diff options
Diffstat (limited to 'plugins/utils.c')
0 files changed, 0 insertions, 0 deletions
diff --git a/plugins/netutils.c b/plugins/netutils.c index 2678f91..db64ef0 100644 --- a/plugins/netutils.c +++ b/plugins/netutils.c | |||
| @@ -234,133 +234,6 @@ np_net_connect (const char *host_name, int port, int *sd, int proto) | |||
| 234 | } | 234 | } |
| 235 | } | 235 | } |
| 236 | 236 | ||
| 237 | #ifdef HAVE_SSL | ||
| 238 | static SSL_CTX *c=NULL; | ||
| 239 | static SSL *s=NULL; | ||
| 240 | |||
| 241 | int np_net_ssl_init (int sd){ | ||
| 242 | SSL_METHOD *m=NULL; | ||
| 243 | /* Initialize SSL context */ | ||
| 244 | SSLeay_add_ssl_algorithms (); | ||
| 245 | m = SSLv23_client_method (); | ||
| 246 | SSL_load_error_strings (); | ||
| 247 | OpenSSL_add_all_algorithms(); | ||
| 248 | if ((c = SSL_CTX_new (m)) == NULL) { | ||
| 249 | printf (_("CRITICAL - Cannot create SSL context.\n")); | ||
| 250 | return STATE_CRITICAL; | ||
| 251 | } | ||
| 252 | if ((s = SSL_new (c)) != NULL){ | ||
| 253 | SSL_set_fd (s, sd); | ||
| 254 | if (SSL_connect(s) == 1){ | ||
| 255 | return OK; | ||
| 256 | } else { | ||
| 257 | printf (_("CRITICAL - Cannot make SSL connection ")); | ||
| 258 | #ifdef USE_OPENSSL /* XXX look into ERR_error_string */ | ||
| 259 | ERR_print_errors_fp (stdout); | ||
| 260 | #endif /* USE_OPENSSL */ | ||
| 261 | } | ||
| 262 | } else { | ||
| 263 | printf (_("CRITICAL - Cannot initiate SSL handshake.\n")); | ||
| 264 | } | ||
| 265 | return STATE_CRITICAL; | ||
| 266 | } | ||
| 267 | |||
| 268 | void np_net_ssl_cleanup (){ | ||
| 269 | if(s){ | ||
| 270 | SSL_shutdown (s); | ||
| 271 | SSL_free (s); | ||
| 272 | if(c) SSL_CTX_free (c); | ||
| 273 | } | ||
| 274 | } | ||
| 275 | |||
| 276 | int np_net_ssl_write(const void *buf, int num){ | ||
| 277 | return SSL_write(s, buf, num); | ||
| 278 | } | ||
| 279 | |||
| 280 | int np_net_ssl_read(void *buf, int num){ | ||
| 281 | return SSL_read(s, buf, num); | ||
| 282 | } | ||
| 283 | |||
| 284 | int np_net_ssl_check_cert(int days_till_exp){ | ||
| 285 | # ifdef USE_OPENSSL | ||
| 286 | X509 *certificate=NULL; | ||
| 287 | ASN1_STRING *tm; | ||
| 288 | int offset; | ||
| 289 | struct tm stamp; | ||
| 290 | int days_left; | ||
| 291 | char timestamp[17] = ""; | ||
| 292 | |||
| 293 | certificate=SSL_get_peer_certificate(s); | ||
| 294 | if(! certificate){ | ||
| 295 | printf (_("CRITICAL - Cannot retrieve server certificate.\n")); | ||
| 296 | return STATE_CRITICAL; | ||
| 297 | } | ||
| 298 | |||
| 299 | /* Retrieve timestamp of certificate */ | ||
| 300 | tm = X509_get_notAfter (certificate); | ||
| 301 | |||
| 302 | /* Generate tm structure to process timestamp */ | ||
| 303 | if (tm->type == V_ASN1_UTCTIME) { | ||
| 304 | if (tm->length < 10) { | ||
| 305 | printf (_("CRITICAL - Wrong time format in certificate.\n")); | ||
| 306 | return STATE_CRITICAL; | ||
| 307 | } else { | ||
| 308 | stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0'); | ||
| 309 | if (stamp.tm_year < 50) | ||
| 310 | stamp.tm_year += 100; | ||
| 311 | offset = 0; | ||
| 312 | } | ||
| 313 | } else { | ||
| 314 | if (tm->length < 12) { | ||
| 315 | printf (_("CRITICAL - Wrong time format in certificate.\n")); | ||
| 316 | return STATE_CRITICAL; | ||
| 317 | } else { | ||
| 318 | stamp.tm_year = | ||
| 319 | (tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 + | ||
| 320 | (tm->data[2] - '0') * 10 + (tm->data[3] - '0'); | ||
| 321 | stamp.tm_year -= 1900; | ||
| 322 | offset = 2; | ||
| 323 | } | ||
| 324 | } | ||
| 325 | stamp.tm_mon = | ||
| 326 | (tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1; | ||
| 327 | stamp.tm_mday = | ||
| 328 | (tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0'); | ||
| 329 | stamp.tm_hour = | ||
| 330 | (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0'); | ||
| 331 | stamp.tm_min = | ||
| 332 | (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0'); | ||
| 333 | stamp.tm_sec = 0; | ||
| 334 | stamp.tm_isdst = -1; | ||
| 335 | |||
| 336 | days_left = (mktime (&stamp) - time (NULL)) / 86400; | ||
| 337 | snprintf | ||
| 338 | (timestamp, 17, "%02d/%02d/%04d %02d:%02d", | ||
| 339 | stamp.tm_mon + 1, | ||
| 340 | stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); | ||
| 341 | |||
| 342 | if (days_left > 0 && days_left <= days_till_exp) { | ||
| 343 | printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp); | ||
| 344 | return STATE_WARNING; | ||
| 345 | } else if (days_left < 0) { | ||
| 346 | printf (_("CRITICAL - Certificate expired on %s.\n"), timestamp); | ||
| 347 | return STATE_CRITICAL; | ||
| 348 | } else if (days_left == 0) { | ||
| 349 | printf (_("WARNING - Certificate expires today (%s).\n"), timestamp); | ||
| 350 | return STATE_WARNING; | ||
| 351 | } | ||
| 352 | |||
| 353 | printf (_("OK - Certificate will expire on %s.\n"), timestamp); | ||
| 354 | X509_free (certificate); | ||
| 355 | return STATE_OK; | ||
| 356 | # else /* ifndef USE_OPENSSL */ | ||
| 357 | printf (_("WARNING - Plugin does not support checking certificates.\n")); | ||
| 358 | return STATE_WARNING; | ||
| 359 | # endif /* USE_OPENSSL */ | ||
| 360 | } | ||
| 361 | |||
| 362 | #endif /* HAVE_SSL */ | ||
| 363 | |||
| 364 | int | 237 | int |
| 365 | send_request (int sd, int proto, const char *send_buffer, char *recv_buffer, int recv_size) | 238 | send_request (int sd, int proto, const char *send_buffer, char *recv_buffer, int recv_size) |
| 366 | { | 239 | { |
diff --git a/plugins/sslutils.c b/plugins/sslutils.c new file mode 100644 index 0000000..d785fb7 --- /dev/null +++ b/plugins/sslutils.c | |||
| @@ -0,0 +1,162 @@ | |||
| 1 | /**************************************************************************** | ||
| 2 | * | ||
| 3 | * Nagios plugins SSL utilities | ||
| 4 | * | ||
| 5 | * License: GPL | ||
| 6 | * Copyright (c) 2005 nagios-plugins team | ||
| 7 | * | ||
| 8 | * Last Modified: $Date$ | ||
| 9 | * | ||
| 10 | * Description: | ||
| 11 | * | ||
| 12 | * This file contains common functions for plugins that require SSL. | ||
| 13 | * | ||
| 14 | * License Information: | ||
| 15 | * | ||
| 16 | * This program is free software; you can redistribute it and/or modify | ||
| 17 | * it under the terms of the GNU General Public License as published by | ||
| 18 | * the Free Software Foundation; either version 2 of the License, or | ||
| 19 | * (at your option) any later version. | ||
| 20 | * | ||
| 21 | * This program is distributed in the hope that it will be useful, | ||
| 22 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| 23 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| 24 | * GNU General Public License for more details. | ||
| 25 | * | ||
| 26 | * You should have received a copy of the GNU General Public License | ||
| 27 | * along with this program; if not, write to the Free Software | ||
| 28 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. | ||
| 29 | * | ||
| 30 | * $Id$ | ||
| 31 | * | ||
| 32 | ****************************************************************************/ | ||
| 33 | |||
| 34 | #include "common.h" | ||
| 35 | #include "netutils.h" | ||
| 36 | |||
| 37 | #ifdef HAVE_SSL | ||
| 38 | static SSL_CTX *c=NULL; | ||
| 39 | static SSL *s=NULL; | ||
| 40 | |||
| 41 | int np_net_ssl_init (int sd){ | ||
| 42 | SSL_METHOD *m=NULL; | ||
| 43 | /* Initialize SSL context */ | ||
| 44 | SSLeay_add_ssl_algorithms (); | ||
| 45 | m = SSLv23_client_method (); | ||
| 46 | SSL_load_error_strings (); | ||
| 47 | OpenSSL_add_all_algorithms(); | ||
| 48 | if ((c = SSL_CTX_new (m)) == NULL) { | ||
| 49 | printf (_("CRITICAL - Cannot create SSL context.\n")); | ||
| 50 | return STATE_CRITICAL; | ||
| 51 | } | ||
| 52 | if ((s = SSL_new (c)) != NULL){ | ||
| 53 | SSL_set_fd (s, sd); | ||
| 54 | if (SSL_connect(s) == 1){ | ||
| 55 | return OK; | ||
| 56 | } else { | ||
| 57 | printf (_("CRITICAL - Cannot make SSL connection ")); | ||
| 58 | # ifdef USE_OPENSSL /* XXX look into ERR_error_string */ | ||
| 59 | ERR_print_errors_fp (stdout); | ||
| 60 | # endif /* USE_OPENSSL */ | ||
| 61 | } | ||
| 62 | } else { | ||
| 63 | printf (_("CRITICAL - Cannot initiate SSL handshake.\n")); | ||
| 64 | } | ||
| 65 | return STATE_CRITICAL; | ||
| 66 | } | ||
| 67 | |||
| 68 | void np_net_ssl_cleanup (){ | ||
| 69 | if(s){ | ||
| 70 | SSL_shutdown (s); | ||
| 71 | SSL_free (s); | ||
| 72 | if(c) SSL_CTX_free (c); | ||
| 73 | } | ||
| 74 | } | ||
| 75 | |||
| 76 | int np_net_ssl_write(const void *buf, int num){ | ||
| 77 | return SSL_write(s, buf, num); | ||
| 78 | } | ||
| 79 | |||
| 80 | int np_net_ssl_read(void *buf, int num){ | ||
| 81 | return SSL_read(s, buf, num); | ||
| 82 | } | ||
| 83 | |||
| 84 | int np_net_ssl_check_cert(int days_till_exp){ | ||
| 85 | # ifdef USE_OPENSSL | ||
| 86 | X509 *certificate=NULL; | ||
| 87 | ASN1_STRING *tm; | ||
| 88 | int offset; | ||
| 89 | struct tm stamp; | ||
| 90 | int days_left; | ||
| 91 | char timestamp[17] = ""; | ||
| 92 | |||
| 93 | certificate=SSL_get_peer_certificate(s); | ||
| 94 | if(! certificate){ | ||
| 95 | printf (_("CRITICAL - Cannot retrieve server certificate.\n")); | ||
| 96 | return STATE_CRITICAL; | ||
| 97 | } | ||
| 98 | |||
| 99 | /* Retrieve timestamp of certificate */ | ||
| 100 | tm = X509_get_notAfter (certificate); | ||
| 101 | |||
| 102 | /* Generate tm structure to process timestamp */ | ||
| 103 | if (tm->type == V_ASN1_UTCTIME) { | ||
| 104 | if (tm->length < 10) { | ||
| 105 | printf (_("CRITICAL - Wrong time format in certificate.\n")); | ||
| 106 | return STATE_CRITICAL; | ||
| 107 | } else { | ||
| 108 | stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0'); | ||
| 109 | if (stamp.tm_year < 50) | ||
| 110 | stamp.tm_year += 100; | ||
| 111 | offset = 0; | ||
| 112 | } | ||
| 113 | } else { | ||
| 114 | if (tm->length < 12) { | ||
| 115 | printf (_("CRITICAL - Wrong time format in certificate.\n")); | ||
| 116 | return STATE_CRITICAL; | ||
| 117 | } else { | ||
| 118 | stamp.tm_year = | ||
| 119 | (tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 + | ||
| 120 | (tm->data[2] - '0') * 10 + (tm->data[3] - '0'); | ||
| 121 | stamp.tm_year -= 1900; | ||
| 122 | offset = 2; | ||
| 123 | } | ||
| 124 | } | ||
| 125 | stamp.tm_mon = | ||
| 126 | (tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1; | ||
| 127 | stamp.tm_mday = | ||
| 128 | (tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0'); | ||
| 129 | stamp.tm_hour = | ||
| 130 | (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0'); | ||
| 131 | stamp.tm_min = | ||
| 132 | (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0'); | ||
| 133 | stamp.tm_sec = 0; | ||
| 134 | stamp.tm_isdst = -1; | ||
| 135 | |||
| 136 | days_left = (mktime (&stamp) - time (NULL)) / 86400; | ||
| 137 | snprintf | ||
| 138 | (timestamp, 17, "%02d/%02d/%04d %02d:%02d", | ||
| 139 | stamp.tm_mon + 1, | ||
| 140 | stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); | ||
| 141 | |||
| 142 | if (days_left > 0 && days_left <= days_till_exp) { | ||
| 143 | printf (_("WARNING - Certificate expires in %d day(s) (%s).\n"), days_left, timestamp); | ||
| 144 | return STATE_WARNING; | ||
| 145 | } else if (days_left < 0) { | ||
| 146 | printf (_("CRITICAL - Certificate expired on %s.\n"), timestamp); | ||
| 147 | return STATE_CRITICAL; | ||
| 148 | } else if (days_left == 0) { | ||
| 149 | printf (_("WARNING - Certificate expires today (%s).\n"), timestamp); | ||
| 150 | return STATE_WARNING; | ||
| 151 | } | ||
| 152 | |||
| 153 | printf (_("OK - Certificate will expire on %s.\n"), timestamp); | ||
| 154 | X509_free (certificate); | ||
| 155 | return STATE_OK; | ||
| 156 | # else /* ifndef USE_OPENSSL */ | ||
| 157 | printf (_("WARNING - Plugin does not support checking certificates.\n")); | ||
| 158 | return STATE_WARNING; | ||
| 159 | # endif /* USE_OPENSSL */ | ||
| 160 | } | ||
| 161 | |||
| 162 | #endif /* HAVE_SSL */ | ||