summaryrefslogtreecommitdiffstats
path: root/plugins/check_curl.c
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/check_curl.c')
-rw-r--r--plugins/check_curl.c59
1 files changed, 40 insertions, 19 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index c37d45d9..be5740d7 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -55,6 +55,7 @@ const char *email = "devel@monitoring-plugins.org";
55#include "uriparser/Uri.h" 55#include "uriparser/Uri.h"
56 56
57#include <arpa/inet.h> 57#include <arpa/inet.h>
58#include <netinet/in.h>
58 59
59#if defined(HAVE_SSL) && defined(USE_OPENSSL) 60#if defined(HAVE_SSL) && defined(USE_OPENSSL)
60#include <openssl/opensslv.h> 61#include <openssl/opensslv.h>
@@ -384,8 +385,11 @@ int
384lookup_host (const char *host, char *buf, size_t buflen) 385lookup_host (const char *host, char *buf, size_t buflen)
385{ 386{
386 struct addrinfo hints, *res, *result; 387 struct addrinfo hints, *res, *result;
388 char addrstr[100];
389 size_t addrstr_len;
387 int errcode; 390 int errcode;
388 void *ptr; 391 void *ptr;
392 size_t buflen_remaining = buflen - 1;
389 393
390 memset (&hints, 0, sizeof (hints)); 394 memset (&hints, 0, sizeof (hints));
391 hints.ai_family = address_family; 395 hints.ai_family = address_family;
@@ -395,26 +399,40 @@ lookup_host (const char *host, char *buf, size_t buflen)
395 errcode = getaddrinfo (host, NULL, &hints, &result); 399 errcode = getaddrinfo (host, NULL, &hints, &result);
396 if (errcode != 0) 400 if (errcode != 0)
397 return errcode; 401 return errcode;
398 402
403 strcpy(buf, "");
399 res = result; 404 res = result;
400 405
401 while (res) { 406 while (res) {
402 inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen); 407 switch (res->ai_family) {
403 switch (res->ai_family) { 408 case AF_INET:
404 case AF_INET: 409 ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
405 ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr; 410 break;
406 break; 411 case AF_INET6:
407 case AF_INET6: 412 ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
408 ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr; 413 break;
409 break;
410 } 414 }
411 inet_ntop (res->ai_family, ptr, buf, buflen); 415
412 if (verbose >= 1) 416 inet_ntop (res->ai_family, ptr, addrstr, 100);
417 if (verbose >= 1) {
413 printf ("* getaddrinfo IPv%d address: %s\n", 418 printf ("* getaddrinfo IPv%d address: %s\n",
414 res->ai_family == PF_INET6 ? 6 : 4, buf); 419 res->ai_family == PF_INET6 ? 6 : 4, addrstr);
420 }
421
422 // Append all IPs to buf as a comma-separated string
423 addrstr_len = strlen(addrstr);
424 if (buflen_remaining > addrstr_len + 1) {
425 if (buf[0] != '\0') {
426 strncat(buf, ",", buflen_remaining);
427 buflen_remaining -= 1;
428 }
429 strncat(buf, addrstr, buflen_remaining);
430 buflen_remaining -= addrstr_len;
431 }
432
415 res = res->ai_next; 433 res = res->ai_next;
416 } 434 }
417 435
418 freeaddrinfo(result); 436 freeaddrinfo(result);
419 437
420 return 0; 438 return 0;
@@ -445,7 +463,7 @@ check_http (void)
445 int i; 463 int i;
446 char *force_host_header = NULL; 464 char *force_host_header = NULL;
447 struct curl_slist *host = NULL; 465 struct curl_slist *host = NULL;
448 char addrstr[100]; 466 char addrstr[DEFAULT_BUFFER_SIZE/2];
449 char dnscache[DEFAULT_BUFFER_SIZE]; 467 char dnscache[DEFAULT_BUFFER_SIZE];
450 468
451 /* initialize curl */ 469 /* initialize curl */
@@ -497,7 +515,7 @@ check_http (void)
497 515
498 // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy 516 // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy
499 if(use_ssl && host_name != NULL) { 517 if(use_ssl && host_name != NULL) {
500 if ( (res=lookup_host (server_address, addrstr, 100)) != 0) { 518 if ( (res=lookup_host (server_address, addrstr, DEFAULT_BUFFER_SIZE/2)) != 0) {
501 snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"), 519 snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"),
502 server_address, res, gai_strerror (res)); 520 server_address, res, gai_strerror (res));
503 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); 521 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
@@ -524,7 +542,7 @@ check_http (void)
524 /* compose URL: use the address we want to connect to, set Host: header later */ 542 /* compose URL: use the address we want to connect to, set Host: header later */
525 snprintf (url, DEFAULT_BUFFER_SIZE, "%s://%s:%d%s", 543 snprintf (url, DEFAULT_BUFFER_SIZE, "%s://%s:%d%s",
526 use_ssl ? "https" : "http", 544 use_ssl ? "https" : "http",
527 use_ssl & host_name != NULL ? host_name : server_address, 545 ( use_ssl & ( host_name != NULL ) ) ? host_name : server_address,
528 server_port, 546 server_port,
529 server_url 547 server_url
530 ); 548 );
@@ -600,7 +618,7 @@ check_http (void)
600 618
601#ifdef LIBCURL_FEATURE_SSL 619#ifdef LIBCURL_FEATURE_SSL
602 620
603 /* set SSL version, warn about unsecure or unsupported versions */ 621 /* set SSL version, warn about insecure or unsupported versions */
604 if (use_ssl) { 622 if (use_ssl) {
605 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLVERSION, ssl_version), "CURLOPT_SSLVERSION"); 623 handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLVERSION, ssl_version), "CURLOPT_SSLVERSION");
606 } 624 }
@@ -792,6 +810,9 @@ check_http (void)
792 /* free header and server IP resolve lists, we don't need it anymore */ 810 /* free header and server IP resolve lists, we don't need it anymore */
793 curl_slist_free_all (header_list); header_list = NULL; 811 curl_slist_free_all (header_list); header_list = NULL;
794 curl_slist_free_all (server_ips); server_ips = NULL; 812 curl_slist_free_all (server_ips); server_ips = NULL;
813 if (host) {
814 curl_slist_free_all (host); host = NULL;
815 }
795 816
796 /* Curl errors, result in critical Nagios state */ 817 /* Curl errors, result in critical Nagios state */
797 if (res != CURLE_OK) { 818 if (res != CURLE_OK) {
@@ -965,7 +986,7 @@ GOT_FIRST_CERT:
965 } 986 }
966 } else { 987 } else {
967 /* this is a specific code in the command line to 988 /* this is a specific code in the command line to
968 * be returned when a redirection is encoutered 989 * be returned when a redirection is encountered
969 */ 990 */
970 } 991 }
971 result = max_state_alt (onredirect, result); 992 result = max_state_alt (onredirect, result);
@@ -2030,7 +2051,7 @@ print_usage (void)
2030 printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname); 2051 printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
2031 printf (" [-J <client certificate file>] [-K <private key>] [--ca-cert <CA certificate file>] [-D]\n"); 2052 printf (" [-J <client certificate file>] [-K <private key>] [--ca-cert <CA certificate file>] [-D]\n");
2032 printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n"); 2053 printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n");
2033 printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport|curl>]\n"); 2054 printf (" [-b proxy_auth] [-f <ok|warning|critical|follow|sticky|stickyport|curl>]\n");
2034 printf (" [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); 2055 printf (" [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
2035 printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n"); 2056 printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
2036 printf (" [-A string] [-k string] [-S <version>] [--sni]\n"); 2057 printf (" [-A string] [-k string] [-S <version>] [--sni]\n");