summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--plugins/check_dns.c117
1 files changed, 75 insertions, 42 deletions
diff --git a/plugins/check_dns.c b/plugins/check_dns.c
index e1e7c00e..b3d4a6e5 100644
--- a/plugins/check_dns.c
+++ b/plugins/check_dns.c
@@ -107,8 +107,9 @@ int main(int argc, char **argv) {
107 alarm(timeout_interval); 107 alarm(timeout_interval);
108 gettimeofday(&tv, NULL); 108 gettimeofday(&tv, NULL);
109 109
110 if (verbose) 110 if (verbose) {
111 printf("%s\n", command_line); 111 printf("%s\n", command_line);
112 }
112 113
113 /* run the command */ 114 /* run the command */
114 if ((np_runcmd(command_line, &chld_out, &chld_err, 0)) != 0) { 115 if ((np_runcmd(command_line, &chld_out, &chld_err, 0)) != 0) {
@@ -118,18 +119,20 @@ int main(int argc, char **argv) {
118 119
119 /* scan stdout */ 120 /* scan stdout */
120 for (size_t i = 0; i < chld_out.lines; i++) { 121 for (size_t i = 0; i < chld_out.lines; i++) {
121 if (addresses == NULL) 122 if (addresses == NULL) {
122 addresses = malloc(sizeof(*addresses) * 10); 123 addresses = malloc(sizeof(*addresses) * 10);
123 else if (!(n_addresses % 10)) 124 } else if (!(n_addresses % 10)) {
124 addresses = realloc(addresses, sizeof(*addresses) * (n_addresses + 10)); 125 addresses = realloc(addresses, sizeof(*addresses) * (n_addresses + 10));
126 }
125 127
126 if (verbose) 128 if (verbose) {
127 puts(chld_out.line[i]); 129 puts(chld_out.line[i]);
130 }
128 131
129 if (strcasestr(chld_out.line[i], ".in-addr.arpa") || strcasestr(chld_out.line[i], ".ip6.arpa")) { 132 if (strcasestr(chld_out.line[i], ".in-addr.arpa") || strcasestr(chld_out.line[i], ".ip6.arpa")) {
130 if ((temp_buffer = strstr(chld_out.line[i], "name = "))) 133 if ((temp_buffer = strstr(chld_out.line[i], "name = "))) {
131 addresses[n_addresses++] = strdup(temp_buffer + 7); 134 addresses[n_addresses++] = strdup(temp_buffer + 7);
132 else { 135 } else {
133 msg = (char *)_("Warning plugin error"); 136 msg = (char *)_("Warning plugin error");
134 result = STATE_WARNING; 137 result = STATE_WARNING;
135 } 138 }
@@ -156,15 +159,16 @@ int main(int argc, char **argv) {
156 } 159 }
157 160
158 /* the server is responding, we just got the host name... */ 161 /* the server is responding, we just got the host name... */
159 if (strstr(chld_out.line[i], "Name:")) 162 if (strstr(chld_out.line[i], "Name:")) {
160 parse_address = true; 163 parse_address = true;
161 else if (parse_address && (strstr(chld_out.line[i], "Address:") || strstr(chld_out.line[i], "Addresses:"))) { 164 } else if (parse_address && (strstr(chld_out.line[i], "Address:") || strstr(chld_out.line[i], "Addresses:"))) {
162 temp_buffer = index(chld_out.line[i], ':'); 165 temp_buffer = index(chld_out.line[i], ':');
163 temp_buffer++; 166 temp_buffer++;
164 167
165 /* Strip leading spaces */ 168 /* Strip leading spaces */
166 while (*temp_buffer == ' ') 169 while (*temp_buffer == ' ') {
167 temp_buffer++; 170 temp_buffer++;
171 }
168 172
169 strip(temp_buffer); 173 strip(temp_buffer);
170 if (temp_buffer == NULL || strlen(temp_buffer) == 0) { 174 if (temp_buffer == NULL || strlen(temp_buffer) == 0) {
@@ -179,24 +183,27 @@ int main(int argc, char **argv) {
179 result = error_scan(chld_out.line[i], &is_nxdomain); 183 result = error_scan(chld_out.line[i], &is_nxdomain);
180 if (result != STATE_OK) { 184 if (result != STATE_OK) {
181 msg = strchr(chld_out.line[i], ':'); 185 msg = strchr(chld_out.line[i], ':');
182 if (msg) 186 if (msg) {
183 msg++; 187 msg++;
188 }
184 break; 189 break;
185 } 190 }
186 } 191 }
187 192
188 /* scan stderr */ 193 /* scan stderr */
189 for (size_t i = 0; i < chld_err.lines; i++) { 194 for (size_t i = 0; i < chld_err.lines; i++) {
190 if (verbose) 195 if (verbose) {
191 puts(chld_err.line[i]); 196 puts(chld_err.line[i]);
197 }
192 198
193 if (error_scan(chld_err.line[i], &is_nxdomain) != STATE_OK) { 199 if (error_scan(chld_err.line[i], &is_nxdomain) != STATE_OK) {
194 result = max_state(result, error_scan(chld_err.line[i], &is_nxdomain)); 200 result = max_state(result, error_scan(chld_err.line[i], &is_nxdomain));
195 msg = strchr(input_buffer, ':'); 201 msg = strchr(input_buffer, ':');
196 if (msg) 202 if (msg) {
197 msg++; 203 msg++;
198 else 204 } else {
199 msg = input_buffer; 205 msg = input_buffer;
206 }
200 } 207 }
201 } 208 }
202 209
@@ -214,14 +221,16 @@ int main(int argc, char **argv) {
214 } 221 }
215 adrp = address = malloc(slen); 222 adrp = address = malloc(slen);
216 for (i = 0; i < n_addresses; i++) { 223 for (i = 0; i < n_addresses; i++) {
217 if (i) 224 if (i) {
218 *adrp++ = ','; 225 *adrp++ = ',';
226 }
219 strcpy(adrp, addresses[i]); 227 strcpy(adrp, addresses[i]);
220 adrp += strlen(addresses[i]); 228 adrp += strlen(addresses[i]);
221 } 229 }
222 *adrp = 0; 230 *adrp = 0;
223 } else 231 } else {
224 die(STATE_CRITICAL, _("DNS CRITICAL - '%s' msg parsing exited with no address\n"), NSLOOKUP_COMMAND); 232 die(STATE_CRITICAL, _("DNS CRITICAL - '%s' msg parsing exited with no address\n"), NSLOOKUP_COMMAND);
233 }
225 234
226 /* compare to expected address */ 235 /* compare to expected address */
227 if (result == STATE_OK && expected_address_cnt > 0) { 236 if (result == STATE_OK && expected_address_cnt > 0) {
@@ -245,8 +254,9 @@ int main(int argc, char **argv) {
245 xasprintf(&temp_buffer, "%s%s; ", temp_buffer, expected_address[i]); 254 xasprintf(&temp_buffer, "%s%s; ", temp_buffer, expected_address[i]);
246 } 255 }
247 /* check if expected_address must cover all in addresses and none may be missing */ 256 /* check if expected_address must cover all in addresses and none may be missing */
248 if (all_match && (expect_match != 0 || addr_match != 0)) 257 if (all_match && (expect_match != 0 || addr_match != 0)) {
249 result = STATE_CRITICAL; 258 result = STATE_CRITICAL;
259 }
250 if (result == STATE_CRITICAL) { 260 if (result == STATE_CRITICAL) {
251 /* Strip off last semicolon... */ 261 /* Strip off last semicolon... */
252 temp_buffer[strlen(temp_buffer) - 2] = '\0'; 262 temp_buffer[strlen(temp_buffer) - 2] = '\0';
@@ -259,8 +269,9 @@ int main(int argc, char **argv) {
259 result = STATE_CRITICAL; 269 result = STATE_CRITICAL;
260 xasprintf(&msg, _("Domain '%s' was found by the server: '%s'\n"), query_address, address); 270 xasprintf(&msg, _("Domain '%s' was found by the server: '%s'\n"), query_address, address);
261 } else { 271 } else {
262 if (address != NULL) 272 if (address != NULL) {
263 free(address); 273 free(address);
274 }
264 address = "NXDOMAIN"; 275 address = "NXDOMAIN";
265 } 276 }
266 } 277 }
@@ -292,14 +303,16 @@ int main(int argc, char **argv) {
292 printf("|%s\n", fperfdata("time", elapsed_time, "s", false, 0, true, time_thresholds->critical->end, true, 0, false, 0)); 303 printf("|%s\n", fperfdata("time", elapsed_time, "s", false, 0, true, time_thresholds->critical->end, true, 0, false, 0));
293 } else if ((time_thresholds->warning != NULL) && (time_thresholds->critical == NULL)) { 304 } else if ((time_thresholds->warning != NULL) && (time_thresholds->critical == NULL)) {
294 printf("|%s\n", fperfdata("time", elapsed_time, "s", true, time_thresholds->warning->end, false, 0, true, 0, false, 0)); 305 printf("|%s\n", fperfdata("time", elapsed_time, "s", true, time_thresholds->warning->end, false, 0, true, 0, false, 0));
295 } else 306 } else {
296 printf("|%s\n", fperfdata("time", elapsed_time, "s", false, 0, false, 0, true, 0, false, 0)); 307 printf("|%s\n", fperfdata("time", elapsed_time, "s", false, 0, false, 0, true, 0, false, 0));
297 } else if (result == STATE_WARNING) 308 }
309 } else if (result == STATE_WARNING) {
298 printf(_("DNS WARNING - %s\n"), !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg); 310 printf(_("DNS WARNING - %s\n"), !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg);
299 else if (result == STATE_CRITICAL) 311 } else if (result == STATE_CRITICAL) {
300 printf(_("DNS CRITICAL - %s\n"), !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg); 312 printf(_("DNS CRITICAL - %s\n"), !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg);
301 else 313 } else {
302 printf(_("DNS UNKNOWN - %s\n"), !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg); 314 printf(_("DNS UNKNOWN - %s\n"), !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg);
315 }
303 316
304 return result; 317 return result;
305} 318}
@@ -333,49 +346,59 @@ int error_scan(char *input_buffer, bool *is_nxdomain) {
333 346
334 const int nxdomain = strstr(input_buffer, "Non-existent") || strstr(input_buffer, "** server can't find") || 347 const int nxdomain = strstr(input_buffer, "Non-existent") || strstr(input_buffer, "** server can't find") ||
335 strstr(input_buffer, "** Can't find") || strstr(input_buffer, "NXDOMAIN"); 348 strstr(input_buffer, "** Can't find") || strstr(input_buffer, "NXDOMAIN");
336 if (nxdomain) 349 if (nxdomain) {
337 *is_nxdomain = true; 350 *is_nxdomain = true;
351 }
338 352
339 /* the DNS lookup timed out */ 353 /* the DNS lookup timed out */
340 if (strstr(input_buffer, _("Note: nslookup is deprecated and may be removed from future releases.")) || 354 if (strstr(input_buffer, _("Note: nslookup is deprecated and may be removed from future releases.")) ||
341 strstr(input_buffer, _("Consider using the `dig' or `host' programs instead. Run nslookup with")) || 355 strstr(input_buffer, _("Consider using the `dig' or `host' programs instead. Run nslookup with")) ||
342 strstr(input_buffer, _("the `-sil[ent]' option to prevent this message from appearing."))) 356 strstr(input_buffer, _("the `-sil[ent]' option to prevent this message from appearing."))) {
343 return STATE_OK; 357 return STATE_OK;
358 }
344 359
345 /* DNS server is not running... */ 360 /* DNS server is not running... */
346 else if (strstr(input_buffer, "No response from server")) 361 else if (strstr(input_buffer, "No response from server")) {
347 die(STATE_CRITICAL, _("No response from DNS %s\n"), dns_server); 362 die(STATE_CRITICAL, _("No response from DNS %s\n"), dns_server);
348 else if (strstr(input_buffer, "no servers could be reached")) 363 } else if (strstr(input_buffer, "no servers could be reached")) {
349 die(STATE_CRITICAL, _("No response from DNS %s\n"), dns_server); 364 die(STATE_CRITICAL, _("No response from DNS %s\n"), dns_server);
365 }
350 366
351 /* Host name is valid, but server doesn't have records... */ 367 /* Host name is valid, but server doesn't have records... */
352 else if (strstr(input_buffer, "No records")) 368 else if (strstr(input_buffer, "No records")) {
353 die(STATE_CRITICAL, _("DNS %s has no records\n"), dns_server); 369 die(STATE_CRITICAL, _("DNS %s has no records\n"), dns_server);
370 }
354 371
355 /* Connection was refused */ 372 /* Connection was refused */
356 else if (strstr(input_buffer, "Connection refused") || strstr(input_buffer, "Couldn't find server") || 373 else if (strstr(input_buffer, "Connection refused") || strstr(input_buffer, "Couldn't find server") ||
357 strstr(input_buffer, "Refused") || (strstr(input_buffer, "** server can't find") && strstr(input_buffer, ": REFUSED"))) 374 strstr(input_buffer, "Refused") || (strstr(input_buffer, "** server can't find") && strstr(input_buffer, ": REFUSED"))) {
358 die(STATE_CRITICAL, _("Connection to DNS %s was refused\n"), dns_server); 375 die(STATE_CRITICAL, _("Connection to DNS %s was refused\n"), dns_server);
376 }
359 377
360 /* Query refused (usually by an ACL in the namserver) */ 378 /* Query refused (usually by an ACL in the namserver) */
361 else if (strstr(input_buffer, "Query refused")) 379 else if (strstr(input_buffer, "Query refused")) {
362 die(STATE_CRITICAL, _("Query was refused by DNS server at %s\n"), dns_server); 380 die(STATE_CRITICAL, _("Query was refused by DNS server at %s\n"), dns_server);
381 }
363 382
364 /* No information (e.g. nameserver IP has two PTR records) */ 383 /* No information (e.g. nameserver IP has two PTR records) */
365 else if (strstr(input_buffer, "No information")) 384 else if (strstr(input_buffer, "No information")) {
366 die(STATE_CRITICAL, _("No information returned by DNS server at %s\n"), dns_server); 385 die(STATE_CRITICAL, _("No information returned by DNS server at %s\n"), dns_server);
386 }
367 387
368 /* Network is unreachable */ 388 /* Network is unreachable */
369 else if (strstr(input_buffer, "Network is unreachable")) 389 else if (strstr(input_buffer, "Network is unreachable")) {
370 die(STATE_CRITICAL, _("Network is unreachable\n")); 390 die(STATE_CRITICAL, _("Network is unreachable\n"));
391 }
371 392
372 /* Internal server failure */ 393 /* Internal server failure */
373 else if (strstr(input_buffer, "Server failure")) 394 else if (strstr(input_buffer, "Server failure")) {
374 die(STATE_CRITICAL, _("DNS failure for %s\n"), dns_server); 395 die(STATE_CRITICAL, _("DNS failure for %s\n"), dns_server);
396 }
375 397
376 /* Request error or the DNS lookup timed out */ 398 /* Request error or the DNS lookup timed out */
377 else if (strstr(input_buffer, "Format error") || strstr(input_buffer, "Timed out")) 399 else if (strstr(input_buffer, "Format error") || strstr(input_buffer, "Timed out")) {
378 return STATE_WARNING; 400 return STATE_WARNING;
401 }
379 402
380 return STATE_OK; 403 return STATE_OK;
381} 404}
@@ -402,18 +425,22 @@ int process_arguments(int argc, char **argv) {
402 {"critical", required_argument, 0, 'c'}, 425 {"critical", required_argument, 0, 'c'},
403 {0, 0, 0, 0}}; 426 {0, 0, 0, 0}};
404 427
405 if (argc < 2) 428 if (argc < 2) {
406 return ERROR; 429 return ERROR;
430 }
407 431
408 for (c = 1; c < argc; c++) 432 for (c = 1; c < argc; c++) {
409 if (strcmp("-to", argv[c]) == 0) 433 if (strcmp("-to", argv[c]) == 0) {
410 strcpy(argv[c], "-t"); 434 strcpy(argv[c], "-t");
435 }
436 }
411 437
412 while (1) { 438 while (1) {
413 c = getopt_long(argc, argv, "hVvALnt:H:s:r:a:w:c:", long_opts, &opt_index); 439 c = getopt_long(argc, argv, "hVvALnt:H:s:r:a:w:c:", long_opts, &opt_index);
414 440
415 if (c == -1 || c == EOF) 441 if (c == -1 || c == EOF) {
416 break; 442 break;
443 }
417 444
418 switch (c) { 445 switch (c) {
419 case 'h': /* help */ 446 case 'h': /* help */
@@ -429,28 +456,32 @@ int process_arguments(int argc, char **argv) {
429 timeout_interval = atoi(optarg); 456 timeout_interval = atoi(optarg);
430 break; 457 break;
431 case 'H': /* hostname */ 458 case 'H': /* hostname */
432 if (strlen(optarg) >= ADDRESS_LENGTH) 459 if (strlen(optarg) >= ADDRESS_LENGTH) {
433 die(STATE_UNKNOWN, _("Input buffer overflow\n")); 460 die(STATE_UNKNOWN, _("Input buffer overflow\n"));
461 }
434 strcpy(query_address, optarg); 462 strcpy(query_address, optarg);
435 break; 463 break;
436 case 's': /* server name */ 464 case 's': /* server name */
437 /* TODO: this host_or_die check is probably unnecessary. 465 /* TODO: this host_or_die check is probably unnecessary.
438 * Better to confirm nslookup response matches */ 466 * Better to confirm nslookup response matches */
439 host_or_die(optarg); 467 host_or_die(optarg);
440 if (strlen(optarg) >= ADDRESS_LENGTH) 468 if (strlen(optarg) >= ADDRESS_LENGTH) {
441 die(STATE_UNKNOWN, _("Input buffer overflow\n")); 469 die(STATE_UNKNOWN, _("Input buffer overflow\n"));
470 }
442 strcpy(dns_server, optarg); 471 strcpy(dns_server, optarg);
443 break; 472 break;
444 case 'r': /* reverse server name */ 473 case 'r': /* reverse server name */
445 /* TODO: Is this host_or_die necessary? */ 474 /* TODO: Is this host_or_die necessary? */
446 host_or_die(optarg); 475 host_or_die(optarg);
447 if (strlen(optarg) >= ADDRESS_LENGTH) 476 if (strlen(optarg) >= ADDRESS_LENGTH) {
448 die(STATE_UNKNOWN, _("Input buffer overflow\n")); 477 die(STATE_UNKNOWN, _("Input buffer overflow\n"));
478 }
449 strcpy(ptr_server, optarg); 479 strcpy(ptr_server, optarg);
450 break; 480 break;
451 case 'a': /* expected address */ 481 case 'a': /* expected address */
452 if (strlen(optarg) >= ADDRESS_LENGTH) 482 if (strlen(optarg) >= ADDRESS_LENGTH) {
453 die(STATE_UNKNOWN, _("Input buffer overflow\n")); 483 die(STATE_UNKNOWN, _("Input buffer overflow\n"));
484 }
454 if (strchr(optarg, ',') != NULL) { 485 if (strchr(optarg, ',') != NULL) {
455 char *comma = strchr(optarg, ','); 486 char *comma = strchr(optarg, ',');
456 while (comma != NULL) { 487 while (comma != NULL) {
@@ -491,16 +522,18 @@ int process_arguments(int argc, char **argv) {
491 522
492 c = optind; 523 c = optind;
493 if (strlen(query_address) == 0 && c < argc) { 524 if (strlen(query_address) == 0 && c < argc) {
494 if (strlen(argv[c]) >= ADDRESS_LENGTH) 525 if (strlen(argv[c]) >= ADDRESS_LENGTH) {
495 die(STATE_UNKNOWN, _("Input buffer overflow\n")); 526 die(STATE_UNKNOWN, _("Input buffer overflow\n"));
527 }
496 strcpy(query_address, argv[c++]); 528 strcpy(query_address, argv[c++]);
497 } 529 }
498 530
499 if (strlen(dns_server) == 0 && c < argc) { 531 if (strlen(dns_server) == 0 && c < argc) {
500 /* TODO: See -s option */ 532 /* TODO: See -s option */
501 host_or_die(argv[c]); 533 host_or_die(argv[c]);
502 if (strlen(argv[c]) >= ADDRESS_LENGTH) 534 if (strlen(argv[c]) >= ADDRESS_LENGTH) {
503 die(STATE_UNKNOWN, _("Input buffer overflow\n")); 535 die(STATE_UNKNOWN, _("Input buffer overflow\n"));
536 }
504 strcpy(dns_server, argv[c++]); 537 strcpy(dns_server, argv[c++]);
505 } 538 }
506 539