summaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
authorLorenz Kästle <12514511+RincewindsHat@users.noreply.github.com>2025-03-09 23:27:53 +0100
committerLorenz Kästle <12514511+RincewindsHat@users.noreply.github.com>2025-03-09 23:27:53 +0100
commit809cd6a2f9f62df99096540cb7378dfb68acec9a (patch)
tree1213aefdd4dd3900a2f424220e8969f530108598 /plugins
parent95311d2e2c03d94f6bae0cacbac75fc1cd25b0e4 (diff)
parent75568a3409fccdebf01446312a9f109cc1a11d15 (diff)
downloadmonitoring-plugins-809cd6a2f9f62df99096540cb7378dfb68acec9a.tar.gz
Merge branch 'master' into refactor/check_game
Diffstat (limited to 'plugins')
-rw-r--r--plugins/Makefile.am3
-rw-r--r--plugins/check_dns.c373
-rw-r--r--plugins/check_dns.d/config.h34
3 files changed, 251 insertions, 159 deletions
diff --git a/plugins/Makefile.am b/plugins/Makefile.am
index 8e35bc61..d40a0937 100644
--- a/plugins/Makefile.am
+++ b/plugins/Makefile.am
@@ -52,7 +52,8 @@ EXTRA_DIST = t \
52 check_swap.d \ 52 check_swap.d \
53 check_game.d \ 53 check_game.d \
54 check_dbi.d \ 54 check_dbi.d \
55 check_ssh.d 55 check_ssh.d \
56 check_dns.d
56 57
57PLUGINHDRS = common.h 58PLUGINHDRS = common.h
58 59
diff --git a/plugins/check_dns.c b/plugins/check_dns.c
index e1e7c00e..95f33083 100644
--- a/plugins/check_dns.c
+++ b/plugins/check_dns.c
@@ -39,26 +39,22 @@ const char *email = "devel@monitoring-plugins.org";
39#include "netutils.h" 39#include "netutils.h"
40#include "runcmd.h" 40#include "runcmd.h"
41 41
42static int process_arguments(int /*argc*/, char ** /*argv*/); 42#include "states.h"
43static int validate_arguments(void); 43#include "check_dns.d/config.h"
44static int error_scan(char * /*input_buffer*/, bool *); 44
45typedef struct {
46 int errorcode;
47 check_dns_config config;
48} check_dns_config_wrapper;
49static check_dns_config_wrapper process_arguments(int /*argc*/, char ** /*argv*/);
50static check_dns_config_wrapper validate_arguments(check_dns_config_wrapper /*config_wrapper*/);
51static mp_state_enum error_scan(char * /*input_buffer*/, bool * /*is_nxdomain*/, const char /*dns_server*/[ADDRESS_LENGTH]);
45static bool ip_match_cidr(const char * /*addr*/, const char * /*cidr_ro*/); 52static bool ip_match_cidr(const char * /*addr*/, const char * /*cidr_ro*/);
46static unsigned long ip2long(const char * /*src*/); 53static unsigned long ip2long(const char * /*src*/);
47static void print_help(void); 54static void print_help(void);
48void print_usage(void); 55void print_usage(void);
49 56
50#define ADDRESS_LENGTH 256
51static char query_address[ADDRESS_LENGTH] = "";
52static char dns_server[ADDRESS_LENGTH] = "";
53static char ptr_server[ADDRESS_LENGTH] = "";
54static bool verbose = false; 57static bool verbose = false;
55static char **expected_address = NULL;
56static int expected_address_cnt = 0;
57static bool expect_nxdomain = false;
58
59static bool expect_authority = false;
60static bool all_match = false;
61static thresholds *time_thresholds = NULL;
62 58
63static int qstrcmp(const void *p1, const void *p2) { 59static int qstrcmp(const void *p1, const void *p2) {
64 /* The actual arguments to this function are "pointers to 60 /* The actual arguments to this function are "pointers to
@@ -68,23 +64,6 @@ static int qstrcmp(const void *p1, const void *p2) {
68} 64}
69 65
70int main(int argc, char **argv) { 66int main(int argc, char **argv) {
71 char *command_line = NULL;
72 char input_buffer[MAX_INPUT_BUFFER];
73 char *address = NULL; /* comma separated str with addrs/ptrs (sorted) */
74 char **addresses = NULL;
75 int n_addresses = 0;
76 char *msg = NULL;
77 char *temp_buffer = NULL;
78 bool non_authoritative = false;
79 int result = STATE_UNKNOWN;
80 double elapsed_time;
81 long microsec;
82 struct timeval tv;
83 bool parse_address = false; /* This flag scans for Address: but only after Name: */
84 output chld_out;
85 output chld_err;
86 bool is_nxdomain = false;
87
88 setlocale(LC_ALL, ""); 67 setlocale(LC_ALL, "");
89 bindtextdomain(PACKAGE, LOCALEDIR); 68 bindtextdomain(PACKAGE, LOCALEDIR);
90 textdomain(PACKAGE); 69 textdomain(PACKAGE);
@@ -97,39 +76,65 @@ int main(int argc, char **argv) {
97 /* Parse extra opts if any */ 76 /* Parse extra opts if any */
98 argv = np_extra_opts(&argc, argv, progname); 77 argv = np_extra_opts(&argc, argv, progname);
99 78
100 if (process_arguments(argc, argv) == ERROR) { 79 check_dns_config_wrapper tmp = process_arguments(argc, argv);
80
81 if (tmp.errorcode == ERROR) {
101 usage_va(_("Could not parse arguments")); 82 usage_va(_("Could not parse arguments"));
102 } 83 }
103 84
85 const check_dns_config config = tmp.config;
86
87 char *command_line = NULL;
104 /* get the command to run */ 88 /* get the command to run */
105 xasprintf(&command_line, "%s %s %s", NSLOOKUP_COMMAND, query_address, dns_server); 89 xasprintf(&command_line, "%s %s %s", NSLOOKUP_COMMAND, config.query_address, config.dns_server);
106 90
91 struct timeval tv;
107 alarm(timeout_interval); 92 alarm(timeout_interval);
108 gettimeofday(&tv, NULL); 93 gettimeofday(&tv, NULL);
109 94
110 if (verbose) 95 if (verbose) {
111 printf("%s\n", command_line); 96 printf("%s\n", command_line);
97 }
112 98
99 output chld_out;
100 output chld_err;
101 char *msg = NULL;
102 mp_state_enum result = STATE_UNKNOWN;
113 /* run the command */ 103 /* run the command */
114 if ((np_runcmd(command_line, &chld_out, &chld_err, 0)) != 0) { 104 if ((np_runcmd(command_line, &chld_out, &chld_err, 0)) != 0) {
115 msg = (char *)_("nslookup returned an error status"); 105 msg = (char *)_("nslookup returned an error status");
116 result = STATE_WARNING; 106 result = STATE_WARNING;
117 } 107 }
118 108
119 /* scan stdout */ 109 /* =====
110 * scan stdout, main results get retrieved here
111 * =====
112 */
113 char *address = NULL; /* comma separated str with addrs/ptrs (sorted) */
114 char **addresses = NULL; // All addresses parsed from stdout
115 size_t n_addresses = 0; // counter for retrieved addresses
116 bool non_authoritative = false;
117 bool is_nxdomain = false;
118 bool parse_address = false; /* This flag scans for Address: but only after Name: */
120 for (size_t i = 0; i < chld_out.lines; i++) { 119 for (size_t i = 0; i < chld_out.lines; i++) {
121 if (addresses == NULL) 120 if (addresses == NULL) {
122 addresses = malloc(sizeof(*addresses) * 10); 121 addresses = malloc(sizeof(*addresses) * 10);
123 else if (!(n_addresses % 10)) 122 } else if (!(n_addresses % 10)) {
124 addresses = realloc(addresses, sizeof(*addresses) * (n_addresses + 10)); 123 addresses = realloc(addresses, sizeof(*addresses) * (n_addresses + 10));
124 }
125 125
126 if (verbose) 126 if (verbose) {
127 puts(chld_out.line[i]); 127 puts(chld_out.line[i]);
128 }
128 129
129 if (strcasestr(chld_out.line[i], ".in-addr.arpa") || strcasestr(chld_out.line[i], ".ip6.arpa")) { 130 if (strcasestr(chld_out.line[i], ".in-addr.arpa") || strcasestr(chld_out.line[i], ".ip6.arpa")) {
130 if ((temp_buffer = strstr(chld_out.line[i], "name = "))) 131 if ((strstr(chld_out.line[i], "canonical name = ") != NULL)) {
132 continue;
133 }
134 char *temp_buffer = NULL;
135 if ((temp_buffer = strstr(chld_out.line[i], "name = "))) {
131 addresses[n_addresses++] = strdup(temp_buffer + 7); 136 addresses[n_addresses++] = strdup(temp_buffer + 7);
132 else { 137 } else {
133 msg = (char *)_("Warning plugin error"); 138 msg = (char *)_("Warning plugin error");
134 result = STATE_WARNING; 139 result = STATE_WARNING;
135 } 140 }
@@ -137,37 +142,47 @@ int main(int argc, char **argv) {
137 142
138 /* bug ID: 2946553 - Older versions of bind will use all available dns 143 /* bug ID: 2946553 - Older versions of bind will use all available dns
139 servers, we have to match the one specified */ 144 servers, we have to match the one specified */
140 if (strstr(chld_out.line[i], "Server:") && strlen(dns_server) > 0) { 145 if (strstr(chld_out.line[i], "Server:") && strlen(config.dns_server) > 0) {
141 temp_buffer = strchr(chld_out.line[i], ':'); 146 char *temp_buffer = strchr(chld_out.line[i], ':');
147 if (temp_buffer == NULL) {
148 die(STATE_UNKNOWN, _("'%s' returned a weirdly formatted Server line\n"), NSLOOKUP_COMMAND);
149 }
150
142 temp_buffer++; 151 temp_buffer++;
143 152
144 /* Strip leading tabs */ 153 /* Strip leading tabs */
145 for (; *temp_buffer != '\0' && *temp_buffer == '\t'; temp_buffer++) 154 for (; *temp_buffer != '\0' && *temp_buffer == '\t'; temp_buffer++) {
146 /* NOOP */; 155 /* NOOP */;
156 }
147 157
148 strip(temp_buffer); 158 strip(temp_buffer);
149 if (temp_buffer == NULL || strlen(temp_buffer) == 0) { 159 if (strlen(temp_buffer) == 0) {
150 die(STATE_CRITICAL, _("DNS CRITICAL - '%s' returned empty server string\n"), NSLOOKUP_COMMAND); 160 die(STATE_CRITICAL, _("DNS CRITICAL - '%s' returned empty server string\n"), NSLOOKUP_COMMAND);
151 } 161 }
152 162
153 if (strcmp(temp_buffer, dns_server) != 0) { 163 if (strcmp(temp_buffer, config.dns_server) != 0) {
154 die(STATE_CRITICAL, _("DNS CRITICAL - No response from DNS %s\n"), dns_server); 164 die(STATE_CRITICAL, _("DNS CRITICAL - No response from DNS %s\n"), config.dns_server);
155 } 165 }
156 } 166 }
157 167
158 /* the server is responding, we just got the host name... */ 168 /* the server is responding, we just got the host name... */
159 if (strstr(chld_out.line[i], "Name:")) 169 if (strstr(chld_out.line[i], "Name:")) {
160 parse_address = true; 170 parse_address = true;
161 else if (parse_address && (strstr(chld_out.line[i], "Address:") || strstr(chld_out.line[i], "Addresses:"))) { 171 } else if (parse_address && (strstr(chld_out.line[i], "Address:") || strstr(chld_out.line[i], "Addresses:"))) {
162 temp_buffer = index(chld_out.line[i], ':'); 172 char *temp_buffer = strchr(chld_out.line[i], ':');
173 if (temp_buffer == NULL) {
174 die(STATE_UNKNOWN, _("'%s' returned a weirdly formatted Address line\n"), NSLOOKUP_COMMAND);
175 }
176
163 temp_buffer++; 177 temp_buffer++;
164 178
165 /* Strip leading spaces */ 179 /* Strip leading spaces */
166 while (*temp_buffer == ' ') 180 while (*temp_buffer == ' ') {
167 temp_buffer++; 181 temp_buffer++;
182 }
168 183
169 strip(temp_buffer); 184 strip(temp_buffer);
170 if (temp_buffer == NULL || strlen(temp_buffer) == 0) { 185 if (strlen(temp_buffer) == 0) {
171 die(STATE_CRITICAL, _("DNS CRITICAL - '%s' returned empty host name string\n"), NSLOOKUP_COMMAND); 186 die(STATE_CRITICAL, _("DNS CRITICAL - '%s' returned empty host name string\n"), NSLOOKUP_COMMAND);
172 } 187 }
173 188
@@ -176,65 +191,71 @@ int main(int argc, char **argv) {
176 non_authoritative = true; 191 non_authoritative = true;
177 } 192 }
178 193
179 result = error_scan(chld_out.line[i], &is_nxdomain); 194 result = error_scan(chld_out.line[i], &is_nxdomain, config.dns_server);
180 if (result != STATE_OK) { 195 if (result != STATE_OK) {
181 msg = strchr(chld_out.line[i], ':'); 196 msg = strchr(chld_out.line[i], ':');
182 if (msg) 197 if (msg) {
183 msg++; 198 msg++;
199 }
184 break; 200 break;
185 } 201 }
186 } 202 }
187 203
204 char input_buffer[MAX_INPUT_BUFFER];
188 /* scan stderr */ 205 /* scan stderr */
189 for (size_t i = 0; i < chld_err.lines; i++) { 206 for (size_t i = 0; i < chld_err.lines; i++) {
190 if (verbose) 207 if (verbose) {
191 puts(chld_err.line[i]); 208 puts(chld_err.line[i]);
209 }
192 210
193 if (error_scan(chld_err.line[i], &is_nxdomain) != STATE_OK) { 211 if (error_scan(chld_err.line[i], &is_nxdomain, config.dns_server) != STATE_OK) {
194 result = max_state(result, error_scan(chld_err.line[i], &is_nxdomain)); 212 result = max_state(result, error_scan(chld_err.line[i], &is_nxdomain, config.dns_server));
195 msg = strchr(input_buffer, ':'); 213 msg = strchr(input_buffer, ':');
196 if (msg) 214 if (msg) {
197 msg++; 215 msg++;
198 else 216 } else {
199 msg = input_buffer; 217 msg = input_buffer;
218 }
200 } 219 }
201 } 220 }
202 221
203 if (is_nxdomain && !expect_nxdomain) { 222 if (is_nxdomain && !config.expect_nxdomain) {
204 die(STATE_CRITICAL, _("Domain '%s' was not found by the server\n"), query_address); 223 die(STATE_CRITICAL, _("Domain '%s' was not found by the server\n"), config.query_address);
205 } 224 }
206 225
207 if (addresses) { 226 if (addresses) {
208 int i; 227 size_t slen = 1;
209 int slen; 228 char *adrp = NULL;
210 char *adrp;
211 qsort(addresses, n_addresses, sizeof(*addresses), qstrcmp); 229 qsort(addresses, n_addresses, sizeof(*addresses), qstrcmp);
212 for (i = 0, slen = 1; i < n_addresses; i++) { 230 for (size_t i = 0; i < n_addresses; i++) {
213 slen += strlen(addresses[i]) + 1; 231 slen += strlen(addresses[i]) + 1;
214 } 232 }
233
234 // Temporary pointer adrp gets moved, address stays on the beginning
215 adrp = address = malloc(slen); 235 adrp = address = malloc(slen);
216 for (i = 0; i < n_addresses; i++) { 236 for (size_t i = 0; i < n_addresses; i++) {
217 if (i) 237 if (i) {
218 *adrp++ = ','; 238 *adrp++ = ',';
239 }
219 strcpy(adrp, addresses[i]); 240 strcpy(adrp, addresses[i]);
220 adrp += strlen(addresses[i]); 241 adrp += strlen(addresses[i]);
221 } 242 }
222 *adrp = 0; 243 *adrp = 0;
223 } else 244 } else {
224 die(STATE_CRITICAL, _("DNS CRITICAL - '%s' msg parsing exited with no address\n"), NSLOOKUP_COMMAND); 245 die(STATE_CRITICAL, _("DNS CRITICAL - '%s' msg parsing exited with no address\n"), NSLOOKUP_COMMAND);
246 }
225 247
226 /* compare to expected address */ 248 /* compare to expected address */
227 if (result == STATE_OK && expected_address_cnt > 0) { 249 if (result == STATE_OK && config.expected_address_cnt > 0) {
228 result = STATE_CRITICAL; 250 result = STATE_CRITICAL;
229 temp_buffer = ""; 251 char *temp_buffer = "";
230 unsigned long expect_match = (1 << expected_address_cnt) - 1; 252 unsigned long expect_match = (1 << config.expected_address_cnt) - 1;
231 unsigned long addr_match = (1 << n_addresses) - 1; 253 unsigned long addr_match = (1 << n_addresses) - 1;
232 254
233 for (int i = 0; i < expected_address_cnt; i++) { 255 for (size_t i = 0; i < config.expected_address_cnt; i++) {
234 int j;
235 /* check if we get a match on 'raw' ip or cidr */ 256 /* check if we get a match on 'raw' ip or cidr */
236 for (j = 0; j < n_addresses; j++) { 257 for (size_t j = 0; j < n_addresses; j++) {
237 if (strcmp(addresses[j], expected_address[i]) == 0 || ip_match_cidr(addresses[j], expected_address[i])) { 258 if (strcmp(addresses[j], config.expected_address[i]) == 0 || ip_match_cidr(addresses[j], config.expected_address[i])) {
238 result = STATE_OK; 259 result = STATE_OK;
239 addr_match &= ~(1 << j); 260 addr_match &= ~(1 << j);
240 expect_match &= ~(1 << i); 261 expect_match &= ~(1 << i);
@@ -242,11 +263,12 @@ int main(int argc, char **argv) {
242 } 263 }
243 264
244 /* prepare an error string */ 265 /* prepare an error string */
245 xasprintf(&temp_buffer, "%s%s; ", temp_buffer, expected_address[i]); 266 xasprintf(&temp_buffer, "%s%s; ", temp_buffer, config.expected_address[i]);
246 } 267 }
247 /* check if expected_address must cover all in addresses and none may be missing */ 268 /* check if expected_address must cover all in addresses and none may be missing */
248 if (all_match && (expect_match != 0 || addr_match != 0)) 269 if (config.all_match && (expect_match != 0 || addr_match != 0)) {
249 result = STATE_CRITICAL; 270 result = STATE_CRITICAL;
271 }
250 if (result == STATE_CRITICAL) { 272 if (result == STATE_CRITICAL) {
251 /* Strip off last semicolon... */ 273 /* Strip off last semicolon... */
252 temp_buffer[strlen(temp_buffer) - 2] = '\0'; 274 temp_buffer[strlen(temp_buffer) - 2] = '\0';
@@ -254,28 +276,29 @@ int main(int argc, char **argv) {
254 } 276 }
255 } 277 }
256 278
257 if (expect_nxdomain) { 279 if (config.expect_nxdomain) {
258 if (!is_nxdomain) { 280 if (!is_nxdomain) {
259 result = STATE_CRITICAL; 281 result = STATE_CRITICAL;
260 xasprintf(&msg, _("Domain '%s' was found by the server: '%s'\n"), query_address, address); 282 xasprintf(&msg, _("Domain '%s' was found by the server: '%s'\n"), config.query_address, address);
261 } else { 283 } else {
262 if (address != NULL) 284 if (address != NULL) {
263 free(address); 285 free(address);
286 }
264 address = "NXDOMAIN"; 287 address = "NXDOMAIN";
265 } 288 }
266 } 289 }
267 290
268 /* check if authoritative */ 291 /* check if authoritative */
269 if (result == STATE_OK && expect_authority && non_authoritative) { 292 if (result == STATE_OK && config.expect_authority && non_authoritative) {
270 result = STATE_CRITICAL; 293 result = STATE_CRITICAL;
271 xasprintf(&msg, _("server %s is not authoritative for %s"), dns_server, query_address); 294 xasprintf(&msg, _("server %s is not authoritative for %s"), config.dns_server, config.query_address);
272 } 295 }
273 296
274 microsec = deltime(tv); 297 long microsec = deltime(tv);
275 elapsed_time = (double)microsec / 1.0e6; 298 double elapsed_time = (double)microsec / 1.0e6;
276 299
277 if (result == STATE_OK) { 300 if (result == STATE_OK) {
278 result = get_status(elapsed_time, time_thresholds); 301 result = get_status(elapsed_time, config.time_thresholds);
279 if (result == STATE_OK) { 302 if (result == STATE_OK) {
280 printf("DNS %s: ", _("OK")); 303 printf("DNS %s: ", _("OK"));
281 } else if (result == STATE_WARNING) { 304 } else if (result == STATE_WARNING) {
@@ -284,24 +307,26 @@ int main(int argc, char **argv) {
284 printf("DNS %s: ", _("CRITICAL")); 307 printf("DNS %s: ", _("CRITICAL"));
285 } 308 }
286 printf(ngettext("%.3f second response time", "%.3f seconds response time", elapsed_time), elapsed_time); 309 printf(ngettext("%.3f second response time", "%.3f seconds response time", elapsed_time), elapsed_time);
287 printf(_(". %s returns %s"), query_address, address); 310 printf(_(". %s returns %s"), config.query_address, address);
288 if ((time_thresholds->warning != NULL) && (time_thresholds->critical != NULL)) { 311 if ((config.time_thresholds->warning != NULL) && (config.time_thresholds->critical != NULL)) {
289 printf("|%s\n", fperfdata("time", elapsed_time, "s", true, time_thresholds->warning->end, true, time_thresholds->critical->end, 312 printf("|%s\n", fperfdata("time", elapsed_time, "s", true, config.time_thresholds->warning->end, true,
290 true, 0, false, 0)); 313 config.time_thresholds->critical->end, true, 0, false, 0));
291 } else if ((time_thresholds->warning == NULL) && (time_thresholds->critical != NULL)) { 314 } else if ((config.time_thresholds->warning == NULL) && (config.time_thresholds->critical != NULL)) {
292 printf("|%s\n", fperfdata("time", elapsed_time, "s", false, 0, true, time_thresholds->critical->end, true, 0, false, 0)); 315 printf("|%s\n", fperfdata("time", elapsed_time, "s", false, 0, true, config.time_thresholds->critical->end, true, 0, false, 0));
293 } else if ((time_thresholds->warning != NULL) && (time_thresholds->critical == NULL)) { 316 } else if ((config.time_thresholds->warning != NULL) && (config.time_thresholds->critical == NULL)) {
294 printf("|%s\n", fperfdata("time", elapsed_time, "s", true, time_thresholds->warning->end, false, 0, true, 0, false, 0)); 317 printf("|%s\n", fperfdata("time", elapsed_time, "s", true, config.time_thresholds->warning->end, false, 0, true, 0, false, 0));
295 } else 318 } else {
296 printf("|%s\n", fperfdata("time", elapsed_time, "s", false, 0, false, 0, true, 0, false, 0)); 319 printf("|%s\n", fperfdata("time", elapsed_time, "s", false, 0, false, 0, true, 0, false, 0));
297 } else if (result == STATE_WARNING) 320 }
321 } else if (result == STATE_WARNING) {
298 printf(_("DNS WARNING - %s\n"), !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg); 322 printf(_("DNS WARNING - %s\n"), !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg);
299 else if (result == STATE_CRITICAL) 323 } else if (result == STATE_CRITICAL) {
300 printf(_("DNS CRITICAL - %s\n"), !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg); 324 printf(_("DNS CRITICAL - %s\n"), !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg);
301 else 325 } else {
302 printf(_("DNS UNKNOWN - %s\n"), !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg); 326 printf(_("DNS UNKNOWN - %s\n"), !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg);
327 }
303 328
304 return result; 329 exit(result);
305} 330}
306 331
307bool ip_match_cidr(const char *addr, const char *cidr_ro) { 332bool ip_match_cidr(const char *addr, const char *cidr_ro) {
@@ -329,64 +354,69 @@ unsigned long ip2long(const char *src) {
329 : 0; 354 : 0;
330} 355}
331 356
332int error_scan(char *input_buffer, bool *is_nxdomain) { 357mp_state_enum error_scan(char *input_buffer, bool *is_nxdomain, const char dns_server[ADDRESS_LENGTH]) {
333 358
334 const int nxdomain = strstr(input_buffer, "Non-existent") || strstr(input_buffer, "** server can't find") || 359 const int nxdomain = strstr(input_buffer, "Non-existent") || strstr(input_buffer, "** server can't find") ||
335 strstr(input_buffer, "** Can't find") || strstr(input_buffer, "NXDOMAIN"); 360 strstr(input_buffer, "** Can't find") || strstr(input_buffer, "NXDOMAIN");
336 if (nxdomain) 361 if (nxdomain) {
337 *is_nxdomain = true; 362 *is_nxdomain = true;
363 }
338 364
339 /* the DNS lookup timed out */ 365 /* the DNS lookup timed out */
340 if (strstr(input_buffer, _("Note: nslookup is deprecated and may be removed from future releases.")) || 366 if (strstr(input_buffer, _("Note: nslookup is deprecated and may be removed from future releases.")) ||
341 strstr(input_buffer, _("Consider using the `dig' or `host' programs instead. Run nslookup with")) || 367 strstr(input_buffer, _("Consider using the `dig' or `host' programs instead. Run nslookup with")) ||
342 strstr(input_buffer, _("the `-sil[ent]' option to prevent this message from appearing."))) 368 strstr(input_buffer, _("the `-sil[ent]' option to prevent this message from appearing."))) {
343 return STATE_OK; 369 return STATE_OK;
370 }
344 371
345 /* DNS server is not running... */ 372 /* DNS server is not running... */
346 else if (strstr(input_buffer, "No response from server")) 373 else if (strstr(input_buffer, "No response from server")) {
347 die(STATE_CRITICAL, _("No response from DNS %s\n"), dns_server); 374 die(STATE_CRITICAL, _("No response from DNS %s\n"), dns_server);
348 else if (strstr(input_buffer, "no servers could be reached")) 375 } else if (strstr(input_buffer, "no servers could be reached")) {
349 die(STATE_CRITICAL, _("No response from DNS %s\n"), dns_server); 376 die(STATE_CRITICAL, _("No response from DNS %s\n"), dns_server);
377 }
350 378
351 /* Host name is valid, but server doesn't have records... */ 379 /* Host name is valid, but server doesn't have records... */
352 else if (strstr(input_buffer, "No records")) 380 else if (strstr(input_buffer, "No records")) {
353 die(STATE_CRITICAL, _("DNS %s has no records\n"), dns_server); 381 die(STATE_CRITICAL, _("DNS %s has no records\n"), dns_server);
382 }
354 383
355 /* Connection was refused */ 384 /* Connection was refused */
356 else if (strstr(input_buffer, "Connection refused") || strstr(input_buffer, "Couldn't find server") || 385 else if (strstr(input_buffer, "Connection refused") || strstr(input_buffer, "Couldn't find server") ||
357 strstr(input_buffer, "Refused") || (strstr(input_buffer, "** server can't find") && strstr(input_buffer, ": REFUSED"))) 386 strstr(input_buffer, "Refused") || (strstr(input_buffer, "** server can't find") && strstr(input_buffer, ": REFUSED"))) {
358 die(STATE_CRITICAL, _("Connection to DNS %s was refused\n"), dns_server); 387 die(STATE_CRITICAL, _("Connection to DNS %s was refused\n"), dns_server);
388 }
359 389
360 /* Query refused (usually by an ACL in the namserver) */ 390 /* Query refused (usually by an ACL in the namserver) */
361 else if (strstr(input_buffer, "Query refused")) 391 else if (strstr(input_buffer, "Query refused")) {
362 die(STATE_CRITICAL, _("Query was refused by DNS server at %s\n"), dns_server); 392 die(STATE_CRITICAL, _("Query was refused by DNS server at %s\n"), dns_server);
393 }
363 394
364 /* No information (e.g. nameserver IP has two PTR records) */ 395 /* No information (e.g. nameserver IP has two PTR records) */
365 else if (strstr(input_buffer, "No information")) 396 else if (strstr(input_buffer, "No information")) {
366 die(STATE_CRITICAL, _("No information returned by DNS server at %s\n"), dns_server); 397 die(STATE_CRITICAL, _("No information returned by DNS server at %s\n"), dns_server);
398 }
367 399
368 /* Network is unreachable */ 400 /* Network is unreachable */
369 else if (strstr(input_buffer, "Network is unreachable")) 401 else if (strstr(input_buffer, "Network is unreachable")) {
370 die(STATE_CRITICAL, _("Network is unreachable\n")); 402 die(STATE_CRITICAL, _("Network is unreachable\n"));
403 }
371 404
372 /* Internal server failure */ 405 /* Internal server failure */
373 else if (strstr(input_buffer, "Server failure")) 406 else if (strstr(input_buffer, "Server failure")) {
374 die(STATE_CRITICAL, _("DNS failure for %s\n"), dns_server); 407 die(STATE_CRITICAL, _("DNS failure for %s\n"), dns_server);
408 }
375 409
376 /* Request error or the DNS lookup timed out */ 410 /* Request error or the DNS lookup timed out */
377 else if (strstr(input_buffer, "Format error") || strstr(input_buffer, "Timed out")) 411 else if (strstr(input_buffer, "Format error") || strstr(input_buffer, "Timed out")) {
378 return STATE_WARNING; 412 return STATE_WARNING;
413 }
379 414
380 return STATE_OK; 415 return STATE_OK;
381} 416}
382 417
383/* process command-line arguments */ 418/* process command-line arguments */
384int process_arguments(int argc, char **argv) { 419check_dns_config_wrapper process_arguments(int argc, char **argv) {
385 int c;
386 char *warning = NULL;
387 char *critical = NULL;
388
389 int opt_index = 0;
390 static struct option long_opts[] = {{"help", no_argument, 0, 'h'}, 420 static struct option long_opts[] = {{"help", no_argument, 0, 'h'},
391 {"version", no_argument, 0, 'V'}, 421 {"version", no_argument, 0, 'V'},
392 {"verbose", no_argument, 0, 'v'}, 422 {"verbose", no_argument, 0, 'v'},
@@ -402,20 +432,34 @@ int process_arguments(int argc, char **argv) {
402 {"critical", required_argument, 0, 'c'}, 432 {"critical", required_argument, 0, 'c'},
403 {0, 0, 0, 0}}; 433 {0, 0, 0, 0}};
404 434
405 if (argc < 2) 435 check_dns_config_wrapper result = {
406 return ERROR; 436 .config = check_dns_config_init(),
437 .errorcode = OK,
438 };
407 439
408 for (c = 1; c < argc; c++) 440 if (argc < 2) {
409 if (strcmp("-to", argv[c]) == 0) 441 result.errorcode = ERROR;
410 strcpy(argv[c], "-t"); 442 return result;
443 }
411 444
412 while (1) { 445 for (int index = 1; index < argc; index++) {
413 c = getopt_long(argc, argv, "hVvALnt:H:s:r:a:w:c:", long_opts, &opt_index); 446 if (strcmp("-to", argv[index]) == 0) {
447 strcpy(argv[index], "-t");
448 }
449 }
450
451 char *warning = NULL;
452 char *critical = NULL;
453 int opt_index = 0;
454 int index = 0;
455 while (true) {
456 index = getopt_long(argc, argv, "hVvALnt:H:s:r:a:w:c:", long_opts, &opt_index);
414 457
415 if (c == -1 || c == EOF) 458 if (index == -1 || index == EOF) {
416 break; 459 break;
460 }
417 461
418 switch (c) { 462 switch (index) {
419 case 'h': /* help */ 463 case 'h': /* help */
420 print_help(); 464 print_help();
421 exit(STATE_UNKNOWN); 465 exit(STATE_UNKNOWN);
@@ -429,54 +473,63 @@ int process_arguments(int argc, char **argv) {
429 timeout_interval = atoi(optarg); 473 timeout_interval = atoi(optarg);
430 break; 474 break;
431 case 'H': /* hostname */ 475 case 'H': /* hostname */
432 if (strlen(optarg) >= ADDRESS_LENGTH) 476 if (strlen(optarg) >= ADDRESS_LENGTH) {
433 die(STATE_UNKNOWN, _("Input buffer overflow\n")); 477 die(STATE_UNKNOWN, _("Input buffer overflow\n"));
434 strcpy(query_address, optarg); 478 }
479 strcpy(result.config.query_address, optarg);
435 break; 480 break;
436 case 's': /* server name */ 481 case 's': /* server name */
437 /* TODO: this host_or_die check is probably unnecessary. 482 /* TODO: this host_or_die check is probably unnecessary.
438 * Better to confirm nslookup response matches */ 483 * Better to confirm nslookup response matches */
439 host_or_die(optarg); 484 host_or_die(optarg);
440 if (strlen(optarg) >= ADDRESS_LENGTH) 485 if (strlen(optarg) >= ADDRESS_LENGTH) {
441 die(STATE_UNKNOWN, _("Input buffer overflow\n")); 486 die(STATE_UNKNOWN, _("Input buffer overflow\n"));
442 strcpy(dns_server, optarg); 487 }
488 strcpy(result.config.dns_server, optarg);
443 break; 489 break;
444 case 'r': /* reverse server name */ 490 case 'r': /* reverse server name */
445 /* TODO: Is this host_or_die necessary? */ 491 /* TODO: Is this host_or_die necessary? */
492 // TODO This does not do anything!!! 2025-03-08 rincewind
446 host_or_die(optarg); 493 host_or_die(optarg);
447 if (strlen(optarg) >= ADDRESS_LENGTH) 494 if (strlen(optarg) >= ADDRESS_LENGTH) {
448 die(STATE_UNKNOWN, _("Input buffer overflow\n")); 495 die(STATE_UNKNOWN, _("Input buffer overflow\n"));
496 }
497 static char ptr_server[ADDRESS_LENGTH] = "";
449 strcpy(ptr_server, optarg); 498 strcpy(ptr_server, optarg);
450 break; 499 break;
451 case 'a': /* expected address */ 500 case 'a': /* expected address */
452 if (strlen(optarg) >= ADDRESS_LENGTH) 501 if (strlen(optarg) >= ADDRESS_LENGTH) {
453 die(STATE_UNKNOWN, _("Input buffer overflow\n")); 502 die(STATE_UNKNOWN, _("Input buffer overflow\n"));
503 }
454 if (strchr(optarg, ',') != NULL) { 504 if (strchr(optarg, ',') != NULL) {
455 char *comma = strchr(optarg, ','); 505 char *comma = strchr(optarg, ',');
456 while (comma != NULL) { 506 while (comma != NULL) {
457 expected_address = (char **)realloc(expected_address, (expected_address_cnt + 1) * sizeof(char **)); 507 result.config.expected_address =
458 expected_address[expected_address_cnt] = strndup(optarg, comma - optarg); 508 (char **)realloc(result.config.expected_address, (result.config.expected_address_cnt + 1) * sizeof(char **));
459 expected_address_cnt++; 509 result.config.expected_address[result.config.expected_address_cnt] = strndup(optarg, comma - optarg);
510 result.config.expected_address_cnt++;
460 optarg = comma + 1; 511 optarg = comma + 1;
461 comma = strchr(optarg, ','); 512 comma = strchr(optarg, ',');
462 } 513 }
463 expected_address = (char **)realloc(expected_address, (expected_address_cnt + 1) * sizeof(char **)); 514 result.config.expected_address =
464 expected_address[expected_address_cnt] = strdup(optarg); 515 (char **)realloc(result.config.expected_address, (result.config.expected_address_cnt + 1) * sizeof(char **));
465 expected_address_cnt++; 516 result.config.expected_address[result.config.expected_address_cnt] = strdup(optarg);
517 result.config.expected_address_cnt++;
466 } else { 518 } else {
467 expected_address = (char **)realloc(expected_address, (expected_address_cnt + 1) * sizeof(char **)); 519 result.config.expected_address =
468 expected_address[expected_address_cnt] = strdup(optarg); 520 (char **)realloc(result.config.expected_address, (result.config.expected_address_cnt + 1) * sizeof(char **));
469 expected_address_cnt++; 521 result.config.expected_address[result.config.expected_address_cnt] = strdup(optarg);
522 result.config.expected_address_cnt++;
470 } 523 }
471 break; 524 break;
472 case 'n': /* expect NXDOMAIN */ 525 case 'n': /* expect NXDOMAIN */
473 expect_nxdomain = true; 526 result.config.expect_nxdomain = true;
474 break; 527 break;
475 case 'A': /* expect authority */ 528 case 'A': /* expect authority */
476 expect_authority = true; 529 result.config.expect_authority = true;
477 break; 530 break;
478 case 'L': /* all must match */ 531 case 'L': /* all must match */
479 all_match = true; 532 result.config.all_match = true;
480 break; 533 break;
481 case 'w': 534 case 'w':
482 warning = optarg; 535 warning = optarg;
@@ -489,38 +542,42 @@ int process_arguments(int argc, char **argv) {
489 } 542 }
490 } 543 }
491 544
492 c = optind; 545 index = optind;
493 if (strlen(query_address) == 0 && c < argc) { 546 if (strlen(result.config.query_address) == 0 && index < argc) {
494 if (strlen(argv[c]) >= ADDRESS_LENGTH) 547 if (strlen(argv[index]) >= ADDRESS_LENGTH) {
495 die(STATE_UNKNOWN, _("Input buffer overflow\n")); 548 die(STATE_UNKNOWN, _("Input buffer overflow\n"));
496 strcpy(query_address, argv[c++]); 549 }
550 strcpy(result.config.query_address, argv[index++]);
497 } 551 }
498 552
499 if (strlen(dns_server) == 0 && c < argc) { 553 if (strlen(result.config.dns_server) == 0 && index < argc) {
500 /* TODO: See -s option */ 554 /* TODO: See -s option */
501 host_or_die(argv[c]); 555 host_or_die(argv[index]);
502 if (strlen(argv[c]) >= ADDRESS_LENGTH) 556 if (strlen(argv[index]) >= ADDRESS_LENGTH) {
503 die(STATE_UNKNOWN, _("Input buffer overflow\n")); 557 die(STATE_UNKNOWN, _("Input buffer overflow\n"));
504 strcpy(dns_server, argv[c++]); 558 }
559 strcpy(result.config.dns_server, argv[index++]);
505 } 560 }
506 561
507 set_thresholds(&time_thresholds, warning, critical); 562 set_thresholds(&result.config.time_thresholds, warning, critical);
508 563
509 return validate_arguments(); 564 return validate_arguments(result);
510} 565}
511 566
512int validate_arguments(void) { 567check_dns_config_wrapper validate_arguments(check_dns_config_wrapper config_wrapper) {
513 if (query_address[0] == 0) { 568 if (config_wrapper.config.query_address[0] == 0) {
514 printf("missing --host argument\n"); 569 printf("missing --host argument\n");
515 return ERROR; 570 config_wrapper.errorcode = ERROR;
571 return config_wrapper;
516 } 572 }
517 573
518 if (expected_address_cnt > 0 && expect_nxdomain) { 574 if (config_wrapper.config.expected_address_cnt > 0 && config_wrapper.config.expect_nxdomain) {
519 printf("--expected-address and --expect-nxdomain cannot be combined\n"); 575 printf("--expected-address and --expect-nxdomain cannot be combined\n");
520 return ERROR; 576 config_wrapper.errorcode = ERROR;
577 return config_wrapper;
521 } 578 }
522 579
523 return OK; 580 return config_wrapper;
524} 581}
525 582
526void print_help(void) { 583void print_help(void) {
diff --git a/plugins/check_dns.d/config.h b/plugins/check_dns.d/config.h
new file mode 100644
index 00000000..9ec4eb82
--- /dev/null
+++ b/plugins/check_dns.d/config.h
@@ -0,0 +1,34 @@
1#pragma once
2
3#include "../../config.h"
4#include "thresholds.h"
5#include <stddef.h>
6
7#define ADDRESS_LENGTH 256
8
9typedef struct {
10 bool all_match;
11 char dns_server[ADDRESS_LENGTH];
12 char query_address[ADDRESS_LENGTH];
13 bool expect_nxdomain;
14 bool expect_authority;
15 char **expected_address;
16 size_t expected_address_cnt;
17
18 thresholds *time_thresholds;
19} check_dns_config;
20
21check_dns_config check_dns_config_init() {
22 check_dns_config tmp = {
23 .all_match = false,
24 .dns_server = "",
25 .query_address = "",
26 .expect_nxdomain = false,
27 .expect_authority = false,
28 .expected_address = NULL,
29 .expected_address_cnt = 0,
30
31 .time_thresholds = NULL,
32 };
33 return tmp;
34}