diff options
Diffstat (limited to 'plugins')
44 files changed, 223 insertions, 115 deletions
diff --git a/plugins/check_apt.c b/plugins/check_apt.c index 8747f904..a639a411 100644 --- a/plugins/check_apt.c +++ b/plugins/check_apt.c @@ -160,10 +160,10 @@ int process_arguments (int argc, char **argv) { switch(c) { case 'h': print_help(); - exit(STATE_OK); + exit(STATE_UNKNOWN); case 'V': print_revision(progname, NP_VERSION); - exit(STATE_OK); + exit(STATE_UNKNOWN); case 'v': verbose++; break; diff --git a/plugins/check_by_ssh.c b/plugins/check_by_ssh.c index a877f888..04bce38d 100644 --- a/plugins/check_by_ssh.c +++ b/plugins/check_by_ssh.c @@ -209,10 +209,10 @@ process_arguments (int argc, char **argv) switch (c) { case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'v': /* help */ verbose = TRUE; break; diff --git a/plugins/check_cluster.c b/plugins/check_cluster.c index cf699e1f..b86e501d 100644 --- a/plugins/check_cluster.c +++ b/plugins/check_cluster.c @@ -200,7 +200,7 @@ int process_arguments(int argc, char **argv){ case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); break; case 'H': /* help */ diff --git a/plugins/check_dbi.c b/plugins/check_dbi.c index a3d033f4..826eb8d9 100644 --- a/plugins/check_dbi.c +++ b/plugins/check_dbi.c @@ -368,10 +368,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'c': /* critical range */ critical_range = optarg; diff --git a/plugins/check_dig.c b/plugins/check_dig.c index d899b119..db4b20eb 100644 --- a/plugins/check_dig.c +++ b/plugins/check_dig.c @@ -223,10 +223,10 @@ process_arguments (int argc, char **argv) switch (c) { case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'H': /* hostname */ host_or_die(optarg); dns_server = optarg; diff --git a/plugins/check_disk.c b/plugins/check_disk.c index eb573f5f..9693bad3 100644 --- a/plugins/check_disk.c +++ b/plugins/check_disk.c @@ -766,10 +766,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case '?': /* help */ usage (_("Unknown argument")); } diff --git a/plugins/check_dns.c b/plugins/check_dns.c index 22121226..d6bd2c0f 100644 --- a/plugins/check_dns.c +++ b/plugins/check_dns.c @@ -395,10 +395,10 @@ process_arguments (int argc, char **argv) switch (c) { case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'v': /* version */ verbose = TRUE; break; diff --git a/plugins/check_dummy.c b/plugins/check_dummy.c index 3ed68717..212a1344 100644 --- a/plugins/check_dummy.c +++ b/plugins/check_dummy.c @@ -52,11 +52,11 @@ main (int argc, char **argv) usage4 (_("Could not parse arguments")); else if (strcmp (argv[1], "-V") == 0 || strcmp (argv[1], "--version") == 0) { print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); } else if (strcmp (argv[1], "-h") == 0 || strcmp (argv[1], "--help") == 0) { print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); } else if (!is_integer (argv[1])) usage4 (_("Arguments to check_dummy must be an integer")); diff --git a/plugins/check_fping.c b/plugins/check_fping.c index 274dd753..da1ce1a6 100644 --- a/plugins/check_fping.c +++ b/plugins/check_fping.c @@ -314,10 +314,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'v': /* verbose mode */ verbose = TRUE; break; diff --git a/plugins/check_game.c b/plugins/check_game.c index 29e59e2f..709dae1b 100644 --- a/plugins/check_game.c +++ b/plugins/check_game.c @@ -196,10 +196,10 @@ process_arguments (int argc, char **argv) switch (c) { case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'v': /* version */ verbose = TRUE; break; diff --git a/plugins/check_hpjd.c b/plugins/check_hpjd.c index 5fe06984..f159f5a2 100644 --- a/plugins/check_hpjd.c +++ b/plugins/check_hpjd.c @@ -350,10 +350,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case '?': /* help */ usage5 (); } diff --git a/plugins/check_http.c b/plugins/check_http.c index b1a69e55..2038f4a1 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c @@ -267,11 +267,11 @@ process_arguments (int argc, char **argv) break; case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); break; case 't': /* timeout period */ if (!is_intnonneg (optarg)) @@ -880,17 +880,42 @@ check_http (void) double elapsed_time_transfer = 0.0; int page_len = 0; int result = STATE_OK; + char *force_host_header = NULL; /* try to connect to the host at the given port number */ gettimeofday (&tv_temp, NULL); if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK) die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); microsec_connect = deltime (tv_temp); + + /* if we are called with the -I option, the -j method is CONNECT and */ + /* we received -S for SSL, then we tunnel the request through a proxy*/ + /* @20100414, public[at]frank4dd.com, http://www.frank4dd.com/howto */ + + if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0 + && host_name != NULL && use_ssl == TRUE) { + + if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT); + asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent); + asprintf (&buf, "%sProxy-Connection: keep-alive\r\n", buf); + asprintf (&buf, "%sHost: %s\r\n", buf, host_name); + /* we finished our request, send empty line with CRLF */ + asprintf (&buf, "%s%s", buf, CRLF); + if (verbose) printf ("%s\n", buf); + send(sd, buf, strlen (buf), 0); + buf[0]='\0'; + + if (verbose) printf ("Receive response from proxy\n"); + read (sd, buffer, MAX_INPUT_BUFFER-1); + if (verbose) printf ("%s", buffer); + /* Here we should check if we got HTTP/1.1 200 Connection established */ + } #ifdef HAVE_SSL elapsed_time_connect = (double)microsec_connect / 1.0e6; if (use_ssl == TRUE) { gettimeofday (&tv_temp, NULL); result = np_net_ssl_init_with_hostname_version_and_cert(sd, (use_sni ? host_name : NULL), ssl_version, client_cert, client_privkey); + if (verbose) printf ("SSL initialized\n"); if (result != STATE_OK) die (STATE_CRITICAL, NULL); microsec_ssl = deltime (tv_temp); @@ -904,29 +929,51 @@ check_http (void) } #endif /* HAVE_SSL */ - xasprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent); + if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0 + && host_name != NULL && use_ssl == TRUE) + asprintf (&buf, "%s %s %s\r\n%s\r\n", "GET", server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent); + else + asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent); /* tell HTTP/1.1 servers not to keep the connection alive */ xasprintf (&buf, "%sConnection: close\r\n", buf); + /* check if Host header is explicitly set in options */ + if (http_opt_headers_count) { + for (i = 0; i < http_opt_headers_count ; i++) { + if (strncmp(http_opt_headers[i], "Host:", 5) == 0) { + force_host_header = http_opt_headers[i]; + } + } + } + /* optionally send the host header info */ if (host_name) { - /* - * Specify the port only if we're using a non-default port (see RFC 2616, - * 14.23). Some server applications/configurations cause trouble if the - * (default) port is explicitly specified in the "Host:" header line. - */ - if ((use_ssl == FALSE && server_port == HTTP_PORT) || - (use_ssl == TRUE && server_port == HTTPS_PORT)) - xasprintf (&buf, "%sHost: %s\r\n", buf, host_name); - else - xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, server_port); + if (force_host_header) { + xasprintf (&buf, "%s%s\r\n", buf, force_host_header); + } + else { + /* + * Specify the port only if we're using a non-default port (see RFC 2616, + * 14.23). Some server applications/configurations cause trouble if the + * (default) port is explicitly specified in the "Host:" header line. + */ + if ((use_ssl == FALSE && server_port == HTTP_PORT) || + (use_ssl == TRUE && server_port == HTTPS_PORT) || + (server_address != NULL && strcmp(http_method, "CONNECT") == 0 + && host_name != NULL && use_ssl == TRUE)) + xasprintf (&buf, "%sHost: %s\r\n", buf, host_name); + else + xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, server_port); + } } /* optionally send any other header tag */ if (http_opt_headers_count) { for (i = 0; i < http_opt_headers_count ; i++) { - xasprintf (&buf, "%s%s\r\n", buf, http_opt_headers[i]); + if (force_host_header != http_opt_headers[i]) { + xasprintf (&buf, "%s%s\r\n", buf, http_opt_headers[i]); + } } /* This cannot be free'd here because a redirection will then try to access this and segfault */ /* Covered in a testcase in tests/check_http.t */ @@ -1508,7 +1555,7 @@ print_help (void) printf (" %s\n", _("URL to GET or POST (default: /)")); printf (" %s\n", "-P, --post=STRING"); printf (" %s\n", _("URL encoded http POST data")); - printf (" %s\n", "-j, --method=STRING (for example: HEAD, OPTIONS, TRACE, PUT, DELETE)"); + printf (" %s\n", "-j, --method=STRING (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT)"); printf (" %s\n", _("Set HTTP method.")); printf (" %s\n", "-N, --no-body"); printf (" %s\n", _("Don't wait for document body: stop reading after headers.")); @@ -1582,7 +1629,7 @@ print_help (void) printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 14 days,")); printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when")); - printf (" %s\n", _("the certificate is expired.")); + printf (" %s\n\n", _("the certificate is expired.")); printf ("\n"); printf (" %s\n\n", "CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14"); printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,")); @@ -1590,6 +1637,13 @@ print_help (void) printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned.")); printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days")); + printf (" %s\n\n", "CHECK SSL WEBSERVER CONTENT VIA PROXY USING HTTP 1.1 CONNECT: "); + printf (" %s\n", _("check_http -I 192.168.100.35 -p 80 -u https://www.verisign.com/ -S -j CONNECT -H www.verisign.com ")); + printf (" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>")); + printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds")); + printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,")); + printf (" %s\n", _("a STATE_CRITICAL will be returned.")); + #endif printf (UT_SUPPORT); diff --git a/plugins/check_ide_smart.c b/plugins/check_ide_smart.c index 47605e96..8d540ca1 100644 --- a/plugins/check_ide_smart.c +++ b/plugins/check_ide_smart.c @@ -234,10 +234,10 @@ main (int argc, char *argv[]) break; case 'h': print_help (); - return STATE_OK; + return STATE_UNKNOWN; case 'V': print_revision (progname, NP_VERSION); - return STATE_OK; + return STATE_UNKNOWN; default: usage5 (); } @@ -249,7 +249,7 @@ main (int argc, char *argv[]) if (!device) { print_help (); - return STATE_OK; + return STATE_UNKNOWN; } fd = open (device, OPEN_MODE); diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c index cfc8222a..e70d6a51 100644 --- a/plugins/check_ldap.c +++ b/plugins/check_ldap.c @@ -325,10 +325,10 @@ process_arguments (int argc, char **argv) switch (c) { case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 't': /* timeout period */ if (!is_intnonneg (optarg)) usage2 (_("Timeout interval must be a positive integer"), optarg); diff --git a/plugins/check_load.c b/plugins/check_load.c index cde63e56..a96435f4 100644 --- a/plugins/check_load.c +++ b/plugins/check_load.c @@ -251,10 +251,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case '?': /* help */ usage5 (); } diff --git a/plugins/check_mrtg.c b/plugins/check_mrtg.c index cf3fe044..1fda5492 100644 --- a/plugins/check_mrtg.c +++ b/plugins/check_mrtg.c @@ -234,10 +234,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case '?': /* help */ usage5 (); } diff --git a/plugins/check_mrtgtraf.c b/plugins/check_mrtgtraf.c index 3b038cf1..eb66f622 100644 --- a/plugins/check_mrtgtraf.c +++ b/plugins/check_mrtgtraf.c @@ -270,10 +270,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case '?': /* help */ usage5 (); } diff --git a/plugins/check_mysql.c b/plugins/check_mysql.c index 216626bc..5773afd9 100644 --- a/plugins/check_mysql.c +++ b/plugins/check_mysql.c @@ -444,10 +444,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'v': verbose++; break; diff --git a/plugins/check_mysql_query.c b/plugins/check_mysql_query.c index 71ab7768..49a14dd3 100644 --- a/plugins/check_mysql_query.c +++ b/plugins/check_mysql_query.c @@ -250,10 +250,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'q': xasprintf(&sql_query, "%s", optarg); break; diff --git a/plugins/check_nagios.c b/plugins/check_nagios.c index 791b6dbe..40d68f03 100644 --- a/plugins/check_nagios.c +++ b/plugins/check_nagios.c @@ -235,10 +235,10 @@ process_arguments (int argc, char **argv) switch (c) { case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'F': /* status log */ status_log = optarg; break; diff --git a/plugins/check_nt.c b/plugins/check_nt.c index f621b0a8..59c135db 100644 --- a/plugins/check_nt.c +++ b/plugins/check_nt.c @@ -553,10 +553,10 @@ int process_arguments(int argc, char **argv){ usage5 (); case 'h': /* help */ print_help(); - exit(STATE_OK); + exit(STATE_UNKNOWN); case 'V': /* version */ print_revision(progname, NP_VERSION); - exit(STATE_OK); + exit(STATE_UNKNOWN); case 'H': /* hostname */ server_address = optarg; break; diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c index a7d278de..75efc289 100644 --- a/plugins/check_ntp.c +++ b/plugins/check_ntp.c @@ -691,11 +691,11 @@ int process_arguments(int argc, char **argv){ switch (c) { case 'h': print_help(); - exit(STATE_OK); + exit(STATE_UNKNOWN); break; case 'V': print_revision(progname, NP_VERSION); - exit(STATE_OK); + exit(STATE_UNKNOWN); break; case 'v': verbose++; diff --git a/plugins/check_ntp_peer.c b/plugins/check_ntp_peer.c index 44424af5..c656b0f5 100644 --- a/plugins/check_ntp_peer.c +++ b/plugins/check_ntp_peer.c @@ -448,11 +448,11 @@ int process_arguments(int argc, char **argv){ switch (c) { case 'h': print_help(); - exit(STATE_OK); + exit(STATE_UNKNOWN); break; case 'V': print_revision(progname, NP_VERSION); - exit(STATE_OK); + exit(STATE_UNKNOWN); break; case 'v': verbose++; diff --git a/plugins/check_ntp_time.c b/plugins/check_ntp_time.c index e344f8b7..295f86f6 100644 --- a/plugins/check_ntp_time.c +++ b/plugins/check_ntp_time.c @@ -477,11 +477,11 @@ int process_arguments(int argc, char **argv){ switch (c) { case 'h': print_help(); - exit(STATE_OK); + exit(STATE_UNKNOWN); break; case 'V': print_revision(progname, NP_VERSION); - exit(STATE_OK); + exit(STATE_UNKNOWN); break; case 'v': verbose++; diff --git a/plugins/check_nwstat.c b/plugins/check_nwstat.c index 1a7bfa16..e7e8de05 100644 --- a/plugins/check_nwstat.c +++ b/plugins/check_nwstat.c @@ -1354,10 +1354,10 @@ int process_arguments(int argc, char **argv) { usage5 (); case 'h': /* help */ print_help(); - exit(STATE_OK); + exit(STATE_UNKNOWN); case 'V': /* version */ print_revision(progname, NP_VERSION); - exit(STATE_OK); + exit(STATE_UNKNOWN); case 'H': /* hostname */ server_address=optarg; break; diff --git a/plugins/check_overcr.c b/plugins/check_overcr.c index af5eb9b9..9a4d25fa 100644 --- a/plugins/check_overcr.c +++ b/plugins/check_overcr.c @@ -340,10 +340,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'H': /* hostname */ server_address = optarg; break; diff --git a/plugins/check_pgsql.c b/plugins/check_pgsql.c index 9bad1ec5..2eb699e8 100644 --- a/plugins/check_pgsql.c +++ b/plugins/check_pgsql.c @@ -302,10 +302,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 't': /* timeout period */ if (!is_integer (optarg)) usage2 (_("Timeout interval must be a positive integer"), optarg); diff --git a/plugins/check_ping.c b/plugins/check_ping.c index dbc5c3e4..423ecbe5 100644 --- a/plugins/check_ping.c +++ b/plugins/check_ping.c @@ -224,11 +224,11 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); break; case 't': /* timeout period */ timeout_interval = atoi (optarg); diff --git a/plugins/check_procs.c b/plugins/check_procs.c index 402aac53..4bcc56bc 100644 --- a/plugins/check_procs.c +++ b/plugins/check_procs.c @@ -428,10 +428,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 't': /* timeout period */ if (!is_integer (optarg)) usage2 (_("Timeout interval must be a positive integer"), optarg); diff --git a/plugins/check_radius.c b/plugins/check_radius.c index b2943475..03cbb8b0 100644 --- a/plugins/check_radius.c +++ b/plugins/check_radius.c @@ -259,10 +259,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (OK); + exit (STATE_UNKNOWN); case 'v': /* verbose mode */ verbose = TRUE; break; diff --git a/plugins/check_real.c b/plugins/check_real.c index 00bd4d20..6491e6e9 100644 --- a/plugins/check_real.c +++ b/plugins/check_real.c @@ -359,10 +359,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case '?': /* usage */ usage5 (); } diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c index 24304534..56040ff2 100644 --- a/plugins/check_smtp.c +++ b/plugins/check_smtp.c @@ -623,10 +623,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case '?': /* help */ usage5 (); } diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c index 62e6b8b3..28cc44dd 100644 --- a/plugins/check_snmp.c +++ b/plugins/check_snmp.c @@ -709,10 +709,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'v': /* verbose */ verbose++; break; diff --git a/plugins/check_ssh.c b/plugins/check_ssh.c index 3658965e..8ccbd5a7 100644 --- a/plugins/check_ssh.c +++ b/plugins/check_ssh.c @@ -128,10 +128,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'v': /* verbose */ verbose = TRUE; break; diff --git a/plugins/check_swap.c b/plugins/check_swap.c index 25e0bacd..4d5a4071 100644 --- a/plugins/check_swap.c +++ b/plugins/check_swap.c @@ -470,10 +470,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case '?': /* error */ usage5 (); } diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c index a18c37ae..6dc9aa96 100644 --- a/plugins/check_tcp.c +++ b/plugins/check_tcp.c @@ -237,7 +237,7 @@ main (int argc, char **argv) gettimeofday (&tv, NULL); result = np_net_connect (server_address, server_port, &sd, PROTOCOL); - if (result == STATE_CRITICAL) return STATE_CRITICAL; + if (result == STATE_CRITICAL) return econn_refuse_state; #ifdef HAVE_SSL if (flags & FLAG_SSL){ @@ -463,10 +463,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'v': /* verbose mode */ flags |= FLAG_VERBOSE; match_flags |= NP_MATCH_VERBOSE; diff --git a/plugins/check_time.c b/plugins/check_time.c index 3943742a..baf8c591 100644 --- a/plugins/check_time.c +++ b/plugins/check_time.c @@ -231,10 +231,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'H': /* hostname */ if (is_host (optarg) == FALSE) usage2 (_("Invalid hostname/address"), optarg); diff --git a/plugins/check_ups.c b/plugins/check_ups.c index 099881d0..dc5a348b 100644 --- a/plugins/check_ups.c +++ b/plugins/check_ups.c @@ -558,10 +558,10 @@ process_arguments (int argc, char **argv) break; case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); } } diff --git a/plugins/check_users.c b/plugins/check_users.c index a009f20b..54415a48 100644 --- a/plugins/check_users.c +++ b/plugins/check_users.c @@ -210,10 +210,10 @@ process_arguments (int argc, char **argv) usage5 (); case 'h': /* help */ print_help (); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'V': /* version */ print_revision (progname, NP_VERSION); - exit (STATE_OK); + exit (STATE_UNKNOWN); case 'c': /* critical */ if (!is_intnonneg (optarg)) usage4 (_("Critical threshold must be a positive integer")); diff --git a/plugins/netutils.c b/plugins/netutils.c index 83f8942f..705aaf09 100644 --- a/plugins/netutils.c +++ b/plugins/netutils.c @@ -161,6 +161,10 @@ process_request (const char *server_address, int server_port, int proto, int np_net_connect (const char *host_name, int port, int *sd, int proto) { + /* send back STATE_UNKOWN if there's an error + send back STATE_OK if we connect + send back STATE_CRITICAL if we can't connect. + Let upstream figure out what to send to the user. */ struct addrinfo hints; struct addrinfo *r, *res; struct sockaddr_un su; @@ -250,16 +254,14 @@ np_net_connect (const char *host_name, int port, int *sd, int proto) else if (was_refused) { switch (econn_refuse_state) { /* a user-defined expected outcome */ case STATE_OK: - case STATE_WARNING: /* user wants WARN or OK on refusal */ - return econn_refuse_state; - break; - case STATE_CRITICAL: /* user did not set econn_refuse_state */ + case STATE_WARNING: /* user wants WARN or OK on refusal, or... */ + case STATE_CRITICAL: /* user did not set econn_refuse_state, or wanted critical */ if (is_socket) printf("connect to file socket %s: %s\n", host_name, strerror(errno)); else printf("connect to address %s and port %d: %s\n", host_name, port, strerror(errno)); - return econn_refuse_state; + return STATE_CRITICAL; break; default: /* it's a logic error if we do not end up in STATE_(OK|WARNING|CRITICAL) */ return STATE_UNKNOWN; diff --git a/plugins/sslutils.c b/plugins/sslutils.c index 43b1a5a6..4f9c793c 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c @@ -195,7 +195,9 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ # ifdef USE_OPENSSL X509 *certificate=NULL; X509_NAME *subj=NULL; + char timestamp[50] = ""; char cn[MAX_CN_LENGTH]= ""; + int cnlen =-1; int status=STATE_UNKNOWN; @@ -204,7 +206,7 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ struct tm stamp; float time_left; int days_left; - char timestamp[50] = ""; + int time_remaining; time_t tm_t; certificate=SSL_get_peer_certificate(s); @@ -258,7 +260,8 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0'); stamp.tm_min = (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0'); - stamp.tm_sec = 0; + stamp.tm_sec = + (tm->data[10 + offset] - '0') * 10 + (tm->data[11 + offset] - '0'); stamp.tm_isdst = -1; time_left = difftime(timegm(&stamp), time(NULL)); @@ -269,21 +272,35 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ if (days_left > 0 && days_left <= days_till_exp_warn) { printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, days_left, timestamp); if (days_left > days_till_exp_crit) - return STATE_WARNING; + status = STATE_WARNING; else - return STATE_CRITICAL; + status = STATE_CRITICAL; + } else if (days_left == 0 && time_left > 0) { + if (time_left >= 3600) + time_remaining = (int) time_left / 3600; + else + time_remaining = (int) time_left / 60; + + printf (_("%s - Certificate '%s' expires in %u %s (%s)\n"), + (days_left>days_till_exp_crit) ? "WARNING" : "CRITICAL", cn, time_remaining, + time_left >= 3600 ? "hours" : "minutes", timestamp); + + if ( days_left > days_till_exp_crit) + status = STATE_WARNING; + else + status = STATE_CRITICAL; } else if (time_left < 0) { printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp); status=STATE_CRITICAL; } else if (days_left == 0) { - printf (_("%s - Certificate '%s' expires today (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp); + printf (_("%s - Certificate '%s' just expired (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp); if (days_left > days_till_exp_crit) - return STATE_WARNING; + status = STATE_WARNING; else - return STATE_CRITICAL; + status = STATE_CRITICAL; } else { printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp); - status=STATE_OK; + status = STATE_OK; } X509_free(certificate); return status; diff --git a/plugins/t/check_http.t b/plugins/t/check_http.t index 2539a289..c2caec60 100644 --- a/plugins/t/check_http.t +++ b/plugins/t/check_http.t @@ -6,9 +6,10 @@ use strict; use Test::More; +use POSIX qw/mktime strftime/; use NPTest; -plan tests => 30; +plan tests => 42; my $successOutput = '/OK.*HTTP.*second/'; @@ -34,6 +35,8 @@ my $host_tcp_http2 = getTestParameter( "NP_HOST_TCP_HTTP2", "A host providing an index page containing the string 'monitoring'", "test.monitoring-plugins.org" ); +my $faketime = -x '/usr/bin/faketime' ? 1 : 0; + $res = NPTest->testCmd( "./check_http $host_tcp_http -wt 300 -ct 600" @@ -47,10 +50,10 @@ $res = NPTest->testCmd( like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" ); $res = NPTest->testCmd( - "./check_http $host_nonresponsive -wt 1 -ct 2" + "./check_http $host_nonresponsive -wt 1 -ct 2 -t 3" ); cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" ); -cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 10 seconds", "Output OK"); +cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 3 seconds", "Output OK"); $res = NPTest->testCmd( "./check_http $hostname_invalid -wt 1 -ct 2" @@ -112,6 +115,40 @@ SKIP: { $res = NPTest->testCmd( "./check_http www.verisign.com -C 1" ); cmp_ok( $res->output, 'eq', $saved_cert_output, "Old syntax for cert checking still works"); + # run some certificate checks with faketime + SKIP: { + skip "No faketime binary found", 12 if !$faketime; + $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./check_http -C 1 www.verisign.com"); + like($res->output, qr/OK - Certificate 'www.verisign.com' will expire on/, "Catch cert output"); + is( $res->return_code, 0, "Catch cert output exit code" ); + my($mon,$day,$hour,$min,$sec,$year) = ($res->output =~ /(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)\s+(\d+)\./); + if(!defined $year) { + die("parsing date failed from: ".$res); + } + my $months = {'Jan' => 0, 'Feb' => 1, 'Mar' => 2, 'Apr' => 3, 'May' => 4, 'Jun' => 5, 'Jul' => 6, 'Aug' => 7, 'Sep' => 8, 'Oct' => 9, 'Nov' => 10, 'Dec' => 11}; + my $ts = mktime($sec, $min, $hour, $day, $months->{$mon}, $year-1900); + my $time = strftime("%Y-%m-%d %H:%M:%S", localtime($ts)); + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_http -C 1 www.verisign.com"); + like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' just expired/, "Output on expire date"); + is( $res->return_code, 2, "Output on expire date" ); + + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-1))."' ./check_http -C 1 www.verisign.com"); + like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 0 minutes/, "cert expires in 1 second output"); + is( $res->return_code, 2, "cert expires in 1 second exit code" ); + + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-120))."' ./check_http -C 1 www.verisign.com"); + like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 2 minutes/, "cert expires in 2 minutes output"); + is( $res->return_code, 2, "cert expires in 2 minutes exit code" ); + + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-7200))."' ./check_http -C 1 www.verisign.com"); + like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 2 hours/, "cert expires in 2 hours output"); + is( $res->return_code, 2, "cert expires in 2 hours exit code" ); + + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_http -C 1 www.verisign.com"); + like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expired on/, "Certificate expired output"); + is( $res->return_code, 2, "Certificate expired exit code" ); + }; + $res = NPTest->testCmd( "./check_http --ssl www.verisign.com -E" ); like ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' ); like ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' ); diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t index d93a0ecf..e72d243a 100755 --- a/plugins/tests/check_http.t +++ b/plugins/tests/check_http.t @@ -186,21 +186,21 @@ SKIP: { $result = NPTest->testCmd( "$command -p $port_https -S -C 14" ); is( $result->return_code, 0, "$command -p $port_https -S -C 14" ); - is( $result->output, 'OK - Certificate \'Ton Voon\' will expire on Sun Mar 3 21:41:00 2019.', "output ok" ); + is( $result->output, 'OK - Certificate \'Ton Voon\' will expire on Sun Mar 3 21:41:28 2019.', "output ok" ); $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" ); is( $result->return_code, 1, "$command -p $port_https -S -C 14000" ); - like( $result->output, '/WARNING - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar 3 21:41:00 2019\)./', "output ok" ); + like( $result->output, '/WARNING - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar 3 21:41:28 2019\)./', "output ok" ); # Expired cert tests $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" ); is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" ); - like( $result->output, '/CRITICAL - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar 3 21:41:00 2019\)./', "output ok" ); + like( $result->output, '/CRITICAL - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar 3 21:41:28 2019\)./', "output ok" ); $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" ); is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" ); is( $result->output, - 'CRITICAL - Certificate \'Ton Voon\' expired on Thu Mar 5 00:13:00 2009.', + 'CRITICAL - Certificate \'Ton Voon\' expired on Thu Mar 5 00:13:16 2009.', "output ok" ); } diff --git a/plugins/utils.c b/plugins/utils.c index 7f49e7be..a864e4aa 100644 --- a/plugins/utils.c +++ b/plugins/utils.c @@ -144,8 +144,6 @@ usage5 (void) void print_revision (const char *command_name, const char *revision) { - char plugin_revision[STRLEN]; - printf ("%s v%s (%s %s)\n", command_name, revision, PACKAGE, VERSION); } |