diff options
-rw-r--r-- | NEWS | 7 | ||||
-rw-r--r-- | configure.ac | 6 | ||||
-rw-r--r-- | doc/developer-guidelines.sgml | 7 | ||||
-rw-r--r-- | plugins-root/check_dhcp.c | 43 | ||||
-rw-r--r-- | plugins/Makefile.am | 2 | ||||
-rw-r--r-- | plugins/check_disk.c | 43 | ||||
-rw-r--r-- | plugins/check_http.c | 22 | ||||
-rw-r--r-- | plugins/check_smtp.c | 13 | ||||
-rw-r--r-- | plugins/check_snmp.c | 3 | ||||
-rw-r--r-- | plugins/check_ups.c | 12 | ||||
-rw-r--r-- | plugins/netutils.h | 10 | ||||
-rw-r--r-- | plugins/sslutils.c | 81 | ||||
-rw-r--r-- | plugins/t/check_snmp.t | 4 |
13 files changed, 131 insertions, 122 deletions
@@ -6,14 +6,19 @@ This file documents the major additions and syntax changes between releases. | |||
6 | thresholds | 6 | thresholds |
7 | New check_snmp "-N" option to specify SNMPv3 context name | 7 | New check_snmp "-N" option to specify SNMPv3 context name |
8 | New check_nt "-l" parameters: seconds|minutes|hours|days | 8 | New check_nt "-l" parameters: seconds|minutes|hours|days |
9 | Make sure check_disk won't hang on hanging (network) file systems | ||
10 | New check_mailq -s option which tells the plugin to use sudo(8) | 9 | New check_mailq -s option which tells the plugin to use sudo(8) |
11 | New -W/-C option for check_ldap to check number of entries (Gerhard Lausser) | 10 | New -W/-C option for check_ldap to check number of entries (Gerhard Lausser) |
11 | The check_http -S/--ssl option now accepts the arguments "1.1" and "1.2" | ||
12 | to force TLSv1.1 and TLSv1.2 connections, respectively | ||
13 | The check_http -S/--ssl option now allows for specifying the desired | ||
14 | protocol with a "+" suffix to also accept newer versions | ||
12 | 15 | ||
13 | FIXES | 16 | FIXES |
14 | Let check_real terminate lines with CRLF when talking to the server, as | 17 | Let check_real terminate lines with CRLF when talking to the server, as |
15 | mandated by 2326 | 18 | mandated by 2326 |
16 | Fix check_procs on HP-UX | 19 | Fix check_procs on HP-UX |
20 | check_smtp's -e/--expect option can now be combined with -S/--starttls | ||
21 | Fix incorrect performance data thresholds emitted by check_ups | ||
17 | 22 | ||
18 | WARNINGS | 23 | WARNINGS |
19 | The format of the performance data emitted by check_mrtgtraf has been | 24 | The format of the performance data emitted by check_mrtgtraf has been |
diff --git a/configure.ac b/configure.ac index ce1728e3..29de4bdc 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -156,12 +156,6 @@ AC_CHECK_LIB(socket,socket,SOCKETLIBS="$SOCKETLIBS -lsocket") | |||
156 | AC_CHECK_LIB(resolv,main,SOCKETLIBS="$SOCKETLIBS -lresolv") | 156 | AC_CHECK_LIB(resolv,main,SOCKETLIBS="$SOCKETLIBS -lresolv") |
157 | AC_SUBST(SOCKETLIBS) | 157 | AC_SUBST(SOCKETLIBS) |
158 | 158 | ||
159 | dnl Check for POSIX thread libraries | ||
160 | AC_CHECK_HEADERS(pthread.h) | ||
161 | AC_CHECK_LIB(pthread,pthread_create,THREADLIBS="-lpthread", | ||
162 | AC_CHECK_LIB(pthread,pthread_create,THREADLIBS="-lpthread -lrt",-lrt)) | ||
163 | AC_SUBST(THREADLIBS) | ||
164 | |||
165 | dnl | 159 | dnl |
166 | dnl check for math-related functions needing -lm | 160 | dnl check for math-related functions needing -lm |
167 | AC_CHECK_HEADERS(math.h) | 161 | AC_CHECK_HEADERS(math.h) |
diff --git a/doc/developer-guidelines.sgml b/doc/developer-guidelines.sgml index 228d3fa1..6f31f365 100644 --- a/doc/developer-guidelines.sgml +++ b/doc/developer-guidelines.sgml | |||
@@ -200,9 +200,8 @@ | |||
200 | operation. Higher-level errors (such as name resolution errors, | 200 | operation. Higher-level errors (such as name resolution errors, |
201 | socket timeouts, etc) are outside of the control of plugins and should | 201 | socket timeouts, etc) are outside of the control of plugins and should |
202 | generally NOT be reported as UNKNOWN states. | 202 | generally NOT be reported as UNKNOWN states. |
203 | </para> | 203 | </para><para>The --help or --version output should also result in Unknown state. |
204 | <para>The --help or --version output should also result in Unknown state.</para> | 204 | </para></entry> |
205 | </entry> | ||
206 | </row> | 205 | </row> |
207 | </tbody> | 206 | </tbody> |
208 | </tgroup> | 207 | </tgroup> |
@@ -613,7 +612,7 @@ | |||
613 | The user should be allowed to specify -v multiple times to increase | 612 | The user should be allowed to specify -v multiple times to increase |
614 | the verbosity level, as described in <xref linkend="verboselevels">.</para> | 613 | the verbosity level, as described in <xref linkend="verboselevels">.</para> |
615 | 614 | ||
616 | The exit code for version information or help should be UNKNOWN | 615 | <para>The exit code for version information or help should be UNKNOWN |
617 | (3).</para> | 616 | (3).</para> |
618 | </section> | 617 | </section> |
619 | 618 | ||
diff --git a/plugins-root/check_dhcp.c b/plugins-root/check_dhcp.c index 3723e61a..d8afb172 100644 --- a/plugins-root/check_dhcp.c +++ b/plugins-root/check_dhcp.c | |||
@@ -229,7 +229,7 @@ struct in_addr requested_address; | |||
229 | 229 | ||
230 | int process_arguments(int, char **); | 230 | int process_arguments(int, char **); |
231 | int call_getopt(int, char **); | 231 | int call_getopt(int, char **); |
232 | int validate_arguments(void); | 232 | int validate_arguments(int, int); |
233 | void print_usage(void); | 233 | void print_usage(void); |
234 | void print_help(void); | 234 | void print_help(void); |
235 | 235 | ||
@@ -1059,29 +1059,19 @@ int get_results(void){ | |||
1059 | 1059 | ||
1060 | /* process command-line arguments */ | 1060 | /* process command-line arguments */ |
1061 | int process_arguments(int argc, char **argv){ | 1061 | int process_arguments(int argc, char **argv){ |
1062 | int c; | 1062 | int arg_index; |
1063 | 1063 | ||
1064 | if(argc<1) | 1064 | if(argc<1) |
1065 | return ERROR; | 1065 | return ERROR; |
1066 | 1066 | ||
1067 | c=0; | 1067 | arg_index = call_getopt(argc,argv); |
1068 | while((c+=(call_getopt(argc-c,&argv[c])))<argc){ | 1068 | return validate_arguments(argc,arg_index); |
1069 | |||
1070 | /* | ||
1071 | if(is_option(argv[c])) | ||
1072 | continue; | ||
1073 | */ | ||
1074 | } | ||
1075 | |||
1076 | return validate_arguments(); | ||
1077 | } | 1069 | } |
1078 | 1070 | ||
1079 | 1071 | ||
1080 | 1072 | ||
1081 | int call_getopt(int argc, char **argv){ | 1073 | int call_getopt(int argc, char **argv){ |
1082 | int c=0; | 1074 | extern int optind; |
1083 | int i=0; | ||
1084 | |||
1085 | int option_index = 0; | 1075 | int option_index = 0; |
1086 | static struct option long_options[] = | 1076 | static struct option long_options[] = |
1087 | { | 1077 | { |
@@ -1098,25 +1088,14 @@ int call_getopt(int argc, char **argv){ | |||
1098 | }; | 1088 | }; |
1099 | 1089 | ||
1100 | while(1){ | 1090 | while(1){ |
1101 | c=getopt_long(argc,argv,"+hVvt:s:r:t:i:m:u",long_options,&option_index); | 1091 | int c=0; |
1102 | 1092 | ||
1103 | i++; | 1093 | c=getopt_long(argc,argv,"+hVvt:s:r:t:i:m:u",long_options,&option_index); |
1104 | 1094 | ||
1105 | if(c==-1||c==EOF||c==1) | 1095 | if(c==-1||c==EOF||c==1) |
1106 | break; | 1096 | break; |
1107 | 1097 | ||
1108 | switch(c){ | 1098 | switch(c){ |
1109 | case 'w': | ||
1110 | case 'r': | ||
1111 | case 't': | ||
1112 | case 'i': | ||
1113 | i++; | ||
1114 | break; | ||
1115 | default: | ||
1116 | break; | ||
1117 | } | ||
1118 | |||
1119 | switch(c){ | ||
1120 | 1099 | ||
1121 | case 's': /* DHCP server address */ | 1100 | case 's': /* DHCP server address */ |
1122 | resolve_host(optarg,&dhcp_ip); | 1101 | resolve_host(optarg,&dhcp_ip); |
@@ -1181,12 +1160,14 @@ int call_getopt(int argc, char **argv){ | |||
1181 | break; | 1160 | break; |
1182 | } | 1161 | } |
1183 | } | 1162 | } |
1184 | 1163 | return optind; | |
1185 | return i; | ||
1186 | } | 1164 | } |
1187 | 1165 | ||
1188 | 1166 | ||
1189 | int validate_arguments(void){ | 1167 | int validate_arguments(int argc, int arg_index){ |
1168 | |||
1169 | if(argc-optind > 0) | ||
1170 | usage(_("Got unexpected non-option argument")); | ||
1190 | 1171 | ||
1191 | return OK; | 1172 | return OK; |
1192 | } | 1173 | } |
diff --git a/plugins/Makefile.am b/plugins/Makefile.am index 41906c53..0ddf9bd1 100644 --- a/plugins/Makefile.am +++ b/plugins/Makefile.am | |||
@@ -71,7 +71,7 @@ check_apt_LDADD = $(BASEOBJS) | |||
71 | check_cluster_LDADD = $(BASEOBJS) | 71 | check_cluster_LDADD = $(BASEOBJS) |
72 | check_dbi_LDADD = $(NETLIBS) $(DBILIBS) | 72 | check_dbi_LDADD = $(NETLIBS) $(DBILIBS) |
73 | check_dig_LDADD = $(NETLIBS) | 73 | check_dig_LDADD = $(NETLIBS) |
74 | check_disk_LDADD = $(BASEOBJS) $(THREADLIBS) | 74 | check_disk_LDADD = $(BASEOBJS) |
75 | check_dns_LDADD = $(NETLIBS) | 75 | check_dns_LDADD = $(NETLIBS) |
76 | check_dummy_LDADD = $(BASEOBJS) | 76 | check_dummy_LDADD = $(BASEOBJS) |
77 | check_fping_LDADD = $(NETLIBS) | 77 | check_fping_LDADD = $(NETLIBS) |
diff --git a/plugins/check_disk.c b/plugins/check_disk.c index 9693bad3..874a0ee0 100644 --- a/plugins/check_disk.c +++ b/plugins/check_disk.c | |||
@@ -51,9 +51,6 @@ const char *email = "devel@monitoring-plugins.org"; | |||
51 | # include <limits.h> | 51 | # include <limits.h> |
52 | #endif | 52 | #endif |
53 | #include "regex.h" | 53 | #include "regex.h" |
54 | #if HAVE_PTHREAD_H | ||
55 | # include <pthread.h> | ||
56 | #endif | ||
57 | 54 | ||
58 | #ifdef __CYGWIN__ | 55 | #ifdef __CYGWIN__ |
59 | # include <windows.h> | 56 | # include <windows.h> |
@@ -133,7 +130,6 @@ void print_help (void); | |||
133 | void print_usage (void); | 130 | void print_usage (void); |
134 | double calculate_percent(uintmax_t, uintmax_t); | 131 | double calculate_percent(uintmax_t, uintmax_t); |
135 | void stat_path (struct parameter_list *p); | 132 | void stat_path (struct parameter_list *p); |
136 | void *do_stat_path (void *p); | ||
137 | void get_stats (struct parameter_list *p, struct fs_usage *fsp); | 133 | void get_stats (struct parameter_list *p, struct fs_usage *fsp); |
138 | void get_path_stats (struct parameter_list *p, struct fs_usage *fsp); | 134 | void get_path_stats (struct parameter_list *p, struct fs_usage *fsp); |
139 | 135 | ||
@@ -972,44 +968,6 @@ print_usage (void) | |||
972 | void | 968 | void |
973 | stat_path (struct parameter_list *p) | 969 | stat_path (struct parameter_list *p) |
974 | { | 970 | { |
975 | #ifdef HAVE_PTHREAD_H | ||
976 | pthread_t stat_thread; | ||
977 | int statdone = 0; | ||
978 | int timer = timeout_interval; | ||
979 | struct timespec req, rem; | ||
980 | |||
981 | req.tv_sec = 0; | ||
982 | pthread_create(&stat_thread, NULL, do_stat_path, p); | ||
983 | while (timer-- > 0) { | ||
984 | req.tv_nsec = 10000000; | ||
985 | nanosleep(&req, &rem); | ||
986 | if (pthread_kill(stat_thread, 0)) { | ||
987 | statdone = 1; | ||
988 | break; | ||
989 | } else { | ||
990 | req.tv_nsec = 990000000; | ||
991 | nanosleep(&req, &rem); | ||
992 | } | ||
993 | } | ||
994 | if (statdone == 1) { | ||
995 | pthread_join(stat_thread, NULL); | ||
996 | } else { | ||
997 | pthread_detach(stat_thread); | ||
998 | if (verbose >= 3) | ||
999 | printf("stat did not return within %ds on %s\n", timeout_interval, p->name); | ||
1000 | printf("DISK %s - ", _("CRITICAL")); | ||
1001 | die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("hangs"), _("Timeout")); | ||
1002 | } | ||
1003 | #else | ||
1004 | do_stat_path(p); | ||
1005 | #endif | ||
1006 | } | ||
1007 | |||
1008 | void * | ||
1009 | do_stat_path (void *in) | ||
1010 | { | ||
1011 | struct parameter_list *p = in; | ||
1012 | |||
1013 | /* Stat entry to check that dir exists and is accessible */ | 971 | /* Stat entry to check that dir exists and is accessible */ |
1014 | if (verbose >= 3) | 972 | if (verbose >= 3) |
1015 | printf("calling stat on %s\n", p->name); | 973 | printf("calling stat on %s\n", p->name); |
@@ -1019,7 +977,6 @@ do_stat_path (void *in) | |||
1019 | printf("DISK %s - ", _("CRITICAL")); | 977 | printf("DISK %s - ", _("CRITICAL")); |
1020 | die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("is not accessible"), strerror(errno)); | 978 | die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("is not accessible"), strerror(errno)); |
1021 | } | 979 | } |
1022 | return NULL; | ||
1023 | } | 980 | } |
1024 | 981 | ||
1025 | 982 | ||
diff --git a/plugins/check_http.c b/plugins/check_http.c index 68b470ce..2038f4a1 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c | |||
@@ -343,9 +343,20 @@ process_arguments (int argc, char **argv) | |||
343 | parameters, like -S and -C combinations */ | 343 | parameters, like -S and -C combinations */ |
344 | use_ssl = TRUE; | 344 | use_ssl = TRUE; |
345 | if (c=='S' && optarg != NULL) { | 345 | if (c=='S' && optarg != NULL) { |
346 | ssl_version = atoi(optarg); | 346 | int got_plus = strchr(optarg, '+') != NULL; |
347 | if (ssl_version < 1 || ssl_version > 3) | 347 | |
348 | usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2) or 3 (SSLv3)")); | 348 | if (!strncmp (optarg, "1.2", 3)) |
349 | ssl_version = got_plus ? MP_TLSv1_2_OR_NEWER : MP_TLSv1_2; | ||
350 | else if (!strncmp (optarg, "1.1", 3)) | ||
351 | ssl_version = got_plus ? MP_TLSv1_1_OR_NEWER : MP_TLSv1_1; | ||
352 | else if (optarg[0] == '1') | ||
353 | ssl_version = got_plus ? MP_TLSv1_OR_NEWER : MP_TLSv1; | ||
354 | else if (optarg[0] == '3') | ||
355 | ssl_version = got_plus ? MP_SSLv3_OR_NEWER : MP_SSLv3; | ||
356 | else if (optarg[0] == '2') | ||
357 | ssl_version = got_plus ? MP_SSLv2_OR_NEWER : MP_SSLv2; | ||
358 | else | ||
359 | usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)")); | ||
349 | } | 360 | } |
350 | if (specify_port == FALSE) | 361 | if (specify_port == FALSE) |
351 | server_port = HTTPS_PORT; | 362 | server_port = HTTPS_PORT; |
@@ -1514,9 +1525,10 @@ print_help (void) | |||
1514 | printf (UT_IPv46); | 1525 | printf (UT_IPv46); |
1515 | 1526 | ||
1516 | #ifdef HAVE_SSL | 1527 | #ifdef HAVE_SSL |
1517 | printf (" %s\n", "-S, --ssl=VERSION"); | 1528 | printf (" %s\n", "-S, --ssl=VERSION[+]"); |
1518 | printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents")); | 1529 | printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents")); |
1519 | printf (" %s\n", _("auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3).")); | 1530 | printf (" %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,")); |
1531 | printf (" %s\n", _("1.2 = TLSv1.2). With a '+' suffix, newer versions are also accepted.")); | ||
1520 | printf (" %s\n", "--sni"); | 1532 | printf (" %s\n", "--sni"); |
1521 | printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); | 1533 | printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); |
1522 | printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); | 1534 | printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); |
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c index 56040ff2..1996c6d3 100644 --- a/plugins/check_smtp.c +++ b/plugins/check_smtp.c | |||
@@ -231,7 +231,7 @@ main (int argc, char **argv) | |||
231 | send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0); | 231 | send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0); |
232 | 232 | ||
233 | recvlines(buffer, MAX_INPUT_BUFFER); /* wait for it */ | 233 | recvlines(buffer, MAX_INPUT_BUFFER); /* wait for it */ |
234 | if (!strstr (buffer, server_expect)) { | 234 | if (!strstr (buffer, SMTP_EXPECT)) { |
235 | printf (_("Server does not support STARTTLS\n")); | 235 | printf (_("Server does not support STARTTLS\n")); |
236 | smtp_quit(); | 236 | smtp_quit(); |
237 | return STATE_UNKNOWN; | 237 | return STATE_UNKNOWN; |
@@ -276,6 +276,7 @@ main (int argc, char **argv) | |||
276 | # ifdef USE_OPENSSL | 276 | # ifdef USE_OPENSSL |
277 | if ( check_cert ) { | 277 | if ( check_cert ) { |
278 | result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); | 278 | result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); |
279 | smtp_quit(); | ||
279 | my_close(); | 280 | my_close(); |
280 | return result; | 281 | return result; |
281 | } | 282 | } |
@@ -581,11 +582,6 @@ process_arguments (int argc, char **argv) | |||
581 | usage4 (_("Timeout interval must be a positive integer")); | 582 | usage4 (_("Timeout interval must be a positive integer")); |
582 | } | 583 | } |
583 | break; | 584 | break; |
584 | case 'S': | ||
585 | /* starttls */ | ||
586 | use_ssl = TRUE; | ||
587 | use_ehlo = TRUE; | ||
588 | break; | ||
589 | case 'D': | 585 | case 'D': |
590 | /* Check SSL cert validity */ | 586 | /* Check SSL cert validity */ |
591 | #ifdef USE_OPENSSL | 587 | #ifdef USE_OPENSSL |
@@ -607,9 +603,14 @@ process_arguments (int argc, char **argv) | |||
607 | days_till_exp_warn = atoi (optarg); | 603 | days_till_exp_warn = atoi (optarg); |
608 | } | 604 | } |
609 | check_cert = TRUE; | 605 | check_cert = TRUE; |
606 | ignore_send_quit_failure = TRUE; | ||
610 | #else | 607 | #else |
611 | usage (_("SSL support not available - install OpenSSL and recompile")); | 608 | usage (_("SSL support not available - install OpenSSL and recompile")); |
612 | #endif | 609 | #endif |
610 | case 'S': | ||
611 | /* starttls */ | ||
612 | use_ssl = TRUE; | ||
613 | use_ehlo = TRUE; | ||
613 | break; | 614 | break; |
614 | case '4': | 615 | case '4': |
615 | address_family = AF_INET; | 616 | address_family = AF_INET; |
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c index 28cc44dd..9839d6e8 100644 --- a/plugins/check_snmp.c +++ b/plugins/check_snmp.c | |||
@@ -41,7 +41,6 @@ const char *email = "devel@monitoring-plugins.org"; | |||
41 | #define DEFAULT_PORT "161" | 41 | #define DEFAULT_PORT "161" |
42 | #define DEFAULT_MIBLIST "ALL" | 42 | #define DEFAULT_MIBLIST "ALL" |
43 | #define DEFAULT_PROTOCOL "1" | 43 | #define DEFAULT_PROTOCOL "1" |
44 | #define DEFAULT_TIMEOUT 1 | ||
45 | #define DEFAULT_RETRIES 5 | 44 | #define DEFAULT_RETRIES 5 |
46 | #define DEFAULT_AUTH_PROTOCOL "MD5" | 45 | #define DEFAULT_AUTH_PROTOCOL "MD5" |
47 | #define DEFAULT_PRIV_PROTOCOL "DES" | 46 | #define DEFAULT_PRIV_PROTOCOL "DES" |
@@ -227,7 +226,7 @@ main (int argc, char **argv) | |||
227 | outbuff = strdup (""); | 226 | outbuff = strdup (""); |
228 | delimiter = strdup (" = "); | 227 | delimiter = strdup (" = "); |
229 | output_delim = strdup (DEFAULT_OUTPUT_DELIMITER); | 228 | output_delim = strdup (DEFAULT_OUTPUT_DELIMITER); |
230 | timeout_interval = DEFAULT_TIMEOUT; | 229 | timeout_interval = DEFAULT_SOCKET_TIMEOUT; |
231 | retries = DEFAULT_RETRIES; | 230 | retries = DEFAULT_RETRIES; |
232 | 231 | ||
233 | np_init( (char *) progname, argc, argv ); | 232 | np_init( (char *) progname, argc, argv ); |
diff --git a/plugins/check_ups.c b/plugins/check_ups.c index dc5a348b..e9e56a51 100644 --- a/plugins/check_ups.c +++ b/plugins/check_ups.c | |||
@@ -242,8 +242,8 @@ main (int argc, char **argv) | |||
242 | } | 242 | } |
243 | xasprintf (&data, "%s %s", data, | 243 | xasprintf (&data, "%s %s", data, |
244 | perfdata ("battery", (long)ups_battery_percent, "%", | 244 | perfdata ("battery", (long)ups_battery_percent, "%", |
245 | check_warn, (long)(1000*warning_value), | 245 | check_warn, (long)(warning_value), |
246 | check_crit, (long)(1000*critical_value), | 246 | check_crit, (long)(critical_value), |
247 | TRUE, 0, TRUE, 100)); | 247 | TRUE, 0, TRUE, 100)); |
248 | } else { | 248 | } else { |
249 | xasprintf (&data, "%s %s", data, | 249 | xasprintf (&data, "%s %s", data, |
@@ -271,8 +271,8 @@ main (int argc, char **argv) | |||
271 | } | 271 | } |
272 | xasprintf (&data, "%s %s", data, | 272 | xasprintf (&data, "%s %s", data, |
273 | perfdata ("load", (long)ups_load_percent, "%", | 273 | perfdata ("load", (long)ups_load_percent, "%", |
274 | check_warn, (long)(1000*warning_value), | 274 | check_warn, (long)(warning_value), |
275 | check_crit, (long)(1000*critical_value), | 275 | check_crit, (long)(critical_value), |
276 | TRUE, 0, TRUE, 100)); | 276 | TRUE, 0, TRUE, 100)); |
277 | } else { | 277 | } else { |
278 | xasprintf (&data, "%s %s", data, | 278 | xasprintf (&data, "%s %s", data, |
@@ -308,8 +308,8 @@ main (int argc, char **argv) | |||
308 | } | 308 | } |
309 | xasprintf (&data, "%s %s", data, | 309 | xasprintf (&data, "%s %s", data, |
310 | perfdata ("temp", (long)ups_temperature, tunits, | 310 | perfdata ("temp", (long)ups_temperature, tunits, |
311 | check_warn, (long)(1000*warning_value), | 311 | check_warn, (long)(warning_value), |
312 | check_crit, (long)(1000*critical_value), | 312 | check_crit, (long)(critical_value), |
313 | TRUE, 0, FALSE, 0)); | 313 | TRUE, 0, FALSE, 0)); |
314 | } else { | 314 | } else { |
315 | xasprintf (&data, "%s %s", data, | 315 | xasprintf (&data, "%s %s", data, |
diff --git a/plugins/netutils.h b/plugins/netutils.h index c6fce901..2766029e 100644 --- a/plugins/netutils.h +++ b/plugins/netutils.h | |||
@@ -91,6 +91,16 @@ RETSIGTYPE socket_timeout_alarm_handler (int) __attribute__((noreturn)); | |||
91 | 91 | ||
92 | /* SSL-Related functionality */ | 92 | /* SSL-Related functionality */ |
93 | #ifdef HAVE_SSL | 93 | #ifdef HAVE_SSL |
94 | # define MP_SSLv2 1 | ||
95 | # define MP_SSLv3 2 | ||
96 | # define MP_TLSv1 3 | ||
97 | # define MP_TLSv1_1 4 | ||
98 | # define MP_TLSv1_2 5 | ||
99 | # define MP_SSLv2_OR_NEWER 6 | ||
100 | # define MP_SSLv3_OR_NEWER 7 | ||
101 | # define MP_TLSv1_OR_NEWER 8 | ||
102 | # define MP_TLSv1_1_OR_NEWER 9 | ||
103 | # define MP_TLSv1_2_OR_NEWER 10 | ||
94 | /* maybe this could be merged with the above np_net_connect, via some flags */ | 104 | /* maybe this could be merged with the above np_net_connect, via some flags */ |
95 | int np_net_ssl_init(int sd); | 105 | int np_net_ssl_init(int sd); |
96 | int np_net_ssl_init_with_hostname(int sd, char *host_name); | 106 | int np_net_ssl_init_with_hostname(int sd, char *host_name); |
diff --git a/plugins/sslutils.c b/plugins/sslutils.c index c9882c69..4f9c793c 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c | |||
@@ -49,28 +49,78 @@ int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int versi | |||
49 | 49 | ||
50 | int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int version, char *cert, char *privkey) { | 50 | int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int version, char *cert, char *privkey) { |
51 | SSL_METHOD *method = NULL; | 51 | SSL_METHOD *method = NULL; |
52 | long options = 0; | ||
52 | 53 | ||
53 | switch (version) { | 54 | switch (version) { |
54 | case 0: /* Deafult to auto negotiation */ | 55 | case MP_SSLv2: /* SSLv2 protocol */ |
55 | method = SSLv23_client_method(); | ||
56 | break; | ||
57 | case 1: /* TLSv1 protocol */ | ||
58 | method = TLSv1_client_method(); | ||
59 | break; | ||
60 | case 2: /* SSLv2 protocol */ | ||
61 | #if defined(USE_GNUTLS) || defined(OPENSSL_NO_SSL2) | 56 | #if defined(USE_GNUTLS) || defined(OPENSSL_NO_SSL2) |
62 | printf(("%s\n", _("CRITICAL - SSL protocol version 2 is not supported by your SSL library."))); | 57 | printf("%s\n", _("UNKNOWN - SSL protocol version 2 is not supported by your SSL library.")); |
63 | return STATE_CRITICAL; | 58 | return STATE_UNKNOWN; |
64 | #else | 59 | #else |
65 | method = SSLv2_client_method(); | 60 | method = SSLv2_client_method(); |
66 | #endif | ||
67 | break; | 61 | break; |
68 | case 3: /* SSLv3 protocol */ | 62 | #endif |
63 | case MP_SSLv3: /* SSLv3 protocol */ | ||
64 | #if defined(OPENSSL_NO_SSL3) | ||
65 | printf("%s\n", _("UNKNOWN - SSL protocol version 3 is not supported by your SSL library.")); | ||
66 | return STATE_UNKNOWN; | ||
67 | #else | ||
69 | method = SSLv3_client_method(); | 68 | method = SSLv3_client_method(); |
70 | break; | 69 | break; |
71 | default: /* Unsupported */ | 70 | #endif |
72 | printf("%s\n", _("CRITICAL - Unsupported SSL protocol version.")); | 71 | case MP_TLSv1: /* TLSv1 protocol */ |
73 | return STATE_CRITICAL; | 72 | #if defined(OPENSSL_NO_TLS1) |
73 | printf("%s\n", _("UNKNOWN - TLS protocol version 1 is not supported by your SSL library.")); | ||
74 | return STATE_UNKNOWN; | ||
75 | #else | ||
76 | method = TLSv1_client_method(); | ||
77 | break; | ||
78 | #endif | ||
79 | case MP_TLSv1_1: /* TLSv1.1 protocol */ | ||
80 | #if !defined(SSL_OP_NO_TLSv1_1) | ||
81 | printf("%s\n", _("UNKNOWN - TLS protocol version 1.1 is not supported by your SSL library.")); | ||
82 | return STATE_UNKNOWN; | ||
83 | #else | ||
84 | method = TLSv1_1_client_method(); | ||
85 | break; | ||
86 | #endif | ||
87 | case MP_TLSv1_2: /* TLSv1.2 protocol */ | ||
88 | #if !defined(SSL_OP_NO_TLSv1_2) | ||
89 | printf("%s\n", _("UNKNOWN - TLS protocol version 1.2 is not supported by your SSL library.")); | ||
90 | return STATE_UNKNOWN; | ||
91 | #else | ||
92 | method = TLSv1_2_client_method(); | ||
93 | break; | ||
94 | #endif | ||
95 | case MP_TLSv1_2_OR_NEWER: | ||
96 | #if !defined(SSL_OP_NO_TLSv1_1) | ||
97 | printf("%s\n", _("UNKNOWN - Disabling TLSv1.1 is not supported by your SSL library.")); | ||
98 | return STATE_UNKNOWN; | ||
99 | #else | ||
100 | options |= SSL_OP_NO_TLSv1_1; | ||
101 | #endif | ||
102 | /* FALLTHROUGH */ | ||
103 | case MP_TLSv1_1_OR_NEWER: | ||
104 | #if !defined(SSL_OP_NO_TLSv1) | ||
105 | printf("%s\n", _("UNKNOWN - Disabling TLSv1 is not supported by your SSL library.")); | ||
106 | return STATE_UNKNOWN; | ||
107 | #else | ||
108 | options |= SSL_OP_NO_TLSv1; | ||
109 | #endif | ||
110 | /* FALLTHROUGH */ | ||
111 | case MP_TLSv1_OR_NEWER: | ||
112 | #if defined(SSL_OP_NO_SSLv3) | ||
113 | options |= SSL_OP_NO_SSLv3; | ||
114 | #endif | ||
115 | /* FALLTHROUGH */ | ||
116 | case MP_SSLv3_OR_NEWER: | ||
117 | #if defined(SSL_OP_NO_SSLv2) | ||
118 | options |= SSL_OP_NO_SSLv2; | ||
119 | #endif | ||
120 | case MP_SSLv2_OR_NEWER: | ||
121 | /* FALLTHROUGH */ | ||
122 | default: /* Default to auto negotiation */ | ||
123 | method = SSLv23_client_method(); | ||
74 | } | 124 | } |
75 | if (!initialized) { | 125 | if (!initialized) { |
76 | /* Initialize SSL context */ | 126 | /* Initialize SSL context */ |
@@ -94,8 +144,9 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int | |||
94 | #endif | 144 | #endif |
95 | } | 145 | } |
96 | #ifdef SSL_OP_NO_TICKET | 146 | #ifdef SSL_OP_NO_TICKET |
97 | SSL_CTX_set_options(c, SSL_OP_NO_TICKET); | 147 | options |= SSL_OP_NO_TICKET; |
98 | #endif | 148 | #endif |
149 | SSL_CTX_set_options(c, options); | ||
99 | SSL_CTX_set_mode(c, SSL_MODE_AUTO_RETRY); | 150 | SSL_CTX_set_mode(c, SSL_MODE_AUTO_RETRY); |
100 | if ((s = SSL_new(c)) != NULL) { | 151 | if ((s = SSL_new(c)) != NULL) { |
101 | #ifdef SSL_set_tlsext_host_name | 152 | #ifdef SSL_set_tlsext_host_name |
diff --git a/plugins/t/check_snmp.t b/plugins/t/check_snmp.t index 2d6c44a7..aefd872a 100644 --- a/plugins/t/check_snmp.t +++ b/plugins/t/check_snmp.t | |||
@@ -166,8 +166,8 @@ SKIP: { | |||
166 | SKIP: { | 166 | SKIP: { |
167 | skip "no non responsive host defined", 2 if ( ! $host_nonresponsive ); | 167 | skip "no non responsive host defined", 2 if ( ! $host_nonresponsive ); |
168 | $res = NPTest->testCmd( "./check_snmp -H $host_nonresponsive -C np_foobar -o system.sysUpTime.0 -w 1: -c 1:"); | 168 | $res = NPTest->testCmd( "./check_snmp -H $host_nonresponsive -C np_foobar -o system.sysUpTime.0 -w 1: -c 1:"); |
169 | cmp_ok( $res->return_code, '==', 3, "Exit UNKNOWN with non responsive host" ); | 169 | cmp_ok( $res->return_code, '==', 2, "Exit CRITICAL with non responsive host" ); |
170 | like($res->output, '/External command error: Timeout: No Response from /', "String matches timeout problem"); | 170 | like($res->output, '/Plugin timed out while executing system call/', "String matches timeout problem"); |
171 | } | 171 | } |
172 | 172 | ||
173 | SKIP: { | 173 | SKIP: { |