diff options
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | NEWS | 8 | ||||
-rw-r--r-- | THANKS.in | 7 | ||||
-rw-r--r-- | plugins-root/check_dhcp.c | 20 | ||||
-rwxr-xr-x | plugins-scripts/check_disk_smb.pl | 44 | ||||
-rw-r--r-- | plugins-scripts/utils.sh.in | 85 | ||||
-rw-r--r-- | plugins/Makefile.am | 2 | ||||
-rw-r--r-- | plugins/check_http.c | 25 | ||||
-rw-r--r-- | plugins/check_ping.c | 42 | ||||
-rw-r--r-- | plugins/check_users.c | 68 | ||||
-rw-r--r-- | plugins/sslutils.c | 143 | ||||
-rw-r--r-- | plugins/t/check_by_ssh.t | 10 |
12 files changed, 290 insertions, 165 deletions
@@ -20,6 +20,7 @@ NP-VERSION-FILE | |||
20 | /Makefile | 20 | /Makefile |
21 | /Makefile.in | 21 | /Makefile.in |
22 | /missing | 22 | /missing |
23 | /nagios-plugins.spec | ||
23 | /stamp-h1 | 24 | /stamp-h1 |
24 | /test.pl | 25 | /test.pl |
25 | /THANKS | 26 | /THANKS |
@@ -6,10 +6,14 @@ This file documents the major additions and syntax changes between releases. | |||
6 | check_disk_smb now allows spaces in share names (#990948, #1370031, Debian #601699) | 6 | check_disk_smb now allows spaces in share names (#990948, #1370031, Debian #601699) |
7 | check_http now uses standard threshold functions (enables floating point and ranges) | 7 | check_http now uses standard threshold functions (enables floating point and ranges) |
8 | check_http now checks for and prints the certificate cn (hostname) in SSL certificate checks (Stéphane Urbanovski) | 8 | check_http now checks for and prints the certificate cn (hostname) in SSL certificate checks (Stéphane Urbanovski) |
9 | check_http now supports an optional -S/--ssl value to choose the SSL protocol version (#3066166 - Jason Lunn) | ||
9 | Add perfdata to check_ssh (#3244097 - Marco Beck) | 10 | Add perfdata to check_ssh (#3244097 - Marco Beck) |
10 | New option to check_smtp to ignore failures when sending QUIT (#3358348 - Duncan Ferguson) | 11 | New option to check_smtp to ignore failures when sending QUIT (#3358348 - Duncan Ferguson) |
11 | New check_by_ssh -F option which allows for specifying an alternative ssh_config(5) file (#2895334 - Sven Nierlein) | 12 | New check_by_ssh -F option which allows for specifying an alternative ssh_config(5) file (#2895334 - Sven Nierlein) |
12 | check_sensors now detects faulty sensors unless --ignore-fault is specified (Jan Wagner) | 13 | check_sensors now detects faulty sensors unless --ignore-fault is specified (Jan Wagner) |
14 | utils.sh now provides a check_range function (Alex Griffin) | ||
15 | Improved the performance of check_users (Marc Remy) | ||
16 | Add perfdata to check_disk_smb (Debian #654259 - Charles-Henri Larose) | ||
13 | Updated Nagios::Plugin perl module | 17 | Updated Nagios::Plugin perl module |
14 | 18 | ||
15 | FIXES | 19 | FIXES |
@@ -20,7 +24,9 @@ This file documents the major additions and syntax changes between releases. | |||
20 | Fix check_procs where regex input of '|' would get displayed in output - now replaced with ',' | 24 | Fix check_procs where regex input of '|' would get displayed in output - now replaced with ',' |
21 | Fix segfault in check_host when hostname returns multiple IP addresses (Sebastian Harl) | 25 | Fix segfault in check_host when hostname returns multiple IP addresses (Sebastian Harl) |
22 | Fix check_smtp and check_tcp where duplicate messages were displayed for certificate errors | 26 | Fix check_smtp and check_tcp where duplicate messages were displayed for certificate errors |
23 | Fix check_ping where output of ping6 when unreachable (Debian #662638) | 27 | Fix check_ping's parsing of ping6(1) output (#1894850, Debian #514588, Debian #662638 - Matej Vela) |
28 | Fix a check_dhcp bug which was triggered by using it to check Windows 2003 DHCP servers (#3503921) | ||
29 | Disable RFC4507 support, to work around SSL negotiation issues with (at least) some Tomcat versions | ||
24 | 30 | ||
25 | 1.4.15 27th July 2010 | 31 | 1.4.15 27th July 2010 |
26 | ENHANCEMENTS | 32 | ENHANCEMENTS |
@@ -269,3 +269,10 @@ Ryan Kelly | |||
269 | Stéphane Urbanovski | 269 | Stéphane Urbanovski |
270 | Marco Beck | 270 | Marco Beck |
271 | Sebastian Harl | 271 | Sebastian Harl |
272 | Jason Lunn | ||
273 | Alex Griffin | ||
274 | Marc Remy | ||
275 | Matej Vela | ||
276 | Jason Ellison | ||
277 | Charles-Henri Larose | ||
278 | Tobias Brox | ||
diff --git a/plugins-root/check_dhcp.c b/plugins-root/check_dhcp.c index 2a1875c..b02ee49 100644 --- a/plugins-root/check_dhcp.c +++ b/plugins-root/check_dhcp.c | |||
@@ -141,7 +141,7 @@ typedef struct dhcp_packet_struct{ | |||
141 | u_int16_t flags; /* flags */ | 141 | u_int16_t flags; /* flags */ |
142 | struct in_addr ciaddr; /* IP address of this machine (if we already have one) */ | 142 | struct in_addr ciaddr; /* IP address of this machine (if we already have one) */ |
143 | struct in_addr yiaddr; /* IP address of this machine (offered by the DHCP server) */ | 143 | struct in_addr yiaddr; /* IP address of this machine (offered by the DHCP server) */ |
144 | struct in_addr siaddr; /* IP address of DHCP server */ | 144 | struct in_addr siaddr; /* IP address of next server */ |
145 | struct in_addr giaddr; /* IP address of DHCP relay */ | 145 | struct in_addr giaddr; /* IP address of DHCP relay */ |
146 | unsigned char chaddr [MAX_DHCP_CHADDR_LENGTH]; /* hardware address of this machine */ | 146 | unsigned char chaddr [MAX_DHCP_CHADDR_LENGTH]; /* hardware address of this machine */ |
147 | char sname [MAX_DHCP_SNAME_LENGTH]; /* name of DHCP server */ | 147 | char sname [MAX_DHCP_SNAME_LENGTH]; /* name of DHCP server */ |
@@ -587,11 +587,6 @@ int get_dhcp_offer(int sock){ | |||
587 | /* Save a copy of "source" into "via" even if it's via itself */ | 587 | /* Save a copy of "source" into "via" even if it's via itself */ |
588 | memcpy(&via,&source,sizeof(source)) ; | 588 | memcpy(&via,&source,sizeof(source)) ; |
589 | 589 | ||
590 | /* If siaddr is non-zero, set "source" to siaddr */ | ||
591 | if(offer_packet.siaddr.s_addr != 0L){ | ||
592 | source.sin_addr.s_addr = offer_packet.siaddr.s_addr ; | ||
593 | } | ||
594 | |||
595 | if(verbose){ | 590 | if(verbose){ |
596 | printf(_("DHCPOFFER from IP address %s"),inet_ntoa(source.sin_addr)); | 591 | printf(_("DHCPOFFER from IP address %s"),inet_ntoa(source.sin_addr)); |
597 | printf(_(" via %s\n"),inet_ntoa(via.sin_addr)); | 592 | printf(_(" via %s\n"),inet_ntoa(via.sin_addr)); |
@@ -839,8 +834,7 @@ int add_dhcp_offer(struct in_addr source,dhcp_packet *offer_packet){ | |||
839 | /* process all DHCP options present in the packet */ | 834 | /* process all DHCP options present in the packet */ |
840 | for(x=4;x<MAX_DHCP_OPTIONS_LENGTH;){ | 835 | for(x=4;x<MAX_DHCP_OPTIONS_LENGTH;){ |
841 | 836 | ||
842 | /* end of options (0 is really just a pad, but bail out anyway) */ | 837 | if((int)offer_packet->options[x]==-1) |
843 | if((int)offer_packet->options[x]==-1 || (int)offer_packet->options[x]==0) | ||
844 | break; | 838 | break; |
845 | 839 | ||
846 | /* get option type */ | 840 | /* get option type */ |
@@ -872,7 +866,9 @@ int add_dhcp_offer(struct in_addr source,dhcp_packet *offer_packet){ | |||
872 | } | 866 | } |
873 | 867 | ||
874 | /* skip option data we're ignoring */ | 868 | /* skip option data we're ignoring */ |
875 | if(option_type!=DHCP_OPTION_REBINDING_TIME) | 869 | if(option_type==0) /* "pad" option, see RFC 2132 (3.1) */ |
870 | x+=1; | ||
871 | else | ||
876 | x+=option_length; | 872 | x+=option_length; |
877 | } | 873 | } |
878 | 874 | ||
@@ -903,9 +899,9 @@ int add_dhcp_offer(struct in_addr source,dhcp_packet *offer_packet){ | |||
903 | * the next bootstrap service (e.g., delivery of an operating system | 899 | * the next bootstrap service (e.g., delivery of an operating system |
904 | * executable image). A DHCP server always returns its own address in | 900 | * executable image). A DHCP server always returns its own address in |
905 | * the 'server identifier' option." 'serv_ident' is the 'server | 901 | * the 'server identifier' option." 'serv_ident' is the 'server |
906 | * identifier' option, 'source' is the 'siaddr' field or (if 'siaddr' | 902 | * identifier' option, 'source' is the IP address we received the |
907 | * wasn't available) the IP address we received the DHCPOFFER from. If | 903 | * DHCPOFFER from. If 'serv_ident' isn't available for some reason, we |
908 | * 'serv_ident' isn't available for some reason, we use 'source'. | 904 | * use 'source'. |
909 | */ | 905 | */ |
910 | new_offer->server_address=serv_ident.s_addr?serv_ident:source; | 906 | new_offer->server_address=serv_ident.s_addr?serv_ident:source; |
911 | new_offer->offered_address=offer_packet->yiaddr; | 907 | new_offer->offered_address=offer_packet->yiaddr; |
diff --git a/plugins-scripts/check_disk_smb.pl b/plugins-scripts/check_disk_smb.pl index 6783543..43841c3 100755 --- a/plugins-scripts/check_disk_smb.pl +++ b/plugins-scripts/check_disk_smb.pl | |||
@@ -166,6 +166,7 @@ my $address = $1 if (defined($opt_a) && $opt_a =~ /(.*)/); | |||
166 | my $state = "OK"; | 166 | my $state = "OK"; |
167 | my $answer = undef; | 167 | my $answer = undef; |
168 | my $res = undef; | 168 | my $res = undef; |
169 | my $perfdata = ""; | ||
169 | my @lines = undef; | 170 | my @lines = undef; |
170 | 171 | ||
171 | # Just in case of problems, let's not hang Nagios | 172 | # Just in case of problems, let's not hang Nagios |
@@ -204,11 +205,23 @@ $_ = $lines[$#lines]; | |||
204 | #If line does not match required regexp, return an UNKNOWN error | 205 | #If line does not match required regexp, return an UNKNOWN error |
205 | if (/\s*(\d*) blocks of size (\d*)\. (\d*) blocks available/) { | 206 | if (/\s*(\d*) blocks of size (\d*)\. (\d*) blocks available/) { |
206 | 207 | ||
207 | my ($avail) = ($3*$2)/1024; | 208 | my ($avail_bytes) = $3 * $2; |
208 | my ($avail_bytes) = $avail; | 209 | my ($total_bytes) = $1 * $2; |
210 | my ($occupied_bytes) = $1 * $2 - $avail_bytes; | ||
211 | my ($avail) = $avail_bytes/1024; | ||
209 | my ($capper) = int(($3/$1)*100); | 212 | my ($capper) = int(($3/$1)*100); |
210 | my ($mountpt) = "\\\\$host\\$share"; | 213 | my ($mountpt) = "\\\\$host\\$share"; |
211 | 214 | ||
215 | # TODO : why is the kB the standard unit for args ? | ||
216 | my ($warn_bytes) = $total_bytes - $warn * 1024; | ||
217 | if ($warn_type eq "P") { | ||
218 | $warn_bytes = $warn * $1 * $2 / 100; | ||
219 | } | ||
220 | my ($crit_bytes) = $total_bytes - $crit * 1024; | ||
221 | if ($crit_type eq "P") { | ||
222 | $crit_bytes = $crit * $1 * $2 / 100; | ||
223 | } | ||
224 | |||
212 | 225 | ||
213 | if (int($avail / 1024) > 0) { | 226 | if (int($avail / 1024) > 0) { |
214 | $avail = int($avail / 1024); | 227 | $avail = int($avail / 1024); |
@@ -225,32 +238,37 @@ if (/\s*(\d*) blocks of size (\d*)\. (\d*) blocks available/) { | |||
225 | #print ":$warn:$warn_type:\n"; | 238 | #print ":$warn:$warn_type:\n"; |
226 | #print ":$crit:$crit_type:\n"; | 239 | #print ":$crit:$crit_type:\n"; |
227 | #print ":$avail:$avail_bytes:$capper:$mountpt:\n"; | 240 | #print ":$avail:$avail_bytes:$capper:$mountpt:\n"; |
241 | $perfdata = "'" . $share . "'=" . $occupied_bytes . 'B;' | ||
242 | . $warn_bytes . ';' | ||
243 | . $crit_bytes . ';' | ||
244 | . '0;' | ||
245 | . $total_bytes; | ||
228 | 246 | ||
229 | if ((($warn_type eq "P") && (100 - $capper) < $warn) || (($warn_type eq "K") && ($avail_bytes > $warn))) { | 247 | if ($occupied_bytes > $crit_bytes) { |
230 | $answer = "Disk ok - $avail ($capper%) free on $mountpt\n"; | 248 | $state = "CRITICAL"; |
231 | } elsif ((($crit_type eq "P") && (100 - $capper) < $crit) || (($crit_type eq "K") && ($avail_bytes > $crit))) { | 249 | $answer = "CRITICAL: Only $avail ($capper%) free on $mountpt"; |
250 | } elsif ( $occupied_bytes > $warn_bytes ) { | ||
232 | $state = "WARNING"; | 251 | $state = "WARNING"; |
233 | $answer = "WARNING: Only $avail ($capper%) free on $mountpt\n"; | 252 | $answer = "WARNING: Only $avail ($capper%) free on $mountpt"; |
234 | } else { | 253 | } else { |
235 | $state = "CRITICAL"; | 254 | $answer = "Disk ok - $avail ($capper%) free on $mountpt"; |
236 | $answer = "CRITICAL: Only $avail ($capper%) free on $mountpt\n"; | ||
237 | } | 255 | } |
238 | } else { | 256 | } else { |
239 | $answer = "Result from smbclient not suitable\n"; | 257 | $answer = "Result from smbclient not suitable"; |
240 | $state = "UNKNOWN"; | 258 | $state = "UNKNOWN"; |
241 | foreach (@lines) { | 259 | foreach (@lines) { |
242 | if (/(Access denied|NT_STATUS_LOGON_FAILURE|NT_STATUS_ACCESS_DENIED)/) { | 260 | if (/(Access denied|NT_STATUS_LOGON_FAILURE|NT_STATUS_ACCESS_DENIED)/) { |
243 | $answer = "Access Denied\n"; | 261 | $answer = "Access Denied"; |
244 | $state = "CRITICAL"; | 262 | $state = "CRITICAL"; |
245 | last; | 263 | last; |
246 | } | 264 | } |
247 | if (/(Unknown host \w*|Connection.*failed)/) { | 265 | if (/(Unknown host \w*|Connection.*failed)/) { |
248 | $answer = "$1\n"; | 266 | $answer = "$1"; |
249 | $state = "CRITICAL"; | 267 | $state = "CRITICAL"; |
250 | last; | 268 | last; |
251 | } | 269 | } |
252 | if (/(You specified an invalid share name|NT_STATUS_BAD_NETWORK_NAME)/) { | 270 | if (/(You specified an invalid share name|NT_STATUS_BAD_NETWORK_NAME)/) { |
253 | $answer = "Invalid share name \\\\$host\\$share\n"; | 271 | $answer = "Invalid share name \\\\$host\\$share"; |
254 | $state = "CRITICAL"; | 272 | $state = "CRITICAL"; |
255 | last; | 273 | last; |
256 | } | 274 | } |
@@ -259,6 +277,8 @@ if (/\s*(\d*) blocks of size (\d*)\. (\d*) blocks available/) { | |||
259 | 277 | ||
260 | 278 | ||
261 | print $answer; | 279 | print $answer; |
280 | print " | " . $perfdata if ($perfdata); | ||
281 | print "\n"; | ||
262 | print "$state\n" if ($verbose); | 282 | print "$state\n" if ($verbose); |
263 | exit $ERRORS{$state}; | 283 | exit $ERRORS{$state}; |
264 | 284 | ||
diff --git a/plugins-scripts/utils.sh.in b/plugins-scripts/utils.sh.in index b30b908..5fae6ad 100644 --- a/plugins-scripts/utils.sh.in +++ b/plugins-scripts/utils.sh.in | |||
@@ -21,3 +21,88 @@ support() { | |||
21 | $ECHO "@SUPPORT@" | sed -e 's/\n/ /g' | 21 | $ECHO "@SUPPORT@" | sed -e 's/\n/ /g' |
22 | } | 22 | } |
23 | 23 | ||
24 | # | ||
25 | # check_range takes a value and a range string, returning successfully if an | ||
26 | # alert should be raised based on the range. | ||
27 | # | ||
28 | check_range() { | ||
29 | local v range yes no err decimal start end cmp match | ||
30 | v="$1" | ||
31 | range="$2" | ||
32 | |||
33 | # whether to raise an alert or not | ||
34 | yes=0 | ||
35 | no=1 | ||
36 | err=2 | ||
37 | |||
38 | # regex to match a decimal number | ||
39 | decimal="-?([0-9]+\.?[0-9]*|[0-9]*\.[0-9]+)" | ||
40 | |||
41 | # compare numbers (including decimals), returning true/false | ||
42 | cmp() { awk "BEGIN{ if ($1) exit(0); exit(1)}"; } | ||
43 | |||
44 | # returns successfully if the string in the first argument matches the | ||
45 | # regex in the second | ||
46 | match() { echo "$1" | grep -E -q -- "$2"; } | ||
47 | |||
48 | # make sure value is valid | ||
49 | if ! match "$v" "^$decimal$"; then | ||
50 | echo "${0##*/}: check_range: invalid value" >&2 | ||
51 | unset -f cmp match | ||
52 | return "$err" | ||
53 | fi | ||
54 | |||
55 | # make sure range is valid | ||
56 | if ! match "$range" "^@?(~|$decimal)(:($decimal)?)?$"; then | ||
57 | echo "${0##*/}: check_range: invalid range" >&2 | ||
58 | unset -f cmp match | ||
59 | return "$err" | ||
60 | fi | ||
61 | |||
62 | # check for leading @ char, which negates the range | ||
63 | if match $range '^@'; then | ||
64 | range=${range#@} | ||
65 | yes=1 | ||
66 | no=0 | ||
67 | fi | ||
68 | |||
69 | # parse the range string | ||
70 | if ! match "$range" ':'; then | ||
71 | start=0 | ||
72 | end="$range" | ||
73 | else | ||
74 | start="${range%%:*}" | ||
75 | end="${range#*:}" | ||
76 | fi | ||
77 | |||
78 | # do the comparison, taking positive ("") and negative infinity ("~") | ||
79 | # into account | ||
80 | if [ "$start" != "~" ] && [ "$end" != "" ]; then | ||
81 | if cmp "$start <= $v" && cmp "$v <= $end"; then | ||
82 | unset -f cmp match | ||
83 | return "$no" | ||
84 | else | ||
85 | unset -f cmp match | ||
86 | return "$yes" | ||
87 | fi | ||
88 | elif [ "$start" != "~" ] && [ "$end" = "" ]; then | ||
89 | if cmp "$start <= $v"; then | ||
90 | unset -f cmp match | ||
91 | return "$no" | ||
92 | else | ||
93 | unset -f cmp match | ||
94 | return "$yes" | ||
95 | fi | ||
96 | elif [ "$start" = "~" ] && [ "$end" != "" ]; then | ||
97 | if cmp "$v <= $end"; then | ||
98 | unset -f cmp match | ||
99 | return "$no" | ||
100 | else | ||
101 | unset -f cmp match | ||
102 | return "$yes" | ||
103 | fi | ||
104 | else | ||
105 | unset -f cmp match | ||
106 | return "$no" | ||
107 | fi | ||
108 | } | ||
diff --git a/plugins/Makefile.am b/plugins/Makefile.am index 36a28b0..3a2afc1 100644 --- a/plugins/Makefile.am +++ b/plugins/Makefile.am | |||
@@ -101,7 +101,7 @@ check_tcp_LDADD = $(SSLOBJS) $(NETLIBS) $(SSLLIBS) | |||
101 | check_time_LDADD = $(NETLIBS) | 101 | check_time_LDADD = $(NETLIBS) |
102 | check_ntp_time_LDADD = $(NETLIBS) $(MATHLIBS) | 102 | check_ntp_time_LDADD = $(NETLIBS) $(MATHLIBS) |
103 | check_ups_LDADD = $(NETLIBS) | 103 | check_ups_LDADD = $(NETLIBS) |
104 | check_users_LDADD = $(BASEOBJS) popen.o | 104 | check_users_LDADD = $(BASEOBJS) |
105 | check_by_ssh_LDADD = $(NETLIBS) | 105 | check_by_ssh_LDADD = $(NETLIBS) |
106 | check_ide_smart_LDADD = $(BASEOBJS) | 106 | check_ide_smart_LDADD = $(BASEOBJS) |
107 | negate_LDADD = $(BASEOBJS) | 107 | negate_LDADD = $(BASEOBJS) |
diff --git a/plugins/check_http.c b/plugins/check_http.c index 3175f6c..315848f 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c | |||
@@ -34,7 +34,7 @@ | |||
34 | /* splint -I. -I../../plugins -I../../lib/ -I/usr/kerberos/include/ ../../plugins/check_http.c */ | 34 | /* splint -I. -I../../plugins -I../../lib/ -I/usr/kerberos/include/ ../../plugins/check_http.c */ |
35 | 35 | ||
36 | const char *progname = "check_http"; | 36 | const char *progname = "check_http"; |
37 | const char *copyright = "1999-2008"; | 37 | const char *copyright = "1999-2011"; |
38 | const char *email = "nagiosplug-devel@lists.sourceforge.net"; | 38 | const char *email = "nagiosplug-devel@lists.sourceforge.net"; |
39 | 39 | ||
40 | #include "common.h" | 40 | #include "common.h" |
@@ -59,6 +59,7 @@ enum { | |||
59 | #ifdef HAVE_SSL | 59 | #ifdef HAVE_SSL |
60 | int check_cert = FALSE; | 60 | int check_cert = FALSE; |
61 | int days_till_exp; | 61 | int days_till_exp; |
62 | int ssl_version; | ||
62 | char *randbuff; | 63 | char *randbuff; |
63 | X509 *server_cert; | 64 | X509 *server_cert; |
64 | # define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) | 65 | # define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) |
@@ -188,7 +189,7 @@ process_arguments (int argc, char **argv) | |||
188 | STD_LONG_OPTS, | 189 | STD_LONG_OPTS, |
189 | {"link", no_argument, 0, 'L'}, | 190 | {"link", no_argument, 0, 'L'}, |
190 | {"nohtml", no_argument, 0, 'n'}, | 191 | {"nohtml", no_argument, 0, 'n'}, |
191 | {"ssl", no_argument, 0, 'S'}, | 192 | {"ssl", optional_argument, 0, 'S'}, |
192 | {"sni", no_argument, 0, SNI_OPTION}, | 193 | {"sni", no_argument, 0, SNI_OPTION}, |
193 | {"post", required_argument, 0, 'P'}, | 194 | {"post", required_argument, 0, 'P'}, |
194 | {"method", required_argument, 0, 'j'}, | 195 | {"method", required_argument, 0, 'j'}, |
@@ -234,7 +235,7 @@ process_arguments (int argc, char **argv) | |||
234 | } | 235 | } |
235 | 236 | ||
236 | while (1) { | 237 | while (1) { |
237 | c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:e:p:s:R:r:u:f:C:nlLSm:M:N", longopts, &option); | 238 | c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:e:p:s:R:r:u:f:C:nlLS::m:M:N", longopts, &option); |
238 | if (c == -1 || c == EOF) | 239 | if (c == -1 || c == EOF) |
239 | break; | 240 | break; |
240 | 241 | ||
@@ -294,6 +295,13 @@ process_arguments (int argc, char **argv) | |||
294 | usage4 (_("Invalid option - SSL is not available")); | 295 | usage4 (_("Invalid option - SSL is not available")); |
295 | #endif | 296 | #endif |
296 | use_ssl = TRUE; | 297 | use_ssl = TRUE; |
298 | if (optarg == NULL || c != 'S') | ||
299 | ssl_version = 0; | ||
300 | else { | ||
301 | ssl_version = atoi(optarg); | ||
302 | if (ssl_version < 1 || ssl_version > 3) | ||
303 | usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2) or 3 (SSLv3)")); | ||
304 | } | ||
297 | if (specify_port == FALSE) | 305 | if (specify_port == FALSE) |
298 | server_port = HTTPS_PORT; | 306 | server_port = HTTPS_PORT; |
299 | break; | 307 | break; |
@@ -798,7 +806,9 @@ check_http (void) | |||
798 | die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); | 806 | die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); |
799 | #ifdef HAVE_SSL | 807 | #ifdef HAVE_SSL |
800 | if (use_ssl == TRUE) { | 808 | if (use_ssl == TRUE) { |
801 | np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL)); | 809 | result = np_net_ssl_init_with_hostname_and_version(sd, (use_sni ? host_name : NULL), ssl_version); |
810 | if (result != STATE_OK) | ||
811 | return result; | ||
802 | if (check_cert == TRUE) { | 812 | if (check_cert == TRUE) { |
803 | result = np_net_ssl_check_cert(days_till_exp); | 813 | result = np_net_ssl_check_cert(days_till_exp); |
804 | np_net_ssl_cleanup(); | 814 | np_net_ssl_cleanup(); |
@@ -1323,8 +1333,9 @@ print_help (void) | |||
1323 | printf (UT_IPv46); | 1333 | printf (UT_IPv46); |
1324 | 1334 | ||
1325 | #ifdef HAVE_SSL | 1335 | #ifdef HAVE_SSL |
1326 | printf (" %s\n", "-S, --ssl"); | 1336 | printf (" %s\n", "-S, --ssl=VERSION"); |
1327 | printf (" %s\n", _("Connect via SSL. Port defaults to 443")); | 1337 | printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents")); |
1338 | printf (" %s\n", _("auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3).")); | ||
1328 | printf (" %s\n", "--sni"); | 1339 | printf (" %s\n", "--sni"); |
1329 | printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); | 1340 | printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); |
1330 | printf (" %s\n", "-C, --certificate=INTEGER"); | 1341 | printf (" %s\n", "-C, --certificate=INTEGER"); |
@@ -1433,6 +1444,6 @@ print_usage (void) | |||
1433 | printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n"); | 1444 | printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n"); |
1434 | printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); | 1445 | printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); |
1435 | printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n"); | 1446 | printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n"); |
1436 | printf (" [-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]\n"); | 1447 | printf (" [-A string] [-k string] [-S <version>] [--sni] [-C <age>] [-T <content-type>]\n"); |
1437 | printf (" [-j method]\n"); | 1448 | printf (" [-j method]\n"); |
1438 | } | 1449 | } |
diff --git a/plugins/check_ping.c b/plugins/check_ping.c index 9f9dcab..23dcd6a 100644 --- a/plugins/check_ping.c +++ b/plugins/check_ping.c | |||
@@ -432,6 +432,7 @@ run_ping (const char *cmd, const char *addr) | |||
432 | { | 432 | { |
433 | char buf[MAX_INPUT_BUFFER]; | 433 | char buf[MAX_INPUT_BUFFER]; |
434 | int result = STATE_UNKNOWN; | 434 | int result = STATE_UNKNOWN; |
435 | int match; | ||
435 | 436 | ||
436 | if ((child_process = spopen (cmd)) == NULL) | 437 | if ((child_process = spopen (cmd)) == NULL) |
437 | die (STATE_UNKNOWN, _("Could not open pipe: %s\n"), cmd); | 438 | die (STATE_UNKNOWN, _("Could not open pipe: %s\n"), cmd); |
@@ -448,28 +449,29 @@ run_ping (const char *cmd, const char *addr) | |||
448 | result = max_state (result, error_scan (buf, addr)); | 449 | result = max_state (result, error_scan (buf, addr)); |
449 | 450 | ||
450 | /* get the percent loss statistics */ | 451 | /* get the percent loss statistics */ |
451 | if(sscanf(buf,"%*d packets transmitted, %*d packets received, +%*d errors, %d%% packet loss",&pl)==1 || | 452 | match = 0; |
452 | sscanf(buf,"%*d packets transmitted, %*d packets received, +%*d duplicates, %d%% packet loss", &pl) == 1 || | 453 | if((sscanf(buf,"%*d packets transmitted, %*d packets received, +%*d errors, %d%% packet loss%n",&pl,&match) && match) || |
453 | sscanf(buf,"%*d packets transmitted, %*d received, +%*d duplicates, %d%% packet loss", &pl) == 1 || | 454 | (sscanf(buf,"%*d packets transmitted, %*d packets received, +%*d duplicates, %d%% packet loss%n",&pl,&match) && match) || |
454 | sscanf(buf,"%*d packets transmitted, %*d packets received, %d%% packet loss",&pl)==1 || | 455 | (sscanf(buf,"%*d packets transmitted, %*d received, +%*d duplicates, %d%% packet loss%n",&pl,&match) && match) || |
455 | sscanf(buf,"%*d packets transmitted, %*d packets received, %d%% loss, time",&pl)==1 || | 456 | (sscanf(buf,"%*d packets transmitted, %*d packets received, %d%% packet loss%n",&pl,&match) && match) || |
456 | sscanf(buf,"%*d packets transmitted, %*d received, %d%% loss, time", &pl)==1 || | 457 | (sscanf(buf,"%*d packets transmitted, %*d packets received, %d%% loss, time%n",&pl,&match) && match) || |
457 | sscanf(buf,"%*d packets transmitted, %*d received, %d%% packet loss, time", &pl)==1 || | 458 | (sscanf(buf,"%*d packets transmitted, %*d received, %d%% loss, time%n",&pl,&match) && match) || |
458 | sscanf(buf,"%*d packets transmitted, %*d received, +%*d errors, %d%% packet loss", &pl) == 1 || | 459 | (sscanf(buf,"%*d packets transmitted, %*d received, %d%% packet loss, time%n",&pl,&match) && match) || |
459 | sscanf(buf,"%*d packets transmitted %*d received, +%*d errors, %d%% packet loss", &pl) == 1 | 460 | (sscanf(buf,"%*d packets transmitted, %*d received, +%*d errors, %d%% packet loss%n",&pl,&match) && match) || |
461 | (sscanf(buf,"%*d packets transmitted %*d received, +%*d errors, %d%% packet loss%n",&pl,&match) && match) | ||
460 | ) | 462 | ) |
461 | continue; | 463 | continue; |
462 | 464 | ||
463 | /* get the round trip average */ | 465 | /* get the round trip average */ |
464 | else | 466 | else |
465 | if(sscanf(buf,"round-trip min/avg/max = %*f/%f/%*f",&rta)==1 || | 467 | if((sscanf(buf,"round-trip min/avg/max = %*f/%f/%*f%n",&rta,&match) && match) || |
466 | sscanf(buf,"round-trip min/avg/max/mdev = %*f/%f/%*f/%*f",&rta)==1 || | 468 | (sscanf(buf,"round-trip min/avg/max/mdev = %*f/%f/%*f/%*f%n",&rta,&match) && match) || |
467 | sscanf(buf,"round-trip min/avg/max/sdev = %*f/%f/%*f/%*f",&rta)==1 || | 469 | (sscanf(buf,"round-trip min/avg/max/sdev = %*f/%f/%*f/%*f%n",&rta,&match) && match) || |
468 | sscanf(buf,"round-trip min/avg/max/stddev = %*f/%f/%*f/%*f",&rta)==1 || | 470 | (sscanf(buf,"round-trip min/avg/max/stddev = %*f/%f/%*f/%*f%n",&rta,&match) && match) || |
469 | sscanf(buf,"round-trip min/avg/max/std-dev = %*f/%f/%*f/%*f",&rta)==1 || | 471 | (sscanf(buf,"round-trip min/avg/max/std-dev = %*f/%f/%*f/%*f%n",&rta,&match) && match) || |
470 | sscanf(buf,"round-trip (ms) min/avg/max = %*f/%f/%*f",&rta)==1 || | 472 | (sscanf(buf,"round-trip (ms) min/avg/max = %*f/%f/%*f%n",&rta,&match) && match) || |
471 | sscanf(buf,"round-trip (ms) min/avg/max/stddev = %*f/%f/%*f/%*f",&rta)==1 || | 473 | (sscanf(buf,"round-trip (ms) min/avg/max/stddev = %*f/%f/%*f/%*f%n",&rta,&match) && match) || |
472 | sscanf(buf,"rtt min/avg/max/mdev = %*f/%f/%*f/%*f ms",&rta)==1) | 474 | (sscanf(buf,"rtt min/avg/max/mdev = %*f/%f/%*f/%*f ms%n",&rta,&match) && match)) |
473 | continue; | 475 | continue; |
474 | } | 476 | } |
475 | 477 | ||
@@ -498,9 +500,7 @@ run_ping (const char *cmd, const char *addr) | |||
498 | (void) fclose (child_stderr); | 500 | (void) fclose (child_stderr); |
499 | 501 | ||
500 | 502 | ||
501 | /* close the pipe - WARNING if status is set */ | 503 | spclose (child_process); |
502 | if (spclose (child_process)) | ||
503 | result = max_state (result, STATE_WARNING); | ||
504 | 504 | ||
505 | if (warn_text == NULL) | 505 | if (warn_text == NULL) |
506 | warn_text = strdup(""); | 506 | warn_text = strdup(""); |
@@ -534,7 +534,7 @@ error_scan (char buf[MAX_INPUT_BUFFER], const char *addr) | |||
534 | else if (strstr (buf, "Time to live exceeded")) | 534 | else if (strstr (buf, "Time to live exceeded")) |
535 | die (STATE_CRITICAL, _("CRITICAL - Time to live exceeded (%s)"), addr); | 535 | die (STATE_CRITICAL, _("CRITICAL - Time to live exceeded (%s)"), addr); |
536 | else if (strstr (buf, "Destination unreachable: ")) | 536 | else if (strstr (buf, "Destination unreachable: ")) |
537 | die (STATE_CRITICAL, _("CRITICAL - DestinationUnreachable (%s)"), addr); | 537 | die (STATE_CRITICAL, _("CRITICAL - Destination Unreachable (%s)"), addr); |
538 | 538 | ||
539 | if (strstr (buf, "(DUP!)") || strstr (buf, "DUPLICATES FOUND")) { | 539 | if (strstr (buf, "(DUP!)") || strstr (buf, "DUPLICATES FOUND")) { |
540 | if (warn_text == NULL) | 540 | if (warn_text == NULL) |
diff --git a/plugins/check_users.c b/plugins/check_users.c index 8368612..3766292 100644 --- a/plugins/check_users.c +++ b/plugins/check_users.c | |||
@@ -3,7 +3,7 @@ | |||
3 | * Nagios check_users plugin | 3 | * Nagios check_users plugin |
4 | * | 4 | * |
5 | * License: GPL | 5 | * License: GPL |
6 | * Copyright (c) 2000-2007 Nagios Plugins Development Team | 6 | * Copyright (c) 2000-2012 Nagios Plugins Development Team |
7 | * | 7 | * |
8 | * Description: | 8 | * Description: |
9 | * | 9 | * |
@@ -35,8 +35,8 @@ const char *copyright = "2000-2007"; | |||
35 | const char *email = "nagiosplug-devel@lists.sourceforge.net"; | 35 | const char *email = "nagiosplug-devel@lists.sourceforge.net"; |
36 | 36 | ||
37 | #include "common.h" | 37 | #include "common.h" |
38 | #include "popen.h" | ||
39 | #include "utils.h" | 38 | #include "utils.h" |
39 | #include <utmpx.h> | ||
40 | 40 | ||
41 | #define possibly_set(a,b) ((a) == 0 ? (b) : 0) | 41 | #define possibly_set(a,b) ((a) == 0 ? (b) : 0) |
42 | 42 | ||
@@ -52,58 +52,33 @@ main (int argc, char **argv) | |||
52 | { | 52 | { |
53 | int users = -1; | 53 | int users = -1; |
54 | int result = STATE_UNKNOWN; | 54 | int result = STATE_UNKNOWN; |
55 | char input_buffer[MAX_INPUT_BUFFER]; | ||
56 | char *perf; | 55 | char *perf; |
56 | struct utmpx *putmpx; | ||
57 | 57 | ||
58 | setlocale (LC_ALL, ""); | 58 | setlocale (LC_ALL, ""); |
59 | bindtextdomain (PACKAGE, LOCALEDIR); | 59 | bindtextdomain (PACKAGE, LOCALEDIR); |
60 | textdomain (PACKAGE); | 60 | textdomain (PACKAGE); |
61 | 61 | ||
62 | perf = strdup(""); | 62 | perf = strdup (""); |
63 | 63 | ||
64 | /* Parse extra opts if any */ | 64 | /* Parse extra opts if any */ |
65 | argv=np_extra_opts (&argc, argv, progname); | 65 | argv = np_extra_opts (&argc, argv, progname); |
66 | 66 | ||
67 | if (process_arguments (argc, argv) == ERROR) | 67 | if (process_arguments (argc, argv) == ERROR) |
68 | usage4 (_("Could not parse arguments")); | 68 | usage4 (_("Could not parse arguments")); |
69 | 69 | ||
70 | /* run the command */ | ||
71 | child_process = spopen (WHO_COMMAND); | ||
72 | if (child_process == NULL) { | ||
73 | printf (_("Could not open pipe: %s\n"), WHO_COMMAND); | ||
74 | return STATE_UNKNOWN; | ||
75 | } | ||
76 | |||
77 | child_stderr = fdopen (child_stderr_array[fileno (child_process)], "r"); | ||
78 | if (child_stderr == NULL) | ||
79 | printf (_("Could not open stderr for %s\n"), WHO_COMMAND); | ||
80 | |||
81 | users = 0; | 70 | users = 0; |
82 | 71 | ||
83 | while (fgets (input_buffer, MAX_INPUT_BUFFER - 1, child_process)) { | 72 | /* get currently logged users from utmpx */ |
73 | setutxent (); | ||
84 | 74 | ||
85 | /* increment 'users' on all lines except total user count */ | 75 | while ((putmpx = getutxent ()) != NULL) |
86 | if (input_buffer[0] != '#') { | 76 | if (putmpx->ut_type == USER_PROCESS) |
87 | users++; | 77 | users++; |
88 | continue; | ||
89 | } | ||
90 | |||
91 | /* get total logged in users */ | ||
92 | if (sscanf (input_buffer, _("# users=%d"), &users) == 1) | ||
93 | break; | ||
94 | |||
95 | } | ||
96 | 78 | ||
97 | /* check STDERR */ | 79 | endutxent (); |
98 | if (fgets (input_buffer, MAX_INPUT_BUFFER - 1, child_stderr)) | ||
99 | result = possibly_set (result, STATE_UNKNOWN); | ||
100 | (void) fclose (child_stderr); | ||
101 | 80 | ||
102 | /* close the pipe */ | 81 | /* check the user count against warning and critical thresholds */ |
103 | if (spclose (child_process)) | ||
104 | result = possibly_set (result, STATE_UNKNOWN); | ||
105 | |||
106 | /* else check the user count against warning and critical thresholds */ | ||
107 | if (users > cusers) | 82 | if (users > cusers) |
108 | result = STATE_CRITICAL; | 83 | result = STATE_CRITICAL; |
109 | else if (users > wusers) | 84 | else if (users > wusers) |
@@ -114,7 +89,7 @@ main (int argc, char **argv) | |||
114 | if (result == STATE_UNKNOWN) | 89 | if (result == STATE_UNKNOWN) |
115 | printf ("%s\n", _("Unable to read output")); | 90 | printf ("%s\n", _("Unable to read output")); |
116 | else { | 91 | else { |
117 | asprintf(&perf, "%s", perfdata ("users", users, "", | 92 | asprintf (&perf, "%s", perfdata ("users", users, "", |
118 | TRUE, wusers, | 93 | TRUE, wusers, |
119 | TRUE, cusers, | 94 | TRUE, cusers, |
120 | TRUE, 0, | 95 | TRUE, 0, |
@@ -126,14 +101,11 @@ main (int argc, char **argv) | |||
126 | return result; | 101 | return result; |
127 | } | 102 | } |
128 | 103 | ||
129 | |||
130 | |||
131 | /* process command-line arguments */ | 104 | /* process command-line arguments */ |
132 | int | 105 | int |
133 | process_arguments (int argc, char **argv) | 106 | process_arguments (int argc, char **argv) |
134 | { | 107 | { |
135 | int c; | 108 | int c; |
136 | |||
137 | int option = 0; | 109 | int option = 0; |
138 | static struct option longopts[] = { | 110 | static struct option longopts[] = { |
139 | {"critical", required_argument, 0, 'c'}, | 111 | {"critical", required_argument, 0, 'c'}, |
@@ -183,7 +155,6 @@ process_arguments (int argc, char **argv) | |||
183 | else | 155 | else |
184 | wusers = atoi (argv[c++]); | 156 | wusers = atoi (argv[c++]); |
185 | } | 157 | } |
186 | |||
187 | if (cusers == -1 && argc > c) { | 158 | if (cusers == -1 && argc > c) { |
188 | if (is_intnonneg (argv[c]) == FALSE) | 159 | if (is_intnonneg (argv[c]) == FALSE) |
189 | usage4 (_("Warning threshold must be a positive integer")); | 160 | usage4 (_("Warning threshold must be a positive integer")); |
@@ -194,8 +165,6 @@ process_arguments (int argc, char **argv) | |||
194 | return OK; | 165 | return OK; |
195 | } | 166 | } |
196 | 167 | ||
197 | |||
198 | |||
199 | void | 168 | void |
200 | print_help (void) | 169 | print_help (void) |
201 | { | 170 | { |
@@ -205,9 +174,9 @@ print_help (void) | |||
205 | printf (COPYRIGHT, copyright, email); | 174 | printf (COPYRIGHT, copyright, email); |
206 | 175 | ||
207 | printf ("%s\n", _("This plugin checks the number of users currently logged in on the local")); | 176 | printf ("%s\n", _("This plugin checks the number of users currently logged in on the local")); |
208 | printf ("%s\n", _("system and generates an error if the number exceeds the thresholds specified.")); | 177 | printf ("%s\n", _("system and generates an error if the number exceeds the thresholds specified.")); |
209 | 178 | ||
210 | printf ("\n\n"); | 179 | printf ("\n\n"); |
211 | 180 | ||
212 | print_usage (); | 181 | print_usage (); |
213 | 182 | ||
@@ -215,17 +184,16 @@ print_help (void) | |||
215 | printf (UT_EXTRA_OPTS); | 184 | printf (UT_EXTRA_OPTS); |
216 | 185 | ||
217 | printf (" %s\n", "-w, --warning=INTEGER"); | 186 | printf (" %s\n", "-w, --warning=INTEGER"); |
218 | printf (" %s\n", _("Set WARNING status if more than INTEGER users are logged in")); | 187 | printf (" %s\n", _("Set WARNING status if more than INTEGER users are logged in")); |
219 | printf (" %s\n", "-c, --critical=INTEGER"); | 188 | printf (" %s\n", "-c, --critical=INTEGER"); |
220 | printf (" %s\n", _("Set CRITICAL status if more than INTEGER users are logged in")); | 189 | printf (" %s\n", _("Set CRITICAL status if more than INTEGER users are logged in")); |
221 | 190 | ||
222 | printf (UT_SUPPORT); | 191 | printf (UT_SUPPORT); |
223 | } | 192 | } |
224 | 193 | ||
225 | |||
226 | void | 194 | void |
227 | print_usage (void) | 195 | print_usage (void) |
228 | { | 196 | { |
229 | printf ("%s\n", _("Usage:")); | 197 | printf ("%s\n", _("Usage:")); |
230 | printf ("%s -w <users> -c <users>\n", progname); | 198 | printf ("%s -w <users> -c <users>\n", progname); |
231 | } | 199 | } |
diff --git a/plugins/sslutils.c b/plugins/sslutils.c index 0bc61ed..5425bb2 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c | |||
@@ -36,66 +36,97 @@ static SSL_CTX *c=NULL; | |||
36 | static SSL *s=NULL; | 36 | static SSL *s=NULL; |
37 | static int initialized=0; | 37 | static int initialized=0; |
38 | 38 | ||
39 | int np_net_ssl_init (int sd) { | 39 | int np_net_ssl_init(int sd) { |
40 | return np_net_ssl_init_with_hostname(sd, NULL); | 40 | return np_net_ssl_init_with_hostname(sd, NULL); |
41 | } | 41 | } |
42 | 42 | ||
43 | int np_net_ssl_init_with_hostname (int sd, char *host_name) { | 43 | int np_net_ssl_init_with_hostname(int sd, char *host_name) { |
44 | if (!initialized) { | 44 | return np_net_ssl_init_with_hostname_and_version(sd, host_name, 0); |
45 | /* Initialize SSL context */ | 45 | } |
46 | SSLeay_add_ssl_algorithms (); | 46 | |
47 | SSL_load_error_strings (); | 47 | int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int version) { |
48 | OpenSSL_add_all_algorithms (); | 48 | const SSL_METHOD *method = NULL; |
49 | initialized = 1; | 49 | |
50 | } | 50 | switch (version) { |
51 | if ((c = SSL_CTX_new (SSLv23_client_method ())) == NULL) { | 51 | case 0: /* Deafult to auto negotiation */ |
52 | printf ("%s\n", _("CRITICAL - Cannot create SSL context.")); | 52 | method = SSLv23_client_method(); |
53 | return STATE_CRITICAL; | 53 | break; |
54 | } | 54 | case 1: /* TLSv1 protocol */ |
55 | if ((s = SSL_new (c)) != NULL){ | 55 | method = TLSv1_client_method(); |
56 | break; | ||
57 | case 2: /* SSLv2 protocol */ | ||
58 | #if defined(USE_GNUTLS) || defined(OPENSSL_NO_SSL2) | ||
59 | printf(("%s\n", _("CRITICAL - SSL protocol version 2 is not supported by your SSL library."))); | ||
60 | return STATE_CRITICAL; | ||
61 | #else | ||
62 | method = SSLv2_client_method(); | ||
63 | #endif | ||
64 | break; | ||
65 | case 3: /* SSLv3 protocol */ | ||
66 | method = SSLv3_client_method(); | ||
67 | break; | ||
68 | default: /* Unsupported */ | ||
69 | printf("%s\n", _("CRITICAL - Unsupported SSL protocol version.")); | ||
70 | return STATE_CRITICAL; | ||
71 | } | ||
72 | if (!initialized) { | ||
73 | /* Initialize SSL context */ | ||
74 | SSLeay_add_ssl_algorithms(); | ||
75 | SSL_load_error_strings(); | ||
76 | OpenSSL_add_all_algorithms(); | ||
77 | initialized = 1; | ||
78 | } | ||
79 | if ((c = SSL_CTX_new(method)) == NULL) { | ||
80 | printf("%s\n", _("CRITICAL - Cannot create SSL context.")); | ||
81 | return STATE_CRITICAL; | ||
82 | } | ||
83 | #ifdef SSL_OP_NO_TICKET | ||
84 | SSL_CTX_set_options(c, SSL_OP_NO_TICKET); | ||
85 | #endif | ||
86 | if ((s = SSL_new(c)) != NULL) { | ||
56 | #ifdef SSL_set_tlsext_host_name | 87 | #ifdef SSL_set_tlsext_host_name |
57 | if (host_name != NULL) | 88 | if (host_name != NULL) |
58 | SSL_set_tlsext_host_name(s, host_name); | 89 | SSL_set_tlsext_host_name(s, host_name); |
59 | #endif | 90 | #endif |
60 | SSL_set_fd (s, sd); | 91 | SSL_set_fd(s, sd); |
61 | if (SSL_connect(s) == 1){ | 92 | if (SSL_connect(s) == 1) { |
62 | return OK; | 93 | return OK; |
63 | } else { | 94 | } else { |
64 | printf ("%s\n", _("CRITICAL - Cannot make SSL connection ")); | 95 | printf("%s\n", _("CRITICAL - Cannot make SSL connection.")); |
65 | # ifdef USE_OPENSSL /* XXX look into ERR_error_string */ | 96 | # ifdef USE_OPENSSL /* XXX look into ERR_error_string */ |
66 | ERR_print_errors_fp (stdout); | 97 | ERR_print_errors_fp(stdout); |
67 | # endif /* USE_OPENSSL */ | 98 | # endif /* USE_OPENSSL */ |
68 | } | ||
69 | } else { | ||
70 | printf ("%s\n", _("CRITICAL - Cannot initiate SSL handshake.")); | ||
71 | } | 99 | } |
72 | return STATE_CRITICAL; | 100 | } else { |
101 | printf("%s\n", _("CRITICAL - Cannot initiate SSL handshake.")); | ||
102 | } | ||
103 | return STATE_CRITICAL; | ||
73 | } | 104 | } |
74 | 105 | ||
75 | void np_net_ssl_cleanup (){ | 106 | void np_net_ssl_cleanup() { |
76 | if(s){ | 107 | if (s) { |
77 | #ifdef SSL_set_tlsext_host_name | 108 | #ifdef SSL_set_tlsext_host_name |
78 | SSL_set_tlsext_host_name(s, NULL); | 109 | SSL_set_tlsext_host_name(s, NULL); |
79 | #endif | 110 | #endif |
80 | SSL_shutdown (s); | 111 | SSL_shutdown(s); |
81 | SSL_free (s); | 112 | SSL_free(s); |
82 | if(c) { | 113 | if (c) { |
83 | SSL_CTX_free (c); | 114 | SSL_CTX_free(c); |
84 | c=NULL; | 115 | c=NULL; |
85 | } | ||
86 | s=NULL; | ||
87 | } | 116 | } |
117 | s=NULL; | ||
118 | } | ||
88 | } | 119 | } |
89 | 120 | ||
90 | int np_net_ssl_write(const void *buf, int num){ | 121 | int np_net_ssl_write(const void *buf, int num) { |
91 | return SSL_write(s, buf, num); | 122 | return SSL_write(s, buf, num); |
92 | } | 123 | } |
93 | 124 | ||
94 | int np_net_ssl_read(void *buf, int num){ | 125 | int np_net_ssl_read(void *buf, int num) { |
95 | return SSL_read(s, buf, num); | 126 | return SSL_read(s, buf, num); |
96 | } | 127 | } |
97 | 128 | ||
98 | int np_net_ssl_check_cert(int days_till_exp){ | 129 | int np_net_ssl_check_cert(int days_till_exp) { |
99 | # ifdef USE_OPENSSL | 130 | # ifdef USE_OPENSSL |
100 | X509 *certificate=NULL; | 131 | X509 *certificate=NULL; |
101 | X509_NAME *subj=NULL; | 132 | X509_NAME *subj=NULL; |
@@ -111,29 +142,29 @@ int np_net_ssl_check_cert(int days_till_exp){ | |||
111 | char timestamp[17] = ""; | 142 | char timestamp[17] = ""; |
112 | 143 | ||
113 | certificate=SSL_get_peer_certificate(s); | 144 | certificate=SSL_get_peer_certificate(s); |
114 | if(! certificate){ | 145 | if (!certificate) { |
115 | printf ("%s\n",_("CRITICAL - Cannot retrieve server certificate.")); | 146 | printf("%s\n",_("CRITICAL - Cannot retrieve server certificate.")); |
116 | return STATE_CRITICAL; | 147 | return STATE_CRITICAL; |
117 | } | 148 | } |
118 | 149 | ||
119 | /* Extract CN from certificate subject */ | 150 | /* Extract CN from certificate subject */ |
120 | subj=X509_get_subject_name(certificate); | 151 | subj=X509_get_subject_name(certificate); |
121 | 152 | ||
122 | if(! subj){ | 153 | if (!subj) { |
123 | printf ("%s\n",_("CRITICAL - Cannot retrieve certificate subject.")); | 154 | printf("%s\n",_("CRITICAL - Cannot retrieve certificate subject.")); |
124 | return STATE_CRITICAL; | 155 | return STATE_CRITICAL; |
125 | } | 156 | } |
126 | cnlen = X509_NAME_get_text_by_NID (subj, NID_commonName, cn, sizeof(cn)); | 157 | cnlen = X509_NAME_get_text_by_NID(subj, NID_commonName, cn, sizeof(cn)); |
127 | if ( cnlen == -1 ) | 158 | if (cnlen == -1) |
128 | strcpy(cn , _("Unknown CN")); | 159 | strcpy(cn, _("Unknown CN")); |
129 | 160 | ||
130 | /* Retrieve timestamp of certificate */ | 161 | /* Retrieve timestamp of certificate */ |
131 | tm = X509_get_notAfter (certificate); | 162 | tm = X509_get_notAfter(certificate); |
132 | 163 | ||
133 | /* Generate tm structure to process timestamp */ | 164 | /* Generate tm structure to process timestamp */ |
134 | if (tm->type == V_ASN1_UTCTIME) { | 165 | if (tm->type == V_ASN1_UTCTIME) { |
135 | if (tm->length < 10) { | 166 | if (tm->length < 10) { |
136 | printf ("%s\n", _("CRITICAL - Wrong time format in certificate.")); | 167 | printf("%s\n", _("CRITICAL - Wrong time format in certificate.")); |
137 | return STATE_CRITICAL; | 168 | return STATE_CRITICAL; |
138 | } else { | 169 | } else { |
139 | stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0'); | 170 | stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0'); |
@@ -143,7 +174,7 @@ int np_net_ssl_check_cert(int days_till_exp){ | |||
143 | } | 174 | } |
144 | } else { | 175 | } else { |
145 | if (tm->length < 12) { | 176 | if (tm->length < 12) { |
146 | printf ("%s\n", _("CRITICAL - Wrong time format in certificate.")); | 177 | printf("%s\n", _("CRITICAL - Wrong time format in certificate.")); |
147 | return STATE_CRITICAL; | 178 | return STATE_CRITICAL; |
148 | } else { | 179 | } else { |
149 | stamp.tm_year = | 180 | stamp.tm_year = |
@@ -172,22 +203,22 @@ int np_net_ssl_check_cert(int days_till_exp){ | |||
172 | stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); | 203 | stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); |
173 | 204 | ||
174 | if (days_left > 0 && days_left <= days_till_exp) { | 205 | if (days_left > 0 && days_left <= days_till_exp) { |
175 | printf (_("WARNING - Certificate '%s' expires in %d day(s) (%s).\n"), cn, days_left, timestamp); | 206 | printf(_("WARNING - Certificate '%s' expires in %d day(s) (%s).\n"), cn, days_left, timestamp); |
176 | status=STATE_WARNING; | 207 | status=STATE_WARNING; |
177 | } else if (time_left < 0) { | 208 | } else if (time_left < 0) { |
178 | printf (_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp); | 209 | printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp); |
179 | status=STATE_CRITICAL; | 210 | status=STATE_CRITICAL; |
180 | } else if (days_left == 0) { | 211 | } else if (days_left == 0) { |
181 | printf (_("WARNING - Certificate '%s' expires today (%s).\n"), cn, timestamp); | 212 | printf(_("WARNING - Certificate '%s' expires today (%s).\n"), cn, timestamp); |
182 | status=STATE_WARNING; | 213 | status=STATE_WARNING; |
183 | } else { | 214 | } else { |
184 | printf (_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp); | 215 | printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp); |
185 | status=STATE_OK; | 216 | status=STATE_OK; |
186 | } | 217 | } |
187 | X509_free (certificate); | 218 | X509_free(certificate); |
188 | return status; | 219 | return status; |
189 | # else /* ifndef USE_OPENSSL */ | 220 | # else /* ifndef USE_OPENSSL */ |
190 | printf ("%s\n", _("WARNING - Plugin does not support checking certificates.")); | 221 | printf("%s\n", _("WARNING - Plugin does not support checking certificates.")); |
191 | return STATE_WARNING; | 222 | return STATE_WARNING; |
192 | # endif /* USE_OPENSSL */ | 223 | # endif /* USE_OPENSSL */ |
193 | } | 224 | } |
diff --git a/plugins/t/check_by_ssh.t b/plugins/t/check_by_ssh.t index cca72c9..8d1b190 100644 --- a/plugins/t/check_by_ssh.t +++ b/plugins/t/check_by_ssh.t | |||
@@ -27,11 +27,11 @@ plan skip_all => "SSH_HOST and SSH_IDENTITY must be defined" unless ($ssh_servic | |||
27 | plan tests => 42; | 27 | plan tests => 42; |
28 | 28 | ||
29 | # Some random check strings/response | 29 | # Some random check strings/response |
30 | my @responce = ('OK: Everything is fine!', | 30 | my @responce = ('OK: Everything is fine', |
31 | 'WARNING: Hey, pick me, pick me!', | 31 | 'WARNING: Hey, pick me, pick me', |
32 | 'CRITICAL: Shit happens...', | 32 | 'CRITICAL: Shit happens', |
33 | 'UNKNOWN: What can I do for ya?', | 33 | 'UNKNOWN: What can I do for ya', |
34 | 'WOOPS: What did I smoke?', | 34 | 'WOOPS: What did I smoke', |
35 | ); | 35 | ); |
36 | my @responce_re; | 36 | my @responce_re; |
37 | my @check; | 37 | my @check; |