summaryrefslogtreecommitdiffstats
path: root/plugins/check_curl.c
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/check_curl.c')
-rw-r--r--plugins/check_curl.c62
1 files changed, 42 insertions, 20 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index fbb197f7..e9c15e64 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -134,6 +134,7 @@ char regexp[MAX_RE_SIZE];
134int cflags = REG_NOSUB | REG_EXTENDED | REG_NEWLINE; 134int cflags = REG_NOSUB | REG_EXTENDED | REG_NEWLINE;
135int errcode; 135int errcode;
136bool invert_regex = false; 136bool invert_regex = false;
137int state_regex = STATE_CRITICAL;
137 138
138char *server_address = NULL; 139char *server_address = NULL;
139char *host_name = NULL; 140char *host_name = NULL;
@@ -467,6 +468,7 @@ int
467check_http (void) 468check_http (void)
468{ 469{
469 int result = STATE_OK; 470 int result = STATE_OK;
471 int result_ssl = STATE_OK;
470 int page_len = 0; 472 int page_len = 0;
471 int i; 473 int i;
472 char *force_host_header = NULL; 474 char *force_host_header = NULL;
@@ -851,9 +853,9 @@ check_http (void)
851 /* check certificate with OpenSSL functions, curl has been built against OpenSSL 853 /* check certificate with OpenSSL functions, curl has been built against OpenSSL
852 * and we actually have OpenSSL in the monitoring tools 854 * and we actually have OpenSSL in the monitoring tools
853 */ 855 */
854 result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); 856 result_ssl = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
855 if (!continue_after_check_cert) { 857 if (!continue_after_check_cert) {
856 return result; 858 return result_ssl;
857 } 859 }
858#else /* USE_OPENSSL */ 860#else /* USE_OPENSSL */
859 die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n"); 861 die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n");
@@ -897,17 +899,17 @@ GOT_FIRST_CERT:
897 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); 899 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
898 } 900 }
899 BIO_free (cert_BIO); 901 BIO_free (cert_BIO);
900 result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); 902 result_ssl = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
901 if (!continue_after_check_cert) { 903 if (!continue_after_check_cert) {
902 return result; 904 return result_ssl;
903 } 905 }
904#else /* USE_OPENSSL */ 906#else /* USE_OPENSSL */
905 /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal, 907 /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal,
906 * so we use the libcurl CURLINFO data 908 * so we use the libcurl CURLINFO data
907 */ 909 */
908 result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit); 910 result_ssl = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit);
909 if (!continue_after_check_cert) { 911 if (!continue_after_check_cert) {
910 return result; 912 return result_ssl;
911 } 913 }
912#endif /* USE_OPENSSL */ 914#endif /* USE_OPENSSL */
913 } else { 915 } else {
@@ -1133,7 +1135,7 @@ GOT_FIRST_CERT:
1133 strcpy(msg, tmp); 1135 strcpy(msg, tmp);
1134 1136
1135 } 1137 }
1136 result = STATE_CRITICAL; 1138 result = state_regex;
1137 } else { 1139 } else {
1138 regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER); 1140 regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
1139 1141
@@ -1175,7 +1177,7 @@ GOT_FIRST_CERT:
1175 } 1177 }
1176 1178
1177 /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */ 1179 /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */
1178 die (result, "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n%s%s", 1180 die (max_state_alt(result, result_ssl), "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n%s%s",
1179 state_text(result), string_statuscode (status_line.http_major, status_line.http_minor), 1181 state_text(result), string_statuscode (status_line.http_major, status_line.http_minor),
1180 status_line.http_code, status_line.msg, 1182 status_line.http_code, status_line.msg,
1181 strlen(msg) > 0 ? " - " : "", 1183 strlen(msg) > 0 ? " - " : "",
@@ -1185,7 +1187,7 @@ GOT_FIRST_CERT:
1185 (show_body ? body_buf.buf : ""), 1187 (show_body ? body_buf.buf : ""),
1186 (show_body ? "\n" : "") ); 1188 (show_body ? "\n" : "") );
1187 1189
1188 return result; 1190 return max_state_alt(result, result_ssl);
1189} 1191}
1190 1192
1191int 1193int
@@ -1284,10 +1286,12 @@ redir (curlhelp_write_curlbuf* header_buf)
1284 } 1286 }
1285 } 1287 }
1286 1288
1287 if (!uri_strcmp (uri.scheme, "https")) 1289 if (uri.scheme.first) {
1288 use_ssl = true; 1290 if (!uri_strcmp (uri.scheme, "https"))
1289 else 1291 use_ssl = true;
1290 use_ssl = false; 1292 else
1293 use_ssl = false;
1294 }
1291 1295
1292 /* we do a sloppy test here only, because uriparser would have failed 1296 /* we do a sloppy test here only, because uriparser would have failed
1293 * above, if the port would be invalid, we just check for MAX_PORT 1297 * above, if the port would be invalid, we just check for MAX_PORT
@@ -1305,10 +1309,13 @@ redir (curlhelp_write_curlbuf* header_buf)
1305 MAX_PORT, location, display_html ? "</A>" : ""); 1309 MAX_PORT, location, display_html ? "</A>" : "");
1306 1310
1307 /* by RFC 7231 relative URLs in Location should be taken relative to 1311 /* by RFC 7231 relative URLs in Location should be taken relative to
1308 * the original URL, so wy try to form a new absolute URL here 1312 * the original URL, so we try to form a new absolute URL here
1309 */ 1313 */
1310 if (!uri.scheme.first && !uri.hostText.first) { 1314 if (!uri.scheme.first && !uri.hostText.first) {
1311 new_host = strdup (host_name ? host_name : server_address); 1315 new_host = strdup (host_name ? host_name : server_address);
1316 new_port = server_port;
1317 if(use_ssl)
1318 uri_string (uri.scheme, "https", DEFAULT_BUFFER_SIZE);
1312 } else { 1319 } else {
1313 new_host = strdup (uri_string (uri.hostText, buf, DEFAULT_BUFFER_SIZE)); 1320 new_host = strdup (uri_string (uri.hostText, buf, DEFAULT_BUFFER_SIZE));
1314 } 1321 }
@@ -1391,7 +1398,8 @@ process_arguments (int argc, char **argv)
1391 HTTP_VERSION_OPTION, 1398 HTTP_VERSION_OPTION,
1392 AUTOMATIC_DECOMPRESSION, 1399 AUTOMATIC_DECOMPRESSION,
1393 COOKIE_JAR, 1400 COOKIE_JAR,
1394 HAPROXY_PROTOCOL 1401 HAPROXY_PROTOCOL,
1402 STATE_REGEX
1395 }; 1403 };
1396 1404
1397 int option = 0; 1405 int option = 0;
@@ -1430,6 +1438,7 @@ process_arguments (int argc, char **argv)
1430 {"content-type", required_argument, 0, 'T'}, 1438 {"content-type", required_argument, 0, 'T'},
1431 {"pagesize", required_argument, 0, 'm'}, 1439 {"pagesize", required_argument, 0, 'm'},
1432 {"invert-regex", no_argument, NULL, INVERT_REGEX}, 1440 {"invert-regex", no_argument, NULL, INVERT_REGEX},
1441 {"state-regex", required_argument, 0, STATE_REGEX},
1433 {"use-ipv4", no_argument, 0, '4'}, 1442 {"use-ipv4", no_argument, 0, '4'},
1434 {"use-ipv6", no_argument, 0, '6'}, 1443 {"use-ipv6", no_argument, 0, '6'},
1435 {"extended-perfdata", no_argument, 0, 'E'}, 1444 {"extended-perfdata", no_argument, 0, 'E'},
@@ -1765,6 +1774,13 @@ process_arguments (int argc, char **argv)
1765 case INVERT_REGEX: 1774 case INVERT_REGEX:
1766 invert_regex = true; 1775 invert_regex = true;
1767 break; 1776 break;
1777 case STATE_REGEX:
1778 if (!strcmp (optarg, "critical"))
1779 state_regex = STATE_CRITICAL;
1780 else if (!strcmp (optarg, "warning"))
1781 state_regex = STATE_WARNING;
1782 else usage2 (_("Invalid state-regex option"), optarg);
1783 break;
1768 case '4': 1784 case '4':
1769 address_family = AF_INET; 1785 address_family = AF_INET;
1770 break; 1786 break;
@@ -1992,8 +2008,11 @@ print_help (void)
1992 printf (" %s\n", _("Note: SNI is not supported in libcurl before 7.18.1")); 2008 printf (" %s\n", _("Note: SNI is not supported in libcurl before 7.18.1"));
1993#endif 2009#endif
1994 printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); 2010 printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");
1995 printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); 2011 printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443."));
1996 printf (" %s\n", _("(when this option is used the URL is not checked by default. You can use")); 2012 printf (" %s\n", _("A STATE_WARNING is returned if the certificate has a validity less than the"));
2013 printf (" %s\n", _("first agument's value. If there is a second argument and the certificate's"));
2014 printf (" %s\n", _("validity is less than its value, a STATE_CRITICAL is returned."));
2015 printf (" %s\n", _("(When this option is used the URL is not checked by default. You can use"));
1997 printf (" %s\n", _(" --continue-after-certificate to override this behavior)")); 2016 printf (" %s\n", _(" --continue-after-certificate to override this behavior)"));
1998 printf (" %s\n", "--continue-after-certificate"); 2017 printf (" %s\n", "--continue-after-certificate");
1999 printf (" %s\n", _("Allows the HTTP check to continue after performing the certificate check.")); 2018 printf (" %s\n", _("Allows the HTTP check to continue after performing the certificate check."));
@@ -2022,7 +2041,7 @@ print_help (void)
2022 printf (" %s\n", "-u, --url=PATH"); 2041 printf (" %s\n", "-u, --url=PATH");
2023 printf (" %s\n", _("URL to GET or POST (default: /)")); 2042 printf (" %s\n", _("URL to GET or POST (default: /)"));
2024 printf (" %s\n", "-P, --post=STRING"); 2043 printf (" %s\n", "-P, --post=STRING");
2025 printf (" %s\n", _("URL encoded http POST data")); 2044 printf (" %s\n", _("URL decoded http POST data"));
2026 printf (" %s\n", "-j, --method=STRING (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT)"); 2045 printf (" %s\n", "-j, --method=STRING (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT)");
2027 printf (" %s\n", _("Set HTTP method.")); 2046 printf (" %s\n", _("Set HTTP method."));
2028 printf (" %s\n", "-N, --no-body"); 2047 printf (" %s\n", "-N, --no-body");
@@ -2040,7 +2059,10 @@ print_help (void)
2040 printf (" %s\n", "-R, --eregi=STRING"); 2059 printf (" %s\n", "-R, --eregi=STRING");
2041 printf (" %s\n", _("Search page for case-insensitive regex STRING")); 2060 printf (" %s\n", _("Search page for case-insensitive regex STRING"));
2042 printf (" %s\n", "--invert-regex"); 2061 printf (" %s\n", "--invert-regex");
2043 printf (" %s\n", _("Return CRITICAL if found, OK if not\n")); 2062 printf (" %s\n", _("Return STATE if found, OK if not (STATE is CRITICAL, per default)"));
2063 printf (" %s\n", _("can be changed with --state--regex)"));
2064 printf (" %s\n", "--regex-state=STATE");
2065 printf (" %s\n", _("Return STATE if regex is found, OK if not\n"));
2044 printf (" %s\n", "-a, --authorization=AUTH_PAIR"); 2066 printf (" %s\n", "-a, --authorization=AUTH_PAIR");
2045 printf (" %s\n", _("Username:password on sites with basic authentication")); 2067 printf (" %s\n", _("Username:password on sites with basic authentication"));
2046 printf (" %s\n", "-b, --proxy-authorization=AUTH_PAIR"); 2068 printf (" %s\n", "-b, --proxy-authorization=AUTH_PAIR");
@@ -2073,7 +2095,7 @@ print_help (void)
2073 printf (" %s\n", _("Enable automatic decompression of body (CURLOPT_ACCEPT_ENCODING).")); 2095 printf (" %s\n", _("Enable automatic decompression of body (CURLOPT_ACCEPT_ENCODING)."));
2074 printf(" %s\n", "--haproxy-protocol"); 2096 printf(" %s\n", "--haproxy-protocol");
2075 printf(" %s\n", _("Send HAProxy proxy protocol v1 header (CURLOPT_HAPROXYPROTOCOL).")); 2097 printf(" %s\n", _("Send HAProxy proxy protocol v1 header (CURLOPT_HAPROXYPROTOCOL)."));
2076 printf (" %s\n", "---cookie-jar=FILE"); 2098 printf (" %s\n", "--cookie-jar=FILE");
2077 printf (" %s\n", _("Store cookies in the cookie jar and send them out when requested.")); 2099 printf (" %s\n", _("Store cookies in the cookie jar and send them out when requested."));
2078 printf ("\n"); 2100 printf ("\n");
2079 2101