summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLorenz <12514511+RincewindsHat@users.noreply.github.com>2022-07-03 16:05:39 +0200
committerGitHub <noreply@github.com>2022-07-03 16:05:39 +0200
commitc389aa4f918aab5cf181aa2cb9dec68b3bf34d4f (patch)
tree0e22e6bda6757f593196e5183e1b76705565bc09
parent3b9f09d48beb9b71386153fb16b168c1af3c9a19 (diff)
parent175e43133c9dbeb156e52b8e54cd04e44401f424 (diff)
downloadmonitoring-plugins-c389aa4f918aab5cf181aa2cb9dec68b3bf34d4f.tar.gz
Merge branch 'master' into rename_output_to_cmd_output
-rw-r--r--.github/workflows/codeql-analysis.yml5
-rw-r--r--[-rwxr-xr-x]plugins-scripts/check_disk_smb.pl10
-rw-r--r--plugins/check_curl.c26
-rw-r--r--plugins/check_http.c24
4 files changed, 52 insertions, 13 deletions
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 9de367e5..afe6ab4f 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -53,6 +53,7 @@ jobs:
53 53
54 - name: Install packages 54 - name: Install packages
55 run: | 55 run: |
56 sudo apt update
56 sudo apt-get install -y --no-install-recommends m4 gettext automake autoconf make build-essential 57 sudo apt-get install -y --no-install-recommends m4 gettext automake autoconf make build-essential
57 sudo apt-get install -y --no-install-recommends perl autotools-dev libdbi-dev libldap2-dev libpq-dev \ 58 sudo apt-get install -y --no-install-recommends perl autotools-dev libdbi-dev libldap2-dev libpq-dev \
58 libmysqlclient-dev libradcli-dev libkrb5-dev libdbi0-dev \ 59 libmysqlclient-dev libradcli-dev libkrb5-dev libdbi0-dev \
@@ -62,10 +63,10 @@ jobs:
62 run: | 63 run: |
63 ./tools/setup 64 ./tools/setup
64 ./configure --enable-libtap 65 ./configure --enable-libtap
65 66
66 - name: Build 67 - name: Build
67 run: | 68 run: |
68 make 69 make
69 70
70 - name: Perform CodeQL Analysis 71 - name: Perform CodeQL Analysis
71 uses: github/codeql-action/analyze@v1 72 uses: github/codeql-action/analyze@v2
diff --git a/plugins-scripts/check_disk_smb.pl b/plugins-scripts/check_disk_smb.pl
index ad71e6a2..15d16340 100755..100644
--- a/plugins-scripts/check_disk_smb.pl
+++ b/plugins-scripts/check_disk_smb.pl
@@ -22,7 +22,7 @@ require 5.004;
22use POSIX qw(setsid); 22use POSIX qw(setsid);
23use strict; 23use strict;
24use Getopt::Long; 24use Getopt::Long;
25use vars qw($opt_P $opt_V $opt_h $opt_H $opt_s $opt_W $opt_u $opt_p $opt_w $opt_c $opt_a $opt_C $verbose); 25use vars qw($opt_P $opt_V $opt_h $opt_H $opt_s $opt_W $opt_u $opt_p $opt_w $opt_c $opt_a $opt_C $opt_t $verbose);
26use vars qw($PROGNAME); 26use vars qw($PROGNAME);
27use FindBin; 27use FindBin;
28use lib "$FindBin::Bin"; 28use lib "$FindBin::Bin";
@@ -43,6 +43,7 @@ $ENV{'ENV'}='';
43Getopt::Long::Configure('bundling'); 43Getopt::Long::Configure('bundling');
44GetOptions 44GetOptions
45 ("v" => \$verbose, "verbose" => \$verbose, 45 ("v" => \$verbose, "verbose" => \$verbose,
46 "t=i" => \$opt_t, "timeout=i" => \$opt_t,
46 "P=s" => \$opt_P, "port=s" => \$opt_P, 47 "P=s" => \$opt_P, "port=s" => \$opt_P,
47 "V" => \$opt_V, "version" => \$opt_V, 48 "V" => \$opt_V, "version" => \$opt_V,
48 "h" => \$opt_h, "help" => \$opt_h, 49 "h" => \$opt_h, "help" => \$opt_h,
@@ -96,6 +97,8 @@ my $crit = $1 if ($opt_c =~ /^([0-9]{1,2}\%?|100\%?|[0-9]+[kMG])$/);
96my $configfile = $opt_C if ($opt_C); 97my $configfile = $opt_C if ($opt_C);
97usage("Unable to read config file $configfile\n") if ($configfile) && (! -r $configfile); 98usage("Unable to read config file $configfile\n") if ($configfile) && (! -r $configfile);
98 99
100if ($opt_t && $opt_t =~ /^([0-9]+)$/) { $TIMEOUT = $1; }
101
99# Execute the given command line and return anything it writes to STDOUT and/or 102# Execute the given command line and return anything it writes to STDOUT and/or
100# STDERR. (This might be useful for other plugins, too, so it should possibly 103# STDERR. (This might be useful for other plugins, too, so it should possibly
101# be moved to utils.pm.) 104# be moved to utils.pm.)
@@ -298,7 +301,8 @@ exit $ERRORS{$state};
298 301
299sub print_usage () { 302sub print_usage () {
300 print "Usage: $PROGNAME -H <host> -s <share> -u <user> -p <password> 303 print "Usage: $PROGNAME -H <host> -s <share> -u <user> -p <password>
301 -w <warn> -c <crit> [-W <workgroup>] [-P <port>] [-a <IP>] [-C <configfile>]\n"; 304 -w <warn> -c <crit> [-W <workgroup>] [-P <port>] [-a <IP>] [-t timeout]
305 [-C <configfile>]\n";
302} 306}
303 307
304sub print_help () { 308sub print_help () {
@@ -326,6 +330,8 @@ Perl Check SMB Disk plugin for monitoring
326 Percent of used space at which a warning will be generated (Default: 85%) 330 Percent of used space at which a warning will be generated (Default: 85%)
327-c, --critical=INTEGER or INTEGER[kMG] 331-c, --critical=INTEGER or INTEGER[kMG]
328 Percent of used space at which a critical will be generated (Defaults: 95%) 332 Percent of used space at which a critical will be generated (Defaults: 95%)
333-t, --timeout=INTEGER
334 Seconds before connection times out (Default: 15)
329-P, --port=INTEGER 335-P, --port=INTEGER
330 Port to be used to connect to. Some Windows boxes use 139, others 445 (Defaults to smbclient default) 336 Port to be used to connect to. Some Windows boxes use 139, others 445 (Defaults to smbclient default)
331-C, --configfile=STRING 337-C, --configfile=STRING
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index 7da84de4..a69854a8 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -193,6 +193,7 @@ int followsticky = STICKY_NONE;
193int use_ssl = FALSE; 193int use_ssl = FALSE;
194int use_sni = TRUE; 194int use_sni = TRUE;
195int check_cert = FALSE; 195int check_cert = FALSE;
196int continue_after_check_cert = FALSE;
196typedef union { 197typedef union {
197 struct curl_slist* to_info; 198 struct curl_slist* to_info;
198 struct curl_certinfo* to_certinfo; 199 struct curl_certinfo* to_certinfo;
@@ -754,7 +755,9 @@ check_http (void)
754 * and we actually have OpenSSL in the monitoring tools 755 * and we actually have OpenSSL in the monitoring tools
755 */ 756 */
756 result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); 757 result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
757 return result; 758 if (continue_after_check_cert == FALSE) {
759 return result;
760 }
758#else /* USE_OPENSSL */ 761#else /* USE_OPENSSL */
759 die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n"); 762 die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n");
760#endif /* USE_OPENSSL */ 763#endif /* USE_OPENSSL */
@@ -794,13 +797,17 @@ GOT_FIRST_CERT:
794 } 797 }
795 BIO_free (cert_BIO); 798 BIO_free (cert_BIO);
796 result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); 799 result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
797 return result; 800 if (continue_after_check_cert == FALSE) {
801 return result;
802 }
798#else /* USE_OPENSSL */ 803#else /* USE_OPENSSL */
799 /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal, 804 /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal,
800 * so we use the libcurl CURLINFO data 805 * so we use the libcurl CURLINFO data
801 */ 806 */
802 result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit); 807 result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit);
803 return result; 808 if (continue_after_check_cert == FALSE) {
809 return result;
810 }
804#endif /* USE_OPENSSL */ 811#endif /* USE_OPENSSL */
805 } else { 812 } else {
806 snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates - cURL returned %d - %s"), 813 snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates - cURL returned %d - %s"),
@@ -1211,6 +1218,7 @@ process_arguments (int argc, char **argv)
1211 INVERT_REGEX = CHAR_MAX + 1, 1218 INVERT_REGEX = CHAR_MAX + 1,
1212 SNI_OPTION, 1219 SNI_OPTION,
1213 MAX_REDIRS_OPTION, 1220 MAX_REDIRS_OPTION,
1221 CONTINUE_AFTER_CHECK_CERT,
1214 CA_CERT_OPTION, 1222 CA_CERT_OPTION,
1215 HTTP_VERSION_OPTION, 1223 HTTP_VERSION_OPTION,
1216 AUTOMATIC_DECOMPRESSION 1224 AUTOMATIC_DECOMPRESSION
@@ -1244,6 +1252,7 @@ process_arguments (int argc, char **argv)
1244 {"private-key", required_argument, 0, 'K'}, 1252 {"private-key", required_argument, 0, 'K'},
1245 {"ca-cert", required_argument, 0, CA_CERT_OPTION}, 1253 {"ca-cert", required_argument, 0, CA_CERT_OPTION},
1246 {"verify-cert", no_argument, 0, 'D'}, 1254 {"verify-cert", no_argument, 0, 'D'},
1255 {"continue-after-certificate", no_argument, 0, CONTINUE_AFTER_CHECK_CERT},
1247 {"useragent", required_argument, 0, 'A'}, 1256 {"useragent", required_argument, 0, 'A'},
1248 {"header", required_argument, 0, 'k'}, 1257 {"header", required_argument, 0, 'k'},
1249 {"no-body", no_argument, 0, 'N'}, 1258 {"no-body", no_argument, 0, 'N'},
@@ -1403,6 +1412,11 @@ process_arguments (int argc, char **argv)
1403 check_cert = TRUE; 1412 check_cert = TRUE;
1404 goto enable_ssl; 1413 goto enable_ssl;
1405#endif 1414#endif
1415 case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */
1416#ifdef HAVE_SSL
1417 continue_after_check_cert = TRUE;
1418 break;
1419#endif
1406 case 'J': /* use client certificate */ 1420 case 'J': /* use client certificate */
1407#ifdef LIBCURL_FEATURE_SSL 1421#ifdef LIBCURL_FEATURE_SSL
1408 test_file(optarg); 1422 test_file(optarg);
@@ -1800,7 +1814,11 @@ print_help (void)
1800#endif 1814#endif
1801 printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); 1815 printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");
1802 printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); 1816 printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
1803 printf (" %s\n", _("(when this option is used the URL is not checked.)")); 1817 printf (" %s\n", _("(when this option is used the URL is not checked by default. You can use"));
1818 printf (" %s\n", _(" --continue-after-certificate to override this behavior)"));
1819 printf (" %s\n", "--continue-after-certificate");
1820 printf (" %s\n", _("Allows the HTTP check to continue after performing the certificate check."));
1821 printf (" %s\n", _("Does nothing unless -C is used."));
1804 printf (" %s\n", "-J, --client-cert=FILE"); 1822 printf (" %s\n", "-J, --client-cert=FILE");
1805 printf (" %s\n", _("Name of file that contains the client certificate (PEM format)")); 1823 printf (" %s\n", _("Name of file that contains the client certificate (PEM format)"));
1806 printf (" %s\n", _("to be used in establishing the SSL session")); 1824 printf (" %s\n", _("to be used in establishing the SSL session"));
diff --git a/plugins/check_http.c b/plugins/check_http.c
index df2a79c2..f8ec853b 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -58,6 +58,7 @@ enum {
58 58
59#ifdef HAVE_SSL 59#ifdef HAVE_SSL
60int check_cert = FALSE; 60int check_cert = FALSE;
61int continue_after_check_cert = FALSE;
61int ssl_version = 0; 62int ssl_version = 0;
62int days_till_exp_warn, days_till_exp_crit; 63int days_till_exp_warn, days_till_exp_crit;
63char *randbuff; 64char *randbuff;
@@ -205,7 +206,8 @@ process_arguments (int argc, char **argv)
205 enum { 206 enum {
206 INVERT_REGEX = CHAR_MAX + 1, 207 INVERT_REGEX = CHAR_MAX + 1,
207 SNI_OPTION, 208 SNI_OPTION,
208 MAX_REDIRS_OPTION 209 MAX_REDIRS_OPTION,
210 CONTINUE_AFTER_CHECK_CERT
209 }; 211 };
210 212
211 int option = 0; 213 int option = 0;
@@ -233,6 +235,7 @@ process_arguments (int argc, char **argv)
233 {"certificate", required_argument, 0, 'C'}, 235 {"certificate", required_argument, 0, 'C'},
234 {"client-cert", required_argument, 0, 'J'}, 236 {"client-cert", required_argument, 0, 'J'},
235 {"private-key", required_argument, 0, 'K'}, 237 {"private-key", required_argument, 0, 'K'},
238 {"continue-after-certificate", no_argument, 0, CONTINUE_AFTER_CHECK_CERT},
236 {"useragent", required_argument, 0, 'A'}, 239 {"useragent", required_argument, 0, 'A'},
237 {"header", required_argument, 0, 'k'}, 240 {"header", required_argument, 0, 'k'},
238 {"no-body", no_argument, 0, 'N'}, 241 {"no-body", no_argument, 0, 'N'},
@@ -332,6 +335,11 @@ process_arguments (int argc, char **argv)
332 check_cert = TRUE; 335 check_cert = TRUE;
333 goto enable_ssl; 336 goto enable_ssl;
334#endif 337#endif
338 case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */
339#ifdef HAVE_SSL
340 continue_after_check_cert = TRUE;
341 break;
342#endif
335 case 'J': /* use client certificate */ 343 case 'J': /* use client certificate */
336#ifdef HAVE_SSL 344#ifdef HAVE_SSL
337 test_file(optarg); 345 test_file(optarg);
@@ -981,9 +989,11 @@ check_http (void)
981 elapsed_time_ssl = (double)microsec_ssl / 1.0e6; 989 elapsed_time_ssl = (double)microsec_ssl / 1.0e6;
982 if (check_cert == TRUE) { 990 if (check_cert == TRUE) {
983 result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); 991 result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
984 if (sd) close(sd); 992 if (continue_after_check_cert == FALSE) {
985 np_net_ssl_cleanup(); 993 if (sd) close(sd);
986 return result; 994 np_net_ssl_cleanup();
995 return result;
996 }
987 } 997 }
988 } 998 }
989#endif /* HAVE_SSL */ 999#endif /* HAVE_SSL */
@@ -1608,7 +1618,11 @@ print_help (void)
1608 printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); 1618 printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
1609 printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); 1619 printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");
1610 printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); 1620 printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
1611 printf (" %s\n", _("(when this option is used the URL is not checked.)")); 1621 printf (" %s\n", _("(when this option is used the URL is not checked by default. You can use"));
1622 printf (" %s\n", _(" --continue-after-certificate to override this behavior)"));
1623 printf (" %s\n", "--continue-after-certificate");
1624 printf (" %s\n", _("Allows the HTTP check to continue after performing the certificate check."));
1625 printf (" %s\n", _("Does nothing unless -C is used."));
1612 printf (" %s\n", "-J, --client-cert=FILE"); 1626 printf (" %s\n", "-J, --client-cert=FILE");
1613 printf (" %s\n", _("Name of file that contains the client certificate (PEM format)")); 1627 printf (" %s\n", _("Name of file that contains the client certificate (PEM format)"));
1614 printf (" %s\n", _("to be used in establishing the SSL session")); 1628 printf (" %s\n", _("to be used in establishing the SSL session"));