address = optarg; break; diff --git a/plugins/check_pgsql.c b/plugins/check_pgsql.c index 9bad1ec5..b8fc5f1d 100644 --- a/plugins/check_pgsql.c +++ b/plugins/check_pgsql.c @@ -34,6 +34,7 @@ const char *email = "devel@monitoring-plugins.org"; #include "common.h" #include "utils.h" +#include "utils_cmd.h" #include "netutils.h" #include <libpq-fe.h> @@ -302,10 +303,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 't': /* timeout period */ if (!is_integer (optarg)) usage2 (_("Timeout interval must be a positive integer"), optarg); @@ -346,7 +347,7 @@ process_arguments (int argc, char **argv) if (!is_pg_dbname (optarg)) /* checks length and valid chars */ usage2 (_("Database name is not valid"), optarg); else /* we know length, and know optarg is terminated, so us strcpy */ - strcpy (dbName, optarg); + snprintf(dbName, NAMEDATALEN, "%s", optarg); break; case 'l': /* login name */ if (!is_pg_logname (optarg)) @@ -565,7 +566,7 @@ print_help (void) printf (" %s\n", _("Typically, the monitoring user (unless the --logname option is used) should be")); printf (" %s\n", _("able to connect to the database without a password. The plugin can also send")); - printf (" %s\n", _("a password, but no effort is made to obsure or encrypt the password.")); + printf (" %s\n", _("a password, but no effort is made to obscure or encrypt the password.")); printf (UT_SUPPORT); } diff --git a/plugins/check_ping.c b/plugins/check_ping.c index dbc5c3e4..ba7af373 100644 --- a/plugins/check_ping.c +++ b/plugins/check_ping.c @@ -37,6 +37,8 @@ const char *email = "devel@monitoring-plugins.org"; #include "popen.h" #include "utils.h" +#include <signal.h> + #define WARN_DUPLICATES "DUPLICATES FOUND! " #define UNKNOWN_TRIP_TIME -1.0 /* -1 seconds */ @@ -163,10 +165,14 @@ main (int argc, char **argv) printf ("</A>"); /* Print performance data */ - printf("|%s", fperfdata ("rta", (double) rta, "ms", - wrta>0?TRUE:FALSE, wrta, - crta>0?TRUE:FALSE, crta, - TRUE, 0, FALSE, 0)); + if (pl != 100) { + printf("|%s", fperfdata ("rta", (double) rta, "ms", + wrta>0?TRUE:FALSE, wrta, + crta>0?TRUE:FALSE, crta, + TRUE, 0, FALSE, 0)); + } else { + printf("| rta=U;%f;%f;;", wrta, crta); + } printf(" %s\n", perfdata ("pl", (long) pl, "%", wpl>0?TRUE:FALSE, wpl, cpl>0?TRUE:FALSE, cpl, @@ -224,11 +230,11 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); break; case 't': /* timeout period */ timeout_interval = atoi (optarg); diff --git a/plugins/check_procs.c b/plugins/check_procs.c index 402aac53..48723404 100644 --- a/plugins/check_procs.c +++ b/plugins/check_procs.c @@ -1,34 +1,34 @@ /***************************************************************************** -* +* * Monitoring check_procs plugin -* +* * License: GPL * Copyright (c) 2000-2008 Monitoring Plugins Development Team -* +* * Description: -* +* * This file contains the check_procs plugin -* +* * Checks all processes and generates WARNING or CRITICAL states if the * specified metric is outside the required threshold ranges. The metric * defaults to number of processes. Search filters can be applied to limit * the processes to check. -* -* +* +* * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. -* +* * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. -* +* * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. -* -* +* +* *****************************************************************************/ const char *progname = "check_procs"; @@ -50,7 +50,7 @@ const char *email = "devel@monitoring-plugins.org"; int process_arguments (int, char **); int validate_arguments (void); -int convert_to_seconds (char *); +int convert_to_seconds (char *); void print_help (void); void print_usage (void); @@ -230,9 +230,9 @@ main (int argc, char **argv) procseconds = convert_to_seconds(procetime); if (verbose >= 3) - printf ("proc#=%d uid=%d vsz=%d rss=%d pid=%d ppid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s\n", + printf ("proc#=%d uid=%d vsz=%d rss=%d pid=%d ppid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s\n", procs, procuid, procvsz, procrss, - procpid, procppid, procpcpu, procstat, + procpid, procppid, procpcpu, procstat, procetime, procprog, procargs); /* Ignore self */ @@ -265,7 +265,7 @@ main (int argc, char **argv) } } - if ((options & STAT) && (strstr (statopts, procstat))) + if ((options & STAT) && (strstr (procstat, statopts))) resultsum |= STAT; if ((options & ARGS) && procargs && (strstr (procargs, args) != NULL)) resultsum |= ARGS; @@ -292,9 +292,9 @@ main (int argc, char **argv) procs++; if (verbose >= 2) { - printf ("Matched: uid=%d vsz=%d rss=%d pid=%d ppid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s\n", + printf ("Matched: uid=%d vsz=%d rss=%d pid=%d ppid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s\n", procuid, procvsz, procrss, - procpid, procppid, procpcpu, procstat, + procpid, procppid, procpcpu, procstat, procetime, procprog, procargs); } @@ -320,7 +320,7 @@ main (int argc, char **argv) result = max_state (result, i); } } - } + } /* This should not happen */ else if (verbose) { printf(_("Not parseable: %s"), input_buffer); @@ -332,7 +332,7 @@ main (int argc, char **argv) return STATE_UNKNOWN; } - if ( result == STATE_UNKNOWN ) + if ( result == STATE_UNKNOWN ) result = STATE_OK; /* Needed if procs found, but none match filter */ @@ -352,9 +352,9 @@ main (int argc, char **argv) if (metric != METRIC_PROCS) { printf (_("%d crit, %d warn out of "), crit, warn); } - } + } printf (ngettext ("%d process", "%d processes", (unsigned long) procs), procs); - + if (strcmp(fmt,"") != 0) { printf (_(" with %s"), fmt); } @@ -428,10 +428,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 't': /* timeout period */ if (!is_integer (optarg)) usage2 (_("Timeout interval must be a positive integer"), optarg); @@ -440,7 +440,7 @@ process_arguments (int argc, char **argv) break; case 'c': /* critical threshold */ critical_range = optarg; - break; + break; case 'w': /* warning threshold */ warning_range = optarg; break; @@ -542,11 +542,11 @@ process_arguments (int argc, char **argv) if ( strcmp(optarg, "PROCS") == 0) { metric = METRIC_PROCS; break; - } + } else if ( strcmp(optarg, "VSZ") == 0) { metric = METRIC_VSZ; break; - } + } else if ( strcmp(optarg, "RSS") == 0 ) { metric = METRIC_RSS; break; @@ -559,7 +559,7 @@ process_arguments (int argc, char **argv) metric = METRIC_ELAPSED; break; } - + usage4 (_("Metric must be one of PROCS, VSZ, RSS, CPU, ELAPSED!")); case 'k': /* linux kernel thread filter */ kthread_filter = 1; @@ -642,7 +642,7 @@ convert_to_seconds(char *etime) { seconds = 0; for (ptr = etime; *ptr != '\0'; ptr++) { - + if (*ptr == '-') { hyphcnt++; continue; @@ -764,6 +764,11 @@ be the total number of running processes\n\n")); printf (" %s\n", "check_procs -w 2:2 -c 2:1024 -C portsentry"); printf (" %s\n", _("Warning if not two processes with command name portsentry.")); printf (" %s\n\n", _("Critical if < 2 or > 1024 processes")); + printf (" %s\n", "check_procs -c 1: -C sshd"); + printf (" %s\n", _("Critical if not at least 1 process with command sshd")); + printf (" %s\n", "check_procs -w 1024 -c 1: -C sshd"); + printf (" %s\n", _("Warning if > 1024 processes with command name sshd.")); + printf (" %s\n\n", _("Critical if < 1 processes with command name sshd.")); printf (" %s\n", "check_procs -w 10 -a '/usr/local/bin/perl' -u root"); printf (" %s\n", _("Warning alert if > 10 processes with command arguments containing")); printf (" %s\n\n", _("'/usr/local/bin/perl' and owned by root")); diff --git a/plugins/check_radius.c b/plugins/check_radius.c index b2943475..be1001b4 100644 --- a/plugins/check_radius.c +++ b/plugins/check_radius.c @@ -36,7 +36,9 @@ const char *email = "devel@monitoring-plugins.org"; #include "utils.h" #include "netutils.h" -#if defined(HAVE_LIBFREERADIUS_CLIENT) +#if defined(HAVE_LIBRADCLI) +#include <radcli/radcli.h> +#elif defined(HAVE_LIBFREERADIUS_CLIENT) #include <freeradius-client.h> #elif defined(HAVE_LIBRADIUSCLIENT_NG) #include <radiusclient-ng.h> @@ -48,22 +50,24 @@ int process_arguments (int, char **); void print_help (void); void print_usage (void); -#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) +#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) || defined(HAVE_LIBRADCLI) #define my_rc_conf_str(a) rc_conf_str(rch,a) +#if defined(HAVE_LIBRADCLI) +#define my_rc_send_server(a,b) rc_send_server(rch,a,b,AUTH) +#else #define my_rc_send_server(a,b) rc_send_server(rch,a,b) -#ifdef HAVE_LIBFREERADIUS_CLIENT +#endif +#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADCLI) #define my_rc_buildreq(a,b,c,d,e,f) rc_buildreq(rch,a,b,c,d,(a)->secret,e,f) #else #define my_rc_buildreq(a,b,c,d,e,f) rc_buildreq(rch,a,b,c,d,e,f) #endif -#define my_rc_own_ipaddress() rc_own_ipaddress(rch) #define my_rc_avpair_add(a,b,c,d) rc_avpair_add(rch,a,b,c,-1,d) #define my_rc_read_dictionary(a) rc_read_dictionary(rch, a) #else #define my_rc_conf_str(a) rc_conf_str(a) #define my_rc_send_server(a,b) rc_send_server(a, b) #define my_rc_buildreq(a,b,c,d,e,f) rc_buildreq(a,b,c,d,e,f) -#define my_rc_own_ipaddress() rc_own_ipaddress() #define my_rc_avpair_add(a,b,c,d) rc_avpair_add(a, b, c, d) #define my_rc_read_dictionary(a) rc_read_dictionary(a) #endif @@ -76,7 +80,7 @@ void print_usage (void); int my_rc_read_config(char *); -#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) +#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) || defined(HAVE_LIBRADCLI) rc_handle *rch = NULL; #endif @@ -90,7 +94,6 @@ char *config_file = NULL; unsigned short port = PW_AUTH_UDP_PORT; int retries = 1; int verbose = FALSE; -ENV *env = NULL; /****************************************************************************** @@ -150,6 +153,8 @@ Please note that all tags must be lowercase to use the DocBook XML DTD. int main (int argc, char **argv) { + struct sockaddr_storage ss; + char name[HOST_NAME_MAX]; char msg[BUFFER_LEN]; SEND_DATA data; int result = STATE_UNKNOWN; @@ -185,15 +190,14 @@ main (int argc, char **argv) die (STATE_UNKNOWN, _("Invalid NAS-Identifier\n")); } - if (nasipaddress != NULL) { - if (rc_good_ipaddr (nasipaddress)) - die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n")); - if ((client_id = rc_get_ipaddr(nasipaddress)) == 0) - die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n")); - } else { - if ((client_id = my_rc_own_ipaddress ()) == 0) - die (STATE_UNKNOWN, _("Can't find local IP for NAS-IP-Address\n")); + if (nasipaddress == NULL) { + if (gethostname (name, sizeof(name)) != 0) + die (STATE_UNKNOWN, _("gethostname() failed!\n")); + nasipaddress = name; } + if (!dns_lookup (nasipaddress, &ss, AF_INET)) /* TODO: Support IPv6. */ + die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n")); + client_id = ntohl (((struct sockaddr_in *)&ss)->sin_addr.s_addr); if (my_rc_avpair_add (&(data.send_pairs), PW_NAS_IP_ADDRESS, &client_id, 0) == NULL) die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n")); @@ -259,10 +263,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (OK); + exit (STATE_UNKNOWN); case 'v': /* verbose mode */ verbose = TRUE; break; @@ -274,7 +278,7 @@ process_arguments (int argc, char **argv) break; case 'P': /* port */ if (is_intnonneg (optarg)) - port = atoi (optarg); + port = (unsigned short)atoi (optarg); else usage4 (_("Port must be a positive integer")); break; @@ -310,7 +314,7 @@ process_arguments (int argc, char **argv) break; case 't': /* timeout */ if (is_intpos (optarg)) - timeout_interval = atoi (optarg); + timeout_interval = (unsigned)atoi (optarg); else usage2 (_("Timeout interval must be a positive integer"), optarg); break; @@ -356,7 +360,7 @@ print_help (void) printf (" %s\n", "-u, --username=STRING"); printf (" %s\n", _("The user to authenticate")); printf (" %s\n", "-p, --password=STRING"); - printf (" %s\n", _("Password for autentication (SECURITY RISK)")); + printf (" %s\n", _("Password for authentication (SECURITY RISK)")); printf (" %s\n", "-n, --nas-id=STRING"); printf (" %s\n", _("NAS identifier")); printf (" %s\n", "-N, --nas-ip-address=STRING"); @@ -399,7 +403,7 @@ print_usage (void) int my_rc_read_config(char * a) { -#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) +#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) || defined(HAVE_LIBRADCLI) rch = rc_read_config(a); return (rch == NULL) ? 1 : 0; #else diff --git a/plugins/check_real.c b/plugins/check_real.c index 36f64134..0f1a1ba7 100644 --- a/plugins/check_real.c +++ b/plugins/check_real.c @@ -163,22 +163,22 @@ main (int argc, char **argv) /* Part I - Server Check */ - /* send the OPTIONS request */ - sprintf (buffer, "DESCRIBE rtsp://%s:%d%s RTSP/1.0\n", host_name, + /* send the DESCRIBE request */ + sprintf (buffer, "DESCRIBE rtsp://%s:%d%s RTSP/1.0\r\n", host_name, server_port, server_url); result = send (sd, buffer, strlen (buffer), 0); /* send the header sync */ - sprintf (buffer, "CSeq: 2\n"); + sprintf (buffer, "CSeq: 2\r\n"); result = send (sd, buffer, strlen (buffer), 0); /* send a newline so the server knows we're done with the request */ - sprintf (buffer, "\n"); + sprintf (buffer, "\r\n"); result = send (sd, buffer, strlen (buffer), 0); /* watch for the REAL connection string */ result = recv (sd, buffer, MAX_INPUT_BUFFER - 1, 0); - buffer[result] = "\0"; /* null terminate recieved buffer */ + buffer[result] = '\0'; /* null terminate recieved buffer */ /* return a CRITICAL status if we couldn't read any data */ if (result == -1) { @@ -359,10 +359,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case '?': /* usage */ usage5 (); } @@ -438,7 +438,7 @@ print_help (void) printf ("%s\n", _("This plugin will attempt to open an RTSP connection with the host.")); printf ("%s\n", _("Successul connects return STATE_OK, refusals and timeouts return")); printf ("%s\n", _("STATE_CRITICAL, other errors return STATE_UNKNOWN. Successful connects,")); - printf ("%s\n", _("but incorrect reponse messages from the host result in STATE_WARNING return")); + printf ("%s\n", _("but incorrect response messages from the host result in STATE_WARNING return")); printf ("%s\n", _("values.")); printf (UT_SUPPORT); diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c index 24304534..c1e92dff 100644 --- a/plugins/check_smtp.c +++ b/plugins/check_smtp.c @@ -55,14 +55,11 @@ enum { #define SMTP_EXPECT "220" #define SMTP_HELO "HELO " #define SMTP_EHLO "EHLO " +#define SMTP_LHLO "LHLO " #define SMTP_QUIT "QUIT\r\n" #define SMTP_STARTTLS "STARTTLS\r\n" #define SMTP_AUTH_LOGIN "AUTH LOGIN\r\n" -#ifndef HOST_MAX_BYTES -#define HOST_MAX_BYTES 255 -#endif - #define EHLO_SUPPORTS_STARTTLS 1 int process_arguments (int, char **); @@ -106,6 +103,7 @@ int check_critical_time = FALSE; int verbose = 0; int use_ssl = FALSE; short use_ehlo = FALSE; +short use_lhlo = FALSE; short ssl_established = 0; char *localhostname = NULL; int sd; @@ -128,6 +126,7 @@ main (int argc, char **argv) char *cmd_str = NULL; char *helocmd = NULL; char *error_msg = ""; + char *server_response = NULL; struct timeval tv; /* Catch pipe errors in read/write - sometimes occurs when writing QUIT */ @@ -155,7 +154,9 @@ main (int argc, char **argv) return STATE_CRITICAL; } } - if(use_ehlo) + if(use_lhlo) + xasprintf (&helocmd, "%s%s%s", SMTP_LHLO, localhostname, "\r\n"); + else if(use_ehlo) xasprintf (&helocmd, "%s%s%s", SMTP_EHLO, localhostname, "\r\n"); else xasprintf (&helocmd, "%s%s%s", SMTP_HELO, localhostname, "\r\n"); @@ -189,21 +190,9 @@ main (int argc, char **argv) printf (_("recv() failed\n")); return STATE_WARNING; } - else { - if (verbose) - printf ("%s", buffer); - /* strip the buffer of carriage returns */ - strip (buffer); - /* make sure we find the response we are looking for */ - if (!strstr (buffer, server_expect)) { - if (server_port == SMTP_PORT) - printf (_("Invalid SMTP response received from host: %s\n"), buffer); - else - printf (_("Invalid SMTP response received from host on port %d: %s\n"), - server_port, buffer); - return STATE_WARNING; - } - } + + /* save connect return (220 hostname ..) for later use */ + xasprintf(&server_response, "%s", buffer); /* send the HELO/EHLO command */ send(sd, helocmd, strlen(helocmd), 0); @@ -212,7 +201,7 @@ main (int argc, char **argv) if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) { printf (_("recv() failed\n")); return STATE_WARNING; - } else if(use_ehlo){ + } else if(use_ehlo || use_lhlo){ if(strstr(buffer, "250 STARTTLS") != NULL || strstr(buffer, "250-STARTTLS") != NULL){ supports_tls=TRUE; @@ -231,7 +220,7 @@ main (int argc, char **argv) send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0); recvlines(buffer, MAX_INPUT_BUFFER); /* wait for it */ - if (!strstr (buffer, server_expect)) { + if (!strstr (buffer, SMTP_EXPECT)) { printf (_("Server does not support STARTTLS\n")); smtp_quit(); return STATE_UNKNOWN; @@ -239,8 +228,8 @@ main (int argc, char **argv) result = np_net_ssl_init(sd); if(result != STATE_OK) { printf (_("CRITICAL - Cannot create SSL context.\n")); - np_net_ssl_cleanup(); close(sd); + np_net_ssl_cleanup(); return STATE_CRITICAL; } else { ssl_established = 1; @@ -276,6 +265,7 @@ main (int argc, char **argv) # ifdef USE_OPENSSL if ( check_cert ) { result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); + smtp_quit(); my_close(); return result; } @@ -283,12 +273,31 @@ main (int argc, char **argv) } #endif + if (verbose) + printf ("%s", buffer); + + /* save buffer for later use */ + xasprintf(&server_response, "%s%s", server_response, buffer); + /* strip the buffer of carriage returns */ + strip (server_response); + + /* make sure we find the droids we are looking for */ + if (!strstr (server_response, server_expect)) { + if (server_port == SMTP_PORT) + printf (_("Invalid SMTP response received from host: %s\n"), server_response); + else + printf (_("Invalid SMTP response received from host on port %d: %s\n"), + server_port, server_response); + return STATE_WARNING; + } + if (send_mail_from) { my_send(cmd_str, strlen(cmd_str)); if (recvlines(buffer, MAX_INPUT_BUFFER) >= 1 && verbose) printf("%s", buffer); } + n = 0; while (n < ncommands) { xasprintf (&cmd_str, "%s%s", commands[n], "\r\n"); my_send(cmd_str, strlen(cmd_str)); @@ -465,6 +474,7 @@ process_arguments (int argc, char **argv) {"use-ipv4", no_argument, 0, '4'}, {"use-ipv6", no_argument, 0, '6'}, {"help", no_argument, 0, 'h'}, + {"lmtp", no_argument, 0, 'L'}, {"starttls",no_argument,0,'S'}, {"certificate",required_argument,0,'D'}, {"ignore-quit-failure",no_argument,0,'q'}, @@ -484,7 +494,7 @@ process_arguments (int argc, char **argv) } while (1) { - c = getopt_long (argc, argv, "+hVv46t:p:f:e:c:w:H:C:R:SD:F:A:U:P:q", + c = getopt_long (argc, argv, "+hVv46Lt:p:f:e:c:w:H:C:R:SD:F:A:U:P:q", longopts, &option); if (c == -1 || c == EOF) @@ -581,11 +591,6 @@ process_arguments (int argc, char **argv) usage4 (_("Timeout interval must be a positive integer")); } break; - case 'S': - /* starttls */ - use_ssl = TRUE; - use_ehlo = TRUE; - break; case 'D': /* Check SSL cert validity */ #ifdef USE_OPENSSL @@ -607,9 +612,17 @@ process_arguments (int argc, char **argv) days_till_exp_warn = atoi (optarg); } check_cert = TRUE; + ignore_send_quit_failure = TRUE; #else usage (_("SSL support not available - install OpenSSL and recompile")); #endif + case 'S': + /* starttls */ + use_ssl = TRUE; + use_ehlo = TRUE; + break; + case 'L': + use_lhlo = TRUE; break; case '4': address_family = AF_INET; @@ -623,10 +636,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case '?': /* help */ usage5 (); } @@ -763,10 +776,12 @@ recvlines(char *buf, size_t bufsize) int my_close (void) { + int result; + result = close(sd); #ifdef HAVE_SSL - np_net_ssl_cleanup(); + np_net_ssl_cleanup(); #endif - return close(sd); + return result; } @@ -817,6 +832,8 @@ print_help (void) printf (" %s\n", _("SMTP AUTH username")); printf (" %s\n", "-P, --authpass=STRING"); printf (" %s\n", _("SMTP AUTH password")); + printf (" %s\n", "-L, --lmtp"); + printf (" %s\n", _("Send LHLO instead of HELO/EHLO")); printf (" %s\n", "-q, --ignore-quit-failure"); printf (" %s\n", _("Ignore failure when sending QUIT command to server")); @@ -829,7 +846,7 @@ print_help (void) printf("\n"); printf ("%s\n", _("Successul connects return STATE_OK, refusals and timeouts return")); printf ("%s\n", _("STATE_CRITICAL, other errors return STATE_UNKNOWN. Successful")); - printf ("%s\n", _("connects, but incorrect reponse messages from the host result in")); + printf ("%s\n", _("connects, but incorrect response messages from the host result in")); printf ("%s\n", _("STATE_WARNING return values.")); printf (UT_SUPPORT); @@ -843,6 +860,6 @@ print_usage (void) printf ("%s\n", _("Usage:")); printf ("%s -H host [-p port] [-4|-6] [-e expect] [-C command] [-R response] [-f from addr]\n", progname); printf ("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-q]\n"); - printf ("[-F fqdn] [-S] [-D warn days cert expire[,crit days cert expire]] [-v] \n"); + printf ("[-F fqdn] [-S] [-L] [-D warn days cert expire[,crit days cert expire]] [-v] \n"); } diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c index 2c62a230..abe54cfb 100644 --- a/plugins/check_snmp.c +++ b/plugins/check_snmp.c @@ -41,7 +41,6 @@ const char *email = "devel@monitoring-plugins.org"; #define DEFAULT_PORT "161" #define DEFAULT_MIBLIST "ALL" #define DEFAULT_PROTOCOL "1" -#define DEFAULT_TIMEOUT 1 #define DEFAULT_RETRIES 5 #define DEFAULT_AUTH_PROTOCOL "MD5" #define DEFAULT_PRIV_PROTOCOL "DES" @@ -104,6 +103,8 @@ int errcode, excode; char *server_address = NULL; char *community = NULL; +char **contextargs = NULL; +char *context = NULL; char **authpriv = NULL; char *proto = NULL; char *seclevel = NULL; @@ -128,6 +129,7 @@ size_t nunits = 0; size_t unitv_size = OID_COUNT_STEP; int numoids = 0; int numauthpriv = 0; +int numcontext = 0; int verbose = 0; int usesnmpgetnext = FALSE; char *warning_thresholds = NULL; @@ -150,7 +152,7 @@ state_data *previous_state; double *previous_value; size_t previous_size = OID_COUNT_STEP; int perf_labels = 1; - +char* ip_version = ""; static char *fix_snmp_range(char *th) { @@ -224,7 +226,7 @@ main (int argc, char **argv) outbuff = strdup (""); delimiter = strdup (" = "); output_delim = strdup (DEFAULT_OUTPUT_DELIMITER); - timeout_interval = DEFAULT_TIMEOUT; + timeout_interval = DEFAULT_SOCKET_TIMEOUT; retries = DEFAULT_RETRIES; np_init( (char *) progname, argc, argv ); @@ -297,8 +299,8 @@ main (int argc, char **argv) snmpcmd = strdup (PATH_TO_SNMPGET); } - /* 10 arguments to pass before authpriv options + 1 for host and numoids. Add one for terminating NULL */ - command_line = calloc (10 + numauthpriv + 1 + numoids + 1, sizeof (char *)); + /* 10 arguments to pass before context and authpriv options + 1 for host and numoids. Add one for terminating NULL */ + command_line = calloc (10 + numcontext + numauthpriv + 1 + numoids + 1, sizeof (char *)); command_line[0] = snmpcmd; command_line[1] = strdup ("-Le"); command_line[2] = strdup ("-t"); @@ -310,23 +312,27 @@ main (int argc, char **argv) command_line[8] = "-v"; command_line[9] = strdup (proto); + for (i = 0; i < numcontext; i++) { + command_line[10 + i] = contextargs[i]; + } + for (i = 0; i < numauthpriv; i++) { - command_line[10 + i] = authpriv[i]; + command_line[10 + numcontext + i] = authpriv[i]; } - xasprintf (&command_line[10 + numauthpriv], "%s:%s", server_address, port); + xasprintf (&command_line[10 + numcontext + numauthpriv], "%s:%s", server_address, port); /* This is just for display purposes, so it can remain a string */ - xasprintf(&cl_hidden_auth, "%s -Le -t %d -r %d -m %s -v %s %s %s:%s", - snmpcmd, timeout_interval, retries, strlen(miblist) ? miblist : "''", proto, "[authpriv]", + xasprintf(&cl_hidden_auth, "%s -Le -t %d -r %d -m %s -v %s %s %s %s:%s", + snmpcmd, timeout_interval, retries, strlen(miblist) ? miblist : "''", proto, "[context]", "[authpriv]", server_address, port); for (i = 0; i < numoids; i++) { - command_line[10 + numauthpriv + 1 + i] = oids[i]; + command_line[10 + numcontext + numauthpriv + 1 + i] = oids[i]; xasprintf(&cl_hidden_auth, "%s %s", cl_hidden_auth, oids[i]); } - command_line[10 + numauthpriv + 1 + numoids] = NULL; + command_line[10 + numcontext + numauthpriv + 1 + numoids] = NULL; if (verbose) printf ("%s\n", cl_hidden_auth); @@ -411,6 +417,9 @@ main (int argc, char **argv) else if (strstr (response, "INTEGER: ")) { show = strstr (response, "INTEGER: ") + 9; } + else if (strstr (response, "OID: ")) { + show = strstr (response, "OID: ") + 5; + } else if (strstr (response, "STRING: ")) { show = strstr (response, "STRING: ") + 8; conv = "%.10g"; @@ -459,6 +468,9 @@ main (int argc, char **argv) /* Process this block for numeric comparisons */ /* Make some special values,like Timeticks numeric only if a threshold is defined */ if (thlds[i]->warning || thlds[i]->critical || calculate_rate) { + if (verbose > 2) { + print_thresholds(" thresholds", thlds[i]); + } ptr = strpbrk (show, "-0123456789"); if (ptr == NULL) die (STATE_UNKNOWN,_("No valid data returned (%s)\n"), show); @@ -569,6 +581,21 @@ main (int argc, char **argv) if (type) strncat(perfstr, type, sizeof(perfstr)-strlen(perfstr)-1); + + if (warning_thresholds) { + strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1); + if(thlds[i]->warning && thlds[i]->warning->text) + strncat(perfstr, thlds[i]->warning->text, sizeof(perfstr)-strlen(perfstr)-1); + } + + if (critical_thresholds) { + if (!warning_thresholds) + strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1); + strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1); + if(thlds[i]->critical && thlds[i]->critical->text) + strncat(perfstr, thlds[i]->critical->text, sizeof(perfstr)-strlen(perfstr)-1); + } + strncat(perfstr, " ", sizeof(perfstr)-strlen(perfstr)-1); } } @@ -646,6 +673,7 @@ process_arguments (int argc, char **argv) {"retries", required_argument, 0, 'e'}, {"miblist", required_argument, 0, 'm'}, {"protocol", required_argument, 0, 'P'}, + {"context", required_argument, 0, 'N'}, {"seclevel", required_argument, 0, 'L'}, {"secname", required_argument, 0, 'U'}, {"authproto", required_argument, 0, 'a'}, @@ -658,6 +686,8 @@ process_arguments (int argc, char **argv) {"offset", required_argument, 0, L_OFFSET}, {"invert-search", no_argument, 0, L_INVERT_SEARCH}, {"perf-oids", no_argument, 0, 'O'}, + {"ipv4", no_argument, 0, '4'}, + {"ipv6", no_argument, 0, '6'}, {0, 0, 0, 0} }; @@ -675,7 +705,7 @@ process_arguments (int argc, char **argv) } while (1) { - c = getopt_long (argc, argv, "nhvVOt:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:L:U:a:x:A:X:", + c = getopt_long (argc, argv, "nhvVO46t:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:", longopts, &option); if (c == -1 || c == EOF) @@ -686,10 +716,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'v': /* verbose */ verbose++; break; @@ -713,6 +743,9 @@ process_arguments (int argc, char **argv) case 'P': /* SNMP protocol version */ proto = optarg; break; + case 'N': /* SNMPv3 context */ + context = optarg; + break; case 'L': /* security level */ seclevel = optarg; break; @@ -897,6 +930,13 @@ process_arguments (int argc, char **argv) case 'O': perf_labels=0; break; + case '4': + break; + case '6': + xasprintf(&ip_version, "udp6:"); + if(verbose>2) + printf("IPv6 detected! Will pass \"udp6:\" to snmpget.\n"); + break; } } @@ -960,6 +1000,13 @@ validate_arguments () authpriv[1] = strdup (community); } else if ( strcmp (proto, "3") == 0 ) { /* snmpv3 args */ + if (!(context == NULL)) { + numcontext = 2; + contextargs = calloc (numcontext, sizeof (char *)); + contextargs[0] = strdup ("-n"); + contextargs[1] = strdup (context); + } + if (seclevel == NULL) xasprintf(&seclevel, "noAuthNoPriv"); @@ -1095,6 +1142,7 @@ print_help (void) printf (UT_HELP_VRSN); printf (UT_EXTRA_OPTS); + printf (UT_IPv46); printf (UT_HOST_PORT, 'p', DEFAULT_PORT); @@ -1103,6 +1151,8 @@ print_help (void) printf (" %s\n", _("Use SNMP GETNEXT instead of SNMP GET")); printf (" %s\n", "-P, --protocol=[1|2c|3]"); printf (" %s\n", _("SNMP protocol version")); + printf (" %s\n", "-N, --context=CONTEXT"); + printf (" %s\n", _("SNMPv3 context")); printf (" %s\n", "-L, --seclevel=[noAuthNoPriv|authNoPriv|authPriv]"); printf (" %s\n", _("SNMPv3 securityLevel")); printf (" %s\n", "-a, --authproto=[MD5|SHA]"); @@ -1116,7 +1166,7 @@ print_help (void) printf ("(%s \"%s\")\n", _("default is") ,DEFAULT_COMMUNITY); printf (" %s\n", "-U, --secname=USERNAME"); printf (" %s\n", _("SNMPv3 username")); - printf (" %s\n", "-A, --authpassword=PASSWORD"); + printf (" %s\n", "-A, --authpasswd=PASSWORD"); printf (" %s\n", _("SNMPv3 authentication password")); printf (" %s\n", "-X, --privpasswd=PASSWORD"); printf (" %s\n", _("SNMPv3 privacy password")); @@ -1163,8 +1213,9 @@ print_help (void) printf (" %s\n", _("Separates output on multiple OID requests")); printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); + printf (" %s\n", _("NOTE the final timeout value is calculated using this formula: timeout_interval * retries + 5")); printf (" %s\n", "-e, --retries=INTEGER"); - printf (" %s\n", _("Number of retries to be used in the requests")); + printf (" %s%i\n", _("Number of retries to be used in the requests, default: "), DEFAULT_RETRIES); printf (" %s\n", "-O, --perf-oids"); printf (" %s\n", _("Label performance data with OIDs instead of --label's")); @@ -1210,6 +1261,6 @@ print_usage (void) printf ("%s -H <ip_address> -o <OID> [-w warn_range] [-c crit_range]\n",progname); printf ("[-C community] [-s string] [-r regex] [-R regexi] [-t timeout] [-e retries]\n"); printf ("[-l label] [-u units] [-p port-number] [-d delimiter] [-D output-delimiter]\n"); - printf ("[-m miblist] [-P snmp version] [-L seclevel] [-U secname] [-a authproto]\n"); - printf ("[-A authpasswd] [-x privproto] [-X privpasswd]\n"); + printf ("[-m miblist] [-P snmp version] [-N context] [-L seclevel] [-U secname]\n"); + printf ("[-a authproto] [-A authpasswd] [-x privproto] [-X privpasswd] [-4|6]\n"); } diff --git a/plugins/check_ssh.c b/plugins/check_ssh.c index b6187d61..8ccbd5a7 100644 --- a/plugins/check_ssh.c +++ b/plugins/check_ssh.c @@ -128,10 +128,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'v': /* verbose */ verbose = TRUE; break; @@ -253,18 +253,18 @@ ssh_connect (char *haddr, int hport, char *remote_version, char *remote_protocol if (remote_version && strcmp(remote_version, ssh_server)) { printf - (_("SSH WARNING - %s (protocol %s) version mismatch, expected '%s'\n"), + (_("SSH CRITICAL - %s (protocol %s) version mismatch, expected '%s'\n"), ssh_server, ssh_proto, remote_version); close(sd); - exit (STATE_WARNING); + exit (STATE_CRITICAL); } if (remote_protocol && strcmp(remote_protocol, ssh_proto)) { printf - (_("SSH WARNING - %s (protocol %s) protocol version mismatch, expected '%s'\n"), + (_("SSH CRITICAL - %s (protocol %s) protocol version mismatch, expected '%s'\n"), ssh_server, ssh_proto, remote_protocol); close(sd); - exit (STATE_WARNING); + exit (STATE_CRITICAL); } elapsed_time = (double)deltime(tv) / 1.0e6; @@ -307,10 +307,10 @@ print_help (void) printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); printf (" %s\n", "-r, --remote-version=STRING"); - printf (" %s\n", _("Warn if string doesn't match expected server version (ex: OpenSSH_3.9p1)")); + printf (" %s\n", _("Alert if string doesn't match expected server version (ex: OpenSSH_3.9p1)")); printf (" %s\n", "-P, --remote-protocol=STRING"); - printf (" %s\n", _("Warn if protocol doesn't match expected protocol version (ex: 2.0)")); + printf (" %s\n", _("Alert if protocol doesn't match expected protocol version (ex: 2.0)")); printf (UT_VERBOSE); diff --git a/plugins/check_swap.c b/plugins/check_swap.c index 25e0bacd..bb854beb 100644 --- a/plugins/check_swap.c +++ b/plugins/check_swap.c @@ -34,6 +34,9 @@ const char *email = "devel@monitoring-plugins.org"; #include "common.h" #include "popen.h" #include "utils.h" +#include <string.h> +#include <math.h> +#include <libintl.h> #ifdef HAVE_DECL_SWAPCTL # ifdef HAVE_SYS_PARAM_H @@ -51,16 +54,19 @@ const char *email = "devel@monitoring-plugins.org"; # define SWAP_CONVERSION 1 #endif -int check_swap (int usp, float free_swap_mb); +typedef struct { + int is_percentage; + uint64_t value; +} threshold_t; + +int check_swap (float free_swap_mb, float total_swap_mb); int process_arguments (int argc, char **argv); int validate_arguments (void); void print_usage (void); void print_help (void); -int warn_percent = 0; -int crit_percent = 0; -float warn_size_bytes = 0; -float crit_size_bytes = 0; +threshold_t warn; +threshold_t crit; int verbose; int allswaps; int no_swap_state = STATE_CRITICAL; @@ -68,9 +74,10 @@ int no_swap_state = STATE_CRITICAL; int main (int argc, char **argv) { - int percent_used, percent; - float total_swap_mb = 0, used_swap_mb = 0, free_swap_mb = 0; - float dsktotal_mb = 0, dskused_mb = 0, dskfree_mb = 0, tmp_mb = 0; + unsigned int percent_used, percent; + uint64_t total_swap_mb = 0, used_swap_mb = 0, free_swap_mb = 0; + uint64_t dsktotal_mb = 0, dskused_mb = 0, dskfree_mb = 0; + uint64_t tmp_KB = 0; int result = STATE_UNKNOWN; char input_buffer[MAX_INPUT_BUFFER]; #ifdef HAVE_PROC_MEMINFO @@ -116,10 +123,15 @@ main (int argc, char **argv) } fp = fopen (PROC_MEMINFO, "r"); while (fgets (input_buffer, MAX_INPUT_BUFFER - 1, fp)) { - if (sscanf (input_buffer, "%*[S]%*[w]%*[a]%*[p]%*[:] %f %f %f", &dsktotal_mb, &dskused_mb, &dskfree_mb) == 3) { - dsktotal_mb = dsktotal_mb / 1048576; /* Apply conversion */ - dskused_mb = dskused_mb / 1048576; - dskfree_mb = dskfree_mb / 1048576; + /* + * The following sscanf call looks for a line looking like: "Swap: 123 123 123" + * On which kind of system this format exists, I can not say, but I wanted to + * document this for people who are not adapt with sscanf anymore, like me + */ + if (sscanf (input_buffer, "%*[S]%*[w]%*[a]%*[p]%*[:] %lu %lu %lu", &dsktotal_mb, &dskused_mb, &dskfree_mb) == 3) { + dsktotal_mb = dsktotal_mb / (1024 * 1024); /* Apply conversion */ + dskused_mb = dskused_mb / (1024 * 1024); + dskfree_mb = dskfree_mb / (1024 * 1024); total_swap_mb += dsktotal_mb; used_swap_mb += dskused_mb; free_swap_mb += dskfree_mb; @@ -128,21 +140,29 @@ main (int argc, char **argv) percent=100.0; else percent = 100 * (((double) dskused_mb) / ((double) dsktotal_mb)); - result = max_state (result, check_swap (percent, dskfree_mb)); + result = max_state (result, check_swap (dskfree_mb, dsktotal_mb)); if (verbose) - xasprintf (&status, "%s [%.0f (%d%%)]", status, dskfree_mb, 100 - percent); + xasprintf (&status, "%s [%lu (%d%%)]", status, dskfree_mb, 100 - percent); } } - else if (sscanf (input_buffer, "%*[S]%*[w]%*[a]%*[p]%[TotalFre]%*[:] %f %*[k]%*[B]", str, &tmp_mb)) { + + /* + * The following sscanf call looks for lines looking like: "SwapTotal: 123" and "SwapFree: 123" + * This format exists at least on Debian Linux with a 5.* kernel + */ + else if (sscanf (input_buffer, "%*[S]%*[w]%*[a]%*[p]%[TotalFreCchd]%*[:] %f %*[k]%*[B]", str, &tmp_KB)) { if (verbose >= 3) { - printf("Got %s with %f\n", str, tmp_mb); + printf("Got %s with %lu\n", str, tmp_KB); } /* I think this part is always in Kb, so convert to mb */ if (strcmp ("Total", str) == 0) { - dsktotal_mb = tmp_mb / 1024; + dsktotal_mb = tmp_KB / 1024; } else if (strcmp ("Free", str) == 0) { - dskfree_mb = tmp_mb / 1024; + dskfree_mb = dskfree_mb + tmp_KB / 1024; + } + else if (strcmp ("Cached", str) == 0) { + dskfree_mb = dskfree_mb + tmp_KB / 1024; } } } @@ -227,7 +247,7 @@ main (int argc, char **argv) free_swap_mb += dskfree_mb; if (allswaps) { percent = 100 * (((double) dskused_mb) / ((double) dsktotal_mb)); - result = max_state (result, check_swap (percent, dskfree_mb)); + result = max_state (result, check_swap (dskfree_mb, dsktotal_mb)); if (verbose) xasprintf (&status, "%s [%.0f (%d%%)]", status, dskfree_mb, 100 - percent); } @@ -289,7 +309,7 @@ main (int argc, char **argv) if(allswaps && dsktotal_mb > 0){ percent = 100 * (((double) dskused_mb) / ((double) dsktotal_mb)); - result = max_state (result, check_swap (percent, dskfree_mb)); + result = max_state (result, check_swap (dskfree_mb, dsktotal_mb)); if (verbose) { xasprintf (&status, "%s [%.0f (%d%%)]", status, dskfree_mb, 100 - percent); } @@ -328,7 +348,7 @@ main (int argc, char **argv) if(allswaps && dsktotal_mb > 0){ percent = 100 * (((double) dskused_mb) / ((double) dsktotal_mb)); - result = max_state (result, check_swap (percent, dskfree_mb)); + result = max_state (result, check_swap(dskfree_mb, dsktotal_mb)); if (verbose) { xasprintf (&status, "%s [%.0f (%d%%)]", status, dskfree_mb, 100 - percent); } @@ -355,14 +375,19 @@ main (int argc, char **argv) status = "- Swap is either disabled, not present, or of zero size. "; } - result = max_state (result, check_swap (percent_used, free_swap_mb)); - printf (_("SWAP %s - %d%% free (%d MB out of %d MB) %s|"), + result = max_state (result, check_swap(free_swap_mb, total_swap_mb)); + printf (_("SWAP %s - %d%% free (%dMB out of %dMB) %s|"), state_text (result), (100 - percent_used), (int) free_swap_mb, (int) total_swap_mb, status); - puts (perfdata ("swap", (long) free_swap_mb, "MB", - TRUE, (long) max (warn_size_bytes/(1024 * 1024), warn_percent/100.0*total_swap_mb), - TRUE, (long) max (crit_size_bytes/(1024 * 1024), crit_percent/100.0*total_swap_mb), + uint64_t warn_print = warn.value; + if (warn.is_percentage) warn_print = warn.value * (total_swap_mb *1024 *1024/100); + uint64_t crit_print = crit.value; + if (crit.is_percentage) crit_print = crit.value * (total_swap_mb *1024 *1024/100); + + puts (perfdata_uint64 ("swap", free_swap_mb *1024 *1024, "B", + TRUE, warn_print, + TRUE, crit_print, TRUE, 0, TRUE, (long) total_swap_mb)); @@ -370,26 +395,37 @@ main (int argc, char **argv) } - int -check_swap (int usp, float free_swap_mb) +check_swap(float free_swap_mb, float total_swap_mb) { - if (!free_swap_mb) return no_swap_state; + if (!total_swap_mb) return no_swap_state; - int result = STATE_UNKNOWN; - float free_swap = free_swap_mb * (1024 * 1024); /* Convert back to bytes as warn and crit specified in bytes */ - if (usp >= 0 && crit_percent != 0 && usp >= (100.0 - crit_percent)) - result = STATE_CRITICAL; - else if (crit_size_bytes > 0 && free_swap <= crit_size_bytes) - result = STATE_CRITICAL; - else if (usp >= 0 && warn_percent != 0 && usp >= (100.0 - warn_percent)) - result = STATE_WARNING; - else if (warn_size_bytes > 0 && free_swap <= warn_size_bytes) - result = STATE_WARNING; - else if (usp >= 0.0) - result = STATE_OK; - return result; + uint64_t free_swap = free_swap_mb * (1024 * 1024); /* Convert back to bytes as warn and crit specified in bytes */ + + if (!crit.is_percentage && crit.value >= free_swap) return STATE_CRITICAL; + if (!warn.is_percentage && warn.value >= free_swap) return STATE_WARNING; + + + uint64_t usage_percentage = ((total_swap_mb - free_swap_mb) / total_swap_mb) * 100; + + if (crit.is_percentage && + usage_percentage >= 0 && + crit.value != 0 && + usage_percentage >= (100 - crit.value)) + { + return STATE_CRITICAL; + } + + if (warn.is_percentage && + usage_percentage >= 0 && + warn.value != 0 && + usage_percentage >= (100 - warn.value)) + { + return STATE_WARNING; + } + + return STATE_OK; } @@ -422,42 +458,68 @@ process_arguments (int argc, char **argv) break; switch (c) { - case 'w': /* warning size threshold */ - if (is_intnonneg (optarg)) { - warn_size_bytes = (float) atoi (optarg); - break; - } - else if (strstr (optarg, ",") && - strstr (optarg, "%") && - sscanf (optarg, "%f,%d%%", &warn_size_bytes, &warn_percent) == 2) { - warn_size_bytes = floorf(warn_size_bytes); - break; - } - else if (strstr (optarg, "%") && - sscanf (optarg, "%d%%", &warn_percent) == 1) { - break; - } - else { - usage4 (_("Warning threshold must be integer or percentage!")); - } - case 'c': /* critical size threshold */ - if (is_intnonneg (optarg)) { - crit_size_bytes = (float) atoi (optarg); - break; - } - else if (strstr (optarg, ",") && - strstr (optarg, "%") && - sscanf (optarg, "%f,%d%%", &crit_size_bytes, &crit_percent) == 2) { - crit_size_bytes = floorf(crit_size_bytes); - break; - } - else if (strstr (optarg, "%") && - sscanf (optarg, "%d%%", &crit_percent) == 1) { - break; - } - else { - usage4 (_("Critical threshold must be integer or percentage!")); + case 'w': /* warning size threshold */ + { + /* + * We expect either a positive integer value without a unit, which means + * the unit is Bytes or a positive integer value and a percentage sign (%), + * which means the value must be with 0 and 100 and is relative to the total swap + */ + size_t length; + length = strlen(optarg); + + if (optarg[length - 1] == '%') { + /* It's percentage */ + warn.is_percentage = 1; + optarg[length - 1] = '\0'; + if (is_uint64(optarg, &warn.value)) { + if (warn.value > 100) { + usage4 (_("Warning threshold percentage must be <= 100!")); + } else { + break; + } + } + } else { + /* It's Bytes */ + warn.is_percentage = 0; + if (is_uint64(optarg, &warn.value)) { + break; + } else { + usage4 (_("Warning threshold be positive integer or percentage!")); + } + } } + case 'c': /* critical size threshold */ + { + /* + * We expect either a positive integer value without a unit, which means + * the unit is Bytes or a positive integer value and a percentage sign (%), + * which means the value must be with 0 and 100 and is relative to the total swap + */ + size_t length; + length = strlen(optarg); + + if (optarg[length - 1] == '%') { + /* It's percentage */ + crit.is_percentage = 1; + optarg[length - 1] = '\0'; + if (is_uint64(optarg, &crit.value)) { + if (crit.value> 100) { + usage4 (_("Critical threshold percentage must be <= 100!")); + } else { + break; + } + } + } else { + /* It's Bytes */ + crit.is_percentage = 0; + if (is_uint64(optarg, &crit.value)) { + break; + } else { + usage4 (_("Critical threshold be positive integer or percentage!")); + } + } + } case 'a': /* all swap */ allswaps = TRUE; break; @@ -470,10 +532,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case '?': /* error */ usage5 (); } @@ -482,23 +544,6 @@ process_arguments (int argc, char **argv) c = optind; if (c == argc) return validate_arguments (); - if (warn_percent == 0 && is_intnonneg (argv[c])) - warn_percent = atoi (argv[c++]); - - if (c == argc) - return validate_arguments (); - if (crit_percent == 0 && is_intnonneg (argv[c])) - crit_percent = atoi (argv[c++]); - - if (c == argc) - return validate_arguments (); - if (warn_size_bytes == 0 && is_intnonneg (argv[c])) - warn_size_bytes = (float) atoi (argv[c++]); - - if (c == argc) - return validate_arguments (); - if (crit_size_bytes == 0 && is_intnonneg (argv[c])) - crit_size_bytes = (float) atoi (argv[c++]); return validate_arguments (); } @@ -508,17 +553,15 @@ process_arguments (int argc, char **argv) int validate_arguments (void) { - if (warn_percent == 0 && crit_percent == 0 && warn_size_bytes == 0 - && crit_size_bytes == 0) { + if (warn.value == 0 && crit.value == 0) { return ERROR; } - else if (warn_percent < crit_percent) { - usage4 - (_("Warning percentage should be more than critical percentage")); - } - else if (warn_size_bytes < crit_size_bytes) { - usage4 - (_("Warning free space should be more than critical free space")); + else if ((warn.is_percentage == crit.is_percentage) && (warn.value < crit.value)) { + /* This is NOT triggered if warn and crit are different units, e.g warn is percentage + * and crit is absolut. We cannot determine the condition at this point since we + * dont know the value of total swap yet + */ + usage4(_("Warning should be more than critical")); } return OK; } @@ -534,7 +577,7 @@ print_help (void) printf ("%s\n", _("Check swap space on local machine.")); - printf ("\n\n"); + printf ("\n\n"); print_usage (); @@ -542,33 +585,32 @@ print_help (void) printf (UT_EXTRA_OPTS); printf (" %s\n", "-w, --warning=INTEGER"); - printf (" %s\n", _("Exit with WARNING status if less than INTEGER bytes of swap space are free")); - printf (" %s\n", "-w, --warning=PERCENT%%"); - printf (" %s\n", _("Exit with WARNING status if less than PERCENT of swap space is free")); - printf (" %s\n", "-c, --critical=INTEGER"); - printf (" %s\n", _("Exit with CRITICAL status if less than INTEGER bytes of swap space are free")); - printf (" %s\n", "-c, --critical=PERCENT%%"); - printf (" %s\n", _("Exit with CRITICAL status if less than PERCENT of swap space is free")); - printf (" %s\n", "-a, --allswaps"); - printf (" %s\n", _("Conduct comparisons for all swap partitions, one by one")); - printf (" %s\n", "-n, --no-swap=<ok|warning|critical|unknown>"); - printf (" %s %s\n", _("Resulting state when there is no swap regardless of thresholds. Default:"), state_text(no_swap_state)); + printf (" %s\n", _("Exit with WARNING status if less than INTEGER bytes of swap space are free")); + printf (" %s\n", "-w, --warning=PERCENT%"); + printf (" %s\n", _("Exit with WARNING status if less than PERCENT of swap space is free")); + printf (" %s\n", "-c, --critical=INTEGER"); + printf (" %s\n", _("Exit with CRITICAL status if less than INTEGER bytes of swap space are free")); + printf (" %s\n", "-c, --critical=PERCENT%"); + printf (" %s\n", _("Exit with CRITICAL status if less than PERCENT of swap space is free")); + printf (" %s\n", "-a, --allswaps"); + printf (" %s\n", _("Conduct comparisons for all swap partitions, one by one")); + printf (" %s\n", "-n, --no-swap=<ok|warning|critical|unknown>"); + printf (" %s %s\n", _("Resulting state when there is no swap regardless of thresholds. Default:"), state_text(no_swap_state)); printf (UT_VERBOSE); printf ("\n"); - printf ("%s\n", _("Notes:")); - printf (" %s\n", _("Both INTEGER and PERCENT thresholds can be specified, they are all checked.")); - printf (" %s\n", _("On AIX, if -a is specified, uses lsps -a, otherwise uses lsps -s.")); + printf ("%s\n", _("Notes:")); + printf (" %s\n", _("Both INTEGER and PERCENT thresholds can be specified, they are all checked.")); + printf (" %s\n", _("On AIX, if -a is specified, uses lsps -a, otherwise uses lsps -s.")); printf (UT_SUPPORT); } - void print_usage (void) { printf ("%s\n", _("Usage:")); - printf (" %s [-av] -w <percent_free>%% -c <percent_free>%%\n",progname); - printf (" -w <bytes_free> -c <bytes_free> [-n <state>]\n"); + printf (" %s [-av] -w <percent_free>%% -c <percent_free>%%\n",progname); + printf (" -w <bytes_free> -c <bytes_free> [-n <state>]\n"); } diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c index fc0adba0..1365b9cb 100644 --- a/plugins/check_tcp.c +++ b/plugins/check_tcp.c @@ -86,6 +86,11 @@ static char buffer[MAXBUF]; static int expect_mismatch_state = STATE_WARNING; static int match_flags = NP_MATCH_EXACT; +#ifdef HAVE_SSL +static char *sni = NULL; +static int sni_specified = FALSE; +#endif + #define FLAG_SSL 0x01 #define FLAG_VERBOSE 0x02 #define FLAG_TIME_WARN 0x04 @@ -237,18 +242,18 @@ main (int argc, char **argv) gettimeofday (&tv, NULL); result = np_net_connect (server_address, server_port, &sd, PROTOCOL); - if (result == STATE_CRITICAL) return STATE_CRITICAL; + if (result == STATE_CRITICAL) return econn_refuse_state; #ifdef HAVE_SSL if (flags & FLAG_SSL){ - result = np_net_ssl_init(sd); + result = np_net_ssl_init_with_hostname(sd, (sni_specified ? sni : NULL)); if (result == STATE_OK && check_cert == TRUE) { result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); } } if(result != STATE_OK){ - np_net_ssl_cleanup(); if(sd) close(sd); + np_net_ssl_cleanup(); return result; } #endif /* HAVE_SSL */ @@ -321,10 +326,10 @@ main (int argc, char **argv) if (server_quit != NULL) { my_send(server_quit, strlen(server_quit)); } + if (sd) close (sd); #ifdef HAVE_SSL np_net_ssl_cleanup(); #endif - if (sd) close (sd); microsec = deltime (tv); elapsed_time = (double)microsec / 1.0e6; @@ -401,6 +406,10 @@ process_arguments (int argc, char **argv) int escape = 0; char *temp; + enum { + SNI_OPTION = CHAR_MAX + 1 + }; + int option = 0; static struct option longopts[] = { {"hostname", required_argument, 0, 'H'}, @@ -427,6 +436,7 @@ process_arguments (int argc, char **argv) {"version", no_argument, 0, 'V'}, {"help", no_argument, 0, 'h'}, {"ssl", no_argument, 0, 'S'}, + {"sni", required_argument, 0, SNI_OPTION}, {"certificate", required_argument, 0, 'D'}, {0, 0, 0, 0} }; @@ -463,10 +473,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'v': /* verbose mode */ flags |= FLAG_VERBOSE; match_flags |= NP_MATCH_VERBOSE; @@ -577,7 +587,8 @@ process_arguments (int argc, char **argv) if ((temp=strchr(optarg,','))!=NULL) { *temp='\0'; if (!is_intnonneg (optarg)) - usage2 (_("Invalid certificate expiration period"), optarg); days_till_exp_warn = atoi(optarg); + usage2 (_("Invalid certificate expiration period"), optarg); + days_till_exp_warn = atoi (optarg); *temp=','; temp++; if (!is_intnonneg (temp)) @@ -603,6 +614,15 @@ process_arguments (int argc, char **argv) die (STATE_UNKNOWN, _("Invalid option - SSL is not available")); #endif break; + case SNI_OPTION: +#ifdef HAVE_SSL + flags |= FLAG_SSL; + sni_specified = TRUE; + sni = optarg; +#else + die (STATE_UNKNOWN, _("Invalid option - SSL is not available")); +#endif + break; case 'A': match_flags |= NP_MATCH_ALL; break; @@ -643,7 +663,7 @@ print_help (void) printf (UT_IPv46); printf (" %s\n", "-E, --escape"); - printf (" %s\n", _("Can use \\n, \\r, \\t or \\ in send or quit string. Must come before send or quit option")); + printf (" %s\n", _("Can use \\n, \\r, \\t or \\\\ in send or quit string. Must come before send or quit option")); printf (" %s\n", _("Default: nothing added to send, \\r\\n added to end of quit")); printf (" %s\n", "-s, --send=STRING"); printf (" %s\n", _("String to send to the server")); @@ -670,6 +690,8 @@ print_help (void) printf (" %s\n", _("1st is #days for warning, 2nd is critical (if not specified - 0).")); printf (" %s\n", "-S, --ssl"); printf (" %s\n", _("Use SSL for the connection.")); + printf (" %s\n", "--sni=STRING"); + printf (" %s\n", _("SSL server_name")); #endif printf (UT_WARN_CRIT); diff --git a/plugins/check_time.c b/plugins/check_time.c index 3943742a..baf8c591 100644 --- a/plugins/check_time.c +++ b/plugins/check_time.c @@ -231,10 +231,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'H': /* hostname */ if (is_host (optarg) == FALSE) usage2 (_("Invalid hostname/address"), optarg); diff --git a/plugins/check_ups.c b/plugins/check_ups.c index 099881d0..0de37a20 100644 --- a/plugins/check_ups.c +++ b/plugins/check_ups.c @@ -242,8 +242,8 @@ main (int argc, char **argv) } xasprintf (&data, "%s %s", data, perfdata ("battery", (long)ups_battery_percent, "%", - check_warn, (long)(1000*warning_value), - check_crit, (long)(1000*critical_value), + check_warn, (long)(warning_value), + check_crit, (long)(critical_value), TRUE, 0, TRUE, 100)); } else { xasprintf (&data, "%s %s", data, @@ -271,8 +271,8 @@ main (int argc, char **argv) } xasprintf (&data, "%s %s", data, perfdata ("load", (long)ups_load_percent, "%", - check_warn, (long)(1000*warning_value), - check_crit, (long)(1000*critical_value), + check_warn, (long)(warning_value), + check_crit, (long)(critical_value), TRUE, 0, TRUE, 100)); } else { xasprintf (&data, "%s %s", data, @@ -308,8 +308,8 @@ main (int argc, char **argv) } xasprintf (&data, "%s %s", data, perfdata ("temp", (long)ups_temperature, tunits, - check_warn, (long)(1000*warning_value), - check_crit, (long)(1000*critical_value), + check_warn, (long)(warning_value), + check_crit, (long)(critical_value), TRUE, 0, FALSE, 0)); } else { xasprintf (&data, "%s %s", data, @@ -402,7 +402,10 @@ get_ups_variable (const char *varname, char *buf, size_t buflen) /* create the command string to send to the UPS daemon */ /* Add LOGOUT to avoid read failure logs */ - sprintf (send_buffer, "GET VAR %s %s\nLOGOUT\n", ups_name, varname); + if (snprintf (send_buffer, sizeof(send_buffer), "GET VAR %s %s\nLOGOUT\n", ups_name, varname) >= sizeof(send_buffer)) { + printf("%s\n", _("UPS name to long for buffer")); + return ERROR; + } /* send the command to the daemon and get a response back */ if (process_tcp_request @@ -558,10 +561,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); } } diff --git a/plugins/check_users.c b/plugins/check_users.c index a009f20b..f6f4b362 100644 --- a/plugins/check_users.c +++ b/plugins/check_users.c @@ -54,15 +54,15 @@ int process_arguments (int, char **); void print_help (void); void print_usage (void); -int wusers = -1; -int cusers = -1; +char *warning_range = NULL; +char *critical_range = NULL; +thresholds *thlds = NULL; int main (int argc, char **argv) { int users = -1; int result = STATE_UNKNOWN; - char *perf; #if HAVE_WTSAPI32_H WTS_SESSION_INFO *wtsinfo; DWORD wtscount; @@ -77,8 +77,6 @@ main (int argc, char **argv) bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); - perf = strdup (""); - /* Parse extra opts if any */ argv = np_extra_opts (&argc, argv, progname); @@ -160,23 +158,15 @@ main (int argc, char **argv) #endif /* check the user count against warning and critical thresholds */ - if (users > cusers) - result = STATE_CRITICAL; - else if (users > wusers) - result = STATE_WARNING; - else if (users >= 0) - result = STATE_OK; + result = get_status((double)users, thlds); if (result == STATE_UNKNOWN) printf ("%s\n", _("Unable to read output")); else { - xasprintf (&perf, "%s", perfdata ("users", users, "", - TRUE, wusers, - TRUE, cusers, - TRUE, 0, - FALSE, 0)); - printf (_("USERS %s - %d users currently logged in |%s\n"), state_text (result), - users, perf); + printf (_("USERS %s - %d users currently logged in |%s\n"), + state_text(result), users, + sperfdata_int("users", users, "", warning_range, + critical_range, TRUE, 0, FALSE, 0)); } return result; @@ -210,38 +200,32 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'c': /* critical */ - if (!is_intnonneg (optarg)) - usage4 (_("Critical threshold must be a positive integer")); - else - cusers = atoi (optarg); + critical_range = optarg; break; case 'w': /* warning */ - if (!is_intnonneg (optarg)) - usage4 (_("Warning threshold must be a positive integer")); - else - wusers = atoi (optarg); + warning_range = optarg; break; } } c = optind; - if (wusers == -1 && argc > c) { - if (is_intnonneg (argv[c]) == FALSE) - usage4 (_("Warning threshold must be a positive integer")); - else - wusers = atoi (argv[c++]); - } - if (cusers == -1 && argc > c) { - if (is_intnonneg (argv[c]) == FALSE) - usage4 (_("Warning threshold must be a positive integer")); - else - cusers = atoi (argv[c]); - } + if (warning_range == NULL && argc > c) + warning_range = argv[c++]; + if (critical_range == NULL && argc > c) + critical_range = argv[c++]; + + /* this will abort in case of invalid ranges */ + set_thresholds (&thlds, warning_range, critical_range); + + if (thlds->warning->end < 0) + usage4 (_("Warning threshold must be a positive integer")); + if (thlds->critical->end < 0) + usage4 (_("Critical threshold must be a positive integer")); return OK; } diff --git a/plugins/common.h b/plugins/common.h index 01003b3b..0f08e2f6 100644 --- a/plugins/common.h +++ b/plugins/common.h @@ -161,12 +161,24 @@ # endif #endif +/* openssl 1.1 does not set OPENSSL_NO_SSL2 by default but ships without ssl2 */ +#ifdef OPENSSL_VERSION_NUMBER +# if OPENSSL_VERSION_NUMBER >= 0x10100000 +# define OPENSSL_NO_SSL2 +# endif +#endif + /* * * Standard Values * */ +/* MariaDB 10.2 client does not set MYSQL_PORT */ +#ifndef MYSQL_PORT +# define MYSQL_PORT 3306 +#endif + enum { OK = 0, ERROR = -1 @@ -213,4 +225,18 @@ enum { # define __attribute__(x) /* do nothing */ #endif +/* Try sysconf(_SC_OPEN_MAX) first, as it can be higher than OPEN_MAX. + * If that fails and the macro isn't defined, we fall back to an educated + * guess. There's no guarantee that our guess is adequate and the program + * will die with SIGSEGV if it isn't and the upper boundary is breached. */ +#define DEFAULT_MAXFD 256 /* fallback value if no max open files value is set */ +#define MAXFD_LIMIT 8192 /* upper limit of open files */ +#ifdef _SC_OPEN_MAX +static long maxfd = 0; +#elif defined(OPEN_MAX) +# define maxfd OPEN_MAX +#else /* sysconf macro unavailable, so guess (may be wildly inaccurate) */ +# define maxfd DEFAULT_MAXFD +#endif + #endif /* _COMMON_H_ */ diff --git a/plugins/negate.c b/plugins/negate.c index beaed1ea..50f62d33 100644 --- a/plugins/negate.c +++ b/plugins/negate.c @@ -59,8 +59,8 @@ static int state[4] = { int main (int argc, char **argv) { - int found = 0, result = STATE_UNKNOWN; - char *buf, *sub; + int result = STATE_UNKNOWN; + char *sub; char **command_line; output chld_out, chld_err; int i; @@ -86,11 +86,9 @@ main (int argc, char **argv) result = cmd_run_array (command_line, &chld_out, &chld_err, 0); } if (chld_err.lines > 0) { - printf ("Error output from command:\n"); for (i = 0; i < chld_err.lines; i++) { - printf ("%s\n", chld_err.line[i]); + fprintf (stderr, "%s\n", chld_err.line[i]); } - exit (STATE_WARNING); } /* Return UNKNOWN or worse if no output is returned */ diff --git a/plugins/netutils.c b/plugins/netutils.c index 83f8942f..1bb4f076 100644 --- a/plugins/netutils.c +++ b/plugins/netutils.c @@ -161,6 +161,10 @@ process_request (const char *server_address, int server_port, int proto, int np_net_connect (const char *host_name, int port, int *sd, int proto) { + /* send back STATE_UNKOWN if there's an error + send back STATE_OK if we connect + send back STATE_CRITICAL if we can't connect. + Let upstream figure out what to send to the user. */ struct addrinfo hints; struct addrinfo *r, *res; struct sockaddr_un su; @@ -250,16 +254,14 @@ np_net_connect (const char *host_name, int port, int *sd, int proto) else if (was_refused) { switch (econn_refuse_state) { /* a user-defined expected outcome */ case STATE_OK: - case STATE_WARNING: /* user wants WARN or OK on refusal */ - return econn_refuse_state; - break; - case STATE_CRITICAL: /* user did not set econn_refuse_state */ + case STATE_WARNING: /* user wants WARN or OK on refusal, or... */ + case STATE_CRITICAL: /* user did not set econn_refuse_state, or wanted critical */ if (is_socket) printf("connect to file socket %s: %s\n", host_name, strerror(errno)); else printf("connect to address %s and port %d: %s\n", host_name, port, strerror(errno)); - return econn_refuse_state; + return STATE_CRITICAL; break; default: /* it's a logic error if we do not end up in STATE_(OK|WARNING|CRITICAL) */ return STATE_UNKNOWN; @@ -357,20 +359,21 @@ is_addr (const char *address) } int -resolve_host_or_addr (const char *address, int family) +dns_lookup (const char *in, struct sockaddr_storage *ss, int family) { struct addrinfo hints; struct addrinfo *res; int retval; - memset (&hints, 0, sizeof (hints)); + memset (&hints, 0, sizeof(struct addrinfo)); hints.ai_family = family; - retval = getaddrinfo (address, NULL, &hints, &res); + retval = getaddrinfo (in, NULL, &hints, &res); if (retval != 0) return FALSE; - else { - freeaddrinfo (res); - return TRUE; - } + + if (ss != NULL) + memcpy (ss, res->ai_addr, res->ai_addrlen); + freeaddrinfo (res); + return TRUE; } diff --git a/plugins/netutils.h b/plugins/netutils.h index c6fce901..d7ee0ddd 100644 --- a/plugins/netutils.h +++ b/plugins/netutils.h @@ -45,6 +45,10 @@ # endif /* UNIX_PATH_MAX */ #endif /* HAVE_SYS_UN_H */ +#ifndef HOST_MAX_BYTES +# define HOST_MAX_BYTES 255 +#endif + /* process_request and wrapper macros */ #define process_tcp_request(addr, port, sbuf, rbuf, rsize) \ process_request(addr, port, IPPROTO_TCP, sbuf, rbuf, rsize) @@ -71,8 +75,9 @@ int send_request (int sd, int proto, const char *send_buffer, char *recv_buffer, /* "is_*" wrapper macros and functions */ int is_host (const char *); int is_addr (const char *); -int resolve_host_or_addr (const char *, int); +int dns_lookup (const char *, struct sockaddr_storage *, int); void host_or_die(const char *str); +#define resolve_host_or_addr(addr, family) dns_lookup(addr, NULL, family) #define is_inet_addr(addr) resolve_host_or_addr(addr, AF_INET) #ifdef USE_IPV6 # define is_inet6_addr(addr) resolve_host_or_addr(addr, AF_INET6) @@ -91,6 +96,16 @@ RETSIGTYPE socket_timeout_alarm_handler (int) __attribute__((noreturn)); /* SSL-Related functionality */ #ifdef HAVE_SSL +# define MP_SSLv2 1 +# define MP_SSLv3 2 +# define MP_TLSv1 3 +# define MP_TLSv1_1 4 +# define MP_TLSv1_2 5 +# define MP_SSLv2_OR_NEWER 6 +# define MP_SSLv3_OR_NEWER 7 +# define MP_TLSv1_OR_NEWER 8 +# define MP_TLSv1_1_OR_NEWER 9 +# define MP_TLSv1_2_OR_NEWER 10 /* maybe this could be merged with the above np_net_connect, via some flags */ int np_net_ssl_init(int sd); int np_net_ssl_init_with_hostname(int sd, char *host_name); diff --git a/plugins/picohttpparser/Makefile.am b/plugins/picohttpparser/Makefile.am new file mode 100644 index 00000000..87e05313 --- /dev/null +++ b/plugins/picohttpparser/Makefile.am @@ -0,0 +1,3 @@ +noinst_LIBRARIES = libpicohttpparser.a + +libpicohttpparser_a_SOURCES = picohttpparser.c picohttpparser.h diff --git a/plugins/picohttpparser/picohttpparser.c b/plugins/picohttpparser/picohttpparser.c new file mode 100644 index 00000000..74ccc3ef --- /dev/null +++ b/plugins/picohttpparser/picohttpparser.c @@ -0,0 +1,645 @@ +/* + * Copyright (c) 2009-2014 Kazuho Oku, Tokuhiro Matsuno, Daisuke Murase, + * Shigeo Mitsunari + * + * The software is licensed under either the MIT License (below) or the Perl + * license. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ + +#include <assert.h> +#include <stddef.h> +#include <string.h> +#ifdef __SSE4_2__ +#ifdef _MSC_VER +#include <nmmintrin.h> +#else +#include <x86intrin.h> +#endif +#endif +#include "picohttpparser.h" + +#if __GNUC__ >= 3 +#define likely(x) __builtin_expect(!!(x), 1) +#define unlikely(x) __builtin_expect(!!(x), 0) +#else +#define likely(x) (x) +#define unlikely(x) (x) +#endif + +#ifdef _MSC_VER +#define ALIGNED(n) _declspec(align(n)) +#else +#define ALIGNED(n) __attribute__((aligned(n))) +#endif + +#define IS_PRINTABLE_ASCII(c) ((unsigned char)(c)-040u < 0137u) + +#define CHECK_EOF() \ + if (buf == buf_end) { \ + *ret = -2; \ + return NULL; \ + } + +#define EXPECT_CHAR_NO_CHECK(ch) \ + if (*buf++ != ch) { \ + *ret = -1; \ + return NULL; \ + } + +#define EXPECT_CHAR(ch) \ + CHECK_EOF(); \ + EXPECT_CHAR_NO_CHECK(ch); + +#define ADVANCE_TOKEN(tok, toklen) \ + do { \ + const char *tok_start = buf; \ + static const char ALIGNED(16) ranges2[16] = "\000\040\177\177"; \ + int found2; \ + buf = findchar_fast(buf, buf_end, ranges2, 4, &found2); \ + if (!found2) { \ + CHECK_EOF(); \ + } \ + while (1) { \ + if (*buf == ' ') { \ + break; \ + } else if (unlikely(!IS_PRINTABLE_ASCII(*buf))) { \ + if ((unsigned char)*buf < '\040' || *buf == '\177') { \ + *ret = -1; \ + return NULL; \ + } \ + } \ + ++buf; \ + CHECK_EOF(); \ + } \ + tok = tok_start; \ + toklen = buf - tok_start; \ + } while (0) + +static const char *token_char_map = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" + "\0\1\0\1\1\1\1\1\0\0\1\1\0\1\1\0\1\1\1\1\1\1\1\1\1\1\0\0\0\0\0\0" + "\0\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\0\0\0\1\1" + "\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\0\1\0\1\0" + "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" + "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" + "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" + "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; + +static const char *findchar_fast(const char *buf, const char *buf_end, const char *ranges, size_t ranges_size, int *found) +{ + *found = 0; +#if __SSE4_2__ + if (likely(buf_end - buf >= 16)) { + __m128i ranges16 = _mm_loadu_si128((const __m128i *)ranges); + + size_t left = (buf_end - buf) & ~15; + do { + __m128i b16 = _mm_loadu_si128((const __m128i *)buf); + int r = _mm_cmpestri(ranges16, ranges_size, b16, 16, _SIDD_LEAST_SIGNIFICANT | _SIDD_CMP_RANGES | _SIDD_UBYTE_OPS); + if (unlikely(r != 16)) { + buf += r; + *found = 1; + break; + } + buf += 16; + left -= 16; + } while (likely(left != 0)); + } +#else + /* suppress unused parameter warning */ + (void)buf_end; + (void)ranges; + (void)ranges_size; +#endif + return buf; +} + +static const char *get_token_to_eol(const char *buf, const char *buf_end, const char **token, size_t *token_len, int *ret) +{ + const char *token_start = buf; + +#ifdef __SSE4_2__ + static const char ALIGNED(16) ranges1[16] = "\0\010" /* allow HT */ + "\012\037" /* allow SP and up to but not including DEL */ + "\177\177"; /* allow chars w. MSB set */ + int found; + buf = findchar_fast(buf, buf_end, ranges1, 6, &found); + if (found) + goto FOUND_CTL; +#else + /* find non-printable char within the next 8 bytes, this is the hottest code; manually inlined */ + while (likely(buf_end - buf >= 8)) { +#define DOIT() \ + do { \ + if (unlikely(!IS_PRINTABLE_ASCII(*buf))) \ + goto NonPrintable; \ + ++buf; \ + } while (0) + DOIT(); + DOIT(); + DOIT(); + DOIT(); + DOIT(); + DOIT(); + DOIT(); + DOIT(); +#undef DOIT + continue; + NonPrintable: + if ((likely((unsigned char)*buf < '\040') && likely(*buf != '\011')) || unlikely(*buf == '\177')) { + goto FOUND_CTL; + } + ++buf; + } +#endif + for (;; ++buf) { + CHECK_EOF(); + if (unlikely(!IS_PRINTABLE_ASCII(*buf))) { + if ((likely((unsigned char)*buf < '\040') && likely(*buf != '\011')) || unlikely(*buf == '\177')) { + goto FOUND_CTL; + } + } + } +FOUND_CTL: + if (likely(*buf == '\015')) { + ++buf; + EXPECT_CHAR('\012'); + *token_len = buf - 2 - token_start; + } else if (*buf == '\012') { + *token_len = buf - token_start; + ++buf; + } else { + *ret = -1; + return NULL; + } + *token = token_start; + + return buf; +} + +static const char *is_complete(const char *buf, const char *buf_end, size_t last_len, int *ret) +{ + int ret_cnt = 0; + buf = last_len < 3 ? buf : buf + last_len - 3; + + while (1) { + CHECK_EOF(); + if (*buf == '\015') { + ++buf; + CHECK_EOF(); + EXPECT_CHAR('\012'); + ++ret_cnt; + } else if (*buf == '\012') { + ++buf; + ++ret_cnt; + } else { + ++buf; + ret_cnt = 0; + } + if (ret_cnt == 2) { + return buf; + } + } + + *ret = -2; + return NULL; +} + +#define PARSE_INT(valp_, mul_) \ + if (*buf < '0' || '9' < *buf) { \ + buf++; \ + *ret = -1; \ + return NULL; \ + } \ + *(valp_) = (mul_) * (*buf++ - '0'); + +#define PARSE_INT_3(valp_) \ + do { \ + int res_ = 0; \ + PARSE_INT(&res_, 100) \ + *valp_ = res_; \ + PARSE_INT(&res_, 10) \ + *valp_ += res_; \ + PARSE_INT(&res_, 1) \ + *valp_ += res_; \ + } while (0) + +/* returned pointer is always within [buf, buf_end), or null */ +static const char *parse_http_version(const char *buf, const char *buf_end, int *minor_version, int *ret) +{ + /* we want at least [HTTP/1.<two chars>] to try to parse */ + if (buf_end - buf < 9) { + *ret = -2; + return NULL; + } + EXPECT_CHAR_NO_CHECK('H'); + EXPECT_CHAR_NO_CHECK('T'); + EXPECT_CHAR_NO_CHECK('T'); + EXPECT_CHAR_NO_CHECK('P'); + EXPECT_CHAR_NO_CHECK('/'); + EXPECT_CHAR_NO_CHECK('1'); + EXPECT_CHAR_NO_CHECK('.'); + PARSE_INT(minor_version, 1); + return buf; +} + +static const char *parse_headers(const char *buf, const char *buf_end, struct phr_header *headers, size_t *num_headers, + size_t max_headers, int *ret) +{ + for (;; ++*num_headers) { + CHECK_EOF(); + if (*buf == '\015') { + ++buf; + EXPECT_CHAR('\012'); + break; + } else if (*buf == '\012') { + ++buf; + break; + } + if (*num_headers == max_headers) { + *ret = -1; + return NULL; + } + if (!(*num_headers != 0 && (*buf == ' ' || *buf == '\t'))) { + /* parsing name, but do not discard SP before colon, see + * http://www.mozilla.org/security/announce/2006/mfsa2006-33.html */ + headers[*num_headers].name = buf; + static const char ALIGNED(16) ranges1[] = "\x00 " /* control chars and up to SP */ + "\"\"" /* 0x22 */ + "()" /* 0x28,0x29 */ + ",," /* 0x2c */ + "//" /* 0x2f */ + ":@" /* 0x3a-0x40 */ + "[]" /* 0x5b-0x5d */ + "{\377"; /* 0x7b-0xff */ + int found; + buf = findchar_fast(buf, buf_end, ranges1, sizeof(ranges1) - 1, &found); + if (!found) { + CHECK_EOF(); + } + while (1) { + if (*buf == ':') { + break; + } else if (!token_char_map[(unsigned char)*buf]) { + *ret = -1; + return NULL; + } + ++buf; + CHECK_EOF(); + } + if ((headers[*num_headers].name_len = buf - headers[*num_headers].name) == 0) { + *ret = -1; + return NULL; + } + ++buf; + for (;; ++buf) { + CHECK_EOF(); + if (!(*buf == ' ' || *buf == '\t')) { + break; + } + } + } else { + headers[*num_headers].name = NULL; + headers[*num_headers].name_len = 0; + } + const char *value; + size_t value_len; + if ((buf = get_token_to_eol(buf, buf_end, &value, &value_len, ret)) == NULL) { + return NULL; + } + /* remove trailing SPs and HTABs */ + const char *value_end = value + value_len; + for (; value_end != value; --value_end) { + const char c = *(value_end - 1); + if (!(c == ' ' || c == '\t')) { + break; + } + } + headers[*num_headers].value = value; + headers[*num_headers].value_len = value_end - value; + } + return buf; +} + +static const char *parse_request(const char *buf, const char *buf_end, const char **method, size_t *method_len, const char **path, + size_t *path_len, int *minor_version, struct phr_header *headers, size_t *num_headers, + size_t max_headers, int *ret) +{ + /* skip first empty line (some clients add CRLF after POST content) */ + CHECK_EOF(); + if (*buf == '\015') { + ++buf; + EXPECT_CHAR('\012'); + } else if (*buf == '\012') { + ++buf; + } + + /* parse request line */ + ADVANCE_TOKEN(*method, *method_len); + do { + ++buf; + } while (*buf == ' '); + ADVANCE_TOKEN(*path, *path_len); + do { + ++buf; + } while (*buf == ' '); + if (*method_len == 0 || *path_len == 0) { + *ret = -1; + return NULL; + } + if ((buf = parse_http_version(buf, buf_end, minor_version, ret)) == NULL) { + return NULL; + } + if (*buf == '\015') { + ++buf; + EXPECT_CHAR('\012'); + } else if (*buf == '\012') { + ++buf; + } else { + *ret = -1; + return NULL; + } + + return parse_headers(buf, buf_end, headers, num_headers, max_headers, ret); +} + +int phr_parse_request(const char *buf_start, size_t len, const char **method, size_t *method_len, const char **path, + size_t *path_len, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len) +{ + const char *buf = buf_start, *buf_end = buf_start + len; + size_t max_headers = *num_headers; + int r; + + *method = NULL; + *method_len = 0; + *path = NULL; + *path_len = 0; + *minor_version = -1; + *num_headers = 0; + + /* if last_len != 0, check if the request is complete (a fast countermeasure + againt slowloris */ + if (last_len != 0 && is_complete(buf, buf_end, last_len, &r) == NULL) { + return r; + } + + if ((buf = parse_request(buf, buf_end, method, method_len, path, path_len, minor_version, headers, num_headers, max_headers, + &r)) == NULL) { + return r; + } + + return (int)(buf - buf_start); +} + +static const char *parse_response(const char *buf, const char *buf_end, int *minor_version, int *status, const char **msg, + size_t *msg_len, struct phr_header *headers, size_t *num_headers, size_t max_headers, int *ret) +{ + /* parse "HTTP/1.x" */ + if ((buf = parse_http_version(buf, buf_end, minor_version, ret)) == NULL) { + return NULL; + } + /* skip space */ + if (*buf != ' ') { + *ret = -1; + return NULL; + } + do { + ++buf; + } while (*buf == ' '); + /* parse status code, we want at least [:digit:][:digit:][:digit:]<other char> to try to parse */ + if (buf_end - buf < 4) { + *ret = -2; + return NULL; + } + PARSE_INT_3(status); + + /* get message includig preceding space */ + if ((buf = get_token_to_eol(buf, buf_end, msg, msg_len, ret)) == NULL) { + return NULL; + } + if (*msg_len == 0) { + /* ok */ + } else if (**msg == ' ') { + /* remove preceding space */ + do { + ++*msg; + --*msg_len; + } while (**msg == ' '); + } else { + /* garbage found after status code */ + *ret = -1; + return NULL; + } + + return parse_headers(buf, buf_end, headers, num_headers, max_headers, ret); +} + +int phr_parse_response(const char *buf_start, size_t len, int *minor_version, int *status, const char **msg, size_t *msg_len, + struct phr_header *headers, size_t *num_headers, size_t last_len) +{ + const char *buf = buf_start, *buf_end = buf + len; + size_t max_headers = *num_headers; + int r; + + *minor_version = -1; + *status = 0; + *msg = NULL; + *msg_len = 0; + *num_headers = 0; + + /* if last_len != 0, check if the response is complete (a fast countermeasure + against slowloris */ + if (last_len != 0 && is_complete(buf, buf_end, last_len, &r) == NULL) { + return r; + } + + if ((buf = parse_response(buf, buf_end, minor_version, status, msg, msg_len, headers, num_headers, max_headers, &r)) == NULL) { + return r; + } + + return (int)(buf - buf_start); +} + +int phr_parse_headers(const char *buf_start, size_t len, struct phr_header *headers, size_t *num_headers, size_t last_len) +{ + const char *buf = buf_start, *buf_end = buf + len; + size_t max_headers = *num_headers; + int r; + + *num_headers = 0; + + /* if last_len != 0, check if the response is complete (a fast countermeasure + against slowloris */ + if (last_len != 0 && is_complete(buf, buf_end, last_len, &r) == NULL) { + return r; + } + + if ((buf = parse_headers(buf, buf_end, headers, num_headers, max_headers, &r)) == NULL) { + return r; + } + + return (int)(buf - buf_start); +} + +enum { + CHUNKED_IN_CHUNK_SIZE, + CHUNKED_IN_CHUNK_EXT, + CHUNKED_IN_CHUNK_DATA, + CHUNKED_IN_CHUNK_CRLF, + CHUNKED_IN_TRAILERS_LINE_HEAD, + CHUNKED_IN_TRAILERS_LINE_MIDDLE +}; + +static int decode_hex(int ch) +{ + if ('0' <= ch && ch <= '9') { + return ch - '0'; + } else if ('A' <= ch && ch <= 'F') { + return ch - 'A' + 0xa; + } else if ('a' <= ch && ch <= 'f') { + return ch - 'a' + 0xa; + } else { + return -1; + } +} + +ssize_t phr_decode_chunked(struct phr_chunked_decoder *decoder, char *buf, size_t *_bufsz) +{ + size_t dst = 0, src = 0, bufsz = *_bufsz; + ssize_t ret = -2; /* incomplete */ + + while (1) { + switch (decoder->_state) { + case CHUNKED_IN_CHUNK_SIZE: + for (;; ++src) { + int v; + if (src == bufsz) + goto Exit; + if ((v = decode_hex(buf[src])) == -1) { + if (decoder->_hex_count == 0) { + ret = -1; + goto Exit; + } + break; + } + if (decoder->_hex_count == sizeof(size_t) * 2) { + ret = -1; + goto Exit; + } + decoder->bytes_left_in_chunk = decoder->bytes_left_in_chunk * 16 + v; + ++decoder->_hex_count; + } + decoder->_hex_count = 0; + decoder->_state = CHUNKED_IN_CHUNK_EXT; + /* fallthru */ + case CHUNKED_IN_CHUNK_EXT: + /* RFC 7230 A.2 "Line folding in chunk extensions is disallowed" */ + for (;; ++src) { + if (src == bufsz) + goto Exit; + if (buf[src] == '\012') + break; + } + ++src; + if (decoder->bytes_left_in_chunk == 0) { + if (decoder->consume_trailer) { + decoder->_state = CHUNKED_IN_TRAILERS_LINE_HEAD; + break; + } else { + goto Complete; + } + } + decoder->_state = CHUNKED_IN_CHUNK_DATA; + /* fallthru */ + case CHUNKED_IN_CHUNK_DATA: { + size_t avail = bufsz - src; + if (avail < decoder->bytes_left_in_chunk) { + if (dst != src) + memmove(buf + dst, buf + src, avail); + src += avail; + dst += avail; + decoder->bytes_left_in_chunk -= avail; + goto Exit; + } + if (dst != src) + memmove(buf + dst, buf + src, decoder->bytes_left_in_chunk); + src += decoder->bytes_left_in_chunk; + dst += decoder->bytes_left_in_chunk; + decoder->bytes_left_in_chunk = 0; + decoder->_state = CHUNKED_IN_CHUNK_CRLF; + } + /* fallthru */ + case CHUNKED_IN_CHUNK_CRLF: + for (;; ++src) { + if (src == bufsz) + goto Exit; + if (buf[src] != '\015') + break; + } + if (buf[src] != '\012') { + ret = -1; + goto Exit; + } + ++src; + decoder->_state = CHUNKED_IN_CHUNK_SIZE; + break; + case CHUNKED_IN_TRAILERS_LINE_HEAD: + for (;; ++src) { + if (src == bufsz) + goto Exit; + if (buf[src] != '\015') + break; + } + if (buf[src++] == '\012') + goto Complete; + decoder->_state = CHUNKED_IN_TRAILERS_LINE_MIDDLE; + /* fallthru */ + case CHUNKED_IN_TRAILERS_LINE_MIDDLE: + for (;; ++src) { + if (src == bufsz) + goto Exit; + if (buf[src] == '\012') + break; + } + ++src; + decoder->_state = CHUNKED_IN_TRAILERS_LINE_HEAD; + break; + default: + assert(!"decoder is corrupt"); + } + } + +Complete: + ret = bufsz - src; +Exit: + if (dst != src) + memmove(buf + dst, buf + src, bufsz - src); + *_bufsz = dst; + return ret; +} + +int phr_decode_chunked_is_in_data(struct phr_chunked_decoder *decoder) +{ + return decoder->_state == CHUNKED_IN_CHUNK_DATA; +} + +#undef CHECK_EOF +#undef EXPECT_CHAR +#undef ADVANCE_TOKEN diff --git a/plugins/picohttpparser/picohttpparser.h b/plugins/picohttpparser/picohttpparser.h new file mode 100644 index 00000000..0849f844 --- /dev/null +++ b/plugins/picohttpparser/picohttpparser.h @@ -0,0 +1,87 @@ +/* + * Copyright (c) 2009-2014 Kazuho Oku, Tokuhiro Matsuno, Daisuke Murase, + * Shigeo Mitsunari + * + * The software is licensed under either the MIT License (below) or the Perl + * license. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ + +#ifndef picohttpparser_h +#define picohttpparser_h + +#include <sys/types.h> + +#ifdef _MSC_VER +#define ssize_t intptr_t +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/* contains name and value of a header (name == NULL if is a continuing line + * of a multiline header */ +struct phr_header { + const char *name; + size_t name_len; + const char *value; + size_t value_len; +}; + +/* returns number of bytes consumed if successful, -2 if request is partial, + * -1 if failed */ +int phr_parse_request(const char *buf, size_t len, const char **method, size_t *method_len, const char **path, size_t *path_len, + int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len); + +/* ditto */ +int phr_parse_response(const char *_buf, size_t len, int *minor_version, int *status, const char **msg, size_t *msg_len, + struct phr_header *headers, size_t *num_headers, size_t last_len); + +/* ditto */ +int phr_parse_headers(const char *buf, size_t len, struct phr_header *headers, size_t *num_headers, size_t last_len); + +/* should be zero-filled before start */ +struct phr_chunked_decoder { + size_t bytes_left_in_chunk; /* number of bytes left in current chunk */ + char consume_trailer; /* if trailing headers should be consumed */ + char _hex_count; + char _state; +}; + +/* the function rewrites the buffer given as (buf, bufsz) removing the chunked- + * encoding headers. When the function returns without an error, bufsz is + * updated to the length of the decoded data available. Applications should + * repeatedly call the function while it returns -2 (incomplete) every time + * supplying newly arrived data. If the end of the chunked-encoded data is + * found, the function returns a non-negative number indicating the number of + * octets left undecoded at the tail of the supplied buffer. Returns -1 on + * error. + */ +ssize_t phr_decode_chunked(struct phr_chunked_decoder *decoder, char *buf, size_t *bufsz); + +/* returns if the chunked decoder is in middle of chunked data */ +int phr_decode_chunked_is_in_data(struct phr_chunked_decoder *decoder); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/plugins/popen.c b/plugins/popen.c index 592263fd..9eb49b62 100644 --- a/plugins/popen.c +++ b/plugins/popen.c @@ -39,9 +39,9 @@ *****************************************************************************/ #include "common.h" +#include "utils.h" /* extern so plugin has pid to kill exec'd process on timeouts */ -extern int timeout_interval; extern pid_t *childpid; extern int *child_stderr_array; extern FILE *child_process; @@ -76,18 +76,9 @@ RETSIGTYPE popen_timeout_alarm_handler (int); #define SIG_ERR ((Sigfunc *)-1) #endif -#define min(a,b) ((a) < (b) ? (a) : (b)) -#define max(a,b) ((a) > (b) ? (a) : (b)) -int open_max (void); /* {Prog openmax} */ -static void err_sys (const char *, ...) __attribute__((noreturn,format(printf, 1, 2))); -char *rtrim (char *, const char *); char *pname = NULL; /* caller can set this from argv[0] */ -/*int *childerr = NULL;*//* ptr to array allocated at run-time */ -/*extern pid_t *childpid = NULL; *//* ptr to array allocated at run-time */ -static int maxfd; /* from our open_max(), {Prog openmax} */ - #ifdef REDHAT_SPOPEN_ERROR static volatile int childtermd = 0; #endif @@ -186,14 +177,15 @@ spopen (const char *cmdstring) } argv[i] = NULL; + if(maxfd == 0) + maxfd = open_max(); + if (childpid == NULL) { /* first time through */ - maxfd = open_max (); /* allocate zeroed out array for child pids */ if ((childpid = calloc ((size_t)maxfd, sizeof (pid_t))) == NULL) return (NULL); } if (child_stderr_array == NULL) { /* first time through */ - maxfd = open_max (); /* allocate zeroed out array for child pids */ if ((child_stderr_array = calloc ((size_t)maxfd, sizeof (int))) == NULL) return (NULL); } @@ -273,15 +265,6 @@ spclose (FILE * fp) return (1); } -#ifdef OPEN_MAX -static int openmax = OPEN_MAX; -#else -static int openmax = 0; -#endif - -#define OPEN_MAX_GUESS 256 /* if OPEN_MAX is indeterminate */ - /* no guarantee this is adequate */ - #ifdef REDHAT_SPOPEN_ERROR RETSIGTYPE popen_sigchld_handler (int signo) @@ -309,63 +292,3 @@ popen_timeout_alarm_handler (int signo) exit (STATE_CRITICAL); } } - - -int -open_max (void) -{ - if (openmax == 0) { /* first time through */ - errno = 0; - if ((openmax = sysconf (_SC_OPEN_MAX)) < 0) { - if (errno == 0) - openmax = OPEN_MAX_GUESS; /* it's indeterminate */ - else - err_sys (_("sysconf error for _SC_OPEN_MAX")); - } - } - return (openmax); -} - - -/* Fatal error related to a system call. - * Print a message and die. */ - -#define MAXLINE 2048 -static void -err_sys (const char *fmt, ...) -{ - int errnoflag = 1; - int errno_save; - char buf[MAXLINE]; - - va_list ap; - - va_start (ap, fmt); - /* err_doit (1, fmt, ap); */ - errno_save = errno; /* value caller might want printed */ - vsprintf (buf, fmt, ap); - if (errnoflag) - sprintf (buf + strlen (buf), ": %s", strerror (errno_save)); - strcat (buf, "\n"); - fflush (stdout); /* in case stdout and stderr are the same */ - fputs (buf, stderr); - fflush (NULL); /* flushes all stdio output streams */ - va_end (ap); - exit (1); -} - -char * -rtrim (char *str, const char *tok) -{ - int i = 0; - int j = sizeof (str); - - while (str != NULL && i < j) { - if (*(str + i) == *tok) { - sprintf (str + i, "%s", "\0"); - return str; - } - i++; - } - return str; -} diff --git a/plugins/popen.h b/plugins/popen.h index fc7e78e2..a5dd8fa7 100644 --- a/plugins/popen.h +++ b/plugins/popen.h @@ -7,7 +7,6 @@ FILE *spopen (const char *); int spclose (FILE *); RETSIGTYPE popen_timeout_alarm_handler (int); -extern unsigned int timeout_interval; pid_t *childpid=NULL; int *child_stderr_array=NULL; FILE *child_process=NULL; diff --git a/plugins/runcmd.c b/plugins/runcmd.c index 1a7c904f..a7155d27 100644 --- a/plugins/runcmd.c +++ b/plugins/runcmd.c @@ -67,19 +67,6 @@ * occur in any number of threads simultaneously. */ static pid_t *np_pids = NULL; -/* Try sysconf(_SC_OPEN_MAX) first, as it can be higher than OPEN_MAX. - * If that fails and the macro isn't defined, we fall back to an educated - * guess. There's no guarantee that our guess is adequate and the program - * will die with SIGSEGV if it isn't and the upper boundary is breached. */ -#ifdef _SC_OPEN_MAX -static long maxfd = 0; -#elif defined(OPEN_MAX) -# define maxfd OPEN_MAX -#else /* sysconf macro unavailable, so guess (may be wildly inaccurate) */ -# define maxfd 256 -#endif - - /** prototypes **/ static int np_runcmd_open(const char *, int *, int *) __attribute__((__nonnull__(1, 2, 3))); @@ -99,14 +86,8 @@ extern void die (int, const char *, ...) * through this api and thus achieve async-safeness throughout the api */ void np_runcmd_init(void) { -#ifndef maxfd - if(!maxfd && (maxfd = sysconf(_SC_OPEN_MAX)) < 0) { - /* possibly log or emit a warning here, since there's no - * guarantee that our guess at maxfd will be adequate */ - maxfd = 256; - } -#endif - + if(maxfd == 0) + maxfd = open_max(); if(!np_pids) np_pids = calloc(maxfd, sizeof(pid_t)); } diff --git a/plugins/sslutils.c b/plugins/sslutils.c index d0ae4741..14f6579d 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c @@ -1,29 +1,29 @@ /***************************************************************************** -* +* * Monitoring Plugins SSL utilities -* +* * License: GPL * Copyright (c) 2005-2010 Monitoring Plugins Development Team -* +* * Description: -* +* * This file contains common functions for plugins that require SSL. -* +* * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. -* +* * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. -* +* * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. -* -* +* +* *****************************************************************************/ #define MAX_CN_LENGTH 256 @@ -48,29 +48,79 @@ int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int versi } int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int version, char *cert, char *privkey) { - SSL_METHOD *method = NULL; + const SSL_METHOD *method = NULL; + long options = 0; switch (version) { - case 0: /* Deafult to auto negotiation */ - method = SSLv23_client_method(); - break; - case 1: /* TLSv1 protocol */ - method = TLSv1_client_method(); - break; - case 2: /* SSLv2 protocol */ + case MP_SSLv2: /* SSLv2 protocol */ #if defined(USE_GNUTLS) || defined(OPENSSL_NO_SSL2) - printf(("%s\n", _("CRITICAL - SSL protocol version 2 is not supported by your SSL library."))); - return STATE_CRITICAL; + printf("%s\n", _("UNKNOWN - SSL protocol version 2 is not supported by your SSL library.")); + return STATE_UNKNOWN; #else method = SSLv2_client_method(); -#endif break; - case 3: /* SSLv3 protocol */ +#endif + case MP_SSLv3: /* SSLv3 protocol */ +#if defined(OPENSSL_NO_SSL3) + printf("%s\n", _("UNKNOWN - SSL protocol version 3 is not supported by your SSL library.")); + return STATE_UNKNOWN; +#else method = SSLv3_client_method(); break; - default: /* Unsupported */ - printf("%s\n", _("CRITICAL - Unsupported SSL protocol version.")); - return STATE_CRITICAL; +#endif + case MP_TLSv1: /* TLSv1 protocol */ +#if defined(OPENSSL_NO_TLS1) + printf("%s\n", _("UNKNOWN - TLS protocol version 1 is not supported by your SSL library.")); + return STATE_UNKNOWN; +#else + method = TLSv1_client_method(); + break; +#endif + case MP_TLSv1_1: /* TLSv1.1 protocol */ +#if !defined(SSL_OP_NO_TLSv1_1) + printf("%s\n", _("UNKNOWN - TLS protocol version 1.1 is not supported by your SSL library.")); + return STATE_UNKNOWN; +#else + method = TLSv1_1_client_method(); + break; +#endif + case MP_TLSv1_2: /* TLSv1.2 protocol */ +#if !defined(SSL_OP_NO_TLSv1_2) + printf("%s\n", _("UNKNOWN - TLS protocol version 1.2 is not supported by your SSL library.")); + return STATE_UNKNOWN; +#else + method = TLSv1_2_client_method(); + break; +#endif + case MP_TLSv1_2_OR_NEWER: +#if !defined(SSL_OP_NO_TLSv1_1) + printf("%s\n", _("UNKNOWN - Disabling TLSv1.1 is not supported by your SSL library.")); + return STATE_UNKNOWN; +#else + options |= SSL_OP_NO_TLSv1_1; +#endif + /* FALLTHROUGH */ + case MP_TLSv1_1_OR_NEWER: +#if !defined(SSL_OP_NO_TLSv1) + printf("%s\n", _("UNKNOWN - Disabling TLSv1 is not supported by your SSL library.")); + return STATE_UNKNOWN; +#else + options |= SSL_OP_NO_TLSv1; +#endif + /* FALLTHROUGH */ + case MP_TLSv1_OR_NEWER: +#if defined(SSL_OP_NO_SSLv3) + options |= SSL_OP_NO_SSLv3; +#endif + /* FALLTHROUGH */ + case MP_SSLv3_OR_NEWER: +#if defined(SSL_OP_NO_SSLv2) + options |= SSL_OP_NO_SSLv2; +#endif + case MP_SSLv2_OR_NEWER: + /* FALLTHROUGH */ + default: /* Default to auto negotiation */ + method = SSLv23_client_method(); } if (!initialized) { /* Initialize SSL context */ @@ -94,8 +144,9 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int #endif } #ifdef SSL_OP_NO_TICKET - SSL_CTX_set_options(c, SSL_OP_NO_TICKET); + options |= SSL_OP_NO_TICKET; #endif + SSL_CTX_set_options(c, options); SSL_CTX_set_mode(c, SSL_MODE_AUTO_RETRY); if ((s = SSL_new(c)) != NULL) { #ifdef SSL_set_tlsext_host_name @@ -142,9 +193,22 @@ int np_net_ssl_read(void *buf, int num) { int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ # ifdef USE_OPENSSL - X509 *certificate=NULL; + X509 *certificate = NULL; + certificate=SSL_get_peer_certificate(s); + return(np_net_ssl_check_certificate(certificate, days_till_exp_warn, days_till_exp_crit)); +# else /* ifndef USE_OPENSSL */ + printf("%s\n", _("WARNING - Plugin does not support checking certificates.")); + return STATE_WARNING; +# endif /* USE_OPENSSL */ +} + +int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int days_till_exp_crit){ +# ifdef USE_OPENSSL X509_NAME *subj=NULL; + char timestamp[50] = ""; char cn[MAX_CN_LENGTH]= ""; + char *tz; + int cnlen =-1; int status=STATE_UNKNOWN; @@ -153,10 +217,9 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ struct tm stamp; float time_left; int days_left; - char timestamp[50] = ""; + int time_remaining; time_t tm_t; - certificate=SSL_get_peer_certificate(s); if (!certificate) { printf("%s\n",_("CRITICAL - Cannot retrieve server certificate.")); return STATE_CRITICAL; @@ -207,32 +270,55 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0'); stamp.tm_min = (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0'); - stamp.tm_sec = 0; + stamp.tm_sec = + (tm->data[10 + offset] - '0') * 10 + (tm->data[11 + offset] - '0'); stamp.tm_isdst = -1; - time_left = difftime(timegm(&stamp), time(NULL)); + tm_t = timegm(&stamp); + time_left = difftime(tm_t, time(NULL)); days_left = time_left / 86400; - tm_t = mktime (&stamp); - strftime(timestamp, 50, "%c", localtime(&tm_t)); + tz = getenv("TZ"); + setenv("TZ", "GMT", 1); + tzset(); + strftime(timestamp, 50, "%c %z", localtime(&tm_t)); + if (tz) + setenv("TZ", tz, 1); + else + unsetenv("TZ"); + tzset(); if (days_left > 0 && days_left <= days_till_exp_warn) { printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, days_left, timestamp); if (days_left > days_till_exp_crit) - return STATE_WARNING; + status = STATE_WARNING; else - return STATE_CRITICAL; + status = STATE_CRITICAL; + } else if (days_left == 0 && time_left > 0) { + if (time_left >= 3600) + time_remaining = (int) time_left / 3600; + else + time_remaining = (int) time_left / 60; + + printf (_("%s - Certificate '%s' expires in %u %s (%s)\n"), + (days_left>days_till_exp_crit) ? "WARNING" : "CRITICAL", cn, time_remaining, + time_left >= 3600 ? "hours" : "minutes", timestamp); + + if ( days_left > days_till_exp_crit) + status = STATE_WARNING; + else + status = STATE_CRITICAL; } else if (time_left < 0) { printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp); status=STATE_CRITICAL; } else if (days_left == 0) { - printf (_("%s - Certificate '%s' expires today (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp); + printf (_("%s - Certificate '%s' just expired (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp); if (days_left > days_till_exp_crit) - return STATE_WARNING; + status = STATE_WARNING; else - return STATE_CRITICAL; + status = STATE_CRITICAL; } else { printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp); - status=STATE_OK; + status = STATE_OK; } X509_free(certificate); return status; diff --git a/plugins/t/NPTest.cache.travis b/plugins/t/NPTest.cache.travis deleted file mode 100644 index 4ebfb90e..00000000 --- a/plugins/t/NPTest.cache.travis +++ /dev/null @@ -1,56 +0,0 @@ -{ - 'MYSQL_LOGIN_DETAILS' => '-u root -d test', - 'NP_ALLOW_SUDO' => 'yes', - 'NP_DNS_SERVER' => '8.8.8.8', - 'NP_GOOD_NTP_SERVICE' => '', - 'NP_HOSTNAME_INVALID' => 'nosuchhost', - 'NP_HOSTNAME_VALID' => 'monitoringplugins.org', - 'NP_HOSTNAME_VALID_IP' => '130.133.8.40', - 'NP_HOSTNAME_VALID_REVERSE' => 'orwell.monitoring-plugins.org.', - 'NP_HOST_DHCP_RESPONSIVE' => '', - 'NP_HOST_NONRESPONSIVE' => '10.0.0.1', - 'NP_HOST_RESPONSIVE' => 'localhost', - 'NP_HOST_SMB' => '', - 'NP_HOST_SNMP' => '', - 'NP_HOST_TCP_FTP' => '', - 'NP_HOST_TCP_HPJD' => '', - 'NP_HOST_HPJD_PORT_INVALID' => '161', - 'NP_HOST_HPJD_PORT_VALID' => '', - 'NP_HOST_TCP_HTTP' => 'localhost', - 'NP_HOST_TCP_HTTP2' => 'labs.consol.de', - 'NP_HOST_TCP_IMAP' => 'imap.web.de', - 'NP_HOST_TCP_POP' => 'pop.web.de', - 'NP_HOST_TCP_SMTP' => 'localhost', - 'NP_HOST_TCP_SMTP_NOTLS' => '', - 'NP_HOST_TCP_SMTP_TLS' => '', - 'NP_INTERNET_ACCESS' => 'yes', - 'NP_MOUNTPOINT2_VALID' => '', - 'NP_MOUNTPOINT_VALID' => '/', - 'NP_MYSQL_SERVER' => 'localhost', - 'NP_HOST_UDP_TIME' => 'localhost', - 'NP_MYSQL_SOCKET' => '/var/run/mysqld/mysqld.sock', - 'NP_MYSQL_WITH_SLAVE' => '', - 'NP_MYSQL_WITH_SLAVE_LOGIN' => '', - 'NP_NO_NTP_SERVICE' => 'localhost', - 'NP_SMB_SHARE' => '', - 'NP_SMB_SHARE_DENY' => '', - 'NP_SMB_SHARE_SPC' => '', - 'NP_SMB_VALID_USER' => '', - 'NP_SMB_VALID_USER_PASS' => '', - 'NP_SNMP_COMMUNITY' => '', - 'NP_SSH_CONFIGFILE' => '~/.ssh/config', - 'NP_SSH_HOST' => 'localhost', - 'NP_SSH_IDENTITY' => '~/.ssh/id_dsa', - 'NP_HOST_TCP_JABBER' => 'jabber.org', - 'host_nonresponsive' => '10.0.0.1', - 'host_responsive' => 'localhost', - 'host_snmp' => '', - 'host_tcp_ftp' => '', - 'host_tcp_http' => 'localhost', - 'host_tcp_imap' => 'imap.nierlein.de', - 'host_tcp_smtp' => 'localhost', - 'hostname_invalid' => 'nosuchhost', - 'snmp_community' => '', - 'user_snmp' => '', - 'host_udp_time' => 'none', -} diff --git a/plugins/t/check_apt.t b/plugins/t/check_apt.t index 9ba0ff8e..430eb53e 100644 --- a/plugins/t/check_apt.t +++ b/plugins/t/check_apt.t @@ -23,7 +23,7 @@ sub make_result_regexp { } if (-x "./check_apt") { - plan tests => 28; + plan tests => 36; } else { plan skip_all => "No check_apt compiled"; } @@ -40,10 +40,18 @@ $result = NPTest->testCmd( sprintf($testfile_command, "", "debian2") ); is( $result->return_code, 1, "Debian apt output, warning" ); like( $result->output, make_result_regexp(13, 0), "Output correct" ); +$result = NPTest->testCmd( sprintf($testfile_command, "-o", "debian2") ); +is( $result->return_code, 0, "Debian apt output, no critical" ); +like( $result->output, make_result_regexp(13, 0), "Output correct" ); + $result = NPTest->testCmd( sprintf($testfile_command, "", "debian3") ); is( $result->return_code, 2, "Debian apt output, some critical" ); like( $result->output, make_result_regexp(19, 4), "Output correct" ); +$result = NPTest->testCmd( sprintf($testfile_command, "-o", "debian3") ); +is( $result->return_code, 2, "Debian apt output, some critical" ); +like( $result->output, make_result_regexp(19, 4), "Output correct" ); + $result = NPTest->testCmd( sprintf($testfile_command, "-c '^[^\\(]*\\(.* (Debian-Security:|Ubuntu:[^/]*/[^-]*-security)'", "debian3") ); is( $result->return_code, 2, "Debian apt output - should have same result when default security regexp specified via -c" ); like( $result->output, make_result_regexp(19, 4), "Output correct" ); @@ -52,6 +60,10 @@ $result = NPTest->testCmd( sprintf($testfile_command, "-i libc6", "debian3") ); is( $result->return_code, 1, "Debian apt output, filter for libc6" ); like( $result->output, make_result_regexp(3, 0), "Output correct" ); +$result = NPTest->testCmd( sprintf($testfile_command, "-i libc6", "debian3") ); +is( $result->return_code, 1, "Debian apt output, filter for libc6, not critical" ); +like( $result->output, make_result_regexp(3, 0), "Output correct" ); + $result = NPTest->testCmd( sprintf($testfile_command, "-i libc6 -i xen", "debian3") ); is( $result->return_code, 2, "Debian apt output, filter for libc6 and xen" ); like( $result->output, make_result_regexp(9, 4), "Output correct" ); @@ -64,6 +76,10 @@ $result = NPTest->testCmd( sprintf($testfile_command, "-e libc6", "debian3") ); is( $result->return_code, 2, "Debian apt output, filter out libc6" ); like( $result->output, make_result_regexp(16, 4), "Output correct" ); +$result = NPTest->testCmd( sprintf($testfile_command, "-e libc6 -o", "debian3") ); +is( $result->return_code, 2, "Debian apt output, filter out libc6, critical" ); +like( $result->output, make_result_regexp(16, 4), "Output correct" ); + $result = NPTest->testCmd( sprintf($testfile_command, "-e libc6 -e xen", "debian3") ); is( $result->return_code, 1, "Debian apt output, filter out libc6 and xen" ); like( $result->output, make_result_regexp(10, 0), "Output correct" ); diff --git a/plugins/t/check_by_ssh.t b/plugins/t/check_by_ssh.t index 4797390d..1d2939e9 100644 --- a/plugins/t/check_by_ssh.t +++ b/plugins/t/check_by_ssh.t @@ -9,17 +9,9 @@ use Test::More; use NPTest; # Required parameters -my $ssh_service = getTestParameter( "NP_SSH_HOST", - "A host providing SSH service", - "localhost"); - -my $ssh_key = getTestParameter( "NP_SSH_IDENTITY", - "A key allowing access to NP_SSH_HOST", - "~/.ssh/id_dsa"); - -my $ssh_conf = getTestParameter( "NP_SSH_CONFIGFILE", - "A config file with ssh settings", - "~/.ssh/config"); +my $ssh_service = getTestParameter("NP_SSH_HOST", "A host providing SSH service", "localhost"); +my $ssh_key = getTestParameter("NP_SSH_IDENTITY", "A key allowing access to NP_SSH_HOST", "~/.ssh/id_dsa"); +my $ssh_conf = getTestParameter( "NP_SSH_CONFIGFILE", "A config file with ssh settings", "~/.ssh/config"); plan skip_all => "SSH_HOST and SSH_IDENTITY must be defined" unless ($ssh_service && $ssh_key); diff --git a/plugins/t/check_curl.t b/plugins/t/check_curl.t new file mode 100644 index 00000000..ada6a045 --- /dev/null +++ b/plugins/t/check_curl.t @@ -0,0 +1,201 @@ +#! /usr/bin/perl -w -I .. +# +# HyperText Transfer Protocol (HTTP) Test via check_http +# +# + +use strict; +use Test::More; +use POSIX qw/mktime strftime/; +use NPTest; + +plan tests => 58; + +my $successOutput = '/OK.*HTTP.*second/'; + +my $res; +my $plugin = 'check_http'; +$plugin = 'check_curl' if $0 =~ m/check_curl/mx; + +my $host_tcp_http = getTestParameter("NP_HOST_TCP_HTTP", "A host providing the HTTP Service (a web server)", "localhost"); +my $host_tls_http = getTestParameter("NP_HOST_TLS_HTTP", "A host providing the HTTPS Service (a tls web server)", "localhost"); +my $host_tls_cert = getTestParameter("NP_HOST_TLS_CERT", "the common name of the certificate.", "localhost"); +my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1"); +my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost"); +my $internet_access = getTestParameter("NP_INTERNET_ACCESS", "Is this system directly connected to the internet?", "yes"); +my $host_tcp_http2 = getTestParameter("NP_HOST_TCP_HTTP2", "A host providing an index page containing the string 'monitoring'", "test.monitoring-plugins.org"); +my $host_tcp_proxy = getTestParameter("NP_HOST_TCP_PROXY", "A host providing a HTTP proxy with CONNECT support", "localhost"); +my $port_tcp_proxy = getTestParameter("NP_PORT_TCP_PROXY", "Port of the proxy with HTTP and CONNECT support", "3128"); + +my $faketime = -x '/usr/bin/faketime' ? 1 : 0; + + +$res = NPTest->testCmd( + "./$plugin $host_tcp_http -wt 300 -ct 600" + ); +cmp_ok( $res->return_code, '==', 0, "Webserver $host_tcp_http responded" ); +like( $res->output, $successOutput, "Output OK" ); + +$res = NPTest->testCmd( + "./$plugin $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'" + ); +like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" ); + +$res = NPTest->testCmd( + "./$plugin $host_nonresponsive -wt 1 -ct 2 -t 3" + ); +cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" ); +# was CRITICAL only, but both check_curl and check_http print HTTP CRITICAL (puzzle?!) +like( $res->output, "/HTTP CRITICAL - Invalid HTTP response received from host on port 80: cURL returned 28 - Connection timed out after/", "Output OK"); + +$res = NPTest->testCmd( + "./$plugin $hostname_invalid -wt 1 -ct 2" + ); +cmp_ok( $res->return_code, '==', 2, "Webserver $hostname_invalid not valid" ); +# The first part of the message comes from the OS catalogue, so cannot check this. +# On Debian, it is Name or service not known, on Darwin, it is No address associated with nodename +# Is also possible to get a socket timeout if DNS is not responding fast enough +# cURL gives us consistent strings from it's own 'lib/strerror.c' +like( $res->output, "/cURL returned 6 - Could not resolve host:/", "Output OK"); + +# host header checks +$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http"); +like( $res->output, '/^Host: '.$host_tcp_http.'\s*$/ms', "Host Header OK" ); +like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" ); + +$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http -p 80"); +like( $res->output, '/^Host: '.$host_tcp_http.'\s*$/ms', "Host Header OK" ); +like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" ); + +$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http:8080 -p 80"); +like( $res->output, '/^Host: '.$host_tcp_http.':8080\s*$/ms', "Host Header OK" ); +like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" ); + +$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http:8080 -p 80"); +like( $res->output, '/^Host: '.$host_tcp_http.':8080\s*$/ms', "Host Header OK" ); +like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" ); + +$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http:8080 -p 80 -k 'Host: testhost:8001'"); +like( $res->output, '/^Host: testhost:8001\s*$/ms', "Host Header OK" ); +like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" ); + +$res = NPTest->testCmd("./$plugin -v -I $host_tcp_http -p 80 -k 'Host: testhost:8001'"); +like( $res->output, '/^Host: testhost:8001\s*$/ms', "Host Header OK" ); +like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" ); + +SKIP: { + skip "No internet access", 4 if $internet_access eq "no"; + + $res = NPTest->testCmd("./$plugin -v -H $host_tls_http -S"); + like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" ); + + $res = NPTest->testCmd("./$plugin -v -H $host_tls_http:8080 -S -p 443"); + like( $res->output, '/^Host: '.$host_tls_http.':8080\s*$/ms', "Host Header OK" ); + + $res = NPTest->testCmd("./$plugin -v -H $host_tls_http:443 -S -p 443"); + like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" ); + + $res = NPTest->testCmd("./$plugin -v -H $host_tls_http -D -S -p 443"); + like( $res->output, '/(^Host: '.$host_tls_http.'\s*$)|(cURL returned 60)/ms', "Host Header OK" ); +}; + +SKIP: { + skip "No host serving monitoring in index file", 7 unless $host_tcp_http2; + + $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'monitoring'" ); + cmp_ok( $res->return_code, "==", 0, "Got a reference to 'monitoring'"); + + $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'mONiTORing'" ); + cmp_ok( $res->return_code, "==", 2, "Not got 'mONiTORing'"); + like ( $res->output, "/pattern not found/", "Error message says 'pattern not found'"); + + $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -R 'mONiTORing'" ); + cmp_ok( $res->return_code, "==", 0, "But case insensitive doesn't mind 'mONiTORing'"); + + $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'monitoring' --invert-regex" ); + cmp_ok( $res->return_code, "==", 2, "Invert results work when found"); + like ( $res->output, "/pattern found/", "Error message says 'pattern found'"); + + $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'mONiTORing' --invert-regex" ); + cmp_ok( $res->return_code, "==", 0, "And also when not found"); +} +SKIP: { + skip "No internet access", 28 if $internet_access eq "no"; + + $res = NPTest->testCmd( + "./$plugin --ssl $host_tls_http" + ); + cmp_ok( $res->return_code, '==', 0, "Can read https for $host_tls_http" ); + + $res = NPTest->testCmd( "./$plugin -C 1 --ssl $host_tls_http" ); + cmp_ok( $res->return_code, '==', 0, "Checking certificate for $host_tls_http"); + like ( $res->output, "/Certificate '$host_tls_cert' will expire on/", "Output OK" ); + my $saved_cert_output = $res->output; + + $res = NPTest->testCmd( "./$plugin -C 8000,1 --ssl $host_tls_http" ); + cmp_ok( $res->return_code, '==', 1, "Checking certificate for $host_tls_http"); + like ( $res->output, qr/WARNING - Certificate '$host_tls_cert' expires in \d+ day/, "Output Warning" ); + + $res = NPTest->testCmd( "./$plugin $host_tls_http -C 1" ); + is( $res->return_code, 0, "Old syntax for cert checking okay" ); + is( $res->output, $saved_cert_output, "Same output as new syntax" ); + + $res = NPTest->testCmd( "./$plugin -H $host_tls_http -C 1" ); + is( $res->return_code, 0, "Updated syntax for cert checking okay" ); + is( $res->output, $saved_cert_output, "Same output as new syntax" ); + + $res = NPTest->testCmd( "./$plugin -C 1 $host_tls_http" ); + cmp_ok( $res->output, 'eq', $saved_cert_output, "--ssl option automatically added"); + + $res = NPTest->testCmd( "./$plugin $host_tls_http -C 1" ); + cmp_ok( $res->output, 'eq', $saved_cert_output, "Old syntax for cert checking still works"); + + # run some certificate checks with faketime + SKIP: { + skip "No faketime binary found", 12 if !$faketime; + $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./$plugin -C 1 $host_tls_http"); + like($res->output, qr/OK - Certificate '$host_tls_cert' will expire on/, "Catch cert output"); + is( $res->return_code, 0, "Catch cert output exit code" ); + my($mon,$day,$hour,$min,$sec,$year) = ($res->output =~ /(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)\s+(\d+)/); + if(!defined $year) { + die("parsing date failed from: ".$res->output); + } + my $months = {'Jan' => 0, 'Feb' => 1, 'Mar' => 2, 'Apr' => 3, 'May' => 4, 'Jun' => 5, 'Jul' => 6, 'Aug' => 7, 'Sep' => 8, 'Oct' => 9, 'Nov' => 10, 'Dec' => 11}; + my $ts = mktime($sec, $min, $hour, $day, $months->{$mon}, $year-1900); + my $time = strftime("%Y-%m-%d %H:%M:%S", localtime($ts)); + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./$plugin -C 1 $host_tls_http"); + like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' just expired/, "Output on expire date"); + is( $res->return_code, 2, "Output on expire date" ); + + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-1))."' ./$plugin -C 1 $host_tls_http"); + like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 0 minutes/, "cert expires in 1 second output"); + is( $res->return_code, 2, "cert expires in 1 second exit code" ); + + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-120))."' ./$plugin -C 1 $host_tls_http"); + like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 2 minutes/, "cert expires in 2 minutes output"); + is( $res->return_code, 2, "cert expires in 2 minutes exit code" ); + + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-7200))."' ./$plugin -C 1 $host_tls_http"); + like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 2 hours/, "cert expires in 2 hours output"); + is( $res->return_code, 2, "cert expires in 2 hours exit code" ); + + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./$plugin -C 1 $host_tls_http"); + like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expired on/, "Certificate expired output"); + is( $res->return_code, 2, "Certificate expired exit code" ); + }; + + $res = NPTest->testCmd( "./$plugin --ssl $host_tls_http -E" ); + like ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' ); + like ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' ); + + $res = NPTest->testCmd( + "./$plugin --ssl -H www.e-paycobalt.com" + ); + cmp_ok( $res->return_code, "==", 0, "Can read https for www.e-paycobalt.com (uses AES certificate)" ); + + $res = NPTest->testCmd( "./$plugin -H www.mozilla.com -u /firefox -f curl" ); + is( $res->return_code, 0, "Redirection based on location is okay"); + + $res = NPTest->testCmd( "./$plugin -H www.mozilla.com --extended-perfdata" ); + like ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' ); +} diff --git a/plugins/t/check_disk.t b/plugins/t/check_disk.t index 7e0f74b7..ec527e7f 100644 --- a/plugins/t/check_disk.t +++ b/plugins/t/check_disk.t @@ -88,8 +88,9 @@ $result = NPTest->testCmd( ); $_ = $result->perf_output; my ($warn_absth_data, $crit_absth_data, $total_absth_data) = (m/=.[^;]*;(\d+);(\d+);\d+;(\d+)/); -is ($warn_absth_data, $total_absth_data - 20, "Wrong warning in perf data using absolute thresholds"); -is ($crit_absth_data, $total_absth_data - 10, "Wrong critical in perf data using absolute thresholds"); +# default unit is MiB, but perfdata is always bytes +is ($warn_absth_data, $total_absth_data - (20 * (2 ** 20)), "Wrong warning in perf data using absolute thresholds"); +is ($crit_absth_data, $total_absth_data - (10 * (2 ** 20)), "Wrong critical in perf data using absolute thresholds"); # Then check percent thresholds. $result = NPTest->testCmd( @@ -119,7 +120,7 @@ like ( $result->only_output, qr/$more_free/, "Have disk name in text"); $result = NPTest->testCmd( "./check_disk -w 1 -c 1 -p $more_free -p $less_free" ); cmp_ok( $result->return_code, '==', 0, "At least 1 MB available on $more_free and $less_free"); $_ = $result->output; -my ($free_mb_on_mp1, $free_mb_on_mp2) = (m/(\d+) MB .* (\d+) MB /g); +my ($free_mb_on_mp1, $free_mb_on_mp2) = (m/(\d+)MiB .* (\d+)MiB /g); my $free_mb_on_all = $free_mb_on_mp1 + $free_mb_on_mp2; @@ -248,11 +249,11 @@ $result = NPTest->testCmd( "./check_disk -w 100% -c 100% ".${mountpoint_valid} ) cmp_ok( $result->return_code, "==", 2, "100% empty" ); like( $result->output, $failureOutput, "Right output" ); -$result = NPTest->testCmd( "./check_disk -w 100000 -c 100000 $mountpoint_valid" ); -cmp_ok( $result->return_code, '==', 2, "Check for 100GB free" ); +$result = NPTest->testCmd( "./check_disk -w 100000000 -c 100000000 $mountpoint_valid" ); +cmp_ok( $result->return_code, '==', 2, "Check for 100TB free" ); -$result = NPTest->testCmd( "./check_disk -w 100 -c 100 -u GB ".${mountpoint_valid} ); # 100 GB empty -cmp_ok( $result->return_code, "==", 2, "100 GB empty" ); +$result = NPTest->testCmd( "./check_disk -w 100 -c 100 -u TB ".${mountpoint_valid} ); # 100 TB empty +cmp_ok( $result->return_code, "==", 2, "100 TB empty" ); # Checking old syntax of check_disk warn crit [fs], with warn/crit at USED% thresholds diff --git a/plugins/t/check_dns.t b/plugins/t/check_dns.t index 035e7682..afb2062d 100644 --- a/plugins/t/check_dns.t +++ b/plugins/t/check_dns.t @@ -10,26 +10,38 @@ use NPTest; plan skip_all => "check_dns not compiled" unless (-x "check_dns"); -plan tests => 16; +plan tests => 23; my $successOutput = '/DNS OK: [\.0-9]+ seconds? response time/'; my $hostname_valid = getTestParameter( "NP_HOSTNAME_VALID", "A valid (known to DNS) hostname", - "monitoring-plugins.org" + "monitoring-plugins.org", ); my $hostname_valid_ip = getTestParameter( "NP_HOSTNAME_VALID_IP", "The IP address of the valid hostname $hostname_valid", - "66.118.156.50", + "130.133.8.40", + ); + +my $hostname_valid_cidr = getTestParameter( + "NP_HOSTNAME_VALID_CIDR", + "An valid CIDR range containing $hostname_valid_ip", + "130.133.8.41/30", + ); + +my $hostname_invalid_cidr = getTestParameter( + "NP_HOSTNAME_INVALID_CIDR", + "An (valid) CIDR range NOT containing $hostname_valid_ip", + "130.133.8.39/30", ); my $hostname_valid_reverse = getTestParameter( "NP_HOSTNAME_VALID_REVERSE", "The hostname of $hostname_valid_ip", - "66-118-156-50.static.sagonet.net.", + "orwell.monitoring-plugins.org.", ); my $hostname_invalid = getTestParameter( @@ -87,3 +99,17 @@ $res = NPTest->testCmd("./check_dns -H $hostname_valid_ip -a $hostname_valid_rev cmp_ok( $res->return_code, '==', 0, "Got expected fqdn"); like ( $res->output, $successOutput, "Output OK"); +$res = NPTest->testCmd("./check_dns -H $hostname_valid -a $hostname_valid_cidr -t 5"); +cmp_ok( $res->return_code, '==', 0, "Got expected address"); + +$res = NPTest->testCmd("./check_dns -H $hostname_valid -a $hostname_invalid_cidr -t 5"); +cmp_ok( $res->return_code, '==', 2, "Got wrong address"); +like ( $res->output, "/^DNS CRITICAL.*expected '$hostname_invalid_cidr' but got '$hostname_valid_ip'".'$/', "Output OK"); + +$res = NPTest->testCmd("./check_dns -H $hostname_valid -n"); +cmp_ok( $res->return_code, '==', 2, "Found $hostname_valid"); +like ( $res->output, "/^DNS CRITICAL.*Domain '$hostname_valid' was found by the server:/", "Output OK"); + +$res = NPTest->testCmd("./check_dns -H $hostname_invalid -n"); +cmp_ok( $res->return_code, '==', 0, "Did not find $hostname_invalid"); +like ( $res->output, $successOutput, "Output OK" ); diff --git a/plugins/t/check_fping.t b/plugins/t/check_fping.t index 08692e46..67b357b2 100644 --- a/plugins/t/check_fping.t +++ b/plugins/t/check_fping.t @@ -5,40 +5,30 @@ # use strict; -use Test; +use Test::More; use NPTest; -use vars qw($tests); +my $host_responsive = getTestParameter("NP_HOST_RESPONSIVE", "The hostname of system responsive to network requests", "localhost"); +my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1"); +my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost"); -BEGIN {$tests = 4; plan tests => $tests} - -my $successOutput = '/^FPING OK - /'; -my $failureOutput = '/^FPING CRITICAL - /'; - -my $host_responsive = getTestParameter( "host_responsive", "NP_HOST_RESPONSIVE", "localhost", - "The hostname of system responsive to network requests" ); - -my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1", - "The hostname of system not responsive to network requests" ); - -my $hostname_invalid = getTestParameter( "hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost", - "An invalid (not known to DNS) hostname" ); - - -my $t; +my $res; my $fping = qx(which fping 2> /dev/null); chomp($fping); if( ! -x "./check_fping") { - $t += skipMissingCmd( "./check_fping", $tests ); + plan skip_all => "check_fping not found, skipping tests"; } -elsif ( $> != 0 && (!$fping || ! -u $fping)) { - $t += skipMsg( "./check_fping", $tests ); +elsif ( !$fping || !-x $fping ) { + plan skip_all => "fping not found or cannot be executed, skipping tests"; } else { - $t += checkCmd( "./check_fping $host_responsive", 0, $successOutput ); - $t += checkCmd( "./check_fping $host_nonresponsive", [ 1, 2 ] ); - $t += checkCmd( "./check_fping $hostname_invalid", [ 1, 2 ] ); -} + plan tests => 3; + $res = NPTest->testCmd( "./check_fping $host_responsive" ); + cmp_ok( $res->return_code, '==', 0, "Responsive host returns OK"); -exit(0) if defined($Test::Harness::VERSION); -exit($tests - $t); + $res = NPTest->testCmd( "./check_fping $host_nonresponsive" ); + cmp_ok( $res->return_code, '==', 2, "Non-Responsive host returns Critical"); + + $res = NPTest->testCmd( "./check_fping $hostname_invalid" ); + cmp_ok( $res->return_code, '==', 3, "Invalid host returns Unknown"); +} diff --git a/plugins/t/check_ftp.t b/plugins/t/check_ftp.t index de6831ba..93a7d7c3 100644 --- a/plugins/t/check_ftp.t +++ b/plugins/t/check_ftp.t @@ -11,14 +11,9 @@ use NPTest; use vars qw($tests); BEGIN {$tests = 4; plan tests => $tests} -my $host_tcp_ftp = getTestParameter( "host_tcp_ftp", "NP_HOST_TCP_FTP", "localhost", - "A host providing the FTP Service (an FTP server)"); - -my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1", - "The hostname of system not responsive to network requests" ); - -my $hostname_invalid = getTestParameter( "hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost", - "An invalid (not known to DNS) hostname" ); +my $host_tcp_ftp = getTestParameter("NP_HOST_TCP_FTP", "A host providing the FTP Service (an FTP server)", "localhost"); +my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1"); +my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost"); my $successOutput = '/FTP OK -\s+[0-9]?\.?[0-9]+ second response time/'; diff --git a/plugins/t/check_http.t b/plugins/t/check_http.t index 2539a289..c137f7b4 100644 --- a/plugins/t/check_http.t +++ b/plugins/t/check_http.t @@ -6,54 +6,49 @@ use strict; use Test::More; +use POSIX qw/mktime strftime/; use NPTest; -plan tests => 30; +plan tests => 50; my $successOutput = '/OK.*HTTP.*second/'; my $res; +my $plugin = 'check_http'; +$plugin = 'check_curl' if $0 =~ m/check_curl/mx; -my $host_tcp_http = getTestParameter( "NP_HOST_TCP_HTTP", - "A host providing the HTTP Service (a web server)", - "localhost" ); +my $host_tcp_http = getTestParameter("NP_HOST_TCP_HTTP", "A host providing the HTTP Service (a web server)", "localhost"); +my $host_tls_http = getTestParameter("NP_HOST_TLS_HTTP", "A host providing the HTTPS Service (a tls web server)", "localhost"); +my $host_tls_cert = getTestParameter("NP_HOST_TLS_CERT", "the common name of the certificate.", "localhost"); +my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1"); +my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost"); +my $internet_access = getTestParameter("NP_INTERNET_ACCESS", "Is this system directly connected to the internet?", "yes"); +my $host_tcp_http2 = getTestParameter("NP_HOST_TCP_HTTP2", "A host providing an index page containing the string 'monitoring'", "test.monitoring-plugins.org"); +my $host_tcp_proxy = getTestParameter("NP_HOST_TCP_PROXY", "A host providing a HTTP proxy with CONNECT support", "localhost"); +my $port_tcp_proxy = getTestParameter("NP_PORT_TCP_PROXY", "Port of the proxy with HTTP and CONNECT support", "3128"); -my $host_nonresponsive = getTestParameter( "NP_HOST_NONRESPONSIVE", - "The hostname of system not responsive to network requests", - "10.0.0.1" ); - -my $hostname_invalid = getTestParameter( "NP_HOSTNAME_INVALID", - "An invalid (not known to DNS) hostname", - "nosuchhost"); - -my $internet_access = getTestParameter( "NP_INTERNET_ACCESS", - "Is this system directly connected to the internet?", - "yes"); - -my $host_tcp_http2 = getTestParameter( "NP_HOST_TCP_HTTP2", - "A host providing an index page containing the string 'monitoring'", - "test.monitoring-plugins.org" ); +my $faketime = -x '/usr/bin/faketime' ? 1 : 0; $res = NPTest->testCmd( - "./check_http $host_tcp_http -wt 300 -ct 600" + "./$plugin $host_tcp_http -wt 300 -ct 600" ); cmp_ok( $res->return_code, '==', 0, "Webserver $host_tcp_http responded" ); like( $res->output, $successOutput, "Output OK" ); $res = NPTest->testCmd( - "./check_http $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'" + "./$plugin $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'" ); like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" ); $res = NPTest->testCmd( - "./check_http $host_nonresponsive -wt 1 -ct 2" + "./$plugin $host_nonresponsive -wt 1 -ct 2 -t 3" ); cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" ); -cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 10 seconds", "Output OK"); +cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 3 seconds", "Output OK"); $res = NPTest->testCmd( - "./check_http $hostname_invalid -wt 1 -ct 2" + "./$plugin $hostname_invalid -wt 1 -ct 2" ); cmp_ok( $res->return_code, '==', 2, "Webserver $hostname_invalid not valid" ); # The first part of the message comes from the OS catalogue, so cannot check this. @@ -61,70 +56,141 @@ cmp_ok( $res->return_code, '==', 2, "Webserver $hostname_invalid not valid" ); # Is also possible to get a socket timeout if DNS is not responding fast enough like( $res->output, "/Unable to open TCP socket|Socket timeout after/", "Output OK"); +# host header checks +$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http"); +like( $res->output, '/^Host: '.$host_tcp_http.'\s*$/ms', "Host Header OK" ); + +$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http -p 80"); +like( $res->output, '/^Host: '.$host_tcp_http.'\s*$/ms', "Host Header OK" ); + +$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http:8080 -p 80"); +like( $res->output, '/^Host: '.$host_tcp_http.':8080\s*$/ms', "Host Header OK" ); + +$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http:8080 -p 80"); +like( $res->output, '/^Host: '.$host_tcp_http.':8080\s*$/ms', "Host Header OK" ); + +SKIP: { + skip "No internet access", 3 if $internet_access eq "no"; + + $res = NPTest->testCmd("./$plugin -v -H $host_tls_http -S"); + like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" ); + + $res = NPTest->testCmd("./$plugin -v -H $host_tls_http:8080 -S -p 443"); + like( $res->output, '/^Host: '.$host_tls_http.':8080\s*$/ms', "Host Header OK" ); + + $res = NPTest->testCmd("./$plugin -v -H $host_tls_http:443 -S -p 443"); + like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" ); +}; + SKIP: { skip "No host serving monitoring in index file", 7 unless $host_tcp_http2; - $res = NPTest->testCmd( "./check_http -H $host_tcp_http2 -r 'monitoring'" ); + $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'monitoring'" ); cmp_ok( $res->return_code, "==", 0, "Got a reference to 'monitoring'"); - $res = NPTest->testCmd( "./check_http -H $host_tcp_http2 -r 'mONiTORing'" ); + $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'mONiTORing'" ); cmp_ok( $res->return_code, "==", 2, "Not got 'mONiTORing'"); like ( $res->output, "/pattern not found/", "Error message says 'pattern not found'"); - $res = NPTest->testCmd( "./check_http -H $host_tcp_http2 -R 'mONiTORing'" ); + $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -R 'mONiTORing'" ); cmp_ok( $res->return_code, "==", 0, "But case insensitive doesn't mind 'mONiTORing'"); - $res = NPTest->testCmd( "./check_http -H $host_tcp_http2 -r 'monitoring' --invert-regex" ); + $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'monitoring' --invert-regex" ); cmp_ok( $res->return_code, "==", 2, "Invert results work when found"); like ( $res->output, "/pattern found/", "Error message says 'pattern found'"); - $res = NPTest->testCmd( "./check_http -H $host_tcp_http2 -r 'mONiTORing' --invert-regex" ); + $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'mONiTORing' --invert-regex" ); cmp_ok( $res->return_code, "==", 0, "And also when not found"); } SKIP: { - skip "No internet access", 16 if $internet_access eq "no"; + skip "No internet access", 23 if $internet_access eq "no"; $res = NPTest->testCmd( - "./check_http --ssl www.verisign.com" + "./$plugin --ssl $host_tls_http" ); - cmp_ok( $res->return_code, '==', 0, "Can read https for www.verisign.com" ); + cmp_ok( $res->return_code, '==', 0, "Can read https for $host_tls_http" ); - $res = NPTest->testCmd( "./check_http -C 1 --ssl www.verisign.com" ); - cmp_ok( $res->return_code, '==', 0, "Checking certificate for www.verisign.com"); - like ( $res->output, "/Certificate 'www.verisign.com' will expire on/", "Output OK" ); + $res = NPTest->testCmd( "./$plugin -C 1 --ssl $host_tls_http" ); + cmp_ok( $res->return_code, '==', 0, "Checking certificate for $host_tls_http"); + like ( $res->output, "/Certificate '$host_tls_cert' will expire on/", "Output OK" ); my $saved_cert_output = $res->output; - $res = NPTest->testCmd( "./check_http -C 8000,1 --ssl www.verisign.com" ); - cmp_ok( $res->return_code, '==', 1, "Checking certificate for www.verisign.com"); - like ( $res->output, qr/WARNING - Certificate 'www.verisign.com' expires in \d+ day/, "Output Warning" ); + $res = NPTest->testCmd( "./$plugin -C 8000,1 --ssl $host_tls_http" ); + cmp_ok( $res->return_code, '==', 1, "Checking certificate for $host_tls_http"); + like ( $res->output, qr/WARNING - Certificate '$host_tls_cert' expires in \d+ day/, "Output Warning" ); - $res = NPTest->testCmd( "./check_http www.verisign.com -C 1" ); + $res = NPTest->testCmd( "./$plugin $host_tls_http -C 1" ); is( $res->return_code, 0, "Old syntax for cert checking okay" ); is( $res->output, $saved_cert_output, "Same output as new syntax" ); - $res = NPTest->testCmd( "./check_http -H www.verisign.com -C 1" ); + $res = NPTest->testCmd( "./$plugin -H $host_tls_http -C 1" ); is( $res->return_code, 0, "Updated syntax for cert checking okay" ); is( $res->output, $saved_cert_output, "Same output as new syntax" ); - $res = NPTest->testCmd( "./check_http -C 1 www.verisign.com" ); + $res = NPTest->testCmd( "./$plugin -C 1 $host_tls_http" ); cmp_ok( $res->output, 'eq', $saved_cert_output, "--ssl option automatically added"); - $res = NPTest->testCmd( "./check_http www.verisign.com -C 1" ); + $res = NPTest->testCmd( "./$plugin $host_tls_http -C 1" ); cmp_ok( $res->output, 'eq', $saved_cert_output, "Old syntax for cert checking still works"); - $res = NPTest->testCmd( "./check_http --ssl www.verisign.com -E" ); + # run some certificate checks with faketime + SKIP: { + skip "No faketime binary found", 7 if !$faketime; + $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./$plugin -C 1 $host_tls_http"); + like($res->output, qr/OK - Certificate '$host_tls_cert' will expire on/, "Catch cert output"); + is( $res->return_code, 0, "Catch cert output exit code" ); + my($mon,$day,$hour,$min,$sec,$year) = ($res->output =~ /(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)\s+(\d+)/); + if(!defined $year) { + die("parsing date failed from: ".$res->output); + } + my $months = {'Jan' => 0, 'Feb' => 1, 'Mar' => 2, 'Apr' => 3, 'May' => 4, 'Jun' => 5, 'Jul' => 6, 'Aug' => 7, 'Sep' => 8, 'Oct' => 9, 'Nov' => 10, 'Dec' => 11}; + my $ts = mktime($sec, $min, $hour, $day, $months->{$mon}, $year-1900); + my $time = strftime("%Y-%m-%d %H:%M:%S", localtime($ts)); + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./$plugin -C 1 $host_tls_http"); + like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' just expired/, "Output on expire date"); + + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-1))."' ./$plugin -C 1 $host_tls_http"); + like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 0 minutes/, "cert expires in 1 second output"); + + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-120))."' ./$plugin -C 1 $host_tls_http"); + like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 2 minutes/, "cert expires in 2 minutes output"); + + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-7200))."' ./$plugin -C 1 $host_tls_http"); + like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 2 hours/, "cert expires in 2 hours output"); + + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./$plugin -C 1 $host_tls_http"); + like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expired on/, "Certificate expired output"); + }; + + $res = NPTest->testCmd( "./$plugin --ssl $host_tls_http -E" ); like ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' ); like ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' ); $res = NPTest->testCmd( - "./check_http --ssl www.e-paycobalt.com" + "./$plugin --ssl -H www.e-paycobalt.com" ); cmp_ok( $res->return_code, "==", 0, "Can read https for www.e-paycobalt.com (uses AES certificate)" ); - $res = NPTest->testCmd( "./check_http -H www.mozilla.com -u /firefox -f follow" ); + $res = NPTest->testCmd( "./$plugin -H www.mozilla.com -u /firefox -f follow" ); is( $res->return_code, 0, "Redirection based on location is okay"); - $res = NPTest->testCmd( "./check_http -H www.mozilla.com --extended-perfdata" ); + $res = NPTest->testCmd( "./$plugin -H www.mozilla.com --extended-perfdata" ); like ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' ); } + +SKIP: { + skip "No internet access or proxy configured", 6 if $internet_access eq "no" or ! $host_tcp_proxy; + + $res = NPTest->testCmd( "./$plugin -I $host_tcp_proxy -p $port_tcp_proxy -u http://$host_tcp_http -e 200,301,302"); + is( $res->return_code, 0, "Proxy HTTP works"); + like($res->output, qr/OK: Status line output matched/, "Proxy HTTP Output is sufficent"); + + $res = NPTest->testCmd( "./$plugin -I $host_tcp_proxy -p $port_tcp_proxy -H $host_tls_http -S -j CONNECT"); + is( $res->return_code, 0, "Proxy HTTP CONNECT works"); + like($res->output, qr/HTTP OK:/, "Proxy HTTP CONNECT output sufficent"); + + $res = NPTest->testCmd( "./$plugin -I $host_tcp_proxy -p $port_tcp_proxy -H $host_tls_http -S -j CONNECT:HEAD"); + is( $res->return_code, 0, "Proxy HTTP CONNECT works with override method"); + like($res->output, qr/HTTP OK:/, "Proxy HTTP CONNECT output sufficent"); +} diff --git a/plugins/t/check_imap.t b/plugins/t/check_imap.t index 9c6eae1f..7c74e564 100644 --- a/plugins/t/check_imap.t +++ b/plugins/t/check_imap.t @@ -8,17 +8,10 @@ use strict; use Test::More tests => 7; use NPTest; -my $host_tcp_smtp = getTestParameter( "host_tcp_smtp", "NP_HOST_TCP_SMTP", "mailhost", - "A host providing an STMP Service (a mail server)"); - -my $host_tcp_imap = getTestParameter( "host_tcp_imap", "NP_HOST_TCP_IMAP", $host_tcp_smtp, - "A host providing an IMAP Service (a mail server)"); - -my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1", - "The hostname of system not responsive to network requests" ); - -my $hostname_invalid = getTestParameter( "hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost", - "An invalid (not known to DNS) hostname" ); +my $host_tcp_smtp = getTestParameter("NP_HOST_TCP_SMTP", "A host providing an STMP Service (a mail server)", "mailhost"); +my $host_tcp_imap = getTestParameter("NP_HOST_TCP_IMAP", "A host providing an IMAP Service (a mail server)", $host_tcp_smtp); +my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1"); +my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost"); my $t; diff --git a/plugins/t/check_jabber.t b/plugins/t/check_jabber.t index 7a708d5b..fcdae179 100644 --- a/plugins/t/check_jabber.t +++ b/plugins/t/check_jabber.t @@ -10,23 +10,9 @@ use NPTest; plan tests => 10; -my $host_tcp_jabber = getTestParameter( - "NP_HOST_TCP_JABBER", - "A host providing the Jabber Service", - "jabber.org" - ); - -my $host_nonresponsive = getTestParameter( - "NP_HOST_NONRESPONSIVE", - "The hostname of system not responsive to network requests", - "10.0.0.1", - ); - -my $hostname_invalid = getTestParameter( - "NP_HOSTNAME_INVALID", - "An invalid (not known to DNS) hostname", - "nosuchhost", - ); +my $host_tcp_jabber = getTestParameter("NP_HOST_TCP_JABBER", "A host providing the Jabber Service", "jabber.de"); +my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1"); +my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost"); my $jabberOK = '/JABBER OK\s-\s\d+\.\d+\ssecond response time on '.$host_tcp_jabber.' port 5222/'; diff --git a/plugins/t/check_ldap.t b/plugins/t/check_ldap.t new file mode 100644 index 00000000..b8a4a766 --- /dev/null +++ b/plugins/t/check_ldap.t @@ -0,0 +1,71 @@ +#!/usr/bin/env perl -I .. +# +# Lightweight Directory Access Protocol (LDAP) Test via check_ldap +# +# + +use strict; +use warnings; +use Test::More; +use NPTest; + +my $host_tcp_ldap = getTestParameter("NP_HOST_TCP_LDAP", "A host providing the LDAP Service", "localhost"); +my $ldap_base_dn = getTestParameter("NP_LDAP_BASE_DN", "A base dn for the LDAP Service", "cn=admin"); +my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1"); +my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost"); + +my($result, $cmd); +my $command = './check_ldap'; + +plan tests => 16; + +SKIP: { + skip "NP_HOST_NONRESPONSIVE not set", 2 if ! $host_nonresponsive; + + $result = NPTest->testCmd("$command -H $host_nonresponsive -b ou=blah -t 2 -w 1 -c 1"); + is( $result->return_code, 2, "$command -H $host_nonresponsive -b ou=blah -t 5 -w 2 -c 3" ); + is( $result->output, 'CRITICAL - Socket timeout after 2 seconds', "output ok" ); +}; + +SKIP: { + skip "NP_HOSTNAME_INVALID not set", 2 if ! $hostname_invalid; + + $result = NPTest->testCmd("$command -H $hostname_invalid -b ou=blah -t 5"); + is( $result->return_code, 2, "$command -H $hostname_invalid -b ou=blah -t 5" ); + is( $result->output, 'Could not bind to the LDAP server', "output ok" ); +}; + +SKIP: { + skip "NP_HOST_TCP_LDAP not set", 12 if ! $host_tcp_ldap; + skip "NP_LDAP_BASE_DN not set", 12 if ! $ldap_base_dn; + + $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3"; + $result = NPTest->testCmd($cmd); + is( $result->return_code, 0, $cmd ); + like( $result->output, '/^LDAP OK - \d+.\d+ seconds response time\|time=\d+\.\d+s;2\.0+;3\.0+;0\.0+$/', "output ok" ); + + $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 10000000 -C 10000001"; + $result = NPTest->testCmd($cmd); + is( $result->return_code, 0, $cmd ); + like( $result->output, '/^LDAP OK - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;10000000;10000001;0\.0+$/', "output ok" ); + + $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 10000000: -C 10000001:"; + $result = NPTest->testCmd($cmd); + is( $result->return_code, 2, $cmd ); + like( $result->output, '/^LDAP CRITICAL - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;10000000:;10000001:;0\.0+$/', "output ok" ); + + $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 0 -C 0"; + $result = NPTest->testCmd($cmd); + is( $result->return_code, 2, $cmd ); + like( $result->output, '/^LDAP CRITICAL - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;0;0;0\.0+$/', "output ok" ); + + $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 10000000: -C 10000001"; + $result = NPTest->testCmd($cmd); + is( $result->return_code, 1, $cmd ); + like( $result->output, '/^LDAP WARNING - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;10000000:;10000001;0\.0+$/', "output ok" ); + + $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -C 10000001"; + $result = NPTest->testCmd($cmd); + is( $result->return_code, 0, $cmd ); + like( $result->output, '/^LDAP OK - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;;10000001;0\.0+$/', "output ok" ); +}; diff --git a/plugins/t/check_load.t b/plugins/t/check_load.t index 55f6f752..60837ef6 100644 --- a/plugins/t/check_load.t +++ b/plugins/t/check_load.t @@ -11,8 +11,8 @@ use NPTest; my $res; my $loadValue = "[0-9]+\.?[0-9]+"; -my $successOutput = "/^OK - load average: $loadValue, $loadValue, $loadValue/"; -my $failureOutput = "/^CRITICAL - load average: $loadValue, $loadValue, $loadValue/"; +my $successOutput = "/^LOAD OK - load average: $loadValue, $loadValue, $loadValue/"; +my $failureOutput = "/^LOAD CRITICAL - load average: $loadValue, $loadValue, $loadValue/"; plan tests => 11; diff --git a/plugins/t/check_mysql.t b/plugins/t/check_mysql.t index 28cd4cd0..e426bf59 100644 --- a/plugins/t/check_mysql.t +++ b/plugins/t/check_mysql.t @@ -21,30 +21,11 @@ plan skip_all => "check_mysql not compiled" unless (-x "check_mysql"); plan tests => 15; my $bad_login_output = '/Access denied for user /'; -my $mysqlserver = getTestParameter( - "NP_MYSQL_SERVER", - "A MySQL Server hostname or IP with no slaves setup" - ); -my $mysqlsocket = getTestParameter( - "NP_MYSQL_SOCKET", - "Full path to a MySQL Server socket with no slaves setup" - ); -my $mysql_login_details = getTestParameter( - "MYSQL_LOGIN_DETAILS", - "Command line parameters to specify login access (requires " . - "REPLICATION CLIENT privleges)", - "-u test -ptest", - ); -my $with_slave = getTestParameter( - "NP_MYSQL_WITH_SLAVE", - "MySQL server with slaves setup" - ); -my $with_slave_login = getTestParameter( - "NP_MYSQL_WITH_SLAVE_LOGIN", - "Login details for server with slave (requires REPLICATION CLIENT " . - "privleges)", - $mysql_login_details || "-u test -ptest" - ); +my $mysqlserver = getTestParameter("NP_MYSQL_SERVER", "A MySQL Server hostname or IP with no slaves setup"); +my $mysqlsocket = getTestParameter("NP_MYSQL_SOCKET", "Full path to a MySQL Server socket with no slaves setup"); +my $mysql_login_details = getTestParameter("NP_MYSQL_LOGIN_DETAILS", "Command line parameters to specify login access (requires REPLICATION CLIENT privleges)", "-u test -ptest"); +my $with_slave = getTestParameter("NP_MYSQL_WITH_SLAVE", "MySQL server with slaves setup"); +my $with_slave_login = getTestParameter("NP_MYSQL_WITH_SLAVE_LOGIN", "Login details for server with slave (requires REPLICATION CLIENT privleges)", $mysql_login_details || "-u test -ptest"); my $result; diff --git a/plugins/t/check_mysql_query.t b/plugins/t/check_mysql_query.t index 407af881..96899ac6 100644 --- a/plugins/t/check_mysql_query.t +++ b/plugins/t/check_mysql_query.t @@ -17,15 +17,8 @@ use vars qw($tests); plan skip_all => "check_mysql_query not compiled" unless (-x "check_mysql_query"); -my $mysqlserver = getTestParameter( - "NP_MYSQL_SERVER", - "A MySQL Server with no slaves setup" - ); -my $mysql_login_details = getTestParameter( - "MYSQL_LOGIN_DETAILS", - "Command line parameters to specify login access", - "-u user -ppw -d db", - ); +my $mysqlserver = getTestParameter("NP_MYSQL_SERVER", "A MySQL Server with no slaves setup"); +my $mysql_login_details = getTestParameter("NP_MYSQL_LOGIN_DETAILS", "Command line parameters to specify login access", "-u user -ppw -d db"); my $result; if (! $mysqlserver) { diff --git a/plugins/t/check_snmp.t b/plugins/t/check_snmp.t index 2d6c44a7..f2f218fd 100644 --- a/plugins/t/check_snmp.t +++ b/plugins/t/check_snmp.t @@ -10,23 +10,17 @@ use NPTest; BEGIN { plan skip_all => 'check_snmp is not compiled' unless -x "./check_snmp"; - plan tests => 61; + plan tests => 63; } my $res; -my $host_snmp = getTestParameter( "host_snmp", "NP_HOST_SNMP", "localhost", - "A host providing an SNMP Service"); +my $host_snmp = getTestParameter("NP_HOST_SNMP", "A host providing an SNMP Service", "localhost"); +my $snmp_community = getTestParameter("NP_SNMP_COMMUNITY", "The SNMP Community string for SNMP Testing (assumes snmp v1)", "public"); +my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1"); +my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost"); +my $user_snmp = getTestParameter("NP_SNMP_USER", "An SNMP user", "auth_md5"); -my $snmp_community = getTestParameter( "snmp_community", "NP_SNMP_COMMUNITY", "public", - "The SNMP Community string for SNMP Testing (assumes snmp v1)" ); - -my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1", - "The hostname of system not responsive to network requests" ); - -my $hostname_invalid = getTestParameter( "hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost", - "An invalid (not known to DNS) hostname" ); -my $user_snmp = getTestParameter( "user_snmp", "NP_SNMP_USER", "auth_md5", "An SNMP user"); $res = NPTest->testCmd( "./check_snmp -t 1" ); is( $res->return_code, 3, "No host name" ); @@ -45,7 +39,7 @@ is( $res->return_code, 3, "Invalid protocol" ); like( $res->output, "/check_snmp: Invalid SNMP version - 3c/" ); SKIP: { - skip "no snmp host defined", 48 if ( ! $host_snmp ); + skip "no snmp host defined", 50 if ( ! $host_snmp ); $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0 -w 1: -c 1:"); cmp_ok( $res->return_code, '==', 0, "Exit OK when querying uptime" ); @@ -153,6 +147,10 @@ SKIP: { $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0"); cmp_ok( $res->return_code, '==', 0, "Timetick used as a string"); like($res->output, '/^SNMP OK - Timeticks:\s\(\d+\)\s+(?:\d+ days?,\s+)?\d+:\d+:\d+\.\d+\s.*$/', "Timetick used as a string, result printed rather than parsed"); + + $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o HOST-RESOURCES-MIB::hrSWRunName.1"); + cmp_ok( $res->return_code, '==', 0, "snmp response without datatype"); + like( $res->output, '/^SNMP OK - "(systemd|init)" \| $/', "snmp response without datatype" ); } SKIP: { @@ -166,8 +164,8 @@ SKIP: { SKIP: { skip "no non responsive host defined", 2 if ( ! $host_nonresponsive ); $res = NPTest->testCmd( "./check_snmp -H $host_nonresponsive -C np_foobar -o system.sysUpTime.0 -w 1: -c 1:"); - cmp_ok( $res->return_code, '==', 3, "Exit UNKNOWN with non responsive host" ); - like($res->output, '/External command error: Timeout: No Response from /', "String matches timeout problem"); + cmp_ok( $res->return_code, '==', 2, "Exit CRITICAL with non responsive host" ); + like($res->output, '/Plugin timed out while executing system call/', "String matches timeout problem"); } SKIP: { diff --git a/plugins/t/check_ssh.t b/plugins/t/check_ssh.t index 80083492..a5cd23ce 100644 --- a/plugins/t/check_ssh.t +++ b/plugins/t/check_ssh.t @@ -9,17 +9,9 @@ use Test::More; use NPTest; # Required parameters -my $ssh_host = getTestParameter("NP_SSH_HOST", - "A host providing SSH service", - "localhost"); - -my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", - "The hostname of system not responsive to network requests", - "10.0.0.1" ); - -my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", - "An invalid (not known to DNS) hostname", - "nosuchhost" ); +my $ssh_host = getTestParameter("NP_SSH_HOST", "A host providing SSH service", "localhost"); +my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1" ); +my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost" ); plan skip_all => "SSH_HOST must be defined" unless $ssh_host; diff --git a/plugins/t/check_swap.t b/plugins/t/check_swap.t index e44adc90..de9e0f05 100644 --- a/plugins/t/check_swap.t +++ b/plugins/t/check_swap.t @@ -8,9 +8,9 @@ use strict; use Test::More tests => 8; use NPTest; -my $successOutput = '/^SWAP OK - [0-9]+\% free \([0-9]+ MB out of [0-9]+ MB\)/'; -my $failureOutput = '/^SWAP CRITICAL - [0-9]+\% free \([0-9]+ MB out of [0-9]+ MB\)/'; -my $warnOutput = '/^SWAP WARNING - [0-9]+\% free \([0-9]+ MB out of [0-9]+ MB\)/'; +my $successOutput = '/^SWAP OK - [0-9]+\% free \([0-9]+MB out of [0-9]+MB\)/'; +my $failureOutput = '/^SWAP CRITICAL - [0-9]+\% free \([0-9]+MB out of [0-9]+MB\)/'; +my $warnOutput = '/^SWAP WARNING - [0-9]+\% free \([0-9]+MB out of [0-9]+MB\)/'; my $result; diff --git a/plugins/t/check_tcp.t b/plugins/t/check_tcp.t index f996685d..cb4de53d 100644 --- a/plugins/t/check_tcp.t +++ b/plugins/t/check_tcp.t @@ -15,18 +15,11 @@ BEGIN { } -my $host_tcp_http = getTestParameter( "host_tcp_http", "NP_HOST_TCP_HTTP", "localhost", - "A host providing the HTTP Service (a web server)" ); - -my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1", - "The hostname of system not responsive to network requests" ); - -my $hostname_invalid = getTestParameter( "hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost", - "An invalid (not known to DNS) hostname" ); - -my $internet_access = getTestParameter( "NP_INTERNET_ACCESS", - "Is this system directly connected to the internet?", - "yes"); +my $host_tcp_http = getTestParameter("NP_HOST_TCP_HTTP", "A host providing the HTTP Service (a web server)", "localhost"); +my $host_tls_http = getTestParameter("NP_HOST_TLS_HTTP", "A host providing the HTTPS Service (a tls web server)", "localhost"); +my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1"); +my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost"); +my $internet_access = getTestParameter("NP_INTERNET_ACCESS", "Is this system directly connected to the internet?", "yes"); my $successOutput = '/^TCP OK\s-\s+[0-9]?\.?[0-9]+ second response time on port [0-9]+/'; @@ -42,10 +35,10 @@ $t += checkCmd( "./check_tcp $host_tcp_http -p 81 -wt 0 -ct 0 -to 1", 2 $t += checkCmd( "./check_tcp $host_nonresponsive -p 80 -wt 0 -ct 0 -to 1", 2 ); $t += checkCmd( "./check_tcp $hostname_invalid -p 80 -wt 0 -ct 0 -to 1", 2 ); if($internet_access ne "no") { - $t += checkCmd( "./check_tcp -S -D 1 -H www.verisign.com -p 443", 0 ); - $t += checkCmd( "./check_tcp -S -D 9000,1 -H www.verisign.com -p 443", 1 ); - $t += checkCmd( "./check_tcp -S -D 9000 -H www.verisign.com -p 443", 1 ); - $t += checkCmd( "./check_tcp -S -D 9000,8999 -H www.verisign.com -p 443", 2 ); + $t += checkCmd( "./check_tcp -S -D 1 -H $host_tls_http -p 443", 0 ); + $t += checkCmd( "./check_tcp -S -D 9000,1 -H $host_tls_http -p 443", 1 ); + $t += checkCmd( "./check_tcp -S -D 9000 -H $host_tls_http -p 443", 1 ); + $t += checkCmd( "./check_tcp -S -D 9000,8999 -H $host_tls_http -p 443", 2 ); } # Need the \r\n to make it more standards compliant with web servers. Need the various quotes diff --git a/plugins/t/check_time.t b/plugins/t/check_time.t index 961f56e6..92c2f891 100644 --- a/plugins/t/check_time.t +++ b/plugins/t/check_time.t @@ -11,14 +11,9 @@ use NPTest; use vars qw($tests); BEGIN {$tests = 8; plan tests => $tests} -my $host_udp_time = getTestParameter( "host_udp_time", "NP_HOST_UDP_TIME", "localhost", - "A host providing the UDP Time Service" ); - -my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1", - "The hostname of system not responsive to network requests" ); - -my $hostname_invalid = getTestParameter( "hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost", - "An invalid (not known to DNS) hostname" ); +my $host_udp_time = getTestParameter("NP_HOST_UDP_TIME", "A host providing the UDP Time Service", "localhost"); +my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1"); +my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost"); my $successOutput = '/^TIME OK - [0-9]+ second time difference/'; diff --git a/plugins/t/check_udp.t b/plugins/t/check_udp.t index 1f6fee70..6c47d095 100644 --- a/plugins/t/check_udp.t +++ b/plugins/t/check_udp.t @@ -34,12 +34,12 @@ my $nc; if(system("which nc.traditional >/dev/null 2>&1") == 0) { $nc = 'nc.traditional -w 3 -l -u -p 3333'; } -elsif(system("which netcat >/dev/null 2>&1") == 0) { - $nc = 'netcat -w 3 -l -u -p 3333'; -} elsif(system("which nc >/dev/null 2>&1") == 0) { $nc = 'nc -w 3 -l -u -4 localhost 3333'; } +elsif(system("which netcat >/dev/null 2>&1") == 0) { + $nc = 'netcat -w 3 -l -u -p 3333'; +} SKIP: { skip "solaris netcat does not listen to udp", 6 if $^O eq 'solaris'; diff --git a/plugins/t/check_users.t b/plugins/t/check_users.t index 39044bb5..088f3b52 100644 --- a/plugins/t/check_users.t +++ b/plugins/t/check_users.t @@ -13,7 +13,7 @@ use Test; use NPTest; use vars qw($tests); -BEGIN {$tests = 4; plan tests => $tests} +BEGIN {$tests = 8; plan tests => $tests} my $successOutput = '/^USERS OK - [0-9]+ users currently logged in/'; my $failureOutput = '/^USERS CRITICAL - [0-9]+ users currently logged in/'; @@ -22,6 +22,8 @@ my $t; $t += checkCmd( "./check_users 1000 1000", 0, $successOutput ); $t += checkCmd( "./check_users 0 0", 2, $failureOutput ); +$t += checkCmd( "./check_users -w 0:1000 -c 0:1000", 0, $successOutput ); +$t += checkCmd( "./check_users -w 0:0 -c 0:0", 2, $failureOutput ); exit(0) if defined($Test::Harness::VERSION); exit($tests - $t); diff --git a/plugins/tests/certs/expired-cert.pem b/plugins/tests/certs/expired-cert.pem index 40324cf8..77a9166e 100644 --- a/plugins/tests/certs/expired-cert.pem +++ b/plugins/tests/certs/expired-cert.pem @@ -1,21 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIDYzCCAsygAwIBAgIJAJISzcX71f5pMA0GCSqGSIb3DQEBBAUAMH8xCzAJBgNV -BAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIxFzAV -BgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwGCSqG -SIb3DQEJARYPdG9udm9vbkBtYWMuY29tMB4XDTA5MDMwNjAwMTMxNVoXDTA5MDMw -NTAwMTMxNlowfzELMAkGA1UEBhMCVUsxEzARBgNVBAgTCkRlcmJ5c2hpcmUxDzAN -BgNVBAcTBkJlbHBlcjEXMBUGA1UEChMOTmFnaW9zIFBsdWdpbnMxETAPBgNVBAMT -CFRvbiBWb29uMR4wHAYJKoZIhvcNAQkBFg90b252b29uQG1hYy5jb20wgZ8wDQYJ -KoZIhvcNAQEBBQADgY0AMIGJAoGBAOQHP4JnzACi4q6quXAiK+gTSffG6yyjEV+K -iyutRgBF2MdF03X5ls0wENw/5fnMTrHynl4XoGoV/rD4CR2hGT0m7dv7Vu0MRLlP -J1SCiFeMuQS30zzLMJr0A7IW869qRlKQmzxs1JT6XDbSoNQuF154zoxwNsKlMjoX -tJSHN2YpAgMBAAGjgeYwgeMwHQYDVR0OBBYEFHWjM9OQldrDLMcAfPnUVfGxlzOp -MIGzBgNVHSMEgaswgaiAFHWjM9OQldrDLMcAfPnUVfGxlzOpoYGEpIGBMH8xCzAJ -BgNVBAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIx -FzAVBgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwG -CSqGSIb3DQEJARYPdG9udm9vbkBtYWMuY29tggkAkhLNxfvV/mkwDAYDVR0TBAUw -AwEB/zANBgkqhkiG9w0BAQQFAAOBgQDHjoXoGwBamCiNplTt93jH/TO08RATdZP5 -45hlxv2+PKCjjTiFa2mjAvopFiqmYsr40XYEmpeYMiaOzOW5rBjtqBAT/JJWyfda -SCmj3swqyKus63rv/iuokIhZzBdhbB+eOJJrmwT2SEc5KdRaipH0QAGF1nZAAGzo -6xW7hkzYog== +MIIEETCCAvmgAwIBAgIUFDsP6WnV/uqeQMpD/DYSqouE13kwDQYJKoZIhvcNAQEL +BQAwgZcxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZN +dW5pY2gxGzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9u +aXRvcmluZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5n +LXBsdWdpbnMub3JnMB4XDTA4MDEwMTExMDAyNloXDTA4MDEwMjExMDAyNlowgZcx +CzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gx +GzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9uaXRvcmlu +ZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdp +bnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyeHKwKFjJWUX +YHKsisypUf9dHlIPQAISyGP1BX6UL26ZLvE6kKbx3LFQ9W2POGoQWlzFiB1soGeV +WDd0U0JtWdCKmOXWdcXpupQlTSUtRCMDQkfqLN8GR5TBTd73rezp5mz08nMfLwu0 +p5VQ191Ui8JHFgrAOalAn8Uw5De8vj4VmTXmU5NJ2UFoC0ddU/Th/lwRCayHc1cn +MVq2F7c/uhMUUQYNBmJy0pxoHawp+j9NKl/xIYsjgQNgahQyNuswuGHjaEwhPu+7 +G03XsW4ehu+H1898M/MkSln6LQAU1syoJ8ypPM8tV+zgx4uwj7udnZ2hceN95uW7 +0PWg5DQyUwIDAQABo1MwUTAdBgNVHQ4EFgQUt9ps3KJ1XiMuy/ijFBjMzf6jgwkw +HwYDVR0jBBgwFoAUt9ps3KJ1XiMuy/ijFBjMzf6jgwkwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAVPBZwMHbrnHFbmhbcPuvYd5cxk0uSVNAUzsl +2biCq5P+ZHo10VHGygXtdV4utqk/IrAt2u5qSxycWPStCtAgTd3Q8ncfjOkaHM4z +2bxTkhLyQeU8NWPuDBqDszo2GOaFTv+lm36LEKiAfqB1tjQVePSkycdrWIhkamBV +EgMe6uHLdU7QQk1ajQfrBdakN1beqki/dKieA6gm+XF/QS4SSYINmsHB/2X5cT9U +b/KMB8xurCnuJQuk1P4VsSkJCOSeHjWZgK9pKNdsIJZr4wDVfhjQgU0XT6xakSf7 +eCaHtO0VKsbLZoiTmpxidjsdYiXyeKYIQNtUpTjyJ5V/cZsq9w== -----END CERTIFICATE----- diff --git a/plugins/tests/certs/expired-key.pem b/plugins/tests/certs/expired-key.pem index af0e24da..c1510b2d 100644 --- a/plugins/tests/certs/expired-key.pem +++ b/plugins/tests/certs/expired-key.pem @@ -1,15 +1,28 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDkBz+CZ8wAouKuqrlwIivoE0n3xussoxFfiosrrUYARdjHRdN1 -+ZbNMBDcP+X5zE6x8p5eF6BqFf6w+AkdoRk9Ju3b+1btDES5TydUgohXjLkEt9M8 -yzCa9AOyFvOvakZSkJs8bNSU+lw20qDULhdeeM6McDbCpTI6F7SUhzdmKQIDAQAB -AoGARgI3rHjjuDpKMGg4IMZNBqaNaiZHY9/44IVvrww21rSbFqtIfgsQEpU0R/rS -R7xDWPztRGQqmwd/t6OfYNpqHbjO1MWzasVBVnzue5P59Y1xy1h0LZF8+a9GY++0 -uAGUC24jsXSmypNVzoX+ZKyinA3oYV/etdPYx1W8Ms5XIzUCQQD7xwhMuLok6Kbq -UEgiSfBTbx+haP3IiqqMF14z8QoEyD3jchydNaXEYdQxN8jEl2aPrMqTc6x8Jq4/ -ai0OkB+fAkEA59pAmN81HylV7+CsVjLOSbJqzau7NDxSs2uutxhHZRwz0e25wVer -fA03l08u0ebC/TDHkmHV6ikCryM5HU2FNwJAVZJFzd2S1myEHmr+uTisB49jDrbi -WkBWypo+mCS6JPnxntXvx7auClq9haTSBY73eqldiFPuMZvr6P2rJqHxPQJBAOTM -quaxjti7kATy8N73sD9mBKQGju1TgkFxSK+DFCGhnTnToXY9MAtxd6SoDYoyccYu -dyPrzJAR/IYc+mYCdC0CQDKlZuMPVXEgvGaQapzMQ++5yJRvMZF4tWvONBs0OCE9 -QYarsTi5M20cymMBXHOLZIjqwsni4G/C9kqJSvC75Vg= ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJ4crAoWMlZRdg +cqyKzKlR/10eUg9AAhLIY/UFfpQvbpku8TqQpvHcsVD1bY84ahBaXMWIHWygZ5VY +N3RTQm1Z0IqY5dZ1xem6lCVNJS1EIwNCR+os3wZHlMFN3vet7OnmbPTycx8vC7Sn +lVDX3VSLwkcWCsA5qUCfxTDkN7y+PhWZNeZTk0nZQWgLR11T9OH+XBEJrIdzVycx +WrYXtz+6ExRRBg0GYnLSnGgdrCn6P00qX/EhiyOBA2BqFDI26zC4YeNoTCE+77sb +Tdexbh6G74fXz3wz8yRKWfotABTWzKgnzKk8zy1X7ODHi7CPu52dnaFx433m5bvQ +9aDkNDJTAgMBAAECggEACrLFfNnQmD24NGs/S4e2/VpsA9xTZI/3kNkDNgxULANP +aNZtxRajwI9A/BCXQ2UTgsZhzWnJxOJYXrlpl7PweY78mUesysb3MOUC6QisUm0M +kimfdktHWOnAKLFFLNleN9DUVjjVkTeslijqhNX80f80py1grG2UuCLKCX4OqYIm +qACE8TMmSZLz42AO96TndNtKplQ8LuGLEmByW95wEfhx3Gm4ckkL7qII/U3DnQXr +0T+3xLaj+eNJzYDpIFZiw4sNzOuAyCz+4Cc4sPDuMnzquXF+enpkemoycC1RmEpG +KIDTwmFsc8TrbGV0qifC6fsCrDivdYLqL7R/q3IBQQKBgQDmfvO3VYTEKY8NA+AT +5s6+7NTxRsXxJUCEhCNBWimSH3EzmBAvrodLY6A0oYg8i81bgNX1I9GPVXJZ/QA7 +ukd84HUIQoGS5Usmo4rp+kz4P6KkLXDemZtWPU5GXxicfajHRQlkbW6St6SpV7IS +ibJcDADeoiaPL1xvue1ToP/LoQKBgQDgOFHjYpep00gabvjXfYW7vhrg1vVwaKUM +rf0+UW8Exk4nbBw0eEC2YjxIwzdktlkdbzGaXYULnhg8GnfxYesMOpCLPw1JdB8o +ixETAFpW5bKrUsjEFRUGhzWnsCSFIQ4smpmtGLTxOQ8AkoDdORY5Z+Wv7JtFF6Do +PSoblckZcwKBgB3TD3YJesRnHDty5OuuUdIikuslXTd2uoJrFqS+JeLibqNeabnB +u3/lxDULMbWj4U6VvRmbKOKDC+jY887Gq7lc0cff0yROxwqY3sCnwo3crg7QUmp7 +Nb5S8G3qoCSfndcq96wm/Me/O28uCbycVJfUdchY8uRUHIHYbP0FOBQBAoGBAMgh +fPX4imaKr1DovDObVkK87EDDnU84GBm5MtDs3qrkVd3aIVK0Aw7HoAdSN58tI12i +YiPmVVqJQhhjh6tsOuAvZdTj8ngdrbICbrsHFZt6an+A5LIgHyQ0iy+hiPdLCdvG +ImTeKKMmyr04Bs1upueWVO0xw2VoMbcY4Py+NUEBAoGASQqedfCSKGLT+5lLZrhP +CbFVMmswEPjBcRb1trcuA09vfExn9FfUNFnnw3i9miprED5kufvAjb+6nduXizKg +7HQYHCwVvakgtXgbiDMaNgYZcjWm+MdnfiwLJjJTO3DfI1JF2PJ8y9R95DPlAkDm +xH3OV8KV4UiTEVxS7ksmGzY= +-----END PRIVATE KEY----- diff --git a/plugins/tests/certs/server-cert.pem b/plugins/tests/certs/server-cert.pem index 549e4f7e..b84b91d2 100644 --- a/plugins/tests/certs/server-cert.pem +++ b/plugins/tests/certs/server-cert.pem @@ -1,21 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIDYzCCAsygAwIBAgIJAL8LkpNwzYdxMA0GCSqGSIb3DQEBBAUAMH8xCzAJBgNV -BAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIxFzAV -BgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwGCSqG -SIb3DQEJARYPdG9udm9vbkBtYWMuY29tMB4XDTA5MDMwNTIxNDEyOFoXDTE5MDMw -MzIxNDEyOFowfzELMAkGA1UEBhMCVUsxEzARBgNVBAgTCkRlcmJ5c2hpcmUxDzAN -BgNVBAcTBkJlbHBlcjEXMBUGA1UEChMOTmFnaW9zIFBsdWdpbnMxETAPBgNVBAMT -CFRvbiBWb29uMR4wHAYJKoZIhvcNAQkBFg90b252b29uQG1hYy5jb20wgZ8wDQYJ -KoZIhvcNAQEBBQADgY0AMIGJAoGBAKcWMBtNtfY8vZXk0SN6/EYTVN/LOvaOSegy -oVdLoGwuwjagk+XmCzvCqHZRp8lnCLay7AO8AQI7TSN02ihCcSrgGA9OT+HciIJ1 -l5/kEYUAuA1PR6YKK/T713zUAlMzy2tsugx5+xSsSEwsXkmne52jJiG/wuE5CLT0 -9pF8HQqHAgMBAAGjgeYwgeMwHQYDVR0OBBYEFGioSPQ/rdE19+zaeY2YvHTXlUDI -MIGzBgNVHSMEgaswgaiAFGioSPQ/rdE19+zaeY2YvHTXlUDIoYGEpIGBMH8xCzAJ -BgNVBAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIx -FzAVBgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwG -CSqGSIb3DQEJARYPdG9udm9vbkBtYWMuY29tggkAvwuSk3DNh3EwDAYDVR0TBAUw -AwEB/zANBgkqhkiG9w0BAQQFAAOBgQCdqasaIO6JiV5ONFG6Tr1++85UfEdZKMUX -N2NHiNNUunolIZEYR+dW99ezKmHlDiQ/tMgoLVYpl2Ubho2pAkLGQR+W0ZASgWQ1 -NjfV27Rv0y6lYQMTA0lVAU93L1x9reo3FMedmL5+H+lIEpLCxEPtAJNISrJOneZB -W5jDadwkoQ== +MIIEBjCCAu6gAwIBAgIJANbQ5QQrKhUGMA0GCSqGSIb3DQEBCwUAMIGXMQswCQYD +VQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEPMA0GA1UEBwwGTXVuaWNoMRswGQYD +VQQKDBJNb25pdG9yaW5nIFBsdWdpbnMxGzAZBgNVBAMMEk1vbml0b3JpbmcgUGx1 +Z2luczErMCkGCSqGSIb3DQEJARYcZGV2ZWxAbW9uaXRvcmluZy1wbHVnaW5zLm9y +ZzAeFw0xOTAyMTkxNTMxNDRaFw0yOTAyMTYxNTMxNDRaMIGXMQswCQYDVQQGEwJE +RTEQMA4GA1UECAwHQmF2YXJpYTEPMA0GA1UEBwwGTXVuaWNoMRswGQYDVQQKDBJN +b25pdG9yaW5nIFBsdWdpbnMxGzAZBgNVBAMMEk1vbml0b3JpbmcgUGx1Z2luczEr +MCkGCSqGSIb3DQEJARYcZGV2ZWxAbW9uaXRvcmluZy1wbHVnaW5zLm9yZzCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKgV2yp8pQvJuN+aJGdAe6Hd0tja +uteCPcNIcM92WLOF69TLTSYon1XDon4tHTh4Z5d4lD8bfsGzFVBmDSgWidhAUf+v +EqEXwbp293ej/Frc0pXCvmrz6kI1tWrLtQhL/VdbxFYxhV7JjKb+PY3SxGFpSLPe +PQ/5SwVndv7rZIwcjseL22K5Uy2TIrkgzzm2pRs/IvoxRybYr/+LGoHyrtJC6AO8 +ylp8A/etL0gwtUvRnrnZeTQ2pA1uZ5QN3anTL8JP/ZRZYNegIkaawqMtTKbhM6pi +u3/4a3Uppvt0y7vmGfQlYejxCpICnMrvHMpw8L58zv/98AbCGjDU3UwCt6MCAwEA +AaNTMFEwHQYDVR0OBBYEFG/UH6nGYPlVcM75UXzXBF5GZyrcMB8GA1UdIwQYMBaA +FG/UH6nGYPlVcM75UXzXBF5GZyrcMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN +AQELBQADggEBAGwitJPOnlIKLndNf+iCLMIs0dxsl8kAaejFcjoT0n4ja7Y6Zrqz +VSIidzz9vQWvy24xKJpAOdj/iLRHCUOG+Pf5fA6+/FiuqXr6gE2/lm0eC58BNONr +E5OzjQ/VoQ8RX4hDntgu6FYbaVa/vhwn16igt9qmdNGGZXf2/+DM3JADwyaA4EK8 +vm7KdofX9zkxXecHPNvf3jiVLPiDDt6tkGpHPEsyP/yc+RUdltUeZvHfliV0cCuC +jJX+Fm9ysjSpHIFFr+jUMuMHibWoOD8iy3eYxfCDoWsH488pCbj8MNuAq6vd6DBk +bOZxDz43vjWuYMkwXJTxJQh7Pne6kK0vE1g= -----END CERTIFICATE----- diff --git a/plugins/tests/certs/server-key.pem b/plugins/tests/certs/server-key.pem index eacaeaa3..11947555 100644 --- a/plugins/tests/certs/server-key.pem +++ b/plugins/tests/certs/server-key.pem @@ -1,15 +1,28 @@ ------BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQCnFjAbTbX2PL2V5NEjevxGE1Tfyzr2jknoMqFXS6BsLsI2oJPl -5gs7wqh2UafJZwi2suwDvAECO00jdNooQnEq4BgPTk/h3IiCdZef5BGFALgNT0em -Civ0+9d81AJTM8trbLoMefsUrEhMLF5Jp3udoyYhv8LhOQi09PaRfB0KhwIDAQAB -AoGAfpxclcP8N3vteXErXURrd7pcXT0GECDgNjhvc9PV20RPXM+vYs1AA+fMeeQE -TaRqwO6x016aMRO4rz5ztYArecTBznkds1k59pkN/Ne/nsueU4tvGK8MNyS2o986 -Voohqkaq4Lcy1bcHJb9su1ELjegEr1R76Mz452Hsy+uTbAECQQDcg/tZWKVeh5CQ -dOEB3YWHwfn0NDgfPm/X2i2kAZ7n7URaUy/ffdlfsrr1mBtHCfedLoOxmmlNfEpM -hXAAurSHAkEAwfk7fEb0iN0Sj9gTozO7c6Ky10KwePZyjVzqSQIiJq3NX8BEaIeb -51TXxE5VxaLjjMLRkA0hWTYXClgERFZ6AQJAN7ChPqwzf08PRFwwIw911JY5cOHr -NoDHMCUql5vNLNdwBruxgGjBB/kUXEfgw60RusFvgt/zLh1wiii844JDawJAGQBF -sYP3urg7zzx7c3qUe5gJ0wLuefjR1PSX4ecbfb7DDMdcSdjIuG1QDiZGmd2f1KG7 -nwSCOtxk5dloW2KGAQJAQh/iBn0QhfKLFAP5eZBVk8E8XlZuw+S2DLy5SnBlIiYJ -GB5I2OClgtudXMv1labFrcST8O9eFrtsrhU1iUGUOw== ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCoFdsqfKULybjf +miRnQHuh3dLY2rrXgj3DSHDPdlizhevUy00mKJ9Vw6J+LR04eGeXeJQ/G37BsxVQ +Zg0oFonYQFH/rxKhF8G6dvd3o/xa3NKVwr5q8+pCNbVqy7UIS/1XW8RWMYVeyYym +/j2N0sRhaUiz3j0P+UsFZ3b+62SMHI7Hi9tiuVMtkyK5IM85tqUbPyL6MUcm2K// +ixqB8q7SQugDvMpafAP3rS9IMLVL0Z652Xk0NqQNbmeUDd2p0y/CT/2UWWDXoCJG +msKjLUym4TOqYrt/+Gt1Kab7dMu75hn0JWHo8QqSApzK7xzKcPC+fM7//fAGwhow +1N1MArejAgMBAAECggEANuvdTwanTzC8jaNqHaq+OuemS2E9B8nwsGxtH/zFgvNR +WZiMPtmrJnTkFWJcV+VPw/iMSAqN4nDHmBugVOb4Z4asxGTKK4T9shXJSnh0rqPU +00ZsvbmxY6z0+E5TesCJqQ+9GYTY1V357V7JchvaOxIRxWPqg9urHbru8OCtW/I5 +Fh5HPUZlgCvlMpjlhyjydIf/oXyVA3RNsXlwe8+2cKuGIrjEzm2j9o3VF0sctTX0 +ItP8A9qDmDQN7GIWX0MW6gncojpS1omC2wcFsdjj/xfPyiDal1X4aq/2YqG8351c +YlM/+6Va0u9WWE/i64gASTAVqpMV4Yg8y0gGycuA0QKBgQDbgI2QeLd3FvMcURiU +l3w9qJgw/Jp3jaNC/9LkVGGz4f4lKKB67lPZvI4noMK8GqO/LcXgqP/RY1oJojoA +/6JKVvzYGASZ7VgMoG9bk1AneP1PGdibuTUEwimGlcObxnDFIC/yjwPFu3jIdqdS +zZi1RZzyqAogN5y3SBEypSmn9wKBgQDECKsqqlcizmCl8v5aVk875AzGN+DOHZqx +bkmztlnLO/2e2Fmk3G5Vvnui0FYisf8Eq19tUTQCF6lSfJlGQeFAT119wkFZhLu+ +FfLGqoEMH0ijJg/8PpdpFRK3I94YcISoTNN6yxMvE6xdDGfKCt5a+IX5bwQi9Zdc +B242gEc6tQKBgA6tM8n7KFlAIZU9HuWgk2AUC8kKutFPmSD7tgAqXDYI4FNfugs+ +MEEYyHCB4UNujJBV4Ss6YZCAkh6eyD4U2aca1eElCfm40vBVMdzvpqZdAqLtWXxg +D9l3mgszrFaYGCY2Fr6jLV9lP5g3xsxUjudf9jSLY9HvpfzjRrMaNATVAoGBALTl +/vYfPMucwKlC5B7++J0e4/7iv6vUu9SyHocdZh1anb9AjPDKjXLIlZT4RhQ8R0XK +0wOw5JpttU2uN08TKkbLNk3/vYhbKVjPLjrQSseh8sjDLgsqw1QwIxYnniLVakVY +p+rvjSNrNyqicQCMKQavwgocvSd5lJRTMwxOMezlAoGBAKWj71BX+0CK00/2S6lC +TcNcuUPG0d8y1czZ4q6tUlG4htwq1FMOpaghATXjkdsOGTLS+H1aA0Kt7Ai9zDhc +/bzOJEJ+jvBXV4Gcs7jl1r/HTKv0tT9ZSI5Vzkida0rfqxDGzcMVlLuCdH0cb8Iu +N0wdmCAqlQwHR13+F1zrAD7V +-----END PRIVATE KEY----- diff --git a/plugins/tests/check_curl.t b/plugins/tests/check_curl.t new file mode 100755 index 00000000..29cb03f2 --- /dev/null +++ b/plugins/tests/check_curl.t @@ -0,0 +1,509 @@ +#! /usr/bin/perl -w -I .. +# +# Test check_http by having an actual HTTP server running +# +# To create the https server certificate: +# openssl req -new -x509 -keyout server-key.pem -out server-cert.pem -days 3650 -nodes +# to create a new expired certificate: +# faketime '2008-01-01 12:00:00' openssl req -new -x509 -keyout expired-key.pem -out expired-cert.pem -days 1 -nodes +# Country Name (2 letter code) [AU]:DE +# State or Province Name (full name) [Some-State]:Bavaria +# Locality Name (eg, city) []:Munich +# Organization Name (eg, company) [Internet Widgits Pty Ltd]:Monitoring Plugins +# Organizational Unit Name (eg, section) []: +# Common Name (e.g. server FQDN or YOUR name) []:Monitoring Plugins +# Email Address []:devel@monitoring-plugins.org + +use strict; +use Test::More; +use NPTest; +use FindBin qw($Bin); + +$ENV{'LC_TIME'} = "C"; + +my $common_tests = 72; +my $ssl_only_tests = 8; +# Check that all dependent modules are available +eval "use HTTP::Daemon 6.01;"; +plan skip_all => 'HTTP::Daemon >= 6.01 required' if $@; +eval { + require HTTP::Status; + require HTTP::Response; +}; + +my $plugin = 'check_http'; +$plugin = 'check_curl' if $0 =~ m/check_curl/mx; + +# look for libcurl version to see if some advanced checks are possible (>= 7.49.0) +my $advanced_checks = 12; +my $use_advanced_checks = 0; +my $required_version = '7.49.0'; +my $virtual_host = 'www.somefunnyhost.com'; +my $virtual_port = 42; +my $curl_version = ''; +open (my $fh, '-|', "./$plugin --version") or die; +while (<$fh>) { + if (m{libcurl/([\d.]+)\s}) { + $curl_version = $1; + last; + } +} +close ($fh); +if ($curl_version) { + my ($major, $minor, $release) = split (/\./, $curl_version); + my ($req_major, $req_minor, $req_release) = split (/\./, $required_version); + my $check = ($major <=> $req_major or $minor <=> $req_minor or $release <=> $req_release); + if ($check >= 0) { + $use_advanced_checks = 1; + print "Found libcurl $major.$minor.$release. Using advanced checks\n"; + } +} + +if ($@) { + plan skip_all => "Missing required module for test: $@"; +} else { + if (-x "./$plugin") { + plan tests => $common_tests * 2 + $ssl_only_tests + $advanced_checks; + } else { + plan skip_all => "No $plugin compiled"; + } +} + +my $servers = { http => 0 }; # HTTP::Daemon should always be available +eval { require HTTP::Daemon::SSL }; +if ($@) { + diag "Cannot load HTTP::Daemon::SSL: $@"; +} else { + $servers->{https} = 0; +} + +# set a fixed version, so the header size doesn't vary +$HTTP::Daemon::VERSION = "1.00"; + +my $port_http = 50000 + int(rand(1000)); +my $port_https = $port_http + 1; +my $port_https_expired = $port_http + 2; + +# This array keeps sockets around for implementing timeouts +my @persist; + +# Start up all servers +my @pids; +my $pid = fork(); +if ($pid) { + # Parent + push @pids, $pid; + if (exists $servers->{https}) { + # Fork a normal HTTPS server + $pid = fork(); + if ($pid) { + # Parent + push @pids, $pid; + # Fork an expired cert server + $pid = fork(); + if ($pid) { + push @pids, $pid; + } else { + my $d = HTTP::Daemon::SSL->new( + LocalPort => $port_https_expired, + LocalAddr => "127.0.0.1", + SSL_cert_file => "$Bin/certs/expired-cert.pem", + SSL_key_file => "$Bin/certs/expired-key.pem", + ) || die; + print "Please contact https expired at: <URL:", $d->url, ">\n"; + run_server( $d ); + exit; + } + } else { + my $d = HTTP::Daemon::SSL->new( + LocalPort => $port_https, + LocalAddr => "127.0.0.1", + SSL_cert_file => "$Bin/certs/server-cert.pem", + SSL_key_file => "$Bin/certs/server-key.pem", + ) || die; + print "Please contact https at: <URL:", $d->url, ">\n"; + run_server( $d ); + exit; + } + } +} else { + # Child + #print "child\n"; + my $d = HTTP::Daemon->new( + LocalPort => $port_http, + LocalAddr => "127.0.0.1", + ) || die; + print "Please contact http at: <URL:", $d->url, ">\n"; + run_server( $d ); + exit; +} + +# give our webservers some time to startup +sleep(3); + +# Run the same server on http and https +sub run_server { + my $d = shift; + MAINLOOP: while (my $c = $d->accept ) { + while (my $r = $c->get_request) { + if ($r->method eq "GET" and $r->url->path =~ m^/statuscode/(\d+)^) { + $c->send_basic_header($1); + $c->send_crlf; + } elsif ($r->method eq "GET" and $r->url->path =~ m^/file/(.*)^) { + $c->send_basic_header; + $c->send_crlf; + $c->send_file_response("$Bin/var/$1"); + } elsif ($r->method eq "GET" and $r->url->path eq "/slow") { + $c->send_basic_header; + $c->send_crlf; + sleep 1; + $c->send_response("slow"); + } elsif ($r->url->path eq "/method") { + if ($r->method eq "DELETE") { + $c->send_error(HTTP::Status->RC_METHOD_NOT_ALLOWED); + } elsif ($r->method eq "foo") { + $c->send_error(HTTP::Status->RC_NOT_IMPLEMENTED); + } else { + $c->send_status_line(200, $r->method); + } + } elsif ($r->url->path eq "/postdata") { + $c->send_basic_header; + $c->send_crlf; + $c->send_response($r->method.":".$r->content); + } elsif ($r->url->path eq "/redirect") { + $c->send_redirect( "/redirect2" ); + } elsif ($r->url->path eq "/redir_external") { + $c->send_redirect(($d->isa('HTTP::Daemon::SSL') ? "https" : "http") . "://169.254.169.254/redirect2" ); + } elsif ($r->url->path eq "/redirect2") { + $c->send_basic_header; + $c->send_crlf; + $c->send_response(HTTP::Response->new( 200, 'OK', undef, 'redirected' )); + } elsif ($r->url->path eq "/redir_timeout") { + $c->send_redirect( "/timeout" ); + } elsif ($r->url->path eq "/timeout") { + # Keep $c from being destroyed, but prevent severe leaks + unshift @persist, $c; + delete($persist[1000]); + next MAINLOOP; + } elsif ($r->url->path eq "/header_check") { + $c->send_basic_header; + $c->send_header('foo'); + $c->send_crlf; + } elsif ($r->url->path eq "/header_broken_check") { + $c->send_basic_header; + $c->send_header('foo'); + print $c "Test1:: broken\n"; + print $c " Test2: leading whitespace\n"; + $c->send_crlf; + } elsif ($r->url->path eq "/virtual_port") { + # return sent Host header + $c->send_basic_header; + $c->send_crlf; + $c->send_response(HTTP::Response->new( 200, 'OK', undef, $r->header ('Host'))); + } else { + $c->send_error(HTTP::Status->RC_FORBIDDEN); + } + $c->close; + } + } +} + +END { + foreach my $pid (@pids) { + if ($pid) { print "Killing $pid\n"; kill "INT", $pid } + } +}; + +if ($ARGV[0] && $ARGV[0] eq "-d") { + while (1) { + sleep 100; + } +} + +my $result; +my $command = "./$plugin -H 127.0.0.1"; + +run_common_tests( { command => "$command -p $port_http" } ); +SKIP: { + skip "HTTP::Daemon::SSL not installed", $common_tests + $ssl_only_tests if ! exists $servers->{https}; + run_common_tests( { command => "$command -p $port_https", ssl => 1 } ); + + $result = NPTest->testCmd( "$command -p $port_https -S -C 14" ); + is( $result->return_code, 0, "$command -p $port_https -S -C 14" ); + is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on Fri Feb 16 15:31:44 2029 +0000.", "output ok" ); + + $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" ); + is( $result->return_code, 1, "$command -p $port_https -S -C 14000" ); + like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" ); + + # Expired cert tests + $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" ); + is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" ); + like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" ); + + $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" ); + is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" ); + is( $result->output, + 'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan 2 11:00:26 2008 +0000.', + "output ok" ); + +} + +my $cmd; + +# advanced checks with virtual hostname and virtual port +SKIP: { + skip "libcurl version is smaller than $required_version", 6 unless $use_advanced_checks; + + # http without virtual port + $cmd = "./$plugin -H $virtual_host -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host:$port_http\$"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + # http with virtual port (!= 80) + $cmd = "./$plugin -H $virtual_host:$virtual_port -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host:$virtual_port\$"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + # http with virtual port (80) + $cmd = "./$plugin -H $virtual_host:80 -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host\$"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); +} + +# and the same for SSL +SKIP: { + skip "libcurl version is smaller than $required_version and/or HTTP::Daemon::SSL not installed", 6 if ! exists $servers->{https} or not $use_advanced_checks; + # https without virtual port + $cmd = "./$plugin -H $virtual_host -I 127.0.0.1 -p $port_https --ssl -u /virtual_port -r ^$virtual_host:$port_https\$"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + # https with virtual port (!= 443) + $cmd = "./$plugin -H $virtual_host:$virtual_port -I 127.0.0.1 -p $port_https --ssl -u /virtual_port -r ^$virtual_host:$virtual_port\$"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + # https with virtual port (443) + $cmd = "./$plugin -H $virtual_host:443 -I 127.0.0.1 -p $port_https --ssl -u /virtual_port -r ^$virtual_host\$"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); +} + + +sub run_common_tests { + my ($opts) = @_; + my $command = $opts->{command}; + if ($opts->{ssl}) { + $command .= " --ssl"; + } + + $result = NPTest->testCmd( "$command -u /file/root" ); + is( $result->return_code, 0, "/file/root"); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 274 bytes in [\d\.]+ second/', "Output correct" ); + + $result = NPTest->testCmd( "$command -u /file/root -s Root" ); + is( $result->return_code, 0, "/file/root search for string"); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 274 bytes in [\d\.]+ second/', "Output correct" ); + + $result = NPTest->testCmd( "$command -u /file/root -s NonRoot" ); + is( $result->return_code, 2, "Missing string check"); + like( $result->output, qr%^HTTP CRITICAL: HTTP/1\.1 200 OK - string 'NonRoot' not found on 'https?://127\.0\.0\.1:\d+/file/root'%, "Shows search string and location"); + + $result = NPTest->testCmd( "$command -u /file/root -s NonRootWithOver30charsAndMoreFunThanAWetFish" ); + is( $result->return_code, 2, "Missing string check"); + like( $result->output, qr%HTTP CRITICAL: HTTP/1\.1 200 OK - string 'NonRootWithOver30charsAndM...' not found on 'https?://127\.0\.0\.1:\d+/file/root'%, "Shows search string and location"); + + $result = NPTest->testCmd( "$command -u /header_check -d foo" ); + is( $result->return_code, 0, "header_check search for string"); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 96 bytes in [\d\.]+ second/', "Output correct" ); + + $result = NPTest->testCmd( "$command -u /header_check -d bar" ); + is( $result->return_code, 2, "Missing header string check"); + like( $result->output, qr%^HTTP CRITICAL: HTTP/1\.1 200 OK - header 'bar' not found on 'https?://127\.0\.0\.1:\d+/header_check'%, "Shows search string and location"); + + $result = NPTest->testCmd( "$command -u /header_broken_check" ); + is( $result->return_code, 0, "header_check search for string"); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 138 bytes in [\d\.]+ second/', "Output correct" ); + + my $cmd; + $cmd = "$command -u /slow"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, "$cmd"); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + $result->output =~ /in ([\d\.]+) second/; + cmp_ok( $1, ">", 1, "Time is > 1 second" ); + + $cmd = "$command -u /statuscode/200"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -u /statuscode/200 -e 200"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - Status line output matched "200" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -u /statuscode/201"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 201 Created - \d+ bytes in [\d\.]+ second /', "Output correct: ".$result->output ); + + $cmd = "$command -u /statuscode/201 -e 201"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 201 Created - Status line output matched "201" - \d+ bytes in [\d\.]+ second /', "Output correct: ".$result->output ); + + $cmd = "$command -u /statuscode/201 -e 200"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 2, $cmd); + like( $result->output, '/^HTTP CRITICAL - Invalid HTTP response received from host on port \d+: HTTP/1.1 201 Created/', "Output correct: ".$result->output ); + + $cmd = "$command -u /statuscode/200 -e 200,201,202"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - Status line output matched "200,201,202" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -u /statuscode/201 -e 200,201,202"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 201 Created - Status line output matched "200,201,202" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -u /statuscode/203 -e 200,201,202"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 2, $cmd); + like( $result->output, '/^HTTP CRITICAL - Invalid HTTP response received from host on port (\d+): HTTP/1.1 203 Non-Authoritative Information/', "Output correct: ".$result->output ); + + $cmd = "$command -j HEAD -u /method"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 HEAD - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -j POST -u /method"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 POST - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -j GET -u /method"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 GET - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -u /method"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 GET - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -P foo -u /method"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 POST - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -j DELETE -u /method"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 1, $cmd); + like( $result->output, '/^HTTP WARNING: HTTP/1.1 405 Method Not Allowed/', "Output correct: ".$result->output ); + + $cmd = "$command -j foo -u /method"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 2, $cmd); + like( $result->output, '/^HTTP CRITICAL: HTTP/1.1 501 Not Implemented/', "Output correct: ".$result->output ); + + $cmd = "$command -P stufftoinclude -u /postdata -s POST:stufftoinclude"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -j PUT -P stufftoinclude -u /postdata -s PUT:stufftoinclude"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + # To confirm that the free doesn't segfault + $cmd = "$command -P stufftoinclude -j PUT -u /postdata -s PUT:stufftoinclude"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -u /redirect"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 301 Moved Permanently - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -f follow -u /redirect"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -u /redirect -k 'follow: me'"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 301 Moved Permanently - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -f follow -u /redirect -k 'follow: me'"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -f sticky -u /redirect -k 'follow: me'"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -f stickyport -u /redirect -k 'follow: me'"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + # These tests may block + print "ALRM\n"; + + # stickyport - on full urlS port is set back to 80 otherwise + $cmd = "$command -f stickyport -u /redir_external -t 5 -s redirected"; + eval { + local $SIG{ALRM} = sub { die "alarm\n" }; + alarm(2); + $result = NPTest->testCmd( $cmd ); + alarm(0); }; + isnt( $@, "alarm\n", $cmd ); + is( $result->return_code, 0, $cmd ); + + # Let's hope there won't be any web server on :80 returning "redirected"! + $cmd = "$command -f sticky -u /redir_external -t 5 -s redirected"; + eval { + local $SIG{ALRM} = sub { die "alarm\n" }; + alarm(2); + $result = NPTest->testCmd( $cmd ); + alarm(0); }; + isnt( $@, "alarm\n", $cmd ); + isnt( $result->return_code, 0, $cmd ); + + # Test an external address - timeout + SKIP: { + skip "This doesn't seem to work all the time", 1 unless ($ENV{HTTP_EXTERNAL}); + $cmd = "$command -f follow -u /redir_external -t 5"; + eval { + $result = NPTest->testCmd( $cmd, 2 ); + }; + like( $@, "/timeout in command: $cmd/", $cmd ); + } + + $cmd = "$command -u /timeout -t 5"; + eval { + $result = NPTest->testCmd( $cmd, 2 ); + }; + like( $@, "/timeout in command: $cmd/", $cmd ); + + $cmd = "$command -f follow -u /redir_timeout -t 2"; + eval { + $result = NPTest->testCmd( $cmd, 5 ); + }; + is( $@, "", $cmd ); + +} diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t index d93a0ecf..188f5e75 100755 --- a/plugins/tests/check_http.t +++ b/plugins/tests/check_http.t @@ -4,20 +4,25 @@ # # To create the https server certificate: # openssl req -new -x509 -keyout server-key.pem -out server-cert.pem -days 3650 -nodes -# Country Name (2 letter code) [AU]:UK -# State or Province Name (full name) [Some-State]:Derbyshire -# Locality Name (eg, city) []:Belper +# to create a new expired certificate: +# faketime '2008-01-01 12:00:00' openssl req -new -x509 -keyout expired-key.pem -out expired-cert.pem -days 1 -nodes +# Country Name (2 letter code) [AU]:DE +# State or Province Name (full name) [Some-State]:Bavaria +# Locality Name (eg, city) []:Munich # Organization Name (eg, company) [Internet Widgits Pty Ltd]:Monitoring Plugins # Organizational Unit Name (eg, section) []: -# Common Name (eg, YOUR name) []:Ton Voon -# Email Address []:tonvoon@mac.com +# Common Name (e.g. server FQDN or YOUR name) []:Monitoring Plugins +# Email Address []:devel@monitoring-plugins.org use strict; use Test::More; use NPTest; use FindBin qw($Bin); +$ENV{'LC_TIME'} = "C"; + my $common_tests = 70; +my $virtual_port_tests = 8; my $ssl_only_tests = 8; # Check that all dependent modules are available eval "use HTTP::Daemon 6.01;"; @@ -27,13 +32,16 @@ eval { require HTTP::Response; }; +my $plugin = 'check_http'; +$plugin = 'check_curl' if $0 =~ m/check_curl/mx; + if ($@) { plan skip_all => "Missing required module for test: $@"; } else { - if (-x "./check_http") { - plan tests => $common_tests * 2 + $ssl_only_tests; + if (-x "./$plugin") { + plan tests => $common_tests * 2 + $ssl_only_tests + $virtual_port_tests; } else { - plan skip_all => "No check_http compiled"; + plan skip_all => "No $plugin compiled"; } } @@ -83,6 +91,8 @@ if ($pid) { exit; } } else { + # closing the connection after -C cert checks make the daemon exit with a sigpipe otherwise + local $SIG{'PIPE'} = 'IGNORE'; my $d = HTTP::Daemon::SSL->new( LocalPort => $port_https, LocalAddr => "127.0.0.1", @@ -94,8 +104,6 @@ if ($pid) { exit; } } - # give our webservers some time to startup - sleep(1); } else { # Child #print "child\n"; @@ -108,6 +116,9 @@ if ($pid) { exit; } +# give our webservers some time to startup +sleep(3); + # Run the same server on http and https sub run_server { my $d = shift; @@ -156,6 +167,11 @@ sub run_server { $c->send_basic_header; $c->send_header('foo'); $c->send_crlf; + } elsif ($r->url->path eq "/virtual_port") { + # return sent Host header + $c->send_basic_header; + $c->send_crlf; + $c->send_response(HTTP::Response->new( 200, 'OK', undef, $r->header ('Host'))); } else { $c->send_error(HTTP::Status->RC_FORBIDDEN); } @@ -177,7 +193,7 @@ if ($ARGV[0] && $ARGV[0] eq "-d") { } my $result; -my $command = "./check_http -H 127.0.0.1"; +my $command = "./$plugin -H 127.0.0.1"; run_common_tests( { command => "$command -p $port_http" } ); SKIP: { @@ -186,25 +202,56 @@ SKIP: { $result = NPTest->testCmd( "$command -p $port_https -S -C 14" ); is( $result->return_code, 0, "$command -p $port_https -S -C 14" ); - is( $result->output, 'OK - Certificate \'Ton Voon\' will expire on Sun Mar 3 21:41:00 2019.', "output ok" ); + is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on Fri Feb 16 15:31:44 2029 +0000.", "output ok" ); $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" ); is( $result->return_code, 1, "$command -p $port_https -S -C 14000" ); - like( $result->output, '/WARNING - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar 3 21:41:00 2019\)./', "output ok" ); + like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" ); # Expired cert tests $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" ); is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" ); - like( $result->output, '/CRITICAL - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar 3 21:41:00 2019\)./', "output ok" ); + like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" ); $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" ); is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" ); is( $result->output, - 'CRITICAL - Certificate \'Ton Voon\' expired on Thu Mar 5 00:13:00 2009.', + 'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan 2 11:00:26 2008 +0000.', "output ok" ); } +my $cmd; +# check virtual port behaviour +# +# http without virtual port +$cmd = "$command -p $port_http -u /virtual_port -r ^127.0.0.1:$port_http\$"; +$result = NPTest->testCmd( $cmd ); +is( $result->return_code, 0, $cmd); +like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + +# http with virtual port +$cmd = "$command:80 -p $port_http -u /virtual_port -r ^127.0.0.1\$"; +$result = NPTest->testCmd( $cmd ); +is( $result->return_code, 0, $cmd); +like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + +SKIP: { + skip "HTTP::Daemon::SSL not installed", 4 if ! exists $servers->{https}; + # https without virtual port + $cmd = "$command -p $port_https --ssl -u /virtual_port -r ^127.0.0.1:$port_https\$"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + # https with virtual port + $cmd = "$command:443 -p $port_https --ssl -u /virtual_port -r ^127.0.0.1\$"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); +} + + sub run_common_tests { my ($opts) = @_; my $command = $opts->{command}; @@ -370,27 +417,29 @@ sub run_common_tests { # stickyport - on full urlS port is set back to 80 otherwise $cmd = "$command -f stickyport -u /redir_external -t 5 -s redirected"; + alarm(2); eval { local $SIG{ALRM} = sub { die "alarm\n" }; - alarm(2); $result = NPTest->testCmd( $cmd ); - alarm(0); }; + }; isnt( $@, "alarm\n", $cmd ); + alarm(0); is( $result->return_code, 0, $cmd ); # Let's hope there won't be any web server on :80 returning "redirected"! $cmd = "$command -f sticky -u /redir_external -t 5 -s redirected"; + alarm(2); eval { local $SIG{ALRM} = sub { die "alarm\n" }; - alarm(2); $result = NPTest->testCmd( $cmd ); - alarm(0); }; + }; isnt( $@, "alarm\n", $cmd ); + alarm(0); isnt( $result->return_code, 0, $cmd ); # Test an external address - timeout SKIP: { - skip "This doesn't seems to work all the time", 1 unless ($ENV{HTTP_EXTERNAL}); + skip "This doesn't seem to work all the time", 1 unless ($ENV{HTTP_EXTERNAL}); $cmd = "$command -f follow -u /redir_external -t 5"; eval { $result = NPTest->testCmd( $cmd, 2 ); diff --git a/plugins/tests/check_procs.t b/plugins/tests/check_procs.t index 54d43d9b..3af218f5 100755 --- a/plugins/tests/check_procs.t +++ b/plugins/tests/check_procs.t @@ -8,13 +8,14 @@ use Test::More; use NPTest; if (-x "./check_procs") { - plan tests => 50; + plan tests => 52; } else { plan skip_all => "No check_procs compiled"; } my $result; -my $command = "./check_procs --input-file=tests/var/ps-axwo.darwin"; +my $command = "./check_procs --input-file=tests/var/ps-axwo.darwin"; +my $cmd_etime = "./check_procs --input-file=tests/var/ps-axwo.debian"; $result = NPTest->testCmd( "$command" ); is( $result->return_code, 0, "Run with no options" ); @@ -69,9 +70,21 @@ SKIP: { like( $result->output, '/^PROCS OK: 0 processes with UID = -2 \(nobody\), args \'UsB\'/', "Output correct" ); }; -$result = NPTest->testCmd( "$command --ereg-argument-array='mdworker.*501'" ); -is( $result->return_code, 0, "Checking regexp search of arguments" ); -is( $result->output, "PROCS OK: 1 process with regex args 'mdworker.*501' | procs=1;;;0;", "Output correct" ); +SKIP: { + skip 'check_procs is compiled with etime format support', 2 if `$command -vvv` =~ m/etime/mx; + + $result = NPTest->testCmd( "$command --ereg-argument-array='mdworker.*501'" ); + is( $result->return_code, 0, "Checking regexp search of arguments" ); + is( $result->output, "PROCS OK: 1 process with regex args 'mdworker.*501' | procs=1;;;0;", "Output correct" ); +} + +SKIP: { + skip 'check_procs is compiled without etime format support', 2 if `$cmd_etime -vvv` !~ m/etime/mx; + + $result = NPTest->testCmd( "$cmd_etime -m ELAPSED -C apache2 -w 1000 -c 2000" ); + is( $result->return_code, 2, "Checking elapsed time threshold" ); + is( $result->output, "ELAPSED CRITICAL: 10 crit, 0 warn out of 10 processes with command name 'apache2' | procs=10;;;0; procs_warn=0;;;0; procs_crit=10;;;0;", "Output correct" ); +} $result = NPTest->testCmd( "$command --vsz 1000000" ); is( $result->return_code, 0, "Checking filter by VSZ" ); @@ -83,7 +96,7 @@ is( $result->output, 'PROCS OK: 3 processes with RSS >= 100000 | procs=3;;;0;', $result = NPTest->testCmd( "$command -s S" ); is( $result->return_code, 0, "Checking filter for sleeping processes" ); -like( $result->output, '/^PROCS OK: 44 processes with STATE = S/', "Output correct" ); +like( $result->output, '/^PROCS OK: 88 processes with STATE = S/', "Output correct" ); $result = NPTest->testCmd( "$command -s Z" ); is( $result->return_code, 0, "Checking filter for zombies" ); @@ -129,4 +142,3 @@ is( $result->output, 'RSS CRITICAL: 5 crit, 0 warn out of 95 processes [WindowSe $result = NPTest->testCmd( "$command --ereg-argument-array='(nosuchname|nosuch2name)'" ); is( $result->return_code, 0, "Checking no pipe symbol in output" ); is( $result->output, "PROCS OK: 0 processes with regex args '(nosuchname,nosuch2name)' | procs=0;;;0;", "Output correct" ); - diff --git a/plugins/tests/check_snmp.t b/plugins/tests/check_snmp.t index 2fd033d2..0a77fa8a 100755 --- a/plugins/tests/check_snmp.t +++ b/plugins/tests/check_snmp.t @@ -7,8 +7,9 @@ use strict; use Test::More; use NPTest; use FindBin qw($Bin); +use POSIX qw/strftime/; -my $tests = 67; +my $tests = 73; # Check that all dependent modules are available eval { require NetSNMP::OID; @@ -37,6 +38,7 @@ if ($@) { my $port_snmp = 16100 + int(rand(100)); +my $faketime = -x '/usr/bin/faketime' ? 1 : 0; # Start up server my @pids; @@ -118,77 +120,81 @@ like($res->output, '/'.quotemeta('SNMP OK - And now have fun with with this: \"C "And now have fun with with this: \"C:\\\\\" because we\'re not done yet!"').'/m', "Attempt to confuse parser No.3"); -system("rm -f ".$ENV{'MP_STATE_PATH'}."/check_snmp/*"); -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" ); -is($res->return_code, 0, "Returns OK"); -is($res->output, "No previous data to calculate rate - assume okay"); +system("rm -f ".$ENV{'MP_STATE_PATH'}."/*/check_snmp/*"); -# Need to sleep, otherwise duration=0 -sleep 1; +# run rate checks with faketime. rate checks depend on the exact amount of time spend between the +# plugin runs which may fail on busy machines. +# using faketime removes this race condition and also saves all the sleeps in between. +SKIP: { + skip "No faketime binary found", 28 if !$faketime; -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" ); -is($res->return_code, 1, "WARNING - due to going above rate calculation" ); -is($res->output, "SNMP RATE WARNING - *666* | iso.3.6.1.4.1.8072.3.2.67.10=666 "); + my $ts = time(); + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" ); + is($res->return_code, 0, "Returns OK"); + is($res->output, "No previous data to calculate rate - assume okay"); -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" ); -is($res->return_code, 3, "UNKNOWN - basically the divide by zero error" ); -is($res->output, "Time duration between plugin calls is invalid"); + # test rate 1 second later + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" ); + is($res->return_code, 1, "WARNING - due to going above rate calculation" ); + is($res->output, "SNMP RATE WARNING - *666* | iso.3.6.1.4.1.8072.3.2.67.10=666;600 "); + # test rate with same time + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" ); + is($res->return_code, 3, "UNKNOWN - basically the divide by zero error" ); + is($res->output, "Time duration between plugin calls is invalid"); -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" ); -is($res->return_code, 0, "OK for first call" ); -is($res->output, "No previous data to calculate rate - assume okay" ); -# Need to sleep, otherwise duration=0 -sleep 1; + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" ); + is($res->return_code, 0, "OK for first call" ); + is($res->output, "No previous data to calculate rate - assume okay" ); -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" ); -is($res->return_code, 0, "OK as no thresholds" ); -is($res->output, "SNMP RATE OK - inoctets 666 | inoctets=666 ", "Check label"); + # test rate 1 second later + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" ); + is($res->return_code, 0, "OK as no thresholds" ); + is($res->output, "SNMP RATE OK - inoctets 666 | inoctets=666 ", "Check label"); -sleep 2; + # test rate 3 seconds later + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+3))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" ); + is($res->return_code, 0, "OK as no thresholds" ); + is($res->output, "SNMP RATE OK - inoctets 333 | inoctets=333 ", "Check rate decreases due to longer interval"); -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" ); -is($res->return_code, 0, "OK as no thresholds" ); -is($res->output, "SNMP RATE OK - inoctets 333 | inoctets=333 ", "Check rate decreases due to longer interval"); + # label performance data check + $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l test" ); + is($res->return_code, 0, "OK as no thresholds" ); + is($res->output, "SNMP OK - test 67996 | test=67996c ", "Check label"); -# label performance data check -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l test" ); -is($res->return_code, 0, "OK as no thresholds" ); -is($res->output, "SNMP OK - test 67996 | test=67996c ", "Check label"); + $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l \"test'test\"" ); + is($res->return_code, 0, "OK as no thresholds" ); + is($res->output, "SNMP OK - test'test 68662 | \"test'test\"=68662c ", "Check label"); -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l \"test'test\"" ); -is($res->return_code, 0, "OK as no thresholds" ); -is($res->output, "SNMP OK - test'test 68662 | \"test'test\"=68662c ", "Check label"); + $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l 'test\"test'" ); + is($res->return_code, 0, "OK as no thresholds" ); + is($res->output, "SNMP OK - test\"test 69328 | 'test\"test'=69328c ", "Check label"); -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l 'test\"test'" ); -is($res->return_code, 0, "OK as no thresholds" ); -is($res->output, "SNMP OK - test\"test 69328 | 'test\"test'=69328c ", "Check label"); + $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l test -O" ); + is($res->return_code, 0, "OK as no thresholds" ); + is($res->output, "SNMP OK - test 69994 | iso.3.6.1.4.1.8072.3.2.67.10=69994c ", "Check label"); -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l test -O" ); -is($res->return_code, 0, "OK as no thresholds" ); -is($res->output, "SNMP OK - test 69994 | iso.3.6.1.4.1.8072.3.2.67.10=69994c ", "Check label"); + $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10" ); + is($res->return_code, 0, "OK as no thresholds" ); + is($res->output, "SNMP OK - 70660 | iso.3.6.1.4.1.8072.3.2.67.10=70660c ", "Check label"); -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10" ); -is($res->return_code, 0, "OK as no thresholds" ); -is($res->output, "SNMP OK - 70660 | iso.3.6.1.4.1.8072.3.2.67.10=70660c ", "Check label"); + $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l 'test test'" ); + is($res->return_code, 0, "OK as no thresholds" ); + is($res->output, "SNMP OK - test test 71326 | 'test test'=71326c ", "Check label"); -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l 'test test'" ); -is($res->return_code, 0, "OK as no thresholds" ); -is($res->output, "SNMP OK - test test 71326 | 'test test'=71326c ", "Check label"); + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets_per_minute --rate-multiplier=60" ); + is($res->return_code, 0, "OK for first call" ); + is($res->output, "No previous data to calculate rate - assume okay" ); -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets_per_minute --rate-multiplier=60" ); -is($res->return_code, 0, "OK for first call" ); -is($res->output, "No previous data to calculate rate - assume okay" ); - -# Need to sleep, otherwise duration=0 -sleep 1; + # test 1 second later + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets_per_minute --rate-multiplier=60" ); + is($res->return_code, 0, "OK as no thresholds" ); + is($res->output, "SNMP RATE OK - inoctets_per_minute 39960 | inoctets_per_minute=39960 ", "Checking multiplier"); +}; -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets_per_minute --rate-multiplier=60" ); -is($res->return_code, 0, "OK as no thresholds" ); -is($res->output, "SNMP RATE OK - inoctets_per_minute 39960 | inoctets_per_minute=39960 ", "Checking multiplier"); $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.11 -s '\"stringtests\"'" ); @@ -209,7 +215,7 @@ is($res->output, 'SNMP OK - "stringtests" | ', "OK as inverted string no match" $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.12 -w 4:5" ); is($res->return_code, 1, "Numeric in string test" ); -is($res->output, 'SNMP WARNING - *3.5* | iso.3.6.1.4.1.8072.3.2.67.12=3.5 ', "WARNING threshold checks for string masquerading as number" ); +is($res->output, 'SNMP WARNING - *3.5* | iso.3.6.1.4.1.8072.3.2.67.12=3.5;4:5 ', "WARNING threshold checks for string masquerading as number" ); $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.13" ); is($res->return_code, 0, "Not really numeric test" ); @@ -225,29 +231,40 @@ is($res->output, 'SNMP OK - "CUSTOM CHECK OK: foo is 12345" | ', "String check w $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" ); is($res->return_code, 0, "Negative integer check OK" ); -is($res->output, 'SNMP OK - -2 | iso.3.6.1.4.1.8072.3.2.67.16=-2 ', "Negative integer check OK output" ); +is($res->output, 'SNMP OK - -2 | iso.3.6.1.4.1.8072.3.2.67.16=-2;-2:;-3: ', "Negative integer check OK output" ); $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" ); is($res->return_code, 1, "Negative integer check WARNING" ); -is($res->output, 'SNMP WARNING - *-3* | iso.3.6.1.4.1.8072.3.2.67.16=-3 ', "Negative integer check WARNING output" ); +is($res->output, 'SNMP WARNING - *-3* | iso.3.6.1.4.1.8072.3.2.67.16=-3;-2:;-3: ', "Negative integer check WARNING output" ); $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" ); is($res->return_code, 2, "Negative integer check CRITICAL" ); -is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.16=-4 ', "Negative integer check CRITICAL output" ); +is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.16=-4;-2:;-3: ', "Negative integer check CRITICAL output" ); $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.17 -w -3: -c -6:" ); is($res->return_code, 1, "Negative integer as string, WARNING" ); -is($res->output, 'SNMP WARNING - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4 ', "Negative integer as string, WARNING output" ); +is($res->output, 'SNMP WARNING - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4;-3:;-6: ', "Negative integer as string, WARNING output" ); $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.17 -w -2: -c -3:" ); is($res->return_code, 2, "Negative integer as string, CRITICAL" ); -is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4 ', "Negative integer as string, CRITICAL output" ); +is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4;-2:;-3: ', "Negative integer as string, CRITICAL output" ); -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -c ~:-6.5" ); +$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -c '~:-6.5'" ); is($res->return_code, 0, "Negative float OK" ); -is($res->output, 'SNMP OK - -6.6 | iso.3.6.1.4.1.8072.3.2.67.18=-6.6 ', "Negative float OK output" ); +is($res->output, 'SNMP OK - -6.6 | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;;@-6.5:~ ', "Negative float OK output" ); -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -w ~:-6.65 -c ~:-6.55" ); +$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -w '~:-6.65' -c '~:-6.55'" ); is($res->return_code, 1, "Negative float WARNING" ); -is($res->output, 'SNMP WARNING - *-6.6* | iso.3.6.1.4.1.8072.3.2.67.18=-6.6 ', "Negative float WARNING output" ); +is($res->output, 'SNMP WARNING - *-6.6* | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;@-6.65:~;@-6.55:~ ', "Negative float WARNING output" ); + +$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10,.1.3.6.1.4.1.8072.3.2.67.17 -w '1:100000,-10:20' -c '2:200000,-20:30'" ); +is($res->return_code, 0, "Multiple OIDs with thresholds" ); +like($res->output, '/SNMP OK - \d+ -4 | iso.3.6.1.4.1.8072.3.2.67.10=\d+c;1:100000;2:200000 iso.3.6.1.4.1.8072.3.2.67.17=-4;-10:20;-20:30/', "Multiple OIDs with thresholds output" ); + +$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10,.1.3.6.1.4.1.8072.3.2.67.17 -w '1:100000,-1:2' -c '2:200000,-20:30'" ); +is($res->return_code, 1, "Multiple OIDs with thresholds" ); +like($res->output, '/SNMP WARNING - \d+ \*-4\* | iso.3.6.1.4.1.8072.3.2.67.10=\d+c;1:100000;2:200000 iso.3.6.1.4.1.8072.3.2.67.17=-4;-10:20;-20:30/', "Multiple OIDs with thresholds output" ); +$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10,.1.3.6.1.4.1.8072.3.2.67.17 -w 1,2 -c 1" ); +is($res->return_code, 2, "Multiple OIDs with some thresholds" ); +like($res->output, '/SNMP CRITICAL - \*\d+\* \*-4\* | iso.3.6.1.4.1.8072.3.2.67.10=\d+c;1;2 iso.3.6.1.4.1.8072.3.2.67.17=-4;;/', "Multiple OIDs with thresholds output" ); diff --git a/plugins/tests/var/ps-axwo.debian b/plugins/tests/var/ps-axwo.debian new file mode 100644 index 00000000..5889e9a4 --- /dev/null +++ b/plugins/tests/var/ps-axwo.debian @@ -0,0 +1,219 @@ +STAT UID PID PPID VSZ RSS %CPU ELAPSED COMMAND COMMAND +Ss 0 1 0 167244 7144 0.1 26-03:07:26 systemd /lib/systemd/systemd --system --deserialize 17 +S 0 2 0 0 0 0.0 26-03:07:26 kthreadd [kthreadd] +I< 0 3 2 0 0 0.0 26-03:07:26 rcu_gp [rcu_gp] +I< 0 4 2 0 0 0.0 26-03:07:26 rcu_par_gp [rcu_par_gp] +I< 0 6 2 0 0 0.0 26-03:07:26 kworker/0:0H-ev [kworker/0:0H-events_highpri] +I< 0 9 2 0 0 0.0 26-03:07:26 mm_percpu_wq [mm_percpu_wq] +S 0 10 2 0 0 0.0 26-03:07:26 rcu_tasks_rude_ [rcu_tasks_rude_] +S 0 11 2 0 0 0.0 26-03:07:26 rcu_tasks_trace [rcu_tasks_trace] +S 0 12 2 0 0 0.0 26-03:07:26 ksoftirqd/0 [ksoftirqd/0] +I 0 13 2 0 0 0.0 26-03:07:26 rcu_sched [rcu_sched] +S 0 14 2 0 0 0.0 26-03:07:26 migration/0 [migration/0] +S 0 15 2 0 0 0.0 26-03:07:26 cpuhp/0 [cpuhp/0] +S 0 16 2 0 0 0.0 26-03:07:26 cpuhp/1 [cpuhp/1] +S 0 17 2 0 0 0.0 26-03:07:26 migration/1 [migration/1] +S 0 18 2 0 0 0.0 26-03:07:26 ksoftirqd/1 [ksoftirqd/1] +I< 0 20 2 0 0 0.0 26-03:07:26 kworker/1:0H-ev [kworker/1:0H-events_highpri] +S 0 21 2 0 0 0.0 26-03:07:26 cpuhp/2 [cpuhp/2] +S 0 22 2 0 0 0.0 26-03:07:26 migration/2 [migration/2] +S 0 23 2 0 0 0.0 26-03:07:26 ksoftirqd/2 [ksoftirqd/2] +I< 0 25 2 0 0 0.0 26-03:07:26 kworker/2:0H-ev [kworker/2:0H-events_highpri] +S 0 26 2 0 0 0.0 26-03:07:26 cpuhp/3 [cpuhp/3] +S 0 27 2 0 0 0.0 26-03:07:26 migration/3 [migration/3] +S 0 28 2 0 0 0.0 26-03:07:26 ksoftirqd/3 [ksoftirqd/3] +I< 0 30 2 0 0 0.0 26-03:07:26 kworker/3:0H-ev [kworker/3:0H-events_highpri] +S 0 35 2 0 0 0.0 26-03:07:26 kdevtmpfs [kdevtmpfs] +I< 0 36 2 0 0 0.0 26-03:07:26 netns [netns] +S 0 37 2 0 0 0.0 26-03:07:26 kauditd [kauditd] +S 0 38 2 0 0 0.0 26-03:07:26 khungtaskd [khungtaskd] +S 0 39 2 0 0 0.0 26-03:07:26 oom_reaper [oom_reaper] +I< 0 40 2 0 0 0.0 26-03:07:26 writeback [writeback] +S 0 41 2 0 0 0.0 26-03:07:26 kcompactd0 [kcompactd0] +SN 0 42 2 0 0 0.0 26-03:07:26 ksmd [ksmd] +SN 0 43 2 0 0 0.0 26-03:07:26 khugepaged [khugepaged] +I< 0 62 2 0 0 0.0 26-03:07:26 kintegrityd [kintegrityd] +I< 0 63 2 0 0 0.0 26-03:07:26 kblockd [kblockd] +I< 0 64 2 0 0 0.0 26-03:07:26 blkcg_punt_bio [blkcg_punt_bio] +I< 0 65 2 0 0 0.0 26-03:07:26 edac-poller [edac-poller] +I< 0 66 2 0 0 0.0 26-03:07:26 devfreq_wq [devfreq_wq] +I< 0 67 2 0 0 0.0 26-03:07:26 kworker/2:1H-ev [kworker/2:1H-events_highpri] +S 0 70 2 0 0 0.3 26-03:07:25 kswapd0 [kswapd0] +I< 0 71 2 0 0 0.0 26-03:07:25 kthrotld [kthrotld] +I< 0 72 2 0 0 0.0 26-03:07:25 acpi_thermal_pm [acpi_thermal_pm] +I< 0 74 2 0 0 0.0 26-03:07:25 ipv6_addrconf [ipv6_addrconf] +I< 0 80 2 0 0 0.0 26-03:07:25 kworker/3:1H-ev [kworker/3:1H-events_highpri] +I< 0 84 2 0 0 0.0 26-03:07:25 kstrp [kstrp] +I< 0 87 2 0 0 0.0 26-03:07:25 zswap-shrink [zswap-shrink] +I< 0 110 2 0 0 0.0 26-03:07:25 kworker/0:1H-ev [kworker/0:1H-events_highpri] +I< 0 141 2 0 0 0.0 26-03:07:25 ata_sff [ata_sff] +S 0 143 2 0 0 0.0 26-03:07:25 scsi_eh_0 [scsi_eh_0] +I< 0 144 2 0 0 0.0 26-03:07:25 scsi_tmf_0 [scsi_tmf_0] +S 0 145 2 0 0 0.0 26-03:07:25 scsi_eh_1 [scsi_eh_1] +I< 0 146 2 0 0 0.0 26-03:07:25 scsi_tmf_1 [scsi_tmf_1] +S 0 147 2 0 0 0.0 26-03:07:25 scsi_eh_2 [scsi_eh_2] +I< 0 148 2 0 0 0.0 26-03:07:25 scsi_tmf_2 [scsi_tmf_2] +S 0 149 2 0 0 0.0 26-03:07:25 scsi_eh_3 [scsi_eh_3] +I< 0 150 2 0 0 0.0 26-03:07:25 scsi_tmf_3 [scsi_tmf_3] +S 0 151 2 0 0 0.0 26-03:07:25 scsi_eh_4 [scsi_eh_4] +I< 0 152 2 0 0 0.0 26-03:07:25 scsi_tmf_4 [scsi_tmf_4] +S 0 153 2 0 0 0.0 26-03:07:25 scsi_eh_5 [scsi_eh_5] +I< 0 154 2 0 0 0.0 26-03:07:25 scsi_tmf_5 [scsi_tmf_5] +S 0 158 2 0 0 0.0 26-03:07:25 card0-crtc0 [card0-crtc0] +S 0 159 2 0 0 0.0 26-03:07:25 card0-crtc1 [card0-crtc1] +S 0 160 2 0 0 0.0 26-03:07:25 card0-crtc2 [card0-crtc2] +I< 0 162 2 0 0 0.0 26-03:07:25 kworker/1:1H-ev [kworker/1:1H-events_highpri] +S 0 163 2 0 0 0.0 26-03:07:25 scsi_eh_6 [scsi_eh_6] +I< 0 164 2 0 0 0.0 26-03:07:25 scsi_tmf_6 [scsi_tmf_6] +S 0 165 2 0 0 0.0 26-03:07:25 usb-storage [usb-storage] +I< 0 167 2 0 0 0.0 26-03:07:25 uas [uas] +I< 0 176 2 0 0 0.0 26-03:07:25 kdmflush [kdmflush] +I< 0 177 2 0 0 0.0 26-03:07:25 kdmflush [kdmflush] +S 0 202 2 0 0 0.0 26-03:07:24 scsi_eh_7 [scsi_eh_7] +I< 0 203 2 0 0 0.0 26-03:07:24 scsi_tmf_7 [scsi_tmf_7] +S 0 204 2 0 0 0.0 26-03:07:24 usb-storage [usb-storage] +I< 0 232 2 0 0 0.0 26-03:07:23 btrfs-worker [btrfs-worker] +I< 0 233 2 0 0 0.0 26-03:07:23 btrfs-worker-hi [btrfs-worker-hi] +I< 0 234 2 0 0 0.0 26-03:07:23 btrfs-delalloc [btrfs-delalloc] +I< 0 235 2 0 0 0.0 26-03:07:23 btrfs-flush_del [btrfs-flush_del] +I< 0 236 2 0 0 0.0 26-03:07:23 btrfs-cache [btrfs-cache] +I< 0 237 2 0 0 0.0 26-03:07:23 btrfs-fixup [btrfs-fixup] +I< 0 238 2 0 0 0.0 26-03:07:23 btrfs-endio [btrfs-endio] +I< 0 239 2 0 0 0.0 26-03:07:23 btrfs-endio-met [btrfs-endio-met] +I< 0 240 2 0 0 0.0 26-03:07:23 btrfs-endio-met [btrfs-endio-met] +I< 0 241 2 0 0 0.0 26-03:07:23 btrfs-endio-rai [btrfs-endio-rai] +I< 0 242 2 0 0 0.0 26-03:07:23 btrfs-rmw [btrfs-rmw] +I< 0 243 2 0 0 0.0 26-03:07:23 btrfs-endio-wri [btrfs-endio-wri] +I< 0 244 2 0 0 0.0 26-03:07:23 btrfs-freespace [btrfs-freespace] +I< 0 245 2 0 0 0.0 26-03:07:23 btrfs-delayed-m [btrfs-delayed-m] +I< 0 246 2 0 0 0.0 26-03:07:23 btrfs-readahead [btrfs-readahead] +I< 0 247 2 0 0 0.0 26-03:07:23 btrfs-qgroup-re [btrfs-qgroup-re] +S 0 248 2 0 0 0.0 26-03:07:23 btrfs-cleaner [btrfs-cleaner] +S 0 249 2 0 0 0.2 26-03:07:23 btrfs-transacti [btrfs-transacti] +I< 0 317 2 0 0 0.0 26-03:07:22 rpciod [rpciod] +I< 0 322 2 0 0 0.0 26-03:07:22 xprtiod [xprtiod] +S 0 381 2 0 0 0.0 26-03:07:22 irq/133-mei_me [irq/133-mei_me] +S 0 422 2 0 0 0.0 26-03:07:22 watchdogd [watchdogd] +I< 0 523 2 0 0 0.0 26-03:07:22 led_workqueue [led_workqueue] +I< 0 583 2 0 0 0.0 26-03:07:22 cryptd [cryptd] +I< 0 590 2 0 0 0.0 26-03:07:22 ext4-rsv-conver [ext4-rsv-conver] +Ss 104 693 1 12324 4292 0.5 26-03:07:21 dbus-daemon /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only +Ss 0 731 1 575120 1368 0.0 26-03:07:21 systemd-logind /lib/systemd/systemd-logind +Ssl 0 1111 1 121248 732 0.0 26-03:07:18 unattended-upgr /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal +S 0 1141 2 0 0 0.0 26-03:07:18 lockd [lockd] +I< 0 1459 2 0 0 0.0 26-03:07:16 nfsiod [nfsiod] +S 0 1621 2 0 0 0.0 26-03:07:15 NFSv4 callback [NFSv4 callback] +Ssl 0 1771 1 1548340 676 0.0 26-03:07:13 libvirtd /usr/sbin/libvirtd +I< 0 24315 2 0 0 0.0 26-02:49:02 cifsiod [cifsiod] +I< 0 24316 2 0 0 0.0 26-02:49:02 smb3decryptd [smb3decryptd] +I< 0 24317 2 0 0 0.0 26-02:49:02 cifsfileinfoput [cifsfileinfoput] +I< 0 24318 2 0 0 0.0 26-02:49:02 cifsoplockd [cifsoplockd] +I< 0 24319 2 0 0 0.0 26-02:49:02 cifs-dfscache [cifs-dfscache] +S 0 24322 2 0 0 0.0 26-02:49:02 cifsd [cifsd] +I< 0 24413 2 0 0 0.0 26-02:48:57 btrfs-worker [btrfs-worker] +I< 0 24414 2 0 0 0.0 26-02:48:57 btrfs-worker-hi [btrfs-worker-hi] +I< 0 24415 2 0 0 0.0 26-02:48:57 btrfs-delalloc [btrfs-delalloc] +I< 0 24416 2 0 0 0.0 26-02:48:57 btrfs-flush_del [btrfs-flush_del] +I< 0 24418 2 0 0 0.0 26-02:48:57 btrfs-cache [btrfs-cache] +I< 0 24419 2 0 0 0.0 26-02:48:57 btrfs-fixup [btrfs-fixup] +I< 0 24420 2 0 0 0.0 26-02:48:57 btrfs-endio [btrfs-endio] +I< 0 24421 2 0 0 0.0 26-02:48:57 btrfs-endio-met [btrfs-endio-met] +I< 0 24422 2 0 0 0.0 26-02:48:57 btrfs-endio-met [btrfs-endio-met] +I< 0 24423 2 0 0 0.0 26-02:48:57 btrfs-endio-rai [btrfs-endio-rai] +I< 0 24424 2 0 0 0.0 26-02:48:57 btrfs-rmw [btrfs-rmw] +I< 0 24425 2 0 0 0.0 26-02:48:57 btrfs-endio-wri [btrfs-endio-wri] +I< 0 24426 2 0 0 0.0 26-02:48:57 btrfs-freespace [btrfs-freespace] +I< 0 24427 2 0 0 0.0 26-02:48:57 btrfs-delayed-m [btrfs-delayed-m] +I< 0 24428 2 0 0 0.0 26-02:48:57 btrfs-readahead [btrfs-readahead] +I< 0 24429 2 0 0 0.0 26-02:48:57 btrfs-qgroup-re [btrfs-qgroup-re] +S 0 24450 2 0 0 0.0 26-02:48:53 btrfs-cleaner [btrfs-cleaner] +S 0 24451 2 0 0 0.0 26-02:48:53 btrfs-transacti [btrfs-transacti] +I< 0 747708 2 0 0 0.0 16-21:06:20 xfsalloc [xfsalloc] +I< 0 747709 2 0 0 0.0 16-21:06:20 xfs_mru_cache [xfs_mru_cache] +S 0 747713 2 0 0 0.0 16-21:06:20 jfsIO [jfsIO] +S 0 747714 2 0 0 0.0 16-21:06:20 jfsCommit [jfsCommit] +S 0 747715 2 0 0 0.0 16-21:06:20 jfsCommit [jfsCommit] +S 0 747716 2 0 0 0.0 16-21:06:20 jfsCommit [jfsCommit] +S 0 747717 2 0 0 0.0 16-21:06:20 jfsCommit [jfsCommit] +S 0 747718 2 0 0 0.0 16-21:06:20 jfsSync [jfsSync] +Ss 0 1071687 1 105976 28304 0.0 3-03:12:31 systemd-journal /lib/systemd/systemd-journald +Ss 0 1934146 1 25672 4704 0.0 11:19:31 cupsd /usr/sbin/cupsd -l +Ssl 0 1934148 1 182868 8540 0.0 11:19:31 cups-browsed /usr/sbin/cups-browsed +S 13 1934155 3392655 5752 88 0.0 11:19:31 pinger (pinger) +S< 33 1934166 3393034 57996 5460 0.0 11:19:31 apache2 /usr/sbin/apache2 -k start +S< 33 1934167 3393034 216944 13892 0.0 11:19:30 apache2 /usr/sbin/apache2 -k start +S< 33 1934168 3393034 216944 13756 0.0 11:19:30 apache2 /usr/sbin/apache2 -k start +S< 33 1934169 3393034 216936 13732 0.0 11:19:30 apache2 /usr/sbin/apache2 -k start +S< 33 1934170 3393034 216944 13888 0.0 11:19:30 apache2 /usr/sbin/apache2 -k start +S< 33 1934172 3393034 216944 15388 0.0 11:19:30 apache2 /usr/sbin/apache2 -k start +S< 33 1934701 3393034 216936 13736 0.0 11:19:29 apache2 /usr/sbin/apache2 -k start +S< 33 1935056 3393034 216920 13724 0.0 11:19:28 apache2 /usr/sbin/apache2 -k start +S 7 1936834 1934146 16652 832 0.0 11:18:12 dbus /usr/lib/cups/notifier/dbus dbus:// +S< 33 1955909 3393034 216928 13792 0.0 11:00:25 apache2 /usr/sbin/apache2 -k start +I< 0 2531464 2 0 0 0.0 06:35:47 kworker/u9:0-i9 [kworker/u9:0-i915_flip] +I 0 2570506 2 0 0 0.0 06:27:41 kworker/1:0-cgr [kworker/1:0-cgroup_destroy] +I 0 2596195 2 0 0 0.0 06:21:52 kworker/1:1-eve [kworker/1:1-events] +I 0 2785341 2 0 0 0.0 03:34:16 kworker/u8:8-bt [kworker/u8:8-btrfs-endio-write] +I 0 2785520 2 0 0 0.0 03:33:50 kworker/3:0-eve [kworker/3:0-events] +I 0 2798669 2 0 0 0.0 03:21:09 kworker/u8:5-bt [kworker/u8:5-btrfs-endio-write] +Ss 0 2803015 1 5616 3108 0.0 03:17:54 cron /usr/sbin/cron -f +I 0 2845483 2 0 0 0.0 02:38:11 kworker/0:3-eve [kworker/0:3-events] +I 0 2939490 2 0 0 0.1 01:10:32 kworker/0:0-eve [kworker/0:0-events] +I 0 2939754 2 0 0 0.0 01:10:26 kworker/u8:1-i9 [kworker/u8:1-i915] +I 0 2942040 2 0 0 0.0 01:08:02 kworker/u8:7-bt [kworker/u8:7-btrfs-endio-meta] +S 117 2954268 3392551 40044 5772 0.0 56:37 pickup pickup -l -t unix -u -c +I 0 2965195 2 0 0 0.0 46:00 kworker/u8:0-bt [kworker/u8:0-btrfs-worker] +I 0 2977972 2 0 0 0.0 33:54 kworker/u8:2-bt [kworker/u8:2-btrfs-endio-write] +I 0 2985488 2 0 0 0.0 27:02 kworker/u8:3-bl [kworker/u8:3-blkcg_punt_bio] +I 0 2987519 2 0 0 1.0 25:15 kworker/2:1-eve [kworker/2:1-events] +I 0 2987601 2 0 0 0.0 25:03 kworker/u8:9-i9 [kworker/u8:9-i915] +I< 0 2995218 2 0 0 0.0 18:41 kworker/u9:2-xp [kworker/u9:2-xprtiod] +I 0 2997170 2 0 0 0.0 16:41 kworker/3:1-rcu [kworker/3:1-rcu_gp] +I 0 3001264 2 0 0 0.0 13:01 kworker/u8:4-bt [kworker/u8:4-btrfs-endio-write] +I 0 3004697 2 0 0 0.7 09:41 kworker/2:0-eve [kworker/2:0-events] +I 0 3010619 2 0 0 1.0 04:29 kworker/2:2-eve [kworker/2:2-events] +I 0 3014612 2 0 0 0.0 00:41 kworker/3:2-eve [kworker/3:2-events] +S 0 3015082 2803015 6716 3028 0.0 00:30 cron /usr/sbin/CRON -f +I 0 3015382 2 0 0 0.0 00:00 kworker/u8:6-bt [kworker/u8:6-btrfs-endio-meta] +Ss 1 3392068 1 5592 504 0.0 15-02:34:39 atd /usr/sbin/atd -f +Ssl 0 3392072 1 235796 1740 0.0 15-02:34:39 accounts-daemon /usr/libexec/accounts-daemon +Ssl 106 3392076 1 315708 6128 0.0 15-02:34:39 colord /usr/libexec/colord +Ss 0 3392083 1 8120 720 0.0 15-02:34:39 haveged /usr/sbin/haveged --Foreground --verbose=1 +Ss 0 3392090 1 5168 132 0.0 15-02:34:39 blkmapd /usr/sbin/blkmapd +SNsl 111 3392094 1 155648 440 0.0 15-02:34:39 rtkit-daemon /usr/libexec/rtkit-daemon +Ssl 0 3392097 1 290168 1352 0.0 15-02:34:39 packagekitd /usr/libexec/packagekitd +Ss 128 3392100 1 7960 448 0.0 15-02:34:39 rpcbind /sbin/rpcbind -f -w +Ss 0 3392114 1 13432 616 0.0 15-02:34:39 systemd-machine /lib/systemd/systemd-machined +Ss 0 3392118 1 13316 848 0.0 15-02:34:39 sshd sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups +Ssl 0 3392124 1 244072 2456 0.0 15-02:34:39 upowerd /usr/libexec/upowerd +Ssl 0 3392138 1 1634748 10684 0.0 15-02:34:39 containerd /usr/bin/containerd +Ssl 0 3392139 1 222768 1784 0.0 15-02:34:39 rsyslogd /usr/sbin/rsyslogd -n -iNONE +Ss 13 3392140 1 3344 152 0.0 15-02:34:39 polipo /usr/bin/polipo -c /etc/polipo/config pidFile=/var/run/polipo/polipo.pid daemonise=true +Ssl 119 3392156 1 76472 1688 0.0 15-02:34:39 ntpd /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 119:126 +Ss 120 3392168 1 4656 276 0.0 15-02:34:39 rpc.statd /sbin/rpc.statd --no-notify +Ss 0 3392171 1 5072 432 0.0 15-02:34:39 rpc.mountd /usr/sbin/rpc.mountd --manage-gids +Ss 0 3392176 1 5008 288 0.0 15-02:34:39 rpc.idmapd /usr/sbin/rpc.idmapd +Ss 105 3392184 1 15544 6816 3.5 15-02:34:39 avahi-daemon avahi-daemon: running [tsui.local] +Ss 0 3392186 1 25288 3860 0.0 15-02:34:39 systemd-udevd /lib/systemd/systemd-udevd +S 105 3392190 3392184 8788 52 0.0 15-02:34:39 avahi-daemon avahi-daemon: chroot helper +Ssl 0 3392197 1 396120 4188 0.0 15-02:34:39 udisksd /usr/libexec/udisks2/udisksd +Ssl 0 3392214 1 237504 6632 0.0 15-02:34:39 polkitd /usr/libexec/polkitd --no-debug +Ss 0 3392284 1 9684 560 0.0 15-02:34:38 xinetd /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6 +Ssl 0 3392285 1 314840 1352 0.0 15-02:34:38 ModemManager /usr/sbin/ModemManager +Ss 0 3392317 1 2352 140 0.0 15-02:34:38 acpid /usr/sbin/acpid +S 0 3392400 2 0 0 0.0 15-02:34:38 nfsd [nfsd] +S 0 3392401 2 0 0 0.0 15-02:34:38 nfsd [nfsd] +S 0 3392402 2 0 0 0.0 15-02:34:38 nfsd [nfsd] +S 0 3392403 2 0 0 0.0 15-02:34:38 nfsd [nfsd] +S 0 3392404 2 0 0 0.0 15-02:34:38 nfsd [nfsd] +S 0 3392405 2 0 0 0.0 15-02:34:38 nfsd [nfsd] +S 0 3392407 2 0 0 0.0 15-02:34:38 nfsd [nfsd] +S 0 3392410 2 0 0 0.0 15-02:34:38 nfsd [nfsd] +Ss 0 3392551 1 40092 1304 0.0 15-02:34:37 master /usr/lib/postfix/sbin/master -w +S 117 3392553 3392551 40156 568 0.0 15-02:34:37 qmgr qmgr -l -t unix -u +Ss 0 3392650 1 63652 4 0.0 15-02:34:36 squid /usr/sbin/squid --foreground -sYC +Ssl 116 3392652 1 1675196 93848 0.0 15-02:34:36 mariadbd /usr/sbin/mariadbd +S 13 3392655 3392650 81776 21232 0.0 15-02:34:36 squid (squid-1) --kid squid-1 --foreground -sYC +S 13 3392657 3392655 5572 68 0.0 15-02:34:36 log_file_daemon (logfile-daemon) /var/log/squid/access.log +S<s 0 3393034 1 216648 7560 0.0 15-02:34:34 apache2 /usr/sbin/apache2 -k start +Ss 33 3393037 1 3432 180 0.0 15-02:34:34 htcacheclean /usr/bin/htcacheclean -d 120 -p /var/cache/apache2/mod_cache_disk -l 300M -n diff --git a/plugins/tests/var/ps_axwo.debian b/plugins/tests/var/ps_axwo.debian deleted file mode 100644 index 37a2d35e..00000000 --- a/plugins/tests/var/ps_axwo.debian +++ /dev/null @@ -1,84 +0,0 @@ -STAT UID PID PPID VSZ RSS %CPU COMMAND COMMAND -S 0 1 0 1504 428 0.0 init init [2] -SN 0 2 1 0 0 0.0 ksoftirqd/0 [ksoftirqd/0] -S< 0 3 1 0 0 0.0 events/0 [events/0] -S< 0 4 3 0 0 0.0 khelper [khelper] -S< 0 5 3 0 0 0.0 kacpid [kacpid] -S< 0 38 3 0 0 0.0 kblockd/0 [kblockd/0] -S 0 48 3 0 0 0.0 pdflush [pdflush] -S< 0 51 3 0 0 0.0 aio/0 [aio/0] -S 0 50 1 0 0 0.0 kswapd0 [kswapd0] -S 0 193 1 0 0 0.0 kseriod [kseriod] -S 0 214 1 0 0 0.0 scsi_eh_0 [scsi_eh_0] -S 0 221 1 0 0 0.0 khubd [khubd] -S 0 299 1 0 0 0.3 kjournald [kjournald] -S 0 1148 1 0 0 0.0 pciehpd_event [pciehpd_event] -S 0 1168 1 0 0 0.0 shpchpd_event [shpchpd_event] -Ss 1 1795 1 1612 276 0.0 portmap /sbin/portmap -Ss 0 2200 1 1652 568 0.0 vmware-guestd /usr/sbin/vmware-guestd --background /var/run/vmware-guestd.pid -Ss 0 2209 1 2240 532 0.0 inetd /usr/sbin/inetd -Ss 0 2319 1 3468 792 0.0 sshd /usr/sbin/sshd -Ss 0 2323 1 2468 676 0.0 rpc.statd /sbin/rpc.statd -Ss 1 2332 1 1684 488 0.0 atd /usr/sbin/atd -Ss 0 2335 1 1764 636 0.0 cron /usr/sbin/cron -Ss+ 0 2350 1 1500 348 0.0 getty /sbin/getty 38400 tty1 -Ss+ 0 2351 1 1500 348 0.0 getty /sbin/getty 38400 tty2 -Ss+ 0 2352 1 1500 348 0.0 getty /sbin/getty 38400 tty3 -Ss+ 0 2353 1 1500 348 0.0 getty /sbin/getty 38400 tty4 -Ss+ 0 2354 1 1500 348 0.0 getty /sbin/getty 38400 tty5 -Ss+ 0 2355 1 1500 348 0.0 getty /sbin/getty 38400 tty6 -S 0 6907 1 2308 892 0.0 mysqld_safe /bin/sh /usr/bin/mysqld_safe -S 103 6944 6907 123220 27724 0.0 mysqld /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-locking --port=3306 --socket=/var/run/mysqld/mysqld.sock -S 0 6945 6907 1488 420 0.0 logger logger -p daemon.err -t mysqld_safe -i -t mysqld -S 1001 17778 1 6436 1588 0.0 snmpd /usr/sbin/snmpd -u nagios -Lsd -Lf /dev/null -p/var/run/snmpd.pid -Ss 0 17789 1 9496 5556 0.0 snmptrapd /usr/sbin/snmptrapd -t -m ALL -M /usr/share/snmp/mibs:/usr/local/monitoring/snmp/load -p /var/run/snmptrapd.pid -Ss 0 847 2319 14452 1752 0.0 sshd sshd: tonvoon [priv] -S 1000 857 847 14616 1832 0.0 sshd sshd: tonvoon@pts/3 -Ss 1000 860 857 2984 1620 0.0 bash -bash -S 0 868 860 2588 1428 0.0 bash -su -S+ 1001 877 868 2652 1568 0.0 bash -su -S 0 6086 3 0 0 0.0 pdflush [pdflush] -Ss 0 17832 2319 14452 1752 0.0 sshd sshd: tonvoon [priv] -S 1000 18155 17832 14620 1840 0.0 sshd sshd: tonvoon@pts/0 -Ss 1000 18156 18155 2984 1620 0.0 bash -bash -S 0 18518 18156 2588 1428 0.0 bash -su -S 1001 18955 18518 2672 1600 0.0 bash -su -Ss 0 21683 2319 14452 1756 0.0 sshd sshd: tonvoon [priv] -S 1000 21742 21683 14620 1896 0.0 sshd sshd: tonvoon@pts/1 -Ss 1000 21743 21742 2984 1620 0.0 bash -bash -S 0 21748 21743 2592 1432 0.0 bash -su -S 1001 21757 21748 2620 1540 0.0 bash -su -Ss 0 2334 2319 14452 1756 0.0 sshd sshd: tonvoon [priv] -S 1000 2343 2334 14620 1840 0.0 sshd sshd: tonvoon@pts/2 -Ss 1000 2344 2343 2984 1620 0.0 bash -bash -S 0 2349 2344 2592 1432 0.0 bash -su -S+ 1001 2364 2349 2620 1520 0.0 bash -su -T 1001 2454 2364 2096 1032 0.0 vi vi configure.in.rej -S+ 1001 8500 21757 69604 52576 0.0 opsview_web_ser /usr/bin/perl -w ./script/opsview_web_server.pl -f -d -Ss 0 7609 2319 14452 1756 0.0 sshd sshd: tonvoon [priv] -S 1000 7617 7609 14460 1828 0.0 sshd sshd: tonvoon@pts/4 -Ss 1000 7618 7617 2984 1620 0.0 bash -bash -S 0 7623 7618 2592 1432 0.0 bash -su -S+ 1001 7632 7623 2620 1528 0.0 bash -su -Ss 1001 12678 1 20784 17728 0.0 opsviewd opsviewd -Ss 0 832 1 14512 6360 0.0 apache2 /usr/sbin/apache2 -k start -DSSL -S 33 842 832 14648 6596 0.0 apache2 /usr/sbin/apache2 -k start -DSSL -S 33 843 832 14512 6504 0.0 apache2 /usr/sbin/apache2 -k start -DSSL -S 33 844 832 14512 6476 0.0 apache2 /usr/sbin/apache2 -k start -DSSL -S 33 845 832 14512 6476 0.0 apache2 /usr/sbin/apache2 -k start -DSSL -S 33 846 832 14512 6476 0.0 apache2 /usr/sbin/apache2 -k start -DSSL -Ss 7 4081 1 2464 884 0.0 lpd /usr/sbin/lpd -s -S 33 26484 832 14512 6476 0.0 apache2 /usr/sbin/apache2 -k start -DSSL -Ss 1001 22324 1 20252 1612 0.1 nagios ../../bin/nagios -d /usr/local/nagios/etc/nagios.cfg -Ss 0 23336 2319 14452 1756 0.0 sshd sshd: tonvoon [priv] -S 1000 23339 23336 14620 1840 0.0 sshd sshd: tonvoon@pts/5 -Ss 1000 23340 23339 2996 1636 0.0 bash -bash -S 0 23367 23340 3020 1628 0.0 bash bash -S 1001 23370 23367 3064 1748 0.0 bash bash -Ss 1001 23783 1 3220 764 0.0 ndo2db /usr/local/nagios/bin/ndo2db -c /usr/local/nagios/etc/ndo2db.cfg -Ss 1001 23784 1 6428 4948 0.0 import_ndologsd import_ndologsd -S+ 1001 9803 18955 4132 1936 0.0 ssh ssh altinity@cube02.lei.altinity -S 1001 22505 22324 20256 1616 0.0 nagios ../../bin/nagios -d /usr/local/nagios/etc/nagios.cfg -S 1001 22506 22505 1676 608 0.0 check_ping /usr/local/libexec/check_ping -H 192.168.10.23 -w 3000.0,80% -c 5000.0,100% -p 1 -S 1001 22507 22506 1660 492 0.0 ping /bin/ping -n -U -w 10 -c 1 192.168.10.23 -R+ 1001 22508 23370 2308 680 0.0 ps ps axwo stat uid pid ppid vsz rss pcpu comm args diff --git a/plugins/utils.c b/plugins/utils.c index 58b153d8..17dd5814 100644 --- a/plugins/utils.c +++ b/plugins/utils.c @@ -27,6 +27,8 @@ #include "utils_base.h" #include <stdarg.h> #include <limits.h> +#include <string.h> +#include <errno.h> #include <arpa/inet.h> @@ -36,9 +38,6 @@ extern const char *progname; #define STRLEN 64 #define TXTBLK 128 -unsigned int timeout_state = STATE_CRITICAL; -unsigned int timeout_interval = DEFAULT_SOCKET_TIMEOUT; - time_t start_time, end_time; /* ************************************************************************** @@ -144,39 +143,10 @@ usage5 (void) void print_revision (const char *command_name, const char *revision) { - char plugin_revision[STRLEN]; - printf ("%s v%s (%s %s)\n", command_name, revision, PACKAGE, VERSION); } -const char * -state_text (int result) -{ - switch (result) { - case STATE_OK: - return "OK"; - case STATE_WARNING: - return "WARNING"; - case STATE_CRITICAL: - return "CRITICAL"; - case STATE_DEPENDENT: - return "DEPENDENT"; - default: - return "UNKNOWN"; - } -} - -void -timeout_alarm_handler (int signo) -{ - if (signo == SIGALRM) { - printf (_("%s - Plugin timed out after %d seconds\n"), - state_text(timeout_state), timeout_interval); - exit (timeout_state); - } -} - int is_numeric (char *number) { @@ -271,6 +241,46 @@ is_intnonneg (char *number) return FALSE; } +/* + * Checks whether the number in the string _number_ can be put inside a int64_t + * On success the number will be written to the _target_ address, if _target_ is not set + * to NULL. + */ +int is_int64(char *number, int64_t *target) { + errno = 0; + uint64_t tmp = strtoll(number, NULL, 10); + if (errno != 0) { + return 0; + } + if (tmp < INT64_MIN || tmp > INT64_MAX) { + return 0; + } + if (target != NULL) { + *target = tmp; + } + return 1; +} + +/* + * Checks whether the number in the string _number_ can be put inside a uint64_t + * On success the number will be written to the _target_ address, if _target_ is not set + * to NULL. + */ +int is_uint64(char *number, uint64_t *target) { + errno = 0; + uint64_t tmp = strtoll(number, NULL, 10); + if (errno != 0) { + return 0; + } + if (tmp < 0 || tmp > UINT64_MAX) { + return 0; + } + if (target != NULL) { + *target = tmp; + } + return 1; +} + int is_intpercent (char *number) { @@ -579,10 +589,94 @@ char *perfdata (const char *label, xasprintf (&data, "%s;", data); if (minp) - xasprintf (&data, "%s%ld", data, minv); + xasprintf (&data, "%s%ld;", data, minv); + else + xasprintf (&data, "%s;", data); + + if (maxp) + xasprintf (&data, "%s%ld", data, maxv); + + return data; +} + + +char *perfdata_uint64 (const char *label, + uint64_t val, + const char *uom, + int warnp, /* Warning present */ + uint64_t warn, + int critp, /* Critical present */ + uint64_t crit, + int minp, /* Minimum present */ + uint64_t minv, + int maxp, /* Maximum present */ + uint64_t maxv) +{ + char *data = NULL; + + if (strpbrk (label, "'= ")) + xasprintf (&data, "'%s'=%ld%s;", label, val, uom); + else + xasprintf (&data, "%s=%ld%s;", label, val, uom); + + if (warnp) + xasprintf (&data, "%s%lu;", data, warn); + else + xasprintf (&data, "%s;", data); + + if (critp) + xasprintf (&data, "%s%lu;", data, crit); + else + xasprintf (&data, "%s;", data); + + if (minp) + xasprintf (&data, "%s%lu;", data, minv); + else + xasprintf (&data, "%s;", data); if (maxp) - xasprintf (&data, "%s;%ld", data, maxv); + xasprintf (&data, "%s%lu", data, maxv); + + return data; +} + + +char *perfdata_int64 (const char *label, + int64_t val, + const char *uom, + int warnp, /* Warning present */ + int64_t warn, + int critp, /* Critical present */ + int64_t crit, + int minp, /* Minimum present */ + int64_t minv, + int maxp, /* Maximum present */ + int64_t maxv) +{ + char *data = NULL; + + if (strpbrk (label, "'= ")) + xasprintf (&data, "'%s'=%ld%s;", label, val, uom); + else + xasprintf (&data, "%s=%ld%s;", label, val, uom); + + if (warnp) + xasprintf (&data, "%s%ld;", data, warn); + else + xasprintf (&data, "%s;", data); + + if (critp) + xasprintf (&data, "%s%ld;", data, crit); + else + xasprintf (&data, "%s;", data); + + if (minp) + xasprintf (&data, "%s%ld;", data, minv); + else + xasprintf (&data, "%s;", data); + + if (maxp) + xasprintf (&data, "%s%ld", data, maxv); return data; } @@ -630,3 +724,99 @@ char *fperfdata (const char *label, return data; } + +char *sperfdata (const char *label, + double val, + const char *uom, + char *warn, + char *crit, + int minp, + double minv, + int maxp, + double maxv) +{ + char *data = NULL; + if (strpbrk (label, "'= ")) + xasprintf (&data, "'%s'=", label); + else + xasprintf (&data, "%s=", label); + + xasprintf (&data, "%s%f", data, val); + xasprintf (&data, "%s%s;", data, uom); + + if (warn!=NULL) + xasprintf (&data, "%s%s", data, warn); + + xasprintf (&data, "%s;", data); + + if (crit!=NULL) + xasprintf (&data, "%s%s", data, crit); + + xasprintf (&data, "%s;", data); + + if (minp) + xasprintf (&data, "%s%f", data, minv); + + if (maxp) { + xasprintf (&data, "%s;", data); + xasprintf (&data, "%s%f", data, maxv); + } + + return data; +} + +char *sperfdata_int (const char *label, + int val, + const char *uom, + char *warn, + char *crit, + int minp, + int minv, + int maxp, + int maxv) +{ + char *data = NULL; + if (strpbrk (label, "'= ")) + xasprintf (&data, "'%s'=", label); + else + xasprintf (&data, "%s=", label); + + xasprintf (&data, "%s%d", data, val); + xasprintf (&data, "%s%s;", data, uom); + + if (warn!=NULL) + xasprintf (&data, "%s%s", data, warn); + + xasprintf (&data, "%s;", data); + + if (crit!=NULL) + xasprintf (&data, "%s%s", data, crit); + + xasprintf (&data, "%s;", data); + + if (minp) + xasprintf (&data, "%s%d", data, minv); + + if (maxp) { + xasprintf (&data, "%s;", data); + xasprintf (&data, "%s%d", data, maxv); + } + + return data; +} + +int +open_max (void) +{ + errno = 0; + if (maxfd > 0) + return(maxfd); + + if ((maxfd = sysconf (_SC_OPEN_MAX)) < 0) { + if (errno == 0) + maxfd = DEFAULT_MAXFD; /* it's indeterminate */ + else + die (STATE_UNKNOWN, _("sysconf error for _SC_OPEN_MAX\n")); + } + return(maxfd); +} diff --git a/plugins/utils.h b/plugins/utils.h index 4c4aaccc..5b54da3c 100644 --- a/plugins/utils.h +++ b/plugins/utils.h @@ -16,6 +16,7 @@ suite of plugins. */ /* now some functions etc are being defined in ../lib/utils_base.c */ #include "utils_base.h" + #ifdef NP_EXTRA_OPTS /* Include extra-opts functions if compiled in */ #include "extra_opts.h" @@ -29,13 +30,6 @@ suite of plugins. */ void support (void); void print_revision (const char *, const char *); -/* Handle timeouts */ - -extern unsigned int timeout_state; -extern unsigned int timeout_interval; - -RETSIGTYPE timeout_alarm_handler (int); - extern time_t start_time, end_time; /* Test input types */ @@ -45,6 +39,8 @@ int is_intpos (char *); int is_intneg (char *); int is_intnonneg (char *); int is_intpercent (char *); +int is_uint64(char *number, uint64_t *target); +int is_int64(char *number, int64_t *target); int is_numeric (char *); int is_positive (char *); @@ -89,34 +85,28 @@ void usage4(const char *) __attribute__((noreturn)); void usage5(void) __attribute__((noreturn)); void usage_va(const char *fmt, ...) __attribute__((noreturn)); -const char *state_text (int); - #define max(a,b) (((a)>(b))?(a):(b)) #define min(a,b) (((a)<(b))?(a):(b)) -char *perfdata (const char *, - long int, - const char *, - int, - long int, - int, - long int, - int, - long int, - int, - long int); - -char *fperfdata (const char *, - double, - const char *, - int, - double, - int, - double, - int, - double, - int, - double); +char *perfdata (const char *, long int, const char *, int, long int, + int, long int, int, long int, int, long int); + +char *perfdata_uint64 (const char *, uint64_t , const char *, int, uint64_t, + int, uint64_t, int, uint64_t, int, uint64_t); + +char *perfdata_int64 (const char *, int64_t, const char *, int, int64_t, + int, int64_t, int, int64_t, int, int64_t); + +char *fperfdata (const char *, double, const char *, int, double, + int, double, int, double, int, double); + +char *sperfdata (const char *, double, const char *, char *, char *, + int, double, int, double); + +char *sperfdata_int (const char *, int, const char *, char *, char *, + int, int, int, int); + +int open_max (void); /* The idea here is that, although not every plugin will use all of these, most will or should. Therefore, for consistency, these very common |