diff options
| -rw-r--r-- | plugins/check_curl.c | 43 | ||||
| -rw-r--r-- | plugins/check_mysql_query.c | 12 | ||||
| -rw-r--r-- | plugins/t/check_curl.t | 4 | ||||
| -rwxr-xr-x | plugins/tests/check_curl.t | 16 |
4 files changed, 54 insertions, 21 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 2d69b310..ee9c8b1d 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c | |||
| @@ -296,6 +296,28 @@ CURLcode sslctxfun(CURL *curl, SSL_CTX *sslctx, void *parm) | |||
| 296 | #endif /* USE_OPENSSL */ | 296 | #endif /* USE_OPENSSL */ |
| 297 | #endif /* HAVE_SSL */ | 297 | #endif /* HAVE_SSL */ |
| 298 | 298 | ||
| 299 | /* returns a string "HTTP/1.x" or "HTTP/2" */ | ||
| 300 | static char *string_statuscode (int major, int minor) | ||
| 301 | { | ||
| 302 | static char buf[10]; | ||
| 303 | |||
| 304 | switch (major) { | ||
| 305 | case 1: | ||
| 306 | snprintf (buf, sizeof (buf), "HTTP/%d.%d", major, minor); | ||
| 307 | break; | ||
| 308 | case 2: | ||
| 309 | case 3: | ||
| 310 | snprintf (buf, sizeof (buf), "HTTP/%d", major); | ||
| 311 | break; | ||
| 312 | default: | ||
| 313 | /* assuming here HTTP/N with N>=4 */ | ||
| 314 | snprintf (buf, sizeof (buf), "HTTP/%d", major); | ||
| 315 | break; | ||
| 316 | } | ||
| 317 | |||
| 318 | return buf; | ||
| 319 | } | ||
| 320 | |||
| 299 | /* Checks if the server 'reply' is one of the expected 'statuscodes' */ | 321 | /* Checks if the server 'reply' is one of the expected 'statuscodes' */ |
| 300 | static int | 322 | static int |
| 301 | expected_statuscode (const char *reply, const char *statuscodes) | 323 | expected_statuscode (const char *reply, const char *statuscodes) |
| @@ -640,7 +662,7 @@ check_http (void) | |||
| 640 | /* Curl errors, result in critical Nagios state */ | 662 | /* Curl errors, result in critical Nagios state */ |
| 641 | if (res != CURLE_OK) { | 663 | if (res != CURLE_OK) { |
| 642 | snprintf (msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host on port %d: cURL returned %d - %s"), | 664 | snprintf (msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host on port %d: cURL returned %d - %s"), |
| 643 | server_port, res, curl_easy_strerror(res)); | 665 | server_port, res, errbuf[0] ? errbuf : curl_easy_strerror(res)); |
| 644 | die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); | 666 | die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); |
| 645 | } | 667 | } |
| 646 | 668 | ||
| @@ -746,7 +768,8 @@ GOT_FIRST_CERT: | |||
| 746 | if (curlhelp_parse_statusline (header_buf.buf, &status_line) < 0) { | 768 | if (curlhelp_parse_statusline (header_buf.buf, &status_line) < 0) { |
| 747 | snprintf (msg, DEFAULT_BUFFER_SIZE, "Unparsable status line in %.3g seconds response time|%s\n", | 769 | snprintf (msg, DEFAULT_BUFFER_SIZE, "Unparsable status line in %.3g seconds response time|%s\n", |
| 748 | total_time, perfstring); | 770 | total_time, perfstring); |
| 749 | die (STATE_CRITICAL, "HTTP CRITICAL HTTP/1.x %ld unknown - %s", code, msg); | 771 | /* we cannot know the major/minor version here for sure as we cannot parse the first line */ |
| 772 | die (STATE_CRITICAL, "HTTP CRITICAL HTTP/x.x %ld unknown - %s", code, msg); | ||
| 750 | } | 773 | } |
| 751 | 774 | ||
| 752 | /* get result code from cURL */ | 775 | /* get result code from cURL */ |
| @@ -823,8 +846,8 @@ GOT_FIRST_CERT: | |||
| 823 | 846 | ||
| 824 | /* check status codes, set exit status accordingly */ | 847 | /* check status codes, set exit status accordingly */ |
| 825 | if( status_line.http_code != code ) { | 848 | if( status_line.http_code != code ) { |
| 826 | die (STATE_CRITICAL, _("HTTP CRITICAL HTTP/%d.%d %d %s - different HTTP codes (cUrl has %ld)\n"), | 849 | die (STATE_CRITICAL, _("HTTP CRITICAL %s %d %s - different HTTP codes (cUrl has %ld)\n"), |
| 827 | status_line.http_major, status_line.http_minor, | 850 | string_statuscode (status_line.http_major, status_line.http_minor), |
| 828 | status_line.http_code, status_line.msg, code); | 851 | status_line.http_code, status_line.msg, code); |
| 829 | } | 852 | } |
| 830 | 853 | ||
| @@ -895,8 +918,8 @@ GOT_FIRST_CERT: | |||
| 895 | msg[strlen(msg)-3] = '\0'; | 918 | msg[strlen(msg)-3] = '\0'; |
| 896 | 919 | ||
| 897 | /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */ | 920 | /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */ |
| 898 | die (result, "HTTP %s: HTTP/%d.%d %d %s%s%s - %d bytes in %.3f second response time %s|%s\n", | 921 | die (result, "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n", |
| 899 | state_text(result), status_line.http_major, status_line.http_minor, | 922 | state_text(result), string_statuscode (status_line.http_major, status_line.http_minor), |
| 900 | status_line.http_code, status_line.msg, | 923 | status_line.http_code, status_line.msg, |
| 901 | strlen(msg) > 0 ? " - " : "", | 924 | strlen(msg) > 0 ? " - " : "", |
| 902 | msg, page_len, total_time, | 925 | msg, page_len, total_time, |
| @@ -1041,7 +1064,7 @@ redir (curlhelp_write_curlbuf* header_buf) | |||
| 1041 | const UriPathSegmentA* p = uri.pathHead; | 1064 | const UriPathSegmentA* p = uri.pathHead; |
| 1042 | for (; p; p = p->next) { | 1065 | for (; p; p = p->next) { |
| 1043 | strncat (new_url, "/", DEFAULT_BUFFER_SIZE); | 1066 | strncat (new_url, "/", DEFAULT_BUFFER_SIZE); |
| 1044 | strncat (new_url, uri_string (p->text, buf, DEFAULT_BUFFER_SIZE), DEFAULT_BUFFER_SIZE); | 1067 | strncat (new_url, uri_string (p->text, buf, DEFAULT_BUFFER_SIZE), DEFAULT_BUFFER_SIZE-1); |
| 1045 | } | 1068 | } |
| 1046 | } | 1069 | } |
| 1047 | 1070 | ||
| @@ -1354,7 +1377,7 @@ process_arguments (int argc, char **argv) | |||
| 1354 | ssl_version = CURL_SSLVERSION_DEFAULT; | 1377 | ssl_version = CURL_SSLVERSION_DEFAULT; |
| 1355 | #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0) */ | 1378 | #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0) */ |
| 1356 | else | 1379 | else |
| 1357 | usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)")); | 1380 | usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2, 1.3 (with optional '+' suffix)")); |
| 1358 | } | 1381 | } |
| 1359 | #if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) | 1382 | #if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) |
| 1360 | if (got_plus) { | 1383 | if (got_plus) { |
| @@ -1659,7 +1682,7 @@ print_help (void) | |||
| 1659 | printf (" %s\n", "-S, --ssl=VERSION[+]"); | 1682 | printf (" %s\n", "-S, --ssl=VERSION[+]"); |
| 1660 | printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents")); | 1683 | printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents")); |
| 1661 | printf (" %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,")); | 1684 | printf (" %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,")); |
| 1662 | printf (" %s\n", _("1.2 = TLSv1.2). With a '+' suffix, newer versions are also accepted.")); | 1685 | printf (" %s\n", _("1.2 = TLSv1.2, 1.3 = TLSv1.3). With a '+' suffix, newer versions are also accepted.")); |
| 1663 | printf (" %s\n", _("Note: SSLv2 and SSLv3 are deprecated and are usually disabled in libcurl")); | 1686 | printf (" %s\n", _("Note: SSLv2 and SSLv3 are deprecated and are usually disabled in libcurl")); |
| 1664 | printf (" %s\n", "--sni"); | 1687 | printf (" %s\n", "--sni"); |
| 1665 | printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); | 1688 | printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); |
| @@ -2037,7 +2060,7 @@ get_header_value (const struct phr_header* headers, const size_t nof_headers, co | |||
| 2037 | { | 2060 | { |
| 2038 | int i; | 2061 | int i; |
| 2039 | for( i = 0; i < nof_headers; i++ ) { | 2062 | for( i = 0; i < nof_headers; i++ ) { |
| 2040 | if( strncasecmp( header, headers[i].name, max( headers[i].name_len, 4 ) ) == 0 ) { | 2063 | if(headers[i].name != NULL && strncasecmp( header, headers[i].name, max( headers[i].name_len, 4 ) ) == 0 ) { |
| 2041 | return strndup( headers[i].value, headers[i].value_len ); | 2064 | return strndup( headers[i].value, headers[i].value_len ); |
| 2042 | } | 2065 | } |
| 2043 | } | 2066 | } |
diff --git a/plugins/check_mysql_query.c b/plugins/check_mysql_query.c index 49a14dd3..ac2fb15d 100644 --- a/plugins/check_mysql_query.c +++ b/plugins/check_mysql_query.c | |||
| @@ -136,18 +136,18 @@ main (int argc, char **argv) | |||
| 136 | die (STATE_CRITICAL, "QUERY %s: Fetch row error - %s\n", _("CRITICAL"), error); | 136 | die (STATE_CRITICAL, "QUERY %s: Fetch row error - %s\n", _("CRITICAL"), error); |
| 137 | } | 137 | } |
| 138 | 138 | ||
| 139 | /* free the result */ | ||
| 140 | mysql_free_result (res); | ||
| 141 | |||
| 142 | /* close the connection */ | ||
| 143 | mysql_close (&mysql); | ||
| 144 | |||
| 145 | if (! is_numeric(row[0])) { | 139 | if (! is_numeric(row[0])) { |
| 146 | die (STATE_CRITICAL, "QUERY %s: %s - '%s'\n", _("CRITICAL"), _("Is not a numeric"), row[0]); | 140 | die (STATE_CRITICAL, "QUERY %s: %s - '%s'\n", _("CRITICAL"), _("Is not a numeric"), row[0]); |
| 147 | } | 141 | } |
| 148 | 142 | ||
| 149 | value = strtod(row[0], NULL); | 143 | value = strtod(row[0], NULL); |
| 150 | 144 | ||
| 145 | /* free the result */ | ||
| 146 | mysql_free_result (res); | ||
| 147 | |||
| 148 | /* close the connection */ | ||
| 149 | mysql_close (&mysql); | ||
| 150 | |||
| 151 | if (verbose >= 3) | 151 | if (verbose >= 3) |
| 152 | printf("mysql result: %f\n", value); | 152 | printf("mysql result: %f\n", value); |
| 153 | 153 | ||
diff --git a/plugins/t/check_curl.t b/plugins/t/check_curl.t index 4bff538a..cc65f037 100644 --- a/plugins/t/check_curl.t +++ b/plugins/t/check_curl.t | |||
| @@ -46,7 +46,7 @@ $res = NPTest->testCmd( | |||
| 46 | ); | 46 | ); |
| 47 | cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" ); | 47 | cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" ); |
| 48 | # was CRITICAL only, but both check_curl and check_http print HTTP CRITICAL (puzzle?!) | 48 | # was CRITICAL only, but both check_curl and check_http print HTTP CRITICAL (puzzle?!) |
| 49 | cmp_ok( $res->output, 'eq', "HTTP CRITICAL - Invalid HTTP response received from host on port 80: cURL returned 28 - Timeout was reached", "Output OK"); | 49 | like( $res->output, "/HTTP CRITICAL - Invalid HTTP response received from host on port 80: cURL returned 28 - Connection timed out after/", "Output OK"); |
| 50 | 50 | ||
| 51 | $res = NPTest->testCmd( | 51 | $res = NPTest->testCmd( |
| 52 | "./$plugin $hostname_invalid -wt 1 -ct 2" | 52 | "./$plugin $hostname_invalid -wt 1 -ct 2" |
| @@ -56,7 +56,7 @@ cmp_ok( $res->return_code, '==', 2, "Webserver $hostname_invalid not valid" ); | |||
| 56 | # On Debian, it is Name or service not known, on Darwin, it is No address associated with nodename | 56 | # On Debian, it is Name or service not known, on Darwin, it is No address associated with nodename |
| 57 | # Is also possible to get a socket timeout if DNS is not responding fast enough | 57 | # Is also possible to get a socket timeout if DNS is not responding fast enough |
| 58 | # cURL gives us consistent strings from it's own 'lib/strerror.c' | 58 | # cURL gives us consistent strings from it's own 'lib/strerror.c' |
| 59 | like( $res->output, "/cURL returned 6 - Couldn't resolve host name/", "Output OK"); | 59 | like( $res->output, "/cURL returned 6 - Could not resolve host:/", "Output OK"); |
| 60 | 60 | ||
| 61 | # host header checks | 61 | # host header checks |
| 62 | $res = NPTest->testCmd("./$plugin -v -H $host_tcp_http"); | 62 | $res = NPTest->testCmd("./$plugin -v -H $host_tcp_http"); |
diff --git a/plugins/tests/check_curl.t b/plugins/tests/check_curl.t index 1afbe4bb..0caad23d 100755 --- a/plugins/tests/check_curl.t +++ b/plugins/tests/check_curl.t | |||
| @@ -21,7 +21,7 @@ use FindBin qw($Bin); | |||
| 21 | 21 | ||
| 22 | $ENV{'LC_TIME'} = "C"; | 22 | $ENV{'LC_TIME'} = "C"; |
| 23 | 23 | ||
| 24 | my $common_tests = 70; | 24 | my $common_tests = 72; |
| 25 | my $ssl_only_tests = 8; | 25 | my $ssl_only_tests = 8; |
| 26 | # Check that all dependent modules are available | 26 | # Check that all dependent modules are available |
| 27 | eval "use HTTP::Daemon 6.01;"; | 27 | eval "use HTTP::Daemon 6.01;"; |
| @@ -188,6 +188,12 @@ sub run_server { | |||
| 188 | $c->send_basic_header; | 188 | $c->send_basic_header; |
| 189 | $c->send_header('foo'); | 189 | $c->send_header('foo'); |
| 190 | $c->send_crlf; | 190 | $c->send_crlf; |
| 191 | } elsif ($r->url->path eq "/header_broken_check") { | ||
| 192 | $c->send_basic_header; | ||
| 193 | $c->send_header('foo'); | ||
| 194 | print $c "Test1:: broken\n"; | ||
| 195 | print $c " Test2: leading whitespace\n"; | ||
| 196 | $c->send_crlf; | ||
| 191 | } elsif ($r->url->path eq "/virtual_port") { | 197 | } elsif ($r->url->path eq "/virtual_port") { |
| 192 | # return sent Host header | 198 | # return sent Host header |
| 193 | $c->send_basic_header; | 199 | $c->send_basic_header; |
| @@ -247,7 +253,7 @@ my $cmd; | |||
| 247 | # advanced checks with virtual hostname and virtual port | 253 | # advanced checks with virtual hostname and virtual port |
| 248 | SKIP: { | 254 | SKIP: { |
| 249 | skip "libcurl version is smaller than $required_version", 6 unless $use_advanced_checks; | 255 | skip "libcurl version is smaller than $required_version", 6 unless $use_advanced_checks; |
| 250 | 256 | ||
| 251 | # http without virtual port | 257 | # http without virtual port |
| 252 | $cmd = "./$plugin -H $virtual_host -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host:$port_http\$"; | 258 | $cmd = "./$plugin -H $virtual_host -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host:$port_http\$"; |
| 253 | $result = NPTest->testCmd( $cmd ); | 259 | $result = NPTest->testCmd( $cmd ); |
| @@ -259,7 +265,7 @@ SKIP: { | |||
| 259 | $result = NPTest->testCmd( $cmd ); | 265 | $result = NPTest->testCmd( $cmd ); |
| 260 | is( $result->return_code, 0, $cmd); | 266 | is( $result->return_code, 0, $cmd); |
| 261 | like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); | 267 | like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); |
| 262 | 268 | ||
| 263 | # http with virtual port (80) | 269 | # http with virtual port (80) |
| 264 | $cmd = "./$plugin -H $virtual_host:80 -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host\$"; | 270 | $cmd = "./$plugin -H $virtual_host:80 -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host\$"; |
| 265 | $result = NPTest->testCmd( $cmd ); | 271 | $result = NPTest->testCmd( $cmd ); |
| @@ -321,6 +327,10 @@ sub run_common_tests { | |||
| 321 | is( $result->return_code, 2, "Missing header string check"); | 327 | is( $result->return_code, 2, "Missing header string check"); |
| 322 | like( $result->output, qr%^HTTP CRITICAL: HTTP/1\.1 200 OK - header 'bar' not found on 'https?://127\.0\.0\.1:\d+/header_check'%, "Shows search string and location"); | 328 | like( $result->output, qr%^HTTP CRITICAL: HTTP/1\.1 200 OK - header 'bar' not found on 'https?://127\.0\.0\.1:\d+/header_check'%, "Shows search string and location"); |
| 323 | 329 | ||
| 330 | $result = NPTest->testCmd( "$command -u /header_broken_check" ); | ||
| 331 | is( $result->return_code, 0, "header_check search for string"); | ||
| 332 | like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 138 bytes in [\d\.]+ second/', "Output correct" ); | ||
| 333 | |||
| 324 | my $cmd; | 334 | my $cmd; |
| 325 | $cmd = "$command -u /slow"; | 335 | $cmd = "$command -u /slow"; |
| 326 | $result = NPTest->testCmd( $cmd ); | 336 | $result = NPTest->testCmd( $cmd ); |