diff options
Diffstat (limited to 'plugins/check_curl.c')
-rw-r--r-- | plugins/check_curl.c | 59 |
1 files changed, 40 insertions, 19 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c index c37d45d..be5740d 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c | |||
@@ -55,6 +55,7 @@ const char *email = "devel@monitoring-plugins.org"; | |||
55 | #include "uriparser/Uri.h" | 55 | #include "uriparser/Uri.h" |
56 | 56 | ||
57 | #include <arpa/inet.h> | 57 | #include <arpa/inet.h> |
58 | #include <netinet/in.h> | ||
58 | 59 | ||
59 | #if defined(HAVE_SSL) && defined(USE_OPENSSL) | 60 | #if defined(HAVE_SSL) && defined(USE_OPENSSL) |
60 | #include <openssl/opensslv.h> | 61 | #include <openssl/opensslv.h> |
@@ -384,8 +385,11 @@ int | |||
384 | lookup_host (const char *host, char *buf, size_t buflen) | 385 | lookup_host (const char *host, char *buf, size_t buflen) |
385 | { | 386 | { |
386 | struct addrinfo hints, *res, *result; | 387 | struct addrinfo hints, *res, *result; |
388 | char addrstr[100]; | ||
389 | size_t addrstr_len; | ||
387 | int errcode; | 390 | int errcode; |
388 | void *ptr; | 391 | void *ptr; |
392 | size_t buflen_remaining = buflen - 1; | ||
389 | 393 | ||
390 | memset (&hints, 0, sizeof (hints)); | 394 | memset (&hints, 0, sizeof (hints)); |
391 | hints.ai_family = address_family; | 395 | hints.ai_family = address_family; |
@@ -395,26 +399,40 @@ lookup_host (const char *host, char *buf, size_t buflen) | |||
395 | errcode = getaddrinfo (host, NULL, &hints, &result); | 399 | errcode = getaddrinfo (host, NULL, &hints, &result); |
396 | if (errcode != 0) | 400 | if (errcode != 0) |
397 | return errcode; | 401 | return errcode; |
398 | 402 | ||
403 | strcpy(buf, ""); | ||
399 | res = result; | 404 | res = result; |
400 | 405 | ||
401 | while (res) { | 406 | while (res) { |
402 | inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen); | 407 | switch (res->ai_family) { |
403 | switch (res->ai_family) { | 408 | case AF_INET: |
404 | case AF_INET: | 409 | ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr; |
405 | ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr; | 410 | break; |
406 | break; | 411 | case AF_INET6: |
407 | case AF_INET6: | 412 | ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr; |
408 | ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr; | 413 | break; |
409 | break; | ||
410 | } | 414 | } |
411 | inet_ntop (res->ai_family, ptr, buf, buflen); | 415 | |
412 | if (verbose >= 1) | 416 | inet_ntop (res->ai_family, ptr, addrstr, 100); |
417 | if (verbose >= 1) { | ||
413 | printf ("* getaddrinfo IPv%d address: %s\n", | 418 | printf ("* getaddrinfo IPv%d address: %s\n", |
414 | res->ai_family == PF_INET6 ? 6 : 4, buf); | 419 | res->ai_family == PF_INET6 ? 6 : 4, addrstr); |
420 | } | ||
421 | |||
422 | // Append all IPs to buf as a comma-separated string | ||
423 | addrstr_len = strlen(addrstr); | ||
424 | if (buflen_remaining > addrstr_len + 1) { | ||
425 | if (buf[0] != '\0') { | ||
426 | strncat(buf, ",", buflen_remaining); | ||
427 | buflen_remaining -= 1; | ||
428 | } | ||
429 | strncat(buf, addrstr, buflen_remaining); | ||
430 | buflen_remaining -= addrstr_len; | ||
431 | } | ||
432 | |||
415 | res = res->ai_next; | 433 | res = res->ai_next; |
416 | } | 434 | } |
417 | 435 | ||
418 | freeaddrinfo(result); | 436 | freeaddrinfo(result); |
419 | 437 | ||
420 | return 0; | 438 | return 0; |
@@ -445,7 +463,7 @@ check_http (void) | |||
445 | int i; | 463 | int i; |
446 | char *force_host_header = NULL; | 464 | char *force_host_header = NULL; |
447 | struct curl_slist *host = NULL; | 465 | struct curl_slist *host = NULL; |
448 | char addrstr[100]; | 466 | char addrstr[DEFAULT_BUFFER_SIZE/2]; |
449 | char dnscache[DEFAULT_BUFFER_SIZE]; | 467 | char dnscache[DEFAULT_BUFFER_SIZE]; |
450 | 468 | ||
451 | /* initialize curl */ | 469 | /* initialize curl */ |
@@ -497,7 +515,7 @@ check_http (void) | |||
497 | 515 | ||
498 | // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy | 516 | // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy |
499 | if(use_ssl && host_name != NULL) { | 517 | if(use_ssl && host_name != NULL) { |
500 | if ( (res=lookup_host (server_address, addrstr, 100)) != 0) { | 518 | if ( (res=lookup_host (server_address, addrstr, DEFAULT_BUFFER_SIZE/2)) != 0) { |
501 | snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"), | 519 | snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"), |
502 | server_address, res, gai_strerror (res)); | 520 | server_address, res, gai_strerror (res)); |
503 | die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); | 521 | die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); |
@@ -524,7 +542,7 @@ check_http (void) | |||
524 | /* compose URL: use the address we want to connect to, set Host: header later */ | 542 | /* compose URL: use the address we want to connect to, set Host: header later */ |
525 | snprintf (url, DEFAULT_BUFFER_SIZE, "%s://%s:%d%s", | 543 | snprintf (url, DEFAULT_BUFFER_SIZE, "%s://%s:%d%s", |
526 | use_ssl ? "https" : "http", | 544 | use_ssl ? "https" : "http", |
527 | use_ssl & host_name != NULL ? host_name : server_address, | 545 | ( use_ssl & ( host_name != NULL ) ) ? host_name : server_address, |
528 | server_port, | 546 | server_port, |
529 | server_url | 547 | server_url |
530 | ); | 548 | ); |
@@ -600,7 +618,7 @@ check_http (void) | |||
600 | 618 | ||
601 | #ifdef LIBCURL_FEATURE_SSL | 619 | #ifdef LIBCURL_FEATURE_SSL |
602 | 620 | ||
603 | /* set SSL version, warn about unsecure or unsupported versions */ | 621 | /* set SSL version, warn about insecure or unsupported versions */ |
604 | if (use_ssl) { | 622 | if (use_ssl) { |
605 | handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLVERSION, ssl_version), "CURLOPT_SSLVERSION"); | 623 | handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLVERSION, ssl_version), "CURLOPT_SSLVERSION"); |
606 | } | 624 | } |
@@ -792,6 +810,9 @@ check_http (void) | |||
792 | /* free header and server IP resolve lists, we don't need it anymore */ | 810 | /* free header and server IP resolve lists, we don't need it anymore */ |
793 | curl_slist_free_all (header_list); header_list = NULL; | 811 | curl_slist_free_all (header_list); header_list = NULL; |
794 | curl_slist_free_all (server_ips); server_ips = NULL; | 812 | curl_slist_free_all (server_ips); server_ips = NULL; |
813 | if (host) { | ||
814 | curl_slist_free_all (host); host = NULL; | ||
815 | } | ||
795 | 816 | ||
796 | /* Curl errors, result in critical Nagios state */ | 817 | /* Curl errors, result in critical Nagios state */ |
797 | if (res != CURLE_OK) { | 818 | if (res != CURLE_OK) { |
@@ -965,7 +986,7 @@ GOT_FIRST_CERT: | |||
965 | } | 986 | } |
966 | } else { | 987 | } else { |
967 | /* this is a specific code in the command line to | 988 | /* this is a specific code in the command line to |
968 | * be returned when a redirection is encoutered | 989 | * be returned when a redirection is encountered |
969 | */ | 990 | */ |
970 | } | 991 | } |
971 | result = max_state_alt (onredirect, result); | 992 | result = max_state_alt (onredirect, result); |
@@ -2030,7 +2051,7 @@ print_usage (void) | |||
2030 | printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname); | 2051 | printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname); |
2031 | printf (" [-J <client certificate file>] [-K <private key>] [--ca-cert <CA certificate file>] [-D]\n"); | 2052 | printf (" [-J <client certificate file>] [-K <private key>] [--ca-cert <CA certificate file>] [-D]\n"); |
2032 | printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n"); | 2053 | printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n"); |
2033 | printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport|curl>]\n"); | 2054 | printf (" [-b proxy_auth] [-f <ok|warning|critical|follow|sticky|stickyport|curl>]\n"); |
2034 | printf (" [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); | 2055 | printf (" [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); |
2035 | printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n"); | 2056 | printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n"); |
2036 | printf (" [-A string] [-k string] [-S <version>] [--sni]\n"); | 2057 | printf (" [-A string] [-k string] [-S <version>] [--sni]\n"); |