diff options
Diffstat (limited to 'plugins')
71 files changed, 5548 insertions, 1047 deletions
diff --git a/plugins/Makefile.am b/plugins/Makefile.am index 0ddf9bd1..3fde54d6 100644 --- a/plugins/Makefile.am +++ b/plugins/Makefile.am @@ -38,7 +38,9 @@ check_tcp_programs = check_ftp check_imap check_nntp check_pop \ EXTRA_PROGRAMS = check_mysql check_radius check_pgsql check_snmp check_hpjd \ check_swap check_fping check_ldap check_game check_dig \ check_nagios check_by_ssh check_dns check_nt check_ide_smart \ - check_procs check_mysql_query check_apt check_dbi + check_procs check_mysql_query check_apt check_dbi check_curl + +SUBDIRS = picohttpparser EXTRA_DIST = t tests @@ -69,6 +71,9 @@ test-debug: check_apt_LDADD = $(BASEOBJS) check_cluster_LDADD = $(BASEOBJS) +check_curl_CFLAGS = $(AM_CFLAGS) $(LIBCURLCFLAGS) $(URIPARSERCFLAGS) $(LIBCURLINCLUDE) $(URIPARSERINCLUDE) -Ipicohttpparser +check_curl_CPPFLAGS = $(AM_CPPFLAGS) $(LIBCURLCFLAGS) $(URIPARSERCFLAGS) $(LIBCURLINCLUDE) $(URIPARSERINCLUDE) -Ipicohttpparser +check_curl_LDADD = $(NETLIBS) $(LIBCURLLIBS) $(SSLOBJS) $(URIPARSERLIBS) picohttpparser/libpicohttpparser.a check_dbi_LDADD = $(NETLIBS) $(DBILIBS) check_dig_LDADD = $(NETLIBS) check_disk_LDADD = $(BASEOBJS) @@ -89,7 +94,7 @@ check_mysql_query_CFLAGS = $(AM_CFLAGS) $(MYSQLCFLAGS) check_mysql_query_CPPFLAGS = $(AM_CPPFLAGS) $(MYSQLINCLUDE) check_mysql_query_LDADD = $(NETLIBS) $(MYSQLLIBS) check_nagios_LDADD = $(BASEOBJS) -check_nt_LDADD = $(NETLIBS) +check_nt_LDADD = $(NETLIBS) check_ntp_LDADD = $(NETLIBS) $(MATHLIBS) check_ntp_peer_LDADD = $(NETLIBS) $(MATHLIBS) check_nwstat_LDADD = $(NETLIBS) diff --git a/plugins/check_apt.c b/plugins/check_apt.c index c90b3df7..d7be5750 100644 --- a/plugins/check_apt.c +++ b/plugins/check_apt.c @@ -66,12 +66,17 @@ char* construct_cmdline(upgrade_type u, const char *opts); /* run an apt-get update */ int run_update(void); /* run an apt-get upgrade */ -int run_upgrade(int *pkgcount, int *secpkgcount); +int run_upgrade(int *pkgcount, int *secpkgcount, char ***pkglist, char ***secpkglist); /* add another clause to a regexp */ char* add_to_regexp(char *expr, const char *next); +/* extract package name from Inst line */ +char* pkg_name(char *line); +/* string comparison function for qsort */ +int cmpstringp(const void *p1, const void *p2); /* configuration variables */ static int verbose = 0; /* -v */ +static int list = 0; /* list packages available for upgrade */ static int do_update = 0; /* whether to call apt-get update */ static int only_critical = 0; /* whether to warn about non-critical updates */ static upgrade_type upgrade = UPGRADE; /* which type of upgrade to do */ @@ -81,13 +86,16 @@ static char *do_include = NULL; /* regexp to only include certain packages */ static char *do_exclude = NULL; /* regexp to only exclude certain packages */ static char *do_critical = NULL; /* regexp specifying critical packages */ static char *input_filename = NULL; /* input filename for testing */ +/* number of packages available for upgrade to return WARNING status */ +static int packages_warning = 1; /* other global variables */ static int stderr_warning = 0; /* if a cmd issued output on stderr */ static int exec_warning = 0; /* if a cmd exited non-zero */ int main (int argc, char **argv) { - int result=STATE_UNKNOWN, packages_available=0, sec_count=0; + int result=STATE_UNKNOWN, packages_available=0, sec_count=0, i=0; + char **packages_list=NULL, **secpackages_list=NULL; /* Parse extra opts if any */ argv=np_extra_opts(&argc, argv, progname); @@ -107,11 +115,11 @@ int main (int argc, char **argv) { if(do_update) result = run_update(); /* apt-get upgrade */ - result = max_state(result, run_upgrade(&packages_available, &sec_count)); + result = max_state(result, run_upgrade(&packages_available, &sec_count, &packages_list, &secpackages_list)); if(sec_count > 0){ result = max_state(result, STATE_CRITICAL); - } else if(packages_available > 0 && only_critical == 0){ + } else if(packages_available >= packages_warning && only_critical == 0){ result = max_state(result, STATE_WARNING); } else if(result > STATE_UNKNOWN){ result = STATE_UNKNOWN; @@ -130,6 +138,18 @@ int main (int argc, char **argv) { sec_count ); + if(list) { + qsort(secpackages_list, sec_count, sizeof(char*), cmpstringp); + qsort(packages_list, packages_available-sec_count, sizeof(char*), cmpstringp); + + for(i = 0; i < sec_count; i++) + printf("%s (security)\n", secpackages_list[i]); + if (only_critical == 0) { + for(i = 0; i < packages_available - sec_count; i++) + printf("%s\n", packages_list[i]); + } + } + return result; } @@ -146,16 +166,18 @@ int process_arguments (int argc, char **argv) { {"upgrade", optional_argument, 0, 'U'}, {"no-upgrade", no_argument, 0, 'n'}, {"dist-upgrade", optional_argument, 0, 'd'}, + {"list", no_argument, 0, 'l'}, {"include", required_argument, 0, 'i'}, {"exclude", required_argument, 0, 'e'}, {"critical", required_argument, 0, 'c'}, {"only-critical", no_argument, 0, 'o'}, {"input-file", required_argument, 0, INPUT_FILE_OPT}, + {"packages-warning", required_argument, 0, 'w'}, {0, 0, 0, 0} }; while(1) { - c = getopt_long(argc, argv, "hVvt:u::U::d::ni:e:c:o", longopts, NULL); + c = getopt_long(argc, argv, "hVvt:u::U::d::nli:e:c:ow:", longopts, NULL); if(c == -1 || c == EOF || c == 1) break; @@ -196,6 +218,9 @@ int process_arguments (int argc, char **argv) { if(update_opts==NULL) die(STATE_UNKNOWN, "strdup failed"); } break; + case 'l': + list=1; + break; case 'i': do_include=add_to_regexp(do_include, optarg); break; @@ -211,6 +236,9 @@ int process_arguments (int argc, char **argv) { case INPUT_FILE_OPT: input_filename = optarg; break; + case 'w': + packages_warning = atoi(optarg); + break; default: /* print short usage statement if args not parsable */ usage5(); @@ -222,7 +250,7 @@ int process_arguments (int argc, char **argv) { /* run an apt-get upgrade */ -int run_upgrade(int *pkgcount, int *secpkgcount){ +int run_upgrade(int *pkgcount, int *secpkgcount, char ***pkglist, char ***secpkglist){ int i=0, result=STATE_UNKNOWN, regres=0, pc=0, spc=0; struct output chld_out, chld_err; regex_t ireg, ereg, sreg; @@ -278,6 +306,11 @@ int run_upgrade(int *pkgcount, int *secpkgcount){ cmdline); } + *pkglist=malloc(sizeof(char *) * chld_out.lines); + if(!pkglist) die(STATE_UNKNOWN, "malloc failed!\n"); + *secpkglist=malloc(sizeof(char *) * chld_out.lines); + if(!secpkglist) die(STATE_UNKNOWN, "malloc failed!\n"); + /* parse the output, which should only consist of lines like * * Inst package .... @@ -302,6 +335,9 @@ int run_upgrade(int *pkgcount, int *secpkgcount){ if(regexec(&sreg, chld_out.line[i], 0, NULL, 0)==0){ spc++; if(verbose) printf("*"); + (*secpkglist)[spc-1] = pkg_name(chld_out.line[i]); + } else { + (*pkglist)[pc-spc-1] = pkg_name(chld_out.line[i]); } if(verbose){ printf("*%s\n", chld_out.line[i]); @@ -368,6 +404,31 @@ int run_update(void){ return result; } +char* pkg_name(char *line){ + char *start=NULL, *space=NULL, *pkg=NULL; + int len=0; + + start = line + strlen(PKGINST_PREFIX); + len = strlen(start); + + space = index(start, ' '); + if(space!=NULL){ + len = space - start; + } + + pkg=malloc(sizeof(char)*(len+1)); + if(!pkg) die(STATE_UNKNOWN, "malloc failed!\n"); + + strncpy(pkg, start, len); + pkg[len]='\0'; + + return pkg; +} + +int cmpstringp(const void *p1, const void *p2){ + return strcmp(* (char * const *) p1, * (char * const *) p2); +} + char* add_to_regexp(char *expr, const char *next){ char *re=NULL; @@ -450,8 +511,11 @@ print_help (void) printf (" %s\n", "-d, --dist-upgrade=OPTS"); printf (" %s\n", _("Perform a dist-upgrade instead of normal upgrade. Like with -U OPTS")); printf (" %s\n", _("can be provided to override the default options.")); - printf (" %s\n", " -n, --no-upgrade"); + printf (" %s\n", "-n, --no-upgrade"); printf (" %s\n", _("Do not run the upgrade. Probably not useful (without -u at least).")); + printf (" %s\n", "-l, --list"); + printf (" %s\n", _("List packages available for upgrade. Packages are printed sorted by")); + printf (" %s\n", _("name with security packages listed first.")); printf (" %s\n", "-i, --include=REGEXP"); printf (" %s\n", _("Include only packages matching REGEXP. Can be specified multiple times")); printf (" %s\n", _("the values will be combined together. Any packages matching this list")); @@ -472,7 +536,10 @@ print_help (void) printf (" %s\n", "-o, --only-critical"); printf (" %s\n", _("Only warn about upgrades matching the critical list. The total number")); printf (" %s\n", _("of upgrades will be printed, but any non-critical upgrades will not cause")); - printf (" %s\n\n", _("the plugin to return WARNING status.")); + printf (" %s\n", _("the plugin to return WARNING status.")); + printf (" %s\n", "-w, --packages-warning"); + printf (" %s\n", _("Minumum number of packages available for upgrade to return WARNING status.")); + printf (" %s\n\n", _("Default is 1 package.")); printf ("%s\n\n", _("The following options require root privileges and should be used with care:")); printf (" %s\n", "-u, --update=OPTS"); @@ -490,5 +557,5 @@ void print_usage(void) { printf ("%s\n", _("Usage:")); - printf ("%s [[-d|-u|-U]opts] [-n] [-t timeout]\n", progname); + printf ("%s [[-d|-u|-U]opts] [-n] [-l] [-t timeout] [-w packages-warning]\n", progname); } diff --git a/plugins/check_by_ssh.c b/plugins/check_by_ssh.c index 13d8bc3b..39d49070 100644 --- a/plugins/check_by_ssh.c +++ b/plugins/check_by_ssh.c @@ -49,6 +49,7 @@ unsigned int commands = 0; unsigned int services = 0; int skip_stdout = 0; int skip_stderr = 0; +int warn_on_stderr = 0; char *remotecmd = NULL; char **commargv = NULL; int commargc = 0; @@ -116,7 +117,10 @@ main (int argc, char **argv) if(chld_err.lines > skip_stderr) { printf (_("Remote command execution failed: %s\n"), chld_err.line[skip_stderr]); - return max_state_alt(result, STATE_UNKNOWN); + if ( warn_on_stderr ) + return max_state_alt(result, STATE_WARNING); + else + return max_state_alt(result, STATE_UNKNOWN); } /* this is simple if we're not supposed to be passive. @@ -189,6 +193,7 @@ process_arguments (int argc, char **argv) {"skip", optional_argument, 0, 'S'}, /* backwards compatibility */ {"skip-stdout", optional_argument, 0, 'S'}, {"skip-stderr", optional_argument, 0, 'E'}, + {"warn-on-stderr", no_argument, 0, 'W'}, {"proto1", no_argument, 0, '1'}, {"proto2", no_argument, 0, '2'}, {"use-ipv4", no_argument, 0, '4'}, @@ -230,7 +235,6 @@ process_arguments (int argc, char **argv) timeout_interval = atoi (optarg); break; case 'H': /* host */ - host_or_die(optarg); hostname = optarg; break; case 'p': /* port number */ @@ -308,6 +312,9 @@ process_arguments (int argc, char **argv) else skip_stderr = atoi (optarg); break; + case 'W': /* exit with warning if there is an output on stderr */ + warn_on_stderr = 1; + break; case 'o': /* Extra options for the ssh command */ comm_append("-o"); comm_append(optarg); @@ -329,7 +336,6 @@ process_arguments (int argc, char **argv) if (c <= argc) { die (STATE_UNKNOWN, _("%s: You must provide a host name\n"), progname); } - host_or_die(argv[c]); hostname = argv[c++]; } @@ -415,6 +421,8 @@ print_help (void) printf (" %s\n", _("Ignore all or (if specified) first n lines on STDOUT [optional]")); printf (" %s\n", "-E, --skip-stderr[=n]"); printf (" %s\n", _("Ignore all or (if specified) first n lines on STDERR [optional]")); + printf (" %s\n", "-W, --warn-on-stderr]"); + printf (" %s\n", _("Exit with an warning, if there is an output on STDERR")); printf (" %s\n", "-f"); printf (" %s\n", _("tells ssh to fork rather than create a tty [optional]. This will always return OK if ssh is executed")); printf (" %s\n","-C, --command='COMMAND STRING'"); @@ -467,7 +475,7 @@ print_usage (void) { printf ("%s\n", _("Usage:")); printf (" %s -H <host> -C <command> [-fqv] [-1|-2] [-4|-6]\n" - " [-S [lines]] [-E [lines]] [-t timeout] [-i identity]\n" + " [-S [lines]] [-E [lines]] [-W] [-t timeout] [-i identity]\n" " [-l user] [-n name] [-s servicelist] [-O outputfile]\n" " [-p port] [-o ssh-option] [-F configfile]\n", progname); diff --git a/plugins/check_cluster.c b/plugins/check_cluster.c index b86e501d..e1ede9f7 100644 --- a/plugins/check_cluster.c +++ b/plugins/check_cluster.c @@ -143,6 +143,7 @@ int main(int argc, char **argv){ int process_arguments(int argc, char **argv){ int c; + char *ptr; int option=0; static struct option longopts[]={ {"data", required_argument,0,'d'}, @@ -188,6 +189,15 @@ int process_arguments(int argc, char **argv){ case 'd': /* data values */ data_vals=(char *)strdup(optarg); + /* validate data */ + for (ptr=data_vals;ptr!=NULL;ptr+=2){ + if (ptr[0]<'0' || ptr[0]>'3') + return ERROR; + if (ptr[1]=='\0') + break; + if (ptr[1]!=',') + return ERROR; + } break; case 'l': /* text label */ diff --git a/plugins/check_curl.c b/plugins/check_curl.c new file mode 100644 index 00000000..14cc8463 --- /dev/null +++ b/plugins/check_curl.c @@ -0,0 +1,2467 @@ +/***************************************************************************** +* +* Monitoring check_curl plugin +* +* License: GPL +* Copyright (c) 1999-2019 Monitoring Plugins Development Team +* +* Description: +* +* This file contains the check_curl plugin +* +* This plugin tests the HTTP service on the specified host. It can test +* normal (http) and secure (https) servers, follow redirects, search for +* strings and regular expressions, check connection times, and report on +* certificate expiration times. +* +* This plugin uses functions from the curl library, see +* http://curl.haxx.se +* +* This program is free software: you can redistribute it and/or modify +* it under the terms of the GNU General Public License as published by +* the Free Software Foundation, either version 3 of the License, or +* (at your option) any later version. +* +* This program is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU General Public License for more details. +* +* You should have received a copy of the GNU General Public License +* along with this program. If not, see <http://www.gnu.org/licenses/>. +* +* +*****************************************************************************/ +const char *progname = "check_curl"; + +const char *copyright = "2006-2019"; +const char *email = "devel@monitoring-plugins.org"; + +#include <ctype.h> + +#include "common.h" +#include "utils.h" + +#ifndef LIBCURL_PROTOCOL_HTTP +#error libcurl compiled without HTTP support, compiling check_curl plugin does not makes a lot of sense +#endif + +#include "curl/curl.h" +#include "curl/easy.h" + +#include "picohttpparser.h" + +#include "uriparser/Uri.h" + +#include <arpa/inet.h> + +#if defined(HAVE_SSL) && defined(USE_OPENSSL) +#include <openssl/opensslv.h> +#endif + +#include <netdb.h> + +#define MAKE_LIBCURL_VERSION(major, minor, patch) ((major)*0x10000 + (minor)*0x100 + (patch)) + +#define DEFAULT_BUFFER_SIZE 2048 +#define DEFAULT_SERVER_URL "/" +#define HTTP_EXPECT "HTTP/" +#define DEFAULT_MAX_REDIRS 15 +#define INET_ADDR_MAX_SIZE INET6_ADDRSTRLEN +enum { + MAX_IPV4_HOSTLENGTH = 255, + HTTP_PORT = 80, + HTTPS_PORT = 443, + MAX_PORT = 65535 +}; + +enum { + STICKY_NONE = 0, + STICKY_HOST = 1, + STICKY_PORT = 2 +}; + +enum { + FOLLOW_HTTP_CURL = 0, + FOLLOW_LIBCURL = 1 +}; + +/* for buffers for header and body */ +typedef struct { + char *buf; + size_t buflen; + size_t bufsize; +} curlhelp_write_curlbuf; + +/* for buffering the data sent in PUT */ +typedef struct { + char *buf; + size_t buflen; + off_t pos; +} curlhelp_read_curlbuf; + +/* for parsing the HTTP status line */ +typedef struct { + int http_major; /* major version of the protocol, always 1 (HTTP/0.9 + * never reached the big internet most likely) */ + int http_minor; /* minor version of the protocol, usually 0 or 1 */ + int http_code; /* HTTP return code as in RFC 2145 */ + int http_subcode; /* Microsoft IIS extension, HTTP subcodes, see + * http://support.microsoft.com/kb/318380/en-us */ + const char *msg; /* the human readable message */ + char *first_line; /* a copy of the first line */ +} curlhelp_statusline; + +/* to know the underlying SSL library used by libcurl */ +typedef enum curlhelp_ssl_library { + CURLHELP_SSL_LIBRARY_UNKNOWN, + CURLHELP_SSL_LIBRARY_OPENSSL, + CURLHELP_SSL_LIBRARY_LIBRESSL, + CURLHELP_SSL_LIBRARY_GNUTLS, + CURLHELP_SSL_LIBRARY_NSS +} curlhelp_ssl_library; + +enum { + REGS = 2, + MAX_RE_SIZE = 1024 +}; +#include "regex.h" +regex_t preg; +regmatch_t pmatch[REGS]; +char regexp[MAX_RE_SIZE]; +int cflags = REG_NOSUB | REG_EXTENDED | REG_NEWLINE; +int errcode; +int invert_regex = 0; + +char *server_address = NULL; +char *host_name = NULL; +char *server_url = 0; +char server_ip[DEFAULT_BUFFER_SIZE]; +struct curl_slist *server_ips = NULL; +int specify_port = FALSE; +unsigned short server_port = HTTP_PORT; +unsigned short virtual_port = 0; +int host_name_length; +char output_header_search[30] = ""; +char output_string_search[30] = ""; +char *warning_thresholds = NULL; +char *critical_thresholds = NULL; +int days_till_exp_warn, days_till_exp_crit; +thresholds *thlds; +char user_agent[DEFAULT_BUFFER_SIZE]; +int verbose = 0; +int show_extended_perfdata = FALSE; +int show_body = FALSE; +int min_page_len = 0; +int max_page_len = 0; +int redir_depth = 0; +int max_depth = DEFAULT_MAX_REDIRS; +char *http_method = NULL; +char *http_post_data = NULL; +char *http_content_type = NULL; +CURL *curl; +struct curl_slist *header_list = NULL; +curlhelp_write_curlbuf body_buf; +curlhelp_write_curlbuf header_buf; +curlhelp_statusline status_line; +curlhelp_read_curlbuf put_buf; +char http_header[DEFAULT_BUFFER_SIZE]; +long code; +long socket_timeout = DEFAULT_SOCKET_TIMEOUT; +double total_time; +double time_connect; +double time_appconnect; +double time_headers; +double time_firstbyte; +char errbuf[CURL_ERROR_SIZE+1]; +CURLcode res; +char url[DEFAULT_BUFFER_SIZE]; +char msg[DEFAULT_BUFFER_SIZE]; +char perfstring[DEFAULT_BUFFER_SIZE]; +char header_expect[MAX_INPUT_BUFFER] = ""; +char string_expect[MAX_INPUT_BUFFER] = ""; +char server_expect[MAX_INPUT_BUFFER] = HTTP_EXPECT; +int server_expect_yn = 0; +char user_auth[MAX_INPUT_BUFFER] = ""; +char proxy_auth[MAX_INPUT_BUFFER] = ""; +char **http_opt_headers; +int http_opt_headers_count = 0; +int display_html = FALSE; +int onredirect = STATE_OK; +int followmethod = FOLLOW_HTTP_CURL; +int followsticky = STICKY_NONE; +int use_ssl = FALSE; +int use_sni = TRUE; +int check_cert = FALSE; +typedef union { + struct curl_slist* to_info; + struct curl_certinfo* to_certinfo; +} cert_ptr_union; +cert_ptr_union cert_ptr; +int ssl_version = CURL_SSLVERSION_DEFAULT; +char *client_cert = NULL; +char *client_privkey = NULL; +char *ca_cert = NULL; +int verify_peer_and_host = FALSE; +int is_openssl_callback = FALSE; +#if defined(HAVE_SSL) && defined(USE_OPENSSL) +X509 *cert = NULL; +#endif /* defined(HAVE_SSL) && defined(USE_OPENSSL) */ +int no_body = FALSE; +int maximum_age = -1; +int address_family = AF_UNSPEC; +curlhelp_ssl_library ssl_library = CURLHELP_SSL_LIBRARY_UNKNOWN; +int curl_http_version = CURL_HTTP_VERSION_NONE; +int automatic_decompression = FALSE; + +int process_arguments (int, char**); +void handle_curl_option_return_code (CURLcode res, const char* option); +int check_http (void); +void redir (curlhelp_write_curlbuf*); +char *perfd_time (double microsec); +char *perfd_time_connect (double microsec); +char *perfd_time_ssl (double microsec); +char *perfd_time_firstbyte (double microsec); +char *perfd_time_headers (double microsec); +char *perfd_time_transfer (double microsec); +char *perfd_size (int page_len); +void print_help (void); +void print_usage (void); +void print_curl_version (void); +int curlhelp_initwritebuffer (curlhelp_write_curlbuf*); +int curlhelp_buffer_write_callback (void*, size_t , size_t , void*); +void curlhelp_freewritebuffer (curlhelp_write_curlbuf*); +int curlhelp_initreadbuffer (curlhelp_read_curlbuf *, const char *, size_t); +int curlhelp_buffer_read_callback (void *, size_t , size_t , void *); +void curlhelp_freereadbuffer (curlhelp_read_curlbuf *); +curlhelp_ssl_library curlhelp_get_ssl_library (CURL*); +const char* curlhelp_get_ssl_library_string (curlhelp_ssl_library); +int net_noopenssl_check_certificate (cert_ptr_union*, int, int); + +int curlhelp_parse_statusline (const char*, curlhelp_statusline *); +void curlhelp_free_statusline (curlhelp_statusline *); +char *get_header_value (const struct phr_header* headers, const size_t nof_headers, const char* header); +int check_document_dates (const curlhelp_write_curlbuf *, char (*msg)[DEFAULT_BUFFER_SIZE]); +int get_content_length (const curlhelp_write_curlbuf* header_buf, const curlhelp_write_curlbuf* body_buf); + +#if defined(HAVE_SSL) && defined(USE_OPENSSL) +int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int days_till_exp_crit); +#endif /* defined(HAVE_SSL) && defined(USE_OPENSSL) */ + +void remove_newlines (char *); +void test_file (char *); + +int +main (int argc, char **argv) +{ + int result = STATE_UNKNOWN; + + setlocale (LC_ALL, ""); + bindtextdomain (PACKAGE, LOCALEDIR); + textdomain (PACKAGE); + + /* Parse extra opts if any */ + argv = np_extra_opts (&argc, argv, progname); + + /* set defaults */ + snprintf( user_agent, DEFAULT_BUFFER_SIZE, "%s/v%s (monitoring-plugins %s, %s)", + progname, NP_VERSION, VERSION, curl_version()); + + /* parse arguments */ + if (process_arguments (argc, argv) == ERROR) + usage4 (_("Could not parse arguments")); + + if (display_html == TRUE) + printf ("<A HREF=\"%s://%s:%d%s\" target=\"_blank\">", + use_ssl ? "https" : "http", + host_name ? host_name : server_address, + virtual_port ? virtual_port : server_port, + server_url); + + result = check_http (); + return result; +} + +#ifdef HAVE_SSL +#ifdef USE_OPENSSL + +int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) +{ + /* TODO: we get all certificates of the chain, so which ones + * should we test? + * TODO: is the last certificate always the server certificate? + */ + cert = X509_STORE_CTX_get_current_cert(x509_ctx); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + X509_up_ref(cert); +#endif + if (verbose>=2) { + puts("* SSL verify callback with certificate:"); + X509_NAME *subject, *issuer; + printf("* issuer:\n"); + issuer = X509_get_issuer_name( cert ); + X509_NAME_print_ex_fp(stdout, issuer, 5, XN_FLAG_MULTILINE); + printf("* curl verify_callback:\n* subject:\n"); + subject = X509_get_subject_name( cert ); + X509_NAME_print_ex_fp(stdout, subject, 5, XN_FLAG_MULTILINE); + puts(""); + } + return 1; +} + +CURLcode sslctxfun(CURL *curl, SSL_CTX *sslctx, void *parm) +{ + SSL_CTX_set_verify(sslctx, SSL_VERIFY_PEER, verify_callback); + + return CURLE_OK; +} + +#endif /* USE_OPENSSL */ +#endif /* HAVE_SSL */ + +/* returns a string "HTTP/1.x" or "HTTP/2" */ +static char *string_statuscode (int major, int minor) +{ + static char buf[10]; + + switch (major) { + case 1: + snprintf (buf, sizeof (buf), "HTTP/%d.%d", major, minor); + break; + case 2: + case 3: + snprintf (buf, sizeof (buf), "HTTP/%d", major); + break; + default: + /* assuming here HTTP/N with N>=4 */ + snprintf (buf, sizeof (buf), "HTTP/%d", major); + break; + } + + return buf; +} + +/* Checks if the server 'reply' is one of the expected 'statuscodes' */ +static int +expected_statuscode (const char *reply, const char *statuscodes) +{ + char *expected, *code; + int result = 0; + + if ((expected = strdup (statuscodes)) == NULL) + die (STATE_UNKNOWN, _("HTTP UNKNOWN - Memory allocation error\n")); + + for (code = strtok (expected, ","); code != NULL; code = strtok (NULL, ",")) + if (strstr (reply, code) != NULL) { + result = 1; + break; + } + + free (expected); + return result; +} + +void +handle_curl_option_return_code (CURLcode res, const char* option) +{ + if (res != CURLE_OK) { + snprintf (msg, DEFAULT_BUFFER_SIZE, _("Error while setting cURL option '%s': cURL returned %d - %s"), + option, res, curl_easy_strerror(res)); + die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); + } +} + +int +lookup_host (const char *host, char *buf, size_t buflen) +{ + struct addrinfo hints, *res, *result; + int errcode; + void *ptr; + + memset (&hints, 0, sizeof (hints)); + hints.ai_family = address_family; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags |= AI_CANONNAME; + + errcode = getaddrinfo (host, NULL, &hints, &result); + if (errcode != 0) + return errcode; + + res = result; + + while (res) { + inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen); + switch (res->ai_family) { + case AF_INET: + ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr; + break; + case AF_INET6: + ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr; + break; + } + inet_ntop (res->ai_family, ptr, buf, buflen); + if (verbose >= 1) + printf ("* getaddrinfo IPv%d address: %s\n", + res->ai_family == PF_INET6 ? 6 : 4, buf); + res = res->ai_next; + } + + freeaddrinfo(result); + + return 0; +} + +int +check_http (void) +{ + int result = STATE_OK; + int page_len = 0; + int i; + char *force_host_header = NULL; + struct curl_slist *host = NULL; + char addrstr[100]; + char dnscache[DEFAULT_BUFFER_SIZE]; + + /* initialize curl */ + if (curl_global_init (CURL_GLOBAL_DEFAULT) != CURLE_OK) + die (STATE_UNKNOWN, "HTTP UNKNOWN - curl_global_init failed\n"); + + if ((curl = curl_easy_init()) == NULL) + die (STATE_UNKNOWN, "HTTP UNKNOWN - curl_easy_init failed\n"); + + if (verbose >= 1) + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_VERBOSE, TRUE), "CURLOPT_VERBOSE"); + + /* print everything on stdout like check_http would do */ + handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_STDERR, stdout), "CURLOPT_STDERR"); + + if (automatic_decompression) +#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 21, 6) + handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_ACCEPT_ENCODING, ""), "CURLOPT_ACCEPT_ENCODING"); +#else + handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_ENCODING, ""), "CURLOPT_ENCODING"); +#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 21, 6) */ + + /* initialize buffer for body of the answer */ + if (curlhelp_initwritebuffer(&body_buf) < 0) + die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating buffer for body\n"); + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEFUNCTION, (curl_write_callback)curlhelp_buffer_write_callback), "CURLOPT_WRITEFUNCTION"); + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEDATA, (void *)&body_buf), "CURLOPT_WRITEDATA"); + + /* initialize buffer for header of the answer */ + if (curlhelp_initwritebuffer( &header_buf ) < 0) + die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating buffer for header\n" ); + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_HEADERFUNCTION, (curl_write_callback)curlhelp_buffer_write_callback), "CURLOPT_HEADERFUNCTION"); + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEHEADER, (void *)&header_buf), "CURLOPT_WRITEHEADER"); + + /* set the error buffer */ + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_ERRORBUFFER, errbuf), "CURLOPT_ERRORBUFFER"); + + /* set timeouts */ + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CONNECTTIMEOUT, socket_timeout), "CURLOPT_CONNECTTIMEOUT"); + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_TIMEOUT, socket_timeout), "CURLOPT_TIMEOUT"); + + // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy + if(use_ssl && host_name != NULL) { + if ( (res=lookup_host (server_address, addrstr, 100)) != 0) { + snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"), + server_address, res, gai_strerror (res)); + die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); + } + snprintf (dnscache, DEFAULT_BUFFER_SIZE, "%s:%d:%s", host_name, server_port, addrstr); + host = curl_slist_append(NULL, dnscache); + curl_easy_setopt(curl, CURLOPT_RESOLVE, host); + if (verbose>=1) + printf ("* curl CURLOPT_RESOLVE: %s\n", dnscache); + } + + /* compose URL: use the address we want to connect to, set Host: header later */ + snprintf (url, DEFAULT_BUFFER_SIZE, "%s://%s:%d%s", + use_ssl ? "https" : "http", + use_ssl & host_name != NULL ? host_name : server_address, + server_port, + server_url + ); + + if (verbose>=1) + printf ("* curl CURLOPT_URL: %s\n", url); + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_URL, url), "CURLOPT_URL"); + + /* extract proxy information for legacy proxy https requests */ + if (!strcmp(http_method, "CONNECT") || strstr(server_url, "http") == server_url) { + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_PROXY, server_address), "CURLOPT_PROXY"); + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_PROXYPORT, (long)server_port), "CURLOPT_PROXYPORT"); + if (verbose>=2) + printf ("* curl CURLOPT_PROXY: %s:%d\n", server_address, server_port); + http_method = "GET"; + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_URL, server_url), "CURLOPT_URL"); + } + + /* disable body for HEAD request */ + if (http_method && !strcmp (http_method, "HEAD" )) { + no_body = TRUE; + } + + /* set HTTP protocol version */ + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_HTTP_VERSION, curl_http_version), "CURLOPT_HTTP_VERSION"); + + /* set HTTP method */ + if (http_method) { + if (!strcmp(http_method, "POST")) + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_POST, 1), "CURLOPT_POST"); + else if (!strcmp(http_method, "PUT")) + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_UPLOAD, 1), "CURLOPT_UPLOAD"); + else + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CUSTOMREQUEST, http_method), "CURLOPT_CUSTOMREQUEST"); + } + + /* check if Host header is explicitly set in options */ + if (http_opt_headers_count) { + for (i = 0; i < http_opt_headers_count ; i++) { + if (strncmp(http_opt_headers[i], "Host:", 5) == 0) { + force_host_header = http_opt_headers[i]; + } + } + } + + /* set hostname (virtual hosts), not needed if CURLOPT_CONNECT_TO is used, but left in anyway */ + if(host_name != NULL && force_host_header == NULL) { + if((virtual_port != HTTP_PORT && !use_ssl) || (virtual_port != HTTPS_PORT && use_ssl)) { + snprintf(http_header, DEFAULT_BUFFER_SIZE, "Host: %s:%d", host_name, virtual_port); + } else { + snprintf(http_header, DEFAULT_BUFFER_SIZE, "Host: %s", host_name); + } + header_list = curl_slist_append (header_list, http_header); + } + + /* always close connection, be nice to servers */ + snprintf (http_header, DEFAULT_BUFFER_SIZE, "Connection: close"); + header_list = curl_slist_append (header_list, http_header); + + /* attach additional headers supplied by the user */ + /* optionally send any other header tag */ + if (http_opt_headers_count) { + for (i = 0; i < http_opt_headers_count ; i++) { + header_list = curl_slist_append (header_list, http_opt_headers[i]); + } + /* This cannot be free'd here because a redirection will then try to access this and segfault */ + /* Covered in a testcase in tests/check_http.t */ + /* free(http_opt_headers); */ + } + + /* set HTTP headers */ + handle_curl_option_return_code (curl_easy_setopt( curl, CURLOPT_HTTPHEADER, header_list ), "CURLOPT_HTTPHEADER"); + +#ifdef LIBCURL_FEATURE_SSL + + /* set SSL version, warn about unsecure or unsupported versions */ + if (use_ssl) { + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLVERSION, ssl_version), "CURLOPT_SSLVERSION"); + } + + /* client certificate and key to present to server (SSL) */ + if (client_cert) + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLCERT, client_cert), "CURLOPT_SSLCERT"); + if (client_privkey) + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLKEY, client_privkey), "CURLOPT_SSLKEY"); + if (ca_cert) { + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CAINFO, ca_cert), "CURLOPT_CAINFO"); + } + if (ca_cert || verify_peer_and_host) { + /* per default if we have a CA verify both the peer and the + * hostname in the certificate, can be switched off later */ + handle_curl_option_return_code (curl_easy_setopt( curl, CURLOPT_SSL_VERIFYPEER, 1), "CURLOPT_SSL_VERIFYPEER"); + handle_curl_option_return_code (curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 2), "CURLOPT_SSL_VERIFYHOST"); + } else { + /* backward-compatible behaviour, be tolerant in checks + * TODO: depending on more options have aspects we want + * to be less tolerant about ssl verfications + */ + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSL_VERIFYPEER, 0), "CURLOPT_SSL_VERIFYPEER"); + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSL_VERIFYHOST, 0), "CURLOPT_SSL_VERIFYHOST"); + } + + /* detect SSL library used by libcurl */ + ssl_library = curlhelp_get_ssl_library (curl); + + /* try hard to get a stack of certificates to verify against */ + if (check_cert) { +#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 1) + /* inform curl to report back certificates */ + switch (ssl_library) { + case CURLHELP_SSL_LIBRARY_OPENSSL: + case CURLHELP_SSL_LIBRARY_LIBRESSL: + /* set callback to extract certificate with OpenSSL context function (works with + * OpenSSL-style libraries only!) */ +#ifdef USE_OPENSSL + /* libcurl and monitoring plugins built with OpenSSL, good */ + handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun), "CURLOPT_SSL_CTX_FUNCTION"); + is_openssl_callback = TRUE; +#else /* USE_OPENSSL */ +#endif /* USE_OPENSSL */ + /* libcurl is built with OpenSSL, monitoring plugins, so falling + * back to manually extracting certificate information */ + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CERTINFO, 1L), "CURLOPT_CERTINFO"); + break; + + case CURLHELP_SSL_LIBRARY_NSS: +#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) + /* NSS: support for CERTINFO is implemented since 7.34.0 */ + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CERTINFO, 1L), "CURLOPT_CERTINFO"); +#else /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */ + die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates (libcurl linked with SSL library '%s' is too old)\n", curlhelp_get_ssl_library_string (ssl_library)); +#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */ + break; + + case CURLHELP_SSL_LIBRARY_GNUTLS: +#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 42, 0) + /* GnuTLS: support for CERTINFO is implemented since 7.42.0 */ + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CERTINFO, 1L), "CURLOPT_CERTINFO"); +#else /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 42, 0) */ + die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates (libcurl linked with SSL library '%s' is too old)\n", curlhelp_get_ssl_library_string (ssl_library)); +#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 42, 0) */ + break; + + case CURLHELP_SSL_LIBRARY_UNKNOWN: + default: + die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates (unknown SSL library '%s', must implement first)\n", curlhelp_get_ssl_library_string (ssl_library)); + break; + } +#else /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 1) */ + /* old libcurl, our only hope is OpenSSL, otherwise we are out of luck */ + if (ssl_library == CURLHELP_SSL_LIBRARY_OPENSSL || ssl_library == CURLHELP_SSL_LIBRARY_LIBRESSL) + handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun), "CURLOPT_SSL_CTX_FUNCTION"); + else + die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates (no CURLOPT_SSL_CTX_FUNCTION, no OpenSSL library or libcurl too old and has no CURLOPT_CERTINFO)\n"); +#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 1) */ + } + +#endif /* LIBCURL_FEATURE_SSL */ + + /* set default or user-given user agent identification */ + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_USERAGENT, user_agent), "CURLOPT_USERAGENT"); + + /* proxy-authentication */ + if (strcmp(proxy_auth, "")) + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_PROXYUSERPWD, proxy_auth), "CURLOPT_PROXYUSERPWD"); + + /* authentication */ + if (strcmp(user_auth, "")) + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_USERPWD, user_auth), "CURLOPT_USERPWD"); + + /* TODO: parameter auth method, bitfield of following methods: + * CURLAUTH_BASIC (default) + * CURLAUTH_DIGEST + * CURLAUTH_DIGEST_IE + * CURLAUTH_NEGOTIATE + * CURLAUTH_NTLM + * CURLAUTH_NTLM_WB + * + * convenience tokens for typical sets of methods: + * CURLAUTH_ANYSAFE: most secure, without BASIC + * or CURLAUTH_ANY: most secure, even BASIC if necessary + * + * handle_curl_option_return_code (curl_easy_setopt( curl, CURLOPT_HTTPAUTH, (long)CURLAUTH_DIGEST ), "CURLOPT_HTTPAUTH"); + */ + + /* handle redirections */ + if (onredirect == STATE_DEPENDENT) { + if( followmethod == FOLLOW_LIBCURL ) { + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_FOLLOWLOCATION, 1), "CURLOPT_FOLLOWLOCATION"); + + /* default -1 is infinite, not good, could lead to zombie plugins! + Setting it to one bigger than maximal limit to handle errors nicely below + */ + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_MAXREDIRS, max_depth+1), "CURLOPT_MAXREDIRS"); + + /* for now allow only http and https (we are a http(s) check plugin in the end) */ +#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4) + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS), "CURLOPT_REDIRECT_PROTOCOLS"); +#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4) */ + + /* TODO: handle the following aspects of redirection, make them + * command line options too later: + CURLOPT_POSTREDIR: method switch + CURLINFO_REDIRECT_URL: custom redirect option + CURLOPT_REDIRECT_PROTOCOLS: allow people to step outside safe protocols + CURLINFO_REDIRECT_COUNT: get the number of redirects, print it, maybe a range option here is nice like for expected page size? + */ + } else { + /* old style redirection is handled below */ + } + } + + /* no-body */ + if (no_body) + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_NOBODY, 1), "CURLOPT_NOBODY"); + + /* IPv4 or IPv6 forced DNS resolution */ + if (address_family == AF_UNSPEC) + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_WHATEVER), "CURLOPT_IPRESOLVE(CURL_IPRESOLVE_WHATEVER)"); + else if (address_family == AF_INET) + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4), "CURLOPT_IPRESOLVE(CURL_IPRESOLVE_V4)"); +#if defined (USE_IPV6) && defined (LIBCURL_FEATURE_IPV6) + else if (address_family == AF_INET6) + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V6), "CURLOPT_IPRESOLVE(CURL_IPRESOLVE_V6)"); +#endif + + /* either send http POST data (any data, not only POST)*/ + if (!strcmp(http_method, "POST") ||!strcmp(http_method, "PUT")) { + /* set content of payload for POST and PUT */ + if (http_content_type) { + snprintf (http_header, DEFAULT_BUFFER_SIZE, "Content-Type: %s", http_content_type); + header_list = curl_slist_append (header_list, http_header); + } + /* NULL indicates "HTTP Continue" in libcurl, provide an empty string + * in case of no POST/PUT data */ + if (!http_post_data) + http_post_data = ""; + if (!strcmp(http_method, "POST")) { + /* POST method, set payload with CURLOPT_POSTFIELDS */ + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_POSTFIELDS, http_post_data), "CURLOPT_POSTFIELDS"); + } else if (!strcmp(http_method, "PUT")) { + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_READFUNCTION, (curl_read_callback)curlhelp_buffer_read_callback), "CURLOPT_READFUNCTION"); + curlhelp_initreadbuffer (&put_buf, http_post_data, strlen (http_post_data)); + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_READDATA, (void *)&put_buf), "CURLOPT_READDATA"); + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_INFILESIZE, (curl_off_t)strlen (http_post_data)), "CURLOPT_INFILESIZE"); + } + } + + /* do the request */ + res = curl_easy_perform(curl); + + if (verbose>=2 && http_post_data) + printf ("**** REQUEST CONTENT ****\n%s\n", http_post_data); + + /* free header and server IP resolve lists, we don't need it anymore */ + curl_slist_free_all (header_list); header_list = NULL; + curl_slist_free_all (server_ips); server_ips = NULL; + + /* Curl errors, result in critical Nagios state */ + if (res != CURLE_OK) { + snprintf (msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host on port %d: cURL returned %d - %s"), + server_port, res, errbuf[0] ? errbuf : curl_easy_strerror(res)); + die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); + } + + /* certificate checks */ +#ifdef LIBCURL_FEATURE_SSL + if (use_ssl == TRUE) { + if (check_cert == TRUE) { + if (is_openssl_callback) { +#ifdef USE_OPENSSL + /* check certificate with OpenSSL functions, curl has been built against OpenSSL + * and we actually have OpenSSL in the monitoring tools + */ + result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); + return result; +#else /* USE_OPENSSL */ + die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n"); +#endif /* USE_OPENSSL */ + } else { + int i; + struct curl_slist *slist; + + cert_ptr.to_info = NULL; + res = curl_easy_getinfo (curl, CURLINFO_CERTINFO, &cert_ptr.to_info); + if (!res && cert_ptr.to_info) { +#ifdef USE_OPENSSL + /* We have no OpenSSL in libcurl, but we can use OpenSSL for X509 cert parsing + * We only check the first certificate and assume it's the one of the server + */ + const char* raw_cert = NULL; + for (i = 0; i < cert_ptr.to_certinfo->num_of_certs; i++) { + for (slist = cert_ptr.to_certinfo->certinfo[i]; slist; slist = slist->next) { + if (verbose >= 2) + printf ("%d ** %s\n", i, slist->data); + if (strncmp (slist->data, "Cert:", 5) == 0) { + raw_cert = &slist->data[5]; + goto GOT_FIRST_CERT; + } + } + } +GOT_FIRST_CERT: + if (!raw_cert) { + snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates from CERTINFO information - certificate data was empty")); + die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); + } + BIO* cert_BIO = BIO_new (BIO_s_mem()); + BIO_write (cert_BIO, raw_cert, strlen(raw_cert)); + cert = PEM_read_bio_X509 (cert_BIO, NULL, NULL, NULL); + if (!cert) { + snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot read certificate from CERTINFO information - BIO error")); + die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); + } + BIO_free (cert_BIO); + result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); + return result; +#else /* USE_OPENSSL */ + /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal, + * so we use the libcurl CURLINFO data + */ + result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit); + return result; +#endif /* USE_OPENSSL */ + } else { + snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates - cURL returned %d - %s"), + res, curl_easy_strerror(res)); + die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); + } + } + } + } +#endif /* LIBCURL_FEATURE_SSL */ + + /* we got the data and we executed the request in a given time, so we can append + * performance data to the answer always + */ + handle_curl_option_return_code (curl_easy_getinfo (curl, CURLINFO_TOTAL_TIME, &total_time), "CURLINFO_TOTAL_TIME"); + page_len = get_content_length(&header_buf, &body_buf); + if(show_extended_perfdata) { + handle_curl_option_return_code (curl_easy_getinfo(curl, CURLINFO_CONNECT_TIME, &time_connect), "CURLINFO_CONNECT_TIME"); + handle_curl_option_return_code (curl_easy_getinfo(curl, CURLINFO_APPCONNECT_TIME, &time_appconnect), "CURLINFO_APPCONNECT_TIME"); + handle_curl_option_return_code (curl_easy_getinfo(curl, CURLINFO_PRETRANSFER_TIME, &time_headers), "CURLINFO_PRETRANSFER_TIME"); + handle_curl_option_return_code (curl_easy_getinfo(curl, CURLINFO_STARTTRANSFER_TIME, &time_firstbyte), "CURLINFO_STARTTRANSFER_TIME"); + snprintf(perfstring, DEFAULT_BUFFER_SIZE, "%s %s %s %s %s %s %s", + perfd_time(total_time), + perfd_size(page_len), + perfd_time_connect(time_connect), + use_ssl == TRUE ? perfd_time_ssl (time_appconnect-time_connect) : "", + perfd_time_headers(time_headers - time_appconnect), + perfd_time_firstbyte(time_firstbyte - time_headers), + perfd_time_transfer(total_time-time_firstbyte) + ); + } else { + snprintf(perfstring, DEFAULT_BUFFER_SIZE, "%s %s", + perfd_time(total_time), + perfd_size(page_len) + ); + } + + /* return a CRITICAL status if we couldn't read any data */ + if (strlen(header_buf.buf) == 0 && strlen(body_buf.buf) == 0) + die (STATE_CRITICAL, _("HTTP CRITICAL - No header received from host\n")); + + /* get status line of answer, check sanity of HTTP code */ + if (curlhelp_parse_statusline (header_buf.buf, &status_line) < 0) { + snprintf (msg, DEFAULT_BUFFER_SIZE, "Unparsable status line in %.3g seconds response time|%s\n", + total_time, perfstring); + /* we cannot know the major/minor version here for sure as we cannot parse the first line */ + die (STATE_CRITICAL, "HTTP CRITICAL HTTP/x.x %ld unknown - %s", code, msg); + } + + /* get result code from cURL */ + handle_curl_option_return_code (curl_easy_getinfo (curl, CURLINFO_RESPONSE_CODE, &code), "CURLINFO_RESPONSE_CODE"); + if (verbose>=2) + printf ("* curl CURLINFO_RESPONSE_CODE is %ld\n", code); + + /* print status line, header, body if verbose */ + if (verbose >= 2) { + printf ("**** HEADER ****\n%s\n**** CONTENT ****\n%s\n", header_buf.buf, + (no_body ? " [[ skipped ]]" : body_buf.buf)); + } + + /* make sure the status line matches the response we are looking for */ + if (!expected_statuscode(status_line.first_line, server_expect)) { + if (server_port == HTTP_PORT) + snprintf(msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host: %s\n"), status_line.first_line); + else + snprintf(msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host on port %d: %s\n"), server_port, status_line.first_line); + die (STATE_CRITICAL, "HTTP CRITICAL - %s%s%s", msg, + show_body ? "\n" : "", + show_body ? body_buf.buf : ""); + } + + if( server_expect_yn ) { + snprintf(msg, DEFAULT_BUFFER_SIZE, _("Status line output matched \"%s\" - "), server_expect); + if (verbose) + printf ("%s\n",msg); + result = STATE_OK; + } + else { + /* illegal return codes result in a critical state */ + if (code >= 600 || code < 100) { + die (STATE_CRITICAL, _("HTTP CRITICAL: Invalid Status (%d, %.40s)\n"), status_line.http_code, status_line.msg); + /* server errors result in a critical state */ + } else if (code >= 500) { + result = STATE_CRITICAL; + /* client errors result in a warning state */ + } else if (code >= 400) { + result = STATE_WARNING; + /* check redirected page if specified */ + } else if (code >= 300) { + if (onredirect == STATE_DEPENDENT) { + if( followmethod == FOLLOW_LIBCURL ) { + code = status_line.http_code; + } else { + /* old check_http style redirection, if we come + * back here, we are in the same status as with + * the libcurl method + */ + redir (&header_buf); + } + } else { + /* this is a specific code in the command line to + * be returned when a redirection is encoutered + */ + } + result = max_state_alt (onredirect, result); + /* all other codes are considered ok */ + } else { + result = STATE_OK; + } + } + + /* libcurl redirection internally, handle error states here */ + if( followmethod == FOLLOW_LIBCURL ) { + handle_curl_option_return_code (curl_easy_getinfo (curl, CURLINFO_REDIRECT_COUNT, &redir_depth), "CURLINFO_REDIRECT_COUNT"); + if (verbose >= 2) + printf(_("* curl LIBINFO_REDIRECT_COUNT is %d\n"), redir_depth); + if (redir_depth > max_depth) { + snprintf (msg, DEFAULT_BUFFER_SIZE, "maximum redirection depth %d exceeded in libcurl", + max_depth); + die (STATE_WARNING, "HTTP WARNING - %s", msg); + } + } + + /* check status codes, set exit status accordingly */ + if( status_line.http_code != code ) { + die (STATE_CRITICAL, _("HTTP CRITICAL %s %d %s - different HTTP codes (cUrl has %ld)\n"), + string_statuscode (status_line.http_major, status_line.http_minor), + status_line.http_code, status_line.msg, code); + } + + if (maximum_age >= 0) { + result = max_state_alt(check_document_dates(&header_buf, &msg), result); + } + + /* Page and Header content checks go here */ + + if (strlen (header_expect)) { + if (!strstr (header_buf.buf, header_expect)) { + strncpy(&output_header_search[0],header_expect,sizeof(output_header_search)); + if(output_header_search[sizeof(output_header_search)-1]!='\0') { + bcopy("...",&output_header_search[sizeof(output_header_search)-4],4); + } + snprintf (msg, DEFAULT_BUFFER_SIZE, _("%sheader '%s' not found on '%s://%s:%d%s', "), msg, output_header_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url); + result = STATE_CRITICAL; + } + } + + if (strlen (string_expect)) { + if (!strstr (body_buf.buf, string_expect)) { + strncpy(&output_string_search[0],string_expect,sizeof(output_string_search)); + if(output_string_search[sizeof(output_string_search)-1]!='\0') { + bcopy("...",&output_string_search[sizeof(output_string_search)-4],4); + } + snprintf (msg, DEFAULT_BUFFER_SIZE, _("%sstring '%s' not found on '%s://%s:%d%s', "), msg, output_string_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url); + result = STATE_CRITICAL; + } + } + + if (strlen (regexp)) { + errcode = regexec (&preg, body_buf.buf, REGS, pmatch, 0); + if ((errcode == 0 && invert_regex == 0) || (errcode == REG_NOMATCH && invert_regex == 1)) { + /* OK - No-op to avoid changing the logic around it */ + result = max_state_alt(STATE_OK, result); + } + else if ((errcode == REG_NOMATCH && invert_regex == 0) || (errcode == 0 && invert_regex == 1)) { + if (invert_regex == 0) + snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spattern not found, "), msg); + else + snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spattern found, "), msg); + result = STATE_CRITICAL; + } + else { + regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER); + snprintf (msg, DEFAULT_BUFFER_SIZE, _("%sExecute Error: %s, "), msg, errbuf); + result = STATE_UNKNOWN; + } + } + + /* make sure the page is of an appropriate size */ + if ((max_page_len > 0) && (page_len > max_page_len)) { + snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spage size %d too large, "), msg, page_len); + result = max_state_alt(STATE_WARNING, result); + } else if ((min_page_len > 0) && (page_len < min_page_len)) { + snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spage size %d too small, "), msg, page_len); + result = max_state_alt(STATE_WARNING, result); + } + + /* -w, -c: check warning and critical level */ + result = max_state_alt(get_status(total_time, thlds), result); + + /* Cut-off trailing characters */ + if(msg[strlen(msg)-2] == ',') + msg[strlen(msg)-2] = '\0'; + else + msg[strlen(msg)-3] = '\0'; + + /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */ + die (result, "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n%s%s", + state_text(result), string_statuscode (status_line.http_major, status_line.http_minor), + status_line.http_code, status_line.msg, + strlen(msg) > 0 ? " - " : "", + msg, page_len, total_time, + (display_html ? "</A>" : ""), + perfstring, + (show_body ? body_buf.buf : ""), + (show_body ? "\n" : "") ); + + /* proper cleanup after die? */ + curlhelp_free_statusline(&status_line); + curl_easy_cleanup (curl); + curl_global_cleanup (); + curlhelp_freewritebuffer (&body_buf); + curlhelp_freewritebuffer (&header_buf); + if (!strcmp (http_method, "PUT")) { + curlhelp_freereadbuffer (&put_buf); + } + + return result; +} + +int +uri_strcmp (const UriTextRangeA range, const char* s) +{ + if (!range.first) return -1; + if (range.afterLast - range.first < strlen (s)) return -1; + return strncmp (s, range.first, min( range.afterLast - range.first, strlen (s))); +} + +char* +uri_string (const UriTextRangeA range, char* buf, size_t buflen) +{ + if (!range.first) return "(null)"; + strncpy (buf, range.first, max (buflen-1, range.afterLast - range.first)); + buf[max (buflen-1, range.afterLast - range.first)] = '\0'; + buf[range.afterLast - range.first] = '\0'; + return buf; +} + +void +redir (curlhelp_write_curlbuf* header_buf) +{ + char *location = NULL; + curlhelp_statusline status_line; + struct phr_header headers[255]; + size_t nof_headers = 255; + size_t msglen; + char buf[DEFAULT_BUFFER_SIZE]; + char ipstr[INET_ADDR_MAX_SIZE]; + int new_port; + char *new_host; + char *new_url; + + int res = phr_parse_response (header_buf->buf, header_buf->buflen, + &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, + headers, &nof_headers, 0); + + location = get_header_value (headers, nof_headers, "location"); + + if (verbose >= 2) + printf(_("* Seen redirect location %s\n"), location); + + if (++redir_depth > max_depth) + die (STATE_WARNING, + _("HTTP WARNING - maximum redirection depth %d exceeded - %s%s\n"), + max_depth, location, (display_html ? "</A>" : "")); + + UriParserStateA state; + UriUriA uri; + state.uri = &uri; + if (uriParseUriA (&state, location) != URI_SUCCESS) { + if (state.errorCode == URI_ERROR_SYNTAX) { + die (STATE_UNKNOWN, + _("HTTP UNKNOWN - Could not parse redirect location '%s'%s\n"), + location, (display_html ? "</A>" : "")); + } else if (state.errorCode == URI_ERROR_MALLOC) { + die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate URL\n")); + } + } + + if (verbose >= 2) { + printf (_("** scheme: %s\n"), + uri_string (uri.scheme, buf, DEFAULT_BUFFER_SIZE)); + printf (_("** host: %s\n"), + uri_string (uri.hostText, buf, DEFAULT_BUFFER_SIZE)); + printf (_("** port: %s\n"), + uri_string (uri.portText, buf, DEFAULT_BUFFER_SIZE)); + if (uri.hostData.ip4) { + inet_ntop (AF_INET, uri.hostData.ip4->data, ipstr, sizeof (ipstr)); + printf (_("** IPv4: %s\n"), ipstr); + } + if (uri.hostData.ip6) { + inet_ntop (AF_INET, uri.hostData.ip6->data, ipstr, sizeof (ipstr)); + printf (_("** IPv6: %s\n"), ipstr); + } + if (uri.pathHead) { + printf (_("** path: ")); + const UriPathSegmentA* p = uri.pathHead; + for (; p; p = p->next) { + printf ("/%s", uri_string (p->text, buf, DEFAULT_BUFFER_SIZE)); + } + puts (""); + } + if (uri.query.first) { + printf (_("** query: %s\n"), + uri_string (uri.query, buf, DEFAULT_BUFFER_SIZE)); + } + if (uri.fragment.first) { + printf (_("** fragment: %s\n"), + uri_string (uri.fragment, buf, DEFAULT_BUFFER_SIZE)); + } + } + + use_ssl = !uri_strcmp (uri.scheme, "https"); + + /* we do a sloppy test here only, because uriparser would have failed + * above, if the port would be invalid, we just check for MAX_PORT + */ + if (uri.portText.first) { + new_port = atoi (uri_string (uri.portText, buf, DEFAULT_BUFFER_SIZE)); + } else { + new_port = HTTP_PORT; + if (use_ssl) + new_port = HTTPS_PORT; + } + if (new_port > MAX_PORT) + die (STATE_UNKNOWN, + _("HTTP UNKNOWN - Redirection to port above %d - %s%s\n"), + MAX_PORT, location, display_html ? "</A>" : ""); + + /* by RFC 7231 relative URLs in Location should be taken relative to + * the original URL, so wy try to form a new absolute URL here + */ + if (!uri.scheme.first && !uri.hostText.first) { + new_host = strdup (host_name ? host_name : server_address); + } else { + new_host = strdup (uri_string (uri.hostText, buf, DEFAULT_BUFFER_SIZE)); + } + + /* compose new path */ + /* TODO: handle fragments and query part of URL */ + new_url = (char *)calloc( 1, DEFAULT_BUFFER_SIZE); + if (uri.pathHead) { + const UriPathSegmentA* p = uri.pathHead; + for (; p; p = p->next) { + strncat (new_url, "/", DEFAULT_BUFFER_SIZE); + strncat (new_url, uri_string (p->text, buf, DEFAULT_BUFFER_SIZE), DEFAULT_BUFFER_SIZE-1); + } + } + + if (server_port==new_port && + !strncmp(server_address, new_host, MAX_IPV4_HOSTLENGTH) && + (host_name && !strncmp(host_name, new_host, MAX_IPV4_HOSTLENGTH)) && + !strcmp(server_url, new_url)) + die (STATE_CRITICAL, + _("HTTP CRITICAL - redirection creates an infinite loop - %s://%s:%d%s%s\n"), + use_ssl ? "https" : "http", new_host, new_port, new_url, (display_html ? "</A>" : "")); + + /* set new values for redirected request */ + + if (!(followsticky & STICKY_HOST)) { + free (server_address); + server_address = strndup (new_host, MAX_IPV4_HOSTLENGTH); + } + if (!(followsticky & STICKY_PORT)) { + server_port = (unsigned short)new_port; + } + + free (host_name); + host_name = strndup (new_host, MAX_IPV4_HOSTLENGTH); + + /* reset virtual port */ + virtual_port = server_port; + + free(new_host); + free (server_url); + server_url = new_url; + + uriFreeUriMembersA (&uri); + + if (verbose) + printf (_("Redirection to %s://%s:%d%s\n"), use_ssl ? "https" : "http", + host_name ? host_name : server_address, server_port, server_url); + + /* TODO: the hash component MUST be taken from the original URL and + * attached to the URL in Location + */ + + check_http (); +} + +/* check whether a file exists */ +void +test_file (char *path) +{ + if (access(path, R_OK) == 0) + return; + usage2 (_("file does not exist or is not readable"), path); +} + +int +process_arguments (int argc, char **argv) +{ + char *p; + int c = 1; + char *temp; + + enum { + INVERT_REGEX = CHAR_MAX + 1, + SNI_OPTION, + CA_CERT_OPTION, + HTTP_VERSION_OPTION, + AUTOMATIC_DECOMPRESSION + }; + + int option = 0; + int got_plus = 0; + static struct option longopts[] = { + STD_LONG_OPTS, + {"link", no_argument, 0, 'L'}, + {"nohtml", no_argument, 0, 'n'}, + {"ssl", optional_argument, 0, 'S'}, + {"sni", no_argument, 0, SNI_OPTION}, + {"post", required_argument, 0, 'P'}, + {"method", required_argument, 0, 'j'}, + {"IP-address", required_argument, 0, 'I'}, + {"url", required_argument, 0, 'u'}, + {"port", required_argument, 0, 'p'}, + {"authorization", required_argument, 0, 'a'}, + {"proxy-authorization", required_argument, 0, 'b'}, + {"header-string", required_argument, 0, 'd'}, + {"string", required_argument, 0, 's'}, + {"expect", required_argument, 0, 'e'}, + {"regex", required_argument, 0, 'r'}, + {"ereg", required_argument, 0, 'r'}, + {"eregi", required_argument, 0, 'R'}, + {"linespan", no_argument, 0, 'l'}, + {"onredirect", required_argument, 0, 'f'}, + {"certificate", required_argument, 0, 'C'}, + {"client-cert", required_argument, 0, 'J'}, + {"private-key", required_argument, 0, 'K'}, + {"ca-cert", required_argument, 0, CA_CERT_OPTION}, + {"verify-cert", no_argument, 0, 'D'}, + {"useragent", required_argument, 0, 'A'}, + {"header", required_argument, 0, 'k'}, + {"no-body", no_argument, 0, 'N'}, + {"max-age", required_argument, 0, 'M'}, + {"content-type", required_argument, 0, 'T'}, + {"pagesize", required_argument, 0, 'm'}, + {"invert-regex", no_argument, NULL, INVERT_REGEX}, + {"use-ipv4", no_argument, 0, '4'}, + {"use-ipv6", no_argument, 0, '6'}, + {"extended-perfdata", no_argument, 0, 'E'}, + {"show-body", no_argument, 0, 'B'}, + {"http-version", required_argument, 0, HTTP_VERSION_OPTION}, + {"enable-automatic-decompression", no_argument, 0, AUTOMATIC_DECOMPRESSION}, + {0, 0, 0, 0} + }; + + if (argc < 2) + return ERROR; + + /* support check_http compatible arguments */ + for (c = 1; c < argc; c++) { + if (strcmp ("-to", argv[c]) == 0) + strcpy (argv[c], "-t"); + if (strcmp ("-hn", argv[c]) == 0) + strcpy (argv[c], "-H"); + if (strcmp ("-wt", argv[c]) == 0) + strcpy (argv[c], "-w"); + if (strcmp ("-ct", argv[c]) == 0) + strcpy (argv[c], "-c"); + if (strcmp ("-nohtml", argv[c]) == 0) + strcpy (argv[c], "-n"); + } + + server_url = strdup(DEFAULT_SERVER_URL); + + while (1) { + c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:DnlLS::m:M:NEB", longopts, &option); + if (c == -1 || c == EOF || c == 1) + break; + + switch (c) { + case 'h': + print_help(); + exit(STATE_UNKNOWN); + break; + case 'V': + print_revision(progname, NP_VERSION); + print_curl_version(); + exit(STATE_UNKNOWN); + break; + case 'v': + verbose++; + break; + case 't': /* timeout period */ + if (!is_intnonneg (optarg)) + usage2 (_("Timeout interval must be a positive integer"), optarg); + else + socket_timeout = (int)strtol (optarg, NULL, 10); + break; + case 'c': /* critical time threshold */ + critical_thresholds = optarg; + break; + case 'w': /* warning time threshold */ + warning_thresholds = optarg; + break; + case 'H': /* virtual host */ + host_name = strdup (optarg); + if (host_name[0] == '[') { + if ((p = strstr (host_name, "]:")) != NULL) { /* [IPv6]:port */ + virtual_port = atoi (p + 2); + /* cut off the port */ + host_name_length = strlen (host_name) - strlen (p) - 1; + free (host_name); + host_name = strndup (optarg, host_name_length); + } + } else if ((p = strchr (host_name, ':')) != NULL + && strchr (++p, ':') == NULL) { /* IPv4:port or host:port */ + virtual_port = atoi (p); + /* cut off the port */ + host_name_length = strlen (host_name) - strlen (p) - 1; + free (host_name); + host_name = strndup (optarg, host_name_length); + } + break; + case 'I': /* internet address */ + server_address = strdup (optarg); + break; + case 'u': /* URL path */ + server_url = strdup (optarg); + break; + case 'p': /* Server port */ + if (!is_intnonneg (optarg)) + usage2 (_("Invalid port number, expecting a non-negative number"), optarg); + else { + if( strtol(optarg, NULL, 10) > MAX_PORT) + usage2 (_("Invalid port number, supplied port number is too big"), optarg); + server_port = (unsigned short)strtol(optarg, NULL, 10); + specify_port = TRUE; + } + break; + case 'a': /* authorization info */ + strncpy (user_auth, optarg, MAX_INPUT_BUFFER - 1); + user_auth[MAX_INPUT_BUFFER - 1] = 0; + break; + case 'b': /* proxy-authorization info */ + strncpy (proxy_auth, optarg, MAX_INPUT_BUFFER - 1); + proxy_auth[MAX_INPUT_BUFFER - 1] = 0; + break; + case 'P': /* HTTP POST data in URL encoded format; ignored if settings already */ + if (! http_post_data) + http_post_data = strdup (optarg); + if (! http_method) + http_method = strdup("POST"); + break; + case 'j': /* Set HTTP method */ + if (http_method) + free(http_method); + http_method = strdup (optarg); + break; + case 'A': /* useragent */ + strncpy (user_agent, optarg, DEFAULT_BUFFER_SIZE); + user_agent[DEFAULT_BUFFER_SIZE-1] = '\0'; + break; + case 'k': /* Additional headers */ + if (http_opt_headers_count == 0) + http_opt_headers = malloc (sizeof (char *) * (++http_opt_headers_count)); + else + http_opt_headers = realloc (http_opt_headers, sizeof (char *) * (++http_opt_headers_count)); + http_opt_headers[http_opt_headers_count - 1] = optarg; + break; + case 'L': /* show html link */ + display_html = TRUE; + break; + case 'n': /* do not show html link */ + display_html = FALSE; + break; + case 'C': /* Check SSL cert validity */ +#ifdef LIBCURL_FEATURE_SSL + if ((temp=strchr(optarg,','))!=NULL) { + *temp='\0'; + if (!is_intnonneg (optarg)) + usage2 (_("Invalid certificate expiration period"), optarg); + days_till_exp_warn = atoi(optarg); + *temp=','; + temp++; + if (!is_intnonneg (temp)) + usage2 (_("Invalid certificate expiration period"), temp); + days_till_exp_crit = atoi (temp); + } + else { + days_till_exp_crit=0; + if (!is_intnonneg (optarg)) + usage2 (_("Invalid certificate expiration period"), optarg); + days_till_exp_warn = atoi (optarg); + } + check_cert = TRUE; + goto enable_ssl; +#endif + case 'J': /* use client certificate */ +#ifdef LIBCURL_FEATURE_SSL + test_file(optarg); + client_cert = optarg; + goto enable_ssl; +#endif + case 'K': /* use client private key */ +#ifdef LIBCURL_FEATURE_SSL + test_file(optarg); + client_privkey = optarg; + goto enable_ssl; +#endif +#ifdef LIBCURL_FEATURE_SSL + case CA_CERT_OPTION: /* use CA chain file */ + test_file(optarg); + ca_cert = optarg; + goto enable_ssl; +#endif +#ifdef LIBCURL_FEATURE_SSL + case 'D': /* verify peer certificate & host */ + verify_peer_and_host = TRUE; + break; +#endif + case 'S': /* use SSL */ +#ifdef LIBCURL_FEATURE_SSL + enable_ssl: + use_ssl = TRUE; + /* ssl_version initialized to CURL_SSLVERSION_DEFAULT as a default. + * Only set if it's non-zero. This helps when we include multiple + * parameters, like -S and -C combinations */ + ssl_version = CURL_SSLVERSION_DEFAULT; + if (c=='S' && optarg != NULL) { + char *plus_ptr = strchr(optarg, '+'); + if (plus_ptr) { + got_plus = 1; + *plus_ptr = '\0'; + } + + if (optarg[0] == '2') + ssl_version = CURL_SSLVERSION_SSLv2; + else if (optarg[0] == '3') + ssl_version = CURL_SSLVERSION_SSLv3; + else if (!strcmp (optarg, "1") || !strcmp (optarg, "1.0")) +#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) + ssl_version = CURL_SSLVERSION_TLSv1_0; +#else + ssl_version = CURL_SSLVERSION_DEFAULT; +#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */ + else if (!strcmp (optarg, "1.1")) +#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) + ssl_version = CURL_SSLVERSION_TLSv1_1; +#else + ssl_version = CURL_SSLVERSION_DEFAULT; +#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */ + else if (!strcmp (optarg, "1.2")) +#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) + ssl_version = CURL_SSLVERSION_TLSv1_2; +#else + ssl_version = CURL_SSLVERSION_DEFAULT; +#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */ + else if (!strcmp (optarg, "1.3")) +#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0) + ssl_version = CURL_SSLVERSION_TLSv1_3; +#else + ssl_version = CURL_SSLVERSION_DEFAULT; +#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0) */ + else + usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2, 1.3 (with optional '+' suffix)")); + } +#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) + if (got_plus) { + switch (ssl_version) { + case CURL_SSLVERSION_TLSv1_3: + ssl_version |= CURL_SSLVERSION_MAX_TLSv1_3; + break; + case CURL_SSLVERSION_TLSv1_2: + case CURL_SSLVERSION_TLSv1_1: + case CURL_SSLVERSION_TLSv1_0: + ssl_version |= CURL_SSLVERSION_MAX_DEFAULT; + break; + } + } else { + switch (ssl_version) { + case CURL_SSLVERSION_TLSv1_3: + ssl_version |= CURL_SSLVERSION_MAX_TLSv1_3; + break; + case CURL_SSLVERSION_TLSv1_2: + ssl_version |= CURL_SSLVERSION_MAX_TLSv1_2; + break; + case CURL_SSLVERSION_TLSv1_1: + ssl_version |= CURL_SSLVERSION_MAX_TLSv1_1; + break; + case CURL_SSLVERSION_TLSv1_0: + ssl_version |= CURL_SSLVERSION_MAX_TLSv1_0; + break; + } + } +#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) */ + if (verbose >= 2) + printf(_("* Set SSL/TLS version to %d\n"), ssl_version); + if (specify_port == FALSE) + server_port = HTTPS_PORT; + break; +#else /* LIBCURL_FEATURE_SSL */ + /* -C -J and -K fall through to here without SSL */ + usage4 (_("Invalid option - SSL is not available")); + break; + case SNI_OPTION: /* --sni is parsed, but ignored, the default is TRUE with libcurl */ + use_sni = TRUE; + break; +#endif /* LIBCURL_FEATURE_SSL */ + case 'f': /* onredirect */ + if (!strcmp (optarg, "ok")) + onredirect = STATE_OK; + else if (!strcmp (optarg, "warning")) + onredirect = STATE_WARNING; + else if (!strcmp (optarg, "critical")) + onredirect = STATE_CRITICAL; + else if (!strcmp (optarg, "unknown")) + onredirect = STATE_UNKNOWN; + else if (!strcmp (optarg, "follow")) + onredirect = STATE_DEPENDENT; + else if (!strcmp (optarg, "stickyport")) + onredirect = STATE_DEPENDENT, followmethod = FOLLOW_HTTP_CURL, followsticky = STICKY_HOST|STICKY_PORT; + else if (!strcmp (optarg, "sticky")) + onredirect = STATE_DEPENDENT, followmethod = FOLLOW_HTTP_CURL, followsticky = STICKY_HOST; + else if (!strcmp (optarg, "follow")) + onredirect = STATE_DEPENDENT, followmethod = FOLLOW_HTTP_CURL, followsticky = STICKY_NONE; + else if (!strcmp (optarg, "curl")) + onredirect = STATE_DEPENDENT, followmethod = FOLLOW_LIBCURL; + else usage2 (_("Invalid onredirect option"), optarg); + if (verbose >= 2) + printf(_("* Following redirects set to %s\n"), state_text(onredirect)); + break; + case 'd': /* string or substring */ + strncpy (header_expect, optarg, MAX_INPUT_BUFFER - 1); + header_expect[MAX_INPUT_BUFFER - 1] = 0; + break; + case 's': /* string or substring */ + strncpy (string_expect, optarg, MAX_INPUT_BUFFER - 1); + string_expect[MAX_INPUT_BUFFER - 1] = 0; + break; + case 'e': /* string or substring */ + strncpy (server_expect, optarg, MAX_INPUT_BUFFER - 1); + server_expect[MAX_INPUT_BUFFER - 1] = 0; + server_expect_yn = 1; + break; + case 'T': /* Content-type */ + http_content_type = strdup (optarg); + break; + case 'l': /* linespan */ + cflags &= ~REG_NEWLINE; + break; + case 'R': /* regex */ + cflags |= REG_ICASE; + case 'r': /* regex */ + strncpy (regexp, optarg, MAX_RE_SIZE - 1); + regexp[MAX_RE_SIZE - 1] = 0; + errcode = regcomp (&preg, regexp, cflags); + if (errcode != 0) { + (void) regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER); + printf (_("Could Not Compile Regular Expression: %s"), errbuf); + return ERROR; + } + break; + case INVERT_REGEX: + invert_regex = 1; + break; + case '4': + address_family = AF_INET; + break; + case '6': +#if defined (USE_IPV6) && defined (LIBCURL_FEATURE_IPV6) + address_family = AF_INET6; +#else + usage4 (_("IPv6 support not available")); +#endif + break; + case 'm': /* min_page_length */ + { + char *tmp; + if (strchr(optarg, ':') != (char *)NULL) { + /* range, so get two values, min:max */ + tmp = strtok(optarg, ":"); + if (tmp == NULL) { + printf("Bad format: try \"-m min:max\"\n"); + exit (STATE_WARNING); + } else + min_page_len = atoi(tmp); + + tmp = strtok(NULL, ":"); + if (tmp == NULL) { + printf("Bad format: try \"-m min:max\"\n"); + exit (STATE_WARNING); + } else + max_page_len = atoi(tmp); + } else + min_page_len = atoi (optarg); + break; + } + case 'N': /* no-body */ + no_body = TRUE; + break; + case 'M': /* max-age */ + { + int L = strlen(optarg); + if (L && optarg[L-1] == 'm') + maximum_age = atoi (optarg) * 60; + else if (L && optarg[L-1] == 'h') + maximum_age = atoi (optarg) * 60 * 60; + else if (L && optarg[L-1] == 'd') + maximum_age = atoi (optarg) * 60 * 60 * 24; + else if (L && (optarg[L-1] == 's' || + isdigit (optarg[L-1]))) + maximum_age = atoi (optarg); + else { + fprintf (stderr, "unparsable max-age: %s\n", optarg); + exit (STATE_WARNING); + } + if (verbose >= 2) + printf ("* Maximal age of document set to %d seconds\n", maximum_age); + } + break; + case 'E': /* show extended perfdata */ + show_extended_perfdata = TRUE; + break; + case 'B': /* print body content after status line */ + show_body = TRUE; + break; + case HTTP_VERSION_OPTION: + curl_http_version = CURL_HTTP_VERSION_NONE; + if (strcmp (optarg, "1.0") == 0) { + curl_http_version = CURL_HTTP_VERSION_1_0; + } else if (strcmp (optarg, "1.1") == 0) { + curl_http_version = CURL_HTTP_VERSION_1_1; + } else if ((strcmp (optarg, "2.0") == 0) || (strcmp (optarg, "2") == 0)) { +#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 33, 0) + curl_http_version = CURL_HTTP_VERSION_2_0; +#else + curl_http_version = CURL_HTTP_VERSION_NONE; +#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 33, 0) */ + } else { + fprintf (stderr, "unkown http-version parameter: %s\n", optarg); + exit (STATE_WARNING); + } + break; + case AUTOMATIC_DECOMPRESSION: + automatic_decompression = TRUE; + break; + case '?': + /* print short usage statement if args not parsable */ + usage5 (); + break; + } + } + + c = optind; + + if (server_address == NULL && c < argc) + server_address = strdup (argv[c++]); + + if (host_name == NULL && c < argc) + host_name = strdup (argv[c++]); + + if (server_address == NULL) { + if (host_name == NULL) + usage4 (_("You must specify a server address or host name")); + else + server_address = strdup (host_name); + } + + set_thresholds(&thlds, warning_thresholds, critical_thresholds); + + if (critical_thresholds && thlds->critical->end>(double)socket_timeout) + socket_timeout = (int)thlds->critical->end + 1; + if (verbose >= 2) + printf ("* Socket timeout set to %ld seconds\n", socket_timeout); + + if (http_method == NULL) + http_method = strdup ("GET"); + + if (client_cert && !client_privkey) + usage4 (_("If you use a client certificate you must also specify a private key file")); + + if (virtual_port == 0) + virtual_port = server_port; + else { + if ((use_ssl && server_port == HTTPS_PORT) || (!use_ssl && server_port == HTTP_PORT)) + if(specify_port == FALSE) + server_port = virtual_port; + } + + return TRUE; +} + +char *perfd_time (double elapsed_time) +{ + return fperfdata ("time", elapsed_time, "s", + thlds->warning?TRUE:FALSE, thlds->warning?thlds->warning->end:0, + thlds->critical?TRUE:FALSE, thlds->critical?thlds->critical->end:0, + TRUE, 0, TRUE, socket_timeout); +} + +char *perfd_time_connect (double elapsed_time_connect) +{ + return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout); +} + +char *perfd_time_ssl (double elapsed_time_ssl) +{ + return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout); +} + +char *perfd_time_headers (double elapsed_time_headers) +{ + return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout); +} + +char *perfd_time_firstbyte (double elapsed_time_firstbyte) +{ + return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout); +} + +char *perfd_time_transfer (double elapsed_time_transfer) +{ + return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout); +} + +char *perfd_size (int page_len) +{ + return perfdata ("size", page_len, "B", + (min_page_len>0?TRUE:FALSE), min_page_len, + (min_page_len>0?TRUE:FALSE), 0, + TRUE, 0, FALSE, 0); +} + +void +print_help (void) +{ + print_revision (progname, NP_VERSION); + + printf ("Copyright (c) 1999 Ethan Galstad <nagios@nagios.org>\n"); + printf (COPYRIGHT, copyright, email); + + printf ("%s\n", _("This plugin tests the HTTP service on the specified host. It can test")); + printf ("%s\n", _("normal (http) and secure (https) servers, follow redirects, search for")); + printf ("%s\n", _("strings and regular expressions, check connection times, and report on")); + printf ("%s\n", _("certificate expiration times.")); + printf ("\n"); + printf ("%s\n", _("It makes use of libcurl to do so. It tries to be as compatible to check_http")); + printf ("%s\n", _("as possible.")); + + printf ("\n\n"); + + print_usage (); + + printf (_("NOTE: One or both of -H and -I must be specified")); + + printf ("\n"); + + printf (UT_HELP_VRSN); + printf (UT_EXTRA_OPTS); + + printf (" %s\n", "-H, --hostname=ADDRESS"); + printf (" %s\n", _("Host name argument for servers using host headers (virtual host)")); + printf (" %s\n", _("Append a port to include it in the header (eg: example.com:5000)")); + printf (" %s\n", "-I, --IP-address=ADDRESS"); + printf (" %s\n", _("IP address or name (use numeric address if possible to bypass DNS lookup).")); + printf (" %s\n", "-p, --port=INTEGER"); + printf (" %s", _("Port number (default: ")); + printf ("%d)\n", HTTP_PORT); + + printf (UT_IPv46); + +#ifdef LIBCURL_FEATURE_SSL + printf (" %s\n", "-S, --ssl=VERSION[+]"); + printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents")); + printf (" %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,")); + printf (" %s\n", _("1.2 = TLSv1.2, 1.3 = TLSv1.3). With a '+' suffix, newer versions are also accepted.")); + printf (" %s\n", _("Note: SSLv2 and SSLv3 are deprecated and are usually disabled in libcurl")); + printf (" %s\n", "--sni"); + printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); +#if LIBCURL_VERSION_NUM >= 0x071801 + printf (" %s\n", _("Note: --sni is the default in libcurl as SSLv2 and SSLV3 are deprecated and")); + printf (" %s\n", _(" SNI only really works since TLSv1.0")); +#else + printf (" %s\n", _("Note: SNI is not supported in libcurl before 7.18.1")); +#endif + printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); + printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); + printf (" %s\n", _("(when this option is used the URL is not checked.)")); + printf (" %s\n", "-J, --client-cert=FILE"); + printf (" %s\n", _("Name of file that contains the client certificate (PEM format)")); + printf (" %s\n", _("to be used in establishing the SSL session")); + printf (" %s\n", "-K, --private-key=FILE"); + printf (" %s\n", _("Name of file containing the private key (PEM format)")); + printf (" %s\n", _("matching the client certificate")); + printf (" %s\n", "--ca-cert=FILE"); + printf (" %s\n", _("CA certificate file to verify peer against")); + printf (" %s\n", "-D, --verify-cert"); + printf (" %s\n", _("Verify the peer's SSL certificate and hostname")); +#endif + + printf (" %s\n", "-e, --expect=STRING"); + printf (" %s\n", _("Comma-delimited list of strings, at least one of them is expected in")); + printf (" %s", _("the first (status) line of the server response (default: ")); + printf ("%s)\n", HTTP_EXPECT); + printf (" %s\n", _("If specified skips all other status line logic (ex: 3xx, 4xx, 5xx processing)")); + printf (" %s\n", "-d, --header-string=STRING"); + printf (" %s\n", _("String to expect in the response headers")); + printf (" %s\n", "-s, --string=STRING"); + printf (" %s\n", _("String to expect in the content")); + printf (" %s\n", "-u, --url=PATH"); + printf (" %s\n", _("URL to GET or POST (default: /)")); + printf (" %s\n", "-P, --post=STRING"); + printf (" %s\n", _("URL encoded http POST data")); + printf (" %s\n", "-j, --method=STRING (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT)"); + printf (" %s\n", _("Set HTTP method.")); + printf (" %s\n", "-N, --no-body"); + printf (" %s\n", _("Don't wait for document body: stop reading after headers.")); + printf (" %s\n", _("(Note that this still does an HTTP GET or POST, not a HEAD.)")); + printf (" %s\n", "-M, --max-age=SECONDS"); + printf (" %s\n", _("Warn if document is more than SECONDS old. the number can also be of")); + printf (" %s\n", _("the form \"10m\" for minutes, \"10h\" for hours, or \"10d\" for days.")); + printf (" %s\n", "-T, --content-type=STRING"); + printf (" %s\n", _("specify Content-Type header media type when POSTing\n")); + printf (" %s\n", "-l, --linespan"); + printf (" %s\n", _("Allow regex to span newlines (must precede -r or -R)")); + printf (" %s\n", "-r, --regex, --ereg=STRING"); + printf (" %s\n", _("Search page for regex STRING")); + printf (" %s\n", "-R, --eregi=STRING"); + printf (" %s\n", _("Search page for case-insensitive regex STRING")); + printf (" %s\n", "--invert-regex"); + printf (" %s\n", _("Return CRITICAL if found, OK if not\n")); + printf (" %s\n", "-a, --authorization=AUTH_PAIR"); + printf (" %s\n", _("Username:password on sites with basic authentication")); + printf (" %s\n", "-b, --proxy-authorization=AUTH_PAIR"); + printf (" %s\n", _("Username:password on proxy-servers with basic authentication")); + printf (" %s\n", "-A, --useragent=STRING"); + printf (" %s\n", _("String to be sent in http header as \"User Agent\"")); + printf (" %s\n", "-k, --header=STRING"); + printf (" %s\n", _("Any other tags to be sent in http header. Use multiple times for additional headers")); + printf (" %s\n", "-E, --extended-perfdata"); + printf (" %s\n", _("Print additional performance data")); + printf (" %s\n", "-B, --show-body"); + printf (" %s\n", _("Print body content below status line")); + printf (" %s\n", "-L, --link"); + printf (" %s\n", _("Wrap output in HTML link (obsoleted by urlize)")); + printf (" %s\n", "-f, --onredirect=<ok|warning|critical|follow|sticky|stickyport|curl>"); + printf (" %s\n", _("How to handle redirected pages. sticky is like follow but stick to the")); + printf (" %s\n", _("specified IP address. stickyport also ensures port stays the same.")); + printf (" %s\n", _("follow uses the old redirection algorithm of check_http.")); + printf (" %s\n", _("curl uses CURL_FOLLOWLOCATION built into libcurl.")); + printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>"); + printf (" %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)")); + printf ("\n"); + printf (" %s\n", "--http-version=VERSION"); + printf (" %s\n", _("Connect via specific HTTP protocol.")); + printf (" %s\n", _("1.0 = HTTP/1.0, 1.1 = HTTP/1.1, 2.0 = HTTP/2 (HTTP/2 will fail without -S)")); + printf (" %s\n", "--enable-automatic-decompression"); + printf (" %s\n", _("Enable automatic decompression of body (CURLOPT_ACCEPT_ENCODING).")); + printf ("\n"); + + printf (UT_WARN_CRIT); + + printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); + + printf (UT_VERBOSE); + + printf ("\n"); + printf ("%s\n", _("Notes:")); + printf (" %s\n", _("This plugin will attempt to open an HTTP connection with the host.")); + printf (" %s\n", _("Successful connects return STATE_OK, refusals and timeouts return STATE_CRITICAL")); + printf (" %s\n", _("other errors return STATE_UNKNOWN. Successful connects, but incorrect response")); + printf (" %s\n", _("messages from the host result in STATE_WARNING return values. If you are")); + printf (" %s\n", _("checking a virtual server that uses 'host headers' you must supply the FQDN")); + printf (" %s\n", _("(fully qualified domain name) as the [host_name] argument.")); + +#ifdef LIBCURL_FEATURE_SSL + printf ("\n"); + printf (" %s\n", _("This plugin can also check whether an SSL enabled web server is able to")); + printf (" %s\n", _("serve content (optionally within a specified time) or whether the X509 ")); + printf (" %s\n", _("certificate is still valid for the specified number of days.")); + printf ("\n"); + printf (" %s\n", _("Please note that this plugin does not check if the presented server")); + printf (" %s\n", _("certificate matches the hostname of the server, or if the certificate")); + printf (" %s\n", _("has a valid chain of trust to one of the locally installed CAs.")); + printf ("\n"); + printf ("%s\n", _("Examples:")); + printf (" %s\n\n", "CHECK CONTENT: check_curl -w 5 -c 10 --ssl -H www.verisign.com"); + printf (" %s\n", _("When the 'www.verisign.com' server returns its content within 5 seconds,")); + printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds")); + printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,")); + printf (" %s\n", _("a STATE_CRITICAL will be returned.")); + printf ("\n"); + printf (" %s\n\n", "CHECK CERTIFICATE: check_curl -H www.verisign.com -C 14"); + printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 14 days,")); + printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); + printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when")); + printf (" %s\n\n", _("the certificate is expired.")); + printf ("\n"); + printf (" %s\n\n", "CHECK CERTIFICATE: check_curl -H www.verisign.com -C 30,14"); + printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,")); + printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); + printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned.")); + printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days")); +#endif + + printf ("\n %s\n", "CHECK WEBSERVER CONTENT VIA PROXY:"); + printf (" %s\n", _("It is recommended to use an environment proxy like:")); + printf (" %s\n", _("http_proxy=http://192.168.100.35:3128 ./check_curl -H www.monitoring-plugins.org")); + printf (" %s\n", _("legacy proxy requests in check_http style still work:")); + printf (" %s\n", _("check_curl -I 192.168.100.35 -p 3128 -u http://www.monitoring-plugins.org/ -H www.monitoring-plugins.org")); + +#ifdef LIBCURL_FEATURE_SSL + printf ("\n %s\n", "CHECK SSL WEBSERVER CONTENT VIA PROXY USING HTTP 1.1 CONNECT: "); + printf (" %s\n", _("It is recommended to use an environment proxy like:")); + printf (" %s\n", _("https_proxy=http://192.168.100.35:3128 ./check_curl -H www.verisign.com -S")); + printf (" %s\n", _("legacy proxy requests in check_http style still work:")); + printf (" %s\n", _("check_curl -I 192.168.100.35 -p 3128 -u https://www.verisign.com/ -S -j CONNECT -H www.verisign.com ")); + printf (" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>")); + printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds")); + printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,")); + printf (" %s\n", _("a STATE_CRITICAL will be returned.")); + +#endif + + printf (UT_SUPPORT); + +} + + + +void +print_usage (void) +{ + printf ("%s\n", _("Usage:")); + printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname); + printf (" [-J <client certificate file>] [-K <private key>] [--ca-cert <CA certificate file>] [-D]\n"); + printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n"); + printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport|curl>]\n"); + printf (" [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); + printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n"); + printf (" [-A string] [-k string] [-S <version>] [--sni]\n"); + printf (" [-T <content-type>] [-j method]\n"); + printf (" [--http-version=<version>]\n"); + printf (" %s -H <vhost> | -I <IP-address> -C <warn_age>[,<crit_age>]\n",progname); + printf (" [-p <port>] [-t <timeout>] [-4|-6] [--sni]\n"); + printf ("\n"); +#ifdef LIBCURL_FEATURE_SSL + printf ("%s\n", _("In the first form, make an HTTP request.")); + printf ("%s\n\n", _("In the second form, connect to the server and check the TLS certificate.")); +#endif + printf ("%s\n", _("WARNING: check_curl is experimental. Please use")); + printf ("%s\n\n", _("check_http if you need a stable version.")); +} + +void +print_curl_version (void) +{ + printf( "%s\n", curl_version()); +} + +int +curlhelp_initwritebuffer (curlhelp_write_curlbuf *buf) +{ + buf->bufsize = DEFAULT_BUFFER_SIZE; + buf->buflen = 0; + buf->buf = (char *)malloc ((size_t)buf->bufsize); + if (buf->buf == NULL) return -1; + return 0; +} + +int +curlhelp_buffer_write_callback (void *buffer, size_t size, size_t nmemb, void *stream) +{ + curlhelp_write_curlbuf *buf = (curlhelp_write_curlbuf *)stream; + + while (buf->bufsize < buf->buflen + size * nmemb + 1) { + buf->bufsize *= buf->bufsize * 2; + buf->buf = (char *)realloc (buf->buf, buf->bufsize); + if (buf->buf == NULL) return -1; + } + + memcpy (buf->buf + buf->buflen, buffer, size * nmemb); + buf->buflen += size * nmemb; + buf->buf[buf->buflen] = '\0'; + + return (int)(size * nmemb); +} + +int +curlhelp_buffer_read_callback (void *buffer, size_t size, size_t nmemb, void *stream) +{ + curlhelp_read_curlbuf *buf = (curlhelp_read_curlbuf *)stream; + + size_t n = min (nmemb * size, buf->buflen - buf->pos); + + memcpy (buffer, buf->buf + buf->pos, n); + buf->pos += n; + + return (int)n; +} + +void +curlhelp_freewritebuffer (curlhelp_write_curlbuf *buf) +{ + free (buf->buf); + buf->buf = NULL; +} + +int +curlhelp_initreadbuffer (curlhelp_read_curlbuf *buf, const char *data, size_t datalen) +{ + buf->buflen = datalen; + buf->buf = (char *)malloc ((size_t)buf->buflen); + if (buf->buf == NULL) return -1; + memcpy (buf->buf, data, datalen); + buf->pos = 0; + return 0; +} + +void +curlhelp_freereadbuffer (curlhelp_read_curlbuf *buf) +{ + free (buf->buf); + buf->buf = NULL; +} + +/* TODO: where to put this, it's actually part of sstrings2 (logically)? + */ +const char* +strrstr2(const char *haystack, const char *needle) +{ + int counter; + size_t len; + const char *prev_pos; + const char *pos; + + if (haystack == NULL || needle == NULL) + return NULL; + + if (haystack[0] == '\0' || needle[0] == '\0') + return NULL; + + counter = 0; + prev_pos = NULL; + pos = haystack; + len = strlen (needle); + for (;;) { + pos = strstr (pos, needle); + if (pos == NULL) { + if (counter == 0) + return NULL; + else + return prev_pos; + } + counter++; + prev_pos = pos; + pos += len; + if (*pos == '\0') return prev_pos; + } +} + +int +curlhelp_parse_statusline (const char *buf, curlhelp_statusline *status_line) +{ + char *first_line_end; + char *p; + size_t first_line_len; + char *pp; + const char *start; + char *first_line_buf; + + /* find last start of a new header */ + start = strrstr2 (buf, "\r\nHTTP/"); + if (start != NULL) { + start += 2; + buf = start; + } + + first_line_end = strstr(buf, "\r\n"); + if (first_line_end == NULL) return -1; + + first_line_len = (size_t)(first_line_end - buf); + status_line->first_line = (char *)malloc (first_line_len + 1); + if (status_line->first_line == NULL) return -1; + memcpy (status_line->first_line, buf, first_line_len); + status_line->first_line[first_line_len] = '\0'; + first_line_buf = strdup( status_line->first_line ); + + /* protocol and version: "HTTP/x.x" SP or "HTTP/2" SP */ + + p = strtok(first_line_buf, "/"); + if( p == NULL ) { free( first_line_buf ); return -1; } + if( strcmp( p, "HTTP" ) != 0 ) { free( first_line_buf ); return -1; } + + p = strtok( NULL, " " ); + if( p == NULL ) { free( first_line_buf ); return -1; } + if( strchr( p, '.' ) != NULL ) { + + /* HTTP 1.x case */ + char *ppp; + ppp = strtok( p, "." ); + status_line->http_major = (int)strtol( p, &pp, 10 ); + if( *pp != '\0' ) { free( first_line_buf ); return -1; } + ppp = strtok( NULL, " " ); + status_line->http_minor = (int)strtol( p, &pp, 10 ); + if( *pp != '\0' ) { free( first_line_buf ); return -1; } + p += 4; /* 1.x SP */ + } else { + /* HTTP 2 case */ + status_line->http_major = (int)strtol( p, &pp, 10 ); + status_line->http_minor = 0; + p += 2; /* 2 SP */ + } + + /* status code: "404" or "404.1", then SP */ + + p = strtok( p, " " ); + if( p == NULL ) { free( first_line_buf ); return -1; } + if( strchr( p, '.' ) != NULL ) { + char *ppp; + ppp = strtok( p, "." ); + status_line->http_code = (int)strtol( ppp, &pp, 10 ); + if( *pp != '\0' ) { free( first_line_buf ); return -1; } + ppp = strtok( NULL, "" ); + status_line->http_subcode = (int)strtol( ppp, &pp, 10 ); + if( *pp != '\0' ) { free( first_line_buf ); return -1; } + p += 6; /* 400.1 SP */ + } else { + status_line->http_code = (int)strtol( p, &pp, 10 ); + status_line->http_subcode = -1; + if( *pp != '\0' ) { free( first_line_buf ); return -1; } + p += 4; /* 400 SP */ + } + + /* Human readable message: "Not Found" CRLF */ + + p = strtok( p, "" ); + if( p == NULL ) { status_line->msg = ""; return 0; } + status_line->msg = status_line->first_line + ( p - first_line_buf ); + free( first_line_buf ); + + return 0; +} + +void +curlhelp_free_statusline (curlhelp_statusline *status_line) +{ + free (status_line->first_line); +} + +void +remove_newlines (char *s) +{ + char *p; + + for (p = s; *p != '\0'; p++) + if (*p == '\r' || *p == '\n') + *p = ' '; +} + +char * +get_header_value (const struct phr_header* headers, const size_t nof_headers, const char* header) +{ + int i; + for( i = 0; i < nof_headers; i++ ) { + if(headers[i].name != NULL && strncasecmp( header, headers[i].name, max( headers[i].name_len, 4 ) ) == 0 ) { + return strndup( headers[i].value, headers[i].value_len ); + } + } + return NULL; +} + +int +check_document_dates (const curlhelp_write_curlbuf *header_buf, char (*msg)[DEFAULT_BUFFER_SIZE]) +{ + char *server_date = NULL; + char *document_date = NULL; + int date_result = STATE_OK; + curlhelp_statusline status_line; + struct phr_header headers[255]; + size_t nof_headers = 255; + size_t msglen; + + int res = phr_parse_response (header_buf->buf, header_buf->buflen, + &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, + headers, &nof_headers, 0); + + server_date = get_header_value (headers, nof_headers, "date"); + document_date = get_header_value (headers, nof_headers, "last-modified"); + + if (!server_date || !*server_date) { + snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sServer date unknown, "), *msg); + date_result = max_state_alt(STATE_UNKNOWN, date_result); + } else if (!document_date || !*document_date) { + snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sDocument modification date unknown, "), *msg); + date_result = max_state_alt(STATE_CRITICAL, date_result); + } else { + time_t srv_data = curl_getdate (server_date, NULL); + time_t doc_data = curl_getdate (document_date, NULL); + if (verbose >= 2) + printf ("* server date: '%s' (%d), doc_date: '%s' (%d)\n", server_date, (int)srv_data, document_date, (int)doc_data); + if (srv_data <= 0) { + snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sServer date \"%100s\" unparsable, "), *msg, server_date); + date_result = max_state_alt(STATE_CRITICAL, date_result); + } else if (doc_data <= 0) { + snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sDocument date \"%100s\" unparsable, "), *msg, document_date); + date_result = max_state_alt(STATE_CRITICAL, date_result); + } else if (doc_data > srv_data + 30) { + snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sDocument is %d seconds in the future, "), *msg, (int)doc_data - (int)srv_data); + date_result = max_state_alt(STATE_CRITICAL, date_result); + } else if (doc_data < srv_data - maximum_age) { + int n = (srv_data - doc_data); + if (n > (60 * 60 * 24 * 2)) { + snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sLast modified %.1f days ago, "), *msg, ((float) n) / (60 * 60 * 24)); + date_result = max_state_alt(STATE_CRITICAL, date_result); + } else { + snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sLast modified %d:%02d:%02d ago, "), *msg, n / (60 * 60), (n / 60) % 60, n % 60); + date_result = max_state_alt(STATE_CRITICAL, date_result); + } + } + } + + if (server_date) free (server_date); + if (document_date) free (document_date); + + return date_result; +} + + +int +get_content_length (const curlhelp_write_curlbuf* header_buf, const curlhelp_write_curlbuf* body_buf) +{ + const char *s; + int content_length = 0; + char *copy; + struct phr_header headers[255]; + size_t nof_headers = 255; + size_t msglen; + char *content_length_s = NULL; + curlhelp_statusline status_line; + + int res = phr_parse_response (header_buf->buf, header_buf->buflen, + &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, + headers, &nof_headers, 0); + + content_length_s = get_header_value (headers, nof_headers, "content-length"); + if (!content_length_s) { + return header_buf->buflen + body_buf->buflen; + } + content_length_s += strspn (content_length_s, " \t"); + content_length = atoi (content_length_s); + if (content_length != body_buf->buflen) { + /* TODO: should we warn if the actual and the reported body length don't match? */ + } + + if (content_length_s) free (content_length_s); + + return header_buf->buflen + body_buf->buflen; +} + +/* TODO: is there a better way in libcurl to check for the SSL library? */ +curlhelp_ssl_library +curlhelp_get_ssl_library (CURL* curl) +{ + curl_version_info_data* version_data; + char *ssl_version; + char *library; + curlhelp_ssl_library ssl_library = CURLHELP_SSL_LIBRARY_UNKNOWN; + + version_data = curl_version_info (CURLVERSION_NOW); + if (version_data == NULL) return CURLHELP_SSL_LIBRARY_UNKNOWN; + + ssl_version = strdup (version_data->ssl_version); + if (ssl_version == NULL ) return CURLHELP_SSL_LIBRARY_UNKNOWN; + + library = strtok (ssl_version, "/"); + if (library == NULL) return CURLHELP_SSL_LIBRARY_UNKNOWN; + + if (strcmp (library, "OpenSSL") == 0) + ssl_library = CURLHELP_SSL_LIBRARY_OPENSSL; + else if (strcmp (library, "LibreSSL") == 0) + ssl_library = CURLHELP_SSL_LIBRARY_LIBRESSL; + else if (strcmp (library, "GnuTLS") == 0) + ssl_library = CURLHELP_SSL_LIBRARY_GNUTLS; + else if (strcmp (library, "NSS") == 0) + ssl_library = CURLHELP_SSL_LIBRARY_NSS; + + if (verbose >= 2) + printf ("* SSL library string is : %s %s (%d)\n", version_data->ssl_version, library, ssl_library); + + free (ssl_version); + + return ssl_library; +} + +const char* +curlhelp_get_ssl_library_string (curlhelp_ssl_library ssl_library) +{ + switch (ssl_library) { + case CURLHELP_SSL_LIBRARY_OPENSSL: + return "OpenSSL"; + case CURLHELP_SSL_LIBRARY_LIBRESSL: + return "LibreSSL"; + case CURLHELP_SSL_LIBRARY_GNUTLS: + return "GnuTLS"; + case CURLHELP_SSL_LIBRARY_NSS: + return "NSS"; + case CURLHELP_SSL_LIBRARY_UNKNOWN: + default: + return "unknown"; + } +} + +#ifdef LIBCURL_FEATURE_SSL +#ifndef USE_OPENSSL +time_t +parse_cert_date (const char *s) +{ + struct tm tm; + time_t date; + char *res; + + if (!s) return -1; + + /* Jan 17 14:25:12 2020 GMT */ + res = strptime (s, "%Y-%m-%d %H:%M:%S GMT", &tm); + /* Sep 11 12:00:00 2020 GMT */ + if (res == NULL) strptime (s, "%Y %m %d %H:%M:%S GMT", &tm); + date = mktime (&tm); + + return date; +} + +/* TODO: this needs cleanup in the sslutils.c, maybe we the #else case to + * OpenSSL could be this function + */ +int +net_noopenssl_check_certificate (cert_ptr_union* cert_ptr, int days_till_exp_warn, int days_till_exp_crit) +{ + int i; + struct curl_slist* slist; + int cname_found = 0; + char* start_date_str = NULL; + char* end_date_str = NULL; + time_t start_date; + time_t end_date; + char *tz; + float time_left; + int days_left; + int time_remaining; + char timestamp[50] = ""; + int status = STATE_UNKNOWN; + + if (verbose >= 2) + printf ("**** REQUEST CERTIFICATES ****\n"); + + for (i = 0; i < cert_ptr->to_certinfo->num_of_certs; i++) { + for (slist = cert_ptr->to_certinfo->certinfo[i]; slist; slist = slist->next) { + /* find first common name in subject, + * TODO: check alternative subjects for + * TODO: have a decent parser here and not a hack + * multi-host certificate, check wildcards + */ + if (strncasecmp (slist->data, "Subject:", 8) == 0) { + int d = 3; + char* p = strstr (slist->data, "CN="); + if (p == NULL) { + d = 5; + p = strstr (slist->data, "CN = "); + } + if (p != NULL) { + if (strncmp (host_name, p+d, strlen (host_name)) == 0) { + cname_found = 1; + } + } + } else if (strncasecmp (slist->data, "Start Date:", 11) == 0) { + start_date_str = &slist->data[11]; + } else if (strncasecmp (slist->data, "Expire Date:", 12) == 0) { + end_date_str = &slist->data[12]; + } else if (strncasecmp (slist->data, "Cert:", 5) == 0) { + goto HAVE_FIRST_CERT; + } + if (verbose >= 2) + printf ("%d ** %s\n", i, slist->data); + } + } +HAVE_FIRST_CERT: + + if (verbose >= 2) + printf ("**** REQUEST CERTIFICATES ****\n"); + + if (!cname_found) { + printf("%s\n",_("CRITICAL - Cannot retrieve certificate subject.")); + return STATE_CRITICAL; + } + + start_date = parse_cert_date (start_date_str); + if (start_date <= 0) { + snprintf (msg, DEFAULT_BUFFER_SIZE, _("WARNING - Unparsable 'Start Date' in certificate: '%s'"), + start_date_str); + puts (msg); + return STATE_WARNING; + } + + end_date = parse_cert_date (end_date_str); + if (end_date <= 0) { + snprintf (msg, DEFAULT_BUFFER_SIZE, _("WARNING - Unparsable 'Expire Date' in certificate: '%s'"), + start_date_str); + puts (msg); + return STATE_WARNING; + } + + time_left = difftime (end_date, time(NULL)); + days_left = time_left / 86400; + tz = getenv("TZ"); + setenv("TZ", "GMT", 1); + tzset(); + strftime(timestamp, 50, "%c %z", localtime(&end_date)); + if (tz) + setenv("TZ", tz, 1); + else + unsetenv("TZ"); + tzset(); + + if (days_left > 0 && days_left <= days_till_exp_warn) { + printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", host_name, days_left, timestamp); + if (days_left > days_till_exp_crit) + status = STATE_WARNING; + else + status = STATE_CRITICAL; + } else if (days_left == 0 && time_left > 0) { + if (time_left >= 3600) + time_remaining = (int) time_left / 3600; + else + time_remaining = (int) time_left / 60; + + printf (_("%s - Certificate '%s' expires in %u %s (%s)\n"), + (days_left>days_till_exp_crit) ? "WARNING" : "CRITICAL", host_name, time_remaining, + time_left >= 3600 ? "hours" : "minutes", timestamp); + + if ( days_left > days_till_exp_crit) + status = STATE_WARNING; + else + status = STATE_CRITICAL; + } else if (time_left < 0) { + printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), host_name, timestamp); + status=STATE_CRITICAL; + } else if (days_left == 0) { + printf (_("%s - Certificate '%s' just expired (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", host_name, timestamp); + if (days_left > days_till_exp_crit) + status = STATE_WARNING; + else + status = STATE_CRITICAL; + } else { + printf(_("OK - Certificate '%s' will expire on %s.\n"), host_name, timestamp); + status = STATE_OK; + } + return status; +} +#endif /* USE_OPENSSL */ +#endif /* LIBCURL_FEATURE_SSL */ diff --git a/plugins/check_dbi.c b/plugins/check_dbi.c index 826eb8d9..ced13d05 100644 --- a/plugins/check_dbi.c +++ b/plugins/check_dbi.c @@ -35,6 +35,7 @@ const char *email = "devel@monitoring-plugins.org"; #include "common.h" #include "utils.h" +#include "utils_cmd.h" #include "netutils.h" diff --git a/plugins/check_dig.c b/plugins/check_dig.c index da4f0ded..5d85ae26 100644 --- a/plugins/check_dig.c +++ b/plugins/check_dig.c @@ -331,7 +331,7 @@ print_help (void) printf ("Copyright (c) 2000 Karl DeBisschop <kdebisschop@users.sourceforge.net>\n"); printf (COPYRIGHT, copyright, email); - printf (_("This plugin test the DNS service on the specified host using dig")); + printf (_("This plugin tests the DNS service on the specified host using dig")); printf ("\n\n"); diff --git a/plugins/check_disk.c b/plugins/check_disk.c index e73a0083..54befcad 100644 --- a/plugins/check_disk.c +++ b/plugins/check_disk.c @@ -1,29 +1,29 @@ /***************************************************************************** -* +* * Monitoring check_disk plugin -* +* * License: GPL * Copyright (c) 1999-2008 Monitoring Plugins Development Team -* +* * Description: -* +* * This file contains the check_disk plugin -* -* +* +* * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. -* +* * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. -* +* * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. -* -* +* +* *****************************************************************************/ const char *progname = "check_disk"; @@ -46,7 +46,7 @@ const char *email = "devel@monitoring-plugins.org"; #include <stdarg.h> #include "fsusage.h" #include "mountlist.h" -#include "intprops.h" /* necessary for TYPE_MAXIMUM */ +#include "intprops.h" /* necessary for TYPE_MAXIMUM */ #if HAVE_LIMITS_H # include <limits.h> #endif @@ -141,6 +141,7 @@ int erronly = FALSE; int display_mntp = FALSE; int exact_match = FALSE; int freespace_ignore_reserved = FALSE; +int display_inodes_perfdata = FALSE; char *warn_freespace_units = NULL; char *crit_freespace_units = NULL; char *warn_freespace_percent = NULL; @@ -167,11 +168,10 @@ main (int argc, char **argv) char *output; char *details; char *perf; + char *perf_ilabel; char *preamble; char *flag_header; double inode_space_pct; - double warning_high_tide; - double critical_high_tide; int temp_result; struct mount_entry *me; @@ -186,6 +186,7 @@ main (int argc, char **argv) output = strdup (""); details = strdup (""); perf = strdup (""); + perf_ilabel = strdup (""); stat_buf = malloc(sizeof *stat_buf); setlocale (LC_ALL, ""); @@ -242,17 +243,17 @@ main (int argc, char **argv) #ifdef __CYGWIN__ if (strncmp(path->name, "/cygdrive/", 10) != 0 || strlen(path->name) > 11) - continue; + continue; snprintf(mountdir, sizeof(mountdir), "%s:\\", me->me_mountdir + 10); if (GetDriveType(mountdir) != DRIVE_FIXED) - me->me_remote = 1; + me->me_remote = 1; #endif /* Filters */ /* Remove filesystems already seen */ if (np_seen_name(seen, me->me_mountdir)) { continue; - } + } np_add_name(&seen, me->me_mountdir); if (path->group == NULL) { @@ -285,8 +286,17 @@ main (int argc, char **argv) get_stats (path, &fsp); if (verbose >= 3) { - printf ("For %s, used_pct=%g free_pct=%g used_units=%g free_units=%g total_units=%g used_inodes_pct=%g free_inodes_pct=%g fsp.fsu_blocksize=%llu mult=%llu\n", - me->me_mountdir, path->dused_pct, path->dfree_pct, path->dused_units, path->dfree_units, path->dtotal_units, path->dused_inodes_percent, path->dfree_inodes_percent, fsp.fsu_blocksize, mult); + printf ("For %s, used_pct=%g free_pct=%g used_units=%llu free_units=%llu total_units=%llu used_inodes_pct=%g free_inodes_pct=%g fsp.fsu_blocksize=%llu mult=%llu\n", + me->me_mountdir, + path->dused_pct, + path->dfree_pct, + path->dused_units, + path->dfree_units, + path->dtotal_units, + path->dused_inodes_percent, + path->dfree_inodes_percent, + fsp.fsu_blocksize, + mult); } /* Threshold comparisons */ @@ -323,54 +333,79 @@ main (int argc, char **argv) */ /* *_high_tide must be reinitialized at each run */ - warning_high_tide = UINT_MAX; - critical_high_tide = UINT_MAX; + uint64_t warning_high_tide = UINT64_MAX; if (path->freespace_units->warning != NULL) { - warning_high_tide = path->dtotal_units - path->freespace_units->warning->end; + warning_high_tide = (path->dtotal_units - path->freespace_units->warning->end) * mult; } if (path->freespace_percent->warning != NULL) { - warning_high_tide = abs( min( (double) warning_high_tide, (double) (1.0 - path->freespace_percent->warning->end/100)*path->dtotal_units )); + warning_high_tide = min( warning_high_tide, (uint64_t)((1.0 - path->freespace_percent->warning->end/100) * (path->dtotal_units * mult)) ); } + + uint64_t critical_high_tide = UINT64_MAX; + if (path->freespace_units->critical != NULL) { - critical_high_tide = path->dtotal_units - path->freespace_units->critical->end; + critical_high_tide = (path->dtotal_units - path->freespace_units->critical->end) * mult; } if (path->freespace_percent->critical != NULL) { - critical_high_tide = abs( min( (double) critical_high_tide, (double) (1.0 - path->freespace_percent->critical->end/100)*path->dtotal_units )); + critical_high_tide = min( critical_high_tide, (uint64_t)((1.0 - path->freespace_percent->critical->end/100) * (path->dtotal_units * mult)) ); } - /* Nb: *_high_tide are unset when == UINT_MAX */ + /* Nb: *_high_tide are unset when == UINT64_MAX */ xasprintf (&perf, "%s %s", perf, - perfdata ((!strcmp(me->me_mountdir, "none") || display_mntp) ? me->me_devname : me->me_mountdir, - path->dused_units, units, - (warning_high_tide != UINT_MAX ? TRUE : FALSE), warning_high_tide, - (critical_high_tide != UINT_MAX ? TRUE : FALSE), critical_high_tide, - TRUE, 0, - TRUE, path->dtotal_units)); + perfdata_uint64 ( + (!strcmp(me->me_mountdir, "none") || display_mntp) ? me->me_devname : me->me_mountdir, + path->dused_units * mult, "B", + (warning_high_tide == UINT64_MAX ? FALSE : TRUE), warning_high_tide, + (critical_high_tide == UINT64_MAX ? FALSE : TRUE), critical_high_tide, + TRUE, 0, + TRUE, path->dtotal_units * mult)); + + if (display_inodes_perfdata) { + /* *_high_tide must be reinitialized at each run */ + warning_high_tide = UINT64_MAX; + critical_high_tide = UINT64_MAX; + + if (path->freeinodes_percent->warning != NULL) { + warning_high_tide = llabs( min( (double) warning_high_tide, (double) (1.0 - path->freeinodes_percent->warning->end/100)*path->inodes_total )); + } + if (path->freeinodes_percent->critical != NULL) { + critical_high_tide = llabs( min( (double) critical_high_tide, (double) (1.0 - path->freeinodes_percent->critical->end/100)*path->inodes_total )); + } + + xasprintf (&perf_ilabel, "%s (inodes)", (!strcmp(me->me_mountdir, "none") || display_mntp) ? me->me_devname : me->me_mountdir); + /* Nb: *_high_tide are unset when == UINT64_MAX */ + xasprintf (&perf, "%s %s", perf, + perfdata_uint64 (perf_ilabel, + path->inodes_used, "", + (warning_high_tide != UINT64_MAX ? TRUE : FALSE), warning_high_tide, + (critical_high_tide != UINT64_MAX ? TRUE : FALSE), critical_high_tide, + TRUE, 0, + TRUE, path->inodes_total)); + } if (disk_result==STATE_OK && erronly && !verbose) continue; - if(disk_result && verbose >= 1) { - xasprintf(&flag_header, " %s [", state_text (disk_result)); - } else { - xasprintf(&flag_header, ""); - } - xasprintf (&output, "%s%s %s %.0f %s (%.0f%%", - output, flag_header, - (!strcmp(me->me_mountdir, "none") || display_mntp) ? me->me_devname : me->me_mountdir, - path->dfree_units, - units, - path->dfree_pct); - if (path->dused_inodes_percent < 0) { - xasprintf(&output, "%s inode=-)%s;", output, (disk_result ? "]" : "")); - } else { - xasprintf(&output, "%s inode=%.0f%%)%s;", output, path->dfree_inodes_percent, ((disk_result && verbose >= 1) ? "]" : "")); - } + if(disk_result && verbose >= 1) { + xasprintf(&flag_header, " %s [", state_text (disk_result)); + } else { + xasprintf(&flag_header, ""); + } + xasprintf (&output, "%s%s %s %llu%s (%.0f%%", + output, flag_header, + (!strcmp(me->me_mountdir, "none") || display_mntp) ? me->me_devname : me->me_mountdir, + path->dfree_units, + units, + path->dfree_pct); + if (path->dused_inodes_percent < 0) { + xasprintf(&output, "%s inode=-)%s;", output, (disk_result ? "]" : "")); + } else { + xasprintf(&output, "%s inode=%.0f%%)%s;", output, path->dfree_inodes_percent, ((disk_result && verbose >= 1) ? "]" : "")); + } free(flag_header); /* TODO: Need to do a similar debug line - xasprintf (&details, _("%s\n\ -%.0f of %.0f %s (%.0f%% inode=%.0f%%) free on %s (type %s mounted on %s) warn:%lu crit:%lu warn%%:%.0f%% crit%%:%.0f%%"), + xasprintf (&details, _("%s\n\%.0f of %.0f %s (%.0f%% inode=%.0f%%) free on %s (type %s mounted on %s) warn:%lu crit:%lu warn%%:%.0f%% crit%%:%.0f%%"), details, dfree_units, dtotal_units, units, dfree_pct, inode_space_pct, me->me_devname, me->me_type, me->me_mountdir, (unsigned long)w_df, (unsigned long)c_df, w_dfp, c_dfp); @@ -455,6 +490,7 @@ process_arguments (int argc, char **argv) {"ignore-eregi-partition", required_argument, 0, 'I'}, {"local", no_argument, 0, 'l'}, {"stat-remote-fs", no_argument, 0, 'L'}, + {"iperfdata", no_argument, 0, 'P'}, {"mountpoint", no_argument, 0, 'M'}, {"errors-only", no_argument, 0, 'e'}, {"exact-match", no_argument, 0, 'E'}, @@ -477,7 +513,7 @@ process_arguments (int argc, char **argv) strcpy (argv[c], "-t"); while (1) { - c = getopt_long (argc, argv, "+?VqhvefCt:c:w:K:W:u:p:x:X:N:mklLg:R:r:i:I:MEA", longopts, &option); + c = getopt_long (argc, argv, "+?VqhvefCt:c:w:K:W:u:p:x:X:N:mklLPg:R:r:i:I:MEA", longopts, &option); if (c == -1 || c == EOF) break; @@ -530,14 +566,14 @@ process_arguments (int argc, char **argv) } break; - case 'W': /* warning inode threshold */ + case 'W': /* warning inode threshold */ if (*optarg == '@') { warn_freeinodes_percent = optarg; } else { xasprintf(&warn_freeinodes_percent, "@%s", optarg); } break; - case 'K': /* critical inode threshold */ + case 'K': /* critical inode threshold */ if (*optarg == '@') { crit_freeinodes_percent = optarg; } else { @@ -547,21 +583,24 @@ process_arguments (int argc, char **argv) case 'u': if (units) free(units); - if (! strcmp (optarg, "bytes")) { + if (! strcasecmp (optarg, "bytes")) { mult = (uintmax_t)1; units = strdup ("B"); - } else if (! strcmp (optarg, "kB")) { + } else if ( (! strcmp (optarg, "kB")) || (!strcmp(optarg, "KiB")) ) { mult = (uintmax_t)1024; - units = strdup ("kB"); - } else if (! strcmp (optarg, "MB")) { + units = strdup ("kiB"); + } else if ( (! strcmp (optarg, "MB")) || (!strcmp(optarg, "MiB")) ) { mult = (uintmax_t)1024 * 1024; - units = strdup ("MB"); - } else if (! strcmp (optarg, "GB")) { + units = strdup ("MiB"); + } else if ( (! strcmp (optarg, "GB")) || (!strcmp(optarg, "GiB")) ) { mult = (uintmax_t)1024 * 1024 * 1024; - units = strdup ("GB"); - } else if (! strcmp (optarg, "TB")) { + units = strdup ("GiB"); + } else if ( (! strcmp (optarg, "TB")) || (!strcmp(optarg, "TiB")) ) { mult = (uintmax_t)1024 * 1024 * 1024 * 1024; - units = strdup ("TB"); + units = strdup ("TiB"); + } else if ( (! strcmp (optarg, "PB")) || (!strcmp(optarg, "PiB")) ) { + mult = (uintmax_t)1024 * 1024 * 1024 * 1024 * 1024; + units = strdup ("PiB"); } else { die (STATE_UNKNOWN, _("unit type %s not known\n"), optarg); } @@ -572,19 +611,23 @@ process_arguments (int argc, char **argv) mult = 1024; if (units) free(units); - units = strdup ("kB"); + units = strdup ("kiB"); break; case 'm': /* display mountpoint */ mult = 1024 * 1024; if (units) free(units); - units = strdup ("MB"); + units = strdup ("MiB"); break; case 'L': stat_remote_fs = 1; + /* fallthrough */ case 'l': show_local_fs = 1; break; + case 'P': + display_inodes_perfdata = 1; + break; case 'p': /* select path */ if (! (warn_freespace_units || crit_freespace_units || warn_freespace_percent || crit_freespace_percent || warn_usedspace_units || crit_usedspace_units || @@ -781,7 +824,7 @@ process_arguments (int argc, char **argv) } if (units == NULL) { - units = strdup ("MB"); + units = strdup ("MiB"); mult = (uintmax_t)1024 * 1024; } @@ -904,6 +947,8 @@ print_help (void) printf (" %s\n", _("Display only devices/mountpoints with errors")); printf (" %s\n", "-f, --freespace-ignore-reserved"); printf (" %s\n", _("Don't account root-reserved blocks into freespace in perfdata")); + printf (" %s\n", "-P, --iperfdata"); + printf (" %s\n", _("Display inode usage in perfdata")); printf (" %s\n", "-g, --group=NAME"); printf (" %s\n", _("Group paths. Thresholds apply to (free-)space of all partitions together")); printf (" %s\n", "-k, --kilobytes"); @@ -993,50 +1038,59 @@ get_stats (struct parameter_list *p, struct fs_usage *fsp) { if (p_list->group && ! (strcmp(p_list->group, p->group))) { stat_path(p_list); get_fs_usage (p_list->best_match->me_mountdir, p_list->best_match->me_devname, &tmpfsp); - get_path_stats(p_list, &tmpfsp); + get_path_stats(p_list, &tmpfsp); if (verbose >= 3) - printf("Group %s: adding %llu blocks sized %llu, (%s) used_units=%g free_units=%g total_units=%g fsu_blocksize=%llu mult=%llu\n", - p_list->group, tmpfsp.fsu_bavail, tmpfsp.fsu_blocksize, p_list->best_match->me_mountdir, p_list->dused_units, p_list->dfree_units, - p_list->dtotal_units, mult); - - /* prevent counting the first FS of a group twice since its parameter_list entry + printf("Group %s: adding %llu blocks sized %llu, (%s) used_units=%lu free_units=%llu total_units=%llu mult=%llu\n", + p_list->group, + tmpfsp.fsu_blocks, + tmpfsp.fsu_blocksize, + p_list->best_match->me_mountdir, + p_list->dused_units, + p_list->dfree_units, + p_list->dtotal_units, + mult); + + /* prevent counting the first FS of a group twice since its parameter_list entry * is used to carry the information of all file systems of the entire group */ if (! first) { p->total += p_list->total; p->available += p_list->available; p->available_to_root += p_list->available_to_root; p->used += p_list->used; - + p->dused_units += p_list->dused_units; p->dfree_units += p_list->dfree_units; p->dtotal_units += p_list->dtotal_units; p->inodes_total += p_list->inodes_total; p->inodes_free += p_list->inodes_free; + p->inodes_free_to_root += p_list->inodes_free_to_root; + p->inodes_used += p_list->inodes_used; } first = 0; } - if (verbose >= 3) - printf("Group %s now has: used_units=%g free_units=%g total_units=%g fsu_blocksize=%llu mult=%llu\n", - p->group, tmpfsp.fsu_bavail, tmpfsp.fsu_blocksize, p->best_match->me_mountdir, p->dused_units, - p->dfree_units, p->dtotal_units, mult); + if (verbose >= 3) + printf("Group %s now has: used_units=%llu free_units=%llu total_units=%llu fsu_blocksize=%llu mult=%llu\n", + p->group, + p->dused_units, + p->dfree_units, + p->dtotal_units, + tmpfsp.fsu_blocksize, + mult); } /* modify devname and mountdir for output */ p->best_match->me_mountdir = p->best_match->me_devname = p->group; } /* finally calculate percentages for either plain FS or summed up group */ - p->dused_pct = calculate_percent( p->used, p->used + p->available ); /* used + available can never be > uintmax */ + p->dused_pct = calculate_percent( p->used, p->used + p->available ); /* used + available can never be > uintmax */ p->dfree_pct = 100 - p->dused_pct; p->dused_inodes_percent = calculate_percent(p->inodes_total - p->inodes_free, p->inodes_total); p->dfree_inodes_percent = 100 - p->dused_inodes_percent; - + } void get_path_stats (struct parameter_list *p, struct fs_usage *fsp) { - /* 2007-12-08 - Workaround for Gnulib reporting insanely high available - * space on BSD (the actual value should be negative but fsp->fsu_bavail - * is unsigned) */ - p->available = fsp->fsu_bavail > fsp->fsu_bfree ? 0 : fsp->fsu_bavail; + p->available = fsp->fsu_bavail; p->available_to_root = fsp->fsu_bfree; p->used = fsp->fsu_blocks - fsp->fsu_bfree; if (freespace_ignore_reserved) { @@ -1046,11 +1100,22 @@ get_path_stats (struct parameter_list *p, struct fs_usage *fsp) { /* default behaviour : take all the blocks into account */ p->total = fsp->fsu_blocks; } - + p->dused_units = p->used*fsp->fsu_blocksize/mult; p->dfree_units = p->available*fsp->fsu_blocksize/mult; p->dtotal_units = p->total*fsp->fsu_blocksize/mult; - p->inodes_total = fsp->fsu_files; /* Total file nodes. */ - p->inodes_free = fsp->fsu_ffree; /* Free file nodes. */ + /* Free file nodes. Not sure the workaround is required, but in case...*/ + p->inodes_free = fsp->fsu_favail > fsp->fsu_ffree ? 0 : fsp->fsu_favail; + p->inodes_free_to_root = fsp->fsu_ffree; /* Free file nodes for root. */ + p->inodes_used = fsp->fsu_files - fsp->fsu_ffree; + if (freespace_ignore_reserved) { + /* option activated : we substract the root-reserved inodes from the total */ + /* not all OS report fsp->fsu_favail, only the ones with statvfs syscall */ + /* for others, fsp->fsu_ffree == fsp->fsu_favail */ + p->inodes_total = fsp->fsu_files - p->inodes_free_to_root + p->inodes_free; + } else { + /* default behaviour : take all the inodes into account */ + p->inodes_total = fsp->fsu_files; + } np_add_name(&seen, p->best_match->me_mountdir); } diff --git a/plugins/check_dns.c b/plugins/check_dns.c index 5feafc80..9de6caf5 100644 --- a/plugins/check_dns.c +++ b/plugins/check_dns.c @@ -41,7 +41,7 @@ const char *email = "devel@monitoring-plugins.org"; int process_arguments (int, char **); int validate_arguments (void); -int error_scan (char *); +int error_scan (char *, int *); int ip_match_cidr(const char *, const char *); unsigned long ip2long(const char *); void print_help (void); @@ -54,8 +54,10 @@ char ptr_server[ADDRESS_LENGTH] = ""; int verbose = FALSE; char **expected_address = NULL; int expected_address_cnt = 0; +int expect_nxdomain = FALSE; int expect_authority = FALSE; +int all_match = FALSE; thresholds *time_thresholds = NULL; static int @@ -86,6 +88,7 @@ main (int argc, char **argv) int parse_address = FALSE; /* This flag scans for Address: but only after Name: */ output chld_out, chld_err; size_t i; + int is_nxdomain = FALSE; setlocale (LC_ALL, ""); bindtextdomain (PACKAGE, LOCALEDIR); @@ -168,8 +171,8 @@ main (int argc, char **argv) temp_buffer++; /* Strip leading spaces */ - for (; *temp_buffer != '\0' && *temp_buffer == ' '; temp_buffer++) - /* NOOP */; + while (*temp_buffer == ' ') + temp_buffer++; strip(temp_buffer); if (temp_buffer==NULL || strlen(temp_buffer)==0) { @@ -185,7 +188,7 @@ main (int argc, char **argv) } - result = error_scan (chld_out.line[i]); + result = error_scan (chld_out.line[i], &is_nxdomain); if (result != STATE_OK) { msg = strchr (chld_out.line[i], ':'); if(msg) msg++; @@ -198,13 +201,20 @@ main (int argc, char **argv) if (verbose) puts(chld_err.line[i]); - if (error_scan (chld_err.line[i]) != STATE_OK) { - result = max_state (result, error_scan (chld_err.line[i])); + if (error_scan (chld_err.line[i], &is_nxdomain) != STATE_OK) { + result = max_state (result, error_scan (chld_err.line[i], &is_nxdomain)); msg = strchr(input_buffer, ':'); - if(msg) msg++; + if(msg) + msg++; + else + msg = input_buffer; } } + if (is_nxdomain && !expect_nxdomain) { + die (STATE_CRITICAL, _("Domain '%s' was not found by the server\n"), query_address); + } + if (addresses) { int i,slen; char *adrp; @@ -228,16 +238,27 @@ main (int argc, char **argv) if (result == STATE_OK && expected_address_cnt > 0) { result = STATE_CRITICAL; temp_buffer = ""; + unsigned long expect_match = (1 << expected_address_cnt) - 1; + unsigned long addr_match = (1 << n_addresses) - 1; for (i=0; i<expected_address_cnt; i++) { + int j; /* check if we get a match on 'raw' ip or cidr */ - if ( strcmp(address, expected_address[i]) == 0 - || ip_match_cidr(address, expected_address[i]) ) - result = STATE_OK; + for (j=0; j<n_addresses; j++) { + if ( strcmp(addresses[j], expected_address[i]) == 0 + || ip_match_cidr(addresses[j], expected_address[i]) ) { + result = STATE_OK; + addr_match &= ~(1 << j); + expect_match &= ~(1 << i); + } + } /* prepare an error string */ xasprintf(&temp_buffer, "%s%s; ", temp_buffer, expected_address[i]); } + /* check if expected_address must cover all in addresses and none may be missing */ + if (all_match && (expect_match != 0 || addr_match != 0)) + result = STATE_CRITICAL; if (result == STATE_CRITICAL) { /* Strip off last semicolon... */ temp_buffer[strlen(temp_buffer)-2] = '\0'; @@ -245,6 +266,16 @@ main (int argc, char **argv) } } + if (expect_nxdomain) { + if (!is_nxdomain) { + result = STATE_CRITICAL; + xasprintf(&msg, _("Domain '%s' was found by the server: '%s'\n"), query_address, address); + } else { + if (address != NULL) free(address); + address = "NXDOMAIN"; + } + } + /* check if authoritative */ if (result == STATE_OK && expect_authority && non_authoritative) { result = STATE_CRITICAL; @@ -324,9 +355,15 @@ ip2long(const char* src) { } int -error_scan (char *input_buffer) +error_scan (char *input_buffer, int *is_nxdomain) { + const int nxdomain = strstr (input_buffer, "Non-existent") || + strstr (input_buffer, "** server can't find") || + strstr (input_buffer, "** Can't find") || + strstr (input_buffer, "NXDOMAIN"); + if (nxdomain) *is_nxdomain = TRUE; + /* the DNS lookup timed out */ if (strstr (input_buffer, _("Note: nslookup is deprecated and may be removed from future releases.")) || strstr (input_buffer, _("Consider using the `dig' or `host' programs instead. Run nslookup with")) || @@ -336,6 +373,8 @@ error_scan (char *input_buffer) /* DNS server is not running... */ else if (strstr (input_buffer, "No response from server")) die (STATE_CRITICAL, _("No response from DNS %s\n"), dns_server); + else if (strstr (input_buffer, "no servers could be reached")) + die (STATE_CRITICAL, _("No response from DNS %s\n"), dns_server); /* Host name is valid, but server doesn't have records... */ else if (strstr (input_buffer, "No records")) @@ -343,7 +382,7 @@ error_scan (char *input_buffer) /* Connection was refused */ else if (strstr (input_buffer, "Connection refused") || - strstr (input_buffer, "Couldn't find server") || + strstr (input_buffer, "Couldn't find server") || strstr (input_buffer, "Refused") || (strstr (input_buffer, "** server can't find") && strstr (input_buffer, ": REFUSED"))) @@ -357,12 +396,6 @@ error_scan (char *input_buffer) else if (strstr (input_buffer, "No information")) die (STATE_CRITICAL, _("No information returned by DNS server at %s\n"), dns_server); - /* Host or domain name does not exist */ - else if (strstr (input_buffer, "Non-existent") || - strstr (input_buffer, "** server can't find") || - strstr (input_buffer,"NXDOMAIN")) - die (STATE_CRITICAL, _("Domain %s was not found by the server\n"), query_address); - /* Network is unreachable */ else if (strstr (input_buffer, "Network is unreachable")) die (STATE_CRITICAL, _("Network is unreachable\n")); @@ -399,7 +432,9 @@ process_arguments (int argc, char **argv) {"server", required_argument, 0, 's'}, {"reverse-server", required_argument, 0, 'r'}, {"expected-address", required_argument, 0, 'a'}, + {"expect-nxdomain", no_argument, 0, 'n'}, {"expect-authority", no_argument, 0, 'A'}, + {"all", no_argument, 0, 'L'}, {"warning", required_argument, 0, 'w'}, {"critical", required_argument, 0, 'c'}, {0, 0, 0, 0} @@ -413,7 +448,7 @@ process_arguments (int argc, char **argv) strcpy (argv[c], "-t"); while (1) { - c = getopt_long (argc, argv, "hVvAt:H:s:r:a:w:c:", long_opts, &opt_index); + c = getopt_long (argc, argv, "hVvALnt:H:s:r:a:w:c:", long_opts, &opt_index); if (c == -1 || c == EOF) break; @@ -454,13 +489,33 @@ process_arguments (int argc, char **argv) case 'a': /* expected address */ if (strlen (optarg) >= ADDRESS_LENGTH) die (STATE_UNKNOWN, _("Input buffer overflow\n")); - expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**)); - expected_address[expected_address_cnt] = strdup(optarg); - expected_address_cnt++; + if (strchr(optarg, ',') != NULL) { + char *comma = strchr(optarg, ','); + while (comma != NULL) { + expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**)); + expected_address[expected_address_cnt] = strndup(optarg, comma - optarg); + expected_address_cnt++; + optarg = comma + 1; + comma = strchr(optarg, ','); + } + expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**)); + expected_address[expected_address_cnt] = strdup(optarg); + expected_address_cnt++; + } else { + expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**)); + expected_address[expected_address_cnt] = strdup(optarg); + expected_address_cnt++; + } + break; + case 'n': /* expect NXDOMAIN */ + expect_nxdomain = TRUE; break; case 'A': /* expect authority */ expect_authority = TRUE; break; + case 'L': /* all must match */ + all_match = TRUE; + break; case 'w': warning = optarg; break; @@ -496,8 +551,15 @@ process_arguments (int argc, char **argv) int validate_arguments () { - if (query_address[0] == 0) + if (query_address[0] == 0) { + printf ("missing --host argument\n"); return ERROR; + } + + if (expected_address_cnt > 0 && expect_nxdomain) { + printf ("--expected-address and --expect-nxdomain cannot be combined\n"); + return ERROR; + } return OK; } @@ -529,14 +591,19 @@ print_help (void) printf (" -a, --expected-address=IP-ADDRESS|CIDR|HOST\n"); printf (" %s\n", _("Optional IP-ADDRESS/CIDR you expect the DNS server to return. HOST must end")); printf (" %s\n", _("with a dot (.). This option can be repeated multiple times (Returns OK if any")); - printf (" %s\n", _("value match). If multiple addresses are returned at once, you have to match")); - printf (" %s\n", _("the whole string of addresses separated with commas (sorted alphabetically).")); + printf (" %s\n", _("value matches).")); + printf (" -n, --expect-nxdomain\n"); + printf (" %s\n", _("Expect the DNS server to return NXDOMAIN (i.e. the domain was not found)")); + printf (" %s\n", _("Cannot be used together with -a")); printf (" -A, --expect-authority\n"); printf (" %s\n", _("Optionally expect the DNS server to be authoritative for the lookup")); printf (" -w, --warning=seconds\n"); printf (" %s\n", _("Return warning if elapsed time exceeds value. Default off")); printf (" -c, --critical=seconds\n"); printf (" %s\n", _("Return critical if elapsed time exceeds value. Default off")); + printf (" -L, --all\n"); + printf (" %s\n", _("Return critical if the list of expected addresses does not match all addresses")); + printf (" %s\n", _("returned. Default off")); printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); @@ -548,5 +615,5 @@ void print_usage (void) { printf ("%s\n", _("Usage:")); - printf ("%s -H host [-s server] [-a expected-address] [-A] [-t timeout] [-w warn] [-c crit]\n", progname); + printf ("%s -H host [-s server] [-a expected-address] [-n] [-A] [-t timeout] [-w warn] [-c crit] [-L]\n", progname); } diff --git a/plugins/check_fping.c b/plugins/check_fping.c index da1ce1a6..521d0fef 100644 --- a/plugins/check_fping.c +++ b/plugins/check_fping.c @@ -184,7 +184,7 @@ textscan (char *buf) int status = STATE_UNKNOWN; if (strstr (buf, "not found")) { - die (STATE_CRITICAL, _("FPING UNKNOW - %s not found\n"), server_name); + die (STATE_CRITICAL, _("FPING UNKNOWN - %s not found\n"), server_name); } else if (strstr (buf, "is unreachable") || strstr (buf, "Unreachable")) { diff --git a/plugins/check_game.c b/plugins/check_game.c index 709dae1b..a534b69b 100644 --- a/plugins/check_game.c +++ b/plugins/check_game.c @@ -318,7 +318,7 @@ print_help (void) printf ("%s\n", _("Notes:")); printf (" %s\n", _("This plugin uses the 'qstat' command, the popular game server status query tool.")); printf (" %s\n", _("If you don't have the package installed, you will need to download it from")); - printf (" %s\n", _("http://www.activesw.com/people/steve/qstat.html before you can use this plugin.")); + printf (" %s\n", _("https://github.com/multiplay/qstat before you can use this plugin.")); printf (UT_SUPPORT); } diff --git a/plugins/check_hpjd.c b/plugins/check_hpjd.c index f159f5a2..c4b44178 100644 --- a/plugins/check_hpjd.c +++ b/plugins/check_hpjd.c @@ -66,7 +66,8 @@ void print_usage (void); char *community = NULL; char *address = NULL; -char *port = NULL; +unsigned int port = 0; +int check_paper_out = 1; int main (int argc, char **argv) @@ -120,8 +121,12 @@ main (int argc, char **argv) HPJD_GD_DOOR_OPEN, HPJD_GD_PAPER_OUTPUT, HPJD_GD_STATUS_DISPLAY); /* get the command to run */ - sprintf (command_line, "%s -OQa -m : -v 1 -c %s %s:%hd %s", PATH_TO_SNMPGET, community, - address, port, query_string); + sprintf (command_line, "%s -OQa -m : -v 1 -c %s %s:%u %s", + PATH_TO_SNMPGET, + community, + address, + port, + query_string); /* run the command */ child_process = spopen (command_line); @@ -240,7 +245,8 @@ main (int argc, char **argv) strcpy (errmsg, _("Paper Jam")); } else if (paper_out) { - result = STATE_WARNING; + if (check_paper_out) + result = STATE_WARNING; strcpy (errmsg, _("Out of Paper")); } else if (line_status == OFFLINE) { @@ -325,7 +331,7 @@ process_arguments (int argc, char **argv) while (1) { - c = getopt_long (argc, argv, "+hVH:C:p:", longopts, &option); + c = getopt_long (argc, argv, "+hVH:C:p:D", longopts, &option); if (c == -1 || c == EOF || c == 1) break; @@ -347,6 +353,8 @@ process_arguments (int argc, char **argv) usage2 (_("Port must be a positive short integer"), optarg); else port = atoi(optarg); + case 'D': /* disable paper out check*/ + check_paper_out = 0; break; case 'V': /* version */ print_revision (progname, NP_VERSION); @@ -376,11 +384,8 @@ process_arguments (int argc, char **argv) community = strdup (DEFAULT_COMMUNITY); } - if (port == NULL) { - if (argv[c] != NULL ) - port = argv[c]; - else - port = atoi (DEFAULT_PORT); + if (port == 0) { + port = atoi(DEFAULT_PORT); } return validate_arguments (); @@ -420,6 +425,8 @@ print_help (void) printf (" %s", _("Specify the port to check ")); printf (_("(default=%s)"), DEFAULT_PORT); printf ("\n"); + printf (" %s\n", "-D"); + printf (" %s", _("Disable paper check ")); printf (UT_SUPPORT); } @@ -430,5 +437,5 @@ void print_usage (void) { printf ("%s\n", _("Usage:")); - printf ("%s -H host [-C community] [-p port]\n", progname); + printf ("%s -H host [-C community] [-p port] [-D]\n", progname); } diff --git a/plugins/check_http.c b/plugins/check_http.c index e5ef7cc4..34fb4f01 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c @@ -72,7 +72,7 @@ int maximum_age = -1; enum { REGS = 2, - MAX_RE_SIZE = 256 + MAX_RE_SIZE = 1024 }; #include "regex.h" regex_t preg; @@ -120,12 +120,14 @@ int use_ssl = FALSE; int use_sni = FALSE; int verbose = FALSE; int show_extended_perfdata = FALSE; +int show_body = FALSE; int sd; int min_page_len = 0; int max_page_len = 0; int redir_depth = 0; int max_depth = 15; char *http_method; +char *http_method_proxy; char *http_post_data; char *http_content_type; char buffer[MAX_INPUT_BUFFER]; @@ -239,6 +241,7 @@ process_arguments (int argc, char **argv) {"use-ipv4", no_argument, 0, '4'}, {"use-ipv6", no_argument, 0, '6'}, {"extended-perfdata", no_argument, 0, 'E'}, + {"show-body", no_argument, 0, 'B'}, {0, 0, 0, 0} }; @@ -259,7 +262,7 @@ process_arguments (int argc, char **argv) } while (1) { - c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:nlLS::m:M:NE", longopts, &option); + c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:nlLS::m:M:NEB", longopts, &option); if (c == -1 || c == EOF) break; @@ -446,6 +449,12 @@ process_arguments (int argc, char **argv) if (http_method) free(http_method); http_method = strdup (optarg); + char *tmp; + if ((tmp = strstr(http_method, ":")) > 0) { + tmp[0] = '\0'; + http_method = http_method; + http_method_proxy = ++tmp; + } break; case 'd': /* string or substring */ strncpy (header_expect, optarg, MAX_INPUT_BUFFER - 1); @@ -540,6 +549,9 @@ process_arguments (int argc, char **argv) case 'E': /* show extended perfdata */ show_extended_perfdata = TRUE; break; + case 'B': /* print body content after status line */ + show_body = TRUE; + break; } } @@ -566,6 +578,9 @@ process_arguments (int argc, char **argv) if (http_method == NULL) http_method = strdup ("GET"); + if (http_method_proxy == NULL) + http_method_proxy = strdup ("GET"); + if (client_cert && !client_privkey) usage4 (_("If you use a client certificate you must also specify a private key file")); @@ -916,6 +931,21 @@ check_http (void) if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT); asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent); + if (strlen(proxy_auth)) { + base64_encode_alloc (proxy_auth, strlen (proxy_auth), &auth); + xasprintf (&buf, "%sProxy-Authorization: Basic %s\r\n", buf, auth); + } + /* optionally send any other header tag */ + if (http_opt_headers_count) { + for (i = 0; i < http_opt_headers_count ; i++) { + if (force_host_header != http_opt_headers[i]) { + xasprintf (&buf, "%s%s\r\n", buf, http_opt_headers[i]); + } + } + /* This cannot be free'd here because a redirection will then try to access this and segfault */ + /* Covered in a testcase in tests/check_http.t */ + /* free(http_opt_headers); */ + } asprintf (&buf, "%sProxy-Connection: keep-alive\r\n", buf); asprintf (&buf, "%sHost: %s\r\n", buf, host_name); /* we finished our request, send empty line with CRLF */ @@ -950,7 +980,7 @@ check_http (void) if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0 && host_name != NULL && use_ssl == TRUE) - asprintf (&buf, "%s %s %s\r\n%s\r\n", "GET", server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent); + asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method_proxy, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent); else asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent); @@ -1140,6 +1170,8 @@ check_http (void) xasprintf (&msg, _("Invalid HTTP response received from host on port %d: %s\n"), server_port, status_line); + if (show_body) + xasprintf (&msg, _("%s\n%s"), msg, page); die (STATE_CRITICAL, "HTTP CRITICAL - %s", msg); } @@ -1290,6 +1322,9 @@ check_http (void) perfd_time (elapsed_time), perfd_size (page_len)); + if (show_body) + xasprintf (&msg, _("%s\n%s"), msg, page); + result = max_state_alt(get_status(elapsed_time, thlds), result); die (result, "HTTP %s: %s\n", state_text(result), msg); @@ -1418,8 +1453,8 @@ redir (char *pos, char *status_line) !strncmp(server_address, addr, MAX_IPV4_HOSTLENGTH) && (host_name && !strncmp(host_name, addr, MAX_IPV4_HOSTLENGTH)) && !strcmp(server_url, url)) - die (STATE_WARNING, - _("HTTP WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"), + die (STATE_CRITICAL, + _("HTTP CRITICAL - redirection creates an infinite loop - %s://%s:%d%s%s\n"), type, addr, i, url, (display_html ? "</A>" : "")); strcpy (server_type, type); @@ -1532,6 +1567,10 @@ print_help (void) print_usage (); +#ifdef HAVE_SSL + printf (_("In the first form, make an HTTP request.")); + printf (_("In the second form, connect to the server and check the TLS certificate.")); +#endif printf (_("NOTE: One or both of -H and -I must be specified")); printf ("\n"); @@ -1581,7 +1620,7 @@ print_help (void) printf (" %s\n", _("URL to GET or POST (default: /)")); printf (" %s\n", "-P, --post=STRING"); printf (" %s\n", _("URL encoded http POST data")); - printf (" %s\n", "-j, --method=STRING (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT)"); + printf (" %s\n", "-j, --method=STRING (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT, CONNECT:POST)"); printf (" %s\n", _("Set HTTP method.")); printf (" %s\n", "-N, --no-body"); printf (" %s\n", _("Don't wait for document body: stop reading after headers.")); @@ -1611,6 +1650,8 @@ print_help (void) printf (" %s\n", _("Any other tags to be sent in http header. Use multiple times for additional headers")); printf (" %s\n", "-E, --extended-perfdata"); printf (" %s\n", _("Print additional performance data")); + printf (" %s\n", "-B, --show-body"); + printf (" %s\n", _("Print body content below status line")); printf (" %s\n", "-L, --link"); printf (" %s\n", _("Wrap output in HTML link (obsoleted by urlize)")); printf (" %s\n", "-f, --onredirect=<ok|warning|critical|follow|sticky|stickyport>"); @@ -1629,7 +1670,7 @@ print_help (void) printf ("%s\n", _("Notes:")); printf (" %s\n", _("This plugin will attempt to open an HTTP connection with the host.")); printf (" %s\n", _("Successful connects return STATE_OK, refusals and timeouts return STATE_CRITICAL")); - printf (" %s\n", _("other errors return STATE_UNKNOWN. Successful connects, but incorrect reponse")); + printf (" %s\n", _("other errors return STATE_UNKNOWN. Successful connects, but incorrect response")); printf (" %s\n", _("messages from the host result in STATE_WARNING return values. If you are")); printf (" %s\n", _("checking a virtual server that uses 'host headers' you must supply the FQDN")); printf (" %s\n", _("(fully qualified domain name) as the [host_name] argument.")); @@ -1668,7 +1709,8 @@ print_help (void) printf (" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>")); printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds")); printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,")); - printf (" %s\n", _("a STATE_CRITICAL will be returned.")); + printf (" %s\n", _("a STATE_CRITICAL will be returned. By adding a colon to the method you can set the method used")); + printf (" %s\n", _("inside the proxied connection: -j CONNECT:POST")); #endif @@ -1688,6 +1730,8 @@ print_usage (void) printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n"); printf (" [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n"); - printf (" [-A string] [-k string] [-S <version>] [--sni] [-C <warn_age>[,<crit_age>]]\n"); + printf (" [-A string] [-k string] [-S <version>] [--sni]\n"); printf (" [-T <content-type>] [-j method]\n"); + printf (" %s -H <vhost> | -I <IP-address> -C <warn_age>[,<crit_age>]\n",progname); + printf (" [-p <port>] [-t <timeout>] [-4|-6] [--sni]\n"); } diff --git a/plugins/check_ide_smart.c b/plugins/check_ide_smart.c index 46621318..0160d98b 100644 --- a/plugins/check_ide_smart.c +++ b/plugins/check_ide_smart.c @@ -283,7 +283,7 @@ get_offline_text (int status) return offline_status_text[i].text; } } - return "UNKNOW"; + return "UNKNOWN"; } diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c index 66be4b46..845a4f52 100644 --- a/plugins/check_ldap.c +++ b/plugins/check_ldap.c @@ -237,7 +237,7 @@ main (int argc, char *argv[]) if(entries_thresholds != NULL) { if (verbose) { printf ("entries found: %d\n", num_entries); - print_thresholds("entry threasholds", entries_thresholds); + print_thresholds("entry thresholds", entries_thresholds); } status_entries = get_status(num_entries, entries_thresholds); if (status_entries == STATE_CRITICAL) { @@ -432,6 +432,9 @@ validate_arguments () set_thresholds(&entries_thresholds, warn_entries, crit_entries); } + if (ld_passwd==NULL) + ld_passwd = getenv("LDAP_PASSWORD"); + return OK; } @@ -465,7 +468,7 @@ print_help (void) printf (" %s\n", "-D [--bind]"); printf (" %s\n", _("ldap bind DN (if required)")); printf (" %s\n", "-P [--pass]"); - printf (" %s\n", _("ldap password (if required)")); + printf (" %s\n", _("ldap password (if required, or set the password through environment variable 'LDAP_PASSWORD')")); printf (" %s\n", "-T [--starttls]"); printf (" %s\n", _("use starttls mechanism introduced in protocol version 3")); printf (" %s\n", "-S [--ssl]"); diff --git a/plugins/check_load.c b/plugins/check_load.c index b1cc498f..0e4de54e 100644 --- a/plugins/check_load.c +++ b/plugins/check_load.c @@ -33,6 +33,7 @@ const char *copyright = "1999-2007"; const char *email = "devel@monitoring-plugins.org"; #include "common.h" +#include "runcmd.h" #include "utils.h" #include "popen.h" @@ -52,6 +53,9 @@ static int process_arguments (int argc, char **argv); static int validate_arguments (void); void print_help (void); void print_usage (void); +static int print_top_consuming_processes(); + +static int n_procs_to_show = 0; /* strictly for pretty-print usage in loops */ static const int nums[3] = { 1, 5, 15 }; @@ -205,11 +209,14 @@ main (int argc, char **argv) else if(la[i] > wload[i]) result = STATE_WARNING; } - printf("%s - %s|", state_text(result), status_line); + printf("LOAD %s - %s|", state_text(result), status_line); for(i = 0; i < 3; i++) printf("load%d=%.3f;%.3f;%.3f;0; ", nums[i], la[i], wload[i], cload[i]); putchar('\n'); + if (n_procs_to_show > 0) { + print_top_consuming_processes(); + } return result; } @@ -227,6 +234,7 @@ process_arguments (int argc, char **argv) {"percpu", no_argument, 0, 'r'}, {"version", no_argument, 0, 'V'}, {"help", no_argument, 0, 'h'}, + {"procs-to-show", required_argument, 0, 'n'}, {0, 0, 0, 0} }; @@ -234,7 +242,7 @@ process_arguments (int argc, char **argv) return ERROR; while (1) { - c = getopt_long (argc, argv, "Vhrc:w:", longopts, &option); + c = getopt_long (argc, argv, "Vhrc:w:n:", longopts, &option); if (c == -1 || c == EOF) break; @@ -255,6 +263,9 @@ process_arguments (int argc, char **argv) case 'h': /* help */ print_help (); exit (STATE_UNKNOWN); + case 'n': + n_procs_to_show = atoi(optarg); + break; case '?': /* help */ usage5 (); } @@ -324,6 +335,9 @@ print_help (void) printf (" %s\n", _("the load average format is the same used by \"uptime\" and \"w\"")); printf (" %s\n", "-r, --percpu"); printf (" %s\n", _("Divide the load averages by the number of CPUs (when possible)")); + printf (" %s\n", "-n, --procs-to-show=NUMBER_OF_PROCS"); + printf (" %s\n", _("Number of processes to show when printing the top consuming processes.")); + printf (" %s\n", _("NUMBER_OF_PROCS=0 disables this feature. Default value is 0")); printf (UT_SUPPORT); } @@ -332,5 +346,48 @@ void print_usage (void) { printf ("%s\n", _("Usage:")); - printf ("%s [-r] -w WLOAD1,WLOAD5,WLOAD15 -c CLOAD1,CLOAD5,CLOAD15\n", progname); + printf ("%s [-r] -w WLOAD1,WLOAD5,WLOAD15 -c CLOAD1,CLOAD5,CLOAD15 [-n NUMBER_OF_PROCS]\n", progname); +} + +#ifdef PS_USES_PROCPCPU +int cmpstringp(const void *p1, const void *p2) { + int procuid = 0; + int procpid = 0; + int procppid = 0; + int procvsz = 0; + int procrss = 0; + float procpcpu = 0; + char procstat[8]; +#ifdef PS_USES_PROCETIME + char procetime[MAX_INPUT_BUFFER]; +#endif /* PS_USES_PROCETIME */ + char procprog[MAX_INPUT_BUFFER]; + int pos; + sscanf (* (char * const *) p1, PS_FORMAT, PS_VARLIST); + float procpcpu1 = procpcpu; + sscanf (* (char * const *) p2, PS_FORMAT, PS_VARLIST); + return procpcpu1 < procpcpu; +} +#endif /* PS_USES_PROCPCPU */ + +static int print_top_consuming_processes() { + int i = 0; + struct output chld_out, chld_err; + if(np_runcmd(PS_COMMAND, &chld_out, &chld_err, 0) != 0){ + fprintf(stderr, _("'%s' exited with non-zero status.\n"), PS_COMMAND); + return STATE_UNKNOWN; + } + if (chld_out.lines < 2) { + fprintf(stderr, _("some error occurred getting procs list.\n")); + return STATE_UNKNOWN; + } +#ifdef PS_USES_PROCPCPU + qsort(chld_out.line + 1, chld_out.lines - 1, sizeof(char*), cmpstringp); +#endif /* PS_USES_PROCPCPU */ + int lines_to_show = chld_out.lines < (n_procs_to_show + 1) + ? chld_out.lines : n_procs_to_show + 1; + for (i = 0; i < lines_to_show; i += 1) { + printf("%s\n", chld_out.line[i]); + } + return OK; } diff --git a/plugins/check_mysql.c b/plugins/check_mysql.c index 5773afd9..0cba50e6 100644 --- a/plugins/check_mysql.c +++ b/plugins/check_mysql.c @@ -379,6 +379,9 @@ process_arguments (int argc, char **argv) if (is_host (optarg)) { db_host = optarg; } + else if (*optarg == '/') { + db_socket = optarg; + } else { usage2 (_("Invalid hostname/address"), optarg); } diff --git a/plugins/check_mysql_query.c b/plugins/check_mysql_query.c index 49a14dd3..ac2fb15d 100644 --- a/plugins/check_mysql_query.c +++ b/plugins/check_mysql_query.c @@ -136,18 +136,18 @@ main (int argc, char **argv) die (STATE_CRITICAL, "QUERY %s: Fetch row error - %s\n", _("CRITICAL"), error); } - /* free the result */ - mysql_free_result (res); - - /* close the connection */ - mysql_close (&mysql); - if (! is_numeric(row[0])) { die (STATE_CRITICAL, "QUERY %s: %s - '%s'\n", _("CRITICAL"), _("Is not a numeric"), row[0]); } value = strtod(row[0], NULL); + /* free the result */ + mysql_free_result (res); + + /* close the connection */ + mysql_close (&mysql); + if (verbose >= 3) printf("mysql result: %f\n", value); diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c index 5ac6c65b..914b40ce 100644 --- a/plugins/check_ntp.c +++ b/plugins/check_ntp.c @@ -548,7 +548,7 @@ double jitter_request(const char *host, int *status){ DBG(print_ntp_control_message(&req)); /* Attempt to read the largest size packet possible */ req.count=htons(MAX_CM_SIZE); - DBG(printf("recieving READSTAT response")) + DBG(printf("receiving READSTAT response")) read(conn, &req, SIZEOF_NTPCM(req)); DBG(print_ntp_control_message(&req)); /* Each peer identifier is 4 bytes in the data section, which @@ -608,7 +608,7 @@ double jitter_request(const char *host, int *status){ DBG(print_ntp_control_message(&req)); req.count = htons(MAX_CM_SIZE); - DBG(printf("recieving READVAR response...\n")); + DBG(printf("receiving READVAR response...\n")); read(conn, &req, SIZEOF_NTPCM(req)); DBG(print_ntp_control_message(&req)); diff --git a/plugins/check_ntp_peer.c b/plugins/check_ntp_peer.c index c656b0f5..6842842f 100644 --- a/plugins/check_ntp_peer.c +++ b/plugins/check_ntp_peer.c @@ -245,7 +245,7 @@ int ntp_request(const char *host, double *offset, int *offset_result, double *ji do { /* Attempt to read the largest size packet possible */ req.count=htons(MAX_CM_SIZE); - DBG(printf("recieving READSTAT response")) + DBG(printf("receiving READSTAT response")) if(read(conn, &req, SIZEOF_NTPCM(req)) == -1) die(STATE_CRITICAL, "NTP CRITICAL: No response from NTP server\n"); DBG(print_ntp_control_message(&req)); diff --git a/plugins/check_pgsql.c b/plugins/check_pgsql.c index 2eb699e8..b8fc5f1d 100644 --- a/plugins/check_pgsql.c +++ b/plugins/check_pgsql.c @@ -34,6 +34,7 @@ const char *email = "devel@monitoring-plugins.org"; #include "common.h" #include "utils.h" +#include "utils_cmd.h" #include "netutils.h" #include <libpq-fe.h> @@ -346,7 +347,7 @@ process_arguments (int argc, char **argv) if (!is_pg_dbname (optarg)) /* checks length and valid chars */ usage2 (_("Database name is not valid"), optarg); else /* we know length, and know optarg is terminated, so us strcpy */ - strcpy (dbName, optarg); + snprintf(dbName, NAMEDATALEN, "%s", optarg); break; case 'l': /* login name */ if (!is_pg_logname (optarg)) @@ -565,7 +566,7 @@ print_help (void) printf (" %s\n", _("Typically, the monitoring user (unless the --logname option is used) should be")); printf (" %s\n", _("able to connect to the database without a password. The plugin can also send")); - printf (" %s\n", _("a password, but no effort is made to obsure or encrypt the password.")); + printf (" %s\n", _("a password, but no effort is made to obscure or encrypt the password.")); printf (UT_SUPPORT); } diff --git a/plugins/check_ping.c b/plugins/check_ping.c index 36de7cf6..5ea11294 100644 --- a/plugins/check_ping.c +++ b/plugins/check_ping.c @@ -37,6 +37,8 @@ const char *email = "devel@monitoring-plugins.org"; #include "popen.h" #include "utils.h" +#include <signal.h> + #define WARN_DUPLICATES "DUPLICATES FOUND! " #define UNKNOWN_TRIP_TIME -1.0 /* -1 seconds */ @@ -163,10 +165,14 @@ main (int argc, char **argv) printf ("</A>"); /* Print performance data */ - printf("|%s", fperfdata ("rta", (double) rta, "ms", - wrta>0?TRUE:FALSE, wrta, - crta>0?TRUE:FALSE, crta, - TRUE, 0, FALSE, 0)); + if (pl != 100) { + printf("|%s", fperfdata ("rta", (double) rta, "ms", + wrta>0?TRUE:FALSE, wrta, + crta>0?TRUE:FALSE, crta, + TRUE, 0, FALSE, 0)); + } else { + printf("| rta=U;%f;%f;;", wrta, crta); + } printf(" %s\n", perfdata ("pl", (long) pl, "%", wpl>0?TRUE:FALSE, wpl, cpl>0?TRUE:FALSE, cpl, diff --git a/plugins/check_procs.c b/plugins/check_procs.c index 4bcc56bc..48723404 100644 --- a/plugins/check_procs.c +++ b/plugins/check_procs.c @@ -1,34 +1,34 @@ /***************************************************************************** -* +* * Monitoring check_procs plugin -* +* * License: GPL * Copyright (c) 2000-2008 Monitoring Plugins Development Team -* +* * Description: -* +* * This file contains the check_procs plugin -* +* * Checks all processes and generates WARNING or CRITICAL states if the * specified metric is outside the required threshold ranges. The metric * defaults to number of processes. Search filters can be applied to limit * the processes to check. -* -* +* +* * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. -* +* * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. -* +* * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. -* -* +* +* *****************************************************************************/ const char *progname = "check_procs"; @@ -50,7 +50,7 @@ const char *email = "devel@monitoring-plugins.org"; int process_arguments (int, char **); int validate_arguments (void); -int convert_to_seconds (char *); +int convert_to_seconds (char *); void print_help (void); void print_usage (void); @@ -230,9 +230,9 @@ main (int argc, char **argv) procseconds = convert_to_seconds(procetime); if (verbose >= 3) - printf ("proc#=%d uid=%d vsz=%d rss=%d pid=%d ppid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s\n", + printf ("proc#=%d uid=%d vsz=%d rss=%d pid=%d ppid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s\n", procs, procuid, procvsz, procrss, - procpid, procppid, procpcpu, procstat, + procpid, procppid, procpcpu, procstat, procetime, procprog, procargs); /* Ignore self */ @@ -265,7 +265,7 @@ main (int argc, char **argv) } } - if ((options & STAT) && (strstr (statopts, procstat))) + if ((options & STAT) && (strstr (procstat, statopts))) resultsum |= STAT; if ((options & ARGS) && procargs && (strstr (procargs, args) != NULL)) resultsum |= ARGS; @@ -292,9 +292,9 @@ main (int argc, char **argv) procs++; if (verbose >= 2) { - printf ("Matched: uid=%d vsz=%d rss=%d pid=%d ppid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s\n", + printf ("Matched: uid=%d vsz=%d rss=%d pid=%d ppid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s\n", procuid, procvsz, procrss, - procpid, procppid, procpcpu, procstat, + procpid, procppid, procpcpu, procstat, procetime, procprog, procargs); } @@ -320,7 +320,7 @@ main (int argc, char **argv) result = max_state (result, i); } } - } + } /* This should not happen */ else if (verbose) { printf(_("Not parseable: %s"), input_buffer); @@ -332,7 +332,7 @@ main (int argc, char **argv) return STATE_UNKNOWN; } - if ( result == STATE_UNKNOWN ) + if ( result == STATE_UNKNOWN ) result = STATE_OK; /* Needed if procs found, but none match filter */ @@ -352,9 +352,9 @@ main (int argc, char **argv) if (metric != METRIC_PROCS) { printf (_("%d crit, %d warn out of "), crit, warn); } - } + } printf (ngettext ("%d process", "%d processes", (unsigned long) procs), procs); - + if (strcmp(fmt,"") != 0) { printf (_(" with %s"), fmt); } @@ -440,7 +440,7 @@ process_arguments (int argc, char **argv) break; case 'c': /* critical threshold */ critical_range = optarg; - break; + break; case 'w': /* warning threshold */ warning_range = optarg; break; @@ -542,11 +542,11 @@ process_arguments (int argc, char **argv) if ( strcmp(optarg, "PROCS") == 0) { metric = METRIC_PROCS; break; - } + } else if ( strcmp(optarg, "VSZ") == 0) { metric = METRIC_VSZ; break; - } + } else if ( strcmp(optarg, "RSS") == 0 ) { metric = METRIC_RSS; break; @@ -559,7 +559,7 @@ process_arguments (int argc, char **argv) metric = METRIC_ELAPSED; break; } - + usage4 (_("Metric must be one of PROCS, VSZ, RSS, CPU, ELAPSED!")); case 'k': /* linux kernel thread filter */ kthread_filter = 1; @@ -642,7 +642,7 @@ convert_to_seconds(char *etime) { seconds = 0; for (ptr = etime; *ptr != '\0'; ptr++) { - + if (*ptr == '-') { hyphcnt++; continue; @@ -764,6 +764,11 @@ be the total number of running processes\n\n")); printf (" %s\n", "check_procs -w 2:2 -c 2:1024 -C portsentry"); printf (" %s\n", _("Warning if not two processes with command name portsentry.")); printf (" %s\n\n", _("Critical if < 2 or > 1024 processes")); + printf (" %s\n", "check_procs -c 1: -C sshd"); + printf (" %s\n", _("Critical if not at least 1 process with command sshd")); + printf (" %s\n", "check_procs -w 1024 -c 1: -C sshd"); + printf (" %s\n", _("Warning if > 1024 processes with command name sshd.")); + printf (" %s\n\n", _("Critical if < 1 processes with command name sshd.")); printf (" %s\n", "check_procs -w 10 -a '/usr/local/bin/perl' -u root"); printf (" %s\n", _("Warning alert if > 10 processes with command arguments containing")); printf (" %s\n\n", _("'/usr/local/bin/perl' and owned by root")); diff --git a/plugins/check_radius.c b/plugins/check_radius.c index fe84b7ce..be1001b4 100644 --- a/plugins/check_radius.c +++ b/plugins/check_radius.c @@ -360,7 +360,7 @@ print_help (void) printf (" %s\n", "-u, --username=STRING"); printf (" %s\n", _("The user to authenticate")); printf (" %s\n", "-p, --password=STRING"); - printf (" %s\n", _("Password for autentication (SECURITY RISK)")); + printf (" %s\n", _("Password for authentication (SECURITY RISK)")); printf (" %s\n", "-n, --nas-id=STRING"); printf (" %s\n", _("NAS identifier")); printf (" %s\n", "-N, --nas-ip-address=STRING"); diff --git a/plugins/check_real.c b/plugins/check_real.c index 6491e6e9..0f1a1ba7 100644 --- a/plugins/check_real.c +++ b/plugins/check_real.c @@ -438,7 +438,7 @@ print_help (void) printf ("%s\n", _("This plugin will attempt to open an RTSP connection with the host.")); printf ("%s\n", _("Successul connects return STATE_OK, refusals and timeouts return")); printf ("%s\n", _("STATE_CRITICAL, other errors return STATE_UNKNOWN. Successful connects,")); - printf ("%s\n", _("but incorrect reponse messages from the host result in STATE_WARNING return")); + printf ("%s\n", _("but incorrect response messages from the host result in STATE_WARNING return")); printf ("%s\n", _("values.")); printf (UT_SUPPORT); diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c index 6e0e22ed..c1e92dff 100644 --- a/plugins/check_smtp.c +++ b/plugins/check_smtp.c @@ -55,6 +55,7 @@ enum { #define SMTP_EXPECT "220" #define SMTP_HELO "HELO " #define SMTP_EHLO "EHLO " +#define SMTP_LHLO "LHLO " #define SMTP_QUIT "QUIT\r\n" #define SMTP_STARTTLS "STARTTLS\r\n" #define SMTP_AUTH_LOGIN "AUTH LOGIN\r\n" @@ -102,6 +103,7 @@ int check_critical_time = FALSE; int verbose = 0; int use_ssl = FALSE; short use_ehlo = FALSE; +short use_lhlo = FALSE; short ssl_established = 0; char *localhostname = NULL; int sd; @@ -152,7 +154,9 @@ main (int argc, char **argv) return STATE_CRITICAL; } } - if(use_ehlo) + if(use_lhlo) + xasprintf (&helocmd, "%s%s%s", SMTP_LHLO, localhostname, "\r\n"); + else if(use_ehlo) xasprintf (&helocmd, "%s%s%s", SMTP_EHLO, localhostname, "\r\n"); else xasprintf (&helocmd, "%s%s%s", SMTP_HELO, localhostname, "\r\n"); @@ -197,7 +201,7 @@ main (int argc, char **argv) if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) { printf (_("recv() failed\n")); return STATE_WARNING; - } else if(use_ehlo){ + } else if(use_ehlo || use_lhlo){ if(strstr(buffer, "250 STARTTLS") != NULL || strstr(buffer, "250-STARTTLS") != NULL){ supports_tls=TRUE; @@ -293,6 +297,7 @@ main (int argc, char **argv) printf("%s", buffer); } + n = 0; while (n < ncommands) { xasprintf (&cmd_str, "%s%s", commands[n], "\r\n"); my_send(cmd_str, strlen(cmd_str)); @@ -469,6 +474,7 @@ process_arguments (int argc, char **argv) {"use-ipv4", no_argument, 0, '4'}, {"use-ipv6", no_argument, 0, '6'}, {"help", no_argument, 0, 'h'}, + {"lmtp", no_argument, 0, 'L'}, {"starttls",no_argument,0,'S'}, {"certificate",required_argument,0,'D'}, {"ignore-quit-failure",no_argument,0,'q'}, @@ -488,7 +494,7 @@ process_arguments (int argc, char **argv) } while (1) { - c = getopt_long (argc, argv, "+hVv46t:p:f:e:c:w:H:C:R:SD:F:A:U:P:q", + c = getopt_long (argc, argv, "+hVv46Lt:p:f:e:c:w:H:C:R:SD:F:A:U:P:q", longopts, &option); if (c == -1 || c == EOF) @@ -615,6 +621,9 @@ process_arguments (int argc, char **argv) use_ssl = TRUE; use_ehlo = TRUE; break; + case 'L': + use_lhlo = TRUE; + break; case '4': address_family = AF_INET; break; @@ -823,6 +832,8 @@ print_help (void) printf (" %s\n", _("SMTP AUTH username")); printf (" %s\n", "-P, --authpass=STRING"); printf (" %s\n", _("SMTP AUTH password")); + printf (" %s\n", "-L, --lmtp"); + printf (" %s\n", _("Send LHLO instead of HELO/EHLO")); printf (" %s\n", "-q, --ignore-quit-failure"); printf (" %s\n", _("Ignore failure when sending QUIT command to server")); @@ -835,7 +846,7 @@ print_help (void) printf("\n"); printf ("%s\n", _("Successul connects return STATE_OK, refusals and timeouts return")); printf ("%s\n", _("STATE_CRITICAL, other errors return STATE_UNKNOWN. Successful")); - printf ("%s\n", _("connects, but incorrect reponse messages from the host result in")); + printf ("%s\n", _("connects, but incorrect response messages from the host result in")); printf ("%s\n", _("STATE_WARNING return values.")); printf (UT_SUPPORT); @@ -849,6 +860,6 @@ print_usage (void) printf ("%s\n", _("Usage:")); printf ("%s -H host [-p port] [-4|-6] [-e expect] [-C command] [-R response] [-f from addr]\n", progname); printf ("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-q]\n"); - printf ("[-F fqdn] [-S] [-D warn days cert expire[,crit days cert expire]] [-v] \n"); + printf ("[-F fqdn] [-S] [-L] [-D warn days cert expire[,crit days cert expire]] [-v] \n"); } diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c index da9638c4..bd13e579 100644 --- a/plugins/check_snmp.c +++ b/plugins/check_snmp.c @@ -113,6 +113,7 @@ char *authproto = NULL; char *privproto = NULL; char *authpasswd = NULL; char *privpasswd = NULL; +int nulloid = STATE_UNKNOWN; char **oids = NULL; size_t oids_size = 0; char *label; @@ -468,9 +469,20 @@ main (int argc, char **argv) /* Process this block for numeric comparisons */ /* Make some special values,like Timeticks numeric only if a threshold is defined */ if (thlds[i]->warning || thlds[i]->critical || calculate_rate) { + if (verbose > 2) { + print_thresholds(" thresholds", thlds[i]); + } ptr = strpbrk (show, "-0123456789"); - if (ptr == NULL) - die (STATE_UNKNOWN,_("No valid data returned (%s)\n"), show); + if (ptr == NULL){ + if (nulloid == 3) + die (STATE_UNKNOWN,_("No valid data returned (%s)\n"), show); + else if (nulloid == 0) + die (STATE_OK,_("No valid data returned (%s)\n"), show); + else if (nulloid == 1) + die (STATE_WARNING,_("No valid data returned (%s)\n"), show); + else if (nulloid == 2) + die (STATE_CRITICAL,_("No valid data returned (%s)\n"), show); + } while (i >= response_size) { response_size += OID_COUNT_STEP; response_value = realloc(response_value, response_size * sizeof(*response_value)); @@ -576,20 +588,23 @@ main (int argc, char **argv) len = sizeof(perfstr)-strlen(perfstr)-1; strncat(perfstr, show, len>ptr-show ? ptr-show : len); + if (type) + strncat(perfstr, type, sizeof(perfstr)-strlen(perfstr)-1); + if (warning_thresholds) { strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1); - strncat(perfstr, warning_thresholds, sizeof(perfstr)-strlen(perfstr)-1); + if(thlds[i]->warning && thlds[i]->warning->text) + strncat(perfstr, thlds[i]->warning->text, sizeof(perfstr)-strlen(perfstr)-1); } if (critical_thresholds) { if (!warning_thresholds) strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1); strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1); - strncat(perfstr, critical_thresholds, sizeof(perfstr)-strlen(perfstr)-1); + if(thlds[i]->critical && thlds[i]->critical->text) + strncat(perfstr, thlds[i]->critical->text, sizeof(perfstr)-strlen(perfstr)-1); } - if (type) - strncat(perfstr, type, sizeof(perfstr)-strlen(perfstr)-1); strncat(perfstr, " ", sizeof(perfstr)-strlen(perfstr)-1); } } @@ -655,6 +670,7 @@ process_arguments (int argc, char **argv) {"oid", required_argument, 0, 'o'}, {"object", required_argument, 0, 'o'}, {"delimiter", required_argument, 0, 'd'}, + {"nulloid", required_argument, 0, 'z'}, {"output-delimiter", required_argument, 0, 'D'}, {"string", required_argument, 0, 's'}, {"timeout", required_argument, 0, 't'}, @@ -699,7 +715,7 @@ process_arguments (int argc, char **argv) } while (1) { - c = getopt_long (argc, argv, "nhvVO46t:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:", + c = getopt_long (argc, argv, "nhvVO46t:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:z:", longopts, &option); if (c == -1 || c == EOF) @@ -810,6 +826,12 @@ process_arguments (int argc, char **argv) eval_method[j+1] |= CRIT_PRESENT; } break; + case 'z': /* Null OID Return Check */ + if (!is_integer (optarg)) + usage2 (_("Exit status must be a positive integer"), optarg); + else + nulloid = atoi(optarg); + break; case 's': /* string or substring */ strncpy (string_value, optarg, sizeof (string_value) - 1); string_value[sizeof (string_value) - 1] = 0; @@ -1160,7 +1182,7 @@ print_help (void) printf ("(%s \"%s\")\n", _("default is") ,DEFAULT_COMMUNITY); printf (" %s\n", "-U, --secname=USERNAME"); printf (" %s\n", _("SNMPv3 username")); - printf (" %s\n", "-A, --authpassword=PASSWORD"); + printf (" %s\n", "-A, --authpasswd=PASSWORD"); printf (" %s\n", _("SNMPv3 authentication password")); printf (" %s\n", "-X, --privpasswd=PASSWORD"); printf (" %s\n", _("SNMPv3 privacy password")); @@ -1175,6 +1197,14 @@ print_help (void) printf (" %s \"%s\"\n", _("Delimiter to use when parsing returned data. Default is"), DEFAULT_DELIMITER); printf (" %s\n", _("Any data on the right hand side of the delimiter is considered")); printf (" %s\n", _("to be the data that should be used in the evaluation.")); + printf (" %s\n", "-z, --nulloid=#"); + printf (" %s\n", _("If the check returns a 0 length string or NULL value")); + printf (" %s\n", _("This option allows you to choose what status you want it to exit")); + printf (" %s\n", _("Excluding this option renders the default exit of 3(STATE_UNKNOWN)")); + printf (" %s\n", _("0 = OK")); + printf (" %s\n", _("1 = WARNING")); + printf (" %s\n", _("2 = CRITICAL")); + printf (" %s\n", _("3 = UNKNOWN")); /* Tests Against Integers */ printf (" %s\n", "-w, --warning=THRESHOLD(s)"); @@ -1207,8 +1237,9 @@ print_help (void) printf (" %s\n", _("Separates output on multiple OID requests")); printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); + printf (" %s\n", _("NOTE the final timeout value is calculated using this formula: timeout_interval * retries + 5")); printf (" %s\n", "-e, --retries=INTEGER"); - printf (" %s\n", _("Number of retries to be used in the requests")); + printf (" %s%i\n", _("Number of retries to be used in the requests, default: "), DEFAULT_RETRIES); printf (" %s\n", "-O, --perf-oids"); printf (" %s\n", _("Label performance data with OIDs instead of --label's")); diff --git a/plugins/check_swap.c b/plugins/check_swap.c index 4d5a4071..bb854beb 100644 --- a/plugins/check_swap.c +++ b/plugins/check_swap.c @@ -34,6 +34,9 @@ const char *email = "devel@monitoring-plugins.org"; #include "common.h" #include "popen.h" #include "utils.h" +#include <string.h> +#include <math.h> +#include <libintl.h> #ifdef HAVE_DECL_SWAPCTL # ifdef HAVE_SYS_PARAM_H @@ -51,16 +54,19 @@ const char *email = "devel@monitoring-plugins.org"; # define SWAP_CONVERSION 1 #endif -int check_swap (int usp, float free_swap_mb); +typedef struct { + int is_percentage; + uint64_t value; +} threshold_t; + +int check_swap (float free_swap_mb, float total_swap_mb); int process_arguments (int argc, char **argv); int validate_arguments (void); void print_usage (void); void print_help (void); -int warn_percent = 0; -int crit_percent = 0; -float warn_size_bytes = 0; -float crit_size_bytes = 0; +threshold_t warn; +threshold_t crit; int verbose; int allswaps; int no_swap_state = STATE_CRITICAL; @@ -68,9 +74,10 @@ int no_swap_state = STATE_CRITICAL; int main (int argc, char **argv) { - int percent_used, percent; - float total_swap_mb = 0, used_swap_mb = 0, free_swap_mb = 0; - float dsktotal_mb = 0, dskused_mb = 0, dskfree_mb = 0, tmp_mb = 0; + unsigned int percent_used, percent; + uint64_t total_swap_mb = 0, used_swap_mb = 0, free_swap_mb = 0; + uint64_t dsktotal_mb = 0, dskused_mb = 0, dskfree_mb = 0; + uint64_t tmp_KB = 0; int result = STATE_UNKNOWN; char input_buffer[MAX_INPUT_BUFFER]; #ifdef HAVE_PROC_MEMINFO @@ -116,10 +123,15 @@ main (int argc, char **argv) } fp = fopen (PROC_MEMINFO, "r"); while (fgets (input_buffer, MAX_INPUT_BUFFER - 1, fp)) { - if (sscanf (input_buffer, "%*[S]%*[w]%*[a]%*[p]%*[:] %f %f %f", &dsktotal_mb, &dskused_mb, &dskfree_mb) == 3) { - dsktotal_mb = dsktotal_mb / 1048576; /* Apply conversion */ - dskused_mb = dskused_mb / 1048576; - dskfree_mb = dskfree_mb / 1048576; + /* + * The following sscanf call looks for a line looking like: "Swap: 123 123 123" + * On which kind of system this format exists, I can not say, but I wanted to + * document this for people who are not adapt with sscanf anymore, like me + */ + if (sscanf (input_buffer, "%*[S]%*[w]%*[a]%*[p]%*[:] %lu %lu %lu", &dsktotal_mb, &dskused_mb, &dskfree_mb) == 3) { + dsktotal_mb = dsktotal_mb / (1024 * 1024); /* Apply conversion */ + dskused_mb = dskused_mb / (1024 * 1024); + dskfree_mb = dskfree_mb / (1024 * 1024); total_swap_mb += dsktotal_mb; used_swap_mb += dskused_mb; free_swap_mb += dskfree_mb; @@ -128,21 +140,29 @@ main (int argc, char **argv) percent=100.0; else percent = 100 * (((double) dskused_mb) / ((double) dsktotal_mb)); - result = max_state (result, check_swap (percent, dskfree_mb)); + result = max_state (result, check_swap (dskfree_mb, dsktotal_mb)); if (verbose) - xasprintf (&status, "%s [%.0f (%d%%)]", status, dskfree_mb, 100 - percent); + xasprintf (&status, "%s [%lu (%d%%)]", status, dskfree_mb, 100 - percent); } } - else if (sscanf (input_buffer, "%*[S]%*[w]%*[a]%*[p]%[TotalFre]%*[:] %f %*[k]%*[B]", str, &tmp_mb)) { + + /* + * The following sscanf call looks for lines looking like: "SwapTotal: 123" and "SwapFree: 123" + * This format exists at least on Debian Linux with a 5.* kernel + */ + else if (sscanf (input_buffer, "%*[S]%*[w]%*[a]%*[p]%[TotalFreCchd]%*[:] %f %*[k]%*[B]", str, &tmp_KB)) { if (verbose >= 3) { - printf("Got %s with %f\n", str, tmp_mb); + printf("Got %s with %lu\n", str, tmp_KB); } /* I think this part is always in Kb, so convert to mb */ if (strcmp ("Total", str) == 0) { - dsktotal_mb = tmp_mb / 1024; + dsktotal_mb = tmp_KB / 1024; } else if (strcmp ("Free", str) == 0) { - dskfree_mb = tmp_mb / 1024; + dskfree_mb = dskfree_mb + tmp_KB / 1024; + } + else if (strcmp ("Cached", str) == 0) { + dskfree_mb = dskfree_mb + tmp_KB / 1024; } } } @@ -227,7 +247,7 @@ main (int argc, char **argv) free_swap_mb += dskfree_mb; if (allswaps) { percent = 100 * (((double) dskused_mb) / ((double) dsktotal_mb)); - result = max_state (result, check_swap (percent, dskfree_mb)); + result = max_state (result, check_swap (dskfree_mb, dsktotal_mb)); if (verbose) xasprintf (&status, "%s [%.0f (%d%%)]", status, dskfree_mb, 100 - percent); } @@ -289,7 +309,7 @@ main (int argc, char **argv) if(allswaps && dsktotal_mb > 0){ percent = 100 * (((double) dskused_mb) / ((double) dsktotal_mb)); - result = max_state (result, check_swap (percent, dskfree_mb)); + result = max_state (result, check_swap (dskfree_mb, dsktotal_mb)); if (verbose) { xasprintf (&status, "%s [%.0f (%d%%)]", status, dskfree_mb, 100 - percent); } @@ -328,7 +348,7 @@ main (int argc, char **argv) if(allswaps && dsktotal_mb > 0){ percent = 100 * (((double) dskused_mb) / ((double) dsktotal_mb)); - result = max_state (result, check_swap (percent, dskfree_mb)); + result = max_state (result, check_swap(dskfree_mb, dsktotal_mb)); if (verbose) { xasprintf (&status, "%s [%.0f (%d%%)]", status, dskfree_mb, 100 - percent); } @@ -355,14 +375,19 @@ main (int argc, char **argv) status = "- Swap is either disabled, not present, or of zero size. "; } - result = max_state (result, check_swap (percent_used, free_swap_mb)); - printf (_("SWAP %s - %d%% free (%d MB out of %d MB) %s|"), + result = max_state (result, check_swap(free_swap_mb, total_swap_mb)); + printf (_("SWAP %s - %d%% free (%dMB out of %dMB) %s|"), state_text (result), (100 - percent_used), (int) free_swap_mb, (int) total_swap_mb, status); - puts (perfdata ("swap", (long) free_swap_mb, "MB", - TRUE, (long) max (warn_size_bytes/(1024 * 1024), warn_percent/100.0*total_swap_mb), - TRUE, (long) max (crit_size_bytes/(1024 * 1024), crit_percent/100.0*total_swap_mb), + uint64_t warn_print = warn.value; + if (warn.is_percentage) warn_print = warn.value * (total_swap_mb *1024 *1024/100); + uint64_t crit_print = crit.value; + if (crit.is_percentage) crit_print = crit.value * (total_swap_mb *1024 *1024/100); + + puts (perfdata_uint64 ("swap", free_swap_mb *1024 *1024, "B", + TRUE, warn_print, + TRUE, crit_print, TRUE, 0, TRUE, (long) total_swap_mb)); @@ -370,26 +395,37 @@ main (int argc, char **argv) } - int -check_swap (int usp, float free_swap_mb) +check_swap(float free_swap_mb, float total_swap_mb) { - if (!free_swap_mb) return no_swap_state; + if (!total_swap_mb) return no_swap_state; - int result = STATE_UNKNOWN; - float free_swap = free_swap_mb * (1024 * 1024); /* Convert back to bytes as warn and crit specified in bytes */ - if (usp >= 0 && crit_percent != 0 && usp >= (100.0 - crit_percent)) - result = STATE_CRITICAL; - else if (crit_size_bytes > 0 && free_swap <= crit_size_bytes) - result = STATE_CRITICAL; - else if (usp >= 0 && warn_percent != 0 && usp >= (100.0 - warn_percent)) - result = STATE_WARNING; - else if (warn_size_bytes > 0 && free_swap <= warn_size_bytes) - result = STATE_WARNING; - else if (usp >= 0.0) - result = STATE_OK; - return result; + uint64_t free_swap = free_swap_mb * (1024 * 1024); /* Convert back to bytes as warn and crit specified in bytes */ + + if (!crit.is_percentage && crit.value >= free_swap) return STATE_CRITICAL; + if (!warn.is_percentage && warn.value >= free_swap) return STATE_WARNING; + + + uint64_t usage_percentage = ((total_swap_mb - free_swap_mb) / total_swap_mb) * 100; + + if (crit.is_percentage && + usage_percentage >= 0 && + crit.value != 0 && + usage_percentage >= (100 - crit.value)) + { + return STATE_CRITICAL; + } + + if (warn.is_percentage && + usage_percentage >= 0 && + warn.value != 0 && + usage_percentage >= (100 - warn.value)) + { + return STATE_WARNING; + } + + return STATE_OK; } @@ -422,42 +458,68 @@ process_arguments (int argc, char **argv) break; switch (c) { - case 'w': /* warning size threshold */ - if (is_intnonneg (optarg)) { - warn_size_bytes = (float) atoi (optarg); - break; - } - else if (strstr (optarg, ",") && - strstr (optarg, "%") && - sscanf (optarg, "%f,%d%%", &warn_size_bytes, &warn_percent) == 2) { - warn_size_bytes = floorf(warn_size_bytes); - break; - } - else if (strstr (optarg, "%") && - sscanf (optarg, "%d%%", &warn_percent) == 1) { - break; - } - else { - usage4 (_("Warning threshold must be integer or percentage!")); - } - case 'c': /* critical size threshold */ - if (is_intnonneg (optarg)) { - crit_size_bytes = (float) atoi (optarg); - break; - } - else if (strstr (optarg, ",") && - strstr (optarg, "%") && - sscanf (optarg, "%f,%d%%", &crit_size_bytes, &crit_percent) == 2) { - crit_size_bytes = floorf(crit_size_bytes); - break; - } - else if (strstr (optarg, "%") && - sscanf (optarg, "%d%%", &crit_percent) == 1) { - break; - } - else { - usage4 (_("Critical threshold must be integer or percentage!")); + case 'w': /* warning size threshold */ + { + /* + * We expect either a positive integer value without a unit, which means + * the unit is Bytes or a positive integer value and a percentage sign (%), + * which means the value must be with 0 and 100 and is relative to the total swap + */ + size_t length; + length = strlen(optarg); + + if (optarg[length - 1] == '%') { + /* It's percentage */ + warn.is_percentage = 1; + optarg[length - 1] = '\0'; + if (is_uint64(optarg, &warn.value)) { + if (warn.value > 100) { + usage4 (_("Warning threshold percentage must be <= 100!")); + } else { + break; + } + } + } else { + /* It's Bytes */ + warn.is_percentage = 0; + if (is_uint64(optarg, &warn.value)) { + break; + } else { + usage4 (_("Warning threshold be positive integer or percentage!")); + } + } } + case 'c': /* critical size threshold */ + { + /* + * We expect either a positive integer value without a unit, which means + * the unit is Bytes or a positive integer value and a percentage sign (%), + * which means the value must be with 0 and 100 and is relative to the total swap + */ + size_t length; + length = strlen(optarg); + + if (optarg[length - 1] == '%') { + /* It's percentage */ + crit.is_percentage = 1; + optarg[length - 1] = '\0'; + if (is_uint64(optarg, &crit.value)) { + if (crit.value> 100) { + usage4 (_("Critical threshold percentage must be <= 100!")); + } else { + break; + } + } + } else { + /* It's Bytes */ + crit.is_percentage = 0; + if (is_uint64(optarg, &crit.value)) { + break; + } else { + usage4 (_("Critical threshold be positive integer or percentage!")); + } + } + } case 'a': /* all swap */ allswaps = TRUE; break; @@ -482,23 +544,6 @@ process_arguments (int argc, char **argv) c = optind; if (c == argc) return validate_arguments (); - if (warn_percent == 0 && is_intnonneg (argv[c])) - warn_percent = atoi (argv[c++]); - - if (c == argc) - return validate_arguments (); - if (crit_percent == 0 && is_intnonneg (argv[c])) - crit_percent = atoi (argv[c++]); - - if (c == argc) - return validate_arguments (); - if (warn_size_bytes == 0 && is_intnonneg (argv[c])) - warn_size_bytes = (float) atoi (argv[c++]); - - if (c == argc) - return validate_arguments (); - if (crit_size_bytes == 0 && is_intnonneg (argv[c])) - crit_size_bytes = (float) atoi (argv[c++]); return validate_arguments (); } @@ -508,17 +553,15 @@ process_arguments (int argc, char **argv) int validate_arguments (void) { - if (warn_percent == 0 && crit_percent == 0 && warn_size_bytes == 0 - && crit_size_bytes == 0) { + if (warn.value == 0 && crit.value == 0) { return ERROR; } - else if (warn_percent < crit_percent) { - usage4 - (_("Warning percentage should be more than critical percentage")); - } - else if (warn_size_bytes < crit_size_bytes) { - usage4 - (_("Warning free space should be more than critical free space")); + else if ((warn.is_percentage == crit.is_percentage) && (warn.value < crit.value)) { + /* This is NOT triggered if warn and crit are different units, e.g warn is percentage + * and crit is absolut. We cannot determine the condition at this point since we + * dont know the value of total swap yet + */ + usage4(_("Warning should be more than critical")); } return OK; } @@ -534,7 +577,7 @@ print_help (void) printf ("%s\n", _("Check swap space on local machine.")); - printf ("\n\n"); + printf ("\n\n"); print_usage (); @@ -542,33 +585,32 @@ print_help (void) printf (UT_EXTRA_OPTS); printf (" %s\n", "-w, --warning=INTEGER"); - printf (" %s\n", _("Exit with WARNING status if less than INTEGER bytes of swap space are free")); - printf (" %s\n", "-w, --warning=PERCENT%%"); - printf (" %s\n", _("Exit with WARNING status if less than PERCENT of swap space is free")); - printf (" %s\n", "-c, --critical=INTEGER"); - printf (" %s\n", _("Exit with CRITICAL status if less than INTEGER bytes of swap space are free")); - printf (" %s\n", "-c, --critical=PERCENT%%"); - printf (" %s\n", _("Exit with CRITICAL status if less than PERCENT of swap space is free")); - printf (" %s\n", "-a, --allswaps"); - printf (" %s\n", _("Conduct comparisons for all swap partitions, one by one")); - printf (" %s\n", "-n, --no-swap=<ok|warning|critical|unknown>"); - printf (" %s %s\n", _("Resulting state when there is no swap regardless of thresholds. Default:"), state_text(no_swap_state)); + printf (" %s\n", _("Exit with WARNING status if less than INTEGER bytes of swap space are free")); + printf (" %s\n", "-w, --warning=PERCENT%"); + printf (" %s\n", _("Exit with WARNING status if less than PERCENT of swap space is free")); + printf (" %s\n", "-c, --critical=INTEGER"); + printf (" %s\n", _("Exit with CRITICAL status if less than INTEGER bytes of swap space are free")); + printf (" %s\n", "-c, --critical=PERCENT%"); + printf (" %s\n", _("Exit with CRITICAL status if less than PERCENT of swap space is free")); + printf (" %s\n", "-a, --allswaps"); + printf (" %s\n", _("Conduct comparisons for all swap partitions, one by one")); + printf (" %s\n", "-n, --no-swap=<ok|warning|critical|unknown>"); + printf (" %s %s\n", _("Resulting state when there is no swap regardless of thresholds. Default:"), state_text(no_swap_state)); printf (UT_VERBOSE); printf ("\n"); - printf ("%s\n", _("Notes:")); - printf (" %s\n", _("Both INTEGER and PERCENT thresholds can be specified, they are all checked.")); - printf (" %s\n", _("On AIX, if -a is specified, uses lsps -a, otherwise uses lsps -s.")); + printf ("%s\n", _("Notes:")); + printf (" %s\n", _("Both INTEGER and PERCENT thresholds can be specified, they are all checked.")); + printf (" %s\n", _("On AIX, if -a is specified, uses lsps -a, otherwise uses lsps -s.")); printf (UT_SUPPORT); } - void print_usage (void) { printf ("%s\n", _("Usage:")); - printf (" %s [-av] -w <percent_free>%% -c <percent_free>%%\n",progname); - printf (" -w <bytes_free> -c <bytes_free> [-n <state>]\n"); + printf (" %s [-av] -w <percent_free>%% -c <percent_free>%%\n",progname); + printf (" -w <bytes_free> -c <bytes_free> [-n <state>]\n"); } diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c index 61333bd7..1365b9cb 100644 --- a/plugins/check_tcp.c +++ b/plugins/check_tcp.c @@ -86,6 +86,11 @@ static char buffer[MAXBUF]; static int expect_mismatch_state = STATE_WARNING; static int match_flags = NP_MATCH_EXACT; +#ifdef HAVE_SSL +static char *sni = NULL; +static int sni_specified = FALSE; +#endif + #define FLAG_SSL 0x01 #define FLAG_VERBOSE 0x02 #define FLAG_TIME_WARN 0x04 @@ -241,7 +246,7 @@ main (int argc, char **argv) #ifdef HAVE_SSL if (flags & FLAG_SSL){ - result = np_net_ssl_init(sd); + result = np_net_ssl_init_with_hostname(sd, (sni_specified ? sni : NULL)); if (result == STATE_OK && check_cert == TRUE) { result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); } @@ -401,6 +406,10 @@ process_arguments (int argc, char **argv) int escape = 0; char *temp; + enum { + SNI_OPTION = CHAR_MAX + 1 + }; + int option = 0; static struct option longopts[] = { {"hostname", required_argument, 0, 'H'}, @@ -427,6 +436,7 @@ process_arguments (int argc, char **argv) {"version", no_argument, 0, 'V'}, {"help", no_argument, 0, 'h'}, {"ssl", no_argument, 0, 'S'}, + {"sni", required_argument, 0, SNI_OPTION}, {"certificate", required_argument, 0, 'D'}, {0, 0, 0, 0} }; @@ -604,6 +614,15 @@ process_arguments (int argc, char **argv) die (STATE_UNKNOWN, _("Invalid option - SSL is not available")); #endif break; + case SNI_OPTION: +#ifdef HAVE_SSL + flags |= FLAG_SSL; + sni_specified = TRUE; + sni = optarg; +#else + die (STATE_UNKNOWN, _("Invalid option - SSL is not available")); +#endif + break; case 'A': match_flags |= NP_MATCH_ALL; break; @@ -671,6 +690,8 @@ print_help (void) printf (" %s\n", _("1st is #days for warning, 2nd is critical (if not specified - 0).")); printf (" %s\n", "-S, --ssl"); printf (" %s\n", _("Use SSL for the connection.")); + printf (" %s\n", "--sni=STRING"); + printf (" %s\n", _("SSL server_name")); #endif printf (UT_WARN_CRIT); diff --git a/plugins/check_ups.c b/plugins/check_ups.c index e9e56a51..0de37a20 100644 --- a/plugins/check_ups.c +++ b/plugins/check_ups.c @@ -402,7 +402,10 @@ get_ups_variable (const char *varname, char *buf, size_t buflen) /* create the command string to send to the UPS daemon */ /* Add LOGOUT to avoid read failure logs */ - sprintf (send_buffer, "GET VAR %s %s\nLOGOUT\n", ups_name, varname); + if (snprintf (send_buffer, sizeof(send_buffer), "GET VAR %s %s\nLOGOUT\n", ups_name, varname) >= sizeof(send_buffer)) { + printf("%s\n", _("UPS name to long for buffer")); + return ERROR; + } /* send the command to the daemon and get a response back */ if (process_tcp_request diff --git a/plugins/common.h b/plugins/common.h index 8719b502..0f08e2f6 100644 --- a/plugins/common.h +++ b/plugins/common.h @@ -174,6 +174,11 @@ * */ +/* MariaDB 10.2 client does not set MYSQL_PORT */ +#ifndef MYSQL_PORT +# define MYSQL_PORT 3306 +#endif + enum { OK = 0, ERROR = -1 @@ -220,4 +225,18 @@ enum { # define __attribute__(x) /* do nothing */ #endif +/* Try sysconf(_SC_OPEN_MAX) first, as it can be higher than OPEN_MAX. + * If that fails and the macro isn't defined, we fall back to an educated + * guess. There's no guarantee that our guess is adequate and the program + * will die with SIGSEGV if it isn't and the upper boundary is breached. */ +#define DEFAULT_MAXFD 256 /* fallback value if no max open files value is set */ +#define MAXFD_LIMIT 8192 /* upper limit of open files */ +#ifdef _SC_OPEN_MAX +static long maxfd = 0; +#elif defined(OPEN_MAX) +# define maxfd OPEN_MAX +#else /* sysconf macro unavailable, so guess (may be wildly inaccurate) */ +# define maxfd DEFAULT_MAXFD +#endif + #endif /* _COMMON_H_ */ diff --git a/plugins/negate.c b/plugins/negate.c index b320e356..50f62d33 100644 --- a/plugins/negate.c +++ b/plugins/negate.c @@ -86,11 +86,9 @@ main (int argc, char **argv) result = cmd_run_array (command_line, &chld_out, &chld_err, 0); } if (chld_err.lines > 0) { - printf ("Error output from command:\n"); for (i = 0; i < chld_err.lines; i++) { - printf ("%s\n", chld_err.line[i]); + fprintf (stderr, "%s\n", chld_err.line[i]); } - exit (STATE_WARNING); } /* Return UNKNOWN or worse if no output is returned */ diff --git a/plugins/picohttpparser/Makefile.am b/plugins/picohttpparser/Makefile.am new file mode 100644 index 00000000..87e05313 --- /dev/null +++ b/plugins/picohttpparser/Makefile.am @@ -0,0 +1,3 @@ +noinst_LIBRARIES = libpicohttpparser.a + +libpicohttpparser_a_SOURCES = picohttpparser.c picohttpparser.h diff --git a/plugins/picohttpparser/picohttpparser.c b/plugins/picohttpparser/picohttpparser.c new file mode 100644 index 00000000..74ccc3ef --- /dev/null +++ b/plugins/picohttpparser/picohttpparser.c @@ -0,0 +1,645 @@ +/* + * Copyright (c) 2009-2014 Kazuho Oku, Tokuhiro Matsuno, Daisuke Murase, + * Shigeo Mitsunari + * + * The software is licensed under either the MIT License (below) or the Perl + * license. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ + +#include <assert.h> +#include <stddef.h> +#include <string.h> +#ifdef __SSE4_2__ +#ifdef _MSC_VER +#include <nmmintrin.h> +#else +#include <x86intrin.h> +#endif +#endif +#include "picohttpparser.h" + +#if __GNUC__ >= 3 +#define likely(x) __builtin_expect(!!(x), 1) +#define unlikely(x) __builtin_expect(!!(x), 0) +#else +#define likely(x) (x) +#define unlikely(x) (x) +#endif + +#ifdef _MSC_VER +#define ALIGNED(n) _declspec(align(n)) +#else +#define ALIGNED(n) __attribute__((aligned(n))) +#endif + +#define IS_PRINTABLE_ASCII(c) ((unsigned char)(c)-040u < 0137u) + +#define CHECK_EOF() \ + if (buf == buf_end) { \ + *ret = -2; \ + return NULL; \ + } + +#define EXPECT_CHAR_NO_CHECK(ch) \ + if (*buf++ != ch) { \ + *ret = -1; \ + return NULL; \ + } + +#define EXPECT_CHAR(ch) \ + CHECK_EOF(); \ + EXPECT_CHAR_NO_CHECK(ch); + +#define ADVANCE_TOKEN(tok, toklen) \ + do { \ + const char *tok_start = buf; \ + static const char ALIGNED(16) ranges2[16] = "\000\040\177\177"; \ + int found2; \ + buf = findchar_fast(buf, buf_end, ranges2, 4, &found2); \ + if (!found2) { \ + CHECK_EOF(); \ + } \ + while (1) { \ + if (*buf == ' ') { \ + break; \ + } else if (unlikely(!IS_PRINTABLE_ASCII(*buf))) { \ + if ((unsigned char)*buf < '\040' || *buf == '\177') { \ + *ret = -1; \ + return NULL; \ + } \ + } \ + ++buf; \ + CHECK_EOF(); \ + } \ + tok = tok_start; \ + toklen = buf - tok_start; \ + } while (0) + +static const char *token_char_map = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" + "\0\1\0\1\1\1\1\1\0\0\1\1\0\1\1\0\1\1\1\1\1\1\1\1\1\1\0\0\0\0\0\0" + "\0\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\0\0\0\1\1" + "\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\0\1\0\1\0" + "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" + "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" + "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" + "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; + +static const char *findchar_fast(const char *buf, const char *buf_end, const char *ranges, size_t ranges_size, int *found) +{ + *found = 0; +#if __SSE4_2__ + if (likely(buf_end - buf >= 16)) { + __m128i ranges16 = _mm_loadu_si128((const __m128i *)ranges); + + size_t left = (buf_end - buf) & ~15; + do { + __m128i b16 = _mm_loadu_si128((const __m128i *)buf); + int r = _mm_cmpestri(ranges16, ranges_size, b16, 16, _SIDD_LEAST_SIGNIFICANT | _SIDD_CMP_RANGES | _SIDD_UBYTE_OPS); + if (unlikely(r != 16)) { + buf += r; + *found = 1; + break; + } + buf += 16; + left -= 16; + } while (likely(left != 0)); + } +#else + /* suppress unused parameter warning */ + (void)buf_end; + (void)ranges; + (void)ranges_size; +#endif + return buf; +} + +static const char *get_token_to_eol(const char *buf, const char *buf_end, const char **token, size_t *token_len, int *ret) +{ + const char *token_start = buf; + +#ifdef __SSE4_2__ + static const char ALIGNED(16) ranges1[16] = "\0\010" /* allow HT */ + "\012\037" /* allow SP and up to but not including DEL */ + "\177\177"; /* allow chars w. MSB set */ + int found; + buf = findchar_fast(buf, buf_end, ranges1, 6, &found); + if (found) + goto FOUND_CTL; +#else + /* find non-printable char within the next 8 bytes, this is the hottest code; manually inlined */ + while (likely(buf_end - buf >= 8)) { +#define DOIT() \ + do { \ + if (unlikely(!IS_PRINTABLE_ASCII(*buf))) \ + goto NonPrintable; \ + ++buf; \ + } while (0) + DOIT(); + DOIT(); + DOIT(); + DOIT(); + DOIT(); + DOIT(); + DOIT(); + DOIT(); +#undef DOIT + continue; + NonPrintable: + if ((likely((unsigned char)*buf < '\040') && likely(*buf != '\011')) || unlikely(*buf == '\177')) { + goto FOUND_CTL; + } + ++buf; + } +#endif + for (;; ++buf) { + CHECK_EOF(); + if (unlikely(!IS_PRINTABLE_ASCII(*buf))) { + if ((likely((unsigned char)*buf < '\040') && likely(*buf != '\011')) || unlikely(*buf == '\177')) { + goto FOUND_CTL; + } + } + } +FOUND_CTL: + if (likely(*buf == '\015')) { + ++buf; + EXPECT_CHAR('\012'); + *token_len = buf - 2 - token_start; + } else if (*buf == '\012') { + *token_len = buf - token_start; + ++buf; + } else { + *ret = -1; + return NULL; + } + *token = token_start; + + return buf; +} + +static const char *is_complete(const char *buf, const char *buf_end, size_t last_len, int *ret) +{ + int ret_cnt = 0; + buf = last_len < 3 ? buf : buf + last_len - 3; + + while (1) { + CHECK_EOF(); + if (*buf == '\015') { + ++buf; + CHECK_EOF(); + EXPECT_CHAR('\012'); + ++ret_cnt; + } else if (*buf == '\012') { + ++buf; + ++ret_cnt; + } else { + ++buf; + ret_cnt = 0; + } + if (ret_cnt == 2) { + return buf; + } + } + + *ret = -2; + return NULL; +} + +#define PARSE_INT(valp_, mul_) \ + if (*buf < '0' || '9' < *buf) { \ + buf++; \ + *ret = -1; \ + return NULL; \ + } \ + *(valp_) = (mul_) * (*buf++ - '0'); + +#define PARSE_INT_3(valp_) \ + do { \ + int res_ = 0; \ + PARSE_INT(&res_, 100) \ + *valp_ = res_; \ + PARSE_INT(&res_, 10) \ + *valp_ += res_; \ + PARSE_INT(&res_, 1) \ + *valp_ += res_; \ + } while (0) + +/* returned pointer is always within [buf, buf_end), or null */ +static const char *parse_http_version(const char *buf, const char *buf_end, int *minor_version, int *ret) +{ + /* we want at least [HTTP/1.<two chars>] to try to parse */ + if (buf_end - buf < 9) { + *ret = -2; + return NULL; + } + EXPECT_CHAR_NO_CHECK('H'); + EXPECT_CHAR_NO_CHECK('T'); + EXPECT_CHAR_NO_CHECK('T'); + EXPECT_CHAR_NO_CHECK('P'); + EXPECT_CHAR_NO_CHECK('/'); + EXPECT_CHAR_NO_CHECK('1'); + EXPECT_CHAR_NO_CHECK('.'); + PARSE_INT(minor_version, 1); + return buf; +} + +static const char *parse_headers(const char *buf, const char *buf_end, struct phr_header *headers, size_t *num_headers, + size_t max_headers, int *ret) +{ + for (;; ++*num_headers) { + CHECK_EOF(); + if (*buf == '\015') { + ++buf; + EXPECT_CHAR('\012'); + break; + } else if (*buf == '\012') { + ++buf; + break; + } + if (*num_headers == max_headers) { + *ret = -1; + return NULL; + } + if (!(*num_headers != 0 && (*buf == ' ' || *buf == '\t'))) { + /* parsing name, but do not discard SP before colon, see + * http://www.mozilla.org/security/announce/2006/mfsa2006-33.html */ + headers[*num_headers].name = buf; + static const char ALIGNED(16) ranges1[] = "\x00 " /* control chars and up to SP */ + "\"\"" /* 0x22 */ + "()" /* 0x28,0x29 */ + ",," /* 0x2c */ + "//" /* 0x2f */ + ":@" /* 0x3a-0x40 */ + "[]" /* 0x5b-0x5d */ + "{\377"; /* 0x7b-0xff */ + int found; + buf = findchar_fast(buf, buf_end, ranges1, sizeof(ranges1) - 1, &found); + if (!found) { + CHECK_EOF(); + } + while (1) { + if (*buf == ':') { + break; + } else if (!token_char_map[(unsigned char)*buf]) { + *ret = -1; + return NULL; + } + ++buf; + CHECK_EOF(); + } + if ((headers[*num_headers].name_len = buf - headers[*num_headers].name) == 0) { + *ret = -1; + return NULL; + } + ++buf; + for (;; ++buf) { + CHECK_EOF(); + if (!(*buf == ' ' || *buf == '\t')) { + break; + } + } + } else { + headers[*num_headers].name = NULL; + headers[*num_headers].name_len = 0; + } + const char *value; + size_t value_len; + if ((buf = get_token_to_eol(buf, buf_end, &value, &value_len, ret)) == NULL) { + return NULL; + } + /* remove trailing SPs and HTABs */ + const char *value_end = value + value_len; + for (; value_end != value; --value_end) { + const char c = *(value_end - 1); + if (!(c == ' ' || c == '\t')) { + break; + } + } + headers[*num_headers].value = value; + headers[*num_headers].value_len = value_end - value; + } + return buf; +} + +static const char *parse_request(const char *buf, const char *buf_end, const char **method, size_t *method_len, const char **path, + size_t *path_len, int *minor_version, struct phr_header *headers, size_t *num_headers, + size_t max_headers, int *ret) +{ + /* skip first empty line (some clients add CRLF after POST content) */ + CHECK_EOF(); + if (*buf == '\015') { + ++buf; + EXPECT_CHAR('\012'); + } else if (*buf == '\012') { + ++buf; + } + + /* parse request line */ + ADVANCE_TOKEN(*method, *method_len); + do { + ++buf; + } while (*buf == ' '); + ADVANCE_TOKEN(*path, *path_len); + do { + ++buf; + } while (*buf == ' '); + if (*method_len == 0 || *path_len == 0) { + *ret = -1; + return NULL; + } + if ((buf = parse_http_version(buf, buf_end, minor_version, ret)) == NULL) { + return NULL; + } + if (*buf == '\015') { + ++buf; + EXPECT_CHAR('\012'); + } else if (*buf == '\012') { + ++buf; + } else { + *ret = -1; + return NULL; + } + + return parse_headers(buf, buf_end, headers, num_headers, max_headers, ret); +} + +int phr_parse_request(const char *buf_start, size_t len, const char **method, size_t *method_len, const char **path, + size_t *path_len, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len) +{ + const char *buf = buf_start, *buf_end = buf_start + len; + size_t max_headers = *num_headers; + int r; + + *method = NULL; + *method_len = 0; + *path = NULL; + *path_len = 0; + *minor_version = -1; + *num_headers = 0; + + /* if last_len != 0, check if the request is complete (a fast countermeasure + againt slowloris */ + if (last_len != 0 && is_complete(buf, buf_end, last_len, &r) == NULL) { + return r; + } + + if ((buf = parse_request(buf, buf_end, method, method_len, path, path_len, minor_version, headers, num_headers, max_headers, + &r)) == NULL) { + return r; + } + + return (int)(buf - buf_start); +} + +static const char *parse_response(const char *buf, const char *buf_end, int *minor_version, int *status, const char **msg, + size_t *msg_len, struct phr_header *headers, size_t *num_headers, size_t max_headers, int *ret) +{ + /* parse "HTTP/1.x" */ + if ((buf = parse_http_version(buf, buf_end, minor_version, ret)) == NULL) { + return NULL; + } + /* skip space */ + if (*buf != ' ') { + *ret = -1; + return NULL; + } + do { + ++buf; + } while (*buf == ' '); + /* parse status code, we want at least [:digit:][:digit:][:digit:]<other char> to try to parse */ + if (buf_end - buf < 4) { + *ret = -2; + return NULL; + } + PARSE_INT_3(status); + + /* get message includig preceding space */ + if ((buf = get_token_to_eol(buf, buf_end, msg, msg_len, ret)) == NULL) { + return NULL; + } + if (*msg_len == 0) { + /* ok */ + } else if (**msg == ' ') { + /* remove preceding space */ + do { + ++*msg; + --*msg_len; + } while (**msg == ' '); + } else { + /* garbage found after status code */ + *ret = -1; + return NULL; + } + + return parse_headers(buf, buf_end, headers, num_headers, max_headers, ret); +} + +int phr_parse_response(const char *buf_start, size_t len, int *minor_version, int *status, const char **msg, size_t *msg_len, + struct phr_header *headers, size_t *num_headers, size_t last_len) +{ + const char *buf = buf_start, *buf_end = buf + len; + size_t max_headers = *num_headers; + int r; + + *minor_version = -1; + *status = 0; + *msg = NULL; + *msg_len = 0; + *num_headers = 0; + + /* if last_len != 0, check if the response is complete (a fast countermeasure + against slowloris */ + if (last_len != 0 && is_complete(buf, buf_end, last_len, &r) == NULL) { + return r; + } + + if ((buf = parse_response(buf, buf_end, minor_version, status, msg, msg_len, headers, num_headers, max_headers, &r)) == NULL) { + return r; + } + + return (int)(buf - buf_start); +} + +int phr_parse_headers(const char *buf_start, size_t len, struct phr_header *headers, size_t *num_headers, size_t last_len) +{ + const char *buf = buf_start, *buf_end = buf + len; + size_t max_headers = *num_headers; + int r; + + *num_headers = 0; + + /* if last_len != 0, check if the response is complete (a fast countermeasure + against slowloris */ + if (last_len != 0 && is_complete(buf, buf_end, last_len, &r) == NULL) { + return r; + } + + if ((buf = parse_headers(buf, buf_end, headers, num_headers, max_headers, &r)) == NULL) { + return r; + } + + return (int)(buf - buf_start); +} + +enum { + CHUNKED_IN_CHUNK_SIZE, + CHUNKED_IN_CHUNK_EXT, + CHUNKED_IN_CHUNK_DATA, + CHUNKED_IN_CHUNK_CRLF, + CHUNKED_IN_TRAILERS_LINE_HEAD, + CHUNKED_IN_TRAILERS_LINE_MIDDLE +}; + +static int decode_hex(int ch) +{ + if ('0' <= ch && ch <= '9') { + return ch - '0'; + } else if ('A' <= ch && ch <= 'F') { + return ch - 'A' + 0xa; + } else if ('a' <= ch && ch <= 'f') { + return ch - 'a' + 0xa; + } else { + return -1; + } +} + +ssize_t phr_decode_chunked(struct phr_chunked_decoder *decoder, char *buf, size_t *_bufsz) +{ + size_t dst = 0, src = 0, bufsz = *_bufsz; + ssize_t ret = -2; /* incomplete */ + + while (1) { + switch (decoder->_state) { + case CHUNKED_IN_CHUNK_SIZE: + for (;; ++src) { + int v; + if (src == bufsz) + goto Exit; + if ((v = decode_hex(buf[src])) == -1) { + if (decoder->_hex_count == 0) { + ret = -1; + goto Exit; + } + break; + } + if (decoder->_hex_count == sizeof(size_t) * 2) { + ret = -1; + goto Exit; + } + decoder->bytes_left_in_chunk = decoder->bytes_left_in_chunk * 16 + v; + ++decoder->_hex_count; + } + decoder->_hex_count = 0; + decoder->_state = CHUNKED_IN_CHUNK_EXT; + /* fallthru */ + case CHUNKED_IN_CHUNK_EXT: + /* RFC 7230 A.2 "Line folding in chunk extensions is disallowed" */ + for (;; ++src) { + if (src == bufsz) + goto Exit; + if (buf[src] == '\012') + break; + } + ++src; + if (decoder->bytes_left_in_chunk == 0) { + if (decoder->consume_trailer) { + decoder->_state = CHUNKED_IN_TRAILERS_LINE_HEAD; + break; + } else { + goto Complete; + } + } + decoder->_state = CHUNKED_IN_CHUNK_DATA; + /* fallthru */ + case CHUNKED_IN_CHUNK_DATA: { + size_t avail = bufsz - src; + if (avail < decoder->bytes_left_in_chunk) { + if (dst != src) + memmove(buf + dst, buf + src, avail); + src += avail; + dst += avail; + decoder->bytes_left_in_chunk -= avail; + goto Exit; + } + if (dst != src) + memmove(buf + dst, buf + src, decoder->bytes_left_in_chunk); + src += decoder->bytes_left_in_chunk; + dst += decoder->bytes_left_in_chunk; + decoder->bytes_left_in_chunk = 0; + decoder->_state = CHUNKED_IN_CHUNK_CRLF; + } + /* fallthru */ + case CHUNKED_IN_CHUNK_CRLF: + for (;; ++src) { + if (src == bufsz) + goto Exit; + if (buf[src] != '\015') + break; + } + if (buf[src] != '\012') { + ret = -1; + goto Exit; + } + ++src; + decoder->_state = CHUNKED_IN_CHUNK_SIZE; + break; + case CHUNKED_IN_TRAILERS_LINE_HEAD: + for (;; ++src) { + if (src == bufsz) + goto Exit; + if (buf[src] != '\015') + break; + } + if (buf[src++] == '\012') + goto Complete; + decoder->_state = CHUNKED_IN_TRAILERS_LINE_MIDDLE; + /* fallthru */ + case CHUNKED_IN_TRAILERS_LINE_MIDDLE: + for (;; ++src) { + if (src == bufsz) + goto Exit; + if (buf[src] == '\012') + break; + } + ++src; + decoder->_state = CHUNKED_IN_TRAILERS_LINE_HEAD; + break; + default: + assert(!"decoder is corrupt"); + } + } + +Complete: + ret = bufsz - src; +Exit: + if (dst != src) + memmove(buf + dst, buf + src, bufsz - src); + *_bufsz = dst; + return ret; +} + +int phr_decode_chunked_is_in_data(struct phr_chunked_decoder *decoder) +{ + return decoder->_state == CHUNKED_IN_CHUNK_DATA; +} + +#undef CHECK_EOF +#undef EXPECT_CHAR +#undef ADVANCE_TOKEN diff --git a/plugins/picohttpparser/picohttpparser.h b/plugins/picohttpparser/picohttpparser.h new file mode 100644 index 00000000..0849f844 --- /dev/null +++ b/plugins/picohttpparser/picohttpparser.h @@ -0,0 +1,87 @@ +/* + * Copyright (c) 2009-2014 Kazuho Oku, Tokuhiro Matsuno, Daisuke Murase, + * Shigeo Mitsunari + * + * The software is licensed under either the MIT License (below) or the Perl + * license. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ + +#ifndef picohttpparser_h +#define picohttpparser_h + +#include <sys/types.h> + +#ifdef _MSC_VER +#define ssize_t intptr_t +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/* contains name and value of a header (name == NULL if is a continuing line + * of a multiline header */ +struct phr_header { + const char *name; + size_t name_len; + const char *value; + size_t value_len; +}; + +/* returns number of bytes consumed if successful, -2 if request is partial, + * -1 if failed */ +int phr_parse_request(const char *buf, size_t len, const char **method, size_t *method_len, const char **path, size_t *path_len, + int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len); + +/* ditto */ +int phr_parse_response(const char *_buf, size_t len, int *minor_version, int *status, const char **msg, size_t *msg_len, + struct phr_header *headers, size_t *num_headers, size_t last_len); + +/* ditto */ +int phr_parse_headers(const char *buf, size_t len, struct phr_header *headers, size_t *num_headers, size_t last_len); + +/* should be zero-filled before start */ +struct phr_chunked_decoder { + size_t bytes_left_in_chunk; /* number of bytes left in current chunk */ + char consume_trailer; /* if trailing headers should be consumed */ + char _hex_count; + char _state; +}; + +/* the function rewrites the buffer given as (buf, bufsz) removing the chunked- + * encoding headers. When the function returns without an error, bufsz is + * updated to the length of the decoded data available. Applications should + * repeatedly call the function while it returns -2 (incomplete) every time + * supplying newly arrived data. If the end of the chunked-encoded data is + * found, the function returns a non-negative number indicating the number of + * octets left undecoded at the tail of the supplied buffer. Returns -1 on + * error. + */ +ssize_t phr_decode_chunked(struct phr_chunked_decoder *decoder, char *buf, size_t *bufsz); + +/* returns if the chunked decoder is in middle of chunked data */ +int phr_decode_chunked_is_in_data(struct phr_chunked_decoder *decoder); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/plugins/popen.c b/plugins/popen.c index 592263fd..9eb49b62 100644 --- a/plugins/popen.c +++ b/plugins/popen.c @@ -39,9 +39,9 @@ *****************************************************************************/ #include "common.h" +#include "utils.h" /* extern so plugin has pid to kill exec'd process on timeouts */ -extern int timeout_interval; extern pid_t *childpid; extern int *child_stderr_array; extern FILE *child_process; @@ -76,18 +76,9 @@ RETSIGTYPE popen_timeout_alarm_handler (int); #define SIG_ERR ((Sigfunc *)-1) #endif -#define min(a,b) ((a) < (b) ? (a) : (b)) -#define max(a,b) ((a) > (b) ? (a) : (b)) -int open_max (void); /* {Prog openmax} */ -static void err_sys (const char *, ...) __attribute__((noreturn,format(printf, 1, 2))); -char *rtrim (char *, const char *); char *pname = NULL; /* caller can set this from argv[0] */ -/*int *childerr = NULL;*//* ptr to array allocated at run-time */ -/*extern pid_t *childpid = NULL; *//* ptr to array allocated at run-time */ -static int maxfd; /* from our open_max(), {Prog openmax} */ - #ifdef REDHAT_SPOPEN_ERROR static volatile int childtermd = 0; #endif @@ -186,14 +177,15 @@ spopen (const char *cmdstring) } argv[i] = NULL; + if(maxfd == 0) + maxfd = open_max(); + if (childpid == NULL) { /* first time through */ - maxfd = open_max (); /* allocate zeroed out array for child pids */ if ((childpid = calloc ((size_t)maxfd, sizeof (pid_t))) == NULL) return (NULL); } if (child_stderr_array == NULL) { /* first time through */ - maxfd = open_max (); /* allocate zeroed out array for child pids */ if ((child_stderr_array = calloc ((size_t)maxfd, sizeof (int))) == NULL) return (NULL); } @@ -273,15 +265,6 @@ spclose (FILE * fp) return (1); } -#ifdef OPEN_MAX -static int openmax = OPEN_MAX; -#else -static int openmax = 0; -#endif - -#define OPEN_MAX_GUESS 256 /* if OPEN_MAX is indeterminate */ - /* no guarantee this is adequate */ - #ifdef REDHAT_SPOPEN_ERROR RETSIGTYPE popen_sigchld_handler (int signo) @@ -309,63 +292,3 @@ popen_timeout_alarm_handler (int signo) exit (STATE_CRITICAL); } } - - -int -open_max (void) -{ - if (openmax == 0) { /* first time through */ - errno = 0; - if ((openmax = sysconf (_SC_OPEN_MAX)) < 0) { - if (errno == 0) - openmax = OPEN_MAX_GUESS; /* it's indeterminate */ - else - err_sys (_("sysconf error for _SC_OPEN_MAX")); - } - } - return (openmax); -} - - -/* Fatal error related to a system call. - * Print a message and die. */ - -#define MAXLINE 2048 -static void -err_sys (const char *fmt, ...) -{ - int errnoflag = 1; - int errno_save; - char buf[MAXLINE]; - - va_list ap; - - va_start (ap, fmt); - /* err_doit (1, fmt, ap); */ - errno_save = errno; /* value caller might want printed */ - vsprintf (buf, fmt, ap); - if (errnoflag) - sprintf (buf + strlen (buf), ": %s", strerror (errno_save)); - strcat (buf, "\n"); - fflush (stdout); /* in case stdout and stderr are the same */ - fputs (buf, stderr); - fflush (NULL); /* flushes all stdio output streams */ - va_end (ap); - exit (1); -} - -char * -rtrim (char *str, const char *tok) -{ - int i = 0; - int j = sizeof (str); - - while (str != NULL && i < j) { - if (*(str + i) == *tok) { - sprintf (str + i, "%s", "\0"); - return str; - } - i++; - } - return str; -} diff --git a/plugins/popen.h b/plugins/popen.h index fc7e78e2..a5dd8fa7 100644 --- a/plugins/popen.h +++ b/plugins/popen.h @@ -7,7 +7,6 @@ FILE *spopen (const char *); int spclose (FILE *); RETSIGTYPE popen_timeout_alarm_handler (int); -extern unsigned int timeout_interval; pid_t *childpid=NULL; int *child_stderr_array=NULL; FILE *child_process=NULL; diff --git a/plugins/runcmd.c b/plugins/runcmd.c index 1a7c904f..a7155d27 100644 --- a/plugins/runcmd.c +++ b/plugins/runcmd.c @@ -67,19 +67,6 @@ * occur in any number of threads simultaneously. */ static pid_t *np_pids = NULL; -/* Try sysconf(_SC_OPEN_MAX) first, as it can be higher than OPEN_MAX. - * If that fails and the macro isn't defined, we fall back to an educated - * guess. There's no guarantee that our guess is adequate and the program - * will die with SIGSEGV if it isn't and the upper boundary is breached. */ -#ifdef _SC_OPEN_MAX -static long maxfd = 0; -#elif defined(OPEN_MAX) -# define maxfd OPEN_MAX -#else /* sysconf macro unavailable, so guess (may be wildly inaccurate) */ -# define maxfd 256 -#endif - - /** prototypes **/ static int np_runcmd_open(const char *, int *, int *) __attribute__((__nonnull__(1, 2, 3))); @@ -99,14 +86,8 @@ extern void die (int, const char *, ...) * through this api and thus achieve async-safeness throughout the api */ void np_runcmd_init(void) { -#ifndef maxfd - if(!maxfd && (maxfd = sysconf(_SC_OPEN_MAX)) < 0) { - /* possibly log or emit a warning here, since there's no - * guarantee that our guess at maxfd will be adequate */ - maxfd = 256; - } -#endif - + if(maxfd == 0) + maxfd = open_max(); if(!np_pids) np_pids = calloc(maxfd, sizeof(pid_t)); } diff --git a/plugins/sslutils.c b/plugins/sslutils.c index e38947e3..14f6579d 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c @@ -1,29 +1,29 @@ /***************************************************************************** -* +* * Monitoring Plugins SSL utilities -* +* * License: GPL * Copyright (c) 2005-2010 Monitoring Plugins Development Team -* +* * Description: -* +* * This file contains common functions for plugins that require SSL. -* +* * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. -* +* * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. -* +* * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. -* -* +* +* *****************************************************************************/ #define MAX_CN_LENGTH 256 @@ -193,12 +193,22 @@ int np_net_ssl_read(void *buf, int num) { int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ # ifdef USE_OPENSSL - X509 *certificate=NULL; + X509 *certificate = NULL; + certificate=SSL_get_peer_certificate(s); + return(np_net_ssl_check_certificate(certificate, days_till_exp_warn, days_till_exp_crit)); +# else /* ifndef USE_OPENSSL */ + printf("%s\n", _("WARNING - Plugin does not support checking certificates.")); + return STATE_WARNING; +# endif /* USE_OPENSSL */ +} + +int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int days_till_exp_crit){ +# ifdef USE_OPENSSL X509_NAME *subj=NULL; char timestamp[50] = ""; char cn[MAX_CN_LENGTH]= ""; char *tz; - + int cnlen =-1; int status=STATE_UNKNOWN; @@ -210,7 +220,6 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ int time_remaining; time_t tm_t; - certificate=SSL_get_peer_certificate(s); if (!certificate) { printf("%s\n",_("CRITICAL - Cannot retrieve server certificate.")); return STATE_CRITICAL; diff --git a/plugins/t/NPTest.cache.travis b/plugins/t/NPTest.cache.travis deleted file mode 100644 index 38c0a6b2..00000000 --- a/plugins/t/NPTest.cache.travis +++ /dev/null @@ -1,60 +0,0 @@ -{ - 'MYSQL_LOGIN_DETAILS' => '-u root -d test', - 'NP_ALLOW_SUDO' => 'yes', - 'NP_DNS_SERVER' => '8.8.8.8', - 'NP_GOOD_NTP_SERVICE' => '', - 'NP_HOSTNAME_INVALID' => 'nosuchhost', - 'NP_HOSTNAME_VALID' => 'monitoring-plugins.org', - 'NP_HOSTNAME_VALID_IP' => '130.133.8.40', - 'NP_HOSTNAME_VALID_CIDR' => '130.133.8.41/30', - 'NP_HOSTNAME_INVALID_CIDR' => '130.133.8.39/30', - 'NP_HOSTNAME_VALID_REVERSE' => 'orwell.monitoring-plugins.org.', - 'NP_HOST_DHCP_RESPONSIVE' => '', - 'NP_HOST_NONRESPONSIVE' => '10.0.0.1', - 'NP_HOST_RESPONSIVE' => 'localhost', - 'NP_HOST_SMB' => '', - 'NP_HOST_SNMP' => 'localhost', - 'NP_HOST_TCP_FTP' => '', - 'NP_HOST_TCP_HPJD' => '', - 'NP_HOST_HPJD_PORT_INVALID' => '161', - 'NP_HOST_HPJD_PORT_VALID' => '', - 'NP_HOST_TCP_HTTP' => 'localhost', - 'NP_HOST_TCP_HTTP2' => 'test.monitoring-plugins.org', - 'NP_HOST_TCP_IMAP' => 'imap.web.de', - 'NP_HOST_TCP_LDAP' => 'localhost', - 'NP_HOST_TCP_POP' => 'pop.web.de', - 'NP_HOST_TCP_SMTP' => 'localhost', - 'NP_HOST_TCP_SMTP_NOTLS' => '', - 'NP_HOST_TCP_SMTP_TLS' => '', - 'NP_INTERNET_ACCESS' => 'yes', - 'NP_LDAP_BASE_DN' => 'cn=admin,dc=nodomain', - 'NP_MOUNTPOINT2_VALID' => '/media/ramdisk', - 'NP_MOUNTPOINT_VALID' => '/', - 'NP_MYSQL_SERVER' => 'localhost', - 'NP_HOST_UDP_TIME' => 'localhost', - 'NP_MYSQL_SOCKET' => '/var/run/mysqld/mysqld.sock', - 'NP_MYSQL_WITH_SLAVE' => '', - 'NP_MYSQL_WITH_SLAVE_LOGIN' => '', - 'NP_NO_NTP_SERVICE' => 'localhost', - 'NP_SMB_SHARE' => '', - 'NP_SMB_SHARE_DENY' => '', - 'NP_SMB_SHARE_SPC' => '', - 'NP_SMB_VALID_USER' => '', - 'NP_SMB_VALID_USER_PASS' => '', - 'NP_SNMP_COMMUNITY' => 'public', - 'NP_SSH_CONFIGFILE' => '~/.ssh/config', - 'NP_SSH_HOST' => 'localhost', - 'NP_SSH_IDENTITY' => '~/.ssh/id_dsa', - 'NP_HOST_TCP_JABBER' => 'jabber.org', - 'host_nonresponsive' => '10.0.0.1', - 'host_responsive' => 'localhost', - 'host_snmp' => '', - 'host_tcp_ftp' => '', - 'host_tcp_http' => 'localhost', - 'host_tcp_imap' => 'imap.nierlein.de', - 'host_tcp_smtp' => 'localhost', - 'hostname_invalid' => 'nosuchhost', - 'snmp_community' => '', - 'user_snmp' => '', - 'host_udp_time' => 'none', -} diff --git a/plugins/t/check_by_ssh.t b/plugins/t/check_by_ssh.t index 4797390d..1d2939e9 100644 --- a/plugins/t/check_by_ssh.t +++ b/plugins/t/check_by_ssh.t @@ -9,17 +9,9 @@ use Test::More; use NPTest; # Required parameters -my $ssh_service = getTestParameter( "NP_SSH_HOST", - "A host providing SSH service", - "localhost"); - -my $ssh_key = getTestParameter( "NP_SSH_IDENTITY", - "A key allowing access to NP_SSH_HOST", - "~/.ssh/id_dsa"); - -my $ssh_conf = getTestParameter( "NP_SSH_CONFIGFILE", - "A config file with ssh settings", - "~/.ssh/config"); +my $ssh_service = getTestParameter("NP_SSH_HOST", "A host providing SSH service", "localhost"); +my $ssh_key = getTestParameter("NP_SSH_IDENTITY", "A key allowing access to NP_SSH_HOST", "~/.ssh/id_dsa"); +my $ssh_conf = getTestParameter( "NP_SSH_CONFIGFILE", "A config file with ssh settings", "~/.ssh/config"); plan skip_all => "SSH_HOST and SSH_IDENTITY must be defined" unless ($ssh_service && $ssh_key); diff --git a/plugins/t/check_curl.t b/plugins/t/check_curl.t new file mode 100644 index 00000000..ada6a045 --- /dev/null +++ b/plugins/t/check_curl.t @@ -0,0 +1,201 @@ +#! /usr/bin/perl -w -I .. +# +# HyperText Transfer Protocol (HTTP) Test via check_http +# +# + +use strict; +use Test::More; +use POSIX qw/mktime strftime/; +use NPTest; + +plan tests => 58; + +my $successOutput = '/OK.*HTTP.*second/'; + +my $res; +my $plugin = 'check_http'; +$plugin = 'check_curl' if $0 =~ m/check_curl/mx; + +my $host_tcp_http = getTestParameter("NP_HOST_TCP_HTTP", "A host providing the HTTP Service (a web server)", "localhost"); +my $host_tls_http = getTestParameter("NP_HOST_TLS_HTTP", "A host providing the HTTPS Service (a tls web server)", "localhost"); +my $host_tls_cert = getTestParameter("NP_HOST_TLS_CERT", "the common name of the certificate.", "localhost"); +my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1"); +my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost"); +my $internet_access = getTestParameter("NP_INTERNET_ACCESS", "Is this system directly connected to the internet?", "yes"); +my $host_tcp_http2 = getTestParameter("NP_HOST_TCP_HTTP2", "A host providing an index page containing the string 'monitoring'", "test.monitoring-plugins.org"); +my $host_tcp_proxy = getTestParameter("NP_HOST_TCP_PROXY", "A host providing a HTTP proxy with CONNECT support", "localhost"); +my $port_tcp_proxy = getTestParameter("NP_PORT_TCP_PROXY", "Port of the proxy with HTTP and CONNECT support", "3128"); + +my $faketime = -x '/usr/bin/faketime' ? 1 : 0; + + +$res = NPTest->testCmd( + "./$plugin $host_tcp_http -wt 300 -ct 600" + ); +cmp_ok( $res->return_code, '==', 0, "Webserver $host_tcp_http responded" ); +like( $res->output, $successOutput, "Output OK" ); + +$res = NPTest->testCmd( + "./$plugin $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'" + ); +like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" ); + +$res = NPTest->testCmd( + "./$plugin $host_nonresponsive -wt 1 -ct 2 -t 3" + ); +cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" ); +# was CRITICAL only, but both check_curl and check_http print HTTP CRITICAL (puzzle?!) +like( $res->output, "/HTTP CRITICAL - Invalid HTTP response received from host on port 80: cURL returned 28 - Connection timed out after/", "Output OK"); + +$res = NPTest->testCmd( + "./$plugin $hostname_invalid -wt 1 -ct 2" + ); +cmp_ok( $res->return_code, '==', 2, "Webserver $hostname_invalid not valid" ); +# The first part of the message comes from the OS catalogue, so cannot check this. +# On Debian, it is Name or service not known, on Darwin, it is No address associated with nodename +# Is also possible to get a socket timeout if DNS is not responding fast enough +# cURL gives us consistent strings from it's own 'lib/strerror.c' +like( $res->output, "/cURL returned 6 - Could not resolve host:/", "Output OK"); + +# host header checks +$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http"); +like( $res->output, '/^Host: '.$host_tcp_http.'\s*$/ms', "Host Header OK" ); +like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" ); + +$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http -p 80"); +like( $res->output, '/^Host: '.$host_tcp_http.'\s*$/ms', "Host Header OK" ); +like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" ); + +$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http:8080 -p 80"); +like( $res->output, '/^Host: '.$host_tcp_http.':8080\s*$/ms', "Host Header OK" ); +like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" ); + +$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http:8080 -p 80"); +like( $res->output, '/^Host: '.$host_tcp_http.':8080\s*$/ms', "Host Header OK" ); +like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" ); + +$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http:8080 -p 80 -k 'Host: testhost:8001'"); +like( $res->output, '/^Host: testhost:8001\s*$/ms', "Host Header OK" ); +like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" ); + +$res = NPTest->testCmd("./$plugin -v -I $host_tcp_http -p 80 -k 'Host: testhost:8001'"); +like( $res->output, '/^Host: testhost:8001\s*$/ms', "Host Header OK" ); +like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" ); + +SKIP: { + skip "No internet access", 4 if $internet_access eq "no"; + + $res = NPTest->testCmd("./$plugin -v -H $host_tls_http -S"); + like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" ); + + $res = NPTest->testCmd("./$plugin -v -H $host_tls_http:8080 -S -p 443"); + like( $res->output, '/^Host: '.$host_tls_http.':8080\s*$/ms', "Host Header OK" ); + + $res = NPTest->testCmd("./$plugin -v -H $host_tls_http:443 -S -p 443"); + like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" ); + + $res = NPTest->testCmd("./$plugin -v -H $host_tls_http -D -S -p 443"); + like( $res->output, '/(^Host: '.$host_tls_http.'\s*$)|(cURL returned 60)/ms', "Host Header OK" ); +}; + +SKIP: { + skip "No host serving monitoring in index file", 7 unless $host_tcp_http2; + + $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'monitoring'" ); + cmp_ok( $res->return_code, "==", 0, "Got a reference to 'monitoring'"); + + $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'mONiTORing'" ); + cmp_ok( $res->return_code, "==", 2, "Not got 'mONiTORing'"); + like ( $res->output, "/pattern not found/", "Error message says 'pattern not found'"); + + $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -R 'mONiTORing'" ); + cmp_ok( $res->return_code, "==", 0, "But case insensitive doesn't mind 'mONiTORing'"); + + $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'monitoring' --invert-regex" ); + cmp_ok( $res->return_code, "==", 2, "Invert results work when found"); + like ( $res->output, "/pattern found/", "Error message says 'pattern found'"); + + $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'mONiTORing' --invert-regex" ); + cmp_ok( $res->return_code, "==", 0, "And also when not found"); +} +SKIP: { + skip "No internet access", 28 if $internet_access eq "no"; + + $res = NPTest->testCmd( + "./$plugin --ssl $host_tls_http" + ); + cmp_ok( $res->return_code, '==', 0, "Can read https for $host_tls_http" ); + + $res = NPTest->testCmd( "./$plugin -C 1 --ssl $host_tls_http" ); + cmp_ok( $res->return_code, '==', 0, "Checking certificate for $host_tls_http"); + like ( $res->output, "/Certificate '$host_tls_cert' will expire on/", "Output OK" ); + my $saved_cert_output = $res->output; + + $res = NPTest->testCmd( "./$plugin -C 8000,1 --ssl $host_tls_http" ); + cmp_ok( $res->return_code, '==', 1, "Checking certificate for $host_tls_http"); + like ( $res->output, qr/WARNING - Certificate '$host_tls_cert' expires in \d+ day/, "Output Warning" ); + + $res = NPTest->testCmd( "./$plugin $host_tls_http -C 1" ); + is( $res->return_code, 0, "Old syntax for cert checking okay" ); + is( $res->output, $saved_cert_output, "Same output as new syntax" ); + + $res = NPTest->testCmd( "./$plugin -H $host_tls_http -C 1" ); + is( $res->return_code, 0, "Updated syntax for cert checking okay" ); + is( $res->output, $saved_cert_output, "Same output as new syntax" ); + + $res = NPTest->testCmd( "./$plugin -C 1 $host_tls_http" ); + cmp_ok( $res->output, 'eq', $saved_cert_output, "--ssl option automatically added"); + + $res = NPTest->testCmd( "./$plugin $host_tls_http -C 1" ); + cmp_ok( $res->output, 'eq', $saved_cert_output, "Old syntax for cert checking still works"); + + # run some certificate checks with faketime + SKIP: { + skip "No faketime binary found", 12 if !$faketime; + $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./$plugin -C 1 $host_tls_http"); + like($res->output, qr/OK - Certificate '$host_tls_cert' will expire on/, "Catch cert output"); + is( $res->return_code, 0, "Catch cert output exit code" ); + my($mon,$day,$hour,$min,$sec,$year) = ($res->output =~ /(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)\s+(\d+)/); + if(!defined $year) { + die("parsing date failed from: ".$res->output); + } + my $months = {'Jan' => 0, 'Feb' => 1, 'Mar' => 2, 'Apr' => 3, 'May' => 4, 'Jun' => 5, 'Jul' => 6, 'Aug' => 7, 'Sep' => 8, 'Oct' => 9, 'Nov' => 10, 'Dec' => 11}; + my $ts = mktime($sec, $min, $hour, $day, $months->{$mon}, $year-1900); + my $time = strftime("%Y-%m-%d %H:%M:%S", localtime($ts)); + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./$plugin -C 1 $host_tls_http"); + like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' just expired/, "Output on expire date"); + is( $res->return_code, 2, "Output on expire date" ); + + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-1))."' ./$plugin -C 1 $host_tls_http"); + like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 0 minutes/, "cert expires in 1 second output"); + is( $res->return_code, 2, "cert expires in 1 second exit code" ); + + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-120))."' ./$plugin -C 1 $host_tls_http"); + like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 2 minutes/, "cert expires in 2 minutes output"); + is( $res->return_code, 2, "cert expires in 2 minutes exit code" ); + + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-7200))."' ./$plugin -C 1 $host_tls_http"); + like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 2 hours/, "cert expires in 2 hours output"); + is( $res->return_code, 2, "cert expires in 2 hours exit code" ); + + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./$plugin -C 1 $host_tls_http"); + like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expired on/, "Certificate expired output"); + is( $res->return_code, 2, "Certificate expired exit code" ); + }; + + $res = NPTest->testCmd( "./$plugin --ssl $host_tls_http -E" ); + like ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' ); + like ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' ); + + $res = NPTest->testCmd( + "./$plugin --ssl -H www.e-paycobalt.com" + ); + cmp_ok( $res->return_code, "==", 0, "Can read https for www.e-paycobalt.com (uses AES certificate)" ); + + $res = NPTest->testCmd( "./$plugin -H www.mozilla.com -u /firefox -f curl" ); + is( $res->return_code, 0, "Redirection based on location is okay"); + + $res = NPTest->testCmd( "./$plugin -H www.mozilla.com --extended-perfdata" ); + like ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' ); +} diff --git a/plugins/t/check_disk.t b/plugins/t/check_disk.t index 7e0f74b7..ec527e7f 100644 --- a/plugins/t/check_disk.t +++ b/plugins/t/check_disk.t @@ -88,8 +88,9 @@ $result = NPTest->testCmd( ); $_ = $result->perf_output; my ($warn_absth_data, $crit_absth_data, $total_absth_data) = (m/=.[^;]*;(\d+);(\d+);\d+;(\d+)/); -is ($warn_absth_data, $total_absth_data - 20, "Wrong warning in perf data using absolute thresholds"); -is ($crit_absth_data, $total_absth_data - 10, "Wrong critical in perf data using absolute thresholds"); +# default unit is MiB, but perfdata is always bytes +is ($warn_absth_data, $total_absth_data - (20 * (2 ** 20)), "Wrong warning in perf data using absolute thresholds"); +is ($crit_absth_data, $total_absth_data - (10 * (2 ** 20)), "Wrong critical in perf data using absolute thresholds"); # Then check percent thresholds. $result = NPTest->testCmd( @@ -119,7 +120,7 @@ like ( $result->only_output, qr/$more_free/, "Have disk name in text"); $result = NPTest->testCmd( "./check_disk -w 1 -c 1 -p $more_free -p $less_free" ); cmp_ok( $result->return_code, '==', 0, "At least 1 MB available on $more_free and $less_free"); $_ = $result->output; -my ($free_mb_on_mp1, $free_mb_on_mp2) = (m/(\d+) MB .* (\d+) MB /g); +my ($free_mb_on_mp1, $free_mb_on_mp2) = (m/(\d+)MiB .* (\d+)MiB /g); my $free_mb_on_all = $free_mb_on_mp1 + $free_mb_on_mp2; @@ -248,11 +249,11 @@ $result = NPTest->testCmd( "./check_disk -w 100% -c 100% ".${mountpoint_valid} ) cmp_ok( $result->return_code, "==", 2, "100% empty" ); like( $result->output, $failureOutput, "Right output" ); -$result = NPTest->testCmd( "./check_disk -w 100000 -c 100000 $mountpoint_valid" ); -cmp_ok( $result->return_code, '==', 2, "Check for 100GB free" ); +$result = NPTest->testCmd( "./check_disk -w 100000000 -c 100000000 $mountpoint_valid" ); +cmp_ok( $result->return_code, '==', 2, "Check for 100TB free" ); -$result = NPTest->testCmd( "./check_disk -w 100 -c 100 -u GB ".${mountpoint_valid} ); # 100 GB empty -cmp_ok( $result->return_code, "==", 2, "100 GB empty" ); +$result = NPTest->testCmd( "./check_disk -w 100 -c 100 -u TB ".${mountpoint_valid} ); # 100 TB empty +cmp_ok( $result->return_code, "==", 2, "100 TB empty" ); # Checking old syntax of check_disk warn crit [fs], with warn/crit at USED% thresholds diff --git a/plugins/t/check_dns.t b/plugins/t/check_dns.t index cdfbe60d..afb2062d 100644 --- a/plugins/t/check_dns.t +++ b/plugins/t/check_dns.t @@ -10,7 +10,7 @@ use NPTest; plan skip_all => "check_dns not compiled" unless (-x "check_dns"); -plan tests => 19; +plan tests => 23; my $successOutput = '/DNS OK: [\.0-9]+ seconds? response time/'; @@ -105,3 +105,11 @@ cmp_ok( $res->return_code, '==', 0, "Got expected address"); $res = NPTest->testCmd("./check_dns -H $hostname_valid -a $hostname_invalid_cidr -t 5"); cmp_ok( $res->return_code, '==', 2, "Got wrong address"); like ( $res->output, "/^DNS CRITICAL.*expected '$hostname_invalid_cidr' but got '$hostname_valid_ip'".'$/', "Output OK"); + +$res = NPTest->testCmd("./check_dns -H $hostname_valid -n"); +cmp_ok( $res->return_code, '==', 2, "Found $hostname_valid"); +like ( $res->output, "/^DNS CRITICAL.*Domain '$hostname_valid' was found by the server:/", "Output OK"); + +$res = NPTest->testCmd("./check_dns -H $hostname_invalid -n"); +cmp_ok( $res->return_code, '==', 0, "Did not find $hostname_invalid"); +like ( $res->output, $successOutput, "Output OK" ); diff --git a/plugins/t/check_fping.t b/plugins/t/check_fping.t index 08692e46..67b357b2 100644 --- a/plugins/t/check_fping.t +++ b/plugins/t/check_fping.t @@ -5,40 +5,30 @@ # use strict; -use Test; +use Test::More; use NPTest; -use vars qw($tests); +my $host_responsive = getTestParameter("NP_HOST_RESPONSIVE", "The hostname of system responsive to network requests", "localhost"); +my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1"); +my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost"); -BEGIN {$tests = 4; plan tests => $tests} - -my $successOutput = '/^FPING OK - /'; -my $failureOutput = '/^FPING CRITICAL - /'; - -my $host_responsive = getTestParameter( "host_responsive", "NP_HOST_RESPONSIVE", "localhost", - "The hostname of system responsive to network requests" ); - -my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1", - "The hostname of system not responsive to network requests" ); - -my $hostname_invalid = getTestParameter( "hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost", - "An invalid (not known to DNS) hostname" ); - - -my $t; +my $res; my $fping = qx(which fping 2> /dev/null); chomp($fping); if( ! -x "./check_fping") { - $t += skipMissingCmd( "./check_fping", $tests ); + plan skip_all => "check_fping not found, skipping tests"; } -elsif ( $> != 0 && (!$fping || ! -u $fping)) { - $t += skipMsg( "./check_fping", $tests ); +elsif ( !$fping || !-x $fping ) { + plan skip_all => "fping not found or cannot be executed, skipping tests"; } else { - $t += checkCmd( "./check_fping $host_responsive", 0, $successOutput ); - $t += checkCmd( "./check_fping $host_nonresponsive", [ 1, 2 ] ); - $t += checkCmd( "./check_fping $hostname_invalid", [ 1, 2 ] ); -} + plan tests => 3; + $res = NPTest->testCmd( "./check_fping $host_responsive" ); + cmp_ok( $res->return_code, '==', 0, "Responsive host returns OK"); -exit(0) if defined($Test::Harness::VERSION); -exit($tests - $t); + $res = NPTest->testCmd( "./check_fping $host_nonresponsive" ); + cmp_ok( $res->return_code, '==', 2, "Non-Responsive host returns Critical"); + + $res = NPTest->testCmd( "./check_fping $hostname_invalid" ); + cmp_ok( $res->return_code, '==', 3, "Invalid host returns Unknown"); +} diff --git a/plugins/t/check_ftp.t b/plugins/t/check_ftp.t index de6831ba..93a7d7c3 100644 --- a/plugins/t/check_ftp.t +++ b/plugins/t/check_ftp.t @@ -11,14 +11,9 @@ use NPTest; use vars qw($tests); BEGIN {$tests = 4; plan tests => $tests} -my $host_tcp_ftp = getTestParameter( "host_tcp_ftp", "NP_HOST_TCP_FTP", "localhost", - "A host providing the FTP Service (an FTP server)"); - -my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1", - "The hostname of system not responsive to network requests" ); - -my $hostname_invalid = getTestParameter( "hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost", - "An invalid (not known to DNS) hostname" ); +my $host_tcp_ftp = getTestParameter("NP_HOST_TCP_FTP", "A host providing the FTP Service (an FTP server)", "localhost"); +my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1"); +my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost"); my $successOutput = '/FTP OK -\s+[0-9]?\.?[0-9]+ second response time/'; diff --git a/plugins/t/check_http.t b/plugins/t/check_http.t index 5a90f02a..c137f7b4 100644 --- a/plugins/t/check_http.t +++ b/plugins/t/check_http.t @@ -9,54 +9,46 @@ use Test::More; use POSIX qw/mktime strftime/; use NPTest; -plan tests => 49; +plan tests => 50; my $successOutput = '/OK.*HTTP.*second/'; my $res; - -my $host_tcp_http = getTestParameter( "NP_HOST_TCP_HTTP", - "A host providing the HTTP Service (a web server)", - "localhost" ); - -my $host_nonresponsive = getTestParameter( "NP_HOST_NONRESPONSIVE", - "The hostname of system not responsive to network requests", - "10.0.0.1" ); - -my $hostname_invalid = getTestParameter( "NP_HOSTNAME_INVALID", - "An invalid (not known to DNS) hostname", - "nosuchhost"); - -my $internet_access = getTestParameter( "NP_INTERNET_ACCESS", - "Is this system directly connected to the internet?", - "yes"); - -my $host_tcp_http2 = getTestParameter( "NP_HOST_TCP_HTTP2", - "A host providing an index page containing the string 'monitoring'", - "test.monitoring-plugins.org" ); +my $plugin = 'check_http'; +$plugin = 'check_curl' if $0 =~ m/check_curl/mx; + +my $host_tcp_http = getTestParameter("NP_HOST_TCP_HTTP", "A host providing the HTTP Service (a web server)", "localhost"); +my $host_tls_http = getTestParameter("NP_HOST_TLS_HTTP", "A host providing the HTTPS Service (a tls web server)", "localhost"); +my $host_tls_cert = getTestParameter("NP_HOST_TLS_CERT", "the common name of the certificate.", "localhost"); +my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1"); +my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost"); +my $internet_access = getTestParameter("NP_INTERNET_ACCESS", "Is this system directly connected to the internet?", "yes"); +my $host_tcp_http2 = getTestParameter("NP_HOST_TCP_HTTP2", "A host providing an index page containing the string 'monitoring'", "test.monitoring-plugins.org"); +my $host_tcp_proxy = getTestParameter("NP_HOST_TCP_PROXY", "A host providing a HTTP proxy with CONNECT support", "localhost"); +my $port_tcp_proxy = getTestParameter("NP_PORT_TCP_PROXY", "Port of the proxy with HTTP and CONNECT support", "3128"); my $faketime = -x '/usr/bin/faketime' ? 1 : 0; $res = NPTest->testCmd( - "./check_http $host_tcp_http -wt 300 -ct 600" + "./$plugin $host_tcp_http -wt 300 -ct 600" ); cmp_ok( $res->return_code, '==', 0, "Webserver $host_tcp_http responded" ); like( $res->output, $successOutput, "Output OK" ); $res = NPTest->testCmd( - "./check_http $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'" + "./$plugin $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'" ); like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" ); $res = NPTest->testCmd( - "./check_http $host_nonresponsive -wt 1 -ct 2 -t 3" + "./$plugin $host_nonresponsive -wt 1 -ct 2 -t 3" ); cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" ); cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 3 seconds", "Output OK"); $res = NPTest->testCmd( - "./check_http $hostname_invalid -wt 1 -ct 2" + "./$plugin $hostname_invalid -wt 1 -ct 2" ); cmp_ok( $res->return_code, '==', 2, "Webserver $hostname_invalid not valid" ); # The first part of the message comes from the OS catalogue, so cannot check this. @@ -65,87 +57,87 @@ cmp_ok( $res->return_code, '==', 2, "Webserver $hostname_invalid not valid" ); like( $res->output, "/Unable to open TCP socket|Socket timeout after/", "Output OK"); # host header checks -$res = NPTest->testCmd("./check_http -v -H $host_tcp_http"); +$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http"); like( $res->output, '/^Host: '.$host_tcp_http.'\s*$/ms', "Host Header OK" ); -$res = NPTest->testCmd("./check_http -v -H $host_tcp_http -p 80"); +$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http -p 80"); like( $res->output, '/^Host: '.$host_tcp_http.'\s*$/ms', "Host Header OK" ); -$res = NPTest->testCmd("./check_http -v -H $host_tcp_http:8080 -p 80"); +$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http:8080 -p 80"); like( $res->output, '/^Host: '.$host_tcp_http.':8080\s*$/ms', "Host Header OK" ); -$res = NPTest->testCmd("./check_http -v -H $host_tcp_http:8080 -p 80"); +$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http:8080 -p 80"); like( $res->output, '/^Host: '.$host_tcp_http.':8080\s*$/ms', "Host Header OK" ); SKIP: { skip "No internet access", 3 if $internet_access eq "no"; - $res = NPTest->testCmd("./check_http -v -H www.verisign.com -S"); - like( $res->output, '/^Host: www.verisign.com\s*$/ms', "Host Header OK" ); + $res = NPTest->testCmd("./$plugin -v -H $host_tls_http -S"); + like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" ); - $res = NPTest->testCmd("./check_http -v -H www.verisign.com:8080 -S -p 443"); - like( $res->output, '/^Host: www.verisign.com:8080\s*$/ms', "Host Header OK" ); + $res = NPTest->testCmd("./$plugin -v -H $host_tls_http:8080 -S -p 443"); + like( $res->output, '/^Host: '.$host_tls_http.':8080\s*$/ms', "Host Header OK" ); - $res = NPTest->testCmd("./check_http -v -H www.verisign.com:443 -S -p 443"); - like( $res->output, '/^Host: www.verisign.com\s*$/ms', "Host Header OK" ); + $res = NPTest->testCmd("./$plugin -v -H $host_tls_http:443 -S -p 443"); + like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" ); }; SKIP: { skip "No host serving monitoring in index file", 7 unless $host_tcp_http2; - $res = NPTest->testCmd( "./check_http -H $host_tcp_http2 -r 'monitoring'" ); + $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'monitoring'" ); cmp_ok( $res->return_code, "==", 0, "Got a reference to 'monitoring'"); - $res = NPTest->testCmd( "./check_http -H $host_tcp_http2 -r 'mONiTORing'" ); + $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'mONiTORing'" ); cmp_ok( $res->return_code, "==", 2, "Not got 'mONiTORing'"); like ( $res->output, "/pattern not found/", "Error message says 'pattern not found'"); - $res = NPTest->testCmd( "./check_http -H $host_tcp_http2 -R 'mONiTORing'" ); + $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -R 'mONiTORing'" ); cmp_ok( $res->return_code, "==", 0, "But case insensitive doesn't mind 'mONiTORing'"); - $res = NPTest->testCmd( "./check_http -H $host_tcp_http2 -r 'monitoring' --invert-regex" ); + $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'monitoring' --invert-regex" ); cmp_ok( $res->return_code, "==", 2, "Invert results work when found"); like ( $res->output, "/pattern found/", "Error message says 'pattern found'"); - $res = NPTest->testCmd( "./check_http -H $host_tcp_http2 -r 'mONiTORing' --invert-regex" ); + $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'mONiTORing' --invert-regex" ); cmp_ok( $res->return_code, "==", 0, "And also when not found"); } SKIP: { - skip "No internet access", 16 if $internet_access eq "no"; + skip "No internet access", 23 if $internet_access eq "no"; $res = NPTest->testCmd( - "./check_http --ssl www.verisign.com" + "./$plugin --ssl $host_tls_http" ); - cmp_ok( $res->return_code, '==', 0, "Can read https for www.verisign.com" ); + cmp_ok( $res->return_code, '==', 0, "Can read https for $host_tls_http" ); - $res = NPTest->testCmd( "./check_http -C 1 --ssl www.verisign.com" ); - cmp_ok( $res->return_code, '==', 0, "Checking certificate for www.verisign.com"); - like ( $res->output, "/Certificate 'www.verisign.com' will expire on/", "Output OK" ); + $res = NPTest->testCmd( "./$plugin -C 1 --ssl $host_tls_http" ); + cmp_ok( $res->return_code, '==', 0, "Checking certificate for $host_tls_http"); + like ( $res->output, "/Certificate '$host_tls_cert' will expire on/", "Output OK" ); my $saved_cert_output = $res->output; - $res = NPTest->testCmd( "./check_http -C 8000,1 --ssl www.verisign.com" ); - cmp_ok( $res->return_code, '==', 1, "Checking certificate for www.verisign.com"); - like ( $res->output, qr/WARNING - Certificate 'www.verisign.com' expires in \d+ day/, "Output Warning" ); + $res = NPTest->testCmd( "./$plugin -C 8000,1 --ssl $host_tls_http" ); + cmp_ok( $res->return_code, '==', 1, "Checking certificate for $host_tls_http"); + like ( $res->output, qr/WARNING - Certificate '$host_tls_cert' expires in \d+ day/, "Output Warning" ); - $res = NPTest->testCmd( "./check_http www.verisign.com -C 1" ); + $res = NPTest->testCmd( "./$plugin $host_tls_http -C 1" ); is( $res->return_code, 0, "Old syntax for cert checking okay" ); is( $res->output, $saved_cert_output, "Same output as new syntax" ); - $res = NPTest->testCmd( "./check_http -H www.verisign.com -C 1" ); + $res = NPTest->testCmd( "./$plugin -H $host_tls_http -C 1" ); is( $res->return_code, 0, "Updated syntax for cert checking okay" ); is( $res->output, $saved_cert_output, "Same output as new syntax" ); - $res = NPTest->testCmd( "./check_http -C 1 www.verisign.com" ); + $res = NPTest->testCmd( "./$plugin -C 1 $host_tls_http" ); cmp_ok( $res->output, 'eq', $saved_cert_output, "--ssl option automatically added"); - $res = NPTest->testCmd( "./check_http www.verisign.com -C 1" ); + $res = NPTest->testCmd( "./$plugin $host_tls_http -C 1" ); cmp_ok( $res->output, 'eq', $saved_cert_output, "Old syntax for cert checking still works"); # run some certificate checks with faketime SKIP: { - skip "No faketime binary found", 12 if !$faketime; - $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./check_http -C 1 www.verisign.com"); - like($res->output, qr/OK - Certificate 'www.verisign.com' will expire on/, "Catch cert output"); + skip "No faketime binary found", 7 if !$faketime; + $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./$plugin -C 1 $host_tls_http"); + like($res->output, qr/OK - Certificate '$host_tls_cert' will expire on/, "Catch cert output"); is( $res->return_code, 0, "Catch cert output exit code" ); my($mon,$day,$hour,$min,$sec,$year) = ($res->output =~ /(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)\s+(\d+)/); if(!defined $year) { @@ -154,40 +146,51 @@ SKIP: { my $months = {'Jan' => 0, 'Feb' => 1, 'Mar' => 2, 'Apr' => 3, 'May' => 4, 'Jun' => 5, 'Jul' => 6, 'Aug' => 7, 'Sep' => 8, 'Oct' => 9, 'Nov' => 10, 'Dec' => 11}; my $ts = mktime($sec, $min, $hour, $day, $months->{$mon}, $year-1900); my $time = strftime("%Y-%m-%d %H:%M:%S", localtime($ts)); - $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_http -C 1 www.verisign.com"); - like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' just expired/, "Output on expire date"); - is( $res->return_code, 2, "Output on expire date" ); + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./$plugin -C 1 $host_tls_http"); + like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' just expired/, "Output on expire date"); - $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-1))."' ./check_http -C 1 www.verisign.com"); - like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 0 minutes/, "cert expires in 1 second output"); - is( $res->return_code, 2, "cert expires in 1 second exit code" ); + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-1))."' ./$plugin -C 1 $host_tls_http"); + like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 0 minutes/, "cert expires in 1 second output"); - $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-120))."' ./check_http -C 1 www.verisign.com"); - like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 2 minutes/, "cert expires in 2 minutes output"); - is( $res->return_code, 2, "cert expires in 2 minutes exit code" ); + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-120))."' ./$plugin -C 1 $host_tls_http"); + like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 2 minutes/, "cert expires in 2 minutes output"); - $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-7200))."' ./check_http -C 1 www.verisign.com"); - like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 2 hours/, "cert expires in 2 hours output"); - is( $res->return_code, 2, "cert expires in 2 hours exit code" ); + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-7200))."' ./$plugin -C 1 $host_tls_http"); + like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 2 hours/, "cert expires in 2 hours output"); - $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_http -C 1 www.verisign.com"); - like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expired on/, "Certificate expired output"); - is( $res->return_code, 2, "Certificate expired exit code" ); + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./$plugin -C 1 $host_tls_http"); + like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expired on/, "Certificate expired output"); }; - $res = NPTest->testCmd( "./check_http --ssl www.verisign.com -E" ); + $res = NPTest->testCmd( "./$plugin --ssl $host_tls_http -E" ); like ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' ); like ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' ); $res = NPTest->testCmd( - "./check_http --ssl -H www.e-paycobalt.com" + "./$plugin --ssl -H www.e-paycobalt.com" ); cmp_ok( $res->return_code, "==", 0, "Can read https for www.e-paycobalt.com (uses AES certificate)" ); - $res = NPTest->testCmd( "./check_http -H www.mozilla.com -u /firefox -f follow" ); + $res = NPTest->testCmd( "./$plugin -H www.mozilla.com -u /firefox -f follow" ); is( $res->return_code, 0, "Redirection based on location is okay"); - $res = NPTest->testCmd( "./check_http -H www.mozilla.com --extended-perfdata" ); + $res = NPTest->testCmd( "./$plugin -H www.mozilla.com --extended-perfdata" ); like ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' ); } + +SKIP: { + skip "No internet access or proxy configured", 6 if $internet_access eq "no" or ! $host_tcp_proxy; + + $res = NPTest->testCmd( "./$plugin -I $host_tcp_proxy -p $port_tcp_proxy -u http://$host_tcp_http -e 200,301,302"); + is( $res->return_code, 0, "Proxy HTTP works"); + like($res->output, qr/OK: Status line output matched/, "Proxy HTTP Output is sufficent"); + + $res = NPTest->testCmd( "./$plugin -I $host_tcp_proxy -p $port_tcp_proxy -H $host_tls_http -S -j CONNECT"); + is( $res->return_code, 0, "Proxy HTTP CONNECT works"); + like($res->output, qr/HTTP OK:/, "Proxy HTTP CONNECT output sufficent"); + + $res = NPTest->testCmd( "./$plugin -I $host_tcp_proxy -p $port_tcp_proxy -H $host_tls_http -S -j CONNECT:HEAD"); + is( $res->return_code, 0, "Proxy HTTP CONNECT works with override method"); + like($res->output, qr/HTTP OK:/, "Proxy HTTP CONNECT output sufficent"); +} diff --git a/plugins/t/check_imap.t b/plugins/t/check_imap.t index 9c6eae1f..7c74e564 100644 --- a/plugins/t/check_imap.t +++ b/plugins/t/check_imap.t @@ -8,17 +8,10 @@ use strict; use Test::More tests => 7; use NPTest; -my $host_tcp_smtp = getTestParameter( "host_tcp_smtp", "NP_HOST_TCP_SMTP", "mailhost", - "A host providing an STMP Service (a mail server)"); - -my $host_tcp_imap = getTestParameter( "host_tcp_imap", "NP_HOST_TCP_IMAP", $host_tcp_smtp, - "A host providing an IMAP Service (a mail server)"); - -my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1", - "The hostname of system not responsive to network requests" ); - -my $hostname_invalid = getTestParameter( "hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost", - "An invalid (not known to DNS) hostname" ); +my $host_tcp_smtp = getTestParameter("NP_HOST_TCP_SMTP", "A host providing an STMP Service (a mail server)", "mailhost"); +my $host_tcp_imap = getTestParameter("NP_HOST_TCP_IMAP", "A host providing an IMAP Service (a mail server)", $host_tcp_smtp); +my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1"); +my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost"); my $t; diff --git a/plugins/t/check_jabber.t b/plugins/t/check_jabber.t index 7a708d5b..fcdae179 100644 --- a/plugins/t/check_jabber.t +++ b/plugins/t/check_jabber.t @@ -10,23 +10,9 @@ use NPTest; plan tests => 10; -my $host_tcp_jabber = getTestParameter( - "NP_HOST_TCP_JABBER", - "A host providing the Jabber Service", - "jabber.org" - ); - -my $host_nonresponsive = getTestParameter( - "NP_HOST_NONRESPONSIVE", - "The hostname of system not responsive to network requests", - "10.0.0.1", - ); - -my $hostname_invalid = getTestParameter( - "NP_HOSTNAME_INVALID", - "An invalid (not known to DNS) hostname", - "nosuchhost", - ); +my $host_tcp_jabber = getTestParameter("NP_HOST_TCP_JABBER", "A host providing the Jabber Service", "jabber.de"); +my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1"); +my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost"); my $jabberOK = '/JABBER OK\s-\s\d+\.\d+\ssecond response time on '.$host_tcp_jabber.' port 5222/'; diff --git a/plugins/t/check_ldap.t b/plugins/t/check_ldap.t index b8944d4b..b8a4a766 100644 --- a/plugins/t/check_ldap.t +++ b/plugins/t/check_ldap.t @@ -9,19 +9,10 @@ use warnings; use Test::More; use NPTest; -my $host_tcp_ldap = getTestParameter("NP_HOST_TCP_LDAP", - "A host providing the LDAP Service", - "localhost" ); - -my $ldap_base_dn = getTestParameter("NP_LDAP_BASE_DN", - "A base dn for the LDAP Service", - "cn=admin" ); - -my $host_nonresponsive = getTestParameter("host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1", - "The hostname of system not responsive to network requests" ); - -my $hostname_invalid = getTestParameter("hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost", - "An invalid (not known to DNS) hostname" ); +my $host_tcp_ldap = getTestParameter("NP_HOST_TCP_LDAP", "A host providing the LDAP Service", "localhost"); +my $ldap_base_dn = getTestParameter("NP_LDAP_BASE_DN", "A base dn for the LDAP Service", "cn=admin"); +my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1"); +my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost"); my($result, $cmd); my $command = './check_ldap'; diff --git a/plugins/t/check_load.t b/plugins/t/check_load.t index 55f6f752..60837ef6 100644 --- a/plugins/t/check_load.t +++ b/plugins/t/check_load.t @@ -11,8 +11,8 @@ use NPTest; my $res; my $loadValue = "[0-9]+\.?[0-9]+"; -my $successOutput = "/^OK - load average: $loadValue, $loadValue, $loadValue/"; -my $failureOutput = "/^CRITICAL - load average: $loadValue, $loadValue, $loadValue/"; +my $successOutput = "/^LOAD OK - load average: $loadValue, $loadValue, $loadValue/"; +my $failureOutput = "/^LOAD CRITICAL - load average: $loadValue, $loadValue, $loadValue/"; plan tests => 11; diff --git a/plugins/t/check_mysql.t b/plugins/t/check_mysql.t index 28cd4cd0..e426bf59 100644 --- a/plugins/t/check_mysql.t +++ b/plugins/t/check_mysql.t @@ -21,30 +21,11 @@ plan skip_all => "check_mysql not compiled" unless (-x "check_mysql"); plan tests => 15; my $bad_login_output = '/Access denied for user /'; -my $mysqlserver = getTestParameter( - "NP_MYSQL_SERVER", - "A MySQL Server hostname or IP with no slaves setup" - ); -my $mysqlsocket = getTestParameter( - "NP_MYSQL_SOCKET", - "Full path to a MySQL Server socket with no slaves setup" - ); -my $mysql_login_details = getTestParameter( - "MYSQL_LOGIN_DETAILS", - "Command line parameters to specify login access (requires " . - "REPLICATION CLIENT privleges)", - "-u test -ptest", - ); -my $with_slave = getTestParameter( - "NP_MYSQL_WITH_SLAVE", - "MySQL server with slaves setup" - ); -my $with_slave_login = getTestParameter( - "NP_MYSQL_WITH_SLAVE_LOGIN", - "Login details for server with slave (requires REPLICATION CLIENT " . - "privleges)", - $mysql_login_details || "-u test -ptest" - ); +my $mysqlserver = getTestParameter("NP_MYSQL_SERVER", "A MySQL Server hostname or IP with no slaves setup"); +my $mysqlsocket = getTestParameter("NP_MYSQL_SOCKET", "Full path to a MySQL Server socket with no slaves setup"); +my $mysql_login_details = getTestParameter("NP_MYSQL_LOGIN_DETAILS", "Command line parameters to specify login access (requires REPLICATION CLIENT privleges)", "-u test -ptest"); +my $with_slave = getTestParameter("NP_MYSQL_WITH_SLAVE", "MySQL server with slaves setup"); +my $with_slave_login = getTestParameter("NP_MYSQL_WITH_SLAVE_LOGIN", "Login details for server with slave (requires REPLICATION CLIENT privleges)", $mysql_login_details || "-u test -ptest"); my $result; diff --git a/plugins/t/check_mysql_query.t b/plugins/t/check_mysql_query.t index 407af881..96899ac6 100644 --- a/plugins/t/check_mysql_query.t +++ b/plugins/t/check_mysql_query.t @@ -17,15 +17,8 @@ use vars qw($tests); plan skip_all => "check_mysql_query not compiled" unless (-x "check_mysql_query"); -my $mysqlserver = getTestParameter( - "NP_MYSQL_SERVER", - "A MySQL Server with no slaves setup" - ); -my $mysql_login_details = getTestParameter( - "MYSQL_LOGIN_DETAILS", - "Command line parameters to specify login access", - "-u user -ppw -d db", - ); +my $mysqlserver = getTestParameter("NP_MYSQL_SERVER", "A MySQL Server with no slaves setup"); +my $mysql_login_details = getTestParameter("NP_MYSQL_LOGIN_DETAILS", "Command line parameters to specify login access", "-u user -ppw -d db"); my $result; if (! $mysqlserver) { diff --git a/plugins/t/check_snmp.t b/plugins/t/check_snmp.t index eff46ea1..f2f218fd 100644 --- a/plugins/t/check_snmp.t +++ b/plugins/t/check_snmp.t @@ -15,18 +15,12 @@ BEGIN { my $res; -my $host_snmp = getTestParameter( "host_snmp", "NP_HOST_SNMP", "localhost", - "A host providing an SNMP Service"); +my $host_snmp = getTestParameter("NP_HOST_SNMP", "A host providing an SNMP Service", "localhost"); +my $snmp_community = getTestParameter("NP_SNMP_COMMUNITY", "The SNMP Community string for SNMP Testing (assumes snmp v1)", "public"); +my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1"); +my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost"); +my $user_snmp = getTestParameter("NP_SNMP_USER", "An SNMP user", "auth_md5"); -my $snmp_community = getTestParameter( "snmp_community", "NP_SNMP_COMMUNITY", "public", - "The SNMP Community string for SNMP Testing (assumes snmp v1)" ); - -my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1", - "The hostname of system not responsive to network requests" ); - -my $hostname_invalid = getTestParameter( "hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost", - "An invalid (not known to DNS) hostname" ); -my $user_snmp = getTestParameter( "user_snmp", "NP_SNMP_USER", "auth_md5", "An SNMP user"); $res = NPTest->testCmd( "./check_snmp -t 1" ); is( $res->return_code, 3, "No host name" ); @@ -154,9 +148,9 @@ SKIP: { cmp_ok( $res->return_code, '==', 0, "Timetick used as a string"); like($res->output, '/^SNMP OK - Timeticks:\s\(\d+\)\s+(?:\d+ days?,\s+)?\d+:\d+:\d+\.\d+\s.*$/', "Timetick used as a string, result printed rather than parsed"); - $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o HOST-RESOURCES-MIB::hrSWRunParameters.1"); - cmp_ok( $res->return_code, '==', 0, "Timetick used as a string"); - is( $res->output, 'SNMP OK - "" | ', "snmp response without datatype" ); + $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o HOST-RESOURCES-MIB::hrSWRunName.1"); + cmp_ok( $res->return_code, '==', 0, "snmp response without datatype"); + like( $res->output, '/^SNMP OK - "(systemd|init)" \| $/', "snmp response without datatype" ); } SKIP: { diff --git a/plugins/t/check_ssh.t b/plugins/t/check_ssh.t index 80083492..a5cd23ce 100644 --- a/plugins/t/check_ssh.t +++ b/plugins/t/check_ssh.t @@ -9,17 +9,9 @@ use Test::More; use NPTest; # Required parameters -my $ssh_host = getTestParameter("NP_SSH_HOST", - "A host providing SSH service", - "localhost"); - -my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", - "The hostname of system not responsive to network requests", - "10.0.0.1" ); - -my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", - "An invalid (not known to DNS) hostname", - "nosuchhost" ); +my $ssh_host = getTestParameter("NP_SSH_HOST", "A host providing SSH service", "localhost"); +my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1" ); +my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost" ); plan skip_all => "SSH_HOST must be defined" unless $ssh_host; diff --git a/plugins/t/check_swap.t b/plugins/t/check_swap.t index e44adc90..de9e0f05 100644 --- a/plugins/t/check_swap.t +++ b/plugins/t/check_swap.t @@ -8,9 +8,9 @@ use strict; use Test::More tests => 8; use NPTest; -my $successOutput = '/^SWAP OK - [0-9]+\% free \([0-9]+ MB out of [0-9]+ MB\)/'; -my $failureOutput = '/^SWAP CRITICAL - [0-9]+\% free \([0-9]+ MB out of [0-9]+ MB\)/'; -my $warnOutput = '/^SWAP WARNING - [0-9]+\% free \([0-9]+ MB out of [0-9]+ MB\)/'; +my $successOutput = '/^SWAP OK - [0-9]+\% free \([0-9]+MB out of [0-9]+MB\)/'; +my $failureOutput = '/^SWAP CRITICAL - [0-9]+\% free \([0-9]+MB out of [0-9]+MB\)/'; +my $warnOutput = '/^SWAP WARNING - [0-9]+\% free \([0-9]+MB out of [0-9]+MB\)/'; my $result; diff --git a/plugins/t/check_tcp.t b/plugins/t/check_tcp.t index f996685d..cb4de53d 100644 --- a/plugins/t/check_tcp.t +++ b/plugins/t/check_tcp.t @@ -15,18 +15,11 @@ BEGIN { } -my $host_tcp_http = getTestParameter( "host_tcp_http", "NP_HOST_TCP_HTTP", "localhost", - "A host providing the HTTP Service (a web server)" ); - -my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1", - "The hostname of system not responsive to network requests" ); - -my $hostname_invalid = getTestParameter( "hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost", - "An invalid (not known to DNS) hostname" ); - -my $internet_access = getTestParameter( "NP_INTERNET_ACCESS", - "Is this system directly connected to the internet?", - "yes"); +my $host_tcp_http = getTestParameter("NP_HOST_TCP_HTTP", "A host providing the HTTP Service (a web server)", "localhost"); +my $host_tls_http = getTestParameter("NP_HOST_TLS_HTTP", "A host providing the HTTPS Service (a tls web server)", "localhost"); +my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1"); +my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost"); +my $internet_access = getTestParameter("NP_INTERNET_ACCESS", "Is this system directly connected to the internet?", "yes"); my $successOutput = '/^TCP OK\s-\s+[0-9]?\.?[0-9]+ second response time on port [0-9]+/'; @@ -42,10 +35,10 @@ $t += checkCmd( "./check_tcp $host_tcp_http -p 81 -wt 0 -ct 0 -to 1", 2 $t += checkCmd( "./check_tcp $host_nonresponsive -p 80 -wt 0 -ct 0 -to 1", 2 ); $t += checkCmd( "./check_tcp $hostname_invalid -p 80 -wt 0 -ct 0 -to 1", 2 ); if($internet_access ne "no") { - $t += checkCmd( "./check_tcp -S -D 1 -H www.verisign.com -p 443", 0 ); - $t += checkCmd( "./check_tcp -S -D 9000,1 -H www.verisign.com -p 443", 1 ); - $t += checkCmd( "./check_tcp -S -D 9000 -H www.verisign.com -p 443", 1 ); - $t += checkCmd( "./check_tcp -S -D 9000,8999 -H www.verisign.com -p 443", 2 ); + $t += checkCmd( "./check_tcp -S -D 1 -H $host_tls_http -p 443", 0 ); + $t += checkCmd( "./check_tcp -S -D 9000,1 -H $host_tls_http -p 443", 1 ); + $t += checkCmd( "./check_tcp -S -D 9000 -H $host_tls_http -p 443", 1 ); + $t += checkCmd( "./check_tcp -S -D 9000,8999 -H $host_tls_http -p 443", 2 ); } # Need the \r\n to make it more standards compliant with web servers. Need the various quotes diff --git a/plugins/t/check_time.t b/plugins/t/check_time.t index 961f56e6..92c2f891 100644 --- a/plugins/t/check_time.t +++ b/plugins/t/check_time.t @@ -11,14 +11,9 @@ use NPTest; use vars qw($tests); BEGIN {$tests = 8; plan tests => $tests} -my $host_udp_time = getTestParameter( "host_udp_time", "NP_HOST_UDP_TIME", "localhost", - "A host providing the UDP Time Service" ); - -my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1", - "The hostname of system not responsive to network requests" ); - -my $hostname_invalid = getTestParameter( "hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost", - "An invalid (not known to DNS) hostname" ); +my $host_udp_time = getTestParameter("NP_HOST_UDP_TIME", "A host providing the UDP Time Service", "localhost"); +my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1"); +my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost"); my $successOutput = '/^TIME OK - [0-9]+ second time difference/'; diff --git a/plugins/t/check_udp.t b/plugins/t/check_udp.t index 1f6fee70..6c47d095 100644 --- a/plugins/t/check_udp.t +++ b/plugins/t/check_udp.t @@ -34,12 +34,12 @@ my $nc; if(system("which nc.traditional >/dev/null 2>&1") == 0) { $nc = 'nc.traditional -w 3 -l -u -p 3333'; } -elsif(system("which netcat >/dev/null 2>&1") == 0) { - $nc = 'netcat -w 3 -l -u -p 3333'; -} elsif(system("which nc >/dev/null 2>&1") == 0) { $nc = 'nc -w 3 -l -u -4 localhost 3333'; } +elsif(system("which netcat >/dev/null 2>&1") == 0) { + $nc = 'netcat -w 3 -l -u -p 3333'; +} SKIP: { skip "solaris netcat does not listen to udp", 6 if $^O eq 'solaris'; diff --git a/plugins/tests/certs/expired-cert.pem b/plugins/tests/certs/expired-cert.pem index 40324cf8..77a9166e 100644 --- a/plugins/tests/certs/expired-cert.pem +++ b/plugins/tests/certs/expired-cert.pem @@ -1,21 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIDYzCCAsygAwIBAgIJAJISzcX71f5pMA0GCSqGSIb3DQEBBAUAMH8xCzAJBgNV -BAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIxFzAV -BgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwGCSqG -SIb3DQEJARYPdG9udm9vbkBtYWMuY29tMB4XDTA5MDMwNjAwMTMxNVoXDTA5MDMw -NTAwMTMxNlowfzELMAkGA1UEBhMCVUsxEzARBgNVBAgTCkRlcmJ5c2hpcmUxDzAN -BgNVBAcTBkJlbHBlcjEXMBUGA1UEChMOTmFnaW9zIFBsdWdpbnMxETAPBgNVBAMT -CFRvbiBWb29uMR4wHAYJKoZIhvcNAQkBFg90b252b29uQG1hYy5jb20wgZ8wDQYJ -KoZIhvcNAQEBBQADgY0AMIGJAoGBAOQHP4JnzACi4q6quXAiK+gTSffG6yyjEV+K -iyutRgBF2MdF03X5ls0wENw/5fnMTrHynl4XoGoV/rD4CR2hGT0m7dv7Vu0MRLlP -J1SCiFeMuQS30zzLMJr0A7IW869qRlKQmzxs1JT6XDbSoNQuF154zoxwNsKlMjoX -tJSHN2YpAgMBAAGjgeYwgeMwHQYDVR0OBBYEFHWjM9OQldrDLMcAfPnUVfGxlzOp -MIGzBgNVHSMEgaswgaiAFHWjM9OQldrDLMcAfPnUVfGxlzOpoYGEpIGBMH8xCzAJ -BgNVBAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIx -FzAVBgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwG -CSqGSIb3DQEJARYPdG9udm9vbkBtYWMuY29tggkAkhLNxfvV/mkwDAYDVR0TBAUw -AwEB/zANBgkqhkiG9w0BAQQFAAOBgQDHjoXoGwBamCiNplTt93jH/TO08RATdZP5 -45hlxv2+PKCjjTiFa2mjAvopFiqmYsr40XYEmpeYMiaOzOW5rBjtqBAT/JJWyfda -SCmj3swqyKus63rv/iuokIhZzBdhbB+eOJJrmwT2SEc5KdRaipH0QAGF1nZAAGzo -6xW7hkzYog== +MIIEETCCAvmgAwIBAgIUFDsP6WnV/uqeQMpD/DYSqouE13kwDQYJKoZIhvcNAQEL +BQAwgZcxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZN +dW5pY2gxGzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9u +aXRvcmluZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5n +LXBsdWdpbnMub3JnMB4XDTA4MDEwMTExMDAyNloXDTA4MDEwMjExMDAyNlowgZcx +CzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gx +GzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9uaXRvcmlu +ZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdp +bnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyeHKwKFjJWUX +YHKsisypUf9dHlIPQAISyGP1BX6UL26ZLvE6kKbx3LFQ9W2POGoQWlzFiB1soGeV +WDd0U0JtWdCKmOXWdcXpupQlTSUtRCMDQkfqLN8GR5TBTd73rezp5mz08nMfLwu0 +p5VQ191Ui8JHFgrAOalAn8Uw5De8vj4VmTXmU5NJ2UFoC0ddU/Th/lwRCayHc1cn +MVq2F7c/uhMUUQYNBmJy0pxoHawp+j9NKl/xIYsjgQNgahQyNuswuGHjaEwhPu+7 +G03XsW4ehu+H1898M/MkSln6LQAU1syoJ8ypPM8tV+zgx4uwj7udnZ2hceN95uW7 +0PWg5DQyUwIDAQABo1MwUTAdBgNVHQ4EFgQUt9ps3KJ1XiMuy/ijFBjMzf6jgwkw +HwYDVR0jBBgwFoAUt9ps3KJ1XiMuy/ijFBjMzf6jgwkwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAVPBZwMHbrnHFbmhbcPuvYd5cxk0uSVNAUzsl +2biCq5P+ZHo10VHGygXtdV4utqk/IrAt2u5qSxycWPStCtAgTd3Q8ncfjOkaHM4z +2bxTkhLyQeU8NWPuDBqDszo2GOaFTv+lm36LEKiAfqB1tjQVePSkycdrWIhkamBV +EgMe6uHLdU7QQk1ajQfrBdakN1beqki/dKieA6gm+XF/QS4SSYINmsHB/2X5cT9U +b/KMB8xurCnuJQuk1P4VsSkJCOSeHjWZgK9pKNdsIJZr4wDVfhjQgU0XT6xakSf7 +eCaHtO0VKsbLZoiTmpxidjsdYiXyeKYIQNtUpTjyJ5V/cZsq9w== -----END CERTIFICATE----- diff --git a/plugins/tests/certs/expired-key.pem b/plugins/tests/certs/expired-key.pem index af0e24da..c1510b2d 100644 --- a/plugins/tests/certs/expired-key.pem +++ b/plugins/tests/certs/expired-key.pem @@ -1,15 +1,28 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDkBz+CZ8wAouKuqrlwIivoE0n3xussoxFfiosrrUYARdjHRdN1 -+ZbNMBDcP+X5zE6x8p5eF6BqFf6w+AkdoRk9Ju3b+1btDES5TydUgohXjLkEt9M8 -yzCa9AOyFvOvakZSkJs8bNSU+lw20qDULhdeeM6McDbCpTI6F7SUhzdmKQIDAQAB -AoGARgI3rHjjuDpKMGg4IMZNBqaNaiZHY9/44IVvrww21rSbFqtIfgsQEpU0R/rS -R7xDWPztRGQqmwd/t6OfYNpqHbjO1MWzasVBVnzue5P59Y1xy1h0LZF8+a9GY++0 -uAGUC24jsXSmypNVzoX+ZKyinA3oYV/etdPYx1W8Ms5XIzUCQQD7xwhMuLok6Kbq -UEgiSfBTbx+haP3IiqqMF14z8QoEyD3jchydNaXEYdQxN8jEl2aPrMqTc6x8Jq4/ -ai0OkB+fAkEA59pAmN81HylV7+CsVjLOSbJqzau7NDxSs2uutxhHZRwz0e25wVer -fA03l08u0ebC/TDHkmHV6ikCryM5HU2FNwJAVZJFzd2S1myEHmr+uTisB49jDrbi -WkBWypo+mCS6JPnxntXvx7auClq9haTSBY73eqldiFPuMZvr6P2rJqHxPQJBAOTM -quaxjti7kATy8N73sD9mBKQGju1TgkFxSK+DFCGhnTnToXY9MAtxd6SoDYoyccYu -dyPrzJAR/IYc+mYCdC0CQDKlZuMPVXEgvGaQapzMQ++5yJRvMZF4tWvONBs0OCE9 -QYarsTi5M20cymMBXHOLZIjqwsni4G/C9kqJSvC75Vg= ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJ4crAoWMlZRdg +cqyKzKlR/10eUg9AAhLIY/UFfpQvbpku8TqQpvHcsVD1bY84ahBaXMWIHWygZ5VY +N3RTQm1Z0IqY5dZ1xem6lCVNJS1EIwNCR+os3wZHlMFN3vet7OnmbPTycx8vC7Sn +lVDX3VSLwkcWCsA5qUCfxTDkN7y+PhWZNeZTk0nZQWgLR11T9OH+XBEJrIdzVycx +WrYXtz+6ExRRBg0GYnLSnGgdrCn6P00qX/EhiyOBA2BqFDI26zC4YeNoTCE+77sb +Tdexbh6G74fXz3wz8yRKWfotABTWzKgnzKk8zy1X7ODHi7CPu52dnaFx433m5bvQ +9aDkNDJTAgMBAAECggEACrLFfNnQmD24NGs/S4e2/VpsA9xTZI/3kNkDNgxULANP +aNZtxRajwI9A/BCXQ2UTgsZhzWnJxOJYXrlpl7PweY78mUesysb3MOUC6QisUm0M +kimfdktHWOnAKLFFLNleN9DUVjjVkTeslijqhNX80f80py1grG2UuCLKCX4OqYIm +qACE8TMmSZLz42AO96TndNtKplQ8LuGLEmByW95wEfhx3Gm4ckkL7qII/U3DnQXr +0T+3xLaj+eNJzYDpIFZiw4sNzOuAyCz+4Cc4sPDuMnzquXF+enpkemoycC1RmEpG +KIDTwmFsc8TrbGV0qifC6fsCrDivdYLqL7R/q3IBQQKBgQDmfvO3VYTEKY8NA+AT +5s6+7NTxRsXxJUCEhCNBWimSH3EzmBAvrodLY6A0oYg8i81bgNX1I9GPVXJZ/QA7 +ukd84HUIQoGS5Usmo4rp+kz4P6KkLXDemZtWPU5GXxicfajHRQlkbW6St6SpV7IS +ibJcDADeoiaPL1xvue1ToP/LoQKBgQDgOFHjYpep00gabvjXfYW7vhrg1vVwaKUM +rf0+UW8Exk4nbBw0eEC2YjxIwzdktlkdbzGaXYULnhg8GnfxYesMOpCLPw1JdB8o +ixETAFpW5bKrUsjEFRUGhzWnsCSFIQ4smpmtGLTxOQ8AkoDdORY5Z+Wv7JtFF6Do +PSoblckZcwKBgB3TD3YJesRnHDty5OuuUdIikuslXTd2uoJrFqS+JeLibqNeabnB +u3/lxDULMbWj4U6VvRmbKOKDC+jY887Gq7lc0cff0yROxwqY3sCnwo3crg7QUmp7 +Nb5S8G3qoCSfndcq96wm/Me/O28uCbycVJfUdchY8uRUHIHYbP0FOBQBAoGBAMgh +fPX4imaKr1DovDObVkK87EDDnU84GBm5MtDs3qrkVd3aIVK0Aw7HoAdSN58tI12i +YiPmVVqJQhhjh6tsOuAvZdTj8ngdrbICbrsHFZt6an+A5LIgHyQ0iy+hiPdLCdvG +ImTeKKMmyr04Bs1upueWVO0xw2VoMbcY4Py+NUEBAoGASQqedfCSKGLT+5lLZrhP +CbFVMmswEPjBcRb1trcuA09vfExn9FfUNFnnw3i9miprED5kufvAjb+6nduXizKg +7HQYHCwVvakgtXgbiDMaNgYZcjWm+MdnfiwLJjJTO3DfI1JF2PJ8y9R95DPlAkDm +xH3OV8KV4UiTEVxS7ksmGzY= +-----END PRIVATE KEY----- diff --git a/plugins/tests/certs/server-cert.pem b/plugins/tests/certs/server-cert.pem index 549e4f7e..b84b91d2 100644 --- a/plugins/tests/certs/server-cert.pem +++ b/plugins/tests/certs/server-cert.pem @@ -1,21 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIDYzCCAsygAwIBAgIJAL8LkpNwzYdxMA0GCSqGSIb3DQEBBAUAMH8xCzAJBgNV -BAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIxFzAV -BgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwGCSqG -SIb3DQEJARYPdG9udm9vbkBtYWMuY29tMB4XDTA5MDMwNTIxNDEyOFoXDTE5MDMw -MzIxNDEyOFowfzELMAkGA1UEBhMCVUsxEzARBgNVBAgTCkRlcmJ5c2hpcmUxDzAN -BgNVBAcTBkJlbHBlcjEXMBUGA1UEChMOTmFnaW9zIFBsdWdpbnMxETAPBgNVBAMT -CFRvbiBWb29uMR4wHAYJKoZIhvcNAQkBFg90b252b29uQG1hYy5jb20wgZ8wDQYJ -KoZIhvcNAQEBBQADgY0AMIGJAoGBAKcWMBtNtfY8vZXk0SN6/EYTVN/LOvaOSegy -oVdLoGwuwjagk+XmCzvCqHZRp8lnCLay7AO8AQI7TSN02ihCcSrgGA9OT+HciIJ1 -l5/kEYUAuA1PR6YKK/T713zUAlMzy2tsugx5+xSsSEwsXkmne52jJiG/wuE5CLT0 -9pF8HQqHAgMBAAGjgeYwgeMwHQYDVR0OBBYEFGioSPQ/rdE19+zaeY2YvHTXlUDI -MIGzBgNVHSMEgaswgaiAFGioSPQ/rdE19+zaeY2YvHTXlUDIoYGEpIGBMH8xCzAJ -BgNVBAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIx -FzAVBgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwG -CSqGSIb3DQEJARYPdG9udm9vbkBtYWMuY29tggkAvwuSk3DNh3EwDAYDVR0TBAUw -AwEB/zANBgkqhkiG9w0BAQQFAAOBgQCdqasaIO6JiV5ONFG6Tr1++85UfEdZKMUX -N2NHiNNUunolIZEYR+dW99ezKmHlDiQ/tMgoLVYpl2Ubho2pAkLGQR+W0ZASgWQ1 -NjfV27Rv0y6lYQMTA0lVAU93L1x9reo3FMedmL5+H+lIEpLCxEPtAJNISrJOneZB -W5jDadwkoQ== +MIIEBjCCAu6gAwIBAgIJANbQ5QQrKhUGMA0GCSqGSIb3DQEBCwUAMIGXMQswCQYD +VQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEPMA0GA1UEBwwGTXVuaWNoMRswGQYD +VQQKDBJNb25pdG9yaW5nIFBsdWdpbnMxGzAZBgNVBAMMEk1vbml0b3JpbmcgUGx1 +Z2luczErMCkGCSqGSIb3DQEJARYcZGV2ZWxAbW9uaXRvcmluZy1wbHVnaW5zLm9y +ZzAeFw0xOTAyMTkxNTMxNDRaFw0yOTAyMTYxNTMxNDRaMIGXMQswCQYDVQQGEwJE +RTEQMA4GA1UECAwHQmF2YXJpYTEPMA0GA1UEBwwGTXVuaWNoMRswGQYDVQQKDBJN +b25pdG9yaW5nIFBsdWdpbnMxGzAZBgNVBAMMEk1vbml0b3JpbmcgUGx1Z2luczEr +MCkGCSqGSIb3DQEJARYcZGV2ZWxAbW9uaXRvcmluZy1wbHVnaW5zLm9yZzCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKgV2yp8pQvJuN+aJGdAe6Hd0tja +uteCPcNIcM92WLOF69TLTSYon1XDon4tHTh4Z5d4lD8bfsGzFVBmDSgWidhAUf+v +EqEXwbp293ej/Frc0pXCvmrz6kI1tWrLtQhL/VdbxFYxhV7JjKb+PY3SxGFpSLPe +PQ/5SwVndv7rZIwcjseL22K5Uy2TIrkgzzm2pRs/IvoxRybYr/+LGoHyrtJC6AO8 +ylp8A/etL0gwtUvRnrnZeTQ2pA1uZ5QN3anTL8JP/ZRZYNegIkaawqMtTKbhM6pi +u3/4a3Uppvt0y7vmGfQlYejxCpICnMrvHMpw8L58zv/98AbCGjDU3UwCt6MCAwEA +AaNTMFEwHQYDVR0OBBYEFG/UH6nGYPlVcM75UXzXBF5GZyrcMB8GA1UdIwQYMBaA +FG/UH6nGYPlVcM75UXzXBF5GZyrcMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN +AQELBQADggEBAGwitJPOnlIKLndNf+iCLMIs0dxsl8kAaejFcjoT0n4ja7Y6Zrqz +VSIidzz9vQWvy24xKJpAOdj/iLRHCUOG+Pf5fA6+/FiuqXr6gE2/lm0eC58BNONr +E5OzjQ/VoQ8RX4hDntgu6FYbaVa/vhwn16igt9qmdNGGZXf2/+DM3JADwyaA4EK8 +vm7KdofX9zkxXecHPNvf3jiVLPiDDt6tkGpHPEsyP/yc+RUdltUeZvHfliV0cCuC +jJX+Fm9ysjSpHIFFr+jUMuMHibWoOD8iy3eYxfCDoWsH488pCbj8MNuAq6vd6DBk +bOZxDz43vjWuYMkwXJTxJQh7Pne6kK0vE1g= -----END CERTIFICATE----- diff --git a/plugins/tests/certs/server-key.pem b/plugins/tests/certs/server-key.pem index eacaeaa3..11947555 100644 --- a/plugins/tests/certs/server-key.pem +++ b/plugins/tests/certs/server-key.pem @@ -1,15 +1,28 @@ ------BEGIN RSA PRIVATE KEY----- -MIICWwIBAAKBgQCnFjAbTbX2PL2V5NEjevxGE1Tfyzr2jknoMqFXS6BsLsI2oJPl -5gs7wqh2UafJZwi2suwDvAECO00jdNooQnEq4BgPTk/h3IiCdZef5BGFALgNT0em -Civ0+9d81AJTM8trbLoMefsUrEhMLF5Jp3udoyYhv8LhOQi09PaRfB0KhwIDAQAB -AoGAfpxclcP8N3vteXErXURrd7pcXT0GECDgNjhvc9PV20RPXM+vYs1AA+fMeeQE -TaRqwO6x016aMRO4rz5ztYArecTBznkds1k59pkN/Ne/nsueU4tvGK8MNyS2o986 -Voohqkaq4Lcy1bcHJb9su1ELjegEr1R76Mz452Hsy+uTbAECQQDcg/tZWKVeh5CQ -dOEB3YWHwfn0NDgfPm/X2i2kAZ7n7URaUy/ffdlfsrr1mBtHCfedLoOxmmlNfEpM -hXAAurSHAkEAwfk7fEb0iN0Sj9gTozO7c6Ky10KwePZyjVzqSQIiJq3NX8BEaIeb -51TXxE5VxaLjjMLRkA0hWTYXClgERFZ6AQJAN7ChPqwzf08PRFwwIw911JY5cOHr -NoDHMCUql5vNLNdwBruxgGjBB/kUXEfgw60RusFvgt/zLh1wiii844JDawJAGQBF -sYP3urg7zzx7c3qUe5gJ0wLuefjR1PSX4ecbfb7DDMdcSdjIuG1QDiZGmd2f1KG7 -nwSCOtxk5dloW2KGAQJAQh/iBn0QhfKLFAP5eZBVk8E8XlZuw+S2DLy5SnBlIiYJ -GB5I2OClgtudXMv1labFrcST8O9eFrtsrhU1iUGUOw== ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCoFdsqfKULybjf +miRnQHuh3dLY2rrXgj3DSHDPdlizhevUy00mKJ9Vw6J+LR04eGeXeJQ/G37BsxVQ +Zg0oFonYQFH/rxKhF8G6dvd3o/xa3NKVwr5q8+pCNbVqy7UIS/1XW8RWMYVeyYym +/j2N0sRhaUiz3j0P+UsFZ3b+62SMHI7Hi9tiuVMtkyK5IM85tqUbPyL6MUcm2K// +ixqB8q7SQugDvMpafAP3rS9IMLVL0Z652Xk0NqQNbmeUDd2p0y/CT/2UWWDXoCJG +msKjLUym4TOqYrt/+Gt1Kab7dMu75hn0JWHo8QqSApzK7xzKcPC+fM7//fAGwhow +1N1MArejAgMBAAECggEANuvdTwanTzC8jaNqHaq+OuemS2E9B8nwsGxtH/zFgvNR +WZiMPtmrJnTkFWJcV+VPw/iMSAqN4nDHmBugVOb4Z4asxGTKK4T9shXJSnh0rqPU +00ZsvbmxY6z0+E5TesCJqQ+9GYTY1V357V7JchvaOxIRxWPqg9urHbru8OCtW/I5 +Fh5HPUZlgCvlMpjlhyjydIf/oXyVA3RNsXlwe8+2cKuGIrjEzm2j9o3VF0sctTX0 +ItP8A9qDmDQN7GIWX0MW6gncojpS1omC2wcFsdjj/xfPyiDal1X4aq/2YqG8351c +YlM/+6Va0u9WWE/i64gASTAVqpMV4Yg8y0gGycuA0QKBgQDbgI2QeLd3FvMcURiU +l3w9qJgw/Jp3jaNC/9LkVGGz4f4lKKB67lPZvI4noMK8GqO/LcXgqP/RY1oJojoA +/6JKVvzYGASZ7VgMoG9bk1AneP1PGdibuTUEwimGlcObxnDFIC/yjwPFu3jIdqdS +zZi1RZzyqAogN5y3SBEypSmn9wKBgQDECKsqqlcizmCl8v5aVk875AzGN+DOHZqx +bkmztlnLO/2e2Fmk3G5Vvnui0FYisf8Eq19tUTQCF6lSfJlGQeFAT119wkFZhLu+ +FfLGqoEMH0ijJg/8PpdpFRK3I94YcISoTNN6yxMvE6xdDGfKCt5a+IX5bwQi9Zdc +B242gEc6tQKBgA6tM8n7KFlAIZU9HuWgk2AUC8kKutFPmSD7tgAqXDYI4FNfugs+ +MEEYyHCB4UNujJBV4Ss6YZCAkh6eyD4U2aca1eElCfm40vBVMdzvpqZdAqLtWXxg +D9l3mgszrFaYGCY2Fr6jLV9lP5g3xsxUjudf9jSLY9HvpfzjRrMaNATVAoGBALTl +/vYfPMucwKlC5B7++J0e4/7iv6vUu9SyHocdZh1anb9AjPDKjXLIlZT4RhQ8R0XK +0wOw5JpttU2uN08TKkbLNk3/vYhbKVjPLjrQSseh8sjDLgsqw1QwIxYnniLVakVY +p+rvjSNrNyqicQCMKQavwgocvSd5lJRTMwxOMezlAoGBAKWj71BX+0CK00/2S6lC +TcNcuUPG0d8y1czZ4q6tUlG4htwq1FMOpaghATXjkdsOGTLS+H1aA0Kt7Ai9zDhc +/bzOJEJ+jvBXV4Gcs7jl1r/HTKv0tT9ZSI5Vzkida0rfqxDGzcMVlLuCdH0cb8Iu +N0wdmCAqlQwHR13+F1zrAD7V +-----END PRIVATE KEY----- diff --git a/plugins/tests/check_curl.t b/plugins/tests/check_curl.t new file mode 100755 index 00000000..29cb03f2 --- /dev/null +++ b/plugins/tests/check_curl.t @@ -0,0 +1,509 @@ +#! /usr/bin/perl -w -I .. +# +# Test check_http by having an actual HTTP server running +# +# To create the https server certificate: +# openssl req -new -x509 -keyout server-key.pem -out server-cert.pem -days 3650 -nodes +# to create a new expired certificate: +# faketime '2008-01-01 12:00:00' openssl req -new -x509 -keyout expired-key.pem -out expired-cert.pem -days 1 -nodes +# Country Name (2 letter code) [AU]:DE +# State or Province Name (full name) [Some-State]:Bavaria +# Locality Name (eg, city) []:Munich +# Organization Name (eg, company) [Internet Widgits Pty Ltd]:Monitoring Plugins +# Organizational Unit Name (eg, section) []: +# Common Name (e.g. server FQDN or YOUR name) []:Monitoring Plugins +# Email Address []:devel@monitoring-plugins.org + +use strict; +use Test::More; +use NPTest; +use FindBin qw($Bin); + +$ENV{'LC_TIME'} = "C"; + +my $common_tests = 72; +my $ssl_only_tests = 8; +# Check that all dependent modules are available +eval "use HTTP::Daemon 6.01;"; +plan skip_all => 'HTTP::Daemon >= 6.01 required' if $@; +eval { + require HTTP::Status; + require HTTP::Response; +}; + +my $plugin = 'check_http'; +$plugin = 'check_curl' if $0 =~ m/check_curl/mx; + +# look for libcurl version to see if some advanced checks are possible (>= 7.49.0) +my $advanced_checks = 12; +my $use_advanced_checks = 0; +my $required_version = '7.49.0'; +my $virtual_host = 'www.somefunnyhost.com'; +my $virtual_port = 42; +my $curl_version = ''; +open (my $fh, '-|', "./$plugin --version") or die; +while (<$fh>) { + if (m{libcurl/([\d.]+)\s}) { + $curl_version = $1; + last; + } +} +close ($fh); +if ($curl_version) { + my ($major, $minor, $release) = split (/\./, $curl_version); + my ($req_major, $req_minor, $req_release) = split (/\./, $required_version); + my $check = ($major <=> $req_major or $minor <=> $req_minor or $release <=> $req_release); + if ($check >= 0) { + $use_advanced_checks = 1; + print "Found libcurl $major.$minor.$release. Using advanced checks\n"; + } +} + +if ($@) { + plan skip_all => "Missing required module for test: $@"; +} else { + if (-x "./$plugin") { + plan tests => $common_tests * 2 + $ssl_only_tests + $advanced_checks; + } else { + plan skip_all => "No $plugin compiled"; + } +} + +my $servers = { http => 0 }; # HTTP::Daemon should always be available +eval { require HTTP::Daemon::SSL }; +if ($@) { + diag "Cannot load HTTP::Daemon::SSL: $@"; +} else { + $servers->{https} = 0; +} + +# set a fixed version, so the header size doesn't vary +$HTTP::Daemon::VERSION = "1.00"; + +my $port_http = 50000 + int(rand(1000)); +my $port_https = $port_http + 1; +my $port_https_expired = $port_http + 2; + +# This array keeps sockets around for implementing timeouts +my @persist; + +# Start up all servers +my @pids; +my $pid = fork(); +if ($pid) { + # Parent + push @pids, $pid; + if (exists $servers->{https}) { + # Fork a normal HTTPS server + $pid = fork(); + if ($pid) { + # Parent + push @pids, $pid; + # Fork an expired cert server + $pid = fork(); + if ($pid) { + push @pids, $pid; + } else { + my $d = HTTP::Daemon::SSL->new( + LocalPort => $port_https_expired, + LocalAddr => "127.0.0.1", + SSL_cert_file => "$Bin/certs/expired-cert.pem", + SSL_key_file => "$Bin/certs/expired-key.pem", + ) || die; + print "Please contact https expired at: <URL:", $d->url, ">\n"; + run_server( $d ); + exit; + } + } else { + my $d = HTTP::Daemon::SSL->new( + LocalPort => $port_https, + LocalAddr => "127.0.0.1", + SSL_cert_file => "$Bin/certs/server-cert.pem", + SSL_key_file => "$Bin/certs/server-key.pem", + ) || die; + print "Please contact https at: <URL:", $d->url, ">\n"; + run_server( $d ); + exit; + } + } +} else { + # Child + #print "child\n"; + my $d = HTTP::Daemon->new( + LocalPort => $port_http, + LocalAddr => "127.0.0.1", + ) || die; + print "Please contact http at: <URL:", $d->url, ">\n"; + run_server( $d ); + exit; +} + +# give our webservers some time to startup +sleep(3); + +# Run the same server on http and https +sub run_server { + my $d = shift; + MAINLOOP: while (my $c = $d->accept ) { + while (my $r = $c->get_request) { + if ($r->method eq "GET" and $r->url->path =~ m^/statuscode/(\d+)^) { + $c->send_basic_header($1); + $c->send_crlf; + } elsif ($r->method eq "GET" and $r->url->path =~ m^/file/(.*)^) { + $c->send_basic_header; + $c->send_crlf; + $c->send_file_response("$Bin/var/$1"); + } elsif ($r->method eq "GET" and $r->url->path eq "/slow") { + $c->send_basic_header; + $c->send_crlf; + sleep 1; + $c->send_response("slow"); + } elsif ($r->url->path eq "/method") { + if ($r->method eq "DELETE") { + $c->send_error(HTTP::Status->RC_METHOD_NOT_ALLOWED); + } elsif ($r->method eq "foo") { + $c->send_error(HTTP::Status->RC_NOT_IMPLEMENTED); + } else { + $c->send_status_line(200, $r->method); + } + } elsif ($r->url->path eq "/postdata") { + $c->send_basic_header; + $c->send_crlf; + $c->send_response($r->method.":".$r->content); + } elsif ($r->url->path eq "/redirect") { + $c->send_redirect( "/redirect2" ); + } elsif ($r->url->path eq "/redir_external") { + $c->send_redirect(($d->isa('HTTP::Daemon::SSL') ? "https" : "http") . "://169.254.169.254/redirect2" ); + } elsif ($r->url->path eq "/redirect2") { + $c->send_basic_header; + $c->send_crlf; + $c->send_response(HTTP::Response->new( 200, 'OK', undef, 'redirected' )); + } elsif ($r->url->path eq "/redir_timeout") { + $c->send_redirect( "/timeout" ); + } elsif ($r->url->path eq "/timeout") { + # Keep $c from being destroyed, but prevent severe leaks + unshift @persist, $c; + delete($persist[1000]); + next MAINLOOP; + } elsif ($r->url->path eq "/header_check") { + $c->send_basic_header; + $c->send_header('foo'); + $c->send_crlf; + } elsif ($r->url->path eq "/header_broken_check") { + $c->send_basic_header; + $c->send_header('foo'); + print $c "Test1:: broken\n"; + print $c " Test2: leading whitespace\n"; + $c->send_crlf; + } elsif ($r->url->path eq "/virtual_port") { + # return sent Host header + $c->send_basic_header; + $c->send_crlf; + $c->send_response(HTTP::Response->new( 200, 'OK', undef, $r->header ('Host'))); + } else { + $c->send_error(HTTP::Status->RC_FORBIDDEN); + } + $c->close; + } + } +} + +END { + foreach my $pid (@pids) { + if ($pid) { print "Killing $pid\n"; kill "INT", $pid } + } +}; + +if ($ARGV[0] && $ARGV[0] eq "-d") { + while (1) { + sleep 100; + } +} + +my $result; +my $command = "./$plugin -H 127.0.0.1"; + +run_common_tests( { command => "$command -p $port_http" } ); +SKIP: { + skip "HTTP::Daemon::SSL not installed", $common_tests + $ssl_only_tests if ! exists $servers->{https}; + run_common_tests( { command => "$command -p $port_https", ssl => 1 } ); + + $result = NPTest->testCmd( "$command -p $port_https -S -C 14" ); + is( $result->return_code, 0, "$command -p $port_https -S -C 14" ); + is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on Fri Feb 16 15:31:44 2029 +0000.", "output ok" ); + + $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" ); + is( $result->return_code, 1, "$command -p $port_https -S -C 14000" ); + like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" ); + + # Expired cert tests + $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" ); + is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" ); + like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" ); + + $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" ); + is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" ); + is( $result->output, + 'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan 2 11:00:26 2008 +0000.', + "output ok" ); + +} + +my $cmd; + +# advanced checks with virtual hostname and virtual port +SKIP: { + skip "libcurl version is smaller than $required_version", 6 unless $use_advanced_checks; + + # http without virtual port + $cmd = "./$plugin -H $virtual_host -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host:$port_http\$"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + # http with virtual port (!= 80) + $cmd = "./$plugin -H $virtual_host:$virtual_port -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host:$virtual_port\$"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + # http with virtual port (80) + $cmd = "./$plugin -H $virtual_host:80 -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host\$"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); +} + +# and the same for SSL +SKIP: { + skip "libcurl version is smaller than $required_version and/or HTTP::Daemon::SSL not installed", 6 if ! exists $servers->{https} or not $use_advanced_checks; + # https without virtual port + $cmd = "./$plugin -H $virtual_host -I 127.0.0.1 -p $port_https --ssl -u /virtual_port -r ^$virtual_host:$port_https\$"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + # https with virtual port (!= 443) + $cmd = "./$plugin -H $virtual_host:$virtual_port -I 127.0.0.1 -p $port_https --ssl -u /virtual_port -r ^$virtual_host:$virtual_port\$"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + # https with virtual port (443) + $cmd = "./$plugin -H $virtual_host:443 -I 127.0.0.1 -p $port_https --ssl -u /virtual_port -r ^$virtual_host\$"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); +} + + +sub run_common_tests { + my ($opts) = @_; + my $command = $opts->{command}; + if ($opts->{ssl}) { + $command .= " --ssl"; + } + + $result = NPTest->testCmd( "$command -u /file/root" ); + is( $result->return_code, 0, "/file/root"); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 274 bytes in [\d\.]+ second/', "Output correct" ); + + $result = NPTest->testCmd( "$command -u /file/root -s Root" ); + is( $result->return_code, 0, "/file/root search for string"); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 274 bytes in [\d\.]+ second/', "Output correct" ); + + $result = NPTest->testCmd( "$command -u /file/root -s NonRoot" ); + is( $result->return_code, 2, "Missing string check"); + like( $result->output, qr%^HTTP CRITICAL: HTTP/1\.1 200 OK - string 'NonRoot' not found on 'https?://127\.0\.0\.1:\d+/file/root'%, "Shows search string and location"); + + $result = NPTest->testCmd( "$command -u /file/root -s NonRootWithOver30charsAndMoreFunThanAWetFish" ); + is( $result->return_code, 2, "Missing string check"); + like( $result->output, qr%HTTP CRITICAL: HTTP/1\.1 200 OK - string 'NonRootWithOver30charsAndM...' not found on 'https?://127\.0\.0\.1:\d+/file/root'%, "Shows search string and location"); + + $result = NPTest->testCmd( "$command -u /header_check -d foo" ); + is( $result->return_code, 0, "header_check search for string"); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 96 bytes in [\d\.]+ second/', "Output correct" ); + + $result = NPTest->testCmd( "$command -u /header_check -d bar" ); + is( $result->return_code, 2, "Missing header string check"); + like( $result->output, qr%^HTTP CRITICAL: HTTP/1\.1 200 OK - header 'bar' not found on 'https?://127\.0\.0\.1:\d+/header_check'%, "Shows search string and location"); + + $result = NPTest->testCmd( "$command -u /header_broken_check" ); + is( $result->return_code, 0, "header_check search for string"); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 138 bytes in [\d\.]+ second/', "Output correct" ); + + my $cmd; + $cmd = "$command -u /slow"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, "$cmd"); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + $result->output =~ /in ([\d\.]+) second/; + cmp_ok( $1, ">", 1, "Time is > 1 second" ); + + $cmd = "$command -u /statuscode/200"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -u /statuscode/200 -e 200"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - Status line output matched "200" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -u /statuscode/201"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 201 Created - \d+ bytes in [\d\.]+ second /', "Output correct: ".$result->output ); + + $cmd = "$command -u /statuscode/201 -e 201"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 201 Created - Status line output matched "201" - \d+ bytes in [\d\.]+ second /', "Output correct: ".$result->output ); + + $cmd = "$command -u /statuscode/201 -e 200"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 2, $cmd); + like( $result->output, '/^HTTP CRITICAL - Invalid HTTP response received from host on port \d+: HTTP/1.1 201 Created/', "Output correct: ".$result->output ); + + $cmd = "$command -u /statuscode/200 -e 200,201,202"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - Status line output matched "200,201,202" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -u /statuscode/201 -e 200,201,202"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 201 Created - Status line output matched "200,201,202" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -u /statuscode/203 -e 200,201,202"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 2, $cmd); + like( $result->output, '/^HTTP CRITICAL - Invalid HTTP response received from host on port (\d+): HTTP/1.1 203 Non-Authoritative Information/', "Output correct: ".$result->output ); + + $cmd = "$command -j HEAD -u /method"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 HEAD - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -j POST -u /method"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 POST - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -j GET -u /method"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 GET - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -u /method"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 GET - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -P foo -u /method"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 POST - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -j DELETE -u /method"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 1, $cmd); + like( $result->output, '/^HTTP WARNING: HTTP/1.1 405 Method Not Allowed/', "Output correct: ".$result->output ); + + $cmd = "$command -j foo -u /method"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 2, $cmd); + like( $result->output, '/^HTTP CRITICAL: HTTP/1.1 501 Not Implemented/', "Output correct: ".$result->output ); + + $cmd = "$command -P stufftoinclude -u /postdata -s POST:stufftoinclude"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -j PUT -P stufftoinclude -u /postdata -s PUT:stufftoinclude"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + # To confirm that the free doesn't segfault + $cmd = "$command -P stufftoinclude -j PUT -u /postdata -s PUT:stufftoinclude"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -u /redirect"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 301 Moved Permanently - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -f follow -u /redirect"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -u /redirect -k 'follow: me'"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 301 Moved Permanently - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -f follow -u /redirect -k 'follow: me'"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -f sticky -u /redirect -k 'follow: me'"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -f stickyport -u /redirect -k 'follow: me'"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + # These tests may block + print "ALRM\n"; + + # stickyport - on full urlS port is set back to 80 otherwise + $cmd = "$command -f stickyport -u /redir_external -t 5 -s redirected"; + eval { + local $SIG{ALRM} = sub { die "alarm\n" }; + alarm(2); + $result = NPTest->testCmd( $cmd ); + alarm(0); }; + isnt( $@, "alarm\n", $cmd ); + is( $result->return_code, 0, $cmd ); + + # Let's hope there won't be any web server on :80 returning "redirected"! + $cmd = "$command -f sticky -u /redir_external -t 5 -s redirected"; + eval { + local $SIG{ALRM} = sub { die "alarm\n" }; + alarm(2); + $result = NPTest->testCmd( $cmd ); + alarm(0); }; + isnt( $@, "alarm\n", $cmd ); + isnt( $result->return_code, 0, $cmd ); + + # Test an external address - timeout + SKIP: { + skip "This doesn't seem to work all the time", 1 unless ($ENV{HTTP_EXTERNAL}); + $cmd = "$command -f follow -u /redir_external -t 5"; + eval { + $result = NPTest->testCmd( $cmd, 2 ); + }; + like( $@, "/timeout in command: $cmd/", $cmd ); + } + + $cmd = "$command -u /timeout -t 5"; + eval { + $result = NPTest->testCmd( $cmd, 2 ); + }; + like( $@, "/timeout in command: $cmd/", $cmd ); + + $cmd = "$command -f follow -u /redir_timeout -t 2"; + eval { + $result = NPTest->testCmd( $cmd, 5 ); + }; + is( $@, "", $cmd ); + +} diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t index 1bc0ecb7..188f5e75 100755 --- a/plugins/tests/check_http.t +++ b/plugins/tests/check_http.t @@ -4,13 +4,15 @@ # # To create the https server certificate: # openssl req -new -x509 -keyout server-key.pem -out server-cert.pem -days 3650 -nodes -# Country Name (2 letter code) [AU]:UK -# State or Province Name (full name) [Some-State]:Derbyshire -# Locality Name (eg, city) []:Belper +# to create a new expired certificate: +# faketime '2008-01-01 12:00:00' openssl req -new -x509 -keyout expired-key.pem -out expired-cert.pem -days 1 -nodes +# Country Name (2 letter code) [AU]:DE +# State or Province Name (full name) [Some-State]:Bavaria +# Locality Name (eg, city) []:Munich # Organization Name (eg, company) [Internet Widgits Pty Ltd]:Monitoring Plugins # Organizational Unit Name (eg, section) []: -# Common Name (eg, YOUR name) []:Ton Voon -# Email Address []:tonvoon@mac.com +# Common Name (e.g. server FQDN or YOUR name) []:Monitoring Plugins +# Email Address []:devel@monitoring-plugins.org use strict; use Test::More; @@ -20,6 +22,7 @@ use FindBin qw($Bin); $ENV{'LC_TIME'} = "C"; my $common_tests = 70; +my $virtual_port_tests = 8; my $ssl_only_tests = 8; # Check that all dependent modules are available eval "use HTTP::Daemon 6.01;"; @@ -29,13 +32,16 @@ eval { require HTTP::Response; }; +my $plugin = 'check_http'; +$plugin = 'check_curl' if $0 =~ m/check_curl/mx; + if ($@) { plan skip_all => "Missing required module for test: $@"; } else { - if (-x "./check_http") { - plan tests => $common_tests * 2 + $ssl_only_tests; + if (-x "./$plugin") { + plan tests => $common_tests * 2 + $ssl_only_tests + $virtual_port_tests; } else { - plan skip_all => "No check_http compiled"; + plan skip_all => "No $plugin compiled"; } } @@ -85,6 +91,8 @@ if ($pid) { exit; } } else { + # closing the connection after -C cert checks make the daemon exit with a sigpipe otherwise + local $SIG{'PIPE'} = 'IGNORE'; my $d = HTTP::Daemon::SSL->new( LocalPort => $port_https, LocalAddr => "127.0.0.1", @@ -96,8 +104,6 @@ if ($pid) { exit; } } - # give our webservers some time to startup - sleep(1); } else { # Child #print "child\n"; @@ -110,6 +116,9 @@ if ($pid) { exit; } +# give our webservers some time to startup +sleep(3); + # Run the same server on http and https sub run_server { my $d = shift; @@ -158,6 +167,11 @@ sub run_server { $c->send_basic_header; $c->send_header('foo'); $c->send_crlf; + } elsif ($r->url->path eq "/virtual_port") { + # return sent Host header + $c->send_basic_header; + $c->send_crlf; + $c->send_response(HTTP::Response->new( 200, 'OK', undef, $r->header ('Host'))); } else { $c->send_error(HTTP::Status->RC_FORBIDDEN); } @@ -179,7 +193,7 @@ if ($ARGV[0] && $ARGV[0] eq "-d") { } my $result; -my $command = "./check_http -H 127.0.0.1"; +my $command = "./$plugin -H 127.0.0.1"; run_common_tests( { command => "$command -p $port_http" } ); SKIP: { @@ -188,25 +202,56 @@ SKIP: { $result = NPTest->testCmd( "$command -p $port_https -S -C 14" ); is( $result->return_code, 0, "$command -p $port_https -S -C 14" ); - is( $result->output, 'OK - Certificate \'Ton Voon\' will expire on Sun Mar 3 21:41:28 2019 +0000.', "output ok" ); + is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on Fri Feb 16 15:31:44 2029 +0000.", "output ok" ); $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" ); is( $result->return_code, 1, "$command -p $port_https -S -C 14000" ); - like( $result->output, '/WARNING - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar 3 21:41:28 2019 \+0000\)./', "output ok" ); + like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" ); # Expired cert tests $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" ); is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" ); - like( $result->output, '/CRITICAL - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar 3 21:41:28 2019 \+0000\)./', "output ok" ); + like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" ); $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" ); is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" ); is( $result->output, - 'CRITICAL - Certificate \'Ton Voon\' expired on Thu Mar 5 00:13:16 2009 +0000.', + 'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan 2 11:00:26 2008 +0000.', "output ok" ); } +my $cmd; +# check virtual port behaviour +# +# http without virtual port +$cmd = "$command -p $port_http -u /virtual_port -r ^127.0.0.1:$port_http\$"; +$result = NPTest->testCmd( $cmd ); +is( $result->return_code, 0, $cmd); +like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + +# http with virtual port +$cmd = "$command:80 -p $port_http -u /virtual_port -r ^127.0.0.1\$"; +$result = NPTest->testCmd( $cmd ); +is( $result->return_code, 0, $cmd); +like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + +SKIP: { + skip "HTTP::Daemon::SSL not installed", 4 if ! exists $servers->{https}; + # https without virtual port + $cmd = "$command -p $port_https --ssl -u /virtual_port -r ^127.0.0.1:$port_https\$"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + # https with virtual port + $cmd = "$command:443 -p $port_https --ssl -u /virtual_port -r ^127.0.0.1\$"; + $result = NPTest->testCmd( $cmd ); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); +} + + sub run_common_tests { my ($opts) = @_; my $command = $opts->{command}; @@ -372,27 +417,29 @@ sub run_common_tests { # stickyport - on full urlS port is set back to 80 otherwise $cmd = "$command -f stickyport -u /redir_external -t 5 -s redirected"; + alarm(2); eval { local $SIG{ALRM} = sub { die "alarm\n" }; - alarm(2); $result = NPTest->testCmd( $cmd ); - alarm(0); }; + }; isnt( $@, "alarm\n", $cmd ); + alarm(0); is( $result->return_code, 0, $cmd ); # Let's hope there won't be any web server on :80 returning "redirected"! $cmd = "$command -f sticky -u /redir_external -t 5 -s redirected"; + alarm(2); eval { local $SIG{ALRM} = sub { die "alarm\n" }; - alarm(2); $result = NPTest->testCmd( $cmd ); - alarm(0); }; + }; isnt( $@, "alarm\n", $cmd ); + alarm(0); isnt( $result->return_code, 0, $cmd ); # Test an external address - timeout SKIP: { - skip "This doesn't seems to work all the time", 1 unless ($ENV{HTTP_EXTERNAL}); + skip "This doesn't seem to work all the time", 1 unless ($ENV{HTTP_EXTERNAL}); $cmd = "$command -f follow -u /redir_external -t 5"; eval { $result = NPTest->testCmd( $cmd, 2 ); diff --git a/plugins/tests/check_procs.t b/plugins/tests/check_procs.t index 54d43d9b..3af218f5 100755 --- a/plugins/tests/check_procs.t +++ b/plugins/tests/check_procs.t @@ -8,13 +8,14 @@ use Test::More; use NPTest; if (-x "./check_procs") { - plan tests => 50; + plan tests => 52; } else { plan skip_all => "No check_procs compiled"; } my $result; -my $command = "./check_procs --input-file=tests/var/ps-axwo.darwin"; +my $command = "./check_procs --input-file=tests/var/ps-axwo.darwin"; +my $cmd_etime = "./check_procs --input-file=tests/var/ps-axwo.debian"; $result = NPTest->testCmd( "$command" ); is( $result->return_code, 0, "Run with no options" ); @@ -69,9 +70,21 @@ SKIP: { like( $result->output, '/^PROCS OK: 0 processes with UID = -2 \(nobody\), args \'UsB\'/', "Output correct" ); }; -$result = NPTest->testCmd( "$command --ereg-argument-array='mdworker.*501'" ); -is( $result->return_code, 0, "Checking regexp search of arguments" ); -is( $result->output, "PROCS OK: 1 process with regex args 'mdworker.*501' | procs=1;;;0;", "Output correct" ); +SKIP: { + skip 'check_procs is compiled with etime format support', 2 if `$command -vvv` =~ m/etime/mx; + + $result = NPTest->testCmd( "$command --ereg-argument-array='mdworker.*501'" ); + is( $result->return_code, 0, "Checking regexp search of arguments" ); + is( $result->output, "PROCS OK: 1 process with regex args 'mdworker.*501' | procs=1;;;0;", "Output correct" ); +} + +SKIP: { + skip 'check_procs is compiled without etime format support', 2 if `$cmd_etime -vvv` !~ m/etime/mx; + + $result = NPTest->testCmd( "$cmd_etime -m ELAPSED -C apache2 -w 1000 -c 2000" ); + is( $result->return_code, 2, "Checking elapsed time threshold" ); + is( $result->output, "ELAPSED CRITICAL: 10 crit, 0 warn out of 10 processes with command name 'apache2' | procs=10;;;0; procs_warn=0;;;0; procs_crit=10;;;0;", "Output correct" ); +} $result = NPTest->testCmd( "$command --vsz 1000000" ); is( $result->return_code, 0, "Checking filter by VSZ" ); @@ -83,7 +96,7 @@ is( $result->output, 'PROCS OK: 3 processes with RSS >= 100000 | procs=3;;;0;', $result = NPTest->testCmd( "$command -s S" ); is( $result->return_code, 0, "Checking filter for sleeping processes" ); -like( $result->output, '/^PROCS OK: 44 processes with STATE = S/', "Output correct" ); +like( $result->output, '/^PROCS OK: 88 processes with STATE = S/', "Output correct" ); $result = NPTest->testCmd( "$command -s Z" ); is( $result->return_code, 0, "Checking filter for zombies" ); @@ -129,4 +142,3 @@ is( $result->output, 'RSS CRITICAL: 5 crit, 0 warn out of 95 processes [WindowSe $result = NPTest->testCmd( "$command --ereg-argument-array='(nosuchname|nosuch2name)'" ); is( $result->return_code, 0, "Checking no pipe symbol in output" ); is( $result->output, "PROCS OK: 0 processes with regex args '(nosuchname,nosuch2name)' | procs=0;;;0;", "Output correct" ); - diff --git a/plugins/tests/check_snmp.t b/plugins/tests/check_snmp.t index 73a68b20..0a77fa8a 100755 --- a/plugins/tests/check_snmp.t +++ b/plugins/tests/check_snmp.t @@ -7,8 +7,9 @@ use strict; use Test::More; use NPTest; use FindBin qw($Bin); +use POSIX qw/strftime/; -my $tests = 67; +my $tests = 73; # Check that all dependent modules are available eval { require NetSNMP::OID; @@ -37,6 +38,7 @@ if ($@) { my $port_snmp = 16100 + int(rand(100)); +my $faketime = -x '/usr/bin/faketime' ? 1 : 0; # Start up server my @pids; @@ -118,77 +120,81 @@ like($res->output, '/'.quotemeta('SNMP OK - And now have fun with with this: \"C "And now have fun with with this: \"C:\\\\\" because we\'re not done yet!"').'/m', "Attempt to confuse parser No.3"); -system("rm -f ".$ENV{'MP_STATE_PATH'}."/check_snmp/*"); -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" ); -is($res->return_code, 0, "Returns OK"); -is($res->output, "No previous data to calculate rate - assume okay"); +system("rm -f ".$ENV{'MP_STATE_PATH'}."/*/check_snmp/*"); -# Need to sleep, otherwise duration=0 -sleep 1; +# run rate checks with faketime. rate checks depend on the exact amount of time spend between the +# plugin runs which may fail on busy machines. +# using faketime removes this race condition and also saves all the sleeps in between. +SKIP: { + skip "No faketime binary found", 28 if !$faketime; -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" ); -is($res->return_code, 1, "WARNING - due to going above rate calculation" ); -is($res->output, "SNMP RATE WARNING - *666* | iso.3.6.1.4.1.8072.3.2.67.10=666;600 "); + my $ts = time(); + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" ); + is($res->return_code, 0, "Returns OK"); + is($res->output, "No previous data to calculate rate - assume okay"); -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" ); -is($res->return_code, 3, "UNKNOWN - basically the divide by zero error" ); -is($res->output, "Time duration between plugin calls is invalid"); + # test rate 1 second later + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" ); + is($res->return_code, 1, "WARNING - due to going above rate calculation" ); + is($res->output, "SNMP RATE WARNING - *666* | iso.3.6.1.4.1.8072.3.2.67.10=666;600 "); + # test rate with same time + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" ); + is($res->return_code, 3, "UNKNOWN - basically the divide by zero error" ); + is($res->output, "Time duration between plugin calls is invalid"); -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" ); -is($res->return_code, 0, "OK for first call" ); -is($res->output, "No previous data to calculate rate - assume okay" ); -# Need to sleep, otherwise duration=0 -sleep 1; + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" ); + is($res->return_code, 0, "OK for first call" ); + is($res->output, "No previous data to calculate rate - assume okay" ); -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" ); -is($res->return_code, 0, "OK as no thresholds" ); -is($res->output, "SNMP RATE OK - inoctets 666 | inoctets=666 ", "Check label"); + # test rate 1 second later + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" ); + is($res->return_code, 0, "OK as no thresholds" ); + is($res->output, "SNMP RATE OK - inoctets 666 | inoctets=666 ", "Check label"); -sleep 2; + # test rate 3 seconds later + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+3))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" ); + is($res->return_code, 0, "OK as no thresholds" ); + is($res->output, "SNMP RATE OK - inoctets 333 | inoctets=333 ", "Check rate decreases due to longer interval"); -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" ); -is($res->return_code, 0, "OK as no thresholds" ); -is($res->output, "SNMP RATE OK - inoctets 333 | inoctets=333 ", "Check rate decreases due to longer interval"); + # label performance data check + $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l test" ); + is($res->return_code, 0, "OK as no thresholds" ); + is($res->output, "SNMP OK - test 67996 | test=67996c ", "Check label"); -# label performance data check -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l test" ); -is($res->return_code, 0, "OK as no thresholds" ); -is($res->output, "SNMP OK - test 67996 | test=67996c ", "Check label"); + $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l \"test'test\"" ); + is($res->return_code, 0, "OK as no thresholds" ); + is($res->output, "SNMP OK - test'test 68662 | \"test'test\"=68662c ", "Check label"); -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l \"test'test\"" ); -is($res->return_code, 0, "OK as no thresholds" ); -is($res->output, "SNMP OK - test'test 68662 | \"test'test\"=68662c ", "Check label"); + $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l 'test\"test'" ); + is($res->return_code, 0, "OK as no thresholds" ); + is($res->output, "SNMP OK - test\"test 69328 | 'test\"test'=69328c ", "Check label"); -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l 'test\"test'" ); -is($res->return_code, 0, "OK as no thresholds" ); -is($res->output, "SNMP OK - test\"test 69328 | 'test\"test'=69328c ", "Check label"); + $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l test -O" ); + is($res->return_code, 0, "OK as no thresholds" ); + is($res->output, "SNMP OK - test 69994 | iso.3.6.1.4.1.8072.3.2.67.10=69994c ", "Check label"); -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l test -O" ); -is($res->return_code, 0, "OK as no thresholds" ); -is($res->output, "SNMP OK - test 69994 | iso.3.6.1.4.1.8072.3.2.67.10=69994c ", "Check label"); + $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10" ); + is($res->return_code, 0, "OK as no thresholds" ); + is($res->output, "SNMP OK - 70660 | iso.3.6.1.4.1.8072.3.2.67.10=70660c ", "Check label"); -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10" ); -is($res->return_code, 0, "OK as no thresholds" ); -is($res->output, "SNMP OK - 70660 | iso.3.6.1.4.1.8072.3.2.67.10=70660c ", "Check label"); + $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l 'test test'" ); + is($res->return_code, 0, "OK as no thresholds" ); + is($res->output, "SNMP OK - test test 71326 | 'test test'=71326c ", "Check label"); -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l 'test test'" ); -is($res->return_code, 0, "OK as no thresholds" ); -is($res->output, "SNMP OK - test test 71326 | 'test test'=71326c ", "Check label"); + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets_per_minute --rate-multiplier=60" ); + is($res->return_code, 0, "OK for first call" ); + is($res->output, "No previous data to calculate rate - assume okay" ); -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets_per_minute --rate-multiplier=60" ); -is($res->return_code, 0, "OK for first call" ); -is($res->output, "No previous data to calculate rate - assume okay" ); - -# Need to sleep, otherwise duration=0 -sleep 1; + # test 1 second later + $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets_per_minute --rate-multiplier=60" ); + is($res->return_code, 0, "OK as no thresholds" ); + is($res->output, "SNMP RATE OK - inoctets_per_minute 39960 | inoctets_per_minute=39960 ", "Checking multiplier"); +}; -$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets_per_minute --rate-multiplier=60" ); -is($res->return_code, 0, "OK as no thresholds" ); -is($res->output, "SNMP RATE OK - inoctets_per_minute 39960 | inoctets_per_minute=39960 ", "Checking multiplier"); $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.11 -s '\"stringtests\"'" ); @@ -245,9 +251,20 @@ is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4;-2:;-3: $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -c '~:-6.5'" ); is($res->return_code, 0, "Negative float OK" ); -is($res->output, 'SNMP OK - -6.6 | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;;~:-6.5 ', "Negative float OK output" ); +is($res->output, 'SNMP OK - -6.6 | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;;@-6.5:~ ', "Negative float OK output" ); $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -w '~:-6.65' -c '~:-6.55'" ); is($res->return_code, 1, "Negative float WARNING" ); -is($res->output, 'SNMP WARNING - *-6.6* | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;~:-6.65;~:-6.55 ', "Negative float WARNING output" ); +is($res->output, 'SNMP WARNING - *-6.6* | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;@-6.65:~;@-6.55:~ ', "Negative float WARNING output" ); + +$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10,.1.3.6.1.4.1.8072.3.2.67.17 -w '1:100000,-10:20' -c '2:200000,-20:30'" ); +is($res->return_code, 0, "Multiple OIDs with thresholds" ); +like($res->output, '/SNMP OK - \d+ -4 | iso.3.6.1.4.1.8072.3.2.67.10=\d+c;1:100000;2:200000 iso.3.6.1.4.1.8072.3.2.67.17=-4;-10:20;-20:30/', "Multiple OIDs with thresholds output" ); + +$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10,.1.3.6.1.4.1.8072.3.2.67.17 -w '1:100000,-1:2' -c '2:200000,-20:30'" ); +is($res->return_code, 1, "Multiple OIDs with thresholds" ); +like($res->output, '/SNMP WARNING - \d+ \*-4\* | iso.3.6.1.4.1.8072.3.2.67.10=\d+c;1:100000;2:200000 iso.3.6.1.4.1.8072.3.2.67.17=-4;-10:20;-20:30/', "Multiple OIDs with thresholds output" ); +$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10,.1.3.6.1.4.1.8072.3.2.67.17 -w 1,2 -c 1" ); +is($res->return_code, 2, "Multiple OIDs with some thresholds" ); +like($res->output, '/SNMP CRITICAL - \*\d+\* \*-4\* | iso.3.6.1.4.1.8072.3.2.67.10=\d+c;1;2 iso.3.6.1.4.1.8072.3.2.67.17=-4;;/', "Multiple OIDs with thresholds output" ); diff --git a/plugins/tests/var/ps-axwo.debian b/plugins/tests/var/ps-axwo.debian new file mode 100644 index 00000000..5889e9a4 --- /dev/null +++ b/plugins/tests/var/ps-axwo.debian @@ -0,0 +1,219 @@ +STAT UID PID PPID VSZ RSS %CPU ELAPSED COMMAND COMMAND +Ss 0 1 0 167244 7144 0.1 26-03:07:26 systemd /lib/systemd/systemd --system --deserialize 17 +S 0 2 0 0 0 0.0 26-03:07:26 kthreadd [kthreadd] +I< 0 3 2 0 0 0.0 26-03:07:26 rcu_gp [rcu_gp] +I< 0 4 2 0 0 0.0 26-03:07:26 rcu_par_gp [rcu_par_gp] +I< 0 6 2 0 0 0.0 26-03:07:26 kworker/0:0H-ev [kworker/0:0H-events_highpri] +I< 0 9 2 0 0 0.0 26-03:07:26 mm_percpu_wq [mm_percpu_wq] +S 0 10 2 0 0 0.0 26-03:07:26 rcu_tasks_rude_ [rcu_tasks_rude_] +S 0 11 2 0 0 0.0 26-03:07:26 rcu_tasks_trace [rcu_tasks_trace] +S 0 12 2 0 0 0.0 26-03:07:26 ksoftirqd/0 [ksoftirqd/0] +I 0 13 2 0 0 0.0 26-03:07:26 rcu_sched [rcu_sched] +S 0 14 2 0 0 0.0 26-03:07:26 migration/0 [migration/0] +S 0 15 2 0 0 0.0 26-03:07:26 cpuhp/0 [cpuhp/0] +S 0 16 2 0 0 0.0 26-03:07:26 cpuhp/1 [cpuhp/1] +S 0 17 2 0 0 0.0 26-03:07:26 migration/1 [migration/1] +S 0 18 2 0 0 0.0 26-03:07:26 ksoftirqd/1 [ksoftirqd/1] +I< 0 20 2 0 0 0.0 26-03:07:26 kworker/1:0H-ev [kworker/1:0H-events_highpri] +S 0 21 2 0 0 0.0 26-03:07:26 cpuhp/2 [cpuhp/2] +S 0 22 2 0 0 0.0 26-03:07:26 migration/2 [migration/2] +S 0 23 2 0 0 0.0 26-03:07:26 ksoftirqd/2 [ksoftirqd/2] +I< 0 25 2 0 0 0.0 26-03:07:26 kworker/2:0H-ev [kworker/2:0H-events_highpri] +S 0 26 2 0 0 0.0 26-03:07:26 cpuhp/3 [cpuhp/3] +S 0 27 2 0 0 0.0 26-03:07:26 migration/3 [migration/3] +S 0 28 2 0 0 0.0 26-03:07:26 ksoftirqd/3 [ksoftirqd/3] +I< 0 30 2 0 0 0.0 26-03:07:26 kworker/3:0H-ev [kworker/3:0H-events_highpri] +S 0 35 2 0 0 0.0 26-03:07:26 kdevtmpfs [kdevtmpfs] +I< 0 36 2 0 0 0.0 26-03:07:26 netns [netns] +S 0 37 2 0 0 0.0 26-03:07:26 kauditd [kauditd] +S 0 38 2 0 0 0.0 26-03:07:26 khungtaskd [khungtaskd] +S 0 39 2 0 0 0.0 26-03:07:26 oom_reaper [oom_reaper] +I< 0 40 2 0 0 0.0 26-03:07:26 writeback [writeback] +S 0 41 2 0 0 0.0 26-03:07:26 kcompactd0 [kcompactd0] +SN 0 42 2 0 0 0.0 26-03:07:26 ksmd [ksmd] +SN 0 43 2 0 0 0.0 26-03:07:26 khugepaged [khugepaged] +I< 0 62 2 0 0 0.0 26-03:07:26 kintegrityd [kintegrityd] +I< 0 63 2 0 0 0.0 26-03:07:26 kblockd [kblockd] +I< 0 64 2 0 0 0.0 26-03:07:26 blkcg_punt_bio [blkcg_punt_bio] +I< 0 65 2 0 0 0.0 26-03:07:26 edac-poller [edac-poller] +I< 0 66 2 0 0 0.0 26-03:07:26 devfreq_wq [devfreq_wq] +I< 0 67 2 0 0 0.0 26-03:07:26 kworker/2:1H-ev [kworker/2:1H-events_highpri] +S 0 70 2 0 0 0.3 26-03:07:25 kswapd0 [kswapd0] +I< 0 71 2 0 0 0.0 26-03:07:25 kthrotld [kthrotld] +I< 0 72 2 0 0 0.0 26-03:07:25 acpi_thermal_pm [acpi_thermal_pm] +I< 0 74 2 0 0 0.0 26-03:07:25 ipv6_addrconf [ipv6_addrconf] +I< 0 80 2 0 0 0.0 26-03:07:25 kworker/3:1H-ev [kworker/3:1H-events_highpri] +I< 0 84 2 0 0 0.0 26-03:07:25 kstrp [kstrp] +I< 0 87 2 0 0 0.0 26-03:07:25 zswap-shrink [zswap-shrink] +I< 0 110 2 0 0 0.0 26-03:07:25 kworker/0:1H-ev [kworker/0:1H-events_highpri] +I< 0 141 2 0 0 0.0 26-03:07:25 ata_sff [ata_sff] +S 0 143 2 0 0 0.0 26-03:07:25 scsi_eh_0 [scsi_eh_0] +I< 0 144 2 0 0 0.0 26-03:07:25 scsi_tmf_0 [scsi_tmf_0] +S 0 145 2 0 0 0.0 26-03:07:25 scsi_eh_1 [scsi_eh_1] +I< 0 146 2 0 0 0.0 26-03:07:25 scsi_tmf_1 [scsi_tmf_1] +S 0 147 2 0 0 0.0 26-03:07:25 scsi_eh_2 [scsi_eh_2] +I< 0 148 2 0 0 0.0 26-03:07:25 scsi_tmf_2 [scsi_tmf_2] +S 0 149 2 0 0 0.0 26-03:07:25 scsi_eh_3 [scsi_eh_3] +I< 0 150 2 0 0 0.0 26-03:07:25 scsi_tmf_3 [scsi_tmf_3] +S 0 151 2 0 0 0.0 26-03:07:25 scsi_eh_4 [scsi_eh_4] +I< 0 152 2 0 0 0.0 26-03:07:25 scsi_tmf_4 [scsi_tmf_4] +S 0 153 2 0 0 0.0 26-03:07:25 scsi_eh_5 [scsi_eh_5] +I< 0 154 2 0 0 0.0 26-03:07:25 scsi_tmf_5 [scsi_tmf_5] +S 0 158 2 0 0 0.0 26-03:07:25 card0-crtc0 [card0-crtc0] +S 0 159 2 0 0 0.0 26-03:07:25 card0-crtc1 [card0-crtc1] +S 0 160 2 0 0 0.0 26-03:07:25 card0-crtc2 [card0-crtc2] +I< 0 162 2 0 0 0.0 26-03:07:25 kworker/1:1H-ev [kworker/1:1H-events_highpri] +S 0 163 2 0 0 0.0 26-03:07:25 scsi_eh_6 [scsi_eh_6] +I< 0 164 2 0 0 0.0 26-03:07:25 scsi_tmf_6 [scsi_tmf_6] +S 0 165 2 0 0 0.0 26-03:07:25 usb-storage [usb-storage] +I< 0 167 2 0 0 0.0 26-03:07:25 uas [uas] +I< 0 176 2 0 0 0.0 26-03:07:25 kdmflush [kdmflush] +I< 0 177 2 0 0 0.0 26-03:07:25 kdmflush [kdmflush] +S 0 202 2 0 0 0.0 26-03:07:24 scsi_eh_7 [scsi_eh_7] +I< 0 203 2 0 0 0.0 26-03:07:24 scsi_tmf_7 [scsi_tmf_7] +S 0 204 2 0 0 0.0 26-03:07:24 usb-storage [usb-storage] +I< 0 232 2 0 0 0.0 26-03:07:23 btrfs-worker [btrfs-worker] +I< 0 233 2 0 0 0.0 26-03:07:23 btrfs-worker-hi [btrfs-worker-hi] +I< 0 234 2 0 0 0.0 26-03:07:23 btrfs-delalloc [btrfs-delalloc] +I< 0 235 2 0 0 0.0 26-03:07:23 btrfs-flush_del [btrfs-flush_del] +I< 0 236 2 0 0 0.0 26-03:07:23 btrfs-cache [btrfs-cache] +I< 0 237 2 0 0 0.0 26-03:07:23 btrfs-fixup [btrfs-fixup] +I< 0 238 2 0 0 0.0 26-03:07:23 btrfs-endio [btrfs-endio] +I< 0 239 2 0 0 0.0 26-03:07:23 btrfs-endio-met [btrfs-endio-met] +I< 0 240 2 0 0 0.0 26-03:07:23 btrfs-endio-met [btrfs-endio-met] +I< 0 241 2 0 0 0.0 26-03:07:23 btrfs-endio-rai [btrfs-endio-rai] +I< 0 242 2 0 0 0.0 26-03:07:23 btrfs-rmw [btrfs-rmw] +I< 0 243 2 0 0 0.0 26-03:07:23 btrfs-endio-wri [btrfs-endio-wri] +I< 0 244 2 0 0 0.0 26-03:07:23 btrfs-freespace [btrfs-freespace] +I< 0 245 2 0 0 0.0 26-03:07:23 btrfs-delayed-m [btrfs-delayed-m] +I< 0 246 2 0 0 0.0 26-03:07:23 btrfs-readahead [btrfs-readahead] +I< 0 247 2 0 0 0.0 26-03:07:23 btrfs-qgroup-re [btrfs-qgroup-re] +S 0 248 2 0 0 0.0 26-03:07:23 btrfs-cleaner [btrfs-cleaner] +S 0 249 2 0 0 0.2 26-03:07:23 btrfs-transacti [btrfs-transacti] +I< 0 317 2 0 0 0.0 26-03:07:22 rpciod [rpciod] +I< 0 322 2 0 0 0.0 26-03:07:22 xprtiod [xprtiod] +S 0 381 2 0 0 0.0 26-03:07:22 irq/133-mei_me [irq/133-mei_me] +S 0 422 2 0 0 0.0 26-03:07:22 watchdogd [watchdogd] +I< 0 523 2 0 0 0.0 26-03:07:22 led_workqueue [led_workqueue] +I< 0 583 2 0 0 0.0 26-03:07:22 cryptd [cryptd] +I< 0 590 2 0 0 0.0 26-03:07:22 ext4-rsv-conver [ext4-rsv-conver] +Ss 104 693 1 12324 4292 0.5 26-03:07:21 dbus-daemon /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only +Ss 0 731 1 575120 1368 0.0 26-03:07:21 systemd-logind /lib/systemd/systemd-logind +Ssl 0 1111 1 121248 732 0.0 26-03:07:18 unattended-upgr /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal +S 0 1141 2 0 0 0.0 26-03:07:18 lockd [lockd] +I< 0 1459 2 0 0 0.0 26-03:07:16 nfsiod [nfsiod] +S 0 1621 2 0 0 0.0 26-03:07:15 NFSv4 callback [NFSv4 callback] +Ssl 0 1771 1 1548340 676 0.0 26-03:07:13 libvirtd /usr/sbin/libvirtd +I< 0 24315 2 0 0 0.0 26-02:49:02 cifsiod [cifsiod] +I< 0 24316 2 0 0 0.0 26-02:49:02 smb3decryptd [smb3decryptd] +I< 0 24317 2 0 0 0.0 26-02:49:02 cifsfileinfoput [cifsfileinfoput] +I< 0 24318 2 0 0 0.0 26-02:49:02 cifsoplockd [cifsoplockd] +I< 0 24319 2 0 0 0.0 26-02:49:02 cifs-dfscache [cifs-dfscache] +S 0 24322 2 0 0 0.0 26-02:49:02 cifsd [cifsd] +I< 0 24413 2 0 0 0.0 26-02:48:57 btrfs-worker [btrfs-worker] +I< 0 24414 2 0 0 0.0 26-02:48:57 btrfs-worker-hi [btrfs-worker-hi] +I< 0 24415 2 0 0 0.0 26-02:48:57 btrfs-delalloc [btrfs-delalloc] +I< 0 24416 2 0 0 0.0 26-02:48:57 btrfs-flush_del [btrfs-flush_del] +I< 0 24418 2 0 0 0.0 26-02:48:57 btrfs-cache [btrfs-cache] +I< 0 24419 2 0 0 0.0 26-02:48:57 btrfs-fixup [btrfs-fixup] +I< 0 24420 2 0 0 0.0 26-02:48:57 btrfs-endio [btrfs-endio] +I< 0 24421 2 0 0 0.0 26-02:48:57 btrfs-endio-met [btrfs-endio-met] +I< 0 24422 2 0 0 0.0 26-02:48:57 btrfs-endio-met [btrfs-endio-met] +I< 0 24423 2 0 0 0.0 26-02:48:57 btrfs-endio-rai [btrfs-endio-rai] +I< 0 24424 2 0 0 0.0 26-02:48:57 btrfs-rmw [btrfs-rmw] +I< 0 24425 2 0 0 0.0 26-02:48:57 btrfs-endio-wri [btrfs-endio-wri] +I< 0 24426 2 0 0 0.0 26-02:48:57 btrfs-freespace [btrfs-freespace] +I< 0 24427 2 0 0 0.0 26-02:48:57 btrfs-delayed-m [btrfs-delayed-m] +I< 0 24428 2 0 0 0.0 26-02:48:57 btrfs-readahead [btrfs-readahead] +I< 0 24429 2 0 0 0.0 26-02:48:57 btrfs-qgroup-re [btrfs-qgroup-re] +S 0 24450 2 0 0 0.0 26-02:48:53 btrfs-cleaner [btrfs-cleaner] +S 0 24451 2 0 0 0.0 26-02:48:53 btrfs-transacti [btrfs-transacti] +I< 0 747708 2 0 0 0.0 16-21:06:20 xfsalloc [xfsalloc] +I< 0 747709 2 0 0 0.0 16-21:06:20 xfs_mru_cache [xfs_mru_cache] +S 0 747713 2 0 0 0.0 16-21:06:20 jfsIO [jfsIO] +S 0 747714 2 0 0 0.0 16-21:06:20 jfsCommit [jfsCommit] +S 0 747715 2 0 0 0.0 16-21:06:20 jfsCommit [jfsCommit] +S 0 747716 2 0 0 0.0 16-21:06:20 jfsCommit [jfsCommit] +S 0 747717 2 0 0 0.0 16-21:06:20 jfsCommit [jfsCommit] +S 0 747718 2 0 0 0.0 16-21:06:20 jfsSync [jfsSync] +Ss 0 1071687 1 105976 28304 0.0 3-03:12:31 systemd-journal /lib/systemd/systemd-journald +Ss 0 1934146 1 25672 4704 0.0 11:19:31 cupsd /usr/sbin/cupsd -l +Ssl 0 1934148 1 182868 8540 0.0 11:19:31 cups-browsed /usr/sbin/cups-browsed +S 13 1934155 3392655 5752 88 0.0 11:19:31 pinger (pinger) +S< 33 1934166 3393034 57996 5460 0.0 11:19:31 apache2 /usr/sbin/apache2 -k start +S< 33 1934167 3393034 216944 13892 0.0 11:19:30 apache2 /usr/sbin/apache2 -k start +S< 33 1934168 3393034 216944 13756 0.0 11:19:30 apache2 /usr/sbin/apache2 -k start +S< 33 1934169 3393034 216936 13732 0.0 11:19:30 apache2 /usr/sbin/apache2 -k start +S< 33 1934170 3393034 216944 13888 0.0 11:19:30 apache2 /usr/sbin/apache2 -k start +S< 33 1934172 3393034 216944 15388 0.0 11:19:30 apache2 /usr/sbin/apache2 -k start +S< 33 1934701 3393034 216936 13736 0.0 11:19:29 apache2 /usr/sbin/apache2 -k start +S< 33 1935056 3393034 216920 13724 0.0 11:19:28 apache2 /usr/sbin/apache2 -k start +S 7 1936834 1934146 16652 832 0.0 11:18:12 dbus /usr/lib/cups/notifier/dbus dbus:// +S< 33 1955909 3393034 216928 13792 0.0 11:00:25 apache2 /usr/sbin/apache2 -k start +I< 0 2531464 2 0 0 0.0 06:35:47 kworker/u9:0-i9 [kworker/u9:0-i915_flip] +I 0 2570506 2 0 0 0.0 06:27:41 kworker/1:0-cgr [kworker/1:0-cgroup_destroy] +I 0 2596195 2 0 0 0.0 06:21:52 kworker/1:1-eve [kworker/1:1-events] +I 0 2785341 2 0 0 0.0 03:34:16 kworker/u8:8-bt [kworker/u8:8-btrfs-endio-write] +I 0 2785520 2 0 0 0.0 03:33:50 kworker/3:0-eve [kworker/3:0-events] +I 0 2798669 2 0 0 0.0 03:21:09 kworker/u8:5-bt [kworker/u8:5-btrfs-endio-write] +Ss 0 2803015 1 5616 3108 0.0 03:17:54 cron /usr/sbin/cron -f +I 0 2845483 2 0 0 0.0 02:38:11 kworker/0:3-eve [kworker/0:3-events] +I 0 2939490 2 0 0 0.1 01:10:32 kworker/0:0-eve [kworker/0:0-events] +I 0 2939754 2 0 0 0.0 01:10:26 kworker/u8:1-i9 [kworker/u8:1-i915] +I 0 2942040 2 0 0 0.0 01:08:02 kworker/u8:7-bt [kworker/u8:7-btrfs-endio-meta] +S 117 2954268 3392551 40044 5772 0.0 56:37 pickup pickup -l -t unix -u -c +I 0 2965195 2 0 0 0.0 46:00 kworker/u8:0-bt [kworker/u8:0-btrfs-worker] +I 0 2977972 2 0 0 0.0 33:54 kworker/u8:2-bt [kworker/u8:2-btrfs-endio-write] +I 0 2985488 2 0 0 0.0 27:02 kworker/u8:3-bl [kworker/u8:3-blkcg_punt_bio] +I 0 2987519 2 0 0 1.0 25:15 kworker/2:1-eve [kworker/2:1-events] +I 0 2987601 2 0 0 0.0 25:03 kworker/u8:9-i9 [kworker/u8:9-i915] +I< 0 2995218 2 0 0 0.0 18:41 kworker/u9:2-xp [kworker/u9:2-xprtiod] +I 0 2997170 2 0 0 0.0 16:41 kworker/3:1-rcu [kworker/3:1-rcu_gp] +I 0 3001264 2 0 0 0.0 13:01 kworker/u8:4-bt [kworker/u8:4-btrfs-endio-write] +I 0 3004697 2 0 0 0.7 09:41 kworker/2:0-eve [kworker/2:0-events] +I 0 3010619 2 0 0 1.0 04:29 kworker/2:2-eve [kworker/2:2-events] +I 0 3014612 2 0 0 0.0 00:41 kworker/3:2-eve [kworker/3:2-events] +S 0 3015082 2803015 6716 3028 0.0 00:30 cron /usr/sbin/CRON -f +I 0 3015382 2 0 0 0.0 00:00 kworker/u8:6-bt [kworker/u8:6-btrfs-endio-meta] +Ss 1 3392068 1 5592 504 0.0 15-02:34:39 atd /usr/sbin/atd -f +Ssl 0 3392072 1 235796 1740 0.0 15-02:34:39 accounts-daemon /usr/libexec/accounts-daemon +Ssl 106 3392076 1 315708 6128 0.0 15-02:34:39 colord /usr/libexec/colord +Ss 0 3392083 1 8120 720 0.0 15-02:34:39 haveged /usr/sbin/haveged --Foreground --verbose=1 +Ss 0 3392090 1 5168 132 0.0 15-02:34:39 blkmapd /usr/sbin/blkmapd +SNsl 111 3392094 1 155648 440 0.0 15-02:34:39 rtkit-daemon /usr/libexec/rtkit-daemon +Ssl 0 3392097 1 290168 1352 0.0 15-02:34:39 packagekitd /usr/libexec/packagekitd +Ss 128 3392100 1 7960 448 0.0 15-02:34:39 rpcbind /sbin/rpcbind -f -w +Ss 0 3392114 1 13432 616 0.0 15-02:34:39 systemd-machine /lib/systemd/systemd-machined +Ss 0 3392118 1 13316 848 0.0 15-02:34:39 sshd sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups +Ssl 0 3392124 1 244072 2456 0.0 15-02:34:39 upowerd /usr/libexec/upowerd +Ssl 0 3392138 1 1634748 10684 0.0 15-02:34:39 containerd /usr/bin/containerd +Ssl 0 3392139 1 222768 1784 0.0 15-02:34:39 rsyslogd /usr/sbin/rsyslogd -n -iNONE +Ss 13 3392140 1 3344 152 0.0 15-02:34:39 polipo /usr/bin/polipo -c /etc/polipo/config pidFile=/var/run/polipo/polipo.pid daemonise=true +Ssl 119 3392156 1 76472 1688 0.0 15-02:34:39 ntpd /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 119:126 +Ss 120 3392168 1 4656 276 0.0 15-02:34:39 rpc.statd /sbin/rpc.statd --no-notify +Ss 0 3392171 1 5072 432 0.0 15-02:34:39 rpc.mountd /usr/sbin/rpc.mountd --manage-gids +Ss 0 3392176 1 5008 288 0.0 15-02:34:39 rpc.idmapd /usr/sbin/rpc.idmapd +Ss 105 3392184 1 15544 6816 3.5 15-02:34:39 avahi-daemon avahi-daemon: running [tsui.local] +Ss 0 3392186 1 25288 3860 0.0 15-02:34:39 systemd-udevd /lib/systemd/systemd-udevd +S 105 3392190 3392184 8788 52 0.0 15-02:34:39 avahi-daemon avahi-daemon: chroot helper +Ssl 0 3392197 1 396120 4188 0.0 15-02:34:39 udisksd /usr/libexec/udisks2/udisksd +Ssl 0 3392214 1 237504 6632 0.0 15-02:34:39 polkitd /usr/libexec/polkitd --no-debug +Ss 0 3392284 1 9684 560 0.0 15-02:34:38 xinetd /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6 +Ssl 0 3392285 1 314840 1352 0.0 15-02:34:38 ModemManager /usr/sbin/ModemManager +Ss 0 3392317 1 2352 140 0.0 15-02:34:38 acpid /usr/sbin/acpid +S 0 3392400 2 0 0 0.0 15-02:34:38 nfsd [nfsd] +S 0 3392401 2 0 0 0.0 15-02:34:38 nfsd [nfsd] +S 0 3392402 2 0 0 0.0 15-02:34:38 nfsd [nfsd] +S 0 3392403 2 0 0 0.0 15-02:34:38 nfsd [nfsd] +S 0 3392404 2 0 0 0.0 15-02:34:38 nfsd [nfsd] +S 0 3392405 2 0 0 0.0 15-02:34:38 nfsd [nfsd] +S 0 3392407 2 0 0 0.0 15-02:34:38 nfsd [nfsd] +S 0 3392410 2 0 0 0.0 15-02:34:38 nfsd [nfsd] +Ss 0 3392551 1 40092 1304 0.0 15-02:34:37 master /usr/lib/postfix/sbin/master -w +S 117 3392553 3392551 40156 568 0.0 15-02:34:37 qmgr qmgr -l -t unix -u +Ss 0 3392650 1 63652 4 0.0 15-02:34:36 squid /usr/sbin/squid --foreground -sYC +Ssl 116 3392652 1 1675196 93848 0.0 15-02:34:36 mariadbd /usr/sbin/mariadbd +S 13 3392655 3392650 81776 21232 0.0 15-02:34:36 squid (squid-1) --kid squid-1 --foreground -sYC +S 13 3392657 3392655 5572 68 0.0 15-02:34:36 log_file_daemon (logfile-daemon) /var/log/squid/access.log +S<s 0 3393034 1 216648 7560 0.0 15-02:34:34 apache2 /usr/sbin/apache2 -k start +Ss 33 3393037 1 3432 180 0.0 15-02:34:34 htcacheclean /usr/bin/htcacheclean -d 120 -p /var/cache/apache2/mod_cache_disk -l 300M -n diff --git a/plugins/tests/var/ps_axwo.debian b/plugins/tests/var/ps_axwo.debian deleted file mode 100644 index 37a2d35e..00000000 --- a/plugins/tests/var/ps_axwo.debian +++ /dev/null @@ -1,84 +0,0 @@ -STAT UID PID PPID VSZ RSS %CPU COMMAND COMMAND -S 0 1 0 1504 428 0.0 init init [2] -SN 0 2 1 0 0 0.0 ksoftirqd/0 [ksoftirqd/0] -S< 0 3 1 0 0 0.0 events/0 [events/0] -S< 0 4 3 0 0 0.0 khelper [khelper] -S< 0 5 3 0 0 0.0 kacpid [kacpid] -S< 0 38 3 0 0 0.0 kblockd/0 [kblockd/0] -S 0 48 3 0 0 0.0 pdflush [pdflush] -S< 0 51 3 0 0 0.0 aio/0 [aio/0] -S 0 50 1 0 0 0.0 kswapd0 [kswapd0] -S 0 193 1 0 0 0.0 kseriod [kseriod] -S 0 214 1 0 0 0.0 scsi_eh_0 [scsi_eh_0] -S 0 221 1 0 0 0.0 khubd [khubd] -S 0 299 1 0 0 0.3 kjournald [kjournald] -S 0 1148 1 0 0 0.0 pciehpd_event [pciehpd_event] -S 0 1168 1 0 0 0.0 shpchpd_event [shpchpd_event] -Ss 1 1795 1 1612 276 0.0 portmap /sbin/portmap -Ss 0 2200 1 1652 568 0.0 vmware-guestd /usr/sbin/vmware-guestd --background /var/run/vmware-guestd.pid -Ss 0 2209 1 2240 532 0.0 inetd /usr/sbin/inetd -Ss 0 2319 1 3468 792 0.0 sshd /usr/sbin/sshd -Ss 0 2323 1 2468 676 0.0 rpc.statd /sbin/rpc.statd -Ss 1 2332 1 1684 488 0.0 atd /usr/sbin/atd -Ss 0 2335 1 1764 636 0.0 cron /usr/sbin/cron -Ss+ 0 2350 1 1500 348 0.0 getty /sbin/getty 38400 tty1 -Ss+ 0 2351 1 1500 348 0.0 getty /sbin/getty 38400 tty2 -Ss+ 0 2352 1 1500 348 0.0 getty /sbin/getty 38400 tty3 -Ss+ 0 2353 1 1500 348 0.0 getty /sbin/getty 38400 tty4 -Ss+ 0 2354 1 1500 348 0.0 getty /sbin/getty 38400 tty5 -Ss+ 0 2355 1 1500 348 0.0 getty /sbin/getty 38400 tty6 -S 0 6907 1 2308 892 0.0 mysqld_safe /bin/sh /usr/bin/mysqld_safe -S 103 6944 6907 123220 27724 0.0 mysqld /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-locking --port=3306 --socket=/var/run/mysqld/mysqld.sock -S 0 6945 6907 1488 420 0.0 logger logger -p daemon.err -t mysqld_safe -i -t mysqld -S 1001 17778 1 6436 1588 0.0 snmpd /usr/sbin/snmpd -u nagios -Lsd -Lf /dev/null -p/var/run/snmpd.pid -Ss 0 17789 1 9496 5556 0.0 snmptrapd /usr/sbin/snmptrapd -t -m ALL -M /usr/share/snmp/mibs:/usr/local/monitoring/snmp/load -p /var/run/snmptrapd.pid -Ss 0 847 2319 14452 1752 0.0 sshd sshd: tonvoon [priv] -S 1000 857 847 14616 1832 0.0 sshd sshd: tonvoon@pts/3 -Ss 1000 860 857 2984 1620 0.0 bash -bash -S 0 868 860 2588 1428 0.0 bash -su -S+ 1001 877 868 2652 1568 0.0 bash -su -S 0 6086 3 0 0 0.0 pdflush [pdflush] -Ss 0 17832 2319 14452 1752 0.0 sshd sshd: tonvoon [priv] -S 1000 18155 17832 14620 1840 0.0 sshd sshd: tonvoon@pts/0 -Ss 1000 18156 18155 2984 1620 0.0 bash -bash -S 0 18518 18156 2588 1428 0.0 bash -su -S 1001 18955 18518 2672 1600 0.0 bash -su -Ss 0 21683 2319 14452 1756 0.0 sshd sshd: tonvoon [priv] -S 1000 21742 21683 14620 1896 0.0 sshd sshd: tonvoon@pts/1 -Ss 1000 21743 21742 2984 1620 0.0 bash -bash -S 0 21748 21743 2592 1432 0.0 bash -su -S 1001 21757 21748 2620 1540 0.0 bash -su -Ss 0 2334 2319 14452 1756 0.0 sshd sshd: tonvoon [priv] -S 1000 2343 2334 14620 1840 0.0 sshd sshd: tonvoon@pts/2 -Ss 1000 2344 2343 2984 1620 0.0 bash -bash -S 0 2349 2344 2592 1432 0.0 bash -su -S+ 1001 2364 2349 2620 1520 0.0 bash -su -T 1001 2454 2364 2096 1032 0.0 vi vi configure.in.rej -S+ 1001 8500 21757 69604 52576 0.0 opsview_web_ser /usr/bin/perl -w ./script/opsview_web_server.pl -f -d -Ss 0 7609 2319 14452 1756 0.0 sshd sshd: tonvoon [priv] -S 1000 7617 7609 14460 1828 0.0 sshd sshd: tonvoon@pts/4 -Ss 1000 7618 7617 2984 1620 0.0 bash -bash -S 0 7623 7618 2592 1432 0.0 bash -su -S+ 1001 7632 7623 2620 1528 0.0 bash -su -Ss 1001 12678 1 20784 17728 0.0 opsviewd opsviewd -Ss 0 832 1 14512 6360 0.0 apache2 /usr/sbin/apache2 -k start -DSSL -S 33 842 832 14648 6596 0.0 apache2 /usr/sbin/apache2 -k start -DSSL -S 33 843 832 14512 6504 0.0 apache2 /usr/sbin/apache2 -k start -DSSL -S 33 844 832 14512 6476 0.0 apache2 /usr/sbin/apache2 -k start -DSSL -S 33 845 832 14512 6476 0.0 apache2 /usr/sbin/apache2 -k start -DSSL -S 33 846 832 14512 6476 0.0 apache2 /usr/sbin/apache2 -k start -DSSL -Ss 7 4081 1 2464 884 0.0 lpd /usr/sbin/lpd -s -S 33 26484 832 14512 6476 0.0 apache2 /usr/sbin/apache2 -k start -DSSL -Ss 1001 22324 1 20252 1612 0.1 nagios ../../bin/nagios -d /usr/local/nagios/etc/nagios.cfg -Ss 0 23336 2319 14452 1756 0.0 sshd sshd: tonvoon [priv] -S 1000 23339 23336 14620 1840 0.0 sshd sshd: tonvoon@pts/5 -Ss 1000 23340 23339 2996 1636 0.0 bash -bash -S 0 23367 23340 3020 1628 0.0 bash bash -S 1001 23370 23367 3064 1748 0.0 bash bash -Ss 1001 23783 1 3220 764 0.0 ndo2db /usr/local/nagios/bin/ndo2db -c /usr/local/nagios/etc/ndo2db.cfg -Ss 1001 23784 1 6428 4948 0.0 import_ndologsd import_ndologsd -S+ 1001 9803 18955 4132 1936 0.0 ssh ssh altinity@cube02.lei.altinity -S 1001 22505 22324 20256 1616 0.0 nagios ../../bin/nagios -d /usr/local/nagios/etc/nagios.cfg -S 1001 22506 22505 1676 608 0.0 check_ping /usr/local/libexec/check_ping -H 192.168.10.23 -w 3000.0,80% -c 5000.0,100% -p 1 -S 1001 22507 22506 1660 492 0.0 ping /bin/ping -n -U -w 10 -c 1 192.168.10.23 -R+ 1001 22508 23370 2308 680 0.0 ps ps axwo stat uid pid ppid vsz rss pcpu comm args diff --git a/plugins/utils.c b/plugins/utils.c index 231af92b..17dd5814 100644 --- a/plugins/utils.c +++ b/plugins/utils.c @@ -27,6 +27,8 @@ #include "utils_base.h" #include <stdarg.h> #include <limits.h> +#include <string.h> +#include <errno.h> #include <arpa/inet.h> @@ -36,9 +38,6 @@ extern const char *progname; #define STRLEN 64 #define TXTBLK 128 -unsigned int timeout_state = STATE_CRITICAL; -unsigned int timeout_interval = DEFAULT_SOCKET_TIMEOUT; - time_t start_time, end_time; /* ************************************************************************** @@ -148,33 +147,6 @@ print_revision (const char *command_name, const char *revision) command_name, revision, PACKAGE, VERSION); } -const char * -state_text (int result) -{ - switch (result) { - case STATE_OK: - return "OK"; - case STATE_WARNING: - return "WARNING"; - case STATE_CRITICAL: - return "CRITICAL"; - case STATE_DEPENDENT: - return "DEPENDENT"; - default: - return "UNKNOWN"; - } -} - -void -timeout_alarm_handler (int signo) -{ - if (signo == SIGALRM) { - printf (_("%s - Plugin timed out after %d seconds\n"), - state_text(timeout_state), timeout_interval); - exit (timeout_state); - } -} - int is_numeric (char *number) { @@ -269,6 +241,46 @@ is_intnonneg (char *number) return FALSE; } +/* + * Checks whether the number in the string _number_ can be put inside a int64_t + * On success the number will be written to the _target_ address, if _target_ is not set + * to NULL. + */ +int is_int64(char *number, int64_t *target) { + errno = 0; + uint64_t tmp = strtoll(number, NULL, 10); + if (errno != 0) { + return 0; + } + if (tmp < INT64_MIN || tmp > INT64_MAX) { + return 0; + } + if (target != NULL) { + *target = tmp; + } + return 1; +} + +/* + * Checks whether the number in the string _number_ can be put inside a uint64_t + * On success the number will be written to the _target_ address, if _target_ is not set + * to NULL. + */ +int is_uint64(char *number, uint64_t *target) { + errno = 0; + uint64_t tmp = strtoll(number, NULL, 10); + if (errno != 0) { + return 0; + } + if (tmp < 0 || tmp > UINT64_MAX) { + return 0; + } + if (target != NULL) { + *target = tmp; + } + return 1; +} + int is_intpercent (char *number) { @@ -577,10 +589,94 @@ char *perfdata (const char *label, xasprintf (&data, "%s;", data); if (minp) - xasprintf (&data, "%s%ld", data, minv); + xasprintf (&data, "%s%ld;", data, minv); + else + xasprintf (&data, "%s;", data); if (maxp) - xasprintf (&data, "%s;%ld", data, maxv); + xasprintf (&data, "%s%ld", data, maxv); + + return data; +} + + +char *perfdata_uint64 (const char *label, + uint64_t val, + const char *uom, + int warnp, /* Warning present */ + uint64_t warn, + int critp, /* Critical present */ + uint64_t crit, + int minp, /* Minimum present */ + uint64_t minv, + int maxp, /* Maximum present */ + uint64_t maxv) +{ + char *data = NULL; + + if (strpbrk (label, "'= ")) + xasprintf (&data, "'%s'=%ld%s;", label, val, uom); + else + xasprintf (&data, "%s=%ld%s;", label, val, uom); + + if (warnp) + xasprintf (&data, "%s%lu;", data, warn); + else + xasprintf (&data, "%s;", data); + + if (critp) + xasprintf (&data, "%s%lu;", data, crit); + else + xasprintf (&data, "%s;", data); + + if (minp) + xasprintf (&data, "%s%lu;", data, minv); + else + xasprintf (&data, "%s;", data); + + if (maxp) + xasprintf (&data, "%s%lu", data, maxv); + + return data; +} + + +char *perfdata_int64 (const char *label, + int64_t val, + const char *uom, + int warnp, /* Warning present */ + int64_t warn, + int critp, /* Critical present */ + int64_t crit, + int minp, /* Minimum present */ + int64_t minv, + int maxp, /* Maximum present */ + int64_t maxv) +{ + char *data = NULL; + + if (strpbrk (label, "'= ")) + xasprintf (&data, "'%s'=%ld%s;", label, val, uom); + else + xasprintf (&data, "%s=%ld%s;", label, val, uom); + + if (warnp) + xasprintf (&data, "%s%ld;", data, warn); + else + xasprintf (&data, "%s;", data); + + if (critp) + xasprintf (&data, "%s%ld;", data, crit); + else + xasprintf (&data, "%s;", data); + + if (minp) + xasprintf (&data, "%s%ld;", data, minv); + else + xasprintf (&data, "%s;", data); + + if (maxp) + xasprintf (&data, "%s%ld", data, maxv); return data; } @@ -709,3 +805,18 @@ char *sperfdata_int (const char *label, return data; } +int +open_max (void) +{ + errno = 0; + if (maxfd > 0) + return(maxfd); + + if ((maxfd = sysconf (_SC_OPEN_MAX)) < 0) { + if (errno == 0) + maxfd = DEFAULT_MAXFD; /* it's indeterminate */ + else + die (STATE_UNKNOWN, _("sysconf error for _SC_OPEN_MAX\n")); + } + return(maxfd); +} diff --git a/plugins/utils.h b/plugins/utils.h index a436e1ca..5b54da3c 100644 --- a/plugins/utils.h +++ b/plugins/utils.h @@ -16,6 +16,7 @@ suite of plugins. */ /* now some functions etc are being defined in ../lib/utils_base.c */ #include "utils_base.h" + #ifdef NP_EXTRA_OPTS /* Include extra-opts functions if compiled in */ #include "extra_opts.h" @@ -29,13 +30,6 @@ suite of plugins. */ void support (void); void print_revision (const char *, const char *); -/* Handle timeouts */ - -extern unsigned int timeout_state; -extern unsigned int timeout_interval; - -RETSIGTYPE timeout_alarm_handler (int); - extern time_t start_time, end_time; /* Test input types */ @@ -45,6 +39,8 @@ int is_intpos (char *); int is_intneg (char *); int is_intnonneg (char *); int is_intpercent (char *); +int is_uint64(char *number, uint64_t *target); +int is_int64(char *number, int64_t *target); int is_numeric (char *); int is_positive (char *); @@ -89,14 +85,18 @@ void usage4(const char *) __attribute__((noreturn)); void usage5(void) __attribute__((noreturn)); void usage_va(const char *fmt, ...) __attribute__((noreturn)); -const char *state_text (int); - #define max(a,b) (((a)>(b))?(a):(b)) #define min(a,b) (((a)<(b))?(a):(b)) char *perfdata (const char *, long int, const char *, int, long int, int, long int, int, long int, int, long int); +char *perfdata_uint64 (const char *, uint64_t , const char *, int, uint64_t, + int, uint64_t, int, uint64_t, int, uint64_t); + +char *perfdata_int64 (const char *, int64_t, const char *, int, int64_t, + int, int64_t, int, int64_t, int, int64_t); + char *fperfdata (const char *, double, const char *, int, double, int, double, int, double, int, double); @@ -106,6 +106,8 @@ char *sperfdata (const char *, double, const char *, char *, char *, char *sperfdata_int (const char *, int, const char *, char *, char *, int, int, int, int); +int open_max (void); + /* The idea here is that, although not every plugin will use all of these, most will or should. Therefore, for consistency, these very common options should have only these meanings throughout the overall suite */ |