diff options
| author | M. Sean Finney <seanius@users.sourceforge.net> | 2005-10-19 12:59:55 (GMT) |
|---|---|---|
| committer | M. Sean Finney <seanius@users.sourceforge.net> | 2005-10-19 12:59:55 (GMT) |
| commit | 65282c7685ca01c57d94d3df93c2f95d5b945e57 (patch) | |
| tree | eb1d0c95752126bd526d939332d14bf40cf7d1f7 /plugins/check_tcp.c | |
| parent | 8611341fb989382545c0c934c700e027d9bbab15 (diff) | |
| download | monitoring-plugins-65282c7685ca01c57d94d3df93c2f95d5b945e57.tar.gz | |
- initial attempt at consolidating ssl-related code into netutils.{c,h}
- added some #ifdefs to common.h and netutils.h to prevent multiple
inclusions (as netlibs now includes common.h)
- all ssl plugins (tcp/http/smtp) compile cleanly against gnutls, though
certificate checking still needs to be done.
- modified configure script so you can also explicitly say "without-gnutls"
too (otherwise if you disable openssl you have no way of disabling
gnutls too)
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1255 f882894a-f735-0410-b71e-b25c423dba1c
Diffstat (limited to 'plugins/check_tcp.c')
| -rw-r--r-- | plugins/check_tcp.c | 145 |
1 files changed, 30 insertions, 115 deletions
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c index 157588f..3ffa4cd 100644 --- a/plugins/check_tcp.c +++ b/plugins/check_tcp.c | |||
| @@ -28,42 +28,19 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net"; | |||
| 28 | #include "netutils.h" | 28 | #include "netutils.h" |
| 29 | #include "utils.h" | 29 | #include "utils.h" |
| 30 | 30 | ||
| 31 | #ifdef HAVE_GNUTLS_OPENSSL_H | ||
| 32 | # include <gnutls/openssl.h> | ||
| 33 | #else | ||
| 34 | # ifdef HAVE_SSL_H | ||
| 35 | # include <rsa.h> | ||
| 36 | # include <crypto.h> | ||
| 37 | # include <x509.h> | ||
| 38 | # include <pem.h> | ||
| 39 | # include <ssl.h> | ||
| 40 | # include <err.h> | ||
| 41 | # else | ||
| 42 | # ifdef HAVE_OPENSSL_SSL_H | ||
| 43 | # include <openssl/rsa.h> | ||
| 44 | # include <openssl/crypto.h> | ||
| 45 | # include <openssl/x509.h> | ||
| 46 | # include <openssl/pem.h> | ||
| 47 | # include <openssl/ssl.h> | ||
| 48 | # include <openssl/err.h> | ||
| 49 | # endif | ||
| 50 | # endif | ||
| 51 | #endif | ||
| 52 | |||
| 53 | #ifdef HAVE_SSL | 31 | #ifdef HAVE_SSL |
| 54 | static int check_cert = FALSE; | 32 | static int check_cert = FALSE; |
| 55 | static int days_till_exp; | 33 | static int days_till_exp; |
| 56 | static char *randbuff = ""; | 34 | static char *randbuff = ""; |
| 57 | static SSL_CTX *ctx; | ||
| 58 | static SSL *ssl; | ||
| 59 | static X509 *server_cert; | 35 | static X509 *server_cert; |
| 60 | static int connect_SSL (void); | ||
| 61 | # ifdef USE_OPENSSL | 36 | # ifdef USE_OPENSSL |
| 62 | static int check_certificate (X509 **); | 37 | static int check_certificate (X509 **); |
| 63 | # endif /* USE_OPENSSL */ | 38 | # endif /* USE_OPENSSL */ |
| 64 | # define my_recv(buf, len) ((flags & FLAG_SSL) ? SSL_read(ssl, buf, len) : read(sd, buf, len)) | 39 | # define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) |
| 40 | # define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0)) | ||
| 65 | #else | 41 | #else |
| 66 | # define my_recv(buf, len) read(sd, buf, len) | 42 | # define my_recv(buf, len) read(sd, buf, len) |
| 43 | # define my_send(buf, len) send(sd, buf, len, 0) | ||
| 67 | #endif | 44 | #endif |
| 68 | 45 | ||
| 69 | 46 | ||
| @@ -233,11 +210,21 @@ main (int argc, char **argv) | |||
| 233 | 210 | ||
| 234 | /* try to connect to the host at the given port number */ | 211 | /* try to connect to the host at the given port number */ |
| 235 | gettimeofday (&tv, NULL); | 212 | gettimeofday (&tv, NULL); |
| 213 | |||
| 214 | result = np_net_connect (server_address, server_port, &sd, PROTOCOL); | ||
| 215 | if (result == STATE_CRITICAL) return STATE_CRITICAL; | ||
| 216 | |||
| 236 | #ifdef HAVE_SSL | 217 | #ifdef HAVE_SSL |
| 237 | if (flags & FLAG_SSL && check_cert == TRUE) { | 218 | if (flags & FLAG_SSL){ |
| 238 | if (connect_SSL () != OK) | 219 | result = np_net_ssl_init(sd); |
| 220 | if(result != STATE_OK) return result; | ||
| 221 | /* XXX does np_net_ssl take care of printing an error? | ||
| 239 | die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n")); | 222 | die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n")); |
| 223 | */ | ||
| 224 | } | ||
| 240 | # ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */ | 225 | # ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */ |
| 226 | /* | ||
| 227 | if (flags & FLAG_SSL && check_cert == TRUE) { | ||
| 241 | if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { | 228 | if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { |
| 242 | result = check_certificate (&server_cert); | 229 | result = check_certificate (&server_cert); |
| 243 | X509_free(server_cert); | 230 | X509_free(server_cert); |
| @@ -246,30 +233,21 @@ main (int argc, char **argv) | |||
| 246 | printf(_("CRITICAL - Cannot retrieve server certificate.\n")); | 233 | printf(_("CRITICAL - Cannot retrieve server certificate.\n")); |
| 247 | result = STATE_CRITICAL; | 234 | result = STATE_CRITICAL; |
| 248 | } | 235 | } |
| 236 | } | ||
| 237 | */ | ||
| 249 | # endif /* USE_OPENSSL */ | 238 | # endif /* USE_OPENSSL */ |
| 239 | #endif | ||
| 250 | 240 | ||
| 251 | SSL_shutdown (ssl); | 241 | if(result != STATE_OK){ |
| 252 | SSL_free (ssl); | 242 | #ifdef HAVE_SSL |
| 253 | SSL_CTX_free (ctx); | 243 | np_net_ssl_cleanup(); |
| 254 | close (sd); | 244 | #endif |
| 245 | if(sd) close(sd); | ||
| 255 | return result; | 246 | return result; |
| 256 | } | 247 | } |
| 257 | else if (flags & FLAG_SSL) | ||
| 258 | result = connect_SSL (); | ||
| 259 | else | ||
| 260 | #endif | ||
| 261 | result = np_net_connect (server_address, server_port, &sd, PROTOCOL); | ||
| 262 | |||
| 263 | if (result == STATE_CRITICAL) | ||
| 264 | return STATE_CRITICAL; | ||
| 265 | 248 | ||
| 266 | if (server_send != NULL) { /* Something to send? */ | 249 | if (server_send != NULL) { /* Something to send? */ |
| 267 | #ifdef HAVE_SSL | 250 | my_send(server_send, strlen(server_send)); |
| 268 | if (flags & FLAG_SSL) | ||
| 269 | SSL_write(ssl, server_send, (int)strlen(server_send)); | ||
| 270 | else | ||
| 271 | #endif | ||
| 272 | send (sd, server_send, strlen(server_send), 0); | ||
| 273 | } | 251 | } |
| 274 | 252 | ||
| 275 | if (delay > 0) { | 253 | if (delay > 0) { |
| @@ -332,21 +310,12 @@ main (int argc, char **argv) | |||
| 332 | } | 310 | } |
| 333 | 311 | ||
| 334 | if (server_quit != NULL) { | 312 | if (server_quit != NULL) { |
| 335 | #ifdef HAVE_SSL | 313 | my_send(server_quit, strlen(server_quit)); |
| 336 | if (flags & FLAG_SSL) { | ||
| 337 | SSL_write (ssl, server_quit, (int)strlen(server_quit)); | ||
| 338 | SSL_shutdown (ssl); | ||
| 339 | SSL_free (ssl); | ||
| 340 | SSL_CTX_free (ctx); | ||
| 341 | } | ||
| 342 | else | ||
| 343 | #endif | ||
| 344 | send (sd, server_quit, strlen (server_quit), 0); | ||
| 345 | } | 314 | } |
| 346 | 315 | #ifdef HAVE_SSL | |
| 347 | /* close the connection */ | 316 | np_net_ssl_cleanup(); |
| 348 | if (sd) | 317 | #endif |
| 349 | close (sd); | 318 | if (sd) close (sd); |
| 350 | 319 | ||
| 351 | microsec = deltime (tv); | 320 | microsec = deltime (tv); |
| 352 | elapsed_time = (double)microsec / 1.0e6; | 321 | elapsed_time = (double)microsec / 1.0e6; |
| @@ -600,61 +569,7 @@ process_arguments (int argc, char **argv) | |||
| 600 | 569 | ||
| 601 | /* SSL-specific functions */ | 570 | /* SSL-specific functions */ |
| 602 | #ifdef HAVE_SSL | 571 | #ifdef HAVE_SSL |
| 603 | static int | 572 | # ifdef USE_OPENSSL /* XXX */ |
| 604 | connect_SSL (void) | ||
| 605 | { | ||
| 606 | SSL_METHOD *meth; | ||
| 607 | |||
| 608 | /* Initialize SSL context */ | ||
| 609 | SSLeay_add_ssl_algorithms (); | ||
| 610 | meth = SSLv23_client_method (); | ||
| 611 | SSL_load_error_strings (); | ||
| 612 | OpenSSL_add_all_algorithms(); | ||
| 613 | if ((ctx = SSL_CTX_new (meth)) == NULL) | ||
| 614 | { | ||
| 615 | printf (_("CRITICAL - Cannot create SSL context.\n")); | ||
| 616 | return STATE_CRITICAL; | ||
| 617 | } | ||
| 618 | |||
| 619 | /* Initialize alarm signal handling */ | ||
| 620 | signal (SIGALRM, socket_timeout_alarm_handler); | ||
| 621 | |||
| 622 | /* Set socket timeout */ | ||
| 623 | alarm (socket_timeout); | ||
| 624 | |||
| 625 | /* Save start time */ | ||
| 626 | time (&start_time); | ||
| 627 | |||
| 628 | /* Make TCP connection */ | ||
| 629 | if (my_tcp_connect (server_address, server_port, &sd) == STATE_OK && was_refused == FALSE) | ||
| 630 | { | ||
| 631 | /* Do the SSL handshake */ | ||
| 632 | if ((ssl = SSL_new (ctx)) != NULL) | ||
| 633 | { | ||
| 634 | SSL_set_fd (ssl, sd); | ||
| 635 | if (SSL_connect(ssl) == 1) | ||
| 636 | return OK; | ||
| 637 | /* ERR_print_errors_fp (stderr); */ | ||
| 638 | printf (_("CRITICAL - Cannot make SSL connection ")); | ||
| 639 | #ifdef USE_OPENSSL /* XXX */ | ||
| 640 | ERR_print_errors_fp (stdout); | ||
| 641 | #endif /* USE_OPENSSL */ | ||
| 642 | /* printf("\n"); */ | ||
| 643 | } | ||
| 644 | else | ||
| 645 | { | ||
| 646 | printf (_("CRITICAL - Cannot initiate SSL handshake.\n")); | ||
| 647 | } | ||
| 648 | SSL_free (ssl); | ||
| 649 | } | ||
| 650 | |||
| 651 | SSL_CTX_free (ctx); | ||
| 652 | close (sd); | ||
| 653 | |||
| 654 | return STATE_CRITICAL; | ||
| 655 | } | ||
| 656 | |||
| 657 | #ifdef USE_OPENSSL /* XXX */ | ||
| 658 | static int | 573 | static int |
| 659 | check_certificate (X509 ** certificate) | 574 | check_certificate (X509 ** certificate) |
| 660 | { | 575 | { |