summaryrefslogtreecommitdiffstats
path: root/plugins/check_tcp.c
diff options
context:
space:
mode:
authorM. Sean Finney <seanius@users.sourceforge.net>2005-10-19 12:59:55 +0000
committerM. Sean Finney <seanius@users.sourceforge.net>2005-10-19 12:59:55 +0000
commit65282c7685ca01c57d94d3df93c2f95d5b945e57 (patch)
treeeb1d0c95752126bd526d939332d14bf40cf7d1f7 /plugins/check_tcp.c
parent8611341fb989382545c0c934c700e027d9bbab15 (diff)
downloadmonitoring-plugins-65282c7685ca01c57d94d3df93c2f95d5b945e57.tar.gz
- initial attempt at consolidating ssl-related code into netutils.{c,h}
- added some #ifdefs to common.h and netutils.h to prevent multiple inclusions (as netlibs now includes common.h) - all ssl plugins (tcp/http/smtp) compile cleanly against gnutls, though certificate checking still needs to be done. - modified configure script so you can also explicitly say "without-gnutls" too (otherwise if you disable openssl you have no way of disabling gnutls too) git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1255 f882894a-f735-0410-b71e-b25c423dba1c
Diffstat (limited to 'plugins/check_tcp.c')
-rw-r--r--plugins/check_tcp.c145
1 files changed, 30 insertions, 115 deletions
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c
index 157588fd..3ffa4cd6 100644
--- a/plugins/check_tcp.c
+++ b/plugins/check_tcp.c
@@ -28,42 +28,19 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net";
28#include "netutils.h" 28#include "netutils.h"
29#include "utils.h" 29#include "utils.h"
30 30
31#ifdef HAVE_GNUTLS_OPENSSL_H
32# include <gnutls/openssl.h>
33#else
34# ifdef HAVE_SSL_H
35# include <rsa.h>
36# include <crypto.h>
37# include <x509.h>
38# include <pem.h>
39# include <ssl.h>
40# include <err.h>
41# else
42# ifdef HAVE_OPENSSL_SSL_H
43# include <openssl/rsa.h>
44# include <openssl/crypto.h>
45# include <openssl/x509.h>
46# include <openssl/pem.h>
47# include <openssl/ssl.h>
48# include <openssl/err.h>
49# endif
50# endif
51#endif
52
53#ifdef HAVE_SSL 31#ifdef HAVE_SSL
54static int check_cert = FALSE; 32static int check_cert = FALSE;
55static int days_till_exp; 33static int days_till_exp;
56static char *randbuff = ""; 34static char *randbuff = "";
57static SSL_CTX *ctx;
58static SSL *ssl;
59static X509 *server_cert; 35static X509 *server_cert;
60static int connect_SSL (void);
61# ifdef USE_OPENSSL 36# ifdef USE_OPENSSL
62static int check_certificate (X509 **); 37static int check_certificate (X509 **);
63# endif /* USE_OPENSSL */ 38# endif /* USE_OPENSSL */
64# define my_recv(buf, len) ((flags & FLAG_SSL) ? SSL_read(ssl, buf, len) : read(sd, buf, len)) 39# define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
40# define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
65#else 41#else
66# define my_recv(buf, len) read(sd, buf, len) 42# define my_recv(buf, len) read(sd, buf, len)
43# define my_send(buf, len) send(sd, buf, len, 0)
67#endif 44#endif
68 45
69 46
@@ -233,11 +210,21 @@ main (int argc, char **argv)
233 210
234 /* try to connect to the host at the given port number */ 211 /* try to connect to the host at the given port number */
235 gettimeofday (&tv, NULL); 212 gettimeofday (&tv, NULL);
213
214 result = np_net_connect (server_address, server_port, &sd, PROTOCOL);
215 if (result == STATE_CRITICAL) return STATE_CRITICAL;
216
236#ifdef HAVE_SSL 217#ifdef HAVE_SSL
237 if (flags & FLAG_SSL && check_cert == TRUE) { 218 if (flags & FLAG_SSL){
238 if (connect_SSL () != OK) 219 result = np_net_ssl_init(sd);
220 if(result != STATE_OK) return result;
221 /* XXX does np_net_ssl take care of printing an error?
239 die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n")); 222 die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n"));
223 */
224 }
240# ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */ 225# ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */
226 /*
227 if (flags & FLAG_SSL && check_cert == TRUE) {
241 if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { 228 if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
242 result = check_certificate (&server_cert); 229 result = check_certificate (&server_cert);
243 X509_free(server_cert); 230 X509_free(server_cert);
@@ -246,30 +233,21 @@ main (int argc, char **argv)
246 printf(_("CRITICAL - Cannot retrieve server certificate.\n")); 233 printf(_("CRITICAL - Cannot retrieve server certificate.\n"));
247 result = STATE_CRITICAL; 234 result = STATE_CRITICAL;
248 } 235 }
236 }
237 */
249# endif /* USE_OPENSSL */ 238# endif /* USE_OPENSSL */
239#endif
250 240
251 SSL_shutdown (ssl); 241 if(result != STATE_OK){
252 SSL_free (ssl); 242#ifdef HAVE_SSL
253 SSL_CTX_free (ctx); 243 np_net_ssl_cleanup();
254 close (sd); 244#endif
245 if(sd) close(sd);
255 return result; 246 return result;
256 } 247 }
257 else if (flags & FLAG_SSL)
258 result = connect_SSL ();
259 else
260#endif
261 result = np_net_connect (server_address, server_port, &sd, PROTOCOL);
262
263 if (result == STATE_CRITICAL)
264 return STATE_CRITICAL;
265 248
266 if (server_send != NULL) { /* Something to send? */ 249 if (server_send != NULL) { /* Something to send? */
267#ifdef HAVE_SSL 250 my_send(server_send, strlen(server_send));
268 if (flags & FLAG_SSL)
269 SSL_write(ssl, server_send, (int)strlen(server_send));
270 else
271#endif
272 send (sd, server_send, strlen(server_send), 0);
273 } 251 }
274 252
275 if (delay > 0) { 253 if (delay > 0) {
@@ -332,21 +310,12 @@ main (int argc, char **argv)
332 } 310 }
333 311
334 if (server_quit != NULL) { 312 if (server_quit != NULL) {
335#ifdef HAVE_SSL 313 my_send(server_quit, strlen(server_quit));
336 if (flags & FLAG_SSL) {
337 SSL_write (ssl, server_quit, (int)strlen(server_quit));
338 SSL_shutdown (ssl);
339 SSL_free (ssl);
340 SSL_CTX_free (ctx);
341 }
342 else
343#endif
344 send (sd, server_quit, strlen (server_quit), 0);
345 } 314 }
346 315#ifdef HAVE_SSL
347 /* close the connection */ 316 np_net_ssl_cleanup();
348 if (sd) 317#endif
349 close (sd); 318 if (sd) close (sd);
350 319
351 microsec = deltime (tv); 320 microsec = deltime (tv);
352 elapsed_time = (double)microsec / 1.0e6; 321 elapsed_time = (double)microsec / 1.0e6;
@@ -600,61 +569,7 @@ process_arguments (int argc, char **argv)
600 569
601/* SSL-specific functions */ 570/* SSL-specific functions */
602#ifdef HAVE_SSL 571#ifdef HAVE_SSL
603static int 572# ifdef USE_OPENSSL /* XXX */
604connect_SSL (void)
605{
606 SSL_METHOD *meth;
607
608 /* Initialize SSL context */
609 SSLeay_add_ssl_algorithms ();
610 meth = SSLv23_client_method ();
611 SSL_load_error_strings ();
612 OpenSSL_add_all_algorithms();
613 if ((ctx = SSL_CTX_new (meth)) == NULL)
614 {
615 printf (_("CRITICAL - Cannot create SSL context.\n"));
616 return STATE_CRITICAL;
617 }
618
619 /* Initialize alarm signal handling */
620 signal (SIGALRM, socket_timeout_alarm_handler);
621
622 /* Set socket timeout */
623 alarm (socket_timeout);
624
625 /* Save start time */
626 time (&start_time);
627
628 /* Make TCP connection */
629 if (my_tcp_connect (server_address, server_port, &sd) == STATE_OK && was_refused == FALSE)
630 {
631 /* Do the SSL handshake */
632 if ((ssl = SSL_new (ctx)) != NULL)
633 {
634 SSL_set_fd (ssl, sd);
635 if (SSL_connect(ssl) == 1)
636 return OK;
637 /* ERR_print_errors_fp (stderr); */
638 printf (_("CRITICAL - Cannot make SSL connection "));
639#ifdef USE_OPENSSL /* XXX */
640 ERR_print_errors_fp (stdout);
641#endif /* USE_OPENSSL */
642 /* printf("\n"); */
643 }
644 else
645 {
646 printf (_("CRITICAL - Cannot initiate SSL handshake.\n"));
647 }
648 SSL_free (ssl);
649 }
650
651 SSL_CTX_free (ctx);
652 close (sd);
653
654 return STATE_CRITICAL;
655}
656
657#ifdef USE_OPENSSL /* XXX */
658static int 573static int
659check_certificate (X509 ** certificate) 574check_certificate (X509 ** certificate)
660{ 575{