summaryrefslogtreecommitdiffstats
path: root/plugins/check_dns.c
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/check_dns.c')
-rw-r--r--plugins/check_dns.c64
1 files changed, 51 insertions, 13 deletions
diff --git a/plugins/check_dns.c b/plugins/check_dns.c
index 5feafc80..0f2e6541 100644
--- a/plugins/check_dns.c
+++ b/plugins/check_dns.c
@@ -56,6 +56,7 @@ char **expected_address = NULL;
56int expected_address_cnt = 0; 56int expected_address_cnt = 0;
57 57
58int expect_authority = FALSE; 58int expect_authority = FALSE;
59int all_match = FALSE;
59thresholds *time_thresholds = NULL; 60thresholds *time_thresholds = NULL;
60 61
61static int 62static int
@@ -168,8 +169,8 @@ main (int argc, char **argv)
168 temp_buffer++; 169 temp_buffer++;
169 170
170 /* Strip leading spaces */ 171 /* Strip leading spaces */
171 for (; *temp_buffer != '\0' && *temp_buffer == ' '; temp_buffer++) 172 while (*temp_buffer == ' ')
172 /* NOOP */; 173 temp_buffer++;
173 174
174 strip(temp_buffer); 175 strip(temp_buffer);
175 if (temp_buffer==NULL || strlen(temp_buffer)==0) { 176 if (temp_buffer==NULL || strlen(temp_buffer)==0) {
@@ -201,7 +202,10 @@ main (int argc, char **argv)
201 if (error_scan (chld_err.line[i]) != STATE_OK) { 202 if (error_scan (chld_err.line[i]) != STATE_OK) {
202 result = max_state (result, error_scan (chld_err.line[i])); 203 result = max_state (result, error_scan (chld_err.line[i]));
203 msg = strchr(input_buffer, ':'); 204 msg = strchr(input_buffer, ':');
204 if(msg) msg++; 205 if(msg)
206 msg++;
207 else
208 msg = input_buffer;
205 } 209 }
206 } 210 }
207 211
@@ -228,16 +232,27 @@ main (int argc, char **argv)
228 if (result == STATE_OK && expected_address_cnt > 0) { 232 if (result == STATE_OK && expected_address_cnt > 0) {
229 result = STATE_CRITICAL; 233 result = STATE_CRITICAL;
230 temp_buffer = ""; 234 temp_buffer = "";
235 unsigned long expect_match = (1 << expected_address_cnt) - 1;
236 unsigned long addr_match = (1 << n_addresses) - 1;
231 237
232 for (i=0; i<expected_address_cnt; i++) { 238 for (i=0; i<expected_address_cnt; i++) {
239 int j;
233 /* check if we get a match on 'raw' ip or cidr */ 240 /* check if we get a match on 'raw' ip or cidr */
234 if ( strcmp(address, expected_address[i]) == 0 241 for (j=0; j<n_addresses; j++) {
235 || ip_match_cidr(address, expected_address[i]) ) 242 if ( strcmp(addresses[j], expected_address[i]) == 0
236 result = STATE_OK; 243 || ip_match_cidr(addresses[j], expected_address[i]) ) {
244 result = STATE_OK;
245 addr_match &= ~(1 << j);
246 expect_match &= ~(1 << i);
247 }
248 }
237 249
238 /* prepare an error string */ 250 /* prepare an error string */
239 xasprintf(&temp_buffer, "%s%s; ", temp_buffer, expected_address[i]); 251 xasprintf(&temp_buffer, "%s%s; ", temp_buffer, expected_address[i]);
240 } 252 }
253 /* check if expected_address must cover all in addresses and none may be missing */
254 if (all_match && (expect_match != 0 || addr_match != 0))
255 result = STATE_CRITICAL;
241 if (result == STATE_CRITICAL) { 256 if (result == STATE_CRITICAL) {
242 /* Strip off last semicolon... */ 257 /* Strip off last semicolon... */
243 temp_buffer[strlen(temp_buffer)-2] = '\0'; 258 temp_buffer[strlen(temp_buffer)-2] = '\0';
@@ -336,6 +351,8 @@ error_scan (char *input_buffer)
336 /* DNS server is not running... */ 351 /* DNS server is not running... */
337 else if (strstr (input_buffer, "No response from server")) 352 else if (strstr (input_buffer, "No response from server"))
338 die (STATE_CRITICAL, _("No response from DNS %s\n"), dns_server); 353 die (STATE_CRITICAL, _("No response from DNS %s\n"), dns_server);
354 else if (strstr (input_buffer, "no servers could be reached"))
355 die (STATE_CRITICAL, _("No response from DNS %s\n"), dns_server);
339 356
340 /* Host name is valid, but server doesn't have records... */ 357 /* Host name is valid, but server doesn't have records... */
341 else if (strstr (input_buffer, "No records")) 358 else if (strstr (input_buffer, "No records"))
@@ -360,6 +377,7 @@ error_scan (char *input_buffer)
360 /* Host or domain name does not exist */ 377 /* Host or domain name does not exist */
361 else if (strstr (input_buffer, "Non-existent") || 378 else if (strstr (input_buffer, "Non-existent") ||
362 strstr (input_buffer, "** server can't find") || 379 strstr (input_buffer, "** server can't find") ||
380 strstr (input_buffer, "** Can't find") ||
363 strstr (input_buffer,"NXDOMAIN")) 381 strstr (input_buffer,"NXDOMAIN"))
364 die (STATE_CRITICAL, _("Domain %s was not found by the server\n"), query_address); 382 die (STATE_CRITICAL, _("Domain %s was not found by the server\n"), query_address);
365 383
@@ -400,6 +418,7 @@ process_arguments (int argc, char **argv)
400 {"reverse-server", required_argument, 0, 'r'}, 418 {"reverse-server", required_argument, 0, 'r'},
401 {"expected-address", required_argument, 0, 'a'}, 419 {"expected-address", required_argument, 0, 'a'},
402 {"expect-authority", no_argument, 0, 'A'}, 420 {"expect-authority", no_argument, 0, 'A'},
421 {"all", no_argument, 0, 'L'},
403 {"warning", required_argument, 0, 'w'}, 422 {"warning", required_argument, 0, 'w'},
404 {"critical", required_argument, 0, 'c'}, 423 {"critical", required_argument, 0, 'c'},
405 {0, 0, 0, 0} 424 {0, 0, 0, 0}
@@ -413,7 +432,7 @@ process_arguments (int argc, char **argv)
413 strcpy (argv[c], "-t"); 432 strcpy (argv[c], "-t");
414 433
415 while (1) { 434 while (1) {
416 c = getopt_long (argc, argv, "hVvAt:H:s:r:a:w:c:", long_opts, &opt_index); 435 c = getopt_long (argc, argv, "hVvALt:H:s:r:a:w:c:", long_opts, &opt_index);
417 436
418 if (c == -1 || c == EOF) 437 if (c == -1 || c == EOF)
419 break; 438 break;
@@ -454,13 +473,30 @@ process_arguments (int argc, char **argv)
454 case 'a': /* expected address */ 473 case 'a': /* expected address */
455 if (strlen (optarg) >= ADDRESS_LENGTH) 474 if (strlen (optarg) >= ADDRESS_LENGTH)
456 die (STATE_UNKNOWN, _("Input buffer overflow\n")); 475 die (STATE_UNKNOWN, _("Input buffer overflow\n"));
457 expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**)); 476 if (strchr(optarg, ',') != NULL) {
458 expected_address[expected_address_cnt] = strdup(optarg); 477 char *comma = strchr(optarg, ',');
459 expected_address_cnt++; 478 while (comma != NULL) {
479 expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**));
480 expected_address[expected_address_cnt] = strndup(optarg, comma - optarg);
481 expected_address_cnt++;
482 optarg = comma + 1;
483 comma = strchr(optarg, ',');
484 }
485 expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**));
486 expected_address[expected_address_cnt] = strdup(optarg);
487 expected_address_cnt++;
488 } else {
489 expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**));
490 expected_address[expected_address_cnt] = strdup(optarg);
491 expected_address_cnt++;
492 }
460 break; 493 break;
461 case 'A': /* expect authority */ 494 case 'A': /* expect authority */
462 expect_authority = TRUE; 495 expect_authority = TRUE;
463 break; 496 break;
497 case 'L': /* all must match */
498 all_match = TRUE;
499 break;
464 case 'w': 500 case 'w':
465 warning = optarg; 501 warning = optarg;
466 break; 502 break;
@@ -529,14 +565,16 @@ print_help (void)
529 printf (" -a, --expected-address=IP-ADDRESS|CIDR|HOST\n"); 565 printf (" -a, --expected-address=IP-ADDRESS|CIDR|HOST\n");
530 printf (" %s\n", _("Optional IP-ADDRESS/CIDR you expect the DNS server to return. HOST must end")); 566 printf (" %s\n", _("Optional IP-ADDRESS/CIDR you expect the DNS server to return. HOST must end"));
531 printf (" %s\n", _("with a dot (.). This option can be repeated multiple times (Returns OK if any")); 567 printf (" %s\n", _("with a dot (.). This option can be repeated multiple times (Returns OK if any"));
532 printf (" %s\n", _("value match). If multiple addresses are returned at once, you have to match")); 568 printf (" %s\n", _("value matches)."));
533 printf (" %s\n", _("the whole string of addresses separated with commas (sorted alphabetically)."));
534 printf (" -A, --expect-authority\n"); 569 printf (" -A, --expect-authority\n");
535 printf (" %s\n", _("Optionally expect the DNS server to be authoritative for the lookup")); 570 printf (" %s\n", _("Optionally expect the DNS server to be authoritative for the lookup"));
536 printf (" -w, --warning=seconds\n"); 571 printf (" -w, --warning=seconds\n");
537 printf (" %s\n", _("Return warning if elapsed time exceeds value. Default off")); 572 printf (" %s\n", _("Return warning if elapsed time exceeds value. Default off"));
538 printf (" -c, --critical=seconds\n"); 573 printf (" -c, --critical=seconds\n");
539 printf (" %s\n", _("Return critical if elapsed time exceeds value. Default off")); 574 printf (" %s\n", _("Return critical if elapsed time exceeds value. Default off"));
575 printf (" -L, --all\n");
576 printf (" %s\n", _("Return critical if the list of expected addresses does not match all addresses"));
577 printf (" %s\n", _("returned. Default off"));
540 578
541 printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); 579 printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
542 580
@@ -548,5 +586,5 @@ void
548print_usage (void) 586print_usage (void)
549{ 587{
550 printf ("%s\n", _("Usage:")); 588 printf ("%s\n", _("Usage:"));
551 printf ("%s -H host [-s server] [-a expected-address] [-A] [-t timeout] [-w warn] [-c crit]\n", progname); 589 printf ("%s -H host [-s server] [-a expected-address] [-A] [-t timeout] [-w warn] [-c crit] [-L]\n", progname);
552} 590}