summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitignore1
-rw-r--r--NEWS8
-rw-r--r--THANKS.in7
-rw-r--r--plugins-root/check_dhcp.c20
-rwxr-xr-xplugins-scripts/check_disk_smb.pl44
-rw-r--r--plugins-scripts/utils.sh.in85
-rw-r--r--plugins/Makefile.am2
-rw-r--r--plugins/check_http.c25
-rw-r--r--plugins/check_ping.c42
-rw-r--r--plugins/check_users.c68
-rw-r--r--plugins/sslutils.c143
-rw-r--r--plugins/t/check_by_ssh.t10
12 files changed, 290 insertions, 165 deletions
diff --git a/.gitignore b/.gitignore
index 7def6f80..0ffb91e8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,6 +20,7 @@ NP-VERSION-FILE
20/Makefile 20/Makefile
21/Makefile.in 21/Makefile.in
22/missing 22/missing
23/nagios-plugins.spec
23/stamp-h1 24/stamp-h1
24/test.pl 25/test.pl
25/THANKS 26/THANKS
diff --git a/NEWS b/NEWS
index 1234178a..2ccc65d1 100644
--- a/NEWS
+++ b/NEWS
@@ -6,10 +6,14 @@ This file documents the major additions and syntax changes between releases.
6 check_disk_smb now allows spaces in share names (#990948, #1370031, Debian #601699) 6 check_disk_smb now allows spaces in share names (#990948, #1370031, Debian #601699)
7 check_http now uses standard threshold functions (enables floating point and ranges) 7 check_http now uses standard threshold functions (enables floating point and ranges)
8 check_http now checks for and prints the certificate cn (hostname) in SSL certificate checks (Stéphane Urbanovski) 8 check_http now checks for and prints the certificate cn (hostname) in SSL certificate checks (Stéphane Urbanovski)
9 check_http now supports an optional -S/--ssl value to choose the SSL protocol version (#3066166 - Jason Lunn)
9 Add perfdata to check_ssh (#3244097 - Marco Beck) 10 Add perfdata to check_ssh (#3244097 - Marco Beck)
10 New option to check_smtp to ignore failures when sending QUIT (#3358348 - Duncan Ferguson) 11 New option to check_smtp to ignore failures when sending QUIT (#3358348 - Duncan Ferguson)
11 New check_by_ssh -F option which allows for specifying an alternative ssh_config(5) file (#2895334 - Sven Nierlein) 12 New check_by_ssh -F option which allows for specifying an alternative ssh_config(5) file (#2895334 - Sven Nierlein)
12 check_sensors now detects faulty sensors unless --ignore-fault is specified (Jan Wagner) 13 check_sensors now detects faulty sensors unless --ignore-fault is specified (Jan Wagner)
14 utils.sh now provides a check_range function (Alex Griffin)
15 Improved the performance of check_users (Marc Remy)
16 Add perfdata to check_disk_smb (Debian #654259 - Charles-Henri Larose)
13 Updated Nagios::Plugin perl module 17 Updated Nagios::Plugin perl module
14 18
15 FIXES 19 FIXES
@@ -20,7 +24,9 @@ This file documents the major additions and syntax changes between releases.
20 Fix check_procs where regex input of '|' would get displayed in output - now replaced with ',' 24 Fix check_procs where regex input of '|' would get displayed in output - now replaced with ','
21 Fix segfault in check_host when hostname returns multiple IP addresses (Sebastian Harl) 25 Fix segfault in check_host when hostname returns multiple IP addresses (Sebastian Harl)
22 Fix check_smtp and check_tcp where duplicate messages were displayed for certificate errors 26 Fix check_smtp and check_tcp where duplicate messages were displayed for certificate errors
23 Fix check_ping where output of ping6 when unreachable (Debian #662638) 27 Fix check_ping's parsing of ping6(1) output (#1894850, Debian #514588, Debian #662638 - Matej Vela)
28 Fix a check_dhcp bug which was triggered by using it to check Windows 2003 DHCP servers (#3503921)
29 Disable RFC4507 support, to work around SSL negotiation issues with (at least) some Tomcat versions
24 30
251.4.15 27th July 2010 311.4.15 27th July 2010
26 ENHANCEMENTS 32 ENHANCEMENTS
diff --git a/THANKS.in b/THANKS.in
index c6775bcd..470a7ee5 100644
--- a/THANKS.in
+++ b/THANKS.in
@@ -269,3 +269,10 @@ Ryan Kelly
269Stéphane Urbanovski 269Stéphane Urbanovski
270Marco Beck 270Marco Beck
271Sebastian Harl 271Sebastian Harl
272Jason Lunn
273Alex Griffin
274Marc Remy
275Matej Vela
276Jason Ellison
277Charles-Henri Larose
278Tobias Brox
diff --git a/plugins-root/check_dhcp.c b/plugins-root/check_dhcp.c
index 2a1875c4..b02ee49c 100644
--- a/plugins-root/check_dhcp.c
+++ b/plugins-root/check_dhcp.c
@@ -141,7 +141,7 @@ typedef struct dhcp_packet_struct{
141 u_int16_t flags; /* flags */ 141 u_int16_t flags; /* flags */
142 struct in_addr ciaddr; /* IP address of this machine (if we already have one) */ 142 struct in_addr ciaddr; /* IP address of this machine (if we already have one) */
143 struct in_addr yiaddr; /* IP address of this machine (offered by the DHCP server) */ 143 struct in_addr yiaddr; /* IP address of this machine (offered by the DHCP server) */
144 struct in_addr siaddr; /* IP address of DHCP server */ 144 struct in_addr siaddr; /* IP address of next server */
145 struct in_addr giaddr; /* IP address of DHCP relay */ 145 struct in_addr giaddr; /* IP address of DHCP relay */
146 unsigned char chaddr [MAX_DHCP_CHADDR_LENGTH]; /* hardware address of this machine */ 146 unsigned char chaddr [MAX_DHCP_CHADDR_LENGTH]; /* hardware address of this machine */
147 char sname [MAX_DHCP_SNAME_LENGTH]; /* name of DHCP server */ 147 char sname [MAX_DHCP_SNAME_LENGTH]; /* name of DHCP server */
@@ -587,11 +587,6 @@ int get_dhcp_offer(int sock){
587 /* Save a copy of "source" into "via" even if it's via itself */ 587 /* Save a copy of "source" into "via" even if it's via itself */
588 memcpy(&via,&source,sizeof(source)) ; 588 memcpy(&via,&source,sizeof(source)) ;
589 589
590 /* If siaddr is non-zero, set "source" to siaddr */
591 if(offer_packet.siaddr.s_addr != 0L){
592 source.sin_addr.s_addr = offer_packet.siaddr.s_addr ;
593 }
594
595 if(verbose){ 590 if(verbose){
596 printf(_("DHCPOFFER from IP address %s"),inet_ntoa(source.sin_addr)); 591 printf(_("DHCPOFFER from IP address %s"),inet_ntoa(source.sin_addr));
597 printf(_(" via %s\n"),inet_ntoa(via.sin_addr)); 592 printf(_(" via %s\n"),inet_ntoa(via.sin_addr));
@@ -839,8 +834,7 @@ int add_dhcp_offer(struct in_addr source,dhcp_packet *offer_packet){
839 /* process all DHCP options present in the packet */ 834 /* process all DHCP options present in the packet */
840 for(x=4;x<MAX_DHCP_OPTIONS_LENGTH;){ 835 for(x=4;x<MAX_DHCP_OPTIONS_LENGTH;){
841 836
842 /* end of options (0 is really just a pad, but bail out anyway) */ 837 if((int)offer_packet->options[x]==-1)
843 if((int)offer_packet->options[x]==-1 || (int)offer_packet->options[x]==0)
844 break; 838 break;
845 839
846 /* get option type */ 840 /* get option type */
@@ -872,7 +866,9 @@ int add_dhcp_offer(struct in_addr source,dhcp_packet *offer_packet){
872 } 866 }
873 867
874 /* skip option data we're ignoring */ 868 /* skip option data we're ignoring */
875 if(option_type!=DHCP_OPTION_REBINDING_TIME) 869 if(option_type==0) /* "pad" option, see RFC 2132 (3.1) */
870 x+=1;
871 else
876 x+=option_length; 872 x+=option_length;
877 } 873 }
878 874
@@ -903,9 +899,9 @@ int add_dhcp_offer(struct in_addr source,dhcp_packet *offer_packet){
903 * the next bootstrap service (e.g., delivery of an operating system 899 * the next bootstrap service (e.g., delivery of an operating system
904 * executable image). A DHCP server always returns its own address in 900 * executable image). A DHCP server always returns its own address in
905 * the 'server identifier' option." 'serv_ident' is the 'server 901 * the 'server identifier' option." 'serv_ident' is the 'server
906 * identifier' option, 'source' is the 'siaddr' field or (if 'siaddr' 902 * identifier' option, 'source' is the IP address we received the
907 * wasn't available) the IP address we received the DHCPOFFER from. If 903 * DHCPOFFER from. If 'serv_ident' isn't available for some reason, we
908 * 'serv_ident' isn't available for some reason, we use 'source'. 904 * use 'source'.
909 */ 905 */
910 new_offer->server_address=serv_ident.s_addr?serv_ident:source; 906 new_offer->server_address=serv_ident.s_addr?serv_ident:source;
911 new_offer->offered_address=offer_packet->yiaddr; 907 new_offer->offered_address=offer_packet->yiaddr;
diff --git a/plugins-scripts/check_disk_smb.pl b/plugins-scripts/check_disk_smb.pl
index 6783543b..43841c36 100755
--- a/plugins-scripts/check_disk_smb.pl
+++ b/plugins-scripts/check_disk_smb.pl
@@ -166,6 +166,7 @@ my $address = $1 if (defined($opt_a) && $opt_a =~ /(.*)/);
166my $state = "OK"; 166my $state = "OK";
167my $answer = undef; 167my $answer = undef;
168my $res = undef; 168my $res = undef;
169my $perfdata = "";
169my @lines = undef; 170my @lines = undef;
170 171
171# Just in case of problems, let's not hang Nagios 172# Just in case of problems, let's not hang Nagios
@@ -204,11 +205,23 @@ $_ = $lines[$#lines];
204#If line does not match required regexp, return an UNKNOWN error 205#If line does not match required regexp, return an UNKNOWN error
205if (/\s*(\d*) blocks of size (\d*)\. (\d*) blocks available/) { 206if (/\s*(\d*) blocks of size (\d*)\. (\d*) blocks available/) {
206 207
207 my ($avail) = ($3*$2)/1024; 208 my ($avail_bytes) = $3 * $2;
208 my ($avail_bytes) = $avail; 209 my ($total_bytes) = $1 * $2;
210 my ($occupied_bytes) = $1 * $2 - $avail_bytes;
211 my ($avail) = $avail_bytes/1024;
209 my ($capper) = int(($3/$1)*100); 212 my ($capper) = int(($3/$1)*100);
210 my ($mountpt) = "\\\\$host\\$share"; 213 my ($mountpt) = "\\\\$host\\$share";
211 214
215 # TODO : why is the kB the standard unit for args ?
216 my ($warn_bytes) = $total_bytes - $warn * 1024;
217 if ($warn_type eq "P") {
218 $warn_bytes = $warn * $1 * $2 / 100;
219 }
220 my ($crit_bytes) = $total_bytes - $crit * 1024;
221 if ($crit_type eq "P") {
222 $crit_bytes = $crit * $1 * $2 / 100;
223 }
224
212 225
213 if (int($avail / 1024) > 0) { 226 if (int($avail / 1024) > 0) {
214 $avail = int($avail / 1024); 227 $avail = int($avail / 1024);
@@ -225,32 +238,37 @@ if (/\s*(\d*) blocks of size (\d*)\. (\d*) blocks available/) {
225#print ":$warn:$warn_type:\n"; 238#print ":$warn:$warn_type:\n";
226#print ":$crit:$crit_type:\n"; 239#print ":$crit:$crit_type:\n";
227#print ":$avail:$avail_bytes:$capper:$mountpt:\n"; 240#print ":$avail:$avail_bytes:$capper:$mountpt:\n";
241 $perfdata = "'" . $share . "'=" . $occupied_bytes . 'B;'
242 . $warn_bytes . ';'
243 . $crit_bytes . ';'
244 . '0;'
245 . $total_bytes;
228 246
229 if ((($warn_type eq "P") && (100 - $capper) < $warn) || (($warn_type eq "K") && ($avail_bytes > $warn))) { 247 if ($occupied_bytes > $crit_bytes) {
230 $answer = "Disk ok - $avail ($capper%) free on $mountpt\n"; 248 $state = "CRITICAL";
231 } elsif ((($crit_type eq "P") && (100 - $capper) < $crit) || (($crit_type eq "K") && ($avail_bytes > $crit))) { 249 $answer = "CRITICAL: Only $avail ($capper%) free on $mountpt";
250 } elsif ( $occupied_bytes > $warn_bytes ) {
232 $state = "WARNING"; 251 $state = "WARNING";
233 $answer = "WARNING: Only $avail ($capper%) free on $mountpt\n"; 252 $answer = "WARNING: Only $avail ($capper%) free on $mountpt";
234 } else { 253 } else {
235 $state = "CRITICAL"; 254 $answer = "Disk ok - $avail ($capper%) free on $mountpt";
236 $answer = "CRITICAL: Only $avail ($capper%) free on $mountpt\n";
237 } 255 }
238} else { 256} else {
239 $answer = "Result from smbclient not suitable\n"; 257 $answer = "Result from smbclient not suitable";
240 $state = "UNKNOWN"; 258 $state = "UNKNOWN";
241 foreach (@lines) { 259 foreach (@lines) {
242 if (/(Access denied|NT_STATUS_LOGON_FAILURE|NT_STATUS_ACCESS_DENIED)/) { 260 if (/(Access denied|NT_STATUS_LOGON_FAILURE|NT_STATUS_ACCESS_DENIED)/) {
243 $answer = "Access Denied\n"; 261 $answer = "Access Denied";
244 $state = "CRITICAL"; 262 $state = "CRITICAL";
245 last; 263 last;
246 } 264 }
247 if (/(Unknown host \w*|Connection.*failed)/) { 265 if (/(Unknown host \w*|Connection.*failed)/) {
248 $answer = "$1\n"; 266 $answer = "$1";
249 $state = "CRITICAL"; 267 $state = "CRITICAL";
250 last; 268 last;
251 } 269 }
252 if (/(You specified an invalid share name|NT_STATUS_BAD_NETWORK_NAME)/) { 270 if (/(You specified an invalid share name|NT_STATUS_BAD_NETWORK_NAME)/) {
253 $answer = "Invalid share name \\\\$host\\$share\n"; 271 $answer = "Invalid share name \\\\$host\\$share";
254 $state = "CRITICAL"; 272 $state = "CRITICAL";
255 last; 273 last;
256 } 274 }
@@ -259,6 +277,8 @@ if (/\s*(\d*) blocks of size (\d*)\. (\d*) blocks available/) {
259 277
260 278
261print $answer; 279print $answer;
280print " | " . $perfdata if ($perfdata);
281print "\n";
262print "$state\n" if ($verbose); 282print "$state\n" if ($verbose);
263exit $ERRORS{$state}; 283exit $ERRORS{$state};
264 284
diff --git a/plugins-scripts/utils.sh.in b/plugins-scripts/utils.sh.in
index b30b9083..5fae6adb 100644
--- a/plugins-scripts/utils.sh.in
+++ b/plugins-scripts/utils.sh.in
@@ -21,3 +21,88 @@ support() {
21 $ECHO "@SUPPORT@" | sed -e 's/\n/ /g' 21 $ECHO "@SUPPORT@" | sed -e 's/\n/ /g'
22} 22}
23 23
24#
25# check_range takes a value and a range string, returning successfully if an
26# alert should be raised based on the range.
27#
28check_range() {
29 local v range yes no err decimal start end cmp match
30 v="$1"
31 range="$2"
32
33 # whether to raise an alert or not
34 yes=0
35 no=1
36 err=2
37
38 # regex to match a decimal number
39 decimal="-?([0-9]+\.?[0-9]*|[0-9]*\.[0-9]+)"
40
41 # compare numbers (including decimals), returning true/false
42 cmp() { awk "BEGIN{ if ($1) exit(0); exit(1)}"; }
43
44 # returns successfully if the string in the first argument matches the
45 # regex in the second
46 match() { echo "$1" | grep -E -q -- "$2"; }
47
48 # make sure value is valid
49 if ! match "$v" "^$decimal$"; then
50 echo "${0##*/}: check_range: invalid value" >&2
51 unset -f cmp match
52 return "$err"
53 fi
54
55 # make sure range is valid
56 if ! match "$range" "^@?(~|$decimal)(:($decimal)?)?$"; then
57 echo "${0##*/}: check_range: invalid range" >&2
58 unset -f cmp match
59 return "$err"
60 fi
61
62 # check for leading @ char, which negates the range
63 if match $range '^@'; then
64 range=${range#@}
65 yes=1
66 no=0
67 fi
68
69 # parse the range string
70 if ! match "$range" ':'; then
71 start=0
72 end="$range"
73 else
74 start="${range%%:*}"
75 end="${range#*:}"
76 fi
77
78 # do the comparison, taking positive ("") and negative infinity ("~")
79 # into account
80 if [ "$start" != "~" ] && [ "$end" != "" ]; then
81 if cmp "$start <= $v" && cmp "$v <= $end"; then
82 unset -f cmp match
83 return "$no"
84 else
85 unset -f cmp match
86 return "$yes"
87 fi
88 elif [ "$start" != "~" ] && [ "$end" = "" ]; then
89 if cmp "$start <= $v"; then
90 unset -f cmp match
91 return "$no"
92 else
93 unset -f cmp match
94 return "$yes"
95 fi
96 elif [ "$start" = "~" ] && [ "$end" != "" ]; then
97 if cmp "$v <= $end"; then
98 unset -f cmp match
99 return "$no"
100 else
101 unset -f cmp match
102 return "$yes"
103 fi
104 else
105 unset -f cmp match
106 return "$no"
107 fi
108}
diff --git a/plugins/Makefile.am b/plugins/Makefile.am
index 36a28b0b..3a2afc15 100644
--- a/plugins/Makefile.am
+++ b/plugins/Makefile.am
@@ -101,7 +101,7 @@ check_tcp_LDADD = $(SSLOBJS) $(NETLIBS) $(SSLLIBS)
101check_time_LDADD = $(NETLIBS) 101check_time_LDADD = $(NETLIBS)
102check_ntp_time_LDADD = $(NETLIBS) $(MATHLIBS) 102check_ntp_time_LDADD = $(NETLIBS) $(MATHLIBS)
103check_ups_LDADD = $(NETLIBS) 103check_ups_LDADD = $(NETLIBS)
104check_users_LDADD = $(BASEOBJS) popen.o 104check_users_LDADD = $(BASEOBJS)
105check_by_ssh_LDADD = $(NETLIBS) 105check_by_ssh_LDADD = $(NETLIBS)
106check_ide_smart_LDADD = $(BASEOBJS) 106check_ide_smart_LDADD = $(BASEOBJS)
107negate_LDADD = $(BASEOBJS) 107negate_LDADD = $(BASEOBJS)
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 3175f6cb..315848fc 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -34,7 +34,7 @@
34/* splint -I. -I../../plugins -I../../lib/ -I/usr/kerberos/include/ ../../plugins/check_http.c */ 34/* splint -I. -I../../plugins -I../../lib/ -I/usr/kerberos/include/ ../../plugins/check_http.c */
35 35
36const char *progname = "check_http"; 36const char *progname = "check_http";
37const char *copyright = "1999-2008"; 37const char *copyright = "1999-2011";
38const char *email = "nagiosplug-devel@lists.sourceforge.net"; 38const char *email = "nagiosplug-devel@lists.sourceforge.net";
39 39
40#include "common.h" 40#include "common.h"
@@ -59,6 +59,7 @@ enum {
59#ifdef HAVE_SSL 59#ifdef HAVE_SSL
60int check_cert = FALSE; 60int check_cert = FALSE;
61int days_till_exp; 61int days_till_exp;
62int ssl_version;
62char *randbuff; 63char *randbuff;
63X509 *server_cert; 64X509 *server_cert;
64# define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) 65# define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
@@ -188,7 +189,7 @@ process_arguments (int argc, char **argv)
188 STD_LONG_OPTS, 189 STD_LONG_OPTS,
189 {"link", no_argument, 0, 'L'}, 190 {"link", no_argument, 0, 'L'},
190 {"nohtml", no_argument, 0, 'n'}, 191 {"nohtml", no_argument, 0, 'n'},
191 {"ssl", no_argument, 0, 'S'}, 192 {"ssl", optional_argument, 0, 'S'},
192 {"sni", no_argument, 0, SNI_OPTION}, 193 {"sni", no_argument, 0, SNI_OPTION},
193 {"post", required_argument, 0, 'P'}, 194 {"post", required_argument, 0, 'P'},
194 {"method", required_argument, 0, 'j'}, 195 {"method", required_argument, 0, 'j'},
@@ -234,7 +235,7 @@ process_arguments (int argc, char **argv)
234 } 235 }
235 236
236 while (1) { 237 while (1) {
237 c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:e:p:s:R:r:u:f:C:nlLSm:M:N", longopts, &option); 238 c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:e:p:s:R:r:u:f:C:nlLS::m:M:N", longopts, &option);
238 if (c == -1 || c == EOF) 239 if (c == -1 || c == EOF)
239 break; 240 break;
240 241
@@ -294,6 +295,13 @@ process_arguments (int argc, char **argv)
294 usage4 (_("Invalid option - SSL is not available")); 295 usage4 (_("Invalid option - SSL is not available"));
295#endif 296#endif
296 use_ssl = TRUE; 297 use_ssl = TRUE;
298 if (optarg == NULL || c != 'S')
299 ssl_version = 0;
300 else {
301 ssl_version = atoi(optarg);
302 if (ssl_version < 1 || ssl_version > 3)
303 usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2) or 3 (SSLv3)"));
304 }
297 if (specify_port == FALSE) 305 if (specify_port == FALSE)
298 server_port = HTTPS_PORT; 306 server_port = HTTPS_PORT;
299 break; 307 break;
@@ -798,7 +806,9 @@ check_http (void)
798 die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); 806 die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
799#ifdef HAVE_SSL 807#ifdef HAVE_SSL
800 if (use_ssl == TRUE) { 808 if (use_ssl == TRUE) {
801 np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL)); 809 result = np_net_ssl_init_with_hostname_and_version(sd, (use_sni ? host_name : NULL), ssl_version);
810 if (result != STATE_OK)
811 return result;
802 if (check_cert == TRUE) { 812 if (check_cert == TRUE) {
803 result = np_net_ssl_check_cert(days_till_exp); 813 result = np_net_ssl_check_cert(days_till_exp);
804 np_net_ssl_cleanup(); 814 np_net_ssl_cleanup();
@@ -1323,8 +1333,9 @@ print_help (void)
1323 printf (UT_IPv46); 1333 printf (UT_IPv46);
1324 1334
1325#ifdef HAVE_SSL 1335#ifdef HAVE_SSL
1326 printf (" %s\n", "-S, --ssl"); 1336 printf (" %s\n", "-S, --ssl=VERSION");
1327 printf (" %s\n", _("Connect via SSL. Port defaults to 443")); 1337 printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents"));
1338 printf (" %s\n", _("auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3)."));
1328 printf (" %s\n", "--sni"); 1339 printf (" %s\n", "--sni");
1329 printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); 1340 printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
1330 printf (" %s\n", "-C, --certificate=INTEGER"); 1341 printf (" %s\n", "-C, --certificate=INTEGER");
@@ -1433,6 +1444,6 @@ print_usage (void)
1433 printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n"); 1444 printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
1434 printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); 1445 printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
1435 printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n"); 1446 printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
1436 printf (" [-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]\n"); 1447 printf (" [-A string] [-k string] [-S <version>] [--sni] [-C <age>] [-T <content-type>]\n");
1437 printf (" [-j method]\n"); 1448 printf (" [-j method]\n");
1438} 1449}
diff --git a/plugins/check_ping.c b/plugins/check_ping.c
index 9f9dcabd..23dcd6a8 100644
--- a/plugins/check_ping.c
+++ b/plugins/check_ping.c
@@ -432,6 +432,7 @@ run_ping (const char *cmd, const char *addr)
432{ 432{
433 char buf[MAX_INPUT_BUFFER]; 433 char buf[MAX_INPUT_BUFFER];
434 int result = STATE_UNKNOWN; 434 int result = STATE_UNKNOWN;
435 int match;
435 436
436 if ((child_process = spopen (cmd)) == NULL) 437 if ((child_process = spopen (cmd)) == NULL)
437 die (STATE_UNKNOWN, _("Could not open pipe: %s\n"), cmd); 438 die (STATE_UNKNOWN, _("Could not open pipe: %s\n"), cmd);
@@ -448,28 +449,29 @@ run_ping (const char *cmd, const char *addr)
448 result = max_state (result, error_scan (buf, addr)); 449 result = max_state (result, error_scan (buf, addr));
449 450
450 /* get the percent loss statistics */ 451 /* get the percent loss statistics */
451 if(sscanf(buf,"%*d packets transmitted, %*d packets received, +%*d errors, %d%% packet loss",&pl)==1 || 452 match = 0;
452 sscanf(buf,"%*d packets transmitted, %*d packets received, +%*d duplicates, %d%% packet loss", &pl) == 1 || 453 if((sscanf(buf,"%*d packets transmitted, %*d packets received, +%*d errors, %d%% packet loss%n",&pl,&match) && match) ||
453 sscanf(buf,"%*d packets transmitted, %*d received, +%*d duplicates, %d%% packet loss", &pl) == 1 || 454 (sscanf(buf,"%*d packets transmitted, %*d packets received, +%*d duplicates, %d%% packet loss%n",&pl,&match) && match) ||
454 sscanf(buf,"%*d packets transmitted, %*d packets received, %d%% packet loss",&pl)==1 || 455 (sscanf(buf,"%*d packets transmitted, %*d received, +%*d duplicates, %d%% packet loss%n",&pl,&match) && match) ||
455 sscanf(buf,"%*d packets transmitted, %*d packets received, %d%% loss, time",&pl)==1 || 456 (sscanf(buf,"%*d packets transmitted, %*d packets received, %d%% packet loss%n",&pl,&match) && match) ||
456 sscanf(buf,"%*d packets transmitted, %*d received, %d%% loss, time", &pl)==1 || 457 (sscanf(buf,"%*d packets transmitted, %*d packets received, %d%% loss, time%n",&pl,&match) && match) ||
457 sscanf(buf,"%*d packets transmitted, %*d received, %d%% packet loss, time", &pl)==1 || 458 (sscanf(buf,"%*d packets transmitted, %*d received, %d%% loss, time%n",&pl,&match) && match) ||
458 sscanf(buf,"%*d packets transmitted, %*d received, +%*d errors, %d%% packet loss", &pl) == 1 || 459 (sscanf(buf,"%*d packets transmitted, %*d received, %d%% packet loss, time%n",&pl,&match) && match) ||
459 sscanf(buf,"%*d packets transmitted %*d received, +%*d errors, %d%% packet loss", &pl) == 1 460 (sscanf(buf,"%*d packets transmitted, %*d received, +%*d errors, %d%% packet loss%n",&pl,&match) && match) ||
461 (sscanf(buf,"%*d packets transmitted %*d received, +%*d errors, %d%% packet loss%n",&pl,&match) && match)
460 ) 462 )
461 continue; 463 continue;
462 464
463 /* get the round trip average */ 465 /* get the round trip average */
464 else 466 else
465 if(sscanf(buf,"round-trip min/avg/max = %*f/%f/%*f",&rta)==1 || 467 if((sscanf(buf,"round-trip min/avg/max = %*f/%f/%*f%n",&rta,&match) && match) ||
466 sscanf(buf,"round-trip min/avg/max/mdev = %*f/%f/%*f/%*f",&rta)==1 || 468 (sscanf(buf,"round-trip min/avg/max/mdev = %*f/%f/%*f/%*f%n",&rta,&match) && match) ||
467 sscanf(buf,"round-trip min/avg/max/sdev = %*f/%f/%*f/%*f",&rta)==1 || 469 (sscanf(buf,"round-trip min/avg/max/sdev = %*f/%f/%*f/%*f%n",&rta,&match) && match) ||
468 sscanf(buf,"round-trip min/avg/max/stddev = %*f/%f/%*f/%*f",&rta)==1 || 470 (sscanf(buf,"round-trip min/avg/max/stddev = %*f/%f/%*f/%*f%n",&rta,&match) && match) ||
469 sscanf(buf,"round-trip min/avg/max/std-dev = %*f/%f/%*f/%*f",&rta)==1 || 471 (sscanf(buf,"round-trip min/avg/max/std-dev = %*f/%f/%*f/%*f%n",&rta,&match) && match) ||
470 sscanf(buf,"round-trip (ms) min/avg/max = %*f/%f/%*f",&rta)==1 || 472 (sscanf(buf,"round-trip (ms) min/avg/max = %*f/%f/%*f%n",&rta,&match) && match) ||
471 sscanf(buf,"round-trip (ms) min/avg/max/stddev = %*f/%f/%*f/%*f",&rta)==1 || 473 (sscanf(buf,"round-trip (ms) min/avg/max/stddev = %*f/%f/%*f/%*f%n",&rta,&match) && match) ||
472 sscanf(buf,"rtt min/avg/max/mdev = %*f/%f/%*f/%*f ms",&rta)==1) 474 (sscanf(buf,"rtt min/avg/max/mdev = %*f/%f/%*f/%*f ms%n",&rta,&match) && match))
473 continue; 475 continue;
474 } 476 }
475 477
@@ -498,9 +500,7 @@ run_ping (const char *cmd, const char *addr)
498 (void) fclose (child_stderr); 500 (void) fclose (child_stderr);
499 501
500 502
501 /* close the pipe - WARNING if status is set */ 503 spclose (child_process);
502 if (spclose (child_process))
503 result = max_state (result, STATE_WARNING);
504 504
505 if (warn_text == NULL) 505 if (warn_text == NULL)
506 warn_text = strdup(""); 506 warn_text = strdup("");
@@ -534,7 +534,7 @@ error_scan (char buf[MAX_INPUT_BUFFER], const char *addr)
534 else if (strstr (buf, "Time to live exceeded")) 534 else if (strstr (buf, "Time to live exceeded"))
535 die (STATE_CRITICAL, _("CRITICAL - Time to live exceeded (%s)"), addr); 535 die (STATE_CRITICAL, _("CRITICAL - Time to live exceeded (%s)"), addr);
536 else if (strstr (buf, "Destination unreachable: ")) 536 else if (strstr (buf, "Destination unreachable: "))
537 die (STATE_CRITICAL, _("CRITICAL - DestinationUnreachable (%s)"), addr); 537 die (STATE_CRITICAL, _("CRITICAL - Destination Unreachable (%s)"), addr);
538 538
539 if (strstr (buf, "(DUP!)") || strstr (buf, "DUPLICATES FOUND")) { 539 if (strstr (buf, "(DUP!)") || strstr (buf, "DUPLICATES FOUND")) {
540 if (warn_text == NULL) 540 if (warn_text == NULL)
diff --git a/plugins/check_users.c b/plugins/check_users.c
index 8368612a..37662928 100644
--- a/plugins/check_users.c
+++ b/plugins/check_users.c
@@ -3,7 +3,7 @@
3* Nagios check_users plugin 3* Nagios check_users plugin
4* 4*
5* License: GPL 5* License: GPL
6* Copyright (c) 2000-2007 Nagios Plugins Development Team 6* Copyright (c) 2000-2012 Nagios Plugins Development Team
7* 7*
8* Description: 8* Description:
9* 9*
@@ -35,8 +35,8 @@ const char *copyright = "2000-2007";
35const char *email = "nagiosplug-devel@lists.sourceforge.net"; 35const char *email = "nagiosplug-devel@lists.sourceforge.net";
36 36
37#include "common.h" 37#include "common.h"
38#include "popen.h"
39#include "utils.h" 38#include "utils.h"
39#include <utmpx.h>
40 40
41#define possibly_set(a,b) ((a) == 0 ? (b) : 0) 41#define possibly_set(a,b) ((a) == 0 ? (b) : 0)
42 42
@@ -52,58 +52,33 @@ main (int argc, char **argv)
52{ 52{
53 int users = -1; 53 int users = -1;
54 int result = STATE_UNKNOWN; 54 int result = STATE_UNKNOWN;
55 char input_buffer[MAX_INPUT_BUFFER];
56 char *perf; 55 char *perf;
56 struct utmpx *putmpx;
57 57
58 setlocale (LC_ALL, ""); 58 setlocale (LC_ALL, "");
59 bindtextdomain (PACKAGE, LOCALEDIR); 59 bindtextdomain (PACKAGE, LOCALEDIR);
60 textdomain (PACKAGE); 60 textdomain (PACKAGE);
61 61
62 perf = strdup(""); 62 perf = strdup ("");
63 63
64 /* Parse extra opts if any */ 64 /* Parse extra opts if any */
65 argv=np_extra_opts (&argc, argv, progname); 65 argv = np_extra_opts (&argc, argv, progname);
66 66
67 if (process_arguments (argc, argv) == ERROR) 67 if (process_arguments (argc, argv) == ERROR)
68 usage4 (_("Could not parse arguments")); 68 usage4 (_("Could not parse arguments"));
69 69
70 /* run the command */
71 child_process = spopen (WHO_COMMAND);
72 if (child_process == NULL) {
73 printf (_("Could not open pipe: %s\n"), WHO_COMMAND);
74 return STATE_UNKNOWN;
75 }
76
77 child_stderr = fdopen (child_stderr_array[fileno (child_process)], "r");
78 if (child_stderr == NULL)
79 printf (_("Could not open stderr for %s\n"), WHO_COMMAND);
80
81 users = 0; 70 users = 0;
82 71
83 while (fgets (input_buffer, MAX_INPUT_BUFFER - 1, child_process)) { 72 /* get currently logged users from utmpx */
73 setutxent ();
84 74
85 /* increment 'users' on all lines except total user count */ 75 while ((putmpx = getutxent ()) != NULL)
86 if (input_buffer[0] != '#') { 76 if (putmpx->ut_type == USER_PROCESS)
87 users++; 77 users++;
88 continue;
89 }
90
91 /* get total logged in users */
92 if (sscanf (input_buffer, _("# users=%d"), &users) == 1)
93 break;
94
95 }
96 78
97 /* check STDERR */ 79 endutxent ();
98 if (fgets (input_buffer, MAX_INPUT_BUFFER - 1, child_stderr))
99 result = possibly_set (result, STATE_UNKNOWN);
100 (void) fclose (child_stderr);
101 80
102 /* close the pipe */ 81 /* check the user count against warning and critical thresholds */
103 if (spclose (child_process))
104 result = possibly_set (result, STATE_UNKNOWN);
105
106 /* else check the user count against warning and critical thresholds */
107 if (users > cusers) 82 if (users > cusers)
108 result = STATE_CRITICAL; 83 result = STATE_CRITICAL;
109 else if (users > wusers) 84 else if (users > wusers)
@@ -114,7 +89,7 @@ main (int argc, char **argv)
114 if (result == STATE_UNKNOWN) 89 if (result == STATE_UNKNOWN)
115 printf ("%s\n", _("Unable to read output")); 90 printf ("%s\n", _("Unable to read output"));
116 else { 91 else {
117 asprintf(&perf, "%s", perfdata ("users", users, "", 92 asprintf (&perf, "%s", perfdata ("users", users, "",
118 TRUE, wusers, 93 TRUE, wusers,
119 TRUE, cusers, 94 TRUE, cusers,
120 TRUE, 0, 95 TRUE, 0,
@@ -126,14 +101,11 @@ main (int argc, char **argv)
126 return result; 101 return result;
127} 102}
128 103
129
130
131/* process command-line arguments */ 104/* process command-line arguments */
132int 105int
133process_arguments (int argc, char **argv) 106process_arguments (int argc, char **argv)
134{ 107{
135 int c; 108 int c;
136
137 int option = 0; 109 int option = 0;
138 static struct option longopts[] = { 110 static struct option longopts[] = {
139 {"critical", required_argument, 0, 'c'}, 111 {"critical", required_argument, 0, 'c'},
@@ -183,7 +155,6 @@ process_arguments (int argc, char **argv)
183 else 155 else
184 wusers = atoi (argv[c++]); 156 wusers = atoi (argv[c++]);
185 } 157 }
186
187 if (cusers == -1 && argc > c) { 158 if (cusers == -1 && argc > c) {
188 if (is_intnonneg (argv[c]) == FALSE) 159 if (is_intnonneg (argv[c]) == FALSE)
189 usage4 (_("Warning threshold must be a positive integer")); 160 usage4 (_("Warning threshold must be a positive integer"));
@@ -194,8 +165,6 @@ process_arguments (int argc, char **argv)
194 return OK; 165 return OK;
195} 166}
196 167
197
198
199void 168void
200print_help (void) 169print_help (void)
201{ 170{
@@ -205,9 +174,9 @@ print_help (void)
205 printf (COPYRIGHT, copyright, email); 174 printf (COPYRIGHT, copyright, email);
206 175
207 printf ("%s\n", _("This plugin checks the number of users currently logged in on the local")); 176 printf ("%s\n", _("This plugin checks the number of users currently logged in on the local"));
208 printf ("%s\n", _("system and generates an error if the number exceeds the thresholds specified.")); 177 printf ("%s\n", _("system and generates an error if the number exceeds the thresholds specified."));
209 178
210 printf ("\n\n"); 179 printf ("\n\n");
211 180
212 print_usage (); 181 print_usage ();
213 182
@@ -215,17 +184,16 @@ print_help (void)
215 printf (UT_EXTRA_OPTS); 184 printf (UT_EXTRA_OPTS);
216 185
217 printf (" %s\n", "-w, --warning=INTEGER"); 186 printf (" %s\n", "-w, --warning=INTEGER");
218 printf (" %s\n", _("Set WARNING status if more than INTEGER users are logged in")); 187 printf (" %s\n", _("Set WARNING status if more than INTEGER users are logged in"));
219 printf (" %s\n", "-c, --critical=INTEGER"); 188 printf (" %s\n", "-c, --critical=INTEGER");
220 printf (" %s\n", _("Set CRITICAL status if more than INTEGER users are logged in")); 189 printf (" %s\n", _("Set CRITICAL status if more than INTEGER users are logged in"));
221 190
222 printf (UT_SUPPORT); 191 printf (UT_SUPPORT);
223} 192}
224 193
225
226void 194void
227print_usage (void) 195print_usage (void)
228{ 196{
229 printf ("%s\n", _("Usage:")); 197 printf ("%s\n", _("Usage:"));
230 printf ("%s -w <users> -c <users>\n", progname); 198 printf ("%s -w <users> -c <users>\n", progname);
231} 199}
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index 0bc61ed3..5425bb2c 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -36,66 +36,97 @@ static SSL_CTX *c=NULL;
36static SSL *s=NULL; 36static SSL *s=NULL;
37static int initialized=0; 37static int initialized=0;
38 38
39int np_net_ssl_init (int sd) { 39int np_net_ssl_init(int sd) {
40 return np_net_ssl_init_with_hostname(sd, NULL); 40 return np_net_ssl_init_with_hostname(sd, NULL);
41} 41}
42 42
43int np_net_ssl_init_with_hostname (int sd, char *host_name) { 43int np_net_ssl_init_with_hostname(int sd, char *host_name) {
44 if (!initialized) { 44 return np_net_ssl_init_with_hostname_and_version(sd, host_name, 0);
45 /* Initialize SSL context */ 45}
46 SSLeay_add_ssl_algorithms (); 46
47 SSL_load_error_strings (); 47int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int version) {
48 OpenSSL_add_all_algorithms (); 48 const SSL_METHOD *method = NULL;
49 initialized = 1; 49
50 } 50 switch (version) {
51 if ((c = SSL_CTX_new (SSLv23_client_method ())) == NULL) { 51 case 0: /* Deafult to auto negotiation */
52 printf ("%s\n", _("CRITICAL - Cannot create SSL context.")); 52 method = SSLv23_client_method();
53 return STATE_CRITICAL; 53 break;
54 } 54 case 1: /* TLSv1 protocol */
55 if ((s = SSL_new (c)) != NULL){ 55 method = TLSv1_client_method();
56 break;
57 case 2: /* SSLv2 protocol */
58#if defined(USE_GNUTLS) || defined(OPENSSL_NO_SSL2)
59 printf(("%s\n", _("CRITICAL - SSL protocol version 2 is not supported by your SSL library.")));
60 return STATE_CRITICAL;
61#else
62 method = SSLv2_client_method();
63#endif
64 break;
65 case 3: /* SSLv3 protocol */
66 method = SSLv3_client_method();
67 break;
68 default: /* Unsupported */
69 printf("%s\n", _("CRITICAL - Unsupported SSL protocol version."));
70 return STATE_CRITICAL;
71 }
72 if (!initialized) {
73 /* Initialize SSL context */
74 SSLeay_add_ssl_algorithms();
75 SSL_load_error_strings();
76 OpenSSL_add_all_algorithms();
77 initialized = 1;
78 }
79 if ((c = SSL_CTX_new(method)) == NULL) {
80 printf("%s\n", _("CRITICAL - Cannot create SSL context."));
81 return STATE_CRITICAL;
82 }
83#ifdef SSL_OP_NO_TICKET
84 SSL_CTX_set_options(c, SSL_OP_NO_TICKET);
85#endif
86 if ((s = SSL_new(c)) != NULL) {
56#ifdef SSL_set_tlsext_host_name 87#ifdef SSL_set_tlsext_host_name
57 if (host_name != NULL) 88 if (host_name != NULL)
58 SSL_set_tlsext_host_name(s, host_name); 89 SSL_set_tlsext_host_name(s, host_name);
59#endif 90#endif
60 SSL_set_fd (s, sd); 91 SSL_set_fd(s, sd);
61 if (SSL_connect(s) == 1){ 92 if (SSL_connect(s) == 1) {
62 return OK; 93 return OK;
63 } else { 94 } else {
64 printf ("%s\n", _("CRITICAL - Cannot make SSL connection ")); 95 printf("%s\n", _("CRITICAL - Cannot make SSL connection."));
65# ifdef USE_OPENSSL /* XXX look into ERR_error_string */ 96# ifdef USE_OPENSSL /* XXX look into ERR_error_string */
66 ERR_print_errors_fp (stdout); 97 ERR_print_errors_fp(stdout);
67# endif /* USE_OPENSSL */ 98# endif /* USE_OPENSSL */
68 }
69 } else {
70 printf ("%s\n", _("CRITICAL - Cannot initiate SSL handshake."));
71 } 99 }
72 return STATE_CRITICAL; 100 } else {
101 printf("%s\n", _("CRITICAL - Cannot initiate SSL handshake."));
102 }
103 return STATE_CRITICAL;
73} 104}
74 105
75void np_net_ssl_cleanup (){ 106void np_net_ssl_cleanup() {
76 if(s){ 107 if (s) {
77#ifdef SSL_set_tlsext_host_name 108#ifdef SSL_set_tlsext_host_name
78 SSL_set_tlsext_host_name(s, NULL); 109 SSL_set_tlsext_host_name(s, NULL);
79#endif 110#endif
80 SSL_shutdown (s); 111 SSL_shutdown(s);
81 SSL_free (s); 112 SSL_free(s);
82 if(c) { 113 if (c) {
83 SSL_CTX_free (c); 114 SSL_CTX_free(c);
84 c=NULL; 115 c=NULL;
85 }
86 s=NULL;
87 } 116 }
117 s=NULL;
118 }
88} 119}
89 120
90int np_net_ssl_write(const void *buf, int num){ 121int np_net_ssl_write(const void *buf, int num) {
91 return SSL_write(s, buf, num); 122 return SSL_write(s, buf, num);
92} 123}
93 124
94int np_net_ssl_read(void *buf, int num){ 125int np_net_ssl_read(void *buf, int num) {
95 return SSL_read(s, buf, num); 126 return SSL_read(s, buf, num);
96} 127}
97 128
98int np_net_ssl_check_cert(int days_till_exp){ 129int np_net_ssl_check_cert(int days_till_exp) {
99# ifdef USE_OPENSSL 130# ifdef USE_OPENSSL
100 X509 *certificate=NULL; 131 X509 *certificate=NULL;
101 X509_NAME *subj=NULL; 132 X509_NAME *subj=NULL;
@@ -111,29 +142,29 @@ int np_net_ssl_check_cert(int days_till_exp){
111 char timestamp[17] = ""; 142 char timestamp[17] = "";
112 143
113 certificate=SSL_get_peer_certificate(s); 144 certificate=SSL_get_peer_certificate(s);
114 if(! certificate){ 145 if (!certificate) {
115 printf ("%s\n",_("CRITICAL - Cannot retrieve server certificate.")); 146 printf("%s\n",_("CRITICAL - Cannot retrieve server certificate."));
116 return STATE_CRITICAL; 147 return STATE_CRITICAL;
117 } 148 }
118 149
119 /* Extract CN from certificate subject */ 150 /* Extract CN from certificate subject */
120 subj=X509_get_subject_name(certificate); 151 subj=X509_get_subject_name(certificate);
121 152
122 if(! subj){ 153 if (!subj) {
123 printf ("%s\n",_("CRITICAL - Cannot retrieve certificate subject.")); 154 printf("%s\n",_("CRITICAL - Cannot retrieve certificate subject."));
124 return STATE_CRITICAL; 155 return STATE_CRITICAL;
125 } 156 }
126 cnlen = X509_NAME_get_text_by_NID (subj, NID_commonName, cn, sizeof(cn)); 157 cnlen = X509_NAME_get_text_by_NID(subj, NID_commonName, cn, sizeof(cn));
127 if ( cnlen == -1 ) 158 if (cnlen == -1)
128 strcpy(cn , _("Unknown CN")); 159 strcpy(cn, _("Unknown CN"));
129 160
130 /* Retrieve timestamp of certificate */ 161 /* Retrieve timestamp of certificate */
131 tm = X509_get_notAfter (certificate); 162 tm = X509_get_notAfter(certificate);
132 163
133 /* Generate tm structure to process timestamp */ 164 /* Generate tm structure to process timestamp */
134 if (tm->type == V_ASN1_UTCTIME) { 165 if (tm->type == V_ASN1_UTCTIME) {
135 if (tm->length < 10) { 166 if (tm->length < 10) {
136 printf ("%s\n", _("CRITICAL - Wrong time format in certificate.")); 167 printf("%s\n", _("CRITICAL - Wrong time format in certificate."));
137 return STATE_CRITICAL; 168 return STATE_CRITICAL;
138 } else { 169 } else {
139 stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0'); 170 stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0');
@@ -143,7 +174,7 @@ int np_net_ssl_check_cert(int days_till_exp){
143 } 174 }
144 } else { 175 } else {
145 if (tm->length < 12) { 176 if (tm->length < 12) {
146 printf ("%s\n", _("CRITICAL - Wrong time format in certificate.")); 177 printf("%s\n", _("CRITICAL - Wrong time format in certificate."));
147 return STATE_CRITICAL; 178 return STATE_CRITICAL;
148 } else { 179 } else {
149 stamp.tm_year = 180 stamp.tm_year =
@@ -172,22 +203,22 @@ int np_net_ssl_check_cert(int days_till_exp){
172 stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); 203 stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
173 204
174 if (days_left > 0 && days_left <= days_till_exp) { 205 if (days_left > 0 && days_left <= days_till_exp) {
175 printf (_("WARNING - Certificate '%s' expires in %d day(s) (%s).\n"), cn, days_left, timestamp); 206 printf(_("WARNING - Certificate '%s' expires in %d day(s) (%s).\n"), cn, days_left, timestamp);
176 status=STATE_WARNING; 207 status=STATE_WARNING;
177 } else if (time_left < 0) { 208 } else if (time_left < 0) {
178 printf (_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp); 209 printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp);
179 status=STATE_CRITICAL; 210 status=STATE_CRITICAL;
180 } else if (days_left == 0) { 211 } else if (days_left == 0) {
181 printf (_("WARNING - Certificate '%s' expires today (%s).\n"), cn, timestamp); 212 printf(_("WARNING - Certificate '%s' expires today (%s).\n"), cn, timestamp);
182 status=STATE_WARNING; 213 status=STATE_WARNING;
183 } else { 214 } else {
184 printf (_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp); 215 printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp);
185 status=STATE_OK; 216 status=STATE_OK;
186 } 217 }
187 X509_free (certificate); 218 X509_free(certificate);
188 return status; 219 return status;
189# else /* ifndef USE_OPENSSL */ 220# else /* ifndef USE_OPENSSL */
190 printf ("%s\n", _("WARNING - Plugin does not support checking certificates.")); 221 printf("%s\n", _("WARNING - Plugin does not support checking certificates."));
191 return STATE_WARNING; 222 return STATE_WARNING;
192# endif /* USE_OPENSSL */ 223# endif /* USE_OPENSSL */
193} 224}
diff --git a/plugins/t/check_by_ssh.t b/plugins/t/check_by_ssh.t
index cca72c96..8d1b1904 100644
--- a/plugins/t/check_by_ssh.t
+++ b/plugins/t/check_by_ssh.t
@@ -27,11 +27,11 @@ plan skip_all => "SSH_HOST and SSH_IDENTITY must be defined" unless ($ssh_servic
27plan tests => 42; 27plan tests => 42;
28 28
29# Some random check strings/response 29# Some random check strings/response
30my @responce = ('OK: Everything is fine!', 30my @responce = ('OK: Everything is fine',
31 'WARNING: Hey, pick me, pick me!', 31 'WARNING: Hey, pick me, pick me',
32 'CRITICAL: Shit happens...', 32 'CRITICAL: Shit happens',
33 'UNKNOWN: What can I do for ya?', 33 'UNKNOWN: What can I do for ya',
34 'WOOPS: What did I smoke?', 34 'WOOPS: What did I smoke',
35); 35);
36my @responce_re; 36my @responce_re;
37my @check; 37my @check;