summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStanley Hopcroft <stanleyhopcroft@users.sourceforge.net>2004-12-01 08:26:59 (GMT)
committerStanley Hopcroft <stanleyhopcroft@users.sourceforge.net>2004-12-01 08:26:59 (GMT)
commit68ecdb70054dffaf0732016795e9735b19350b5d (patch)
treebe7250e536bc3cf8cadfa52877e5f3bcac2addf0
parent8c81cf5bd0fc95e8ba08dee99d7bba13b890037b (diff)
downloadmonitoring-plugins-68ecdb70054dffaf0732016795e9735b19350b5d.tar.gz
1041571 & 664615: check_tcp with cert check + nntps, simap, jabber
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@959 f882894a-f735-0410-b71e-b25c423dba1c
-rw-r--r--plugins/check_tcp.c167
1 files changed, 156 insertions, 11 deletions
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c
index b78bf34..7cef8bb 100644
--- a/plugins/check_tcp.c
+++ b/plugins/check_tcp.c
@@ -45,9 +45,14 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net";
45#endif 45#endif
46 46
47#ifdef HAVE_SSL 47#ifdef HAVE_SSL
48int check_cert = FALSE;
49int days_till_exp;
50char *randbuff = "";
48SSL_CTX *ctx; 51SSL_CTX *ctx;
49SSL *ssl; 52SSL *ssl;
53X509 *server_cert;
50int connect_SSL (void); 54int connect_SSL (void);
55int check_certificate (X509 **);
51#endif 56#endif
52 57
53enum { 58enum {
@@ -68,6 +73,7 @@ char *QUIT = NULL;
68int PROTOCOL = 0; 73int PROTOCOL = 0;
69int PORT = 0; 74int PORT = 0;
70 75
76char timestamp[17] = "";
71int server_port = 0; 77int server_port = 0;
72char *server_address = NULL; 78char *server_address = NULL;
73char *server_send = NULL; 79char *server_send = NULL;
@@ -184,6 +190,31 @@ main (int argc, char **argv)
184 use_ssl=TRUE; 190 use_ssl=TRUE;
185 PORT=995; 191 PORT=995;
186 } 192 }
193 else if (strstr(argv[0],"check_jabber")) {
194 progname = strdup("check_jabber");
195 SERVICE = strdup("JABBER");
196 SEND = strdup("<stream:stream to=\'host\' xmlns=\'jabber:client\' xmlns:stream=\'http://etherx.jabber.org/streams\'>\n");
197 EXPECT = strdup("<?xml version=\'1.0\'?><stream:stream xmlns:stream=\'http://etherx.jabber.org/streams\'");
198 QUIT = strdup("</stream:stream>\n");
199 PROTOCOL=TCP_PROTOCOL;
200 use_ssl=TRUE;
201 PORT = 5222;
202 }
203 else if (strstr (argv[0], "check_nntps")) {
204 progname = strdup("check_nntps");
205 SERVICE = strdup("NNTPS");
206 SEND = NULL;
207 EXPECT = NULL;
208 server_expect = realloc (server_expect, ++server_expect_count);
209 asprintf (&server_expect[server_expect_count - 1], "200");
210 server_expect = realloc (server_expect, ++server_expect_count);
211 asprintf (&server_expect[server_expect_count - 1], "201");
212 QUIT = strdup("QUIT\r\n");
213 PROTOCOL = TCP_PROTOCOL;
214 use_ssl=TRUE;
215 PORT = 563;
216}
217
187#endif 218#endif
188 else if (strstr (argv[0], "check_nntp")) { 219 else if (strstr (argv[0], "check_nntp")) {
189 progname = strdup ("check_nntp"); 220 progname = strdup ("check_nntp");
@@ -227,7 +258,24 @@ main (int argc, char **argv)
227 /* try to connect to the host at the given port number */ 258 /* try to connect to the host at the given port number */
228 gettimeofday (&tv, NULL); 259 gettimeofday (&tv, NULL);
229#ifdef HAVE_SSL 260#ifdef HAVE_SSL
230 if (use_ssl) 261 if (use_ssl && check_cert == TRUE) {
262 if (connect_SSL () != OK)
263 die (STATE_CRITICAL,"TCP CRITICAL - Could not make SSL connection\n");
264 if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
265 result = check_certificate (&server_cert);
266 X509_free(server_cert);
267 }
268 else {
269 printf("ERROR: Cannot retrieve server certificate.\n");
270 result = STATE_CRITICAL;
271 }
272 SSL_shutdown (ssl);
273 SSL_free (ssl);
274 SSL_CTX_free (ctx);
275 close (sd);
276 return result;
277 }
278 else if (use_ssl)
231 result = connect_SSL (); 279 result = connect_SSL ();
232 else 280 else
233#endif 281#endif
@@ -373,6 +421,10 @@ process_arguments (int argc, char **argv)
373 {"verbose", no_argument, 0, 'v'}, 421 {"verbose", no_argument, 0, 'v'},
374 {"version", no_argument, 0, 'V'}, 422 {"version", no_argument, 0, 'V'},
375 {"help", no_argument, 0, 'h'}, 423 {"help", no_argument, 0, 'h'},
424#ifdef HAVE_SSL
425 {"ssl", no_argument, 0, 'S'},
426 {"certificate", required_argument, 0, 'D'},
427#endif
376 {0, 0, 0, 0} 428 {0, 0, 0, 0}
377 }; 429 };
378 430
@@ -429,7 +481,7 @@ process_arguments (int argc, char **argv)
429 break; 481 break;
430 case 'H': /* hostname */ 482 case 'H': /* hostname */
431 if (is_host (optarg) == FALSE) 483 if (is_host (optarg) == FALSE)
432 usage2 (_("Invalid host name/address"), optarg); 484 usage2 (_("invalid host name or address"), optarg);
433 server_address = optarg; 485 server_address = optarg;
434 break; 486 break;
435 case 'c': /* critical */ 487 case 'c': /* critical */
@@ -459,7 +511,7 @@ process_arguments (int argc, char **argv)
459 break; 511 break;
460 case 't': /* timeout */ 512 case 't': /* timeout */
461 if (!is_intpos (optarg)) 513 if (!is_intpos (optarg))
462 usage2 (_("Timeout interval must be a positive integer"), optarg); 514 usage (_("Timeout interval must be a positive integer\n"));
463 else 515 else
464 socket_timeout = atoi (optarg); 516 socket_timeout = atoi (optarg);
465 break; 517 break;
@@ -504,12 +556,19 @@ process_arguments (int argc, char **argv)
504 else 556 else
505 usage (_("Delay must be a positive integer\n")); 557 usage (_("Delay must be a positive integer\n"));
506 break; 558 break;
559 case 'D': /* Check SSL cert validity - days 'til certificate expiration */
560#ifdef HAVE_SSL
561 if (!is_intnonneg (optarg))
562 usage2 ("invalid certificate expiration period", optarg);
563 days_till_exp = atoi (optarg);
564 check_cert = TRUE;
565 use_ssl = TRUE;
566 break;
507 case 'S': 567 case 'S':
508#ifndef HAVE_SSL
509 die (STATE_UNKNOWN,
510 _("SSL support not available. Install OpenSSL and recompile."));
511#endif
512 use_ssl = TRUE; 568 use_ssl = TRUE;
569#else
570 die (STATE_UNKNOWN, "SSL support not available. Install OpenSSL and recompile.");
571#endif
513 break; 572 break;
514 } 573 }
515 } 574 }
@@ -556,7 +615,10 @@ connect_SSL (void)
556 SSL_set_fd (ssl, sd); 615 SSL_set_fd (ssl, sd);
557 if (SSL_connect(ssl) == 1) 616 if (SSL_connect(ssl) == 1)
558 return OK; 617 return OK;
559 ERR_print_errors_fp (stderr); 618 /* ERR_print_errors_fp (stderr); */
619 printf (_("ERROR: Cannot make SSL connection "));
620 ERR_print_errors_fp (stdout);
621 /* printf("\n"); */
560 } 622 }
561 else 623 else
562 { 624 {
@@ -572,7 +634,81 @@ connect_SSL (void)
572} 634}
573#endif 635#endif
574 636
637#ifdef HAVE_SSL
638int
639check_certificate (X509 ** certificate)
640{
641 ASN1_STRING *tm;
642 int offset;
643 struct tm stamp;
644 int days_left;
645
575 646
647 /* Retrieve timestamp of certificate */
648 tm = X509_get_notAfter (*certificate);
649
650 /* Generate tm structure to process timestamp */
651 if (tm->type == V_ASN1_UTCTIME) {
652 if (tm->length < 10) {
653 printf ("ERROR: Wrong time format in certificate.\n");
654 return STATE_CRITICAL;
655 }
656 else {
657 stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0');
658 if (stamp.tm_year < 50)
659 stamp.tm_year += 100;
660 offset = 0;
661 }
662 }
663 else {
664 if (tm->length < 12) {
665 printf ("ERROR: Wrong time format in certificate.\n");
666 return STATE_CRITICAL;
667 }
668 else {
669 stamp.tm_year =
670 (tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 +
671 (tm->data[2] - '0') * 10 + (tm->data[3] - '0');
672 stamp.tm_year -= 1900;
673 offset = 2;
674 }
675 }
676 stamp.tm_mon =
677 (tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1;
678 stamp.tm_mday =
679 (tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0');
680 stamp.tm_hour =
681 (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0');
682 stamp.tm_min =
683 (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0');
684 stamp.tm_sec = 0;
685 stamp.tm_isdst = -1;
686
687 days_left = (mktime (&stamp) - time (NULL)) / 86400;
688 snprintf
689 (timestamp, 16, "%02d/%02d/%04d %02d:%02d",
690 stamp.tm_mon + 1,
691 stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
692
693 if (days_left > 0 && days_left <= days_till_exp) {
694 printf ("Certificate expires in %d day(s) (%s).\n", days_left, timestamp);
695 return STATE_WARNING;
696 }
697 if (days_left < 0) {
698 printf ("Certificate expired on %s.\n", timestamp);
699 return STATE_CRITICAL;
700 }
701
702 if (days_left == 0) {
703 printf ("Certificate expires today (%s).\n", timestamp);
704 return STATE_WARNING;
705 }
706
707 printf ("Certificate will expire on %s.\n", timestamp);
708
709 return STATE_OK;
710}
711#endif
576 712
577int 713int
578my_recv (void) 714my_recv (void)
@@ -603,8 +739,8 @@ print_help (void)
603{ 739{
604 print_revision (progname, revision); 740 print_revision (progname, revision);
605 741
606 printf ("Copyright (c) 1999 Ethan Galstad <nagios@nagios.org>\n"); 742 printf (_("Copyright (c) 1999 Ethan Galstad <nagios@nagios.org>\n"));
607 printf (COPYRIGHT, copyright, email); 743 printf (_(COPYRIGHT), copyright, email);
608 744
609 printf (_("This plugin tests %s connections with the specified host.\n\n"), 745 printf (_("This plugin tests %s connections with the specified host.\n\n"),
610 SERVICE); 746 SERVICE);
@@ -635,6 +771,14 @@ print_help (void)
635 -d, --delay=INTEGER\n\ 771 -d, --delay=INTEGER\n\
636 Seconds to wait between sending string and polling for response\n")); 772 Seconds to wait between sending string and polling for response\n"));
637 773
774#ifdef HAVE_SSL
775 printf (_("\
776 -D, --certificate=INTEGER\n\
777 Minimum number of days a certificate has to be valid.\n\
778 -S, --ssl\n\
779 Use SSL for the connection.\n"));
780#endif
781
638 printf (_(UT_WARN_CRIT)); 782 printf (_(UT_WARN_CRIT));
639 783
640 printf (_(UT_TIMEOUT), DEFAULT_SOCKET_TIMEOUT); 784 printf (_(UT_TIMEOUT), DEFAULT_SOCKET_TIMEOUT);
@@ -654,7 +798,8 @@ print_usage (void)
654Usage: %s -H host -p port [-w <warning time>] [-c <critical time>]\n\ 798Usage: %s -H host -p port [-w <warning time>] [-c <critical time>]\n\
655 [-s <send string>] [-e <expect string>] [-q <quit string>]\n\ 799 [-s <send string>] [-e <expect string>] [-q <quit string>]\n\
656 [-m <maximum bytes>] [-d <delay>] [-t <timeout seconds>]\n\ 800 [-m <maximum bytes>] [-d <delay>] [-t <timeout seconds>]\n\
657 [-r <refuse state>] [-v] [-4|-6] [-j]\n"), progname); 801 [-r <refuse state>] [-v] [-4|-6] [-j] [-D <days to cert expiry>]\n\
802 [-S <use SSL>]\n"), progname);
658 printf (" %s (-h|--help)\n", progname); 803 printf (" %s (-h|--help)\n", progname);
659 printf (" %s (-V|--version)\n", progname); 804 printf (" %s (-V|--version)\n", progname);
660} 805}