diff options
author | M. Sean Finney <seanius@users.sourceforge.net> | 2005-10-19 12:59:55 +0000 |
---|---|---|
committer | M. Sean Finney <seanius@users.sourceforge.net> | 2005-10-19 12:59:55 +0000 |
commit | 65282c7685ca01c57d94d3df93c2f95d5b945e57 (patch) | |
tree | eb1d0c95752126bd526d939332d14bf40cf7d1f7 /plugins/check_tcp.c | |
parent | 8611341fb989382545c0c934c700e027d9bbab15 (diff) | |
download | monitoring-plugins-65282c7685ca01c57d94d3df93c2f95d5b945e57.tar.gz |
- initial attempt at consolidating ssl-related code into netutils.{c,h}
- added some #ifdefs to common.h and netutils.h to prevent multiple
inclusions (as netlibs now includes common.h)
- all ssl plugins (tcp/http/smtp) compile cleanly against gnutls, though
certificate checking still needs to be done.
- modified configure script so you can also explicitly say "without-gnutls"
too (otherwise if you disable openssl you have no way of disabling
gnutls too)
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1255 f882894a-f735-0410-b71e-b25c423dba1c
Diffstat (limited to 'plugins/check_tcp.c')
-rw-r--r-- | plugins/check_tcp.c | 145 |
1 files changed, 30 insertions, 115 deletions
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c index 157588fd..3ffa4cd6 100644 --- a/plugins/check_tcp.c +++ b/plugins/check_tcp.c | |||
@@ -28,42 +28,19 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net"; | |||
28 | #include "netutils.h" | 28 | #include "netutils.h" |
29 | #include "utils.h" | 29 | #include "utils.h" |
30 | 30 | ||
31 | #ifdef HAVE_GNUTLS_OPENSSL_H | ||
32 | # include <gnutls/openssl.h> | ||
33 | #else | ||
34 | # ifdef HAVE_SSL_H | ||
35 | # include <rsa.h> | ||
36 | # include <crypto.h> | ||
37 | # include <x509.h> | ||
38 | # include <pem.h> | ||
39 | # include <ssl.h> | ||
40 | # include <err.h> | ||
41 | # else | ||
42 | # ifdef HAVE_OPENSSL_SSL_H | ||
43 | # include <openssl/rsa.h> | ||
44 | # include <openssl/crypto.h> | ||
45 | # include <openssl/x509.h> | ||
46 | # include <openssl/pem.h> | ||
47 | # include <openssl/ssl.h> | ||
48 | # include <openssl/err.h> | ||
49 | # endif | ||
50 | # endif | ||
51 | #endif | ||
52 | |||
53 | #ifdef HAVE_SSL | 31 | #ifdef HAVE_SSL |
54 | static int check_cert = FALSE; | 32 | static int check_cert = FALSE; |
55 | static int days_till_exp; | 33 | static int days_till_exp; |
56 | static char *randbuff = ""; | 34 | static char *randbuff = ""; |
57 | static SSL_CTX *ctx; | ||
58 | static SSL *ssl; | ||
59 | static X509 *server_cert; | 35 | static X509 *server_cert; |
60 | static int connect_SSL (void); | ||
61 | # ifdef USE_OPENSSL | 36 | # ifdef USE_OPENSSL |
62 | static int check_certificate (X509 **); | 37 | static int check_certificate (X509 **); |
63 | # endif /* USE_OPENSSL */ | 38 | # endif /* USE_OPENSSL */ |
64 | # define my_recv(buf, len) ((flags & FLAG_SSL) ? SSL_read(ssl, buf, len) : read(sd, buf, len)) | 39 | # define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) |
40 | # define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0)) | ||
65 | #else | 41 | #else |
66 | # define my_recv(buf, len) read(sd, buf, len) | 42 | # define my_recv(buf, len) read(sd, buf, len) |
43 | # define my_send(buf, len) send(sd, buf, len, 0) | ||
67 | #endif | 44 | #endif |
68 | 45 | ||
69 | 46 | ||
@@ -233,11 +210,21 @@ main (int argc, char **argv) | |||
233 | 210 | ||
234 | /* try to connect to the host at the given port number */ | 211 | /* try to connect to the host at the given port number */ |
235 | gettimeofday (&tv, NULL); | 212 | gettimeofday (&tv, NULL); |
213 | |||
214 | result = np_net_connect (server_address, server_port, &sd, PROTOCOL); | ||
215 | if (result == STATE_CRITICAL) return STATE_CRITICAL; | ||
216 | |||
236 | #ifdef HAVE_SSL | 217 | #ifdef HAVE_SSL |
237 | if (flags & FLAG_SSL && check_cert == TRUE) { | 218 | if (flags & FLAG_SSL){ |
238 | if (connect_SSL () != OK) | 219 | result = np_net_ssl_init(sd); |
220 | if(result != STATE_OK) return result; | ||
221 | /* XXX does np_net_ssl take care of printing an error? | ||
239 | die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n")); | 222 | die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n")); |
223 | */ | ||
224 | } | ||
240 | # ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */ | 225 | # ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */ |
226 | /* | ||
227 | if (flags & FLAG_SSL && check_cert == TRUE) { | ||
241 | if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { | 228 | if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { |
242 | result = check_certificate (&server_cert); | 229 | result = check_certificate (&server_cert); |
243 | X509_free(server_cert); | 230 | X509_free(server_cert); |
@@ -246,30 +233,21 @@ main (int argc, char **argv) | |||
246 | printf(_("CRITICAL - Cannot retrieve server certificate.\n")); | 233 | printf(_("CRITICAL - Cannot retrieve server certificate.\n")); |
247 | result = STATE_CRITICAL; | 234 | result = STATE_CRITICAL; |
248 | } | 235 | } |
236 | } | ||
237 | */ | ||
249 | # endif /* USE_OPENSSL */ | 238 | # endif /* USE_OPENSSL */ |
239 | #endif | ||
250 | 240 | ||
251 | SSL_shutdown (ssl); | 241 | if(result != STATE_OK){ |
252 | SSL_free (ssl); | 242 | #ifdef HAVE_SSL |
253 | SSL_CTX_free (ctx); | 243 | np_net_ssl_cleanup(); |
254 | close (sd); | 244 | #endif |
245 | if(sd) close(sd); | ||
255 | return result; | 246 | return result; |
256 | } | 247 | } |
257 | else if (flags & FLAG_SSL) | ||
258 | result = connect_SSL (); | ||
259 | else | ||
260 | #endif | ||
261 | result = np_net_connect (server_address, server_port, &sd, PROTOCOL); | ||
262 | |||
263 | if (result == STATE_CRITICAL) | ||
264 | return STATE_CRITICAL; | ||
265 | 248 | ||
266 | if (server_send != NULL) { /* Something to send? */ | 249 | if (server_send != NULL) { /* Something to send? */ |
267 | #ifdef HAVE_SSL | 250 | my_send(server_send, strlen(server_send)); |
268 | if (flags & FLAG_SSL) | ||
269 | SSL_write(ssl, server_send, (int)strlen(server_send)); | ||
270 | else | ||
271 | #endif | ||
272 | send (sd, server_send, strlen(server_send), 0); | ||
273 | } | 251 | } |
274 | 252 | ||
275 | if (delay > 0) { | 253 | if (delay > 0) { |
@@ -332,21 +310,12 @@ main (int argc, char **argv) | |||
332 | } | 310 | } |
333 | 311 | ||
334 | if (server_quit != NULL) { | 312 | if (server_quit != NULL) { |
335 | #ifdef HAVE_SSL | 313 | my_send(server_quit, strlen(server_quit)); |
336 | if (flags & FLAG_SSL) { | ||
337 | SSL_write (ssl, server_quit, (int)strlen(server_quit)); | ||
338 | SSL_shutdown (ssl); | ||
339 | SSL_free (ssl); | ||
340 | SSL_CTX_free (ctx); | ||
341 | } | ||
342 | else | ||
343 | #endif | ||
344 | send (sd, server_quit, strlen (server_quit), 0); | ||
345 | } | 314 | } |
346 | 315 | #ifdef HAVE_SSL | |
347 | /* close the connection */ | 316 | np_net_ssl_cleanup(); |
348 | if (sd) | 317 | #endif |
349 | close (sd); | 318 | if (sd) close (sd); |
350 | 319 | ||
351 | microsec = deltime (tv); | 320 | microsec = deltime (tv); |
352 | elapsed_time = (double)microsec / 1.0e6; | 321 | elapsed_time = (double)microsec / 1.0e6; |
@@ -600,61 +569,7 @@ process_arguments (int argc, char **argv) | |||
600 | 569 | ||
601 | /* SSL-specific functions */ | 570 | /* SSL-specific functions */ |
602 | #ifdef HAVE_SSL | 571 | #ifdef HAVE_SSL |
603 | static int | 572 | # ifdef USE_OPENSSL /* XXX */ |
604 | connect_SSL (void) | ||
605 | { | ||
606 | SSL_METHOD *meth; | ||
607 | |||
608 | /* Initialize SSL context */ | ||
609 | SSLeay_add_ssl_algorithms (); | ||
610 | meth = SSLv23_client_method (); | ||
611 | SSL_load_error_strings (); | ||
612 | OpenSSL_add_all_algorithms(); | ||
613 | if ((ctx = SSL_CTX_new (meth)) == NULL) | ||
614 | { | ||
615 | printf (_("CRITICAL - Cannot create SSL context.\n")); | ||
616 | return STATE_CRITICAL; | ||
617 | } | ||
618 | |||
619 | /* Initialize alarm signal handling */ | ||
620 | signal (SIGALRM, socket_timeout_alarm_handler); | ||
621 | |||
622 | /* Set socket timeout */ | ||
623 | alarm (socket_timeout); | ||
624 | |||
625 | /* Save start time */ | ||
626 | time (&start_time); | ||
627 | |||
628 | /* Make TCP connection */ | ||
629 | if (my_tcp_connect (server_address, server_port, &sd) == STATE_OK && was_refused == FALSE) | ||
630 | { | ||
631 | /* Do the SSL handshake */ | ||
632 | if ((ssl = SSL_new (ctx)) != NULL) | ||
633 | { | ||
634 | SSL_set_fd (ssl, sd); | ||
635 | if (SSL_connect(ssl) == 1) | ||
636 | return OK; | ||
637 | /* ERR_print_errors_fp (stderr); */ | ||
638 | printf (_("CRITICAL - Cannot make SSL connection ")); | ||
639 | #ifdef USE_OPENSSL /* XXX */ | ||
640 | ERR_print_errors_fp (stdout); | ||
641 | #endif /* USE_OPENSSL */ | ||
642 | /* printf("\n"); */ | ||
643 | } | ||
644 | else | ||
645 | { | ||
646 | printf (_("CRITICAL - Cannot initiate SSL handshake.\n")); | ||
647 | } | ||
648 | SSL_free (ssl); | ||
649 | } | ||
650 | |||
651 | SSL_CTX_free (ctx); | ||
652 | close (sd); | ||
653 | |||
654 | return STATE_CRITICAL; | ||
655 | } | ||
656 | |||
657 | #ifdef USE_OPENSSL /* XXX */ | ||
658 | static int | 573 | static int |
659 | check_certificate (X509 ** certificate) | 574 | check_certificate (X509 ** certificate) |
660 | { | 575 | { |