summaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'plugins')
-rw-r--r--plugins/Makefile.am2
-rw-r--r--plugins/check_disk.c43
-rw-r--r--plugins/check_http.c22
-rw-r--r--plugins/check_smtp.c13
-rw-r--r--plugins/check_snmp.c3
-rw-r--r--plugins/check_ups.c12
-rw-r--r--plugins/netutils.h10
-rw-r--r--plugins/sslutils.c81
-rw-r--r--plugins/t/check_snmp.t4
9 files changed, 110 insertions, 80 deletions
diff --git a/plugins/Makefile.am b/plugins/Makefile.am
index 41906c53..0ddf9bd1 100644
--- a/plugins/Makefile.am
+++ b/plugins/Makefile.am
@@ -71,7 +71,7 @@ check_apt_LDADD = $(BASEOBJS)
71check_cluster_LDADD = $(BASEOBJS) 71check_cluster_LDADD = $(BASEOBJS)
72check_dbi_LDADD = $(NETLIBS) $(DBILIBS) 72check_dbi_LDADD = $(NETLIBS) $(DBILIBS)
73check_dig_LDADD = $(NETLIBS) 73check_dig_LDADD = $(NETLIBS)
74check_disk_LDADD = $(BASEOBJS) $(THREADLIBS) 74check_disk_LDADD = $(BASEOBJS)
75check_dns_LDADD = $(NETLIBS) 75check_dns_LDADD = $(NETLIBS)
76check_dummy_LDADD = $(BASEOBJS) 76check_dummy_LDADD = $(BASEOBJS)
77check_fping_LDADD = $(NETLIBS) 77check_fping_LDADD = $(NETLIBS)
diff --git a/plugins/check_disk.c b/plugins/check_disk.c
index 9693bad3..874a0ee0 100644
--- a/plugins/check_disk.c
+++ b/plugins/check_disk.c
@@ -51,9 +51,6 @@ const char *email = "devel@monitoring-plugins.org";
51# include <limits.h> 51# include <limits.h>
52#endif 52#endif
53#include "regex.h" 53#include "regex.h"
54#if HAVE_PTHREAD_H
55# include <pthread.h>
56#endif
57 54
58#ifdef __CYGWIN__ 55#ifdef __CYGWIN__
59# include <windows.h> 56# include <windows.h>
@@ -133,7 +130,6 @@ void print_help (void);
133void print_usage (void); 130void print_usage (void);
134double calculate_percent(uintmax_t, uintmax_t); 131double calculate_percent(uintmax_t, uintmax_t);
135void stat_path (struct parameter_list *p); 132void stat_path (struct parameter_list *p);
136void *do_stat_path (void *p);
137void get_stats (struct parameter_list *p, struct fs_usage *fsp); 133void get_stats (struct parameter_list *p, struct fs_usage *fsp);
138void get_path_stats (struct parameter_list *p, struct fs_usage *fsp); 134void get_path_stats (struct parameter_list *p, struct fs_usage *fsp);
139 135
@@ -972,44 +968,6 @@ print_usage (void)
972void 968void
973stat_path (struct parameter_list *p) 969stat_path (struct parameter_list *p)
974{ 970{
975#ifdef HAVE_PTHREAD_H
976 pthread_t stat_thread;
977 int statdone = 0;
978 int timer = timeout_interval;
979 struct timespec req, rem;
980
981 req.tv_sec = 0;
982 pthread_create(&stat_thread, NULL, do_stat_path, p);
983 while (timer-- > 0) {
984 req.tv_nsec = 10000000;
985 nanosleep(&req, &rem);
986 if (pthread_kill(stat_thread, 0)) {
987 statdone = 1;
988 break;
989 } else {
990 req.tv_nsec = 990000000;
991 nanosleep(&req, &rem);
992 }
993 }
994 if (statdone == 1) {
995 pthread_join(stat_thread, NULL);
996 } else {
997 pthread_detach(stat_thread);
998 if (verbose >= 3)
999 printf("stat did not return within %ds on %s\n", timeout_interval, p->name);
1000 printf("DISK %s - ", _("CRITICAL"));
1001 die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("hangs"), _("Timeout"));
1002 }
1003#else
1004 do_stat_path(p);
1005#endif
1006}
1007
1008void *
1009do_stat_path (void *in)
1010{
1011 struct parameter_list *p = in;
1012
1013 /* Stat entry to check that dir exists and is accessible */ 971 /* Stat entry to check that dir exists and is accessible */
1014 if (verbose >= 3) 972 if (verbose >= 3)
1015 printf("calling stat on %s\n", p->name); 973 printf("calling stat on %s\n", p->name);
@@ -1019,7 +977,6 @@ do_stat_path (void *in)
1019 printf("DISK %s - ", _("CRITICAL")); 977 printf("DISK %s - ", _("CRITICAL"));
1020 die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("is not accessible"), strerror(errno)); 978 die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("is not accessible"), strerror(errno));
1021 } 979 }
1022 return NULL;
1023} 980}
1024 981
1025 982
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 68b470ce..2038f4a1 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -343,9 +343,20 @@ process_arguments (int argc, char **argv)
343 parameters, like -S and -C combinations */ 343 parameters, like -S and -C combinations */
344 use_ssl = TRUE; 344 use_ssl = TRUE;
345 if (c=='S' && optarg != NULL) { 345 if (c=='S' && optarg != NULL) {
346 ssl_version = atoi(optarg); 346 int got_plus = strchr(optarg, '+') != NULL;
347 if (ssl_version < 1 || ssl_version > 3) 347
348 usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2) or 3 (SSLv3)")); 348 if (!strncmp (optarg, "1.2", 3))
349 ssl_version = got_plus ? MP_TLSv1_2_OR_NEWER : MP_TLSv1_2;
350 else if (!strncmp (optarg, "1.1", 3))
351 ssl_version = got_plus ? MP_TLSv1_1_OR_NEWER : MP_TLSv1_1;
352 else if (optarg[0] == '1')
353 ssl_version = got_plus ? MP_TLSv1_OR_NEWER : MP_TLSv1;
354 else if (optarg[0] == '3')
355 ssl_version = got_plus ? MP_SSLv3_OR_NEWER : MP_SSLv3;
356 else if (optarg[0] == '2')
357 ssl_version = got_plus ? MP_SSLv2_OR_NEWER : MP_SSLv2;
358 else
359 usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)"));
349 } 360 }
350 if (specify_port == FALSE) 361 if (specify_port == FALSE)
351 server_port = HTTPS_PORT; 362 server_port = HTTPS_PORT;
@@ -1514,9 +1525,10 @@ print_help (void)
1514 printf (UT_IPv46); 1525 printf (UT_IPv46);
1515 1526
1516#ifdef HAVE_SSL 1527#ifdef HAVE_SSL
1517 printf (" %s\n", "-S, --ssl=VERSION"); 1528 printf (" %s\n", "-S, --ssl=VERSION[+]");
1518 printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents")); 1529 printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents"));
1519 printf (" %s\n", _("auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3).")); 1530 printf (" %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,"));
1531 printf (" %s\n", _("1.2 = TLSv1.2). With a '+' suffix, newer versions are also accepted."));
1520 printf (" %s\n", "--sni"); 1532 printf (" %s\n", "--sni");
1521 printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); 1533 printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
1522 printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); 1534 printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index 56040ff2..1996c6d3 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -231,7 +231,7 @@ main (int argc, char **argv)
231 send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0); 231 send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0);
232 232
233 recvlines(buffer, MAX_INPUT_BUFFER); /* wait for it */ 233 recvlines(buffer, MAX_INPUT_BUFFER); /* wait for it */
234 if (!strstr (buffer, server_expect)) { 234 if (!strstr (buffer, SMTP_EXPECT)) {
235 printf (_("Server does not support STARTTLS\n")); 235 printf (_("Server does not support STARTTLS\n"));
236 smtp_quit(); 236 smtp_quit();
237 return STATE_UNKNOWN; 237 return STATE_UNKNOWN;
@@ -276,6 +276,7 @@ main (int argc, char **argv)
276# ifdef USE_OPENSSL 276# ifdef USE_OPENSSL
277 if ( check_cert ) { 277 if ( check_cert ) {
278 result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); 278 result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
279 smtp_quit();
279 my_close(); 280 my_close();
280 return result; 281 return result;
281 } 282 }
@@ -581,11 +582,6 @@ process_arguments (int argc, char **argv)
581 usage4 (_("Timeout interval must be a positive integer")); 582 usage4 (_("Timeout interval must be a positive integer"));
582 } 583 }
583 break; 584 break;
584 case 'S':
585 /* starttls */
586 use_ssl = TRUE;
587 use_ehlo = TRUE;
588 break;
589 case 'D': 585 case 'D':
590 /* Check SSL cert validity */ 586 /* Check SSL cert validity */
591#ifdef USE_OPENSSL 587#ifdef USE_OPENSSL
@@ -607,9 +603,14 @@ process_arguments (int argc, char **argv)
607 days_till_exp_warn = atoi (optarg); 603 days_till_exp_warn = atoi (optarg);
608 } 604 }
609 check_cert = TRUE; 605 check_cert = TRUE;
606 ignore_send_quit_failure = TRUE;
610#else 607#else
611 usage (_("SSL support not available - install OpenSSL and recompile")); 608 usage (_("SSL support not available - install OpenSSL and recompile"));
612#endif 609#endif
610 case 'S':
611 /* starttls */
612 use_ssl = TRUE;
613 use_ehlo = TRUE;
613 break; 614 break;
614 case '4': 615 case '4':
615 address_family = AF_INET; 616 address_family = AF_INET;
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c
index 28cc44dd..9839d6e8 100644
--- a/plugins/check_snmp.c
+++ b/plugins/check_snmp.c
@@ -41,7 +41,6 @@ const char *email = "devel@monitoring-plugins.org";
41#define DEFAULT_PORT "161" 41#define DEFAULT_PORT "161"
42#define DEFAULT_MIBLIST "ALL" 42#define DEFAULT_MIBLIST "ALL"
43#define DEFAULT_PROTOCOL "1" 43#define DEFAULT_PROTOCOL "1"
44#define DEFAULT_TIMEOUT 1
45#define DEFAULT_RETRIES 5 44#define DEFAULT_RETRIES 5
46#define DEFAULT_AUTH_PROTOCOL "MD5" 45#define DEFAULT_AUTH_PROTOCOL "MD5"
47#define DEFAULT_PRIV_PROTOCOL "DES" 46#define DEFAULT_PRIV_PROTOCOL "DES"
@@ -227,7 +226,7 @@ main (int argc, char **argv)
227 outbuff = strdup (""); 226 outbuff = strdup ("");
228 delimiter = strdup (" = "); 227 delimiter = strdup (" = ");
229 output_delim = strdup (DEFAULT_OUTPUT_DELIMITER); 228 output_delim = strdup (DEFAULT_OUTPUT_DELIMITER);
230 timeout_interval = DEFAULT_TIMEOUT; 229 timeout_interval = DEFAULT_SOCKET_TIMEOUT;
231 retries = DEFAULT_RETRIES; 230 retries = DEFAULT_RETRIES;
232 231
233 np_init( (char *) progname, argc, argv ); 232 np_init( (char *) progname, argc, argv );
diff --git a/plugins/check_ups.c b/plugins/check_ups.c
index dc5a348b..e9e56a51 100644
--- a/plugins/check_ups.c
+++ b/plugins/check_ups.c
@@ -242,8 +242,8 @@ main (int argc, char **argv)
242 } 242 }
243 xasprintf (&data, "%s %s", data, 243 xasprintf (&data, "%s %s", data,
244 perfdata ("battery", (long)ups_battery_percent, "%", 244 perfdata ("battery", (long)ups_battery_percent, "%",
245 check_warn, (long)(1000*warning_value), 245 check_warn, (long)(warning_value),
246 check_crit, (long)(1000*critical_value), 246 check_crit, (long)(critical_value),
247 TRUE, 0, TRUE, 100)); 247 TRUE, 0, TRUE, 100));
248 } else { 248 } else {
249 xasprintf (&data, "%s %s", data, 249 xasprintf (&data, "%s %s", data,
@@ -271,8 +271,8 @@ main (int argc, char **argv)
271 } 271 }
272 xasprintf (&data, "%s %s", data, 272 xasprintf (&data, "%s %s", data,
273 perfdata ("load", (long)ups_load_percent, "%", 273 perfdata ("load", (long)ups_load_percent, "%",
274 check_warn, (long)(1000*warning_value), 274 check_warn, (long)(warning_value),
275 check_crit, (long)(1000*critical_value), 275 check_crit, (long)(critical_value),
276 TRUE, 0, TRUE, 100)); 276 TRUE, 0, TRUE, 100));
277 } else { 277 } else {
278 xasprintf (&data, "%s %s", data, 278 xasprintf (&data, "%s %s", data,
@@ -308,8 +308,8 @@ main (int argc, char **argv)
308 } 308 }
309 xasprintf (&data, "%s %s", data, 309 xasprintf (&data, "%s %s", data,
310 perfdata ("temp", (long)ups_temperature, tunits, 310 perfdata ("temp", (long)ups_temperature, tunits,
311 check_warn, (long)(1000*warning_value), 311 check_warn, (long)(warning_value),
312 check_crit, (long)(1000*critical_value), 312 check_crit, (long)(critical_value),
313 TRUE, 0, FALSE, 0)); 313 TRUE, 0, FALSE, 0));
314 } else { 314 } else {
315 xasprintf (&data, "%s %s", data, 315 xasprintf (&data, "%s %s", data,
diff --git a/plugins/netutils.h b/plugins/netutils.h
index c6fce901..2766029e 100644
--- a/plugins/netutils.h
+++ b/plugins/netutils.h
@@ -91,6 +91,16 @@ RETSIGTYPE socket_timeout_alarm_handler (int) __attribute__((noreturn));
91 91
92/* SSL-Related functionality */ 92/* SSL-Related functionality */
93#ifdef HAVE_SSL 93#ifdef HAVE_SSL
94# define MP_SSLv2 1
95# define MP_SSLv3 2
96# define MP_TLSv1 3
97# define MP_TLSv1_1 4
98# define MP_TLSv1_2 5
99# define MP_SSLv2_OR_NEWER 6
100# define MP_SSLv3_OR_NEWER 7
101# define MP_TLSv1_OR_NEWER 8
102# define MP_TLSv1_1_OR_NEWER 9
103# define MP_TLSv1_2_OR_NEWER 10
94/* maybe this could be merged with the above np_net_connect, via some flags */ 104/* maybe this could be merged with the above np_net_connect, via some flags */
95int np_net_ssl_init(int sd); 105int np_net_ssl_init(int sd);
96int np_net_ssl_init_with_hostname(int sd, char *host_name); 106int np_net_ssl_init_with_hostname(int sd, char *host_name);
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index c9882c69..4f9c793c 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -49,28 +49,78 @@ int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int versi
49 49
50int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int version, char *cert, char *privkey) { 50int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int version, char *cert, char *privkey) {
51 SSL_METHOD *method = NULL; 51 SSL_METHOD *method = NULL;
52 long options = 0;
52 53
53 switch (version) { 54 switch (version) {
54 case 0: /* Deafult to auto negotiation */ 55 case MP_SSLv2: /* SSLv2 protocol */
55 method = SSLv23_client_method();
56 break;
57 case 1: /* TLSv1 protocol */
58 method = TLSv1_client_method();
59 break;
60 case 2: /* SSLv2 protocol */
61#if defined(USE_GNUTLS) || defined(OPENSSL_NO_SSL2) 56#if defined(USE_GNUTLS) || defined(OPENSSL_NO_SSL2)
62 printf(("%s\n", _("CRITICAL - SSL protocol version 2 is not supported by your SSL library."))); 57 printf("%s\n", _("UNKNOWN - SSL protocol version 2 is not supported by your SSL library."));
63 return STATE_CRITICAL; 58 return STATE_UNKNOWN;
64#else 59#else
65 method = SSLv2_client_method(); 60 method = SSLv2_client_method();
66#endif
67 break; 61 break;
68 case 3: /* SSLv3 protocol */ 62#endif
63 case MP_SSLv3: /* SSLv3 protocol */
64#if defined(OPENSSL_NO_SSL3)
65 printf("%s\n", _("UNKNOWN - SSL protocol version 3 is not supported by your SSL library."));
66 return STATE_UNKNOWN;
67#else
69 method = SSLv3_client_method(); 68 method = SSLv3_client_method();
70 break; 69 break;
71 default: /* Unsupported */ 70#endif
72 printf("%s\n", _("CRITICAL - Unsupported SSL protocol version.")); 71 case MP_TLSv1: /* TLSv1 protocol */
73 return STATE_CRITICAL; 72#if defined(OPENSSL_NO_TLS1)
73 printf("%s\n", _("UNKNOWN - TLS protocol version 1 is not supported by your SSL library."));
74 return STATE_UNKNOWN;
75#else
76 method = TLSv1_client_method();
77 break;
78#endif
79 case MP_TLSv1_1: /* TLSv1.1 protocol */
80#if !defined(SSL_OP_NO_TLSv1_1)
81 printf("%s\n", _("UNKNOWN - TLS protocol version 1.1 is not supported by your SSL library."));
82 return STATE_UNKNOWN;
83#else
84 method = TLSv1_1_client_method();
85 break;
86#endif
87 case MP_TLSv1_2: /* TLSv1.2 protocol */
88#if !defined(SSL_OP_NO_TLSv1_2)
89 printf("%s\n", _("UNKNOWN - TLS protocol version 1.2 is not supported by your SSL library."));
90 return STATE_UNKNOWN;
91#else
92 method = TLSv1_2_client_method();
93 break;
94#endif
95 case MP_TLSv1_2_OR_NEWER:
96#if !defined(SSL_OP_NO_TLSv1_1)
97 printf("%s\n", _("UNKNOWN - Disabling TLSv1.1 is not supported by your SSL library."));
98 return STATE_UNKNOWN;
99#else
100 options |= SSL_OP_NO_TLSv1_1;
101#endif
102 /* FALLTHROUGH */
103 case MP_TLSv1_1_OR_NEWER:
104#if !defined(SSL_OP_NO_TLSv1)
105 printf("%s\n", _("UNKNOWN - Disabling TLSv1 is not supported by your SSL library."));
106 return STATE_UNKNOWN;
107#else
108 options |= SSL_OP_NO_TLSv1;
109#endif
110 /* FALLTHROUGH */
111 case MP_TLSv1_OR_NEWER:
112#if defined(SSL_OP_NO_SSLv3)
113 options |= SSL_OP_NO_SSLv3;
114#endif
115 /* FALLTHROUGH */
116 case MP_SSLv3_OR_NEWER:
117#if defined(SSL_OP_NO_SSLv2)
118 options |= SSL_OP_NO_SSLv2;
119#endif
120 case MP_SSLv2_OR_NEWER:
121 /* FALLTHROUGH */
122 default: /* Default to auto negotiation */
123 method = SSLv23_client_method();
74 } 124 }
75 if (!initialized) { 125 if (!initialized) {
76 /* Initialize SSL context */ 126 /* Initialize SSL context */
@@ -94,8 +144,9 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
94#endif 144#endif
95 } 145 }
96#ifdef SSL_OP_NO_TICKET 146#ifdef SSL_OP_NO_TICKET
97 SSL_CTX_set_options(c, SSL_OP_NO_TICKET); 147 options |= SSL_OP_NO_TICKET;
98#endif 148#endif
149 SSL_CTX_set_options(c, options);
99 SSL_CTX_set_mode(c, SSL_MODE_AUTO_RETRY); 150 SSL_CTX_set_mode(c, SSL_MODE_AUTO_RETRY);
100 if ((s = SSL_new(c)) != NULL) { 151 if ((s = SSL_new(c)) != NULL) {
101#ifdef SSL_set_tlsext_host_name 152#ifdef SSL_set_tlsext_host_name
diff --git a/plugins/t/check_snmp.t b/plugins/t/check_snmp.t
index 2d6c44a7..aefd872a 100644
--- a/plugins/t/check_snmp.t
+++ b/plugins/t/check_snmp.t
@@ -166,8 +166,8 @@ SKIP: {
166SKIP: { 166SKIP: {
167 skip "no non responsive host defined", 2 if ( ! $host_nonresponsive ); 167 skip "no non responsive host defined", 2 if ( ! $host_nonresponsive );
168 $res = NPTest->testCmd( "./check_snmp -H $host_nonresponsive -C np_foobar -o system.sysUpTime.0 -w 1: -c 1:"); 168 $res = NPTest->testCmd( "./check_snmp -H $host_nonresponsive -C np_foobar -o system.sysUpTime.0 -w 1: -c 1:");
169 cmp_ok( $res->return_code, '==', 3, "Exit UNKNOWN with non responsive host" ); 169 cmp_ok( $res->return_code, '==', 2, "Exit CRITICAL with non responsive host" );
170 like($res->output, '/External command error: Timeout: No Response from /', "String matches timeout problem"); 170 like($res->output, '/Plugin timed out while executing system call/', "String matches timeout problem");
171} 171}
172 172
173SKIP: { 173SKIP: {