diff options
-rw-r--r-- | plugins/check_ssh.c | 26 | ||||
-rw-r--r-- | plugins/t/check_ssh.t | 76 |
2 files changed, 70 insertions, 32 deletions
diff --git a/plugins/check_ssh.c b/plugins/check_ssh.c index 8a3abb03..b4bfab45 100644 --- a/plugins/check_ssh.c +++ b/plugins/check_ssh.c | |||
@@ -278,11 +278,35 @@ ssh_connect (char *haddr, int hport, char *remote_version, char *remote_protocol | |||
278 | printf("SSH CRITICAL - No version control string received"); | 278 | printf("SSH CRITICAL - No version control string received"); |
279 | exit(STATE_CRITICAL); | 279 | exit(STATE_CRITICAL); |
280 | } | 280 | } |
281 | /* | ||
282 | * "When the connection has been established, both sides MUST send an | ||
283 | * identification string. This identification string MUST be | ||
284 | * | ||
285 | * SSH-protoversion-softwareversion SP comments CR LF" | ||
286 | * - RFC 4253:4.2 | ||
287 | */ | ||
281 | strip (version_control_string); | 288 | strip (version_control_string); |
282 | if (verbose) | 289 | if (verbose) |
283 | printf ("%s\n", version_control_string); | 290 | printf ("%s\n", version_control_string); |
284 | ssh_proto = version_control_string + 4; | 291 | ssh_proto = version_control_string + 4; |
285 | ssh_server = ssh_proto + strspn (ssh_proto, "-0123456789."); | 292 | |
293 | /* | ||
294 | * We assume the protoversion is of the form Major.Minor, although | ||
295 | * this is not _strictly_ required. See | ||
296 | * | ||
297 | * "Both the 'protoversion' and 'softwareversion' strings MUST consist of | ||
298 | * printable US-ASCII characters, with the exception of whitespace | ||
299 | * characters and the minus sign (-)" | ||
300 | * - RFC 4253:4.2 | ||
301 | * and, | ||
302 | * | ||
303 | * "As stated earlier, the 'protoversion' specified for this protocol is | ||
304 | * "2.0". Earlier versions of this protocol have not been formally | ||
305 | * documented, but it is widely known that they use 'protoversion' of | ||
306 | * "1.x" (e.g., "1.5" or "1.3")." | ||
307 | * - RFC 4253:5 | ||
308 | */ | ||
309 | ssh_server = ssh_proto + strspn (ssh_proto, "0123456789.") + 1; /* (+1 for the '-' separating protoversion from softwareversion) */ | ||
286 | 310 | ||
287 | /* If there's a space in the version string, whatever's after the space is a comment | 311 | /* If there's a space in the version string, whatever's after the space is a comment |
288 | * (which is NOT part of the server name/version)*/ | 312 | * (which is NOT part of the server name/version)*/ |
diff --git a/plugins/t/check_ssh.t b/plugins/t/check_ssh.t index 3e1824df..7df62651 100644 --- a/plugins/t/check_ssh.t +++ b/plugins/t/check_ssh.t | |||
@@ -8,10 +8,13 @@ use strict; | |||
8 | use Test::More; | 8 | use Test::More; |
9 | use NPTest; | 9 | use NPTest; |
10 | 10 | ||
11 | my $res; | ||
12 | |||
11 | # Required parameters | 13 | # Required parameters |
12 | my $ssh_host = getTestParameter("NP_SSH_HOST", | 14 | my $ssh_host = getTestParameter("NP_SSH_HOST", |
13 | "A host providing SSH service", | 15 | "A host providing SSH service", |
14 | "localhost"); | 16 | "localhost"); |
17 | |||
15 | my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", | 18 | my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", |
16 | "The hostname of system not responsive to network requests", | 19 | "The hostname of system not responsive to network requests", |
17 | "10.0.0.1" ); | 20 | "10.0.0.1" ); |
@@ -20,13 +23,37 @@ my $hostname_invalid = getTestParameter("NP_HOSTNAME_INVALID", | |||
20 | "An invalid (not known to DNS) hostname", | 23 | "An invalid (not known to DNS) hostname", |
21 | "nosuchhost" ); | 24 | "nosuchhost" ); |
22 | 25 | ||
23 | my $res; | ||
24 | 26 | ||
27 | plan tests => 14 + 6; | ||
25 | 28 | ||
26 | plan tests => 18; | ||
27 | SKIP: { | 29 | SKIP: { |
30 | skip "SSH_HOST must be defined", 6 unless $ssh_host; | ||
31 | my $result = NPTest->testCmd( | ||
32 | "./check_ssh -H $ssh_host" | ||
33 | ); | ||
34 | cmp_ok($result->return_code, '==', 0, "Exit with return code 0 (OK)"); | ||
35 | like($result->output, '/^SSH OK - /', "Status text if command returned none (OK)"); | ||
28 | 36 | ||
29 | skip "No netcat available", 12 unless (system("which nc > /dev/null") == 0); | 37 | |
38 | $result = NPTest->testCmd( | ||
39 | "./check_ssh -H $host_nonresponsive -t 2" | ||
40 | ); | ||
41 | cmp_ok($result->return_code, '==', 2, "Exit with return code 0 (OK)"); | ||
42 | like($result->output, '/^CRITICAL - Socket timeout after 2 seconds/', "Status text if command returned none (OK)"); | ||
43 | |||
44 | |||
45 | |||
46 | $result = NPTest->testCmd( | ||
47 | "./check_ssh -H $hostname_invalid -t 2" | ||
48 | ); | ||
49 | cmp_ok($result->return_code, '==', 3, "Exit with return code 0 (OK)"); | ||
50 | like($result->output, '/^check_ssh: Invalid hostname/', "Status text if command returned none (OK)"); | ||
51 | |||
52 | |||
53 | } | ||
54 | SKIP: { | ||
55 | |||
56 | skip "No netcat available", 14 unless (system("which nc > /dev/null") == 0); | ||
30 | 57 | ||
31 | my $nc_flags = "-l 5003 -i 1"; | 58 | my $nc_flags = "-l 5003 -i 1"; |
32 | #A valid protocol version control string has the form | 59 | #A valid protocol version control string has the form |
@@ -41,6 +68,13 @@ SKIP: { | |||
41 | like( $res->output, '/^SSH OK - nagiosplug.ssh.0.1 \(protocol 2.0\)/', "Output OK"); | 68 | like( $res->output, '/^SSH OK - nagiosplug.ssh.0.1 \(protocol 2.0\)/', "Output OK"); |
42 | close NC; | 69 | close NC; |
43 | 70 | ||
71 | open(NC, "echo 'SSH-2.0-3.2.9.1' | nc ${nc_flags}|"); | ||
72 | sleep 1; | ||
73 | $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" ); | ||
74 | cmp_ok( $res->return_code, "==", 0, "Got SSH protocol version control string with non-alpha softwareversion string"); | ||
75 | like( $res->output, '/^SSH OK - 3.2.9.1 \(protocol 2.0\)/', "Output OK for non-alpha softwareversion string"); | ||
76 | close NC; | ||
77 | |||
44 | open(NC, "echo 'SSH-2.0-nagiosplug.ssh.0.1 this is a comment' | nc ${nc_flags} |"); | 78 | open(NC, "echo 'SSH-2.0-nagiosplug.ssh.0.1 this is a comment' | nc ${nc_flags} |"); |
45 | sleep 1; | 79 | sleep 1; |
46 | $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003 -r nagiosplug.ssh.0.1" ); | 80 | $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003 -r nagiosplug.ssh.0.1" ); |
@@ -48,7 +82,6 @@ SKIP: { | |||
48 | like( $res->output, '/^SSH OK - nagiosplug.ssh.0.1 \(protocol 2.0\)/', "Output OK"); | 82 | like( $res->output, '/^SSH OK - nagiosplug.ssh.0.1 \(protocol 2.0\)/', "Output OK"); |
49 | close NC; | 83 | close NC; |
50 | 84 | ||
51 | |||
52 | open(NC, "echo 'SSH-' | nc ${nc_flags}|"); | 85 | open(NC, "echo 'SSH-' | nc ${nc_flags}|"); |
53 | sleep 1; | 86 | sleep 1; |
54 | $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" ); | 87 | $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" ); |
@@ -72,36 +105,17 @@ SKIP: { | |||
72 | 105 | ||
73 | 106 | ||
74 | #RFC 4253 permits servers to send any number of data lines prior to sending the protocol version control string | 107 | #RFC 4253 permits servers to send any number of data lines prior to sending the protocol version control string |
75 | open(NC, "echo 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n | 108 | open(NC, "{ echo 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'; sleep 1; |
76 | BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB\n | 109 | echo 'BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB'; sleep 1; |
77 | CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC\n | 110 | echo 'CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC'; sleep 1; |
78 | DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD\n | 111 | echo 'DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD'; sleep 1; |
79 | Some\nPrepended\nData\nLines\nSSH-2.0-nagiosplug.ssh.0.2' | nc ${nc_flags}|"); | 112 | printf 'EEEEEEEEEEEEEEEEEE'; sleep 1; |
113 | printf 'EEEEEEEEEEEEEEEEEE\n'; sleep 1; | ||
114 | echo 'Some\nPrepended\nData\nLines\n'; sleep 1; | ||
115 | echo 'SSH-2.0-nagiosplug.ssh.0.2';} | nc ${nc_flags}|"); | ||
80 | sleep 1; | 116 | sleep 1; |
81 | $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" ); | 117 | $res = NPTest->testCmd( "./check_ssh -H localhost -p 5003" ); |
82 | cmp_ok( $res->return_code, '==', 0, "Got delayed SSH protocol version control string"); | 118 | cmp_ok( $res->return_code, '==', 0, "Got delayed SSH protocol version control string"); |
83 | like( $res->output, '/^SSH OK - nagiosplug.ssh.0.2 \(protocol 2.0\)/', "Output OK"); | 119 | like( $res->output, '/^SSH OK - nagiosplug.ssh.0.2 \(protocol 2.0\)/', "Output OK"); |
84 | close NC; | 120 | close NC; |
85 | } | 121 | } |
86 | |||
87 | SKIP { | ||
88 | skip "SSH_HOST must be defined", 6 unless $ssh_host; | ||
89 | $res = NPTest->testCmd( | ||
90 | "./check_ssh -H $ssh_host" | ||
91 | ); | ||
92 | cmp_ok($result->return_code, '==', 0, "Exit with return code 0 (OK)"); | ||
93 | like($result->output, '/^SSH OK - /', "Status text if command returned none (OK)"); | ||
94 | |||
95 | $res = NPTest->testCmd( | ||
96 | "./check_ssh -H $host_nonresponsive -t 2" | ||
97 | ); | ||
98 | cmp_ok($result->return_code, '==', 2, "Exit with return code 2 (CRITICAL)"); | ||
99 | like($result->output, '/^CRITICAL - Socket timeout after 2 seconds/', "Status text if command returned none (OK)"); | ||
100 | |||
101 | $res = NPTest->testCmd( | ||
102 | "./check_ssh -H $hostname_invalid -t 2" | ||
103 | ); | ||
104 | cmp_ok($result->return_code, '==', 3, "Exit with return code 3 (UNKNOWN)"); | ||
105 | like($result->output, '/^check_ssh: Invalid hostname/', "Status text if command returned none (OK)"); | ||
106 | |||
107 | } | ||