[Nagiosplug-checkins] nagiosplug/plugins Makefile.am,1.54,1.55 check_http.c,1.81,1.82 check_smtp.c,1.47,1.48 check_tcp.c,1.67,1.68 common.h,1.15,1.16 netutils.c,1.24,1.25 netutils.h,1.12,1.13
M. Sean Finney
seanius at users.sourceforge.net
Wed Oct 19 06:02:47 CEST 2005
Update of /cvsroot/nagiosplug/nagiosplug/plugins
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv2644/plugins
Modified Files:
Makefile.am check_http.c check_smtp.c check_tcp.c common.h
netutils.c netutils.h
Log Message:
- initial attempt at consolidating ssl-related code into netutils.{c,h}
- added some #ifdefs to common.h and netutils.h to prevent multiple
inclusions (as netlibs now includes common.h)
- all ssl plugins (tcp/http/smtp) compile cleanly against gnutls, though
certificate checking still needs to be done.
- modified configure script so you can also explicitly say "without-gnutls"
too (otherwise if you disable openssl you have no way of disabling
gnutls too)
Index: check_tcp.c
===================================================================
RCS file: /cvsroot/nagiosplug/nagiosplug/plugins/check_tcp.c,v
retrieving revision 1.67
retrieving revision 1.68
diff -u -d -r1.67 -r1.68
--- check_tcp.c 18 Oct 2005 22:35:29 -0000 1.67
+++ check_tcp.c 19 Oct 2005 12:59:55 -0000 1.68
@@ -28,42 +28,19 @@
#include "netutils.h"
#include "utils.h"
-#ifdef HAVE_GNUTLS_OPENSSL_H
-# include <gnutls/openssl.h>
-#else
-# ifdef HAVE_SSL_H
-# include <rsa.h>
-# include <crypto.h>
-# include <x509.h>
-# include <pem.h>
-# include <ssl.h>
-# include <err.h>
-# else
-# ifdef HAVE_OPENSSL_SSL_H
-# include <openssl/rsa.h>
-# include <openssl/crypto.h>
-# include <openssl/x509.h>
-# include <openssl/pem.h>
-# include <openssl/ssl.h>
-# include <openssl/err.h>
-# endif
-# endif
-#endif
-
#ifdef HAVE_SSL
static int check_cert = FALSE;
static int days_till_exp;
static char *randbuff = "";
-static SSL_CTX *ctx;
-static SSL *ssl;
static X509 *server_cert;
-static int connect_SSL (void);
# ifdef USE_OPENSSL
static int check_certificate (X509 **);
# endif /* USE_OPENSSL */
-# define my_recv(buf, len) ((flags & FLAG_SSL) ? SSL_read(ssl, buf, len) : read(sd, buf, len))
+# define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
+# define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
#else
# define my_recv(buf, len) read(sd, buf, len)
+# define my_send(buf, len) send(sd, buf, len, 0)
#endif
@@ -233,11 +210,21 @@
/* try to connect to the host at the given port number */
gettimeofday (&tv, NULL);
+
+ result = np_net_connect (server_address, server_port, &sd, PROTOCOL);
+ if (result == STATE_CRITICAL) return STATE_CRITICAL;
+
#ifdef HAVE_SSL
- if (flags & FLAG_SSL && check_cert == TRUE) {
- if (connect_SSL () != OK)
+ if (flags & FLAG_SSL){
+ result = np_net_ssl_init(sd);
+ if(result != STATE_OK) return result;
+ /* XXX does np_net_ssl take care of printing an error?
die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n"));
+ */
+ }
# ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */
+ /*
+ if (flags & FLAG_SSL && check_cert == TRUE) {
if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
result = check_certificate (&server_cert);
X509_free(server_cert);
@@ -246,30 +233,21 @@
printf(_("CRITICAL - Cannot retrieve server certificate.\n"));
result = STATE_CRITICAL;
}
+ }
+ */
# endif /* USE_OPENSSL */
+#endif
- SSL_shutdown (ssl);
- SSL_free (ssl);
- SSL_CTX_free (ctx);
- close (sd);
+ if(result != STATE_OK){
+#ifdef HAVE_SSL
+ np_net_ssl_cleanup();
+#endif
+ if(sd) close(sd);
return result;
}
- else if (flags & FLAG_SSL)
- result = connect_SSL ();
- else
-#endif
- result = np_net_connect (server_address, server_port, &sd, PROTOCOL);
-
- if (result == STATE_CRITICAL)
- return STATE_CRITICAL;
if (server_send != NULL) { /* Something to send? */
-#ifdef HAVE_SSL
- if (flags & FLAG_SSL)
- SSL_write(ssl, server_send, (int)strlen(server_send));
- else
-#endif
- send (sd, server_send, strlen(server_send), 0);
+ my_send(server_send, strlen(server_send));
}
if (delay > 0) {
@@ -332,21 +310,12 @@
}
if (server_quit != NULL) {
-#ifdef HAVE_SSL
- if (flags & FLAG_SSL) {
- SSL_write (ssl, server_quit, (int)strlen(server_quit));
- SSL_shutdown (ssl);
- SSL_free (ssl);
- SSL_CTX_free (ctx);
- }
- else
-#endif
- send (sd, server_quit, strlen (server_quit), 0);
+ my_send(server_quit, strlen(server_quit));
}
-
- /* close the connection */
- if (sd)
- close (sd);
+#ifdef HAVE_SSL
+ np_net_ssl_cleanup();
+#endif
+ if (sd) close (sd);
microsec = deltime (tv);
elapsed_time = (double)microsec / 1.0e6;
@@ -600,61 +569,7 @@
/* SSL-specific functions */
#ifdef HAVE_SSL
-static int
-connect_SSL (void)
-{
- SSL_METHOD *meth;
-
- /* Initialize SSL context */
- SSLeay_add_ssl_algorithms ();
- meth = SSLv23_client_method ();
- SSL_load_error_strings ();
- OpenSSL_add_all_algorithms();
- if ((ctx = SSL_CTX_new (meth)) == NULL)
- {
- printf (_("CRITICAL - Cannot create SSL context.\n"));
- return STATE_CRITICAL;
- }
-
- /* Initialize alarm signal handling */
- signal (SIGALRM, socket_timeout_alarm_handler);
-
- /* Set socket timeout */
- alarm (socket_timeout);
-
- /* Save start time */
- time (&start_time);
-
- /* Make TCP connection */
- if (my_tcp_connect (server_address, server_port, &sd) == STATE_OK && was_refused == FALSE)
- {
- /* Do the SSL handshake */
- if ((ssl = SSL_new (ctx)) != NULL)
- {
- SSL_set_fd (ssl, sd);
- if (SSL_connect(ssl) == 1)
- return OK;
- /* ERR_print_errors_fp (stderr); */
- printf (_("CRITICAL - Cannot make SSL connection "));
-#ifdef USE_OPENSSL /* XXX */
- ERR_print_errors_fp (stdout);
-#endif /* USE_OPENSSL */
- /* printf("\n"); */
- }
- else
- {
- printf (_("CRITICAL - Cannot initiate SSL handshake.\n"));
- }
- SSL_free (ssl);
- }
-
- SSL_CTX_free (ctx);
- close (sd);
-
- return STATE_CRITICAL;
-}
-
-#ifdef USE_OPENSSL /* XXX */
+# ifdef USE_OPENSSL /* XXX */
static int
check_certificate (X509 ** certificate)
{
Index: common.h
===================================================================
RCS file: /cvsroot/nagiosplug/nagiosplug/plugins/common.h,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- common.h 10 Dec 2004 00:13:43 -0000 1.15
+++ common.h 19 Oct 2005 12:59:55 -0000 1.16
@@ -32,6 +32,9 @@
*
*****************************************************************************/
+#ifndef _COMMON_H_
+#define _COMMON_H_
+
#include "config.h"
#ifdef HAVE_FEATURES_H
@@ -146,6 +149,29 @@
int vsnprintf(char *str, size_t size, const char *format, va_list ap);
#endif
+/* SSL implementations */
+#ifdef HAVE_GNUTLS_OPENSSL_H
+# include <gnutls/openssl.h>
+#else
+# ifdef HAVE_SSL_H
+# include <rsa.h>
+# include <crypto.h>
+# include <x509.h>
+# include <pem.h>
+# include <ssl.h>
+# include <err.h>
+# else
+# ifdef HAVE_OPENSSL_SSL_H
+# include <openssl/rsa.h>
+# include <openssl/crypto.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+# include <openssl/ssl.h>
+# include <openssl/err.h>
+# endif
+# endif
+#endif
+
/*
*
* Standard Values
@@ -191,3 +217,5 @@
#ifndef __GNUC__
# define __attribute__(x) /* do nothing */
#endif
+
+#endif /* _COMMON_H_ */
Index: netutils.c
===================================================================
RCS file: /cvsroot/nagiosplug/nagiosplug/plugins/netutils.c,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -d -r1.24 -r1.25
--- netutils.c 25 May 2005 00:30:19 -0000 1.24
+++ netutils.c 19 Oct 2005 12:59:55 -0000 1.25
@@ -234,6 +234,54 @@
}
}
+#ifdef HAVE_SSL
+static SSL_CTX *c=NULL;
+static SSL *s=NULL;
+
+int np_net_ssl_init (int sd){
+ SSL_METHOD *m=NULL;
+ /* Initialize SSL context */
+ SSLeay_add_ssl_algorithms ();
+ m = SSLv23_client_method ();
+ SSL_load_error_strings ();
+ OpenSSL_add_all_algorithms();
+ if ((c = SSL_CTX_new (m)) == NULL) {
+ printf (_("CRITICAL - Cannot create SSL context.\n"));
+ return STATE_CRITICAL;
+ }
+ if ((s = SSL_new (c)) != NULL){
+ SSL_set_fd (s, sd);
+ if (SSL_connect(s) == 1){
+ return OK;
+ } else {
+ printf (_("CRITICAL - Cannot make SSL connection "));
+#ifdef USE_OPENSSL /* XXX look into ERR_error_string */
+ ERR_print_errors_fp (stdout);
+#endif /* USE_OPENSSL */
+ }
+ } else {
+ printf (_("CRITICAL - Cannot initiate SSL handshake.\n"));
+ }
+ return STATE_CRITICAL;
+}
+
+void np_net_ssl_cleanup (){
+ if(s){
+ SSL_shutdown (s);
+ SSL_free (s);
+ if(c) SSL_CTX_free (c);
+ }
+}
+
+int np_net_ssl_write(const void *buf, int num){
+ return SSL_write(s, buf, num);
+}
+
+int np_net_ssl_read(void *buf, int num){
+ return SSL_read(s, buf, num);
+}
+
+#endif /* HAVE_SSL */
int
send_request (int sd, int proto, const char *send_buffer, char *recv_buffer, int recv_size)
Index: netutils.h
===================================================================
RCS file: /cvsroot/nagiosplug/nagiosplug/plugins/netutils.h,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- netutils.h 25 May 2005 00:30:19 -0000 1.12
+++ netutils.h 19 Oct 2005 12:59:55 -0000 1.13
@@ -32,7 +32,11 @@
*
******************************************************************************/
+#ifndef _NETUTILS_H_
+#define _NETUTILS_H_
+
#include "config.h"
+#include "common.h"
#include <netinet/in.h>
#include <arpa/inet.h>
@@ -77,3 +81,14 @@
extern int econn_refuse_state;
extern int was_refused;
extern int address_family;
+
+/* SSL-Related functionality */
+#ifdef HAVE_SSL
+/* maybe this could be merged with the above np_net_connect, via some flags */
+int np_net_ssl_init(int sd);
+void np_net_ssl_cleanup();
+int np_net_ssl_write(const void *buf, int num);
+int np_net_ssl_read(void *buf, int num);
+#endif /* HAVE_SSL */
+
+#endif /* _NETUTILS_H_ */
Index: check_http.c
===================================================================
RCS file: /cvsroot/nagiosplug/nagiosplug/plugins/check_http.c,v
retrieving revision 1.81
retrieving revision 1.82
diff -u -d -r1.81 -r1.82
--- check_http.c 20 Jan 2005 23:40:30 -0000 1.81
+++ check_http.c 19 Oct 2005 12:59:55 -0000 1.82
@@ -65,7 +65,9 @@
SSL *ssl;
X509 *server_cert;
int connect_SSL (void);
+# ifdef USE_OPENSSL
int check_certificate (X509 **);
+# endif
#endif
int no_body = FALSE;
int maximum_age = -1;
@@ -166,7 +168,7 @@
(void) alarm (socket_timeout);
gettimeofday (&tv, NULL);
-#ifdef HAVE_SSL
+#ifdef USE_OPENSSL
if (use_ssl && check_cert == TRUE) {
if (connect_SSL () != OK)
die (STATE_CRITICAL, _("HTTP CRITICAL - Could not make SSL connection\n"));
@@ -305,7 +307,7 @@
server_port = HTTPS_PORT;
break;
case 'C': /* Check SSL cert validity */
-#ifdef HAVE_SSL
+#ifdef USE_OPENSSL
if (!is_intnonneg (optarg))
usage2 (_("Invalid certificate expiration period"), optarg);
else {
@@ -799,10 +801,11 @@
if (connect_SSL () != OK) {
die (STATE_CRITICAL, _("Unable to open TCP socket\n"));
}
-
+#ifdef USE_OPENSSL
if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
X509_free (server_cert);
}
+#endif
else {
printf (_("CRITICAL - Cannot retrieve server certificate.\n"));
return STATE_CRITICAL;
@@ -857,7 +860,9 @@
#ifdef HAVE_SSL
if (use_ssl == TRUE) {
if (SSL_write (ssl, buf, (int)strlen(buf)) == -1) {
+# ifdef USE_OPENSSL
ERR_print_errors_fp (stderr);
+# endif
return STATE_CRITICAL;
}
}
@@ -1278,11 +1283,15 @@
if (my_tcp_connect (server_address, server_port, &sd) == STATE_OK) {
/* Do the SSL handshake */
if ((ssl = SSL_new (ctx)) != NULL) {
+#ifdef USE_OPENSSL
SSL_set_cipher_list(ssl, "ALL");
+#endif
SSL_set_fd (ssl, sd);
if (SSL_connect (ssl) != -1)
return OK;
+#ifdef USE_OPENSSL
ERR_print_errors_fp (stderr);
+#endif
}
else {
printf (_("CRITICAL - Cannot initiate SSL handshake.\n"));
@@ -1299,7 +1308,7 @@
-#ifdef HAVE_SSL
+#ifdef USE_OPENSSL
int
check_certificate (X509 ** certificate)
{
Index: check_smtp.c
===================================================================
RCS file: /cvsroot/nagiosplug/nagiosplug/plugins/check_smtp.c,v
retrieving revision 1.47
retrieving revision 1.48
diff -u -d -r1.47 -r1.48
--- check_smtp.c 13 Oct 2005 10:11:25 -0000 1.47
+++ check_smtp.c 19 Oct 2005 12:59:55 -0000 1.48
@@ -53,7 +53,9 @@
SSL *ssl;
X509 *server_cert;
int connect_STARTTLS (void);
+# ifdef USE_OPENSSL
int check_certificate (X509 **);
+# endif
#endif
enum {
@@ -241,6 +243,7 @@
} else {
ssl_established = TRUE;
}
+# ifdef USE_OPENSSL
if ( check_cert ) {
if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
result = check_certificate (&server_cert);
@@ -254,6 +257,7 @@
my_close();
return result;
}
+# endif /* USE_OPENSSL */
}
#endif
@@ -491,7 +495,7 @@
break;
case 'D':
/* Check SSL cert validity */
-#ifdef HAVE_SSL
+#ifdef USE_OPENSSL
if (!is_intnonneg (optarg))
usage2 ("Invalid certificate expiration period",optarg);
days_till_exp = atoi (optarg);
@@ -645,7 +649,9 @@
I look for success instead (1) */
if (SSL_connect (ssl) == 1)
return OK;
+# ifdef USE_OPENSSL
ERR_print_errors_fp (stderr);
+# endif
}
else
{
@@ -656,6 +662,7 @@
return STATE_CRITICAL;
}
+# ifdef USE_OPENSSL
int
check_certificate (X509 ** certificate)
{
@@ -728,6 +735,7 @@
return STATE_OK;
}
+# endif /* USE_OPENSSL */
#endif
int
Index: Makefile.am
===================================================================
RCS file: /cvsroot/nagiosplug/nagiosplug/plugins/Makefile.am,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -d -r1.54 -r1.55
--- Makefile.am 21 Sep 2005 10:06:37 -0000 1.54
+++ Makefile.am 19 Oct 2005 12:59:55 -0000 1.55
@@ -2,12 +2,12 @@
VPATH = $(top_srcdir) $(top_srcdir)/lib $(top_srcdir)/plugins $(top_srcdir)/plugins/t
-INCLUDES = -I.. -I$(top_srcdir)/lib -I$(top_srcdir)/intl @LDAPINCLUDE@ @PGINCLUDE@
+INCLUDES = -I.. -I$(top_srcdir)/lib -I$(top_srcdir)/intl @LDAPINCLUDE@ @PGINCLUDE@ @SSLINCLUDE@
datadir = @datadir@
localedir = $(datadir)/locale
DEFS = -DLOCALEDIR=\"$(localedir)\" @DEFS@
-LIBS = @LIBINTL@ @LIBS@ @SSLINCLUDE@
+LIBS = @LIBINTL@ @LIBS@ @SSLLIBS@
MATHLIBS = @MATHLIBS@
libexec_PROGRAMS = check_disk check_dummy check_http check_load \
@@ -51,7 +51,7 @@
check_dummy_LDADD = $(BASEOBJS)
check_fping_LDADD = $(NETLIBS) popen.o
check_game_LDADD = $(BASEOBJS) popen.o
-check_http_LDADD = $(NETLIBS) $(SSLLIBS)
+check_http_LDADD = $(NETLIBS)
check_hpjd_LDADD = $(NETLIBS) popen.o
check_ldap_LDADD = $(NETLIBS) $(LDAPLIBS)
check_load_LDADD = $(BASEOBJS) popen.o
@@ -68,10 +68,10 @@
check_radius_LDADD = $(NETLIBS) $(RADIUSLIBS)
check_real_LDADD = $(NETLIBS)
check_snmp_LDADD = $(BASEOBJS) popen.o
-check_smtp_LDADD = $(NETLIBS) $(SSLLIBS)
+check_smtp_LDADD = $(NETLIBS)
check_ssh_LDADD = $(NETLIBS)
check_swap_LDADD = $(MATHLIBS) $(BASEOBJS) popen.o
-check_tcp_LDADD = $(NETLIBS) $(SSLLIBS)
+check_tcp_LDADD = $(NETLIBS)
check_time_LDADD = $(NETLIBS)
check_udp_LDADD = $(NETLIBS)
check_ups_LDADD = $(NETLIBS)
More information about the Commits
mailing list