summaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
authorSven Nierlein <sven@nierlein.de>2020-05-19 09:53:30 +0200
committerGitHub <noreply@github.com>2020-05-19 09:53:30 +0200
commit00948e95f43953359d3a9de6a9dc664723ad7374 (patch)
tree04a87c488f5eb1d13c1a59abb2eafda518226b20 /plugins
parentb12358535458b853d287551054331e477b58320a (diff)
parent772fb233b92d4ad5fc87f30a8efee5c9bb295d1d (diff)
downloadmonitoring-plugins-00948e95f43953359d3a9de6a9dc664723ad7374.tar.gz
Merge pull request #1535 from monitoring-plugins/feature_check_curl
Feature check curl
Diffstat (limited to 'plugins')
-rw-r--r--plugins/Makefile.am9
-rw-r--r--plugins/check_curl.c2335
-rw-r--r--plugins/picohttpparser/Makefile.am3
-rw-r--r--plugins/picohttpparser/picohttpparser.c645
-rw-r--r--plugins/picohttpparser/picohttpparser.h87
-rw-r--r--plugins/sslutils.c33
-rw-r--r--plugins/t/check_curl.t199
-rw-r--r--plugins/t/check_http.t76
-rwxr-xr-xplugins/tests/check_curl.t498
-rwxr-xr-xplugins/tests/check_http.t9
10 files changed, 3840 insertions, 54 deletions
diff --git a/plugins/Makefile.am b/plugins/Makefile.am
index 0ddf9bd1..3fde54d6 100644
--- a/plugins/Makefile.am
+++ b/plugins/Makefile.am
@@ -38,7 +38,9 @@ check_tcp_programs = check_ftp check_imap check_nntp check_pop \
38EXTRA_PROGRAMS = check_mysql check_radius check_pgsql check_snmp check_hpjd \ 38EXTRA_PROGRAMS = check_mysql check_radius check_pgsql check_snmp check_hpjd \
39 check_swap check_fping check_ldap check_game check_dig \ 39 check_swap check_fping check_ldap check_game check_dig \
40 check_nagios check_by_ssh check_dns check_nt check_ide_smart \ 40 check_nagios check_by_ssh check_dns check_nt check_ide_smart \
41 check_procs check_mysql_query check_apt check_dbi 41 check_procs check_mysql_query check_apt check_dbi check_curl
42
43SUBDIRS = picohttpparser
42 44
43EXTRA_DIST = t tests 45EXTRA_DIST = t tests
44 46
@@ -69,6 +71,9 @@ test-debug:
69 71
70check_apt_LDADD = $(BASEOBJS) 72check_apt_LDADD = $(BASEOBJS)
71check_cluster_LDADD = $(BASEOBJS) 73check_cluster_LDADD = $(BASEOBJS)
74check_curl_CFLAGS = $(AM_CFLAGS) $(LIBCURLCFLAGS) $(URIPARSERCFLAGS) $(LIBCURLINCLUDE) $(URIPARSERINCLUDE) -Ipicohttpparser
75check_curl_CPPFLAGS = $(AM_CPPFLAGS) $(LIBCURLCFLAGS) $(URIPARSERCFLAGS) $(LIBCURLINCLUDE) $(URIPARSERINCLUDE) -Ipicohttpparser
76check_curl_LDADD = $(NETLIBS) $(LIBCURLLIBS) $(SSLOBJS) $(URIPARSERLIBS) picohttpparser/libpicohttpparser.a
72check_dbi_LDADD = $(NETLIBS) $(DBILIBS) 77check_dbi_LDADD = $(NETLIBS) $(DBILIBS)
73check_dig_LDADD = $(NETLIBS) 78check_dig_LDADD = $(NETLIBS)
74check_disk_LDADD = $(BASEOBJS) 79check_disk_LDADD = $(BASEOBJS)
@@ -89,7 +94,7 @@ check_mysql_query_CFLAGS = $(AM_CFLAGS) $(MYSQLCFLAGS)
89check_mysql_query_CPPFLAGS = $(AM_CPPFLAGS) $(MYSQLINCLUDE) 94check_mysql_query_CPPFLAGS = $(AM_CPPFLAGS) $(MYSQLINCLUDE)
90check_mysql_query_LDADD = $(NETLIBS) $(MYSQLLIBS) 95check_mysql_query_LDADD = $(NETLIBS) $(MYSQLLIBS)
91check_nagios_LDADD = $(BASEOBJS) 96check_nagios_LDADD = $(BASEOBJS)
92check_nt_LDADD = $(NETLIBS) 97check_nt_LDADD = $(NETLIBS)
93check_ntp_LDADD = $(NETLIBS) $(MATHLIBS) 98check_ntp_LDADD = $(NETLIBS) $(MATHLIBS)
94check_ntp_peer_LDADD = $(NETLIBS) $(MATHLIBS) 99check_ntp_peer_LDADD = $(NETLIBS) $(MATHLIBS)
95check_nwstat_LDADD = $(NETLIBS) 100check_nwstat_LDADD = $(NETLIBS)
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
new file mode 100644
index 00000000..2d69b310
--- /dev/null
+++ b/plugins/check_curl.c
@@ -0,0 +1,2335 @@
1/*****************************************************************************
2*
3* Monitoring check_curl plugin
4*
5* License: GPL
6* Copyright (c) 1999-2019 Monitoring Plugins Development Team
7*
8* Description:
9*
10* This file contains the check_curl plugin
11*
12* This plugin tests the HTTP service on the specified host. It can test
13* normal (http) and secure (https) servers, follow redirects, search for
14* strings and regular expressions, check connection times, and report on
15* certificate expiration times.
16*
17* This plugin uses functions from the curl library, see
18* http://curl.haxx.se
19*
20* This program is free software: you can redistribute it and/or modify
21* it under the terms of the GNU General Public License as published by
22* the Free Software Foundation, either version 3 of the License, or
23* (at your option) any later version.
24*
25* This program is distributed in the hope that it will be useful,
26* but WITHOUT ANY WARRANTY; without even the implied warranty of
27* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28* GNU General Public License for more details.
29*
30* You should have received a copy of the GNU General Public License
31* along with this program. If not, see <http://www.gnu.org/licenses/>.
32*
33*
34*****************************************************************************/
35const char *progname = "check_curl";
36
37const char *copyright = "2006-2019";
38const char *email = "devel@monitoring-plugins.org";
39
40#include <ctype.h>
41
42#include "common.h"
43#include "utils.h"
44
45#ifndef LIBCURL_PROTOCOL_HTTP
46#error libcurl compiled without HTTP support, compiling check_curl plugin does not makes a lot of sense
47#endif
48
49#include "curl/curl.h"
50#include "curl/easy.h"
51
52#include "picohttpparser.h"
53
54#include "uriparser/Uri.h"
55
56#include <arpa/inet.h>
57
58#define MAKE_LIBCURL_VERSION(major, minor, patch) ((major)*0x10000 + (minor)*0x100 + (patch))
59
60#define DEFAULT_BUFFER_SIZE 2048
61#define DEFAULT_SERVER_URL "/"
62#define HTTP_EXPECT "HTTP/"
63#define DEFAULT_MAX_REDIRS 15
64#define INET_ADDR_MAX_SIZE INET6_ADDRSTRLEN
65enum {
66 MAX_IPV4_HOSTLENGTH = 255,
67 HTTP_PORT = 80,
68 HTTPS_PORT = 443,
69 MAX_PORT = 65535
70};
71
72enum {
73 STICKY_NONE = 0,
74 STICKY_HOST = 1,
75 STICKY_PORT = 2
76};
77
78enum {
79 FOLLOW_HTTP_CURL = 0,
80 FOLLOW_LIBCURL = 1
81};
82
83/* for buffers for header and body */
84typedef struct {
85 char *buf;
86 size_t buflen;
87 size_t bufsize;
88} curlhelp_write_curlbuf;
89
90/* for buffering the data sent in PUT */
91typedef struct {
92 char *buf;
93 size_t buflen;
94 off_t pos;
95} curlhelp_read_curlbuf;
96
97/* for parsing the HTTP status line */
98typedef struct {
99 int http_major; /* major version of the protocol, always 1 (HTTP/0.9
100 * never reached the big internet most likely) */
101 int http_minor; /* minor version of the protocol, usually 0 or 1 */
102 int http_code; /* HTTP return code as in RFC 2145 */
103 int http_subcode; /* Microsoft IIS extension, HTTP subcodes, see
104 * http://support.microsoft.com/kb/318380/en-us */
105 const char *msg; /* the human readable message */
106 char *first_line; /* a copy of the first line */
107} curlhelp_statusline;
108
109/* to know the underlying SSL library used by libcurl */
110typedef enum curlhelp_ssl_library {
111 CURLHELP_SSL_LIBRARY_UNKNOWN,
112 CURLHELP_SSL_LIBRARY_OPENSSL,
113 CURLHELP_SSL_LIBRARY_LIBRESSL,
114 CURLHELP_SSL_LIBRARY_GNUTLS,
115 CURLHELP_SSL_LIBRARY_NSS
116} curlhelp_ssl_library;
117
118enum {
119 REGS = 2,
120 MAX_RE_SIZE = 256
121};
122#include "regex.h"
123regex_t preg;
124regmatch_t pmatch[REGS];
125char regexp[MAX_RE_SIZE];
126int cflags = REG_NOSUB | REG_EXTENDED | REG_NEWLINE;
127int errcode;
128int invert_regex = 0;
129
130char *server_address = NULL;
131char *host_name = NULL;
132char *server_url = 0;
133char server_ip[DEFAULT_BUFFER_SIZE];
134struct curl_slist *server_ips = NULL;
135int specify_port = FALSE;
136unsigned short server_port = HTTP_PORT;
137unsigned short virtual_port = 0;
138int host_name_length;
139char output_header_search[30] = "";
140char output_string_search[30] = "";
141char *warning_thresholds = NULL;
142char *critical_thresholds = NULL;
143int days_till_exp_warn, days_till_exp_crit;
144thresholds *thlds;
145char user_agent[DEFAULT_BUFFER_SIZE];
146int verbose = 0;
147int show_extended_perfdata = FALSE;
148int min_page_len = 0;
149int max_page_len = 0;
150int redir_depth = 0;
151int max_depth = DEFAULT_MAX_REDIRS;
152char *http_method = NULL;
153char *http_post_data = NULL;
154char *http_content_type = NULL;
155CURL *curl;
156struct curl_slist *header_list = NULL;
157curlhelp_write_curlbuf body_buf;
158curlhelp_write_curlbuf header_buf;
159curlhelp_statusline status_line;
160curlhelp_read_curlbuf put_buf;
161char http_header[DEFAULT_BUFFER_SIZE];
162long code;
163long socket_timeout = DEFAULT_SOCKET_TIMEOUT;
164double total_time;
165double time_connect;
166double time_appconnect;
167double time_headers;
168double time_firstbyte;
169char errbuf[CURL_ERROR_SIZE+1];
170CURLcode res;
171char url[DEFAULT_BUFFER_SIZE];
172char msg[DEFAULT_BUFFER_SIZE];
173char perfstring[DEFAULT_BUFFER_SIZE];
174char header_expect[MAX_INPUT_BUFFER] = "";
175char string_expect[MAX_INPUT_BUFFER] = "";
176char server_expect[MAX_INPUT_BUFFER] = HTTP_EXPECT;
177int server_expect_yn = 0;
178char user_auth[MAX_INPUT_BUFFER] = "";
179char proxy_auth[MAX_INPUT_BUFFER] = "";
180char **http_opt_headers;
181int http_opt_headers_count = 0;
182int display_html = FALSE;
183int onredirect = STATE_OK;
184int followmethod = FOLLOW_HTTP_CURL;
185int followsticky = STICKY_NONE;
186int use_ssl = FALSE;
187int use_sni = TRUE;
188int check_cert = FALSE;
189typedef union {
190 struct curl_slist* to_info;
191 struct curl_certinfo* to_certinfo;
192} cert_ptr_union;
193cert_ptr_union cert_ptr;
194int ssl_version = CURL_SSLVERSION_DEFAULT;
195char *client_cert = NULL;
196char *client_privkey = NULL;
197char *ca_cert = NULL;
198int is_openssl_callback = FALSE;
199#if defined(HAVE_SSL) && defined(USE_OPENSSL)
200X509 *cert = NULL;
201#endif /* defined(HAVE_SSL) && defined(USE_OPENSSL) */
202int no_body = FALSE;
203int maximum_age = -1;
204int address_family = AF_UNSPEC;
205curlhelp_ssl_library ssl_library = CURLHELP_SSL_LIBRARY_UNKNOWN;
206int curl_http_version = CURL_HTTP_VERSION_NONE;
207
208int process_arguments (int, char**);
209void handle_curl_option_return_code (CURLcode res, const char* option);
210int check_http (void);
211void redir (curlhelp_write_curlbuf*);
212char *perfd_time (double microsec);
213char *perfd_time_connect (double microsec);
214char *perfd_time_ssl (double microsec);
215char *perfd_time_firstbyte (double microsec);
216char *perfd_time_headers (double microsec);
217char *perfd_time_transfer (double microsec);
218char *perfd_size (int page_len);
219void print_help (void);
220void print_usage (void);
221void print_curl_version (void);
222int curlhelp_initwritebuffer (curlhelp_write_curlbuf*);
223int curlhelp_buffer_write_callback (void*, size_t , size_t , void*);
224void curlhelp_freewritebuffer (curlhelp_write_curlbuf*);
225int curlhelp_initreadbuffer (curlhelp_read_curlbuf *, const char *, size_t);
226int curlhelp_buffer_read_callback (void *, size_t , size_t , void *);
227void curlhelp_freereadbuffer (curlhelp_read_curlbuf *);
228curlhelp_ssl_library curlhelp_get_ssl_library (CURL*);
229const char* curlhelp_get_ssl_library_string (curlhelp_ssl_library);
230int net_noopenssl_check_certificate (cert_ptr_union*, int, int);
231
232int curlhelp_parse_statusline (const char*, curlhelp_statusline *);
233void curlhelp_free_statusline (curlhelp_statusline *);
234char *get_header_value (const struct phr_header* headers, const size_t nof_headers, const char* header);
235int check_document_dates (const curlhelp_write_curlbuf *, char (*msg)[DEFAULT_BUFFER_SIZE]);
236int get_content_length (const curlhelp_write_curlbuf* header_buf, const curlhelp_write_curlbuf* body_buf);
237
238#if defined(HAVE_SSL) && defined(USE_OPENSSL)
239int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int days_till_exp_crit);
240#endif /* defined(HAVE_SSL) && defined(USE_OPENSSL) */
241
242void remove_newlines (char *);
243void test_file (char *);
244
245int
246main (int argc, char **argv)
247{
248 int result = STATE_UNKNOWN;
249
250 setlocale (LC_ALL, "");
251 bindtextdomain (PACKAGE, LOCALEDIR);
252 textdomain (PACKAGE);
253
254 /* Parse extra opts if any */
255 argv = np_extra_opts (&argc, argv, progname);
256
257 /* set defaults */
258 snprintf( user_agent, DEFAULT_BUFFER_SIZE, "%s/v%s (monitoring-plugins %s, %s)",
259 progname, NP_VERSION, VERSION, curl_version());
260
261 /* parse arguments */
262 if (process_arguments (argc, argv) == ERROR)
263 usage4 (_("Could not parse arguments"));
264
265 if (display_html == TRUE)
266 printf ("<A HREF=\"%s://%s:%d%s\" target=\"_blank\">",
267 use_ssl ? "https" : "http",
268 host_name ? host_name : server_address,
269 virtual_port ? virtual_port : server_port,
270 server_url);
271
272 result = check_http ();
273 return result;
274}
275
276#ifdef HAVE_SSL
277#ifdef USE_OPENSSL
278
279int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
280{
281 /* TODO: we get all certificates of the chain, so which ones
282 * should we test?
283 * TODO: is the last certificate always the server certificate?
284 */
285 cert = X509_STORE_CTX_get_current_cert(x509_ctx);
286 return 1;
287}
288
289CURLcode sslctxfun(CURL *curl, SSL_CTX *sslctx, void *parm)
290{
291 SSL_CTX_set_verify(sslctx, SSL_VERIFY_PEER, verify_callback);
292
293 return CURLE_OK;
294}
295
296#endif /* USE_OPENSSL */
297#endif /* HAVE_SSL */
298
299/* Checks if the server 'reply' is one of the expected 'statuscodes' */
300static int
301expected_statuscode (const char *reply, const char *statuscodes)
302{
303 char *expected, *code;
304 int result = 0;
305
306 if ((expected = strdup (statuscodes)) == NULL)
307 die (STATE_UNKNOWN, _("HTTP UNKNOWN - Memory allocation error\n"));
308
309 for (code = strtok (expected, ","); code != NULL; code = strtok (NULL, ","))
310 if (strstr (reply, code) != NULL) {
311 result = 1;
312 break;
313 }
314
315 free (expected);
316 return result;
317}
318
319void
320handle_curl_option_return_code (CURLcode res, const char* option)
321{
322 if (res != CURLE_OK) {
323 snprintf (msg, DEFAULT_BUFFER_SIZE, _("Error while setting cURL option '%s': cURL returned %d - %s"),
324 option, res, curl_easy_strerror(res));
325 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
326 }
327}
328
329int
330check_http (void)
331{
332 int result = STATE_OK;
333 int page_len = 0;
334 int i;
335 char *force_host_header = NULL;
336
337 /* initialize curl */
338 if (curl_global_init (CURL_GLOBAL_DEFAULT) != CURLE_OK)
339 die (STATE_UNKNOWN, "HTTP UNKNOWN - curl_global_init failed\n");
340
341 if ((curl = curl_easy_init()) == NULL)
342 die (STATE_UNKNOWN, "HTTP UNKNOWN - curl_easy_init failed\n");
343
344 if (verbose >= 1)
345 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_VERBOSE, TRUE), "CURLOPT_VERBOSE");
346
347 /* print everything on stdout like check_http would do */
348 handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_STDERR, stdout), "CURLOPT_STDERR");
349
350 /* initialize buffer for body of the answer */
351 if (curlhelp_initwritebuffer(&body_buf) < 0)
352 die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating buffer for body\n");
353 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEFUNCTION, (curl_write_callback)curlhelp_buffer_write_callback), "CURLOPT_WRITEFUNCTION");
354 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEDATA, (void *)&body_buf), "CURLOPT_WRITEDATA");
355
356 /* initialize buffer for header of the answer */
357 if (curlhelp_initwritebuffer( &header_buf ) < 0)
358 die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating buffer for header\n" );
359 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_HEADERFUNCTION, (curl_write_callback)curlhelp_buffer_write_callback), "CURLOPT_HEADERFUNCTION");
360 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEHEADER, (void *)&header_buf), "CURLOPT_WRITEHEADER");
361
362 /* set the error buffer */
363 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_ERRORBUFFER, errbuf), "CURLOPT_ERRORBUFFER");
364
365 /* set timeouts */
366 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CONNECTTIMEOUT, socket_timeout), "CURLOPT_CONNECTTIMEOUT");
367 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_TIMEOUT, socket_timeout), "CURLOPT_TIMEOUT");
368
369 // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy
370 if(use_ssl && host_name != NULL) {
371 struct curl_slist *host = NULL;
372 char dnscache[DEFAULT_BUFFER_SIZE];
373 snprintf (dnscache, DEFAULT_BUFFER_SIZE, "%s:%d:%s", host_name, server_port, server_address);
374 host = curl_slist_append(NULL, dnscache);
375 curl_easy_setopt(curl, CURLOPT_RESOLVE, host);
376 if (verbose>=1)
377 printf ("* curl CURLOPT_RESOLVE: %s\n", dnscache);
378 }
379
380 /* compose URL: use the address we want to connect to, set Host: header later */
381 snprintf (url, DEFAULT_BUFFER_SIZE, "%s://%s:%d%s",
382 use_ssl ? "https" : "http",
383 use_ssl & host_name != NULL ? host_name : server_address,
384 server_port,
385 server_url
386 );
387
388 if (verbose>=1)
389 printf ("* curl CURLOPT_URL: %s\n", url);
390 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_URL, url), "CURLOPT_URL");
391
392 /* extract proxy information for legacy proxy https requests */
393 if (!strcmp(http_method, "CONNECT") || strstr(server_url, "http") == server_url) {
394 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_PROXY, server_address), "CURLOPT_PROXY");
395 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_PROXYPORT, (long)server_port), "CURLOPT_PROXYPORT");
396 if (verbose>=2)
397 printf ("* curl CURLOPT_PROXY: %s:%d\n", server_address, server_port);
398 http_method = "GET";
399 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_URL, server_url), "CURLOPT_URL");
400 }
401
402 /* disable body for HEAD request */
403 if (http_method && !strcmp (http_method, "HEAD" )) {
404 no_body = TRUE;
405 }
406
407 /* set HTTP protocol version */
408 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_HTTP_VERSION, curl_http_version), "CURLOPT_HTTP_VERSION");
409
410 /* set HTTP method */
411 if (http_method) {
412 if (!strcmp(http_method, "POST"))
413 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_POST, 1), "CURLOPT_POST");
414 else if (!strcmp(http_method, "PUT"))
415 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_UPLOAD, 1), "CURLOPT_UPLOAD");
416 else
417 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CUSTOMREQUEST, http_method), "CURLOPT_CUSTOMREQUEST");
418 }
419
420 /* check if Host header is explicitly set in options */
421 if (http_opt_headers_count) {
422 for (i = 0; i < http_opt_headers_count ; i++) {
423 if (strncmp(http_opt_headers[i], "Host:", 5) == 0) {
424 force_host_header = http_opt_headers[i];
425 }
426 }
427 }
428
429 /* set hostname (virtual hosts), not needed if CURLOPT_CONNECT_TO is used, but left in anyway */
430 if(host_name != NULL && force_host_header == NULL) {
431 if((virtual_port != HTTP_PORT && !use_ssl) || (virtual_port != HTTPS_PORT && use_ssl)) {
432 snprintf(http_header, DEFAULT_BUFFER_SIZE, "Host: %s:%d", host_name, virtual_port);
433 } else {
434 snprintf(http_header, DEFAULT_BUFFER_SIZE, "Host: %s", host_name);
435 }
436 header_list = curl_slist_append (header_list, http_header);
437 }
438
439 /* always close connection, be nice to servers */
440 snprintf (http_header, DEFAULT_BUFFER_SIZE, "Connection: close");
441 header_list = curl_slist_append (header_list, http_header);
442
443 /* attach additional headers supplied by the user */
444 /* optionally send any other header tag */
445 if (http_opt_headers_count) {
446 for (i = 0; i < http_opt_headers_count ; i++) {
447 header_list = curl_slist_append (header_list, http_opt_headers[i]);
448 }
449 /* This cannot be free'd here because a redirection will then try to access this and segfault */
450 /* Covered in a testcase in tests/check_http.t */
451 /* free(http_opt_headers); */
452 }
453
454 /* set HTTP headers */
455 handle_curl_option_return_code (curl_easy_setopt( curl, CURLOPT_HTTPHEADER, header_list ), "CURLOPT_HTTPHEADER");
456
457#ifdef LIBCURL_FEATURE_SSL
458
459 /* set SSL version, warn about unsecure or unsupported versions */
460 if (use_ssl) {
461 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLVERSION, ssl_version), "CURLOPT_SSLVERSION");
462 }
463
464 /* client certificate and key to present to server (SSL) */
465 if (client_cert)
466 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLCERT, client_cert), "CURLOPT_SSLCERT");
467 if (client_privkey)
468 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLKEY, client_privkey), "CURLOPT_SSLKEY");
469 if (ca_cert) {
470 /* per default if we have a CA verify both the peer and the
471 * hostname in the certificate, can be switched off later */
472 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CAINFO, ca_cert), "CURLOPT_CAINFO");
473 handle_curl_option_return_code (curl_easy_setopt( curl, CURLOPT_SSL_VERIFYPEER, 1), "CURLOPT_SSL_VERIFYPEER");
474 handle_curl_option_return_code (curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 2), "CURLOPT_SSL_VERIFYHOST");
475 } else {
476 /* backward-compatible behaviour, be tolerant in checks
477 * TODO: depending on more options have aspects we want
478 * to be less tolerant about ssl verfications
479 */
480 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSL_VERIFYPEER, 0), "CURLOPT_SSL_VERIFYPEER");
481 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSL_VERIFYHOST, 0), "CURLOPT_SSL_VERIFYHOST");
482 }
483
484 /* detect SSL library used by libcurl */
485 ssl_library = curlhelp_get_ssl_library (curl);
486
487 /* try hard to get a stack of certificates to verify against */
488 if (check_cert) {
489#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 1)
490 /* inform curl to report back certificates */
491 switch (ssl_library) {
492 case CURLHELP_SSL_LIBRARY_OPENSSL:
493 case CURLHELP_SSL_LIBRARY_LIBRESSL:
494 /* set callback to extract certificate with OpenSSL context function (works with
495 * OpenSSL-style libraries only!) */
496#ifdef USE_OPENSSL
497 /* libcurl and monitoring plugins built with OpenSSL, good */
498 handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun), "CURLOPT_SSL_CTX_FUNCTION");
499 is_openssl_callback = TRUE;
500#else /* USE_OPENSSL */
501#endif /* USE_OPENSSL */
502 /* libcurl is built with OpenSSL, monitoring plugins, so falling
503 * back to manually extracting certificate information */
504 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CERTINFO, 1L), "CURLOPT_CERTINFO");
505 break;
506
507 case CURLHELP_SSL_LIBRARY_NSS:
508#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
509 /* NSS: support for CERTINFO is implemented since 7.34.0 */
510 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CERTINFO, 1L), "CURLOPT_CERTINFO");
511#else /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
512 die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates (libcurl linked with SSL library '%s' is too old)\n", curlhelp_get_ssl_library_string (ssl_library));
513#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
514 break;
515
516 case CURLHELP_SSL_LIBRARY_GNUTLS:
517#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 42, 0)
518 /* GnuTLS: support for CERTINFO is implemented since 7.42.0 */
519 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CERTINFO, 1L), "CURLOPT_CERTINFO");
520#else /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 42, 0) */
521 die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates (libcurl linked with SSL library '%s' is too old)\n", curlhelp_get_ssl_library_string (ssl_library));
522#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 42, 0) */
523 break;
524
525 case CURLHELP_SSL_LIBRARY_UNKNOWN:
526 default:
527 die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates (unknown SSL library '%s', must implement first)\n", curlhelp_get_ssl_library_string (ssl_library));
528 break;
529 }
530#else /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 1) */
531 /* old libcurl, our only hope is OpenSSL, otherwise we are out of luck */
532 if (ssl_library == CURLHELP_SSL_LIBRARY_OPENSSL || ssl_library == CURLHELP_SSL_LIBRARY_LIBRESSL)
533 handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun), "CURLOPT_SSL_CTX_FUNCTION");
534 else
535 die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates (no CURLOPT_SSL_CTX_FUNCTION, no OpenSSL library or libcurl too old and has no CURLOPT_CERTINFO)\n");
536#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 1) */
537 }
538
539#endif /* LIBCURL_FEATURE_SSL */
540
541 /* set default or user-given user agent identification */
542 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_USERAGENT, user_agent), "CURLOPT_USERAGENT");
543
544 /* proxy-authentication */
545 if (strcmp(proxy_auth, ""))
546 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_PROXYUSERPWD, proxy_auth), "CURLOPT_PROXYUSERPWD");
547
548 /* authentication */
549 if (strcmp(user_auth, ""))
550 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_USERPWD, user_auth), "CURLOPT_USERPWD");
551
552 /* TODO: parameter auth method, bitfield of following methods:
553 * CURLAUTH_BASIC (default)
554 * CURLAUTH_DIGEST
555 * CURLAUTH_DIGEST_IE
556 * CURLAUTH_NEGOTIATE
557 * CURLAUTH_NTLM
558 * CURLAUTH_NTLM_WB
559 *
560 * convenience tokens for typical sets of methods:
561 * CURLAUTH_ANYSAFE: most secure, without BASIC
562 * or CURLAUTH_ANY: most secure, even BASIC if necessary
563 *
564 * handle_curl_option_return_code (curl_easy_setopt( curl, CURLOPT_HTTPAUTH, (long)CURLAUTH_DIGEST ), "CURLOPT_HTTPAUTH");
565 */
566
567 /* handle redirections */
568 if (onredirect == STATE_DEPENDENT) {
569 if( followmethod == FOLLOW_LIBCURL ) {
570 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_FOLLOWLOCATION, 1), "CURLOPT_FOLLOWLOCATION");
571
572 /* default -1 is infinite, not good, could lead to zombie plugins!
573 Setting it to one bigger than maximal limit to handle errors nicely below
574 */
575 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_MAXREDIRS, max_depth+1), "CURLOPT_MAXREDIRS");
576
577 /* for now allow only http and https (we are a http(s) check plugin in the end) */
578#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4)
579 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS), "CURLOPT_REDIRECT_PROTOCOLS");
580#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4) */
581
582 /* TODO: handle the following aspects of redirection, make them
583 * command line options too later:
584 CURLOPT_POSTREDIR: method switch
585 CURLINFO_REDIRECT_URL: custom redirect option
586 CURLOPT_REDIRECT_PROTOCOLS: allow people to step outside safe protocols
587 CURLINFO_REDIRECT_COUNT: get the number of redirects, print it, maybe a range option here is nice like for expected page size?
588 */
589 } else {
590 /* old style redirection is handled below */
591 }
592 }
593
594 /* no-body */
595 if (no_body)
596 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_NOBODY, 1), "CURLOPT_NOBODY");
597
598 /* IPv4 or IPv6 forced DNS resolution */
599 if (address_family == AF_UNSPEC)
600 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_WHATEVER), "CURLOPT_IPRESOLVE(CURL_IPRESOLVE_WHATEVER)");
601 else if (address_family == AF_INET)
602 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4), "CURLOPT_IPRESOLVE(CURL_IPRESOLVE_V4)");
603#if defined (USE_IPV6) && defined (LIBCURL_FEATURE_IPV6)
604 else if (address_family == AF_INET6)
605 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V6), "CURLOPT_IPRESOLVE(CURL_IPRESOLVE_V6)");
606#endif
607
608 /* either send http POST data (any data, not only POST)*/
609 if (!strcmp(http_method, "POST") ||!strcmp(http_method, "PUT")) {
610 /* set content of payload for POST and PUT */
611 if (http_content_type) {
612 snprintf (http_header, DEFAULT_BUFFER_SIZE, "Content-Type: %s", http_content_type);
613 header_list = curl_slist_append (header_list, http_header);
614 }
615 /* NULL indicates "HTTP Continue" in libcurl, provide an empty string
616 * in case of no POST/PUT data */
617 if (!http_post_data)
618 http_post_data = "";
619 if (!strcmp(http_method, "POST")) {
620 /* POST method, set payload with CURLOPT_POSTFIELDS */
621 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_POSTFIELDS, http_post_data), "CURLOPT_POSTFIELDS");
622 } else if (!strcmp(http_method, "PUT")) {
623 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_READFUNCTION, (curl_read_callback)curlhelp_buffer_read_callback), "CURLOPT_READFUNCTION");
624 curlhelp_initreadbuffer (&put_buf, http_post_data, strlen (http_post_data));
625 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_READDATA, (void *)&put_buf), "CURLOPT_READDATA");
626 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_INFILESIZE, (curl_off_t)strlen (http_post_data)), "CURLOPT_INFILESIZE");
627 }
628 }
629
630 /* do the request */
631 res = curl_easy_perform(curl);
632
633 if (verbose>=2 && http_post_data)
634 printf ("**** REQUEST CONTENT ****\n%s\n", http_post_data);
635
636 /* free header and server IP resolve lists, we don't need it anymore */
637 curl_slist_free_all (header_list); header_list = NULL;
638 curl_slist_free_all (server_ips); server_ips = NULL;
639
640 /* Curl errors, result in critical Nagios state */
641 if (res != CURLE_OK) {
642 snprintf (msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host on port %d: cURL returned %d - %s"),
643 server_port, res, curl_easy_strerror(res));
644 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
645 }
646
647 /* certificate checks */
648#ifdef LIBCURL_FEATURE_SSL
649 if (use_ssl == TRUE) {
650 if (check_cert == TRUE) {
651 if (is_openssl_callback) {
652#ifdef USE_OPENSSL
653 /* check certificate with OpenSSL functions, curl has been built against OpenSSL
654 * and we actually have OpenSSL in the monitoring tools
655 */
656 result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
657 return result;
658#else /* USE_OPENSSL */
659 die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n");
660#endif /* USE_OPENSSL */
661 } else {
662 int i;
663 struct curl_slist *slist;
664
665 cert_ptr.to_info = NULL;
666 res = curl_easy_getinfo (curl, CURLINFO_CERTINFO, &cert_ptr.to_info);
667 if (!res && cert_ptr.to_info) {
668#ifdef USE_OPENSSL
669 /* We have no OpenSSL in libcurl, but we can use OpenSSL for X509 cert parsing
670 * We only check the first certificate and assume it's the one of the server
671 */
672 const char* raw_cert = NULL;
673 for (i = 0; i < cert_ptr.to_certinfo->num_of_certs; i++) {
674 for (slist = cert_ptr.to_certinfo->certinfo[i]; slist; slist = slist->next) {
675 if (verbose >= 2)
676 printf ("%d ** %s\n", i, slist->data);
677 if (strncmp (slist->data, "Cert:", 5) == 0) {
678 raw_cert = &slist->data[5];
679 goto GOT_FIRST_CERT;
680 }
681 }
682 }
683GOT_FIRST_CERT:
684 if (!raw_cert) {
685 snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates from CERTINFO information - certificate data was empty"));
686 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
687 }
688 BIO* cert_BIO = BIO_new (BIO_s_mem());
689 BIO_write (cert_BIO, raw_cert, strlen(raw_cert));
690 cert = PEM_read_bio_X509 (cert_BIO, NULL, NULL, NULL);
691 if (!cert) {
692 snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot read certificate from CERTINFO information - BIO error"));
693 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
694 }
695 BIO_free (cert_BIO);
696 result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
697 return result;
698#else /* USE_OPENSSL */
699 /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal,
700 * so we use the libcurl CURLINFO data
701 */
702 result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit);
703 return result;
704#endif /* USE_OPENSSL */
705 } else {
706 snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates - cURL returned %d - %s"),
707 res, curl_easy_strerror(res));
708 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
709 }
710 }
711 }
712 }
713#endif /* LIBCURL_FEATURE_SSL */
714
715 /* we got the data and we executed the request in a given time, so we can append
716 * performance data to the answer always
717 */
718 handle_curl_option_return_code (curl_easy_getinfo (curl, CURLINFO_TOTAL_TIME, &total_time), "CURLINFO_TOTAL_TIME");
719 page_len = get_content_length(&header_buf, &body_buf);
720 if(show_extended_perfdata) {
721 handle_curl_option_return_code (curl_easy_getinfo(curl, CURLINFO_CONNECT_TIME, &time_connect), "CURLINFO_CONNECT_TIME");
722 handle_curl_option_return_code (curl_easy_getinfo(curl, CURLINFO_APPCONNECT_TIME, &time_appconnect), "CURLINFO_APPCONNECT_TIME");
723 handle_curl_option_return_code (curl_easy_getinfo(curl, CURLINFO_PRETRANSFER_TIME, &time_headers), "CURLINFO_PRETRANSFER_TIME");
724 handle_curl_option_return_code (curl_easy_getinfo(curl, CURLINFO_STARTTRANSFER_TIME, &time_firstbyte), "CURLINFO_STARTTRANSFER_TIME");
725 snprintf(perfstring, DEFAULT_BUFFER_SIZE, "%s %s %s %s %s %s %s",
726 perfd_time(total_time),
727 perfd_size(page_len),
728 perfd_time_connect(time_connect),
729 use_ssl == TRUE ? perfd_time_ssl (time_appconnect-time_connect) : "",
730 perfd_time_headers(time_headers - time_appconnect),
731 perfd_time_firstbyte(time_firstbyte - time_headers),
732 perfd_time_transfer(total_time-time_firstbyte)
733 );
734 } else {
735 snprintf(perfstring, DEFAULT_BUFFER_SIZE, "%s %s",
736 perfd_time(total_time),
737 perfd_size(page_len)
738 );
739 }
740
741 /* return a CRITICAL status if we couldn't read any data */
742 if (strlen(header_buf.buf) == 0 && strlen(body_buf.buf) == 0)
743 die (STATE_CRITICAL, _("HTTP CRITICAL - No header received from host\n"));
744
745 /* get status line of answer, check sanity of HTTP code */
746 if (curlhelp_parse_statusline (header_buf.buf, &status_line) < 0) {
747 snprintf (msg, DEFAULT_BUFFER_SIZE, "Unparsable status line in %.3g seconds response time|%s\n",
748 total_time, perfstring);
749 die (STATE_CRITICAL, "HTTP CRITICAL HTTP/1.x %ld unknown - %s", code, msg);
750 }
751
752 /* get result code from cURL */
753 handle_curl_option_return_code (curl_easy_getinfo (curl, CURLINFO_RESPONSE_CODE, &code), "CURLINFO_RESPONSE_CODE");
754 if (verbose>=2)
755 printf ("* curl CURLINFO_RESPONSE_CODE is %ld\n", code);
756
757 /* print status line, header, body if verbose */
758 if (verbose >= 2) {
759 printf ("**** HEADER ****\n%s\n**** CONTENT ****\n%s\n", header_buf.buf,
760 (no_body ? " [[ skipped ]]" : body_buf.buf));
761 }
762
763 /* make sure the status line matches the response we are looking for */
764 if (!expected_statuscode(status_line.first_line, server_expect)) {
765 if (server_port == HTTP_PORT)
766 snprintf(msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host: %s\n"), status_line.first_line);
767 else
768 snprintf(msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host on port %d: %s\n"), server_port, status_line.first_line);
769 die (STATE_CRITICAL, "HTTP CRITICAL - %s", msg);
770 }
771
772 if( server_expect_yn ) {
773 snprintf(msg, DEFAULT_BUFFER_SIZE, _("Status line output matched \"%s\" - "), server_expect);
774 if (verbose)
775 printf ("%s\n",msg);
776 result = STATE_OK;
777 }
778 else {
779 /* illegal return codes result in a critical state */
780 if (code >= 600 || code < 100) {
781 die (STATE_CRITICAL, _("HTTP CRITICAL: Invalid Status (%d, %.40s)\n"), status_line.http_code, status_line.msg);
782 /* server errors result in a critical state */
783 } else if (code >= 500) {
784 result = STATE_CRITICAL;
785 /* client errors result in a warning state */
786 } else if (code >= 400) {
787 result = STATE_WARNING;
788 /* check redirected page if specified */
789 } else if (code >= 300) {
790 if (onredirect == STATE_DEPENDENT) {
791 if( followmethod == FOLLOW_LIBCURL ) {
792 code = status_line.http_code;
793 } else {
794 /* old check_http style redirection, if we come
795 * back here, we are in the same status as with
796 * the libcurl method
797 */
798 redir (&header_buf);
799 }
800 } else {
801 /* this is a specific code in the command line to
802 * be returned when a redirection is encoutered
803 */
804 }
805 result = max_state_alt (onredirect, result);
806 /* all other codes are considered ok */
807 } else {
808 result = STATE_OK;
809 }
810 }
811
812 /* libcurl redirection internally, handle error states here */
813 if( followmethod == FOLLOW_LIBCURL ) {
814 handle_curl_option_return_code (curl_easy_getinfo (curl, CURLINFO_REDIRECT_COUNT, &redir_depth), "CURLINFO_REDIRECT_COUNT");
815 if (verbose >= 2)
816 printf(_("* curl LIBINFO_REDIRECT_COUNT is %d\n"), redir_depth);
817 if (redir_depth > max_depth) {
818 snprintf (msg, DEFAULT_BUFFER_SIZE, "maximum redirection depth %d exceeded in libcurl",
819 max_depth);
820 die (STATE_WARNING, "HTTP WARNING - %s", msg);
821 }
822 }
823
824 /* check status codes, set exit status accordingly */
825 if( status_line.http_code != code ) {
826 die (STATE_CRITICAL, _("HTTP CRITICAL HTTP/%d.%d %d %s - different HTTP codes (cUrl has %ld)\n"),
827 status_line.http_major, status_line.http_minor,
828 status_line.http_code, status_line.msg, code);
829 }
830
831 if (maximum_age >= 0) {
832 result = max_state_alt(check_document_dates(&header_buf, &msg), result);
833 }
834
835 /* Page and Header content checks go here */
836
837 if (strlen (header_expect)) {
838 if (!strstr (header_buf.buf, header_expect)) {
839 strncpy(&output_header_search[0],header_expect,sizeof(output_header_search));
840 if(output_header_search[sizeof(output_header_search)-1]!='\0') {
841 bcopy("...",&output_header_search[sizeof(output_header_search)-4],4);
842 }
843 snprintf (msg, DEFAULT_BUFFER_SIZE, _("%sheader '%s' not found on '%s://%s:%d%s', "), msg, output_header_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
844 result = STATE_CRITICAL;
845 }
846 }
847
848 if (strlen (string_expect)) {
849 if (!strstr (body_buf.buf, string_expect)) {
850 strncpy(&output_string_search[0],string_expect,sizeof(output_string_search));
851 if(output_string_search[sizeof(output_string_search)-1]!='\0') {
852 bcopy("...",&output_string_search[sizeof(output_string_search)-4],4);
853 }
854 snprintf (msg, DEFAULT_BUFFER_SIZE, _("%sstring '%s' not found on '%s://%s:%d%s', "), msg, output_string_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
855 result = STATE_CRITICAL;
856 }
857 }
858
859 if (strlen (regexp)) {
860 errcode = regexec (&preg, body_buf.buf, REGS, pmatch, 0);
861 if ((errcode == 0 && invert_regex == 0) || (errcode == REG_NOMATCH && invert_regex == 1)) {
862 /* OK - No-op to avoid changing the logic around it */
863 result = max_state_alt(STATE_OK, result);
864 }
865 else if ((errcode == REG_NOMATCH && invert_regex == 0) || (errcode == 0 && invert_regex == 1)) {
866 if (invert_regex == 0)
867 snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spattern not found, "), msg);
868 else
869 snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spattern found, "), msg);
870 result = STATE_CRITICAL;
871 }
872 else {
873 regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
874 snprintf (msg, DEFAULT_BUFFER_SIZE, _("%sExecute Error: %s, "), msg, errbuf);
875 result = STATE_UNKNOWN;
876 }
877 }
878
879 /* make sure the page is of an appropriate size */
880 if ((max_page_len > 0) && (page_len > max_page_len)) {
881 snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spage size %d too large, "), msg, page_len);
882 result = max_state_alt(STATE_WARNING, result);
883 } else if ((min_page_len > 0) && (page_len < min_page_len)) {
884 snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spage size %d too small, "), msg, page_len);
885 result = max_state_alt(STATE_WARNING, result);
886 }
887
888 /* -w, -c: check warning and critical level */
889 result = max_state_alt(get_status(total_time, thlds), result);
890
891 /* Cut-off trailing characters */
892 if(msg[strlen(msg)-2] == ',')
893 msg[strlen(msg)-2] = '\0';
894 else
895 msg[strlen(msg)-3] = '\0';
896
897 /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */
898 die (result, "HTTP %s: HTTP/%d.%d %d %s%s%s - %d bytes in %.3f second response time %s|%s\n",
899 state_text(result), status_line.http_major, status_line.http_minor,
900 status_line.http_code, status_line.msg,
901 strlen(msg) > 0 ? " - " : "",
902 msg, page_len, total_time,
903 (display_html ? "</A>" : ""),
904 perfstring);
905
906 /* proper cleanup after die? */
907 curlhelp_free_statusline(&status_line);
908 curl_easy_cleanup (curl);
909 curl_global_cleanup ();
910 curlhelp_freewritebuffer (&body_buf);
911 curlhelp_freewritebuffer (&header_buf);
912 if (!strcmp (http_method, "PUT")) {
913 curlhelp_freereadbuffer (&put_buf);
914 }
915
916 return result;
917}
918
919int
920uri_strcmp (const UriTextRangeA range, const char* s)
921{
922 if (!range.first) return -1;
923 if (range.afterLast - range.first < strlen (s)) return -1;
924 return strncmp (s, range.first, min( range.afterLast - range.first, strlen (s)));
925}
926
927char*
928uri_string (const UriTextRangeA range, char* buf, size_t buflen)
929{
930 if (!range.first) return "(null)";
931 strncpy (buf, range.first, max (buflen, range.afterLast - range.first));
932 buf[max (buflen, range.afterLast - range.first)] = '\0';
933 buf[range.afterLast - range.first] = '\0';
934 return buf;
935}
936
937void
938redir (curlhelp_write_curlbuf* header_buf)
939{
940 char *location = NULL;
941 curlhelp_statusline status_line;
942 struct phr_header headers[255];
943 size_t nof_headers = 255;
944 size_t msglen;
945 char buf[DEFAULT_BUFFER_SIZE];
946 char ipstr[INET_ADDR_MAX_SIZE];
947 int new_port;
948 char *new_host;
949 char *new_url;
950
951 int res = phr_parse_response (header_buf->buf, header_buf->buflen,
952 &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
953 headers, &nof_headers, 0);
954
955 location = get_header_value (headers, nof_headers, "location");
956
957 if (verbose >= 2)
958 printf(_("* Seen redirect location %s\n"), location);
959
960 if (++redir_depth > max_depth)
961 die (STATE_WARNING,
962 _("HTTP WARNING - maximum redirection depth %d exceeded - %s%s\n"),
963 max_depth, location, (display_html ? "</A>" : ""));
964
965 UriParserStateA state;
966 UriUriA uri;
967 state.uri = &uri;
968 if (uriParseUriA (&state, location) != URI_SUCCESS) {
969 if (state.errorCode == URI_ERROR_SYNTAX) {
970 die (STATE_UNKNOWN,
971 _("HTTP UNKNOWN - Could not parse redirect location '%s'%s\n"),
972 location, (display_html ? "</A>" : ""));
973 } else if (state.errorCode == URI_ERROR_MALLOC) {
974 die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate URL\n"));
975 }
976 }
977
978 if (verbose >= 2) {
979 printf (_("** scheme: %s\n"),
980 uri_string (uri.scheme, buf, DEFAULT_BUFFER_SIZE));
981 printf (_("** host: %s\n"),
982 uri_string (uri.hostText, buf, DEFAULT_BUFFER_SIZE));
983 printf (_("** port: %s\n"),
984 uri_string (uri.portText, buf, DEFAULT_BUFFER_SIZE));
985 if (uri.hostData.ip4) {
986 inet_ntop (AF_INET, uri.hostData.ip4->data, ipstr, sizeof (ipstr));
987 printf (_("** IPv4: %s\n"), ipstr);
988 }
989 if (uri.hostData.ip6) {
990 inet_ntop (AF_INET, uri.hostData.ip6->data, ipstr, sizeof (ipstr));
991 printf (_("** IPv6: %s\n"), ipstr);
992 }
993 if (uri.pathHead) {
994 printf (_("** path: "));
995 const UriPathSegmentA* p = uri.pathHead;
996 for (; p; p = p->next) {
997 printf ("/%s", uri_string (p->text, buf, DEFAULT_BUFFER_SIZE));
998 }
999 puts ("");
1000 }
1001 if (uri.query.first) {
1002 printf (_("** query: %s\n"),
1003 uri_string (uri.query, buf, DEFAULT_BUFFER_SIZE));
1004 }
1005 if (uri.fragment.first) {
1006 printf (_("** fragment: %s\n"),
1007 uri_string (uri.fragment, buf, DEFAULT_BUFFER_SIZE));
1008 }
1009 }
1010
1011 use_ssl = !uri_strcmp (uri.scheme, "https");
1012
1013 /* we do a sloppy test here only, because uriparser would have failed
1014 * above, if the port would be invalid, we just check for MAX_PORT
1015 */
1016 if (uri.portText.first) {
1017 new_port = atoi (uri_string (uri.portText, buf, DEFAULT_BUFFER_SIZE));
1018 } else {
1019 new_port = HTTP_PORT;
1020 if (use_ssl)
1021 new_port = HTTPS_PORT;
1022 }
1023 if (new_port > MAX_PORT)
1024 die (STATE_UNKNOWN,
1025 _("HTTP UNKNOWN - Redirection to port above %d - %s%s\n"),
1026 MAX_PORT, location, display_html ? "</A>" : "");
1027
1028 /* by RFC 7231 relative URLs in Location should be taken relative to
1029 * the original URL, so wy try to form a new absolute URL here
1030 */
1031 if (!uri.scheme.first && !uri.hostText.first) {
1032 new_host = strdup (host_name ? host_name : server_address);
1033 } else {
1034 new_host = strdup (uri_string (uri.hostText, buf, DEFAULT_BUFFER_SIZE));
1035 }
1036
1037 /* compose new path */
1038 /* TODO: handle fragments and query part of URL */
1039 new_url = (char *)calloc( 1, DEFAULT_BUFFER_SIZE);
1040 if (uri.pathHead) {
1041 const UriPathSegmentA* p = uri.pathHead;
1042 for (; p; p = p->next) {
1043 strncat (new_url, "/", DEFAULT_BUFFER_SIZE);
1044 strncat (new_url, uri_string (p->text, buf, DEFAULT_BUFFER_SIZE), DEFAULT_BUFFER_SIZE);
1045 }
1046 }
1047
1048 if (server_port==new_port &&
1049 !strncmp(server_address, new_host, MAX_IPV4_HOSTLENGTH) &&
1050 (host_name && !strncmp(host_name, new_host, MAX_IPV4_HOSTLENGTH)) &&
1051 !strcmp(server_url, new_url))
1052 die (STATE_WARNING,
1053 _("HTTP WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"),
1054 use_ssl ? "https" : "http", new_host, new_port, new_url, (display_html ? "</A>" : ""));
1055
1056 /* set new values for redirected request */
1057
1058 if (!(followsticky & STICKY_HOST)) {
1059 free (server_address);
1060 server_address = strndup (new_host, MAX_IPV4_HOSTLENGTH);
1061 }
1062 if (!(followsticky & STICKY_PORT)) {
1063 server_port = (unsigned short)new_port;
1064 }
1065
1066 free (host_name);
1067 host_name = strndup (new_host, MAX_IPV4_HOSTLENGTH);
1068
1069 /* reset virtual port */
1070 virtual_port = server_port;
1071
1072 free(new_host);
1073 free (server_url);
1074 server_url = new_url;
1075
1076 uriFreeUriMembersA (&uri);
1077
1078 if (verbose)
1079 printf (_("Redirection to %s://%s:%d%s\n"), use_ssl ? "https" : "http",
1080 host_name ? host_name : server_address, server_port, server_url);
1081
1082 /* TODO: the hash component MUST be taken from the original URL and
1083 * attached to the URL in Location
1084 */
1085
1086 check_http ();
1087}
1088
1089/* check whether a file exists */
1090void
1091test_file (char *path)
1092{
1093 if (access(path, R_OK) == 0)
1094 return;
1095 usage2 (_("file does not exist or is not readable"), path);
1096}
1097
1098int
1099process_arguments (int argc, char **argv)
1100{
1101 char *p;
1102 int c = 1;
1103 char *temp;
1104
1105 enum {
1106 INVERT_REGEX = CHAR_MAX + 1,
1107 SNI_OPTION,
1108 CA_CERT_OPTION,
1109 HTTP_VERSION_OPTION
1110 };
1111
1112 int option = 0;
1113 int got_plus = 0;
1114 static struct option longopts[] = {
1115 STD_LONG_OPTS,
1116 {"link", no_argument, 0, 'L'},
1117 {"nohtml", no_argument, 0, 'n'},
1118 {"ssl", optional_argument, 0, 'S'},
1119 {"sni", no_argument, 0, SNI_OPTION},
1120 {"post", required_argument, 0, 'P'},
1121 {"method", required_argument, 0, 'j'},
1122 {"IP-address", required_argument, 0, 'I'},
1123 {"url", required_argument, 0, 'u'},
1124 {"port", required_argument, 0, 'p'},
1125 {"authorization", required_argument, 0, 'a'},
1126 {"proxy-authorization", required_argument, 0, 'b'},
1127 {"header-string", required_argument, 0, 'd'},
1128 {"string", required_argument, 0, 's'},
1129 {"expect", required_argument, 0, 'e'},
1130 {"regex", required_argument, 0, 'r'},
1131 {"ereg", required_argument, 0, 'r'},
1132 {"eregi", required_argument, 0, 'R'},
1133 {"linespan", no_argument, 0, 'l'},
1134 {"onredirect", required_argument, 0, 'f'},
1135 {"certificate", required_argument, 0, 'C'},
1136 {"client-cert", required_argument, 0, 'J'},
1137 {"private-key", required_argument, 0, 'K'},
1138 {"ca-cert", required_argument, 0, CA_CERT_OPTION},
1139 {"useragent", required_argument, 0, 'A'},
1140 {"header", required_argument, 0, 'k'},
1141 {"no-body", no_argument, 0, 'N'},
1142 {"max-age", required_argument, 0, 'M'},
1143 {"content-type", required_argument, 0, 'T'},
1144 {"pagesize", required_argument, 0, 'm'},
1145 {"invert-regex", no_argument, NULL, INVERT_REGEX},
1146 {"use-ipv4", no_argument, 0, '4'},
1147 {"use-ipv6", no_argument, 0, '6'},
1148 {"extended-perfdata", no_argument, 0, 'E'},
1149 {"http-version", required_argument, 0, HTTP_VERSION_OPTION},
1150 {0, 0, 0, 0}
1151 };
1152
1153 if (argc < 2)
1154 return ERROR;
1155
1156 /* support check_http compatible arguments */
1157 for (c = 1; c < argc; c++) {
1158 if (strcmp ("-to", argv[c]) == 0)
1159 strcpy (argv[c], "-t");
1160 if (strcmp ("-hn", argv[c]) == 0)
1161 strcpy (argv[c], "-H");
1162 if (strcmp ("-wt", argv[c]) == 0)
1163 strcpy (argv[c], "-w");
1164 if (strcmp ("-ct", argv[c]) == 0)
1165 strcpy (argv[c], "-c");
1166 if (strcmp ("-nohtml", argv[c]) == 0)
1167 strcpy (argv[c], "-n");
1168 }
1169
1170 server_url = strdup(DEFAULT_SERVER_URL);
1171
1172 while (1) {
1173 c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:nlLS::m:M:NE", longopts, &option);
1174 if (c == -1 || c == EOF || c == 1)
1175 break;
1176
1177 switch (c) {
1178 case 'h':
1179 print_help();
1180 exit(STATE_UNKNOWN);
1181 break;
1182 case 'V':
1183 print_revision(progname, NP_VERSION);
1184 print_curl_version();
1185 exit(STATE_UNKNOWN);
1186 break;
1187 case 'v':
1188 verbose++;
1189 break;
1190 case 't': /* timeout period */
1191 if (!is_intnonneg (optarg))
1192 usage2 (_("Timeout interval must be a positive integer"), optarg);
1193 else
1194 socket_timeout = (int)strtol (optarg, NULL, 10);
1195 break;
1196 case 'c': /* critical time threshold */
1197 critical_thresholds = optarg;
1198 break;
1199 case 'w': /* warning time threshold */
1200 warning_thresholds = optarg;
1201 break;
1202 case 'H': /* virtual host */
1203 host_name = strdup (optarg);
1204 if (host_name[0] == '[') {
1205 if ((p = strstr (host_name, "]:")) != NULL) { /* [IPv6]:port */
1206 virtual_port = atoi (p + 2);
1207 /* cut off the port */
1208 host_name_length = strlen (host_name) - strlen (p) - 1;
1209 free (host_name);
1210 host_name = strndup (optarg, host_name_length);
1211 }
1212 } else if ((p = strchr (host_name, ':')) != NULL
1213 && strchr (++p, ':') == NULL) { /* IPv4:port or host:port */
1214 virtual_port = atoi (p);
1215 /* cut off the port */
1216 host_name_length = strlen (host_name) - strlen (p) - 1;
1217 free (host_name);
1218 host_name = strndup (optarg, host_name_length);
1219 }
1220 break;
1221 case 'I': /* internet address */
1222 server_address = strdup (optarg);
1223 break;
1224 case 'u': /* URL path */
1225 server_url = strdup (optarg);
1226 break;
1227 case 'p': /* Server port */
1228 if (!is_intnonneg (optarg))
1229 usage2 (_("Invalid port number, expecting a non-negative number"), optarg);
1230 else {
1231 if( strtol(optarg, NULL, 10) > MAX_PORT)
1232 usage2 (_("Invalid port number, supplied port number is too big"), optarg);
1233 server_port = (unsigned short)strtol(optarg, NULL, 10);
1234 specify_port = TRUE;
1235 }
1236 break;
1237 case 'a': /* authorization info */
1238 strncpy (user_auth, optarg, MAX_INPUT_BUFFER - 1);
1239 user_auth[MAX_INPUT_BUFFER - 1] = 0;
1240 break;
1241 case 'b': /* proxy-authorization info */
1242 strncpy (proxy_auth, optarg, MAX_INPUT_BUFFER - 1);
1243 proxy_auth[MAX_INPUT_BUFFER - 1] = 0;
1244 break;
1245 case 'P': /* HTTP POST data in URL encoded format; ignored if settings already */
1246 if (! http_post_data)
1247 http_post_data = strdup (optarg);
1248 if (! http_method)
1249 http_method = strdup("POST");
1250 break;
1251 case 'j': /* Set HTTP method */
1252 if (http_method)
1253 free(http_method);
1254 http_method = strdup (optarg);
1255 break;
1256 case 'A': /* useragent */
1257 strncpy (user_agent, optarg, DEFAULT_BUFFER_SIZE);
1258 user_agent[DEFAULT_BUFFER_SIZE-1] = '\0';
1259 break;
1260 case 'k': /* Additional headers */
1261 if (http_opt_headers_count == 0)
1262 http_opt_headers = malloc (sizeof (char *) * (++http_opt_headers_count));
1263 else
1264 http_opt_headers = realloc (http_opt_headers, sizeof (char *) * (++http_opt_headers_count));
1265 http_opt_headers[http_opt_headers_count - 1] = optarg;
1266 break;
1267 case 'L': /* show html link */
1268 display_html = TRUE;
1269 break;
1270 case 'n': /* do not show html link */
1271 display_html = FALSE;
1272 break;
1273 case 'C': /* Check SSL cert validity */
1274#ifdef LIBCURL_FEATURE_SSL
1275 if ((temp=strchr(optarg,','))!=NULL) {
1276 *temp='\0';
1277 if (!is_intnonneg (optarg))
1278 usage2 (_("Invalid certificate expiration period"), optarg);
1279 days_till_exp_warn = atoi(optarg);
1280 *temp=',';
1281 temp++;
1282 if (!is_intnonneg (temp))
1283 usage2 (_("Invalid certificate expiration period"), temp);
1284 days_till_exp_crit = atoi (temp);
1285 }
1286 else {
1287 days_till_exp_crit=0;
1288 if (!is_intnonneg (optarg))
1289 usage2 (_("Invalid certificate expiration period"), optarg);
1290 days_till_exp_warn = atoi (optarg);
1291 }
1292 check_cert = TRUE;
1293 goto enable_ssl;
1294#endif
1295 case 'J': /* use client certificate */
1296#ifdef LIBCURL_FEATURE_SSL
1297 test_file(optarg);
1298 client_cert = optarg;
1299 goto enable_ssl;
1300#endif
1301 case 'K': /* use client private key */
1302#ifdef LIBCURL_FEATURE_SSL
1303 test_file(optarg);
1304 client_privkey = optarg;
1305 goto enable_ssl;
1306#endif
1307#ifdef LIBCURL_FEATURE_SSL
1308 case CA_CERT_OPTION: /* use CA chain file */
1309 test_file(optarg);
1310 ca_cert = optarg;
1311 goto enable_ssl;
1312#endif
1313 case 'S': /* use SSL */
1314#ifdef LIBCURL_FEATURE_SSL
1315 enable_ssl:
1316 use_ssl = TRUE;
1317 /* ssl_version initialized to CURL_SSLVERSION_DEFAULT as a default.
1318 * Only set if it's non-zero. This helps when we include multiple
1319 * parameters, like -S and -C combinations */
1320 ssl_version = CURL_SSLVERSION_DEFAULT;
1321 if (c=='S' && optarg != NULL) {
1322 char *plus_ptr = strchr(optarg, '+');
1323 if (plus_ptr) {
1324 got_plus = 1;
1325 *plus_ptr = '\0';
1326 }
1327
1328 if (optarg[0] == '2')
1329 ssl_version = CURL_SSLVERSION_SSLv2;
1330 else if (optarg[0] == '3')
1331 ssl_version = CURL_SSLVERSION_SSLv3;
1332 else if (!strcmp (optarg, "1") || !strcmp (optarg, "1.0"))
1333#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
1334 ssl_version = CURL_SSLVERSION_TLSv1_0;
1335#else
1336 ssl_version = CURL_SSLVERSION_DEFAULT;
1337#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
1338 else if (!strcmp (optarg, "1.1"))
1339#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
1340 ssl_version = CURL_SSLVERSION_TLSv1_1;
1341#else
1342 ssl_version = CURL_SSLVERSION_DEFAULT;
1343#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
1344 else if (!strcmp (optarg, "1.2"))
1345#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
1346 ssl_version = CURL_SSLVERSION_TLSv1_2;
1347#else
1348 ssl_version = CURL_SSLVERSION_DEFAULT;
1349#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
1350 else if (!strcmp (optarg, "1.3"))
1351#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0)
1352 ssl_version = CURL_SSLVERSION_TLSv1_3;
1353#else
1354 ssl_version = CURL_SSLVERSION_DEFAULT;
1355#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0) */
1356 else
1357 usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)"));
1358 }
1359#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0)
1360 if (got_plus) {
1361 switch (ssl_version) {
1362 case CURL_SSLVERSION_TLSv1_3:
1363 ssl_version |= CURL_SSLVERSION_MAX_TLSv1_3;
1364 break;
1365 case CURL_SSLVERSION_TLSv1_2:
1366 case CURL_SSLVERSION_TLSv1_1:
1367 case CURL_SSLVERSION_TLSv1_0:
1368 ssl_version |= CURL_SSLVERSION_MAX_DEFAULT;
1369 break;
1370 }
1371 } else {
1372 switch (ssl_version) {
1373 case CURL_SSLVERSION_TLSv1_3:
1374 ssl_version |= CURL_SSLVERSION_MAX_TLSv1_3;
1375 break;
1376 case CURL_SSLVERSION_TLSv1_2:
1377 ssl_version |= CURL_SSLVERSION_MAX_TLSv1_2;
1378 break;
1379 case CURL_SSLVERSION_TLSv1_1:
1380 ssl_version |= CURL_SSLVERSION_MAX_TLSv1_1;
1381 break;
1382 case CURL_SSLVERSION_TLSv1_0:
1383 ssl_version |= CURL_SSLVERSION_MAX_TLSv1_0;
1384 break;
1385 }
1386 }
1387#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) */
1388 if (verbose >= 2)
1389 printf(_("* Set SSL/TLS version to %d\n"), ssl_version);
1390 if (specify_port == FALSE)
1391 server_port = HTTPS_PORT;
1392 break;
1393#else /* LIBCURL_FEATURE_SSL */
1394 /* -C -J and -K fall through to here without SSL */
1395 usage4 (_("Invalid option - SSL is not available"));
1396 break;
1397 case SNI_OPTION: /* --sni is parsed, but ignored, the default is TRUE with libcurl */
1398 use_sni = TRUE;
1399 break;
1400#endif /* LIBCURL_FEATURE_SSL */
1401 case 'f': /* onredirect */
1402 if (!strcmp (optarg, "ok"))
1403 onredirect = STATE_OK;
1404 else if (!strcmp (optarg, "warning"))
1405 onredirect = STATE_WARNING;
1406 else if (!strcmp (optarg, "critical"))
1407 onredirect = STATE_CRITICAL;
1408 else if (!strcmp (optarg, "unknown"))
1409 onredirect = STATE_UNKNOWN;
1410 else if (!strcmp (optarg, "follow"))
1411 onredirect = STATE_DEPENDENT;
1412 else if (!strcmp (optarg, "stickyport"))
1413 onredirect = STATE_DEPENDENT, followmethod = FOLLOW_HTTP_CURL, followsticky = STICKY_HOST|STICKY_PORT;
1414 else if (!strcmp (optarg, "sticky"))
1415 onredirect = STATE_DEPENDENT, followmethod = FOLLOW_HTTP_CURL, followsticky = STICKY_HOST;
1416 else if (!strcmp (optarg, "follow"))
1417 onredirect = STATE_DEPENDENT, followmethod = FOLLOW_HTTP_CURL, followsticky = STICKY_NONE;
1418 else if (!strcmp (optarg, "curl"))
1419 onredirect = STATE_DEPENDENT, followmethod = FOLLOW_LIBCURL;
1420 else usage2 (_("Invalid onredirect option"), optarg);
1421 if (verbose >= 2)
1422 printf(_("* Following redirects set to %s\n"), state_text(onredirect));
1423 break;
1424 case 'd': /* string or substring */
1425 strncpy (header_expect, optarg, MAX_INPUT_BUFFER - 1);
1426 header_expect[MAX_INPUT_BUFFER - 1] = 0;
1427 break;
1428 case 's': /* string or substring */
1429 strncpy (string_expect, optarg, MAX_INPUT_BUFFER - 1);
1430 string_expect[MAX_INPUT_BUFFER - 1] = 0;
1431 break;
1432 case 'e': /* string or substring */
1433 strncpy (server_expect, optarg, MAX_INPUT_BUFFER - 1);
1434 server_expect[MAX_INPUT_BUFFER - 1] = 0;
1435 server_expect_yn = 1;
1436 break;
1437 case 'T': /* Content-type */
1438 http_content_type = strdup (optarg);
1439 break;
1440 case 'l': /* linespan */
1441 cflags &= ~REG_NEWLINE;
1442 break;
1443 case 'R': /* regex */
1444 cflags |= REG_ICASE;
1445 case 'r': /* regex */
1446 strncpy (regexp, optarg, MAX_RE_SIZE - 1);
1447 regexp[MAX_RE_SIZE - 1] = 0;
1448 errcode = regcomp (&preg, regexp, cflags);
1449 if (errcode != 0) {
1450 (void) regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
1451 printf (_("Could Not Compile Regular Expression: %s"), errbuf);
1452 return ERROR;
1453 }
1454 break;
1455 case INVERT_REGEX:
1456 invert_regex = 1;
1457 break;
1458 case '4':
1459 address_family = AF_INET;
1460 break;
1461 case '6':
1462#if defined (USE_IPV6) && defined (LIBCURL_FEATURE_IPV6)
1463 address_family = AF_INET6;
1464#else
1465 usage4 (_("IPv6 support not available"));
1466#endif
1467 break;
1468 case 'm': /* min_page_length */
1469 {
1470 char *tmp;
1471 if (strchr(optarg, ':') != (char *)NULL) {
1472 /* range, so get two values, min:max */
1473 tmp = strtok(optarg, ":");
1474 if (tmp == NULL) {
1475 printf("Bad format: try \"-m min:max\"\n");
1476 exit (STATE_WARNING);
1477 } else
1478 min_page_len = atoi(tmp);
1479
1480 tmp = strtok(NULL, ":");
1481 if (tmp == NULL) {
1482 printf("Bad format: try \"-m min:max\"\n");
1483 exit (STATE_WARNING);
1484 } else
1485 max_page_len = atoi(tmp);
1486 } else
1487 min_page_len = atoi (optarg);
1488 break;
1489 }
1490 case 'N': /* no-body */
1491 no_body = TRUE;
1492 break;
1493 case 'M': /* max-age */
1494 {
1495 int L = strlen(optarg);
1496 if (L && optarg[L-1] == 'm')
1497 maximum_age = atoi (optarg) * 60;
1498 else if (L && optarg[L-1] == 'h')
1499 maximum_age = atoi (optarg) * 60 * 60;
1500 else if (L && optarg[L-1] == 'd')
1501 maximum_age = atoi (optarg) * 60 * 60 * 24;
1502 else if (L && (optarg[L-1] == 's' ||
1503 isdigit (optarg[L-1])))
1504 maximum_age = atoi (optarg);
1505 else {
1506 fprintf (stderr, "unparsable max-age: %s\n", optarg);
1507 exit (STATE_WARNING);
1508 }
1509 if (verbose >= 2)
1510 printf ("* Maximal age of document set to %d seconds\n", maximum_age);
1511 }
1512 break;
1513 case 'E': /* show extended perfdata */
1514 show_extended_perfdata = TRUE;
1515 break;
1516 case HTTP_VERSION_OPTION:
1517 curl_http_version = CURL_HTTP_VERSION_NONE;
1518 if (strcmp (optarg, "1.0") == 0) {
1519 curl_http_version = CURL_HTTP_VERSION_1_0;
1520 } else if (strcmp (optarg, "1.1") == 0) {
1521 curl_http_version = CURL_HTTP_VERSION_1_1;
1522 } else if ((strcmp (optarg, "2.0") == 0) || (strcmp (optarg, "2") == 0)) {
1523#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 33, 0)
1524 curl_http_version = CURL_HTTP_VERSION_2_0;
1525#else
1526 curl_http_version = CURL_HTTP_VERSION_NONE;
1527#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 33, 0) */
1528 } else {
1529 fprintf (stderr, "unkown http-version parameter: %s\n", optarg);
1530 exit (STATE_WARNING);
1531 }
1532 break;
1533 case '?':
1534 /* print short usage statement if args not parsable */
1535 usage5 ();
1536 break;
1537 }
1538 }
1539
1540 c = optind;
1541
1542 if (server_address == NULL && c < argc)
1543 server_address = strdup (argv[c++]);
1544
1545 if (host_name == NULL && c < argc)
1546 host_name = strdup (argv[c++]);
1547
1548 if (server_address == NULL) {
1549 if (host_name == NULL)
1550 usage4 (_("You must specify a server address or host name"));
1551 else
1552 server_address = strdup (host_name);
1553 }
1554
1555 set_thresholds(&thlds, warning_thresholds, critical_thresholds);
1556
1557 if (critical_thresholds && thlds->critical->end>(double)socket_timeout)
1558 socket_timeout = (int)thlds->critical->end + 1;
1559 if (verbose >= 2)
1560 printf ("* Socket timeout set to %ld seconds\n", socket_timeout);
1561
1562 if (http_method == NULL)
1563 http_method = strdup ("GET");
1564
1565 if (client_cert && !client_privkey)
1566 usage4 (_("If you use a client certificate you must also specify a private key file"));
1567
1568 if (virtual_port == 0)
1569 virtual_port = server_port;
1570 else {
1571 if ((use_ssl && server_port == HTTPS_PORT) || (!use_ssl && server_port == HTTP_PORT))
1572 if(specify_port == FALSE)
1573 server_port = virtual_port;
1574 }
1575
1576 return TRUE;
1577}
1578
1579char *perfd_time (double elapsed_time)
1580{
1581 return fperfdata ("time", elapsed_time, "s",
1582 thlds->warning?TRUE:FALSE, thlds->warning?thlds->warning->end:0,
1583 thlds->critical?TRUE:FALSE, thlds->critical?thlds->critical->end:0,
1584 TRUE, 0, TRUE, socket_timeout);
1585}
1586
1587char *perfd_time_connect (double elapsed_time_connect)
1588{
1589 return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
1590}
1591
1592char *perfd_time_ssl (double elapsed_time_ssl)
1593{
1594 return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
1595}
1596
1597char *perfd_time_headers (double elapsed_time_headers)
1598{
1599 return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
1600}
1601
1602char *perfd_time_firstbyte (double elapsed_time_firstbyte)
1603{
1604 return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
1605}
1606
1607char *perfd_time_transfer (double elapsed_time_transfer)
1608{
1609 return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
1610}
1611
1612char *perfd_size (int page_len)
1613{
1614 return perfdata ("size", page_len, "B",
1615 (min_page_len>0?TRUE:FALSE), min_page_len,
1616 (min_page_len>0?TRUE:FALSE), 0,
1617 TRUE, 0, FALSE, 0);
1618}
1619
1620void
1621print_help (void)
1622{
1623 print_revision (progname, NP_VERSION);
1624
1625 printf ("Copyright (c) 1999 Ethan Galstad <nagios@nagios.org>\n");
1626 printf (COPYRIGHT, copyright, email);
1627
1628 printf ("%s\n", _("This plugin tests the HTTP service on the specified host. It can test"));
1629 printf ("%s\n", _("normal (http) and secure (https) servers, follow redirects, search for"));
1630 printf ("%s\n", _("strings and regular expressions, check connection times, and report on"));
1631 printf ("%s\n", _("certificate expiration times."));
1632 printf ("\n");
1633 printf ("%s\n", _("It makes use of libcurl to do so. It tries to be as compatible to check_http"));
1634 printf ("%s\n", _("as possible."));
1635
1636 printf ("\n\n");
1637
1638 print_usage ();
1639
1640 printf (_("NOTE: One or both of -H and -I must be specified"));
1641
1642 printf ("\n");
1643
1644 printf (UT_HELP_VRSN);
1645 printf (UT_EXTRA_OPTS);
1646
1647 printf (" %s\n", "-H, --hostname=ADDRESS");
1648 printf (" %s\n", _("Host name argument for servers using host headers (virtual host)"));
1649 printf (" %s\n", _("Append a port to include it in the header (eg: example.com:5000)"));
1650 printf (" %s\n", "-I, --IP-address=ADDRESS");
1651 printf (" %s\n", _("IP address or name (use numeric address if possible to bypass DNS lookup)."));
1652 printf (" %s\n", "-p, --port=INTEGER");
1653 printf (" %s", _("Port number (default: "));
1654 printf ("%d)\n", HTTP_PORT);
1655
1656 printf (UT_IPv46);
1657
1658#ifdef LIBCURL_FEATURE_SSL
1659 printf (" %s\n", "-S, --ssl=VERSION[+]");
1660 printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents"));
1661 printf (" %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,"));
1662 printf (" %s\n", _("1.2 = TLSv1.2). With a '+' suffix, newer versions are also accepted."));
1663 printf (" %s\n", _("Note: SSLv2 and SSLv3 are deprecated and are usually disabled in libcurl"));
1664 printf (" %s\n", "--sni");
1665 printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
1666#if LIBCURL_VERSION_NUM >= 0x071801
1667 printf (" %s\n", _("Note: --sni is the default in libcurl as SSLv2 and SSLV3 are deprecated and"));
1668 printf (" %s\n", _(" SNI only really works since TLSv1.0"));
1669#else
1670 printf (" %s\n", _("Note: SNI is not supported in libcurl before 7.18.1"));
1671#endif
1672 printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");
1673 printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
1674 printf (" %s\n", _("(when this option is used the URL is not checked.)"));
1675 printf (" %s\n", "-J, --client-cert=FILE");
1676 printf (" %s\n", _("Name of file that contains the client certificate (PEM format)"));
1677 printf (" %s\n", _("to be used in establishing the SSL session"));
1678 printf (" %s\n", "-K, --private-key=FILE");
1679 printf (" %s\n", _("Name of file containing the private key (PEM format)"));
1680 printf (" %s\n", _("matching the client certificate"));
1681 printf (" %s\n", "--ca-cert=FILE");
1682 printf (" %s\n", _("CA certificate file to verify peer against"));
1683#endif
1684
1685 printf (" %s\n", "-e, --expect=STRING");
1686 printf (" %s\n", _("Comma-delimited list of strings, at least one of them is expected in"));
1687 printf (" %s", _("the first (status) line of the server response (default: "));
1688 printf ("%s)\n", HTTP_EXPECT);
1689 printf (" %s\n", _("If specified skips all other status line logic (ex: 3xx, 4xx, 5xx processing)"));
1690 printf (" %s\n", "-d, --header-string=STRING");
1691 printf (" %s\n", _("String to expect in the response headers"));
1692 printf (" %s\n", "-s, --string=STRING");
1693 printf (" %s\n", _("String to expect in the content"));
1694 printf (" %s\n", "-u, --url=PATH");
1695 printf (" %s\n", _("URL to GET or POST (default: /)"));
1696 printf (" %s\n", "-P, --post=STRING");
1697 printf (" %s\n", _("URL encoded http POST data"));
1698 printf (" %s\n", "-j, --method=STRING (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT)");
1699 printf (" %s\n", _("Set HTTP method."));
1700 printf (" %s\n", "-N, --no-body");
1701 printf (" %s\n", _("Don't wait for document body: stop reading after headers."));
1702 printf (" %s\n", _("(Note that this still does an HTTP GET or POST, not a HEAD.)"));
1703 printf (" %s\n", "-M, --max-age=SECONDS");
1704 printf (" %s\n", _("Warn if document is more than SECONDS old. the number can also be of"));
1705 printf (" %s\n", _("the form \"10m\" for minutes, \"10h\" for hours, or \"10d\" for days."));
1706 printf (" %s\n", "-T, --content-type=STRING");
1707 printf (" %s\n", _("specify Content-Type header media type when POSTing\n"));
1708 printf (" %s\n", "-l, --linespan");
1709 printf (" %s\n", _("Allow regex to span newlines (must precede -r or -R)"));
1710 printf (" %s\n", "-r, --regex, --ereg=STRING");
1711 printf (" %s\n", _("Search page for regex STRING"));
1712 printf (" %s\n", "-R, --eregi=STRING");
1713 printf (" %s\n", _("Search page for case-insensitive regex STRING"));
1714 printf (" %s\n", "--invert-regex");
1715 printf (" %s\n", _("Return CRITICAL if found, OK if not\n"));
1716 printf (" %s\n", "-a, --authorization=AUTH_PAIR");
1717 printf (" %s\n", _("Username:password on sites with basic authentication"));
1718 printf (" %s\n", "-b, --proxy-authorization=AUTH_PAIR");
1719 printf (" %s\n", _("Username:password on proxy-servers with basic authentication"));
1720 printf (" %s\n", "-A, --useragent=STRING");
1721 printf (" %s\n", _("String to be sent in http header as \"User Agent\""));
1722 printf (" %s\n", "-k, --header=STRING");
1723 printf (" %s\n", _("Any other tags to be sent in http header. Use multiple times for additional headers"));
1724 printf (" %s\n", "-E, --extended-perfdata");
1725 printf (" %s\n", _("Print additional performance data"));
1726 printf (" %s\n", "-L, --link");
1727 printf (" %s\n", _("Wrap output in HTML link (obsoleted by urlize)"));
1728 printf (" %s\n", "-f, --onredirect=<ok|warning|critical|follow|sticky|stickyport|curl>");
1729 printf (" %s\n", _("How to handle redirected pages. sticky is like follow but stick to the"));
1730 printf (" %s\n", _("specified IP address. stickyport also ensures port stays the same."));
1731 printf (" %s\n", _("follow uses the old redirection algorithm of check_http."));
1732 printf (" %s\n", _("curl uses CURL_FOLLOWLOCATION built into libcurl."));
1733 printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>");
1734 printf (" %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)"));
1735 printf ("\n");
1736 printf (" %s\n", "--http-version=VERSION");
1737 printf (" %s\n", _("Connect via specific HTTP protocol."));
1738 printf (" %s\n", _("1.0 = HTTP/1.0, 1.1 = HTTP/1.1, 2.0 = HTTP/2 (HTTP/2 will fail without -S)"));
1739 printf ("\n");
1740
1741 printf (UT_WARN_CRIT);
1742
1743 printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
1744
1745 printf (UT_VERBOSE);
1746
1747 printf ("\n");
1748 printf ("%s\n", _("Notes:"));
1749 printf (" %s\n", _("This plugin will attempt to open an HTTP connection with the host."));
1750 printf (" %s\n", _("Successful connects return STATE_OK, refusals and timeouts return STATE_CRITICAL"));
1751 printf (" %s\n", _("other errors return STATE_UNKNOWN. Successful connects, but incorrect response"));
1752 printf (" %s\n", _("messages from the host result in STATE_WARNING return values. If you are"));
1753 printf (" %s\n", _("checking a virtual server that uses 'host headers' you must supply the FQDN"));
1754 printf (" %s\n", _("(fully qualified domain name) as the [host_name] argument."));
1755
1756#ifdef LIBCURL_FEATURE_SSL
1757 printf ("\n");
1758 printf (" %s\n", _("This plugin can also check whether an SSL enabled web server is able to"));
1759 printf (" %s\n", _("serve content (optionally within a specified time) or whether the X509 "));
1760 printf (" %s\n", _("certificate is still valid for the specified number of days."));
1761 printf ("\n");
1762 printf (" %s\n", _("Please note that this plugin does not check if the presented server"));
1763 printf (" %s\n", _("certificate matches the hostname of the server, or if the certificate"));
1764 printf (" %s\n", _("has a valid chain of trust to one of the locally installed CAs."));
1765 printf ("\n");
1766 printf ("%s\n", _("Examples:"));
1767 printf (" %s\n\n", "CHECK CONTENT: check_curl -w 5 -c 10 --ssl -H www.verisign.com");
1768 printf (" %s\n", _("When the 'www.verisign.com' server returns its content within 5 seconds,"));
1769 printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds"));
1770 printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,"));
1771 printf (" %s\n", _("a STATE_CRITICAL will be returned."));
1772 printf ("\n");
1773 printf (" %s\n\n", "CHECK CERTIFICATE: check_curl -H www.verisign.com -C 14");
1774 printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 14 days,"));
1775 printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
1776 printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when"));
1777 printf (" %s\n\n", _("the certificate is expired."));
1778 printf ("\n");
1779 printf (" %s\n\n", "CHECK CERTIFICATE: check_curl -H www.verisign.com -C 30,14");
1780 printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,"));
1781 printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
1782 printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned."));
1783 printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days"));
1784#endif
1785
1786 printf ("\n %s\n", "CHECK WEBSERVER CONTENT VIA PROXY:");
1787 printf (" %s\n", _("It is recommended to use an environment proxy like:"));
1788 printf (" %s\n", _("http_proxy=http://192.168.100.35:3128 ./check_curl -H www.monitoring-plugins.org"));
1789 printf (" %s\n", _("legacy proxy requests in check_http style still work:"));
1790 printf (" %s\n", _("check_curl -I 192.168.100.35 -p 3128 -u http://www.monitoring-plugins.org/ -H www.monitoring-plugins.org"));
1791
1792#ifdef LIBCURL_FEATURE_SSL
1793 printf ("\n %s\n", "CHECK SSL WEBSERVER CONTENT VIA PROXY USING HTTP 1.1 CONNECT: ");
1794 printf (" %s\n", _("It is recommended to use an environment proxy like:"));
1795 printf (" %s\n", _("https_proxy=http://192.168.100.35:3128 ./check_curl -H www.verisign.com -S"));
1796 printf (" %s\n", _("legacy proxy requests in check_http style still work:"));
1797 printf (" %s\n", _("check_curl -I 192.168.100.35 -p 3128 -u https://www.verisign.com/ -S -j CONNECT -H www.verisign.com "));
1798 printf (" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>"));
1799 printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds"));
1800 printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,"));
1801 printf (" %s\n", _("a STATE_CRITICAL will be returned."));
1802
1803#endif
1804
1805 printf (UT_SUPPORT);
1806
1807}
1808
1809
1810
1811void
1812print_usage (void)
1813{
1814 printf ("%s\n", _("Usage:"));
1815 printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
1816 printf (" [-J <client certificate file>] [-K <private key>] [--ca-cert <CA certificate file>]\n");
1817 printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n");
1818 printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport|curl>]\n");
1819 printf (" [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
1820 printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
1821 printf (" [-A string] [-k string] [-S <version>] [--sni] [-C <warn_age>[,<crit_age>]]\n");
1822 printf (" [-T <content-type>] [-j method]\n");
1823 printf (" [--http-version=<version>]\n");
1824 printf ("\n");
1825 printf ("%s\n", _("WARNING: check_curl is experimental. Please use"));
1826 printf ("%s\n\n", _("check_http if you need a stable version."));
1827}
1828
1829void
1830print_curl_version (void)
1831{
1832 printf( "%s\n", curl_version());
1833}
1834
1835int
1836curlhelp_initwritebuffer (curlhelp_write_curlbuf *buf)
1837{
1838 buf->bufsize = DEFAULT_BUFFER_SIZE;
1839 buf->buflen = 0;
1840 buf->buf = (char *)malloc ((size_t)buf->bufsize);
1841 if (buf->buf == NULL) return -1;
1842 return 0;
1843}
1844
1845int
1846curlhelp_buffer_write_callback (void *buffer, size_t size, size_t nmemb, void *stream)
1847{
1848 curlhelp_write_curlbuf *buf = (curlhelp_write_curlbuf *)stream;
1849
1850 while (buf->bufsize < buf->buflen + size * nmemb + 1) {
1851 buf->bufsize *= buf->bufsize * 2;
1852 buf->buf = (char *)realloc (buf->buf, buf->bufsize);
1853 if (buf->buf == NULL) return -1;
1854 }
1855
1856 memcpy (buf->buf + buf->buflen, buffer, size * nmemb);
1857 buf->buflen += size * nmemb;
1858 buf->buf[buf->buflen] = '\0';
1859
1860 return (int)(size * nmemb);
1861}
1862
1863int
1864curlhelp_buffer_read_callback (void *buffer, size_t size, size_t nmemb, void *stream)
1865{
1866 curlhelp_read_curlbuf *buf = (curlhelp_read_curlbuf *)stream;
1867
1868 size_t n = min (nmemb * size, buf->buflen - buf->pos);
1869
1870 memcpy (buffer, buf->buf + buf->pos, n);
1871 buf->pos += n;
1872
1873 return (int)n;
1874}
1875
1876void
1877curlhelp_freewritebuffer (curlhelp_write_curlbuf *buf)
1878{
1879 free (buf->buf);
1880 buf->buf = NULL;
1881}
1882
1883int
1884curlhelp_initreadbuffer (curlhelp_read_curlbuf *buf, const char *data, size_t datalen)
1885{
1886 buf->buflen = datalen;
1887 buf->buf = (char *)malloc ((size_t)buf->buflen);
1888 if (buf->buf == NULL) return -1;
1889 memcpy (buf->buf, data, datalen);
1890 buf->pos = 0;
1891 return 0;
1892}
1893
1894void
1895curlhelp_freereadbuffer (curlhelp_read_curlbuf *buf)
1896{
1897 free (buf->buf);
1898 buf->buf = NULL;
1899}
1900
1901/* TODO: where to put this, it's actually part of sstrings2 (logically)?
1902 */
1903const char*
1904strrstr2(const char *haystack, const char *needle)
1905{
1906 int counter;
1907 size_t len;
1908 const char *prev_pos;
1909 const char *pos;
1910
1911 if (haystack == NULL || needle == NULL)
1912 return NULL;
1913
1914 if (haystack[0] == '\0' || needle[0] == '\0')
1915 return NULL;
1916
1917 counter = 0;
1918 prev_pos = NULL;
1919 pos = haystack;
1920 len = strlen (needle);
1921 for (;;) {
1922 pos = strstr (pos, needle);
1923 if (pos == NULL) {
1924 if (counter == 0)
1925 return NULL;
1926 else
1927 return prev_pos;
1928 }
1929 counter++;
1930 prev_pos = pos;
1931 pos += len;
1932 if (*pos == '\0') return prev_pos;
1933 }
1934}
1935
1936int
1937curlhelp_parse_statusline (const char *buf, curlhelp_statusline *status_line)
1938{
1939 char *first_line_end;
1940 char *p;
1941 size_t first_line_len;
1942 char *pp;
1943 const char *start;
1944 char *first_line_buf;
1945
1946 /* find last start of a new header */
1947 start = strrstr2 (buf, "\r\nHTTP");
1948 if (start != NULL) {
1949 start += 2;
1950 buf = start;
1951 }
1952
1953 first_line_end = strstr(buf, "\r\n");
1954 if (first_line_end == NULL) return -1;
1955
1956 first_line_len = (size_t)(first_line_end - buf);
1957 status_line->first_line = (char *)malloc (first_line_len + 1);
1958 if (status_line->first_line == NULL) return -1;
1959 memcpy (status_line->first_line, buf, first_line_len);
1960 status_line->first_line[first_line_len] = '\0';
1961 first_line_buf = strdup( status_line->first_line );
1962
1963 /* protocol and version: "HTTP/x.x" SP or "HTTP/2" SP */
1964
1965 p = strtok(first_line_buf, "/");
1966 if( p == NULL ) { free( first_line_buf ); return -1; }
1967 if( strcmp( p, "HTTP" ) != 0 ) { free( first_line_buf ); return -1; }
1968
1969 p = strtok( NULL, " " );
1970 if( p == NULL ) { free( first_line_buf ); return -1; }
1971 if( strchr( p, '.' ) != NULL ) {
1972
1973 /* HTTP 1.x case */
1974 char *ppp;
1975 ppp = strtok( p, "." );
1976 status_line->http_major = (int)strtol( p, &pp, 10 );
1977 if( *pp != '\0' ) { free( first_line_buf ); return -1; }
1978 ppp = strtok( NULL, " " );
1979 status_line->http_minor = (int)strtol( p, &pp, 10 );
1980 if( *pp != '\0' ) { free( first_line_buf ); return -1; }
1981 p += 4; /* 1.x SP */
1982 } else {
1983 /* HTTP 2 case */
1984 status_line->http_major = (int)strtol( p, &pp, 10 );
1985 status_line->http_minor = 0;
1986 p += 2; /* 2 SP */
1987 }
1988
1989 /* status code: "404" or "404.1", then SP */
1990
1991 p = strtok( p, " " );
1992 if( p == NULL ) { free( first_line_buf ); return -1; }
1993 if( strchr( p, '.' ) != NULL ) {
1994 char *ppp;
1995 ppp = strtok( p, "." );
1996 status_line->http_code = (int)strtol( ppp, &pp, 10 );
1997 if( *pp != '\0' ) { free( first_line_buf ); return -1; }
1998 ppp = strtok( NULL, "" );
1999 status_line->http_subcode = (int)strtol( ppp, &pp, 10 );
2000 if( *pp != '\0' ) { free( first_line_buf ); return -1; }
2001 p += 6; /* 400.1 SP */
2002 } else {
2003 status_line->http_code = (int)strtol( p, &pp, 10 );
2004 status_line->http_subcode = -1;
2005 if( *pp != '\0' ) { free( first_line_buf ); return -1; }
2006 p += 4; /* 400 SP */
2007 }
2008
2009 /* Human readable message: "Not Found" CRLF */
2010
2011 p = strtok( p, "" );
2012 if( p == NULL ) { status_line->msg = ""; return 0; }
2013 status_line->msg = status_line->first_line + ( p - first_line_buf );
2014 free( first_line_buf );
2015
2016 return 0;
2017}
2018
2019void
2020curlhelp_free_statusline (curlhelp_statusline *status_line)
2021{
2022 free (status_line->first_line);
2023}
2024
2025void
2026remove_newlines (char *s)
2027{
2028 char *p;
2029
2030 for (p = s; *p != '\0'; p++)
2031 if (*p == '\r' || *p == '\n')
2032 *p = ' ';
2033}
2034
2035char *
2036get_header_value (const struct phr_header* headers, const size_t nof_headers, const char* header)
2037{
2038 int i;
2039 for( i = 0; i < nof_headers; i++ ) {
2040 if( strncasecmp( header, headers[i].name, max( headers[i].name_len, 4 ) ) == 0 ) {
2041 return strndup( headers[i].value, headers[i].value_len );
2042 }
2043 }
2044 return NULL;
2045}
2046
2047int
2048check_document_dates (const curlhelp_write_curlbuf *header_buf, char (*msg)[DEFAULT_BUFFER_SIZE])
2049{
2050 char *server_date = NULL;
2051 char *document_date = NULL;
2052 int date_result = STATE_OK;
2053 curlhelp_statusline status_line;
2054 struct phr_header headers[255];
2055 size_t nof_headers = 255;
2056 size_t msglen;
2057
2058 int res = phr_parse_response (header_buf->buf, header_buf->buflen,
2059 &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
2060 headers, &nof_headers, 0);
2061
2062 server_date = get_header_value (headers, nof_headers, "date");
2063 document_date = get_header_value (headers, nof_headers, "last-modified");
2064
2065 if (!server_date || !*server_date) {
2066 snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sServer date unknown, "), *msg);
2067 date_result = max_state_alt(STATE_UNKNOWN, date_result);
2068 } else if (!document_date || !*document_date) {
2069 snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sDocument modification date unknown, "), *msg);
2070 date_result = max_state_alt(STATE_CRITICAL, date_result);
2071 } else {
2072 time_t srv_data = curl_getdate (server_date, NULL);
2073 time_t doc_data = curl_getdate (document_date, NULL);
2074 if (verbose >= 2)
2075 printf ("* server date: '%s' (%d), doc_date: '%s' (%d)\n", server_date, (int)srv_data, document_date, (int)doc_data);
2076 if (srv_data <= 0) {
2077 snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sServer date \"%100s\" unparsable, "), *msg, server_date);
2078 date_result = max_state_alt(STATE_CRITICAL, date_result);
2079 } else if (doc_data <= 0) {
2080 snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sDocument date \"%100s\" unparsable, "), *msg, document_date);
2081 date_result = max_state_alt(STATE_CRITICAL, date_result);
2082 } else if (doc_data > srv_data + 30) {
2083 snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sDocument is %d seconds in the future, "), *msg, (int)doc_data - (int)srv_data);
2084 date_result = max_state_alt(STATE_CRITICAL, date_result);
2085 } else if (doc_data < srv_data - maximum_age) {
2086 int n = (srv_data - doc_data);
2087 if (n > (60 * 60 * 24 * 2)) {
2088 snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sLast modified %.1f days ago, "), *msg, ((float) n) / (60 * 60 * 24));
2089 date_result = max_state_alt(STATE_CRITICAL, date_result);
2090 } else {
2091 snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sLast modified %d:%02d:%02d ago, "), *msg, n / (60 * 60), (n / 60) % 60, n % 60);
2092 date_result = max_state_alt(STATE_CRITICAL, date_result);
2093 }
2094 }
2095 }
2096
2097 if (server_date) free (server_date);
2098 if (document_date) free (document_date);
2099
2100 return date_result;
2101}
2102
2103
2104int
2105get_content_length (const curlhelp_write_curlbuf* header_buf, const curlhelp_write_curlbuf* body_buf)
2106{
2107 const char *s;
2108 int content_length = 0;
2109 char *copy;
2110 struct phr_header headers[255];
2111 size_t nof_headers = 255;
2112 size_t msglen;
2113 char *content_length_s = NULL;
2114 curlhelp_statusline status_line;
2115
2116 int res = phr_parse_response (header_buf->buf, header_buf->buflen,
2117 &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
2118 headers, &nof_headers, 0);
2119
2120 content_length_s = get_header_value (headers, nof_headers, "content-length");
2121 if (!content_length_s) {
2122 return header_buf->buflen + body_buf->buflen;
2123 }
2124 content_length_s += strspn (content_length_s, " \t");
2125 content_length = atoi (content_length_s);
2126 if (content_length != body_buf->buflen) {
2127 /* TODO: should we warn if the actual and the reported body length don't match? */
2128 }
2129
2130 if (content_length_s) free (content_length_s);
2131
2132 return header_buf->buflen + body_buf->buflen;
2133}
2134
2135/* TODO: is there a better way in libcurl to check for the SSL library? */
2136curlhelp_ssl_library
2137curlhelp_get_ssl_library (CURL* curl)
2138{
2139 curl_version_info_data* version_data;
2140 char *ssl_version;
2141 char *library;
2142 curlhelp_ssl_library ssl_library = CURLHELP_SSL_LIBRARY_UNKNOWN;
2143
2144 version_data = curl_version_info (CURLVERSION_NOW);
2145 if (version_data == NULL) return CURLHELP_SSL_LIBRARY_UNKNOWN;
2146
2147 ssl_version = strdup (version_data->ssl_version);
2148 if (ssl_version == NULL ) return CURLHELP_SSL_LIBRARY_UNKNOWN;
2149
2150 library = strtok (ssl_version, "/");
2151 if (library == NULL) return CURLHELP_SSL_LIBRARY_UNKNOWN;
2152
2153 if (strcmp (library, "OpenSSL") == 0)
2154 ssl_library = CURLHELP_SSL_LIBRARY_OPENSSL;
2155 else if (strcmp (library, "LibreSSL") == 0)
2156 ssl_library = CURLHELP_SSL_LIBRARY_LIBRESSL;
2157 else if (strcmp (library, "GnuTLS") == 0)
2158 ssl_library = CURLHELP_SSL_LIBRARY_GNUTLS;
2159 else if (strcmp (library, "NSS") == 0)
2160 ssl_library = CURLHELP_SSL_LIBRARY_NSS;
2161
2162 if (verbose >= 2)
2163 printf ("* SSL library string is : %s %s (%d)\n", version_data->ssl_version, library, ssl_library);
2164
2165 free (ssl_version);
2166
2167 return ssl_library;
2168}
2169
2170const char*
2171curlhelp_get_ssl_library_string (curlhelp_ssl_library ssl_library)
2172{
2173 switch (ssl_library) {
2174 case CURLHELP_SSL_LIBRARY_OPENSSL:
2175 return "OpenSSL";
2176 case CURLHELP_SSL_LIBRARY_LIBRESSL:
2177 return "LibreSSL";
2178 case CURLHELP_SSL_LIBRARY_GNUTLS:
2179 return "GnuTLS";
2180 case CURLHELP_SSL_LIBRARY_NSS:
2181 return "NSS";
2182 case CURLHELP_SSL_LIBRARY_UNKNOWN:
2183 default:
2184 return "unknown";
2185 }
2186}
2187
2188#ifdef LIBCURL_FEATURE_SSL
2189#ifndef USE_OPENSSL
2190time_t
2191parse_cert_date (const char *s)
2192{
2193 struct tm tm;
2194 time_t date;
2195 char *res;
2196
2197 if (!s) return -1;
2198
2199 /* Jan 17 14:25:12 2020 GMT */
2200 res = strptime (s, "%Y-%m-%d %H:%M:%S GMT", &tm);
2201 /* Sep 11 12:00:00 2020 GMT */
2202 if (res == NULL) strptime (s, "%Y %m %d %H:%M:%S GMT", &tm);
2203 date = mktime (&tm);
2204
2205 return date;
2206}
2207
2208/* TODO: this needs cleanup in the sslutils.c, maybe we the #else case to
2209 * OpenSSL could be this function
2210 */
2211int
2212net_noopenssl_check_certificate (cert_ptr_union* cert_ptr, int days_till_exp_warn, int days_till_exp_crit)
2213{
2214 int i;
2215 struct curl_slist* slist;
2216 int cname_found = 0;
2217 char* start_date_str = NULL;
2218 char* end_date_str = NULL;
2219 time_t start_date;
2220 time_t end_date;
2221 char *tz;
2222 float time_left;
2223 int days_left;
2224 int time_remaining;
2225 char timestamp[50] = "";
2226 int status = STATE_UNKNOWN;
2227
2228 if (verbose >= 2)
2229 printf ("**** REQUEST CERTIFICATES ****\n");
2230
2231 for (i = 0; i < cert_ptr->to_certinfo->num_of_certs; i++) {
2232 for (slist = cert_ptr->to_certinfo->certinfo[i]; slist; slist = slist->next) {
2233 /* find first common name in subject,
2234 * TODO: check alternative subjects for
2235 * TODO: have a decent parser here and not a hack
2236 * multi-host certificate, check wildcards
2237 */
2238 if (strncasecmp (slist->data, "Subject:", 8) == 0) {
2239 int d = 3;
2240 char* p = strstr (slist->data, "CN=");
2241 if (p == NULL) {
2242 d = 5;
2243 p = strstr (slist->data, "CN = ");
2244 }
2245 if (p != NULL) {
2246 if (strncmp (host_name, p+d, strlen (host_name)) == 0) {
2247 cname_found = 1;
2248 }
2249 }
2250 } else if (strncasecmp (slist->data, "Start Date:", 11) == 0) {
2251 start_date_str = &slist->data[11];
2252 } else if (strncasecmp (slist->data, "Expire Date:", 12) == 0) {
2253 end_date_str = &slist->data[12];
2254 } else if (strncasecmp (slist->data, "Cert:", 5) == 0) {
2255 goto HAVE_FIRST_CERT;
2256 }
2257 if (verbose >= 2)
2258 printf ("%d ** %s\n", i, slist->data);
2259 }
2260 }
2261HAVE_FIRST_CERT:
2262
2263 if (verbose >= 2)
2264 printf ("**** REQUEST CERTIFICATES ****\n");
2265
2266 if (!cname_found) {
2267 printf("%s\n",_("CRITICAL - Cannot retrieve certificate subject."));
2268 return STATE_CRITICAL;
2269 }
2270
2271 start_date = parse_cert_date (start_date_str);
2272 if (start_date <= 0) {
2273 snprintf (msg, DEFAULT_BUFFER_SIZE, _("WARNING - Unparsable 'Start Date' in certificate: '%s'"),
2274 start_date_str);
2275 puts (msg);
2276 return STATE_WARNING;
2277 }
2278
2279 end_date = parse_cert_date (end_date_str);
2280 if (end_date <= 0) {
2281 snprintf (msg, DEFAULT_BUFFER_SIZE, _("WARNING - Unparsable 'Expire Date' in certificate: '%s'"),
2282 start_date_str);
2283 puts (msg);
2284 return STATE_WARNING;
2285 }
2286
2287 time_left = difftime (end_date, time(NULL));
2288 days_left = time_left / 86400;
2289 tz = getenv("TZ");
2290 setenv("TZ", "GMT", 1);
2291 tzset();
2292 strftime(timestamp, 50, "%c %z", localtime(&end_date));
2293 if (tz)
2294 setenv("TZ", tz, 1);
2295 else
2296 unsetenv("TZ");
2297 tzset();
2298
2299 if (days_left > 0 && days_left <= days_till_exp_warn) {
2300 printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", host_name, days_left, timestamp);
2301 if (days_left > days_till_exp_crit)
2302 status = STATE_WARNING;
2303 else
2304 status = STATE_CRITICAL;
2305 } else if (days_left == 0 && time_left > 0) {
2306 if (time_left >= 3600)
2307 time_remaining = (int) time_left / 3600;
2308 else
2309 time_remaining = (int) time_left / 60;
2310
2311 printf (_("%s - Certificate '%s' expires in %u %s (%s)\n"),
2312 (days_left>days_till_exp_crit) ? "WARNING" : "CRITICAL", host_name, time_remaining,
2313 time_left >= 3600 ? "hours" : "minutes", timestamp);
2314
2315 if ( days_left > days_till_exp_crit)
2316 status = STATE_WARNING;
2317 else
2318 status = STATE_CRITICAL;
2319 } else if (time_left < 0) {
2320 printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), host_name, timestamp);
2321 status=STATE_CRITICAL;
2322 } else if (days_left == 0) {
2323 printf (_("%s - Certificate '%s' just expired (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", host_name, timestamp);
2324 if (days_left > days_till_exp_crit)
2325 status = STATE_WARNING;
2326 else
2327 status = STATE_CRITICAL;
2328 } else {
2329 printf(_("OK - Certificate '%s' will expire on %s.\n"), host_name, timestamp);
2330 status = STATE_OK;
2331 }
2332 return status;
2333}
2334#endif /* USE_OPENSSL */
2335#endif /* LIBCURL_FEATURE_SSL */
diff --git a/plugins/picohttpparser/Makefile.am b/plugins/picohttpparser/Makefile.am
new file mode 100644
index 00000000..87e05313
--- /dev/null
+++ b/plugins/picohttpparser/Makefile.am
@@ -0,0 +1,3 @@
1noinst_LIBRARIES = libpicohttpparser.a
2
3libpicohttpparser_a_SOURCES = picohttpparser.c picohttpparser.h
diff --git a/plugins/picohttpparser/picohttpparser.c b/plugins/picohttpparser/picohttpparser.c
new file mode 100644
index 00000000..74ccc3ef
--- /dev/null
+++ b/plugins/picohttpparser/picohttpparser.c
@@ -0,0 +1,645 @@
1/*
2 * Copyright (c) 2009-2014 Kazuho Oku, Tokuhiro Matsuno, Daisuke Murase,
3 * Shigeo Mitsunari
4 *
5 * The software is licensed under either the MIT License (below) or the Perl
6 * license.
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to
10 * deal in the Software without restriction, including without limitation the
11 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
12 * sell copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
23 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
24 * IN THE SOFTWARE.
25 */
26
27#include <assert.h>
28#include <stddef.h>
29#include <string.h>
30#ifdef __SSE4_2__
31#ifdef _MSC_VER
32#include <nmmintrin.h>
33#else
34#include <x86intrin.h>
35#endif
36#endif
37#include "picohttpparser.h"
38
39#if __GNUC__ >= 3
40#define likely(x) __builtin_expect(!!(x), 1)
41#define unlikely(x) __builtin_expect(!!(x), 0)
42#else
43#define likely(x) (x)
44#define unlikely(x) (x)
45#endif
46
47#ifdef _MSC_VER
48#define ALIGNED(n) _declspec(align(n))
49#else
50#define ALIGNED(n) __attribute__((aligned(n)))
51#endif
52
53#define IS_PRINTABLE_ASCII(c) ((unsigned char)(c)-040u < 0137u)
54
55#define CHECK_EOF() \
56 if (buf == buf_end) { \
57 *ret = -2; \
58 return NULL; \
59 }
60
61#define EXPECT_CHAR_NO_CHECK(ch) \
62 if (*buf++ != ch) { \
63 *ret = -1; \
64 return NULL; \
65 }
66
67#define EXPECT_CHAR(ch) \
68 CHECK_EOF(); \
69 EXPECT_CHAR_NO_CHECK(ch);
70
71#define ADVANCE_TOKEN(tok, toklen) \
72 do { \
73 const char *tok_start = buf; \
74 static const char ALIGNED(16) ranges2[16] = "\000\040\177\177"; \
75 int found2; \
76 buf = findchar_fast(buf, buf_end, ranges2, 4, &found2); \
77 if (!found2) { \
78 CHECK_EOF(); \
79 } \
80 while (1) { \
81 if (*buf == ' ') { \
82 break; \
83 } else if (unlikely(!IS_PRINTABLE_ASCII(*buf))) { \
84 if ((unsigned char)*buf < '\040' || *buf == '\177') { \
85 *ret = -1; \
86 return NULL; \
87 } \
88 } \
89 ++buf; \
90 CHECK_EOF(); \
91 } \
92 tok = tok_start; \
93 toklen = buf - tok_start; \
94 } while (0)
95
96static const char *token_char_map = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
97 "\0\1\0\1\1\1\1\1\0\0\1\1\0\1\1\0\1\1\1\1\1\1\1\1\1\1\0\0\0\0\0\0"
98 "\0\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\0\0\0\1\1"
99 "\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\0\1\0\1\0"
100 "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
101 "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
102 "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
103 "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
104
105static const char *findchar_fast(const char *buf, const char *buf_end, const char *ranges, size_t ranges_size, int *found)
106{
107 *found = 0;
108#if __SSE4_2__
109 if (likely(buf_end - buf >= 16)) {
110 __m128i ranges16 = _mm_loadu_si128((const __m128i *)ranges);
111
112 size_t left = (buf_end - buf) & ~15;
113 do {
114 __m128i b16 = _mm_loadu_si128((const __m128i *)buf);
115 int r = _mm_cmpestri(ranges16, ranges_size, b16, 16, _SIDD_LEAST_SIGNIFICANT | _SIDD_CMP_RANGES | _SIDD_UBYTE_OPS);
116 if (unlikely(r != 16)) {
117 buf += r;
118 *found = 1;
119 break;
120 }
121 buf += 16;
122 left -= 16;
123 } while (likely(left != 0));
124 }
125#else
126 /* suppress unused parameter warning */
127 (void)buf_end;
128 (void)ranges;
129 (void)ranges_size;
130#endif
131 return buf;
132}
133
134static const char *get_token_to_eol(const char *buf, const char *buf_end, const char **token, size_t *token_len, int *ret)
135{
136 const char *token_start = buf;
137
138#ifdef __SSE4_2__
139 static const char ALIGNED(16) ranges1[16] = "\0\010" /* allow HT */
140 "\012\037" /* allow SP and up to but not including DEL */
141 "\177\177"; /* allow chars w. MSB set */
142 int found;
143 buf = findchar_fast(buf, buf_end, ranges1, 6, &found);
144 if (found)
145 goto FOUND_CTL;
146#else
147 /* find non-printable char within the next 8 bytes, this is the hottest code; manually inlined */
148 while (likely(buf_end - buf >= 8)) {
149#define DOIT() \
150 do { \
151 if (unlikely(!IS_PRINTABLE_ASCII(*buf))) \
152 goto NonPrintable; \
153 ++buf; \
154 } while (0)
155 DOIT();
156 DOIT();
157 DOIT();
158 DOIT();
159 DOIT();
160 DOIT();
161 DOIT();
162 DOIT();
163#undef DOIT
164 continue;
165 NonPrintable:
166 if ((likely((unsigned char)*buf < '\040') && likely(*buf != '\011')) || unlikely(*buf == '\177')) {
167 goto FOUND_CTL;
168 }
169 ++buf;
170 }
171#endif
172 for (;; ++buf) {
173 CHECK_EOF();
174 if (unlikely(!IS_PRINTABLE_ASCII(*buf))) {
175 if ((likely((unsigned char)*buf < '\040') && likely(*buf != '\011')) || unlikely(*buf == '\177')) {
176 goto FOUND_CTL;
177 }
178 }
179 }
180FOUND_CTL:
181 if (likely(*buf == '\015')) {
182 ++buf;
183 EXPECT_CHAR('\012');
184 *token_len = buf - 2 - token_start;
185 } else if (*buf == '\012') {
186 *token_len = buf - token_start;
187 ++buf;
188 } else {
189 *ret = -1;
190 return NULL;
191 }
192 *token = token_start;
193
194 return buf;
195}
196
197static const char *is_complete(const char *buf, const char *buf_end, size_t last_len, int *ret)
198{
199 int ret_cnt = 0;
200 buf = last_len < 3 ? buf : buf + last_len - 3;
201
202 while (1) {
203 CHECK_EOF();
204 if (*buf == '\015') {
205 ++buf;
206 CHECK_EOF();
207 EXPECT_CHAR('\012');
208 ++ret_cnt;
209 } else if (*buf == '\012') {
210 ++buf;
211 ++ret_cnt;
212 } else {
213 ++buf;
214 ret_cnt = 0;
215 }
216 if (ret_cnt == 2) {
217 return buf;
218 }
219 }
220
221 *ret = -2;
222 return NULL;
223}
224
225#define PARSE_INT(valp_, mul_) \
226 if (*buf < '0' || '9' < *buf) { \
227 buf++; \
228 *ret = -1; \
229 return NULL; \
230 } \
231 *(valp_) = (mul_) * (*buf++ - '0');
232
233#define PARSE_INT_3(valp_) \
234 do { \
235 int res_ = 0; \
236 PARSE_INT(&res_, 100) \
237 *valp_ = res_; \
238 PARSE_INT(&res_, 10) \
239 *valp_ += res_; \
240 PARSE_INT(&res_, 1) \
241 *valp_ += res_; \
242 } while (0)
243
244/* returned pointer is always within [buf, buf_end), or null */
245static const char *parse_http_version(const char *buf, const char *buf_end, int *minor_version, int *ret)
246{
247 /* we want at least [HTTP/1.<two chars>] to try to parse */
248 if (buf_end - buf < 9) {
249 *ret = -2;
250 return NULL;
251 }
252 EXPECT_CHAR_NO_CHECK('H');
253 EXPECT_CHAR_NO_CHECK('T');
254 EXPECT_CHAR_NO_CHECK('T');
255 EXPECT_CHAR_NO_CHECK('P');
256 EXPECT_CHAR_NO_CHECK('/');
257 EXPECT_CHAR_NO_CHECK('1');
258 EXPECT_CHAR_NO_CHECK('.');
259 PARSE_INT(minor_version, 1);
260 return buf;
261}
262
263static const char *parse_headers(const char *buf, const char *buf_end, struct phr_header *headers, size_t *num_headers,
264 size_t max_headers, int *ret)
265{
266 for (;; ++*num_headers) {
267 CHECK_EOF();
268 if (*buf == '\015') {
269 ++buf;
270 EXPECT_CHAR('\012');
271 break;
272 } else if (*buf == '\012') {
273 ++buf;
274 break;
275 }
276 if (*num_headers == max_headers) {
277 *ret = -1;
278 return NULL;
279 }
280 if (!(*num_headers != 0 && (*buf == ' ' || *buf == '\t'))) {
281 /* parsing name, but do not discard SP before colon, see
282 * http://www.mozilla.org/security/announce/2006/mfsa2006-33.html */
283 headers[*num_headers].name = buf;
284 static const char ALIGNED(16) ranges1[] = "\x00 " /* control chars and up to SP */
285 "\"\"" /* 0x22 */
286 "()" /* 0x28,0x29 */
287 ",," /* 0x2c */
288 "//" /* 0x2f */
289 ":@" /* 0x3a-0x40 */
290 "[]" /* 0x5b-0x5d */
291 "{\377"; /* 0x7b-0xff */
292 int found;
293 buf = findchar_fast(buf, buf_end, ranges1, sizeof(ranges1) - 1, &found);
294 if (!found) {
295 CHECK_EOF();
296 }
297 while (1) {
298 if (*buf == ':') {
299 break;
300 } else if (!token_char_map[(unsigned char)*buf]) {
301 *ret = -1;
302 return NULL;
303 }
304 ++buf;
305 CHECK_EOF();
306 }
307 if ((headers[*num_headers].name_len = buf - headers[*num_headers].name) == 0) {
308 *ret = -1;
309 return NULL;
310 }
311 ++buf;
312 for (;; ++buf) {
313 CHECK_EOF();
314 if (!(*buf == ' ' || *buf == '\t')) {
315 break;
316 }
317 }
318 } else {
319 headers[*num_headers].name = NULL;
320 headers[*num_headers].name_len = 0;
321 }
322 const char *value;
323 size_t value_len;
324 if ((buf = get_token_to_eol(buf, buf_end, &value, &value_len, ret)) == NULL) {
325 return NULL;
326 }
327 /* remove trailing SPs and HTABs */
328 const char *value_end = value + value_len;
329 for (; value_end != value; --value_end) {
330 const char c = *(value_end - 1);
331 if (!(c == ' ' || c == '\t')) {
332 break;
333 }
334 }
335 headers[*num_headers].value = value;
336 headers[*num_headers].value_len = value_end - value;
337 }
338 return buf;
339}
340
341static const char *parse_request(const char *buf, const char *buf_end, const char **method, size_t *method_len, const char **path,
342 size_t *path_len, int *minor_version, struct phr_header *headers, size_t *num_headers,
343 size_t max_headers, int *ret)
344{
345 /* skip first empty line (some clients add CRLF after POST content) */
346 CHECK_EOF();
347 if (*buf == '\015') {
348 ++buf;
349 EXPECT_CHAR('\012');
350 } else if (*buf == '\012') {
351 ++buf;
352 }
353
354 /* parse request line */
355 ADVANCE_TOKEN(*method, *method_len);
356 do {
357 ++buf;
358 } while (*buf == ' ');
359 ADVANCE_TOKEN(*path, *path_len);
360 do {
361 ++buf;
362 } while (*buf == ' ');
363 if (*method_len == 0 || *path_len == 0) {
364 *ret = -1;
365 return NULL;
366 }
367 if ((buf = parse_http_version(buf, buf_end, minor_version, ret)) == NULL) {
368 return NULL;
369 }
370 if (*buf == '\015') {
371 ++buf;
372 EXPECT_CHAR('\012');
373 } else if (*buf == '\012') {
374 ++buf;
375 } else {
376 *ret = -1;
377 return NULL;
378 }
379
380 return parse_headers(buf, buf_end, headers, num_headers, max_headers, ret);
381}
382
383int phr_parse_request(const char *buf_start, size_t len, const char **method, size_t *method_len, const char **path,
384 size_t *path_len, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len)
385{
386 const char *buf = buf_start, *buf_end = buf_start + len;
387 size_t max_headers = *num_headers;
388 int r;
389
390 *method = NULL;
391 *method_len = 0;
392 *path = NULL;
393 *path_len = 0;
394 *minor_version = -1;
395 *num_headers = 0;
396
397 /* if last_len != 0, check if the request is complete (a fast countermeasure
398 againt slowloris */
399 if (last_len != 0 && is_complete(buf, buf_end, last_len, &r) == NULL) {
400 return r;
401 }
402
403 if ((buf = parse_request(buf, buf_end, method, method_len, path, path_len, minor_version, headers, num_headers, max_headers,
404 &r)) == NULL) {
405 return r;
406 }
407
408 return (int)(buf - buf_start);
409}
410
411static const char *parse_response(const char *buf, const char *buf_end, int *minor_version, int *status, const char **msg,
412 size_t *msg_len, struct phr_header *headers, size_t *num_headers, size_t max_headers, int *ret)
413{
414 /* parse "HTTP/1.x" */
415 if ((buf = parse_http_version(buf, buf_end, minor_version, ret)) == NULL) {
416 return NULL;
417 }
418 /* skip space */
419 if (*buf != ' ') {
420 *ret = -1;
421 return NULL;
422 }
423 do {
424 ++buf;
425 } while (*buf == ' ');
426 /* parse status code, we want at least [:digit:][:digit:][:digit:]<other char> to try to parse */
427 if (buf_end - buf < 4) {
428 *ret = -2;
429 return NULL;
430 }
431 PARSE_INT_3(status);
432
433 /* get message includig preceding space */
434 if ((buf = get_token_to_eol(buf, buf_end, msg, msg_len, ret)) == NULL) {
435 return NULL;
436 }
437 if (*msg_len == 0) {
438 /* ok */
439 } else if (**msg == ' ') {
440 /* remove preceding space */
441 do {
442 ++*msg;
443 --*msg_len;
444 } while (**msg == ' ');
445 } else {
446 /* garbage found after status code */
447 *ret = -1;
448 return NULL;
449 }
450
451 return parse_headers(buf, buf_end, headers, num_headers, max_headers, ret);
452}
453
454int phr_parse_response(const char *buf_start, size_t len, int *minor_version, int *status, const char **msg, size_t *msg_len,
455 struct phr_header *headers, size_t *num_headers, size_t last_len)
456{
457 const char *buf = buf_start, *buf_end = buf + len;
458 size_t max_headers = *num_headers;
459 int r;
460
461 *minor_version = -1;
462 *status = 0;
463 *msg = NULL;
464 *msg_len = 0;
465 *num_headers = 0;
466
467 /* if last_len != 0, check if the response is complete (a fast countermeasure
468 against slowloris */
469 if (last_len != 0 && is_complete(buf, buf_end, last_len, &r) == NULL) {
470 return r;
471 }
472
473 if ((buf = parse_response(buf, buf_end, minor_version, status, msg, msg_len, headers, num_headers, max_headers, &r)) == NULL) {
474 return r;
475 }
476
477 return (int)(buf - buf_start);
478}
479
480int phr_parse_headers(const char *buf_start, size_t len, struct phr_header *headers, size_t *num_headers, size_t last_len)
481{
482 const char *buf = buf_start, *buf_end = buf + len;
483 size_t max_headers = *num_headers;
484 int r;
485
486 *num_headers = 0;
487
488 /* if last_len != 0, check if the response is complete (a fast countermeasure
489 against slowloris */
490 if (last_len != 0 && is_complete(buf, buf_end, last_len, &r) == NULL) {
491 return r;
492 }
493
494 if ((buf = parse_headers(buf, buf_end, headers, num_headers, max_headers, &r)) == NULL) {
495 return r;
496 }
497
498 return (int)(buf - buf_start);
499}
500
501enum {
502 CHUNKED_IN_CHUNK_SIZE,
503 CHUNKED_IN_CHUNK_EXT,
504 CHUNKED_IN_CHUNK_DATA,
505 CHUNKED_IN_CHUNK_CRLF,
506 CHUNKED_IN_TRAILERS_LINE_HEAD,
507 CHUNKED_IN_TRAILERS_LINE_MIDDLE
508};
509
510static int decode_hex(int ch)
511{
512 if ('0' <= ch && ch <= '9') {
513 return ch - '0';
514 } else if ('A' <= ch && ch <= 'F') {
515 return ch - 'A' + 0xa;
516 } else if ('a' <= ch && ch <= 'f') {
517 return ch - 'a' + 0xa;
518 } else {
519 return -1;
520 }
521}
522
523ssize_t phr_decode_chunked(struct phr_chunked_decoder *decoder, char *buf, size_t *_bufsz)
524{
525 size_t dst = 0, src = 0, bufsz = *_bufsz;
526 ssize_t ret = -2; /* incomplete */
527
528 while (1) {
529 switch (decoder->_state) {
530 case CHUNKED_IN_CHUNK_SIZE:
531 for (;; ++src) {
532 int v;
533 if (src == bufsz)
534 goto Exit;
535 if ((v = decode_hex(buf[src])) == -1) {
536 if (decoder->_hex_count == 0) {
537 ret = -1;
538 goto Exit;
539 }
540 break;
541 }
542 if (decoder->_hex_count == sizeof(size_t) * 2) {
543 ret = -1;
544 goto Exit;
545 }
546 decoder->bytes_left_in_chunk = decoder->bytes_left_in_chunk * 16 + v;
547 ++decoder->_hex_count;
548 }
549 decoder->_hex_count = 0;
550 decoder->_state = CHUNKED_IN_CHUNK_EXT;
551 /* fallthru */
552 case CHUNKED_IN_CHUNK_EXT:
553 /* RFC 7230 A.2 "Line folding in chunk extensions is disallowed" */
554 for (;; ++src) {
555 if (src == bufsz)
556 goto Exit;
557 if (buf[src] == '\012')
558 break;
559 }
560 ++src;
561 if (decoder->bytes_left_in_chunk == 0) {
562 if (decoder->consume_trailer) {
563 decoder->_state = CHUNKED_IN_TRAILERS_LINE_HEAD;
564 break;
565 } else {
566 goto Complete;
567 }
568 }
569 decoder->_state = CHUNKED_IN_CHUNK_DATA;
570 /* fallthru */
571 case CHUNKED_IN_CHUNK_DATA: {
572 size_t avail = bufsz - src;
573 if (avail < decoder->bytes_left_in_chunk) {
574 if (dst != src)
575 memmove(buf + dst, buf + src, avail);
576 src += avail;
577 dst += avail;
578 decoder->bytes_left_in_chunk -= avail;
579 goto Exit;
580 }
581 if (dst != src)
582 memmove(buf + dst, buf + src, decoder->bytes_left_in_chunk);
583 src += decoder->bytes_left_in_chunk;
584 dst += decoder->bytes_left_in_chunk;
585 decoder->bytes_left_in_chunk = 0;
586 decoder->_state = CHUNKED_IN_CHUNK_CRLF;
587 }
588 /* fallthru */
589 case CHUNKED_IN_CHUNK_CRLF:
590 for (;; ++src) {
591 if (src == bufsz)
592 goto Exit;
593 if (buf[src] != '\015')
594 break;
595 }
596 if (buf[src] != '\012') {
597 ret = -1;
598 goto Exit;
599 }
600 ++src;
601 decoder->_state = CHUNKED_IN_CHUNK_SIZE;
602 break;
603 case CHUNKED_IN_TRAILERS_LINE_HEAD:
604 for (;; ++src) {
605 if (src == bufsz)
606 goto Exit;
607 if (buf[src] != '\015')
608 break;
609 }
610 if (buf[src++] == '\012')
611 goto Complete;
612 decoder->_state = CHUNKED_IN_TRAILERS_LINE_MIDDLE;
613 /* fallthru */
614 case CHUNKED_IN_TRAILERS_LINE_MIDDLE:
615 for (;; ++src) {
616 if (src == bufsz)
617 goto Exit;
618 if (buf[src] == '\012')
619 break;
620 }
621 ++src;
622 decoder->_state = CHUNKED_IN_TRAILERS_LINE_HEAD;
623 break;
624 default:
625 assert(!"decoder is corrupt");
626 }
627 }
628
629Complete:
630 ret = bufsz - src;
631Exit:
632 if (dst != src)
633 memmove(buf + dst, buf + src, bufsz - src);
634 *_bufsz = dst;
635 return ret;
636}
637
638int phr_decode_chunked_is_in_data(struct phr_chunked_decoder *decoder)
639{
640 return decoder->_state == CHUNKED_IN_CHUNK_DATA;
641}
642
643#undef CHECK_EOF
644#undef EXPECT_CHAR
645#undef ADVANCE_TOKEN
diff --git a/plugins/picohttpparser/picohttpparser.h b/plugins/picohttpparser/picohttpparser.h
new file mode 100644
index 00000000..0849f844
--- /dev/null
+++ b/plugins/picohttpparser/picohttpparser.h
@@ -0,0 +1,87 @@
1/*
2 * Copyright (c) 2009-2014 Kazuho Oku, Tokuhiro Matsuno, Daisuke Murase,
3 * Shigeo Mitsunari
4 *
5 * The software is licensed under either the MIT License (below) or the Perl
6 * license.
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to
10 * deal in the Software without restriction, including without limitation the
11 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
12 * sell copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
23 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
24 * IN THE SOFTWARE.
25 */
26
27#ifndef picohttpparser_h
28#define picohttpparser_h
29
30#include <sys/types.h>
31
32#ifdef _MSC_VER
33#define ssize_t intptr_t
34#endif
35
36#ifdef __cplusplus
37extern "C" {
38#endif
39
40/* contains name and value of a header (name == NULL if is a continuing line
41 * of a multiline header */
42struct phr_header {
43 const char *name;
44 size_t name_len;
45 const char *value;
46 size_t value_len;
47};
48
49/* returns number of bytes consumed if successful, -2 if request is partial,
50 * -1 if failed */
51int phr_parse_request(const char *buf, size_t len, const char **method, size_t *method_len, const char **path, size_t *path_len,
52 int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len);
53
54/* ditto */
55int phr_parse_response(const char *_buf, size_t len, int *minor_version, int *status, const char **msg, size_t *msg_len,
56 struct phr_header *headers, size_t *num_headers, size_t last_len);
57
58/* ditto */
59int phr_parse_headers(const char *buf, size_t len, struct phr_header *headers, size_t *num_headers, size_t last_len);
60
61/* should be zero-filled before start */
62struct phr_chunked_decoder {
63 size_t bytes_left_in_chunk; /* number of bytes left in current chunk */
64 char consume_trailer; /* if trailing headers should be consumed */
65 char _hex_count;
66 char _state;
67};
68
69/* the function rewrites the buffer given as (buf, bufsz) removing the chunked-
70 * encoding headers. When the function returns without an error, bufsz is
71 * updated to the length of the decoded data available. Applications should
72 * repeatedly call the function while it returns -2 (incomplete) every time
73 * supplying newly arrived data. If the end of the chunked-encoded data is
74 * found, the function returns a non-negative number indicating the number of
75 * octets left undecoded at the tail of the supplied buffer. Returns -1 on
76 * error.
77 */
78ssize_t phr_decode_chunked(struct phr_chunked_decoder *decoder, char *buf, size_t *bufsz);
79
80/* returns if the chunked decoder is in middle of chunked data */
81int phr_decode_chunked_is_in_data(struct phr_chunked_decoder *decoder);
82
83#ifdef __cplusplus
84}
85#endif
86
87#endif
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index e38947e3..14f6579d 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -1,29 +1,29 @@
1/***************************************************************************** 1/*****************************************************************************
2* 2*
3* Monitoring Plugins SSL utilities 3* Monitoring Plugins SSL utilities
4* 4*
5* License: GPL 5* License: GPL
6* Copyright (c) 2005-2010 Monitoring Plugins Development Team 6* Copyright (c) 2005-2010 Monitoring Plugins Development Team
7* 7*
8* Description: 8* Description:
9* 9*
10* This file contains common functions for plugins that require SSL. 10* This file contains common functions for plugins that require SSL.
11* 11*
12* 12*
13* This program is free software: you can redistribute it and/or modify 13* This program is free software: you can redistribute it and/or modify
14* it under the terms of the GNU General Public License as published by 14* it under the terms of the GNU General Public License as published by
15* the Free Software Foundation, either version 3 of the License, or 15* the Free Software Foundation, either version 3 of the License, or
16* (at your option) any later version. 16* (at your option) any later version.
17* 17*
18* This program is distributed in the hope that it will be useful, 18* This program is distributed in the hope that it will be useful,
19* but WITHOUT ANY WARRANTY; without even the implied warranty of 19* but WITHOUT ANY WARRANTY; without even the implied warranty of
20* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21* GNU General Public License for more details. 21* GNU General Public License for more details.
22* 22*
23* You should have received a copy of the GNU General Public License 23* You should have received a copy of the GNU General Public License
24* along with this program. If not, see <http://www.gnu.org/licenses/>. 24* along with this program. If not, see <http://www.gnu.org/licenses/>.
25* 25*
26* 26*
27*****************************************************************************/ 27*****************************************************************************/
28 28
29#define MAX_CN_LENGTH 256 29#define MAX_CN_LENGTH 256
@@ -193,12 +193,22 @@ int np_net_ssl_read(void *buf, int num) {
193 193
194int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ 194int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
195# ifdef USE_OPENSSL 195# ifdef USE_OPENSSL
196 X509 *certificate=NULL; 196 X509 *certificate = NULL;
197 certificate=SSL_get_peer_certificate(s);
198 return(np_net_ssl_check_certificate(certificate, days_till_exp_warn, days_till_exp_crit));
199# else /* ifndef USE_OPENSSL */
200 printf("%s\n", _("WARNING - Plugin does not support checking certificates."));
201 return STATE_WARNING;
202# endif /* USE_OPENSSL */
203}
204
205int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int days_till_exp_crit){
206# ifdef USE_OPENSSL
197 X509_NAME *subj=NULL; 207 X509_NAME *subj=NULL;
198 char timestamp[50] = ""; 208 char timestamp[50] = "";
199 char cn[MAX_CN_LENGTH]= ""; 209 char cn[MAX_CN_LENGTH]= "";
200 char *tz; 210 char *tz;
201 211
202 int cnlen =-1; 212 int cnlen =-1;
203 int status=STATE_UNKNOWN; 213 int status=STATE_UNKNOWN;
204 214
@@ -210,7 +220,6 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
210 int time_remaining; 220 int time_remaining;
211 time_t tm_t; 221 time_t tm_t;
212 222
213 certificate=SSL_get_peer_certificate(s);
214 if (!certificate) { 223 if (!certificate) {
215 printf("%s\n",_("CRITICAL - Cannot retrieve server certificate.")); 224 printf("%s\n",_("CRITICAL - Cannot retrieve server certificate."));
216 return STATE_CRITICAL; 225 return STATE_CRITICAL;
diff --git a/plugins/t/check_curl.t b/plugins/t/check_curl.t
new file mode 100644
index 00000000..4bff538a
--- /dev/null
+++ b/plugins/t/check_curl.t
@@ -0,0 +1,199 @@
1#! /usr/bin/perl -w -I ..
2#
3# HyperText Transfer Protocol (HTTP) Test via check_http
4#
5#
6
7use strict;
8use Test::More;
9use POSIX qw/mktime strftime/;
10use NPTest;
11
12plan tests => 57;
13
14my $successOutput = '/OK.*HTTP.*second/';
15
16my $res;
17my $plugin = 'check_http';
18$plugin = 'check_curl' if $0 =~ m/check_curl/mx;
19
20my $host_tcp_http = getTestParameter("NP_HOST_TCP_HTTP", "A host providing the HTTP Service (a web server)", "localhost");
21my $host_tls_http = getTestParameter("NP_HOST_TLS_HTTP", "A host providing the HTTPS Service (a tls web server)", "localhost");
22my $host_tls_cert = getTestParameter("NP_HOST_TLS_CERT", "the common name of the certificate.", "localhost");
23my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
24my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost");
25my $internet_access = getTestParameter("NP_INTERNET_ACCESS", "Is this system directly connected to the internet?", "yes");
26my $host_tcp_http2 = getTestParameter("NP_HOST_TCP_HTTP2", "A host providing an index page containing the string 'monitoring'", "test.monitoring-plugins.org");
27my $host_tcp_proxy = getTestParameter("NP_HOST_TCP_PROXY", "A host providing a HTTP proxy with CONNECT support", "localhost");
28my $port_tcp_proxy = getTestParameter("NP_PORT_TCP_PROXY", "Port of the proxy with HTTP and CONNECT support", "3128");
29
30my $faketime = -x '/usr/bin/faketime' ? 1 : 0;
31
32
33$res = NPTest->testCmd(
34 "./$plugin $host_tcp_http -wt 300 -ct 600"
35 );
36cmp_ok( $res->return_code, '==', 0, "Webserver $host_tcp_http responded" );
37like( $res->output, $successOutput, "Output OK" );
38
39$res = NPTest->testCmd(
40 "./$plugin $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'"
41 );
42like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" );
43
44$res = NPTest->testCmd(
45 "./$plugin $host_nonresponsive -wt 1 -ct 2 -t 3"
46 );
47cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" );
48# was CRITICAL only, but both check_curl and check_http print HTTP CRITICAL (puzzle?!)
49cmp_ok( $res->output, 'eq', "HTTP CRITICAL - Invalid HTTP response received from host on port 80: cURL returned 28 - Timeout was reached", "Output OK");
50
51$res = NPTest->testCmd(
52 "./$plugin $hostname_invalid -wt 1 -ct 2"
53 );
54cmp_ok( $res->return_code, '==', 2, "Webserver $hostname_invalid not valid" );
55# The first part of the message comes from the OS catalogue, so cannot check this.
56# On Debian, it is Name or service not known, on Darwin, it is No address associated with nodename
57# Is also possible to get a socket timeout if DNS is not responding fast enough
58# cURL gives us consistent strings from it's own 'lib/strerror.c'
59like( $res->output, "/cURL returned 6 - Couldn't resolve host name/", "Output OK");
60
61# host header checks
62$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http");
63like( $res->output, '/^Host: '.$host_tcp_http.'\s*$/ms', "Host Header OK" );
64like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" );
65
66$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http -p 80");
67like( $res->output, '/^Host: '.$host_tcp_http.'\s*$/ms', "Host Header OK" );
68like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" );
69
70$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http:8080 -p 80");
71like( $res->output, '/^Host: '.$host_tcp_http.':8080\s*$/ms', "Host Header OK" );
72like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" );
73
74$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http:8080 -p 80");
75like( $res->output, '/^Host: '.$host_tcp_http.':8080\s*$/ms', "Host Header OK" );
76like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" );
77
78$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http:8080 -p 80 -k 'Host: testhost:8001'");
79like( $res->output, '/^Host: testhost:8001\s*$/ms', "Host Header OK" );
80like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" );
81
82$res = NPTest->testCmd("./$plugin -v -I $host_tcp_http -p 80 -k 'Host: testhost:8001'");
83like( $res->output, '/^Host: testhost:8001\s*$/ms', "Host Header OK" );
84like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" );
85
86SKIP: {
87 skip "No internet access", 3 if $internet_access eq "no";
88
89 $res = NPTest->testCmd("./$plugin -v -H $host_tls_http -S");
90 like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" );
91
92 $res = NPTest->testCmd("./$plugin -v -H $host_tls_http:8080 -S -p 443");
93 like( $res->output, '/^Host: '.$host_tls_http.':8080\s*$/ms', "Host Header OK" );
94
95 $res = NPTest->testCmd("./$plugin -v -H $host_tls_http:443 -S -p 443");
96 like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" );
97};
98
99SKIP: {
100 skip "No host serving monitoring in index file", 7 unless $host_tcp_http2;
101
102 $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'monitoring'" );
103 cmp_ok( $res->return_code, "==", 0, "Got a reference to 'monitoring'");
104
105 $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'mONiTORing'" );
106 cmp_ok( $res->return_code, "==", 2, "Not got 'mONiTORing'");
107 like ( $res->output, "/pattern not found/", "Error message says 'pattern not found'");
108
109 $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -R 'mONiTORing'" );
110 cmp_ok( $res->return_code, "==", 0, "But case insensitive doesn't mind 'mONiTORing'");
111
112 $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'monitoring' --invert-regex" );
113 cmp_ok( $res->return_code, "==", 2, "Invert results work when found");
114 like ( $res->output, "/pattern found/", "Error message says 'pattern found'");
115
116 $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'mONiTORing' --invert-regex" );
117 cmp_ok( $res->return_code, "==", 0, "And also when not found");
118}
119SKIP: {
120 skip "No internet access", 16 if $internet_access eq "no";
121
122 $res = NPTest->testCmd(
123 "./$plugin --ssl $host_tls_http"
124 );
125 cmp_ok( $res->return_code, '==', 0, "Can read https for $host_tls_http" );
126
127 $res = NPTest->testCmd( "./$plugin -C 1 --ssl $host_tls_http" );
128 cmp_ok( $res->return_code, '==', 0, "Checking certificate for $host_tls_http");
129 like ( $res->output, "/Certificate '$host_tls_cert' will expire on/", "Output OK" );
130 my $saved_cert_output = $res->output;
131
132 $res = NPTest->testCmd( "./$plugin -C 8000,1 --ssl $host_tls_http" );
133 cmp_ok( $res->return_code, '==', 1, "Checking certificate for $host_tls_http");
134 like ( $res->output, qr/WARNING - Certificate '$host_tls_cert' expires in \d+ day/, "Output Warning" );
135
136 $res = NPTest->testCmd( "./$plugin $host_tls_http -C 1" );
137 is( $res->return_code, 0, "Old syntax for cert checking okay" );
138 is( $res->output, $saved_cert_output, "Same output as new syntax" );
139
140 $res = NPTest->testCmd( "./$plugin -H $host_tls_http -C 1" );
141 is( $res->return_code, 0, "Updated syntax for cert checking okay" );
142 is( $res->output, $saved_cert_output, "Same output as new syntax" );
143
144 $res = NPTest->testCmd( "./$plugin -C 1 $host_tls_http" );
145 cmp_ok( $res->output, 'eq', $saved_cert_output, "--ssl option automatically added");
146
147 $res = NPTest->testCmd( "./$plugin $host_tls_http -C 1" );
148 cmp_ok( $res->output, 'eq', $saved_cert_output, "Old syntax for cert checking still works");
149
150 # run some certificate checks with faketime
151 SKIP: {
152 skip "No faketime binary found", 12 if !$faketime;
153 $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./$plugin -C 1 $host_tls_http");
154 like($res->output, qr/OK - Certificate '$host_tls_cert' will expire on/, "Catch cert output");
155 is( $res->return_code, 0, "Catch cert output exit code" );
156 my($mon,$day,$hour,$min,$sec,$year) = ($res->output =~ /(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)\s+(\d+)/);
157 if(!defined $year) {
158 die("parsing date failed from: ".$res->output);
159 }
160 my $months = {'Jan' => 0, 'Feb' => 1, 'Mar' => 2, 'Apr' => 3, 'May' => 4, 'Jun' => 5, 'Jul' => 6, 'Aug' => 7, 'Sep' => 8, 'Oct' => 9, 'Nov' => 10, 'Dec' => 11};
161 my $ts = mktime($sec, $min, $hour, $day, $months->{$mon}, $year-1900);
162 my $time = strftime("%Y-%m-%d %H:%M:%S", localtime($ts));
163 $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./$plugin -C 1 $host_tls_http");
164 like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' just expired/, "Output on expire date");
165 is( $res->return_code, 2, "Output on expire date" );
166
167 $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-1))."' ./$plugin -C 1 $host_tls_http");
168 like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 0 minutes/, "cert expires in 1 second output");
169 is( $res->return_code, 2, "cert expires in 1 second exit code" );
170
171 $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-120))."' ./$plugin -C 1 $host_tls_http");
172 like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 2 minutes/, "cert expires in 2 minutes output");
173 is( $res->return_code, 2, "cert expires in 2 minutes exit code" );
174
175 $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-7200))."' ./$plugin -C 1 $host_tls_http");
176 like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 2 hours/, "cert expires in 2 hours output");
177 is( $res->return_code, 2, "cert expires in 2 hours exit code" );
178
179 $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./$plugin -C 1 $host_tls_http");
180 like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expired on/, "Certificate expired output");
181 is( $res->return_code, 2, "Certificate expired exit code" );
182 };
183
184 $res = NPTest->testCmd( "./$plugin --ssl $host_tls_http -E" );
185 like ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
186 like ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' );
187
188 $res = NPTest->testCmd(
189 "./$plugin --ssl -H www.e-paycobalt.com"
190 );
191 cmp_ok( $res->return_code, "==", 0, "Can read https for www.e-paycobalt.com (uses AES certificate)" );
192
193
194 $res = NPTest->testCmd( "./$plugin -H www.mozilla.com -u /firefox -f follow" );
195 is( $res->return_code, 0, "Redirection based on location is okay");
196
197 $res = NPTest->testCmd( "./$plugin -H www.mozilla.com --extended-perfdata" );
198 like ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
199}
diff --git a/plugins/t/check_http.t b/plugins/t/check_http.t
index b3760ebe..e92681e9 100644
--- a/plugins/t/check_http.t
+++ b/plugins/t/check_http.t
@@ -14,6 +14,8 @@ plan tests => 50;
14my $successOutput = '/OK.*HTTP.*second/'; 14my $successOutput = '/OK.*HTTP.*second/';
15 15
16my $res; 16my $res;
17my $plugin = 'check_http';
18$plugin = 'check_curl' if $0 =~ m/check_curl/mx;
17 19
18my $host_tcp_http = getTestParameter("NP_HOST_TCP_HTTP", "A host providing the HTTP Service (a web server)", "localhost"); 20my $host_tcp_http = getTestParameter("NP_HOST_TCP_HTTP", "A host providing the HTTP Service (a web server)", "localhost");
19my $host_tls_http = getTestParameter("NP_HOST_TLS_HTTP", "A host providing the HTTPS Service (a tls web server)", "localhost"); 21my $host_tls_http = getTestParameter("NP_HOST_TLS_HTTP", "A host providing the HTTPS Service (a tls web server)", "localhost");
@@ -29,24 +31,24 @@ my $faketime = -x '/usr/bin/faketime' ? 1 : 0;
29 31
30 32
31$res = NPTest->testCmd( 33$res = NPTest->testCmd(
32 "./check_http $host_tcp_http -wt 300 -ct 600" 34 "./$plugin $host_tcp_http -wt 300 -ct 600"
33 ); 35 );
34cmp_ok( $res->return_code, '==', 0, "Webserver $host_tcp_http responded" ); 36cmp_ok( $res->return_code, '==', 0, "Webserver $host_tcp_http responded" );
35like( $res->output, $successOutput, "Output OK" ); 37like( $res->output, $successOutput, "Output OK" );
36 38
37$res = NPTest->testCmd( 39$res = NPTest->testCmd(
38 "./check_http $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'" 40 "./$plugin $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'"
39 ); 41 );
40like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" ); 42like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" );
41 43
42$res = NPTest->testCmd( 44$res = NPTest->testCmd(
43 "./check_http $host_nonresponsive -wt 1 -ct 2 -t 3" 45 "./$plugin $host_nonresponsive -wt 1 -ct 2 -t 3"
44 ); 46 );
45cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" ); 47cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" );
46cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 3 seconds", "Output OK"); 48cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 3 seconds", "Output OK");
47 49
48$res = NPTest->testCmd( 50$res = NPTest->testCmd(
49 "./check_http $hostname_invalid -wt 1 -ct 2" 51 "./$plugin $hostname_invalid -wt 1 -ct 2"
50 ); 52 );
51cmp_ok( $res->return_code, '==', 2, "Webserver $hostname_invalid not valid" ); 53cmp_ok( $res->return_code, '==', 2, "Webserver $hostname_invalid not valid" );
52# The first part of the message comes from the OS catalogue, so cannot check this. 54# The first part of the message comes from the OS catalogue, so cannot check this.
@@ -55,86 +57,86 @@ cmp_ok( $res->return_code, '==', 2, "Webserver $hostname_invalid not valid" );
55like( $res->output, "/Unable to open TCP socket|Socket timeout after/", "Output OK"); 57like( $res->output, "/Unable to open TCP socket|Socket timeout after/", "Output OK");
56 58
57# host header checks 59# host header checks
58$res = NPTest->testCmd("./check_http -v -H $host_tcp_http"); 60$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http");
59like( $res->output, '/^Host: '.$host_tcp_http.'\s*$/ms', "Host Header OK" ); 61like( $res->output, '/^Host: '.$host_tcp_http.'\s*$/ms', "Host Header OK" );
60 62
61$res = NPTest->testCmd("./check_http -v -H $host_tcp_http -p 80"); 63$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http -p 80");
62like( $res->output, '/^Host: '.$host_tcp_http.'\s*$/ms', "Host Header OK" ); 64like( $res->output, '/^Host: '.$host_tcp_http.'\s*$/ms', "Host Header OK" );
63 65
64$res = NPTest->testCmd("./check_http -v -H $host_tcp_http:8080 -p 80"); 66$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http:8080 -p 80");
65like( $res->output, '/^Host: '.$host_tcp_http.':8080\s*$/ms', "Host Header OK" ); 67like( $res->output, '/^Host: '.$host_tcp_http.':8080\s*$/ms', "Host Header OK" );
66 68
67$res = NPTest->testCmd("./check_http -v -H $host_tcp_http:8080 -p 80"); 69$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http:8080 -p 80");
68like( $res->output, '/^Host: '.$host_tcp_http.':8080\s*$/ms', "Host Header OK" ); 70like( $res->output, '/^Host: '.$host_tcp_http.':8080\s*$/ms', "Host Header OK" );
69 71
70SKIP: { 72SKIP: {
71 skip "No internet access", 3 if $internet_access eq "no"; 73 skip "No internet access", 3 if $internet_access eq "no";
72 74
73 $res = NPTest->testCmd("./check_http -v -H $host_tls_http -S"); 75 $res = NPTest->testCmd("./$plugin -v -H $host_tls_http -S");
74 like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" ); 76 like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" );
75 77
76 $res = NPTest->testCmd("./check_http -v -H $host_tls_http:8080 -S -p 443"); 78 $res = NPTest->testCmd("./$plugin -v -H $host_tls_http:8080 -S -p 443");
77 like( $res->output, '/^Host: '.$host_tls_http.':8080\s*$/ms', "Host Header OK" ); 79 like( $res->output, '/^Host: '.$host_tls_http.':8080\s*$/ms', "Host Header OK" );
78 80
79 $res = NPTest->testCmd("./check_http -v -H $host_tls_http:443 -S -p 443"); 81 $res = NPTest->testCmd("./$plugin -v -H $host_tls_http:443 -S -p 443");
80 like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" ); 82 like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" );
81}; 83};
82 84
83SKIP: { 85SKIP: {
84 skip "No host serving monitoring in index file", 7 unless $host_tcp_http2; 86 skip "No host serving monitoring in index file", 7 unless $host_tcp_http2;
85 87
86 $res = NPTest->testCmd( "./check_http -H $host_tcp_http2 -r 'monitoring'" ); 88 $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'monitoring'" );
87 cmp_ok( $res->return_code, "==", 0, "Got a reference to 'monitoring'"); 89 cmp_ok( $res->return_code, "==", 0, "Got a reference to 'monitoring'");
88 90
89 $res = NPTest->testCmd( "./check_http -H $host_tcp_http2 -r 'mONiTORing'" ); 91 $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'mONiTORing'" );
90 cmp_ok( $res->return_code, "==", 2, "Not got 'mONiTORing'"); 92 cmp_ok( $res->return_code, "==", 2, "Not got 'mONiTORing'");
91 like ( $res->output, "/pattern not found/", "Error message says 'pattern not found'"); 93 like ( $res->output, "/pattern not found/", "Error message says 'pattern not found'");
92 94
93 $res = NPTest->testCmd( "./check_http -H $host_tcp_http2 -R 'mONiTORing'" ); 95 $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -R 'mONiTORing'" );
94 cmp_ok( $res->return_code, "==", 0, "But case insensitive doesn't mind 'mONiTORing'"); 96 cmp_ok( $res->return_code, "==", 0, "But case insensitive doesn't mind 'mONiTORing'");
95 97
96 $res = NPTest->testCmd( "./check_http -H $host_tcp_http2 -r 'monitoring' --invert-regex" ); 98 $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'monitoring' --invert-regex" );
97 cmp_ok( $res->return_code, "==", 2, "Invert results work when found"); 99 cmp_ok( $res->return_code, "==", 2, "Invert results work when found");
98 like ( $res->output, "/pattern found/", "Error message says 'pattern found'"); 100 like ( $res->output, "/pattern found/", "Error message says 'pattern found'");
99 101
100 $res = NPTest->testCmd( "./check_http -H $host_tcp_http2 -r 'mONiTORing' --invert-regex" ); 102 $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'mONiTORing' --invert-regex" );
101 cmp_ok( $res->return_code, "==", 0, "And also when not found"); 103 cmp_ok( $res->return_code, "==", 0, "And also when not found");
102} 104}
103SKIP: { 105SKIP: {
104 skip "No internet access", 16 if $internet_access eq "no"; 106 skip "No internet access", 16 if $internet_access eq "no";
105 107
106 $res = NPTest->testCmd( 108 $res = NPTest->testCmd(
107 "./check_http --ssl $host_tls_http" 109 "./$plugin --ssl $host_tls_http"
108 ); 110 );
109 cmp_ok( $res->return_code, '==', 0, "Can read https for $host_tls_http" ); 111 cmp_ok( $res->return_code, '==', 0, "Can read https for $host_tls_http" );
110 112
111 $res = NPTest->testCmd( "./check_http -C 1 --ssl $host_tls_http" ); 113 $res = NPTest->testCmd( "./$plugin -C 1 --ssl $host_tls_http" );
112 cmp_ok( $res->return_code, '==', 0, "Checking certificate for $host_tls_http"); 114 cmp_ok( $res->return_code, '==', 0, "Checking certificate for $host_tls_http");
113 like ( $res->output, "/Certificate '$host_tls_cert' will expire on/", "Output OK" ); 115 like ( $res->output, "/Certificate '$host_tls_cert' will expire on/", "Output OK" );
114 my $saved_cert_output = $res->output; 116 my $saved_cert_output = $res->output;
115 117
116 $res = NPTest->testCmd( "./check_http -C 8000,1 --ssl $host_tls_http" ); 118 $res = NPTest->testCmd( "./$plugin -C 8000,1 --ssl $host_tls_http" );
117 cmp_ok( $res->return_code, '==', 1, "Checking certificate for $host_tls_http"); 119 cmp_ok( $res->return_code, '==', 1, "Checking certificate for $host_tls_http");
118 like ( $res->output, qr/WARNING - Certificate '$host_tls_cert' expires in \d+ day/, "Output Warning" ); 120 like ( $res->output, qr/WARNING - Certificate '$host_tls_cert' expires in \d+ day/, "Output Warning" );
119 121
120 $res = NPTest->testCmd( "./check_http $host_tls_http -C 1" ); 122 $res = NPTest->testCmd( "./$plugin $host_tls_http -C 1" );
121 is( $res->return_code, 0, "Old syntax for cert checking okay" ); 123 is( $res->return_code, 0, "Old syntax for cert checking okay" );
122 is( $res->output, $saved_cert_output, "Same output as new syntax" ); 124 is( $res->output, $saved_cert_output, "Same output as new syntax" );
123 125
124 $res = NPTest->testCmd( "./check_http -H $host_tls_http -C 1" ); 126 $res = NPTest->testCmd( "./$plugin -H $host_tls_http -C 1" );
125 is( $res->return_code, 0, "Updated syntax for cert checking okay" ); 127 is( $res->return_code, 0, "Updated syntax for cert checking okay" );
126 is( $res->output, $saved_cert_output, "Same output as new syntax" ); 128 is( $res->output, $saved_cert_output, "Same output as new syntax" );
127 129
128 $res = NPTest->testCmd( "./check_http -C 1 $host_tls_http" ); 130 $res = NPTest->testCmd( "./$plugin -C 1 $host_tls_http" );
129 cmp_ok( $res->output, 'eq', $saved_cert_output, "--ssl option automatically added"); 131 cmp_ok( $res->output, 'eq', $saved_cert_output, "--ssl option automatically added");
130 132
131 $res = NPTest->testCmd( "./check_http $host_tls_http -C 1" ); 133 $res = NPTest->testCmd( "./$plugin $host_tls_http -C 1" );
132 cmp_ok( $res->output, 'eq', $saved_cert_output, "Old syntax for cert checking still works"); 134 cmp_ok( $res->output, 'eq', $saved_cert_output, "Old syntax for cert checking still works");
133 135
134 # run some certificate checks with faketime 136 # run some certificate checks with faketime
135 SKIP: { 137 SKIP: {
136 skip "No faketime binary found", 7 if !$faketime; 138 skip "No faketime binary found", 12 if !$faketime;
137 $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./check_http -C 1 $host_tls_http"); 139 $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./$plugin -C 1 $host_tls_http");
138 like($res->output, qr/OK - Certificate '$host_tls_cert' will expire on/, "Catch cert output"); 140 like($res->output, qr/OK - Certificate '$host_tls_cert' will expire on/, "Catch cert output");
139 is( $res->return_code, 0, "Catch cert output exit code" ); 141 is( $res->return_code, 0, "Catch cert output exit code" );
140 my($mon,$day,$hour,$min,$sec,$year) = ($res->output =~ /(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)\s+(\d+)/); 142 my($mon,$day,$hour,$min,$sec,$year) = ($res->output =~ /(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)\s+(\d+)/);
@@ -144,51 +146,51 @@ SKIP: {
144 my $months = {'Jan' => 0, 'Feb' => 1, 'Mar' => 2, 'Apr' => 3, 'May' => 4, 'Jun' => 5, 'Jul' => 6, 'Aug' => 7, 'Sep' => 8, 'Oct' => 9, 'Nov' => 10, 'Dec' => 11}; 146 my $months = {'Jan' => 0, 'Feb' => 1, 'Mar' => 2, 'Apr' => 3, 'May' => 4, 'Jun' => 5, 'Jul' => 6, 'Aug' => 7, 'Sep' => 8, 'Oct' => 9, 'Nov' => 10, 'Dec' => 11};
145 my $ts = mktime($sec, $min, $hour, $day, $months->{$mon}, $year-1900); 147 my $ts = mktime($sec, $min, $hour, $day, $months->{$mon}, $year-1900);
146 my $time = strftime("%Y-%m-%d %H:%M:%S", localtime($ts)); 148 my $time = strftime("%Y-%m-%d %H:%M:%S", localtime($ts));
147 $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_http -C 1 $host_tls_http"); 149 $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./$plugin -C 1 $host_tls_http");
148 like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' just expired/, "Output on expire date"); 150 like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' just expired/, "Output on expire date");
149 151
150 $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-1))."' ./check_http -C 1 $host_tls_http"); 152 $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-1))."' ./$plugin -C 1 $host_tls_http");
151 like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 0 minutes/, "cert expires in 1 second output"); 153 like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 0 minutes/, "cert expires in 1 second output");
152 154
153 $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-120))."' ./check_http -C 1 $host_tls_http"); 155 $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-120))."' ./$plugin -C 1 $host_tls_http");
154 like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 2 minutes/, "cert expires in 2 minutes output"); 156 like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 2 minutes/, "cert expires in 2 minutes output");
155 157
156 $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-7200))."' ./check_http -C 1 $host_tls_http"); 158 $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-7200))."' ./$plugin -C 1 $host_tls_http");
157 like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 2 hours/, "cert expires in 2 hours output"); 159 like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 2 hours/, "cert expires in 2 hours output");
158 160
159 $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_http -C 1 $host_tls_http"); 161 $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./$plugin -C 1 $host_tls_http");
160 like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expired on/, "Certificate expired output"); 162 like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expired on/, "Certificate expired output");
161 }; 163 };
162 164
163 $res = NPTest->testCmd( "./check_http --ssl $host_tls_http -E" ); 165 $res = NPTest->testCmd( "./$plugin --ssl $host_tls_http -E" );
164 like ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' ); 166 like ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
165 like ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' ); 167 like ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' );
166 168
167 $res = NPTest->testCmd( 169 $res = NPTest->testCmd(
168 "./check_http --ssl -H www.e-paycobalt.com" 170 "./$plugin --ssl -H www.e-paycobalt.com"
169 ); 171 );
170 cmp_ok( $res->return_code, "==", 0, "Can read https for www.e-paycobalt.com (uses AES certificate)" ); 172 cmp_ok( $res->return_code, "==", 0, "Can read https for www.e-paycobalt.com (uses AES certificate)" );
171 173
172 174
173 $res = NPTest->testCmd( "./check_http -H www.mozilla.com -u /firefox -f follow" ); 175 $res = NPTest->testCmd( "./$plugin -H www.mozilla.com -u /firefox -f follow" );
174 is( $res->return_code, 0, "Redirection based on location is okay"); 176 is( $res->return_code, 0, "Redirection based on location is okay");
175 177
176 $res = NPTest->testCmd( "./check_http -H www.mozilla.com --extended-perfdata" ); 178 $res = NPTest->testCmd( "./$plugin -H www.mozilla.com --extended-perfdata" );
177 like ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' ); 179 like ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
178} 180}
179 181
180SKIP: { 182SKIP: {
181 skip "No internet access or proxy configured", 6 if $internet_access eq "no" or ! $host_tcp_proxy; 183 skip "No internet access or proxy configured", 6 if $internet_access eq "no" or ! $host_tcp_proxy;
182 184
183 $res = NPTest->testCmd( "./check_http -I $host_tcp_proxy -p $port_tcp_proxy -u http://$host_tcp_http -e 200,301,302"); 185 $res = NPTest->testCmd( "./$plugin -I $host_tcp_proxy -p $port_tcp_proxy -u http://$host_tcp_http -e 200,301,302");
184 is( $res->return_code, 0, "Proxy HTTP works"); 186 is( $res->return_code, 0, "Proxy HTTP works");
185 like($res->output, qr/OK: Status line output matched/, "Proxy HTTP Output is sufficent"); 187 like($res->output, qr/OK: Status line output matched/, "Proxy HTTP Output is sufficent");
186 188
187 $res = NPTest->testCmd( "./check_http -I $host_tcp_proxy -p $port_tcp_proxy -H $host_tls_http -S -j CONNECT"); 189 $res = NPTest->testCmd( "./$plugin -I $host_tcp_proxy -p $port_tcp_proxy -H $host_tls_http -S -j CONNECT");
188 is( $res->return_code, 0, "Proxy HTTP CONNECT works"); 190 is( $res->return_code, 0, "Proxy HTTP CONNECT works");
189 like($res->output, qr/HTTP OK:/, "Proxy HTTP CONNECT output sufficent"); 191 like($res->output, qr/HTTP OK:/, "Proxy HTTP CONNECT output sufficent");
190 192
191 $res = NPTest->testCmd( "./check_http -I $host_tcp_proxy -p $port_tcp_proxy -H $host_tls_http -S -j CONNECT:HEAD"); 193 $res = NPTest->testCmd( "./$plugin -I $host_tcp_proxy -p $port_tcp_proxy -H $host_tls_http -S -j CONNECT:HEAD");
192 is( $res->return_code, 0, "Proxy HTTP CONNECT works with override method"); 194 is( $res->return_code, 0, "Proxy HTTP CONNECT works with override method");
193 like($res->output, qr/HTTP OK:/, "Proxy HTTP CONNECT output sufficent"); 195 like($res->output, qr/HTTP OK:/, "Proxy HTTP CONNECT output sufficent");
194} 196}
diff --git a/plugins/tests/check_curl.t b/plugins/tests/check_curl.t
new file mode 100755
index 00000000..1afbe4bb
--- /dev/null
+++ b/plugins/tests/check_curl.t
@@ -0,0 +1,498 @@
1#! /usr/bin/perl -w -I ..
2#
3# Test check_http by having an actual HTTP server running
4#
5# To create the https server certificate:
6# openssl req -new -x509 -keyout server-key.pem -out server-cert.pem -days 3650 -nodes
7# to create a new expired certificate:
8# faketime '2008-01-01 12:00:00' openssl req -new -x509 -keyout expired-key.pem -out expired-cert.pem -days 1 -nodes
9# Country Name (2 letter code) [AU]:DE
10# State or Province Name (full name) [Some-State]:Bavaria
11# Locality Name (eg, city) []:Munich
12# Organization Name (eg, company) [Internet Widgits Pty Ltd]:Monitoring Plugins
13# Organizational Unit Name (eg, section) []:
14# Common Name (e.g. server FQDN or YOUR name) []:Monitoring Plugins
15# Email Address []:devel@monitoring-plugins.org
16
17use strict;
18use Test::More;
19use NPTest;
20use FindBin qw($Bin);
21
22$ENV{'LC_TIME'} = "C";
23
24my $common_tests = 70;
25my $ssl_only_tests = 8;
26# Check that all dependent modules are available
27eval "use HTTP::Daemon 6.01;";
28plan skip_all => 'HTTP::Daemon >= 6.01 required' if $@;
29eval {
30 require HTTP::Status;
31 require HTTP::Response;
32};
33
34my $plugin = 'check_http';
35$plugin = 'check_curl' if $0 =~ m/check_curl/mx;
36
37# look for libcurl version to see if some advanced checks are possible (>= 7.49.0)
38my $advanced_checks = 12;
39my $use_advanced_checks = 0;
40my $required_version = '7.49.0';
41my $virtual_host = 'www.somefunnyhost.com';
42my $virtual_port = 42;
43my $curl_version = '';
44open (my $fh, '-|', "./$plugin --version") or die;
45while (<$fh>) {
46 if (m{libcurl/([\d.]+)\s}) {
47 $curl_version = $1;
48 last;
49 }
50}
51close ($fh);
52if ($curl_version) {
53 my ($major, $minor, $release) = split (/\./, $curl_version);
54 my ($req_major, $req_minor, $req_release) = split (/\./, $required_version);
55 my $check = ($major <=> $req_major or $minor <=> $req_minor or $release <=> $req_release);
56 if ($check >= 0) {
57 $use_advanced_checks = 1;
58 print "Found libcurl $major.$minor.$release. Using advanced checks\n";
59 }
60}
61
62if ($@) {
63 plan skip_all => "Missing required module for test: $@";
64} else {
65 if (-x "./$plugin") {
66 plan tests => $common_tests * 2 + $ssl_only_tests + $advanced_checks;
67 } else {
68 plan skip_all => "No $plugin compiled";
69 }
70}
71
72my $servers = { http => 0 }; # HTTP::Daemon should always be available
73eval { require HTTP::Daemon::SSL };
74if ($@) {
75 diag "Cannot load HTTP::Daemon::SSL: $@";
76} else {
77 $servers->{https} = 0;
78}
79
80# set a fixed version, so the header size doesn't vary
81$HTTP::Daemon::VERSION = "1.00";
82
83my $port_http = 50000 + int(rand(1000));
84my $port_https = $port_http + 1;
85my $port_https_expired = $port_http + 2;
86
87# This array keeps sockets around for implementing timeouts
88my @persist;
89
90# Start up all servers
91my @pids;
92my $pid = fork();
93if ($pid) {
94 # Parent
95 push @pids, $pid;
96 if (exists $servers->{https}) {
97 # Fork a normal HTTPS server
98 $pid = fork();
99 if ($pid) {
100 # Parent
101 push @pids, $pid;
102 # Fork an expired cert server
103 $pid = fork();
104 if ($pid) {
105 push @pids, $pid;
106 } else {
107 my $d = HTTP::Daemon::SSL->new(
108 LocalPort => $port_https_expired,
109 LocalAddr => "127.0.0.1",
110 SSL_cert_file => "$Bin/certs/expired-cert.pem",
111 SSL_key_file => "$Bin/certs/expired-key.pem",
112 ) || die;
113 print "Please contact https expired at: <URL:", $d->url, ">\n";
114 run_server( $d );
115 exit;
116 }
117 } else {
118 my $d = HTTP::Daemon::SSL->new(
119 LocalPort => $port_https,
120 LocalAddr => "127.0.0.1",
121 SSL_cert_file => "$Bin/certs/server-cert.pem",
122 SSL_key_file => "$Bin/certs/server-key.pem",
123 ) || die;
124 print "Please contact https at: <URL:", $d->url, ">\n";
125 run_server( $d );
126 exit;
127 }
128 }
129 # give our webservers some time to startup
130 sleep(1);
131} else {
132 # Child
133 #print "child\n";
134 my $d = HTTP::Daemon->new(
135 LocalPort => $port_http,
136 LocalAddr => "127.0.0.1",
137 ) || die;
138 print "Please contact http at: <URL:", $d->url, ">\n";
139 run_server( $d );
140 exit;
141}
142
143# Run the same server on http and https
144sub run_server {
145 my $d = shift;
146 MAINLOOP: while (my $c = $d->accept ) {
147 while (my $r = $c->get_request) {
148 if ($r->method eq "GET" and $r->url->path =~ m^/statuscode/(\d+)^) {
149 $c->send_basic_header($1);
150 $c->send_crlf;
151 } elsif ($r->method eq "GET" and $r->url->path =~ m^/file/(.*)^) {
152 $c->send_basic_header;
153 $c->send_crlf;
154 $c->send_file_response("$Bin/var/$1");
155 } elsif ($r->method eq "GET" and $r->url->path eq "/slow") {
156 $c->send_basic_header;
157 $c->send_crlf;
158 sleep 1;
159 $c->send_response("slow");
160 } elsif ($r->url->path eq "/method") {
161 if ($r->method eq "DELETE") {
162 $c->send_error(HTTP::Status->RC_METHOD_NOT_ALLOWED);
163 } elsif ($r->method eq "foo") {
164 $c->send_error(HTTP::Status->RC_NOT_IMPLEMENTED);
165 } else {
166 $c->send_status_line(200, $r->method);
167 }
168 } elsif ($r->url->path eq "/postdata") {
169 $c->send_basic_header;
170 $c->send_crlf;
171 $c->send_response($r->method.":".$r->content);
172 } elsif ($r->url->path eq "/redirect") {
173 $c->send_redirect( "/redirect2" );
174 } elsif ($r->url->path eq "/redir_external") {
175 $c->send_redirect(($d->isa('HTTP::Daemon::SSL') ? "https" : "http") . "://169.254.169.254/redirect2" );
176 } elsif ($r->url->path eq "/redirect2") {
177 $c->send_basic_header;
178 $c->send_crlf;
179 $c->send_response(HTTP::Response->new( 200, 'OK', undef, 'redirected' ));
180 } elsif ($r->url->path eq "/redir_timeout") {
181 $c->send_redirect( "/timeout" );
182 } elsif ($r->url->path eq "/timeout") {
183 # Keep $c from being destroyed, but prevent severe leaks
184 unshift @persist, $c;
185 delete($persist[1000]);
186 next MAINLOOP;
187 } elsif ($r->url->path eq "/header_check") {
188 $c->send_basic_header;
189 $c->send_header('foo');
190 $c->send_crlf;
191 } elsif ($r->url->path eq "/virtual_port") {
192 # return sent Host header
193 $c->send_basic_header;
194 $c->send_crlf;
195 $c->send_response(HTTP::Response->new( 200, 'OK', undef, $r->header ('Host')));
196 } else {
197 $c->send_error(HTTP::Status->RC_FORBIDDEN);
198 }
199 $c->close;
200 }
201 }
202}
203
204END {
205 foreach my $pid (@pids) {
206 if ($pid) { print "Killing $pid\n"; kill "INT", $pid }
207 }
208};
209
210if ($ARGV[0] && $ARGV[0] eq "-d") {
211 while (1) {
212 sleep 100;
213 }
214}
215
216my $result;
217my $command = "./$plugin -H 127.0.0.1";
218
219run_common_tests( { command => "$command -p $port_http" } );
220SKIP: {
221 skip "HTTP::Daemon::SSL not installed", $common_tests + $ssl_only_tests if ! exists $servers->{https};
222 run_common_tests( { command => "$command -p $port_https", ssl => 1 } );
223
224 $result = NPTest->testCmd( "$command -p $port_https -S -C 14" );
225 is( $result->return_code, 0, "$command -p $port_https -S -C 14" );
226 is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on Fri Feb 16 15:31:44 2029 +0000.", "output ok" );
227
228 $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" );
229 is( $result->return_code, 1, "$command -p $port_https -S -C 14000" );
230 like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" );
231
232 # Expired cert tests
233 $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" );
234 is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" );
235 like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" );
236
237 $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" );
238 is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" );
239 is( $result->output,
240 'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan 2 11:00:26 2008 +0000.',
241 "output ok" );
242
243}
244
245my $cmd;
246
247# advanced checks with virtual hostname and virtual port
248SKIP: {
249 skip "libcurl version is smaller than $required_version", 6 unless $use_advanced_checks;
250
251 # http without virtual port
252 $cmd = "./$plugin -H $virtual_host -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host:$port_http\$";
253 $result = NPTest->testCmd( $cmd );
254 is( $result->return_code, 0, $cmd);
255 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
256
257 # http with virtual port (!= 80)
258 $cmd = "./$plugin -H $virtual_host:$virtual_port -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host:$virtual_port\$";
259 $result = NPTest->testCmd( $cmd );
260 is( $result->return_code, 0, $cmd);
261 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
262
263 # http with virtual port (80)
264 $cmd = "./$plugin -H $virtual_host:80 -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host\$";
265 $result = NPTest->testCmd( $cmd );
266 is( $result->return_code, 0, $cmd);
267 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
268}
269
270# and the same for SSL
271SKIP: {
272 skip "libcurl version is smaller than $required_version and/or HTTP::Daemon::SSL not installed", 6 if ! exists $servers->{https} or not $use_advanced_checks;
273 # https without virtual port
274 $cmd = "./$plugin -H $virtual_host -I 127.0.0.1 -p $port_https --ssl -u /virtual_port -r ^$virtual_host:$port_https\$";
275 $result = NPTest->testCmd( $cmd );
276 is( $result->return_code, 0, $cmd);
277 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
278
279 # https with virtual port (!= 443)
280 $cmd = "./$plugin -H $virtual_host:$virtual_port -I 127.0.0.1 -p $port_https --ssl -u /virtual_port -r ^$virtual_host:$virtual_port\$";
281 $result = NPTest->testCmd( $cmd );
282 is( $result->return_code, 0, $cmd);
283 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
284
285 # https with virtual port (443)
286 $cmd = "./$plugin -H $virtual_host:443 -I 127.0.0.1 -p $port_https --ssl -u /virtual_port -r ^$virtual_host\$";
287 $result = NPTest->testCmd( $cmd );
288 is( $result->return_code, 0, $cmd);
289 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
290}
291
292
293sub run_common_tests {
294 my ($opts) = @_;
295 my $command = $opts->{command};
296 if ($opts->{ssl}) {
297 $command .= " --ssl";
298 }
299
300 $result = NPTest->testCmd( "$command -u /file/root" );
301 is( $result->return_code, 0, "/file/root");
302 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 274 bytes in [\d\.]+ second/', "Output correct" );
303
304 $result = NPTest->testCmd( "$command -u /file/root -s Root" );
305 is( $result->return_code, 0, "/file/root search for string");
306 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 274 bytes in [\d\.]+ second/', "Output correct" );
307
308 $result = NPTest->testCmd( "$command -u /file/root -s NonRoot" );
309 is( $result->return_code, 2, "Missing string check");
310 like( $result->output, qr%^HTTP CRITICAL: HTTP/1\.1 200 OK - string 'NonRoot' not found on 'https?://127\.0\.0\.1:\d+/file/root'%, "Shows search string and location");
311
312 $result = NPTest->testCmd( "$command -u /file/root -s NonRootWithOver30charsAndMoreFunThanAWetFish" );
313 is( $result->return_code, 2, "Missing string check");
314 like( $result->output, qr%HTTP CRITICAL: HTTP/1\.1 200 OK - string 'NonRootWithOver30charsAndM...' not found on 'https?://127\.0\.0\.1:\d+/file/root'%, "Shows search string and location");
315
316 $result = NPTest->testCmd( "$command -u /header_check -d foo" );
317 is( $result->return_code, 0, "header_check search for string");
318 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 96 bytes in [\d\.]+ second/', "Output correct" );
319
320 $result = NPTest->testCmd( "$command -u /header_check -d bar" );
321 is( $result->return_code, 2, "Missing header string check");
322 like( $result->output, qr%^HTTP CRITICAL: HTTP/1\.1 200 OK - header 'bar' not found on 'https?://127\.0\.0\.1:\d+/header_check'%, "Shows search string and location");
323
324 my $cmd;
325 $cmd = "$command -u /slow";
326 $result = NPTest->testCmd( $cmd );
327 is( $result->return_code, 0, "$cmd");
328 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
329 $result->output =~ /in ([\d\.]+) second/;
330 cmp_ok( $1, ">", 1, "Time is > 1 second" );
331
332 $cmd = "$command -u /statuscode/200";
333 $result = NPTest->testCmd( $cmd );
334 is( $result->return_code, 0, $cmd);
335 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
336
337 $cmd = "$command -u /statuscode/200 -e 200";
338 $result = NPTest->testCmd( $cmd );
339 is( $result->return_code, 0, $cmd);
340 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - Status line output matched "200" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
341
342 $cmd = "$command -u /statuscode/201";
343 $result = NPTest->testCmd( $cmd );
344 is( $result->return_code, 0, $cmd);
345 like( $result->output, '/^HTTP OK: HTTP/1.1 201 Created - \d+ bytes in [\d\.]+ second /', "Output correct: ".$result->output );
346
347 $cmd = "$command -u /statuscode/201 -e 201";
348 $result = NPTest->testCmd( $cmd );
349 is( $result->return_code, 0, $cmd);
350 like( $result->output, '/^HTTP OK: HTTP/1.1 201 Created - Status line output matched "201" - \d+ bytes in [\d\.]+ second /', "Output correct: ".$result->output );
351
352 $cmd = "$command -u /statuscode/201 -e 200";
353 $result = NPTest->testCmd( $cmd );
354 is( $result->return_code, 2, $cmd);
355 like( $result->output, '/^HTTP CRITICAL - Invalid HTTP response received from host on port \d+: HTTP/1.1 201 Created/', "Output correct: ".$result->output );
356
357 $cmd = "$command -u /statuscode/200 -e 200,201,202";
358 $result = NPTest->testCmd( $cmd );
359 is( $result->return_code, 0, $cmd);
360 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - Status line output matched "200,201,202" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
361
362 $cmd = "$command -u /statuscode/201 -e 200,201,202";
363 $result = NPTest->testCmd( $cmd );
364 is( $result->return_code, 0, $cmd);
365 like( $result->output, '/^HTTP OK: HTTP/1.1 201 Created - Status line output matched "200,201,202" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
366
367 $cmd = "$command -u /statuscode/203 -e 200,201,202";
368 $result = NPTest->testCmd( $cmd );
369 is( $result->return_code, 2, $cmd);
370 like( $result->output, '/^HTTP CRITICAL - Invalid HTTP response received from host on port (\d+): HTTP/1.1 203 Non-Authoritative Information/', "Output correct: ".$result->output );
371
372 $cmd = "$command -j HEAD -u /method";
373 $result = NPTest->testCmd( $cmd );
374 is( $result->return_code, 0, $cmd);
375 like( $result->output, '/^HTTP OK: HTTP/1.1 200 HEAD - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
376
377 $cmd = "$command -j POST -u /method";
378 $result = NPTest->testCmd( $cmd );
379 is( $result->return_code, 0, $cmd);
380 like( $result->output, '/^HTTP OK: HTTP/1.1 200 POST - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
381
382 $cmd = "$command -j GET -u /method";
383 $result = NPTest->testCmd( $cmd );
384 is( $result->return_code, 0, $cmd);
385 like( $result->output, '/^HTTP OK: HTTP/1.1 200 GET - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
386
387 $cmd = "$command -u /method";
388 $result = NPTest->testCmd( $cmd );
389 is( $result->return_code, 0, $cmd);
390 like( $result->output, '/^HTTP OK: HTTP/1.1 200 GET - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
391
392 $cmd = "$command -P foo -u /method";
393 $result = NPTest->testCmd( $cmd );
394 is( $result->return_code, 0, $cmd);
395 like( $result->output, '/^HTTP OK: HTTP/1.1 200 POST - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
396
397 $cmd = "$command -j DELETE -u /method";
398 $result = NPTest->testCmd( $cmd );
399 is( $result->return_code, 1, $cmd);
400 like( $result->output, '/^HTTP WARNING: HTTP/1.1 405 Method Not Allowed/', "Output correct: ".$result->output );
401
402 $cmd = "$command -j foo -u /method";
403 $result = NPTest->testCmd( $cmd );
404 is( $result->return_code, 2, $cmd);
405 like( $result->output, '/^HTTP CRITICAL: HTTP/1.1 501 Not Implemented/', "Output correct: ".$result->output );
406
407 $cmd = "$command -P stufftoinclude -u /postdata -s POST:stufftoinclude";
408 $result = NPTest->testCmd( $cmd );
409 is( $result->return_code, 0, $cmd);
410 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
411
412 $cmd = "$command -j PUT -P stufftoinclude -u /postdata -s PUT:stufftoinclude";
413 $result = NPTest->testCmd( $cmd );
414 is( $result->return_code, 0, $cmd);
415 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
416
417 # To confirm that the free doesn't segfault
418 $cmd = "$command -P stufftoinclude -j PUT -u /postdata -s PUT:stufftoinclude";
419 $result = NPTest->testCmd( $cmd );
420 is( $result->return_code, 0, $cmd);
421 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
422
423 $cmd = "$command -u /redirect";
424 $result = NPTest->testCmd( $cmd );
425 is( $result->return_code, 0, $cmd);
426 like( $result->output, '/^HTTP OK: HTTP/1.1 301 Moved Permanently - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
427
428 $cmd = "$command -f follow -u /redirect";
429 $result = NPTest->testCmd( $cmd );
430 is( $result->return_code, 0, $cmd);
431 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
432
433 $cmd = "$command -u /redirect -k 'follow: me'";
434 $result = NPTest->testCmd( $cmd );
435 is( $result->return_code, 0, $cmd);
436 like( $result->output, '/^HTTP OK: HTTP/1.1 301 Moved Permanently - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
437
438 $cmd = "$command -f follow -u /redirect -k 'follow: me'";
439 $result = NPTest->testCmd( $cmd );
440 is( $result->return_code, 0, $cmd);
441 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
442
443 $cmd = "$command -f sticky -u /redirect -k 'follow: me'";
444 $result = NPTest->testCmd( $cmd );
445 is( $result->return_code, 0, $cmd);
446 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
447
448 $cmd = "$command -f stickyport -u /redirect -k 'follow: me'";
449 $result = NPTest->testCmd( $cmd );
450 is( $result->return_code, 0, $cmd);
451 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
452
453 # These tests may block
454 print "ALRM\n";
455
456 # stickyport - on full urlS port is set back to 80 otherwise
457 $cmd = "$command -f stickyport -u /redir_external -t 5 -s redirected";
458 eval {
459 local $SIG{ALRM} = sub { die "alarm\n" };
460 alarm(2);
461 $result = NPTest->testCmd( $cmd );
462 alarm(0); };
463 isnt( $@, "alarm\n", $cmd );
464 is( $result->return_code, 0, $cmd );
465
466 # Let's hope there won't be any web server on :80 returning "redirected"!
467 $cmd = "$command -f sticky -u /redir_external -t 5 -s redirected";
468 eval {
469 local $SIG{ALRM} = sub { die "alarm\n" };
470 alarm(2);
471 $result = NPTest->testCmd( $cmd );
472 alarm(0); };
473 isnt( $@, "alarm\n", $cmd );
474 isnt( $result->return_code, 0, $cmd );
475
476 # Test an external address - timeout
477 SKIP: {
478 skip "This doesn't seem to work all the time", 1 unless ($ENV{HTTP_EXTERNAL});
479 $cmd = "$command -f follow -u /redir_external -t 5";
480 eval {
481 $result = NPTest->testCmd( $cmd, 2 );
482 };
483 like( $@, "/timeout in command: $cmd/", $cmd );
484 }
485
486 $cmd = "$command -u /timeout -t 5";
487 eval {
488 $result = NPTest->testCmd( $cmd, 2 );
489 };
490 like( $@, "/timeout in command: $cmd/", $cmd );
491
492 $cmd = "$command -f follow -u /redir_timeout -t 2";
493 eval {
494 $result = NPTest->testCmd( $cmd, 5 );
495 };
496 is( $@, "", $cmd );
497
498}
diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t
index bfecff2d..2f051fad 100755
--- a/plugins/tests/check_http.t
+++ b/plugins/tests/check_http.t
@@ -32,13 +32,16 @@ eval {
32 require HTTP::Response; 32 require HTTP::Response;
33}; 33};
34 34
35my $plugin = 'check_http';
36$plugin = 'check_curl' if $0 =~ m/check_curl/mx;
37
35if ($@) { 38if ($@) {
36 plan skip_all => "Missing required module for test: $@"; 39 plan skip_all => "Missing required module for test: $@";
37} else { 40} else {
38 if (-x "./check_http") { 41 if (-x "./$plugin") {
39 plan tests => $common_tests * 2 + $ssl_only_tests + $virtual_port_tests; 42 plan tests => $common_tests * 2 + $ssl_only_tests + $virtual_port_tests;
40 } else { 43 } else {
41 plan skip_all => "No check_http compiled"; 44 plan skip_all => "No $plugin compiled";
42 } 45 }
43} 46}
44 47
@@ -187,7 +190,7 @@ if ($ARGV[0] && $ARGV[0] eq "-d") {
187} 190}
188 191
189my $result; 192my $result;
190my $command = "./check_http -H 127.0.0.1"; 193my $command = "./$plugin -H 127.0.0.1";
191 194
192run_common_tests( { command => "$command -p $port_http" } ); 195run_common_tests( { command => "$command -p $port_http" } );
193SKIP: { 196SKIP: {