diff options
author | Holger Weiss <holger@zedat.fu-berlin.de> | 2013-09-10 11:09:22 +0200 |
---|---|---|
committer | Holger Weiss <holger@zedat.fu-berlin.de> | 2013-09-10 11:09:22 +0200 |
commit | 6b28ae739b1ca9f20519f7522b52d055ce3a0902 (patch) | |
tree | 440a23dc7092b7b1d5b31eadf307a48c05db3192 | |
parent | 5bfca4b34d15ef40239ed6074b9ff9c061022946 (diff) | |
download | monitoring-plugins-6b28ae739b1ca9f20519f7522b52d055ce3a0902.tar.gz |
check_http: Support HTTP CONNECT methodhw/http-connect
Add the -Y/--http-connect[=<port>] option which tells check_http to use
the HTTP CONNECT method for tunneling an HTTPS connection through a
proxy server.
This is a modified version of a patch provided by Mark Frost in
SourceForge tracker item #2975393, updated for the current check_http
code. Changes include:
- Let the new --http-connect option imply --ssl.
- Allow for specifying the server port the proxy should connect to.
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | THANKS.in | 1 | ||||
-rw-r--r-- | plugins/check_http.c | 56 |
3 files changed, 56 insertions, 2 deletions
@@ -17,6 +17,7 @@ This file documents the major additions and syntax changes between releases. | |||
17 | New switch -E/--extended-perfdata for check_http to print additional performance data (Sebastian Nohn) | 17 | New switch -E/--extended-perfdata for check_http to print additional performance data (Sebastian Nohn) |
18 | New check_http -d option to specify a string to expect within the response headers | 18 | New check_http -d option to specify a string to expect within the response headers |
19 | New check_http -J/-K options for client certificate authentication support | 19 | New check_http -J/-K options for client certificate authentication support |
20 | New check_http -Y/--http-connect[=<port>] option for tunneling SSL connections through proxies | ||
20 | Add support for executing queries to check_pgsql | 21 | Add support for executing queries to check_pgsql |
21 | Let check_pgsql accept a UNIX socket directory as hostname | 22 | Let check_pgsql accept a UNIX socket directory as hostname |
22 | New check_pgsql -o option to specify additional connection parameters | 23 | New check_pgsql -o option to specify additional connection parameters |
@@ -286,3 +286,4 @@ Fabio Rueda | |||
286 | Gabriele Tozzi | 286 | Gabriele Tozzi |
287 | Sebastian Nohn | 287 | Sebastian Nohn |
288 | Emmanuel Dreyfus | 288 | Emmanuel Dreyfus |
289 | Mark Frost | ||
diff --git a/plugins/check_http.c b/plugins/check_http.c index c44bb3ac..43c37e06 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c | |||
@@ -118,6 +118,8 @@ int use_ssl = FALSE; | |||
118 | int use_sni = FALSE; | 118 | int use_sni = FALSE; |
119 | int verbose = FALSE; | 119 | int verbose = FALSE; |
120 | int show_extended_perfdata = FALSE; | 120 | int show_extended_perfdata = FALSE; |
121 | int http_connect = FALSE; | ||
122 | int connect_port = HTTPS_PORT; | ||
121 | int sd; | 123 | int sd; |
122 | int min_page_len = 0; | 124 | int min_page_len = 0; |
123 | int max_page_len = 0; | 125 | int max_page_len = 0; |
@@ -133,6 +135,7 @@ char *client_privkey = NULL; | |||
133 | int process_arguments (int, char **); | 135 | int process_arguments (int, char **); |
134 | int check_http (void); | 136 | int check_http (void); |
135 | void redir (char *pos, char *status_line); | 137 | void redir (char *pos, char *status_line); |
138 | int http_connect_through_proxy (char *host_name, int port, char *user_agent, int sd); | ||
136 | int server_type_check(const char *type); | 139 | int server_type_check(const char *type); |
137 | int server_port_check(int ssl_flag); | 140 | int server_port_check(int ssl_flag); |
138 | char *perfd_time (double microsec); | 141 | char *perfd_time (double microsec); |
@@ -209,6 +212,7 @@ process_arguments (int argc, char **argv) | |||
209 | {"nohtml", no_argument, 0, 'n'}, | 212 | {"nohtml", no_argument, 0, 'n'}, |
210 | {"ssl", optional_argument, 0, 'S'}, | 213 | {"ssl", optional_argument, 0, 'S'}, |
211 | {"sni", no_argument, 0, SNI_OPTION}, | 214 | {"sni", no_argument, 0, SNI_OPTION}, |
215 | {"http-connect", optional_argument, 0, 'Y'}, | ||
212 | {"post", required_argument, 0, 'P'}, | 216 | {"post", required_argument, 0, 'P'}, |
213 | {"method", required_argument, 0, 'j'}, | 217 | {"method", required_argument, 0, 'j'}, |
214 | {"IP-address", required_argument, 0, 'I'}, | 218 | {"IP-address", required_argument, 0, 'I'}, |
@@ -257,7 +261,7 @@ process_arguments (int argc, char **argv) | |||
257 | } | 261 | } |
258 | 262 | ||
259 | while (1) { | 263 | while (1) { |
260 | c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:nlLS::m:M:N:E", longopts, &option); | 264 | c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:Y::T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:nlLS::m:M:N:E", longopts, &option); |
261 | if (c == -1 || c == EOF) | 265 | if (c == -1 || c == EOF) |
262 | break; | 266 | break; |
263 | 267 | ||
@@ -336,6 +340,13 @@ process_arguments (int argc, char **argv) | |||
336 | client_privkey = optarg; | 340 | client_privkey = optarg; |
337 | goto enable_ssl; | 341 | goto enable_ssl; |
338 | #endif | 342 | #endif |
343 | case 'Y': /* Use HTTP CONNECT */ | ||
344 | #ifdef HAVE_SSL | ||
345 | if (optarg != NULL && ((connect_port = atoi (optarg)) < 1 || connect_port > 65535)) | ||
346 | usage2 (_("Invalid HTTP CONNECT port number"), optarg); | ||
347 | http_connect = TRUE; | ||
348 | goto enable_ssl; | ||
349 | #endif | ||
339 | case 'S': /* use SSL */ | 350 | case 'S': /* use SSL */ |
340 | #ifdef HAVE_SSL | 351 | #ifdef HAVE_SSL |
341 | enable_ssl: | 352 | enable_ssl: |
@@ -879,6 +890,8 @@ check_http (void) | |||
879 | elapsed_time_connect = (double)microsec_connect / 1.0e6; | 890 | elapsed_time_connect = (double)microsec_connect / 1.0e6; |
880 | if (use_ssl == TRUE) { | 891 | if (use_ssl == TRUE) { |
881 | gettimeofday (&tv_temp, NULL); | 892 | gettimeofday (&tv_temp, NULL); |
893 | if (http_connect == TRUE && http_connect_through_proxy (host_name, connect_port, user_agent, sd) != STATE_OK) | ||
894 | die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open proxy tunnel TCP socket\n")); | ||
882 | result = np_net_ssl_init_with_hostname_version_and_cert(sd, (use_sni ? host_name : NULL), ssl_version, client_cert, client_privkey); | 895 | result = np_net_ssl_init_with_hostname_version_and_cert(sd, (use_sni ? host_name : NULL), ssl_version, client_cert, client_privkey); |
883 | if (result != STATE_OK) | 896 | if (result != STATE_OK) |
884 | return result; | 897 | return result; |
@@ -1369,6 +1382,41 @@ redir (char *pos, char *status_line) | |||
1369 | check_http (); | 1382 | check_http (); |
1370 | } | 1383 | } |
1371 | 1384 | ||
1385 | /* start the HTTP CONNECT method exchange with a proxy host */ | ||
1386 | int | ||
1387 | http_connect_through_proxy (char *host_name, int port, char *user_agent, int sd) | ||
1388 | { | ||
1389 | int result; | ||
1390 | char *send_buffer=NULL; | ||
1391 | char recv_buffer[MAX_INPUT_BUFFER]; | ||
1392 | char *status_line; | ||
1393 | char *status_code; | ||
1394 | int http_status; | ||
1395 | |||
1396 | asprintf( &send_buffer, "CONNECT %s:%d HTTP/1.0\r\nUser-agent: %s\r\n\r\n", host_name, port, user_agent); | ||
1397 | |||
1398 | result = STATE_OK; | ||
1399 | result = send_tcp_request (sd, send_buffer, recv_buffer, sizeof(recv_buffer)); | ||
1400 | if (result != STATE_OK) | ||
1401 | return result; | ||
1402 | |||
1403 | status_line = recv_buffer; | ||
1404 | status_line[strcspn(status_line, "\r\n")] = 0; | ||
1405 | strip (status_line); | ||
1406 | if (verbose) | ||
1407 | printf ("HTTP_CONNECT STATUS: %s\n", status_line); | ||
1408 | |||
1409 | status_code = strchr (status_line, ' ') + sizeof (char); | ||
1410 | if (strspn (status_code, "1234567890") != 3) | ||
1411 | die (STATE_CRITICAL, _("HTTP CRITICAL: HTTP_CONNECT Returns Invalid Status Line (%s)\n"), status_line); | ||
1412 | |||
1413 | http_status = atoi (status_code); | ||
1414 | |||
1415 | if (http_status != 200) | ||
1416 | die (STATE_CRITICAL, _("HTTP CRITICAL: Invalid HTTP Connect Proxy Status (%s)\n"), status_line); | ||
1417 | |||
1418 | return STATE_OK; | ||
1419 | } | ||
1372 | 1420 | ||
1373 | int | 1421 | int |
1374 | server_type_check (const char *type) | 1422 | server_type_check (const char *type) |
@@ -1479,6 +1527,10 @@ print_help (void) | |||
1479 | printf (" %s\n", "-K, --private-key=FILE"); | 1527 | printf (" %s\n", "-K, --private-key=FILE"); |
1480 | printf (" %s\n", _("Name of file containing the private key (PEM format)")); | 1528 | printf (" %s\n", _("Name of file containing the private key (PEM format)")); |
1481 | printf (" %s\n", _("matching the client certificate")); | 1529 | printf (" %s\n", _("matching the client certificate")); |
1530 | printf (" %s\n", "-Y, --http-connect=PORT"); | ||
1531 | printf (" %s\n", _("Connect to a proxy using the HTTP CONNECT method (SSL tunnel).")); | ||
1532 | printf (" %s\n", _("Implies -S. The optional PORT number specifies the port on the server the")); | ||
1533 | printf (" %s\n\n", _("proxy should connect to (default: 443).")); | ||
1482 | #endif | 1534 | #endif |
1483 | 1535 | ||
1484 | printf (" %s\n", "-e, --expect=STRING"); | 1536 | printf (" %s\n", "-e, --expect=STRING"); |
@@ -1589,7 +1641,7 @@ print_usage (void) | |||
1589 | { | 1641 | { |
1590 | printf ("%s\n", _("Usage:")); | 1642 | printf ("%s\n", _("Usage:")); |
1591 | printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname); | 1643 | printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname); |
1592 | printf (" [-J <client certificate file>] [-K <private key>]\n"); | 1644 | printf (" [-J <client certificate file>] [-K <private key>] [-Y <port>]\n"); |
1593 | printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n"); | 1645 | printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n"); |
1594 | printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n"); | 1646 | printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n"); |
1595 | printf (" [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); | 1647 | printf (" [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); |