summaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'plugins')
-rw-r--r--plugins/Makefile.am2
-rw-r--r--plugins/check_http.c25
-rw-r--r--plugins/check_ping.c42
-rw-r--r--plugins/check_users.c68
-rw-r--r--plugins/sslutils.c143
-rw-r--r--plugins/t/check_by_ssh.t10
6 files changed, 150 insertions, 140 deletions
diff --git a/plugins/Makefile.am b/plugins/Makefile.am
index 36a28b0..3a2afc1 100644
--- a/plugins/Makefile.am
+++ b/plugins/Makefile.am
@@ -101,7 +101,7 @@ check_tcp_LDADD = $(SSLOBJS) $(NETLIBS) $(SSLLIBS)
101check_time_LDADD = $(NETLIBS) 101check_time_LDADD = $(NETLIBS)
102check_ntp_time_LDADD = $(NETLIBS) $(MATHLIBS) 102check_ntp_time_LDADD = $(NETLIBS) $(MATHLIBS)
103check_ups_LDADD = $(NETLIBS) 103check_ups_LDADD = $(NETLIBS)
104check_users_LDADD = $(BASEOBJS) popen.o 104check_users_LDADD = $(BASEOBJS)
105check_by_ssh_LDADD = $(NETLIBS) 105check_by_ssh_LDADD = $(NETLIBS)
106check_ide_smart_LDADD = $(BASEOBJS) 106check_ide_smart_LDADD = $(BASEOBJS)
107negate_LDADD = $(BASEOBJS) 107negate_LDADD = $(BASEOBJS)
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 3175f6c..315848f 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -34,7 +34,7 @@
34/* splint -I. -I../../plugins -I../../lib/ -I/usr/kerberos/include/ ../../plugins/check_http.c */ 34/* splint -I. -I../../plugins -I../../lib/ -I/usr/kerberos/include/ ../../plugins/check_http.c */
35 35
36const char *progname = "check_http"; 36const char *progname = "check_http";
37const char *copyright = "1999-2008"; 37const char *copyright = "1999-2011";
38const char *email = "nagiosplug-devel@lists.sourceforge.net"; 38const char *email = "nagiosplug-devel@lists.sourceforge.net";
39 39
40#include "common.h" 40#include "common.h"
@@ -59,6 +59,7 @@ enum {
59#ifdef HAVE_SSL 59#ifdef HAVE_SSL
60int check_cert = FALSE; 60int check_cert = FALSE;
61int days_till_exp; 61int days_till_exp;
62int ssl_version;
62char *randbuff; 63char *randbuff;
63X509 *server_cert; 64X509 *server_cert;
64# define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) 65# define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
@@ -188,7 +189,7 @@ process_arguments (int argc, char **argv)
188 STD_LONG_OPTS, 189 STD_LONG_OPTS,
189 {"link", no_argument, 0, 'L'}, 190 {"link", no_argument, 0, 'L'},
190 {"nohtml", no_argument, 0, 'n'}, 191 {"nohtml", no_argument, 0, 'n'},
191 {"ssl", no_argument, 0, 'S'}, 192 {"ssl", optional_argument, 0, 'S'},
192 {"sni", no_argument, 0, SNI_OPTION}, 193 {"sni", no_argument, 0, SNI_OPTION},
193 {"post", required_argument, 0, 'P'}, 194 {"post", required_argument, 0, 'P'},
194 {"method", required_argument, 0, 'j'}, 195 {"method", required_argument, 0, 'j'},
@@ -234,7 +235,7 @@ process_arguments (int argc, char **argv)
234 } 235 }
235 236
236 while (1) { 237 while (1) {
237 c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:e:p:s:R:r:u:f:C:nlLSm:M:N", longopts, &option); 238 c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:e:p:s:R:r:u:f:C:nlLS::m:M:N", longopts, &option);
238 if (c == -1 || c == EOF) 239 if (c == -1 || c == EOF)
239 break; 240 break;
240 241
@@ -294,6 +295,13 @@ process_arguments (int argc, char **argv)
294 usage4 (_("Invalid option - SSL is not available")); 295 usage4 (_("Invalid option - SSL is not available"));
295#endif 296#endif
296 use_ssl = TRUE; 297 use_ssl = TRUE;
298 if (optarg == NULL || c != 'S')
299 ssl_version = 0;
300 else {
301 ssl_version = atoi(optarg);
302 if (ssl_version < 1 || ssl_version > 3)
303 usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2) or 3 (SSLv3)"));
304 }
297 if (specify_port == FALSE) 305 if (specify_port == FALSE)
298 server_port = HTTPS_PORT; 306 server_port = HTTPS_PORT;
299 break; 307 break;
@@ -798,7 +806,9 @@ check_http (void)
798 die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); 806 die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
799#ifdef HAVE_SSL 807#ifdef HAVE_SSL
800 if (use_ssl == TRUE) { 808 if (use_ssl == TRUE) {
801 np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL)); 809 result = np_net_ssl_init_with_hostname_and_version(sd, (use_sni ? host_name : NULL), ssl_version);
810 if (result != STATE_OK)
811 return result;
802 if (check_cert == TRUE) { 812 if (check_cert == TRUE) {
803 result = np_net_ssl_check_cert(days_till_exp); 813 result = np_net_ssl_check_cert(days_till_exp);
804 np_net_ssl_cleanup(); 814 np_net_ssl_cleanup();
@@ -1323,8 +1333,9 @@ print_help (void)
1323 printf (UT_IPv46); 1333 printf (UT_IPv46);
1324 1334
1325#ifdef HAVE_SSL 1335#ifdef HAVE_SSL
1326 printf (" %s\n", "-S, --ssl"); 1336 printf (" %s\n", "-S, --ssl=VERSION");
1327 printf (" %s\n", _("Connect via SSL. Port defaults to 443")); 1337 printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents"));
1338 printf (" %s\n", _("auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3)."));
1328 printf (" %s\n", "--sni"); 1339 printf (" %s\n", "--sni");
1329 printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); 1340 printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
1330 printf (" %s\n", "-C, --certificate=INTEGER"); 1341 printf (" %s\n", "-C, --certificate=INTEGER");
@@ -1433,6 +1444,6 @@ print_usage (void)
1433 printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n"); 1444 printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
1434 printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); 1445 printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
1435 printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n"); 1446 printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
1436 printf (" [-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]\n"); 1447 printf (" [-A string] [-k string] [-S <version>] [--sni] [-C <age>] [-T <content-type>]\n");
1437 printf (" [-j method]\n"); 1448 printf (" [-j method]\n");
1438} 1449}
diff --git a/plugins/check_ping.c b/plugins/check_ping.c
index 9f9dcab..23dcd6a 100644
--- a/plugins/check_ping.c
+++ b/plugins/check_ping.c
@@ -432,6 +432,7 @@ run_ping (const char *cmd, const char *addr)
432{ 432{
433 char buf[MAX_INPUT_BUFFER]; 433 char buf[MAX_INPUT_BUFFER];
434 int result = STATE_UNKNOWN; 434 int result = STATE_UNKNOWN;
435 int match;
435 436
436 if ((child_process = spopen (cmd)) == NULL) 437 if ((child_process = spopen (cmd)) == NULL)
437 die (STATE_UNKNOWN, _("Could not open pipe: %s\n"), cmd); 438 die (STATE_UNKNOWN, _("Could not open pipe: %s\n"), cmd);
@@ -448,28 +449,29 @@ run_ping (const char *cmd, const char *addr)
448 result = max_state (result, error_scan (buf, addr)); 449 result = max_state (result, error_scan (buf, addr));
449 450
450 /* get the percent loss statistics */ 451 /* get the percent loss statistics */
451 if(sscanf(buf,"%*d packets transmitted, %*d packets received, +%*d errors, %d%% packet loss",&pl)==1 || 452 match = 0;
452 sscanf(buf,"%*d packets transmitted, %*d packets received, +%*d duplicates, %d%% packet loss", &pl) == 1 || 453 if((sscanf(buf,"%*d packets transmitted, %*d packets received, +%*d errors, %d%% packet loss%n",&pl,&match) && match) ||
453 sscanf(buf,"%*d packets transmitted, %*d received, +%*d duplicates, %d%% packet loss", &pl) == 1 || 454 (sscanf(buf,"%*d packets transmitted, %*d packets received, +%*d duplicates, %d%% packet loss%n",&pl,&match) && match) ||
454 sscanf(buf,"%*d packets transmitted, %*d packets received, %d%% packet loss",&pl)==1 || 455 (sscanf(buf,"%*d packets transmitted, %*d received, +%*d duplicates, %d%% packet loss%n",&pl,&match) && match) ||
455 sscanf(buf,"%*d packets transmitted, %*d packets received, %d%% loss, time",&pl)==1 || 456 (sscanf(buf,"%*d packets transmitted, %*d packets received, %d%% packet loss%n",&pl,&match) && match) ||
456 sscanf(buf,"%*d packets transmitted, %*d received, %d%% loss, time", &pl)==1 || 457 (sscanf(buf,"%*d packets transmitted, %*d packets received, %d%% loss, time%n",&pl,&match) && match) ||
457 sscanf(buf,"%*d packets transmitted, %*d received, %d%% packet loss, time", &pl)==1 || 458 (sscanf(buf,"%*d packets transmitted, %*d received, %d%% loss, time%n",&pl,&match) && match) ||
458 sscanf(buf,"%*d packets transmitted, %*d received, +%*d errors, %d%% packet loss", &pl) == 1 || 459 (sscanf(buf,"%*d packets transmitted, %*d received, %d%% packet loss, time%n",&pl,&match) && match) ||
459 sscanf(buf,"%*d packets transmitted %*d received, +%*d errors, %d%% packet loss", &pl) == 1 460 (sscanf(buf,"%*d packets transmitted, %*d received, +%*d errors, %d%% packet loss%n",&pl,&match) && match) ||
461 (sscanf(buf,"%*d packets transmitted %*d received, +%*d errors, %d%% packet loss%n",&pl,&match) && match)
460 ) 462 )
461 continue; 463 continue;
462 464
463 /* get the round trip average */ 465 /* get the round trip average */
464 else 466 else
465 if(sscanf(buf,"round-trip min/avg/max = %*f/%f/%*f",&rta)==1 || 467 if((sscanf(buf,"round-trip min/avg/max = %*f/%f/%*f%n",&rta,&match) && match) ||
466 sscanf(buf,"round-trip min/avg/max/mdev = %*f/%f/%*f/%*f",&rta)==1 || 468 (sscanf(buf,"round-trip min/avg/max/mdev = %*f/%f/%*f/%*f%n",&rta,&match) && match) ||
467 sscanf(buf,"round-trip min/avg/max/sdev = %*f/%f/%*f/%*f",&rta)==1 || 469 (sscanf(buf,"round-trip min/avg/max/sdev = %*f/%f/%*f/%*f%n",&rta,&match) && match) ||
468 sscanf(buf,"round-trip min/avg/max/stddev = %*f/%f/%*f/%*f",&rta)==1 || 470 (sscanf(buf,"round-trip min/avg/max/stddev = %*f/%f/%*f/%*f%n",&rta,&match) && match) ||
469 sscanf(buf,"round-trip min/avg/max/std-dev = %*f/%f/%*f/%*f",&rta)==1 || 471 (sscanf(buf,"round-trip min/avg/max/std-dev = %*f/%f/%*f/%*f%n",&rta,&match) && match) ||
470 sscanf(buf,"round-trip (ms) min/avg/max = %*f/%f/%*f",&rta)==1 || 472 (sscanf(buf,"round-trip (ms) min/avg/max = %*f/%f/%*f%n",&rta,&match) && match) ||
471 sscanf(buf,"round-trip (ms) min/avg/max/stddev = %*f/%f/%*f/%*f",&rta)==1 || 473 (sscanf(buf,"round-trip (ms) min/avg/max/stddev = %*f/%f/%*f/%*f%n",&rta,&match) && match) ||
472 sscanf(buf,"rtt min/avg/max/mdev = %*f/%f/%*f/%*f ms",&rta)==1) 474 (sscanf(buf,"rtt min/avg/max/mdev = %*f/%f/%*f/%*f ms%n",&rta,&match) && match))
473 continue; 475 continue;
474 } 476 }
475 477
@@ -498,9 +500,7 @@ run_ping (const char *cmd, const char *addr)
498 (void) fclose (child_stderr); 500 (void) fclose (child_stderr);
499 501
500 502
501 /* close the pipe - WARNING if status is set */ 503 spclose (child_process);
502 if (spclose (child_process))
503 result = max_state (result, STATE_WARNING);
504 504
505 if (warn_text == NULL) 505 if (warn_text == NULL)
506 warn_text = strdup(""); 506 warn_text = strdup("");
@@ -534,7 +534,7 @@ error_scan (char buf[MAX_INPUT_BUFFER], const char *addr)
534 else if (strstr (buf, "Time to live exceeded")) 534 else if (strstr (buf, "Time to live exceeded"))
535 die (STATE_CRITICAL, _("CRITICAL - Time to live exceeded (%s)"), addr); 535 die (STATE_CRITICAL, _("CRITICAL - Time to live exceeded (%s)"), addr);
536 else if (strstr (buf, "Destination unreachable: ")) 536 else if (strstr (buf, "Destination unreachable: "))
537 die (STATE_CRITICAL, _("CRITICAL - DestinationUnreachable (%s)"), addr); 537 die (STATE_CRITICAL, _("CRITICAL - Destination Unreachable (%s)"), addr);
538 538
539 if (strstr (buf, "(DUP!)") || strstr (buf, "DUPLICATES FOUND")) { 539 if (strstr (buf, "(DUP!)") || strstr (buf, "DUPLICATES FOUND")) {
540 if (warn_text == NULL) 540 if (warn_text == NULL)
diff --git a/plugins/check_users.c b/plugins/check_users.c
index 8368612..3766292 100644
--- a/plugins/check_users.c
+++ b/plugins/check_users.c
@@ -3,7 +3,7 @@
3* Nagios check_users plugin 3* Nagios check_users plugin
4* 4*
5* License: GPL 5* License: GPL
6* Copyright (c) 2000-2007 Nagios Plugins Development Team 6* Copyright (c) 2000-2012 Nagios Plugins Development Team
7* 7*
8* Description: 8* Description:
9* 9*
@@ -35,8 +35,8 @@ const char *copyright = "2000-2007";
35const char *email = "nagiosplug-devel@lists.sourceforge.net"; 35const char *email = "nagiosplug-devel@lists.sourceforge.net";
36 36
37#include "common.h" 37#include "common.h"
38#include "popen.h"
39#include "utils.h" 38#include "utils.h"
39#include <utmpx.h>
40 40
41#define possibly_set(a,b) ((a) == 0 ? (b) : 0) 41#define possibly_set(a,b) ((a) == 0 ? (b) : 0)
42 42
@@ -52,58 +52,33 @@ main (int argc, char **argv)
52{ 52{
53 int users = -1; 53 int users = -1;
54 int result = STATE_UNKNOWN; 54 int result = STATE_UNKNOWN;
55 char input_buffer[MAX_INPUT_BUFFER];
56 char *perf; 55 char *perf;
56 struct utmpx *putmpx;
57 57
58 setlocale (LC_ALL, ""); 58 setlocale (LC_ALL, "");
59 bindtextdomain (PACKAGE, LOCALEDIR); 59 bindtextdomain (PACKAGE, LOCALEDIR);
60 textdomain (PACKAGE); 60 textdomain (PACKAGE);
61 61
62 perf = strdup(""); 62 perf = strdup ("");
63 63
64 /* Parse extra opts if any */ 64 /* Parse extra opts if any */
65 argv=np_extra_opts (&argc, argv, progname); 65 argv = np_extra_opts (&argc, argv, progname);
66 66
67 if (process_arguments (argc, argv) == ERROR) 67 if (process_arguments (argc, argv) == ERROR)
68 usage4 (_("Could not parse arguments")); 68 usage4 (_("Could not parse arguments"));
69 69
70 /* run the command */
71 child_process = spopen (WHO_COMMAND);
72 if (child_process == NULL) {
73 printf (_("Could not open pipe: %s\n"), WHO_COMMAND);
74 return STATE_UNKNOWN;
75 }
76
77 child_stderr = fdopen (child_stderr_array[fileno (child_process)], "r");
78 if (child_stderr == NULL)
79 printf (_("Could not open stderr for %s\n"), WHO_COMMAND);
80
81 users = 0; 70 users = 0;
82 71
83 while (fgets (input_buffer, MAX_INPUT_BUFFER - 1, child_process)) { 72 /* get currently logged users from utmpx */
73 setutxent ();
84 74
85 /* increment 'users' on all lines except total user count */ 75 while ((putmpx = getutxent ()) != NULL)
86 if (input_buffer[0] != '#') { 76 if (putmpx->ut_type == USER_PROCESS)
87 users++; 77 users++;
88 continue;
89 }
90
91 /* get total logged in users */
92 if (sscanf (input_buffer, _("# users=%d"), &users) == 1)
93 break;
94
95 }
96 78
97 /* check STDERR */ 79 endutxent ();
98 if (fgets (input_buffer, MAX_INPUT_BUFFER - 1, child_stderr))
99 result = possibly_set (result, STATE_UNKNOWN);
100 (void) fclose (child_stderr);
101 80
102 /* close the pipe */ 81 /* check the user count against warning and critical thresholds */
103 if (spclose (child_process))
104 result = possibly_set (result, STATE_UNKNOWN);
105
106 /* else check the user count against warning and critical thresholds */
107 if (users > cusers) 82 if (users > cusers)
108 result = STATE_CRITICAL; 83 result = STATE_CRITICAL;
109 else if (users > wusers) 84 else if (users > wusers)
@@ -114,7 +89,7 @@ main (int argc, char **argv)
114 if (result == STATE_UNKNOWN) 89 if (result == STATE_UNKNOWN)
115 printf ("%s\n", _("Unable to read output")); 90 printf ("%s\n", _("Unable to read output"));
116 else { 91 else {
117 asprintf(&perf, "%s", perfdata ("users", users, "", 92 asprintf (&perf, "%s", perfdata ("users", users, "",
118 TRUE, wusers, 93 TRUE, wusers,
119 TRUE, cusers, 94 TRUE, cusers,
120 TRUE, 0, 95 TRUE, 0,
@@ -126,14 +101,11 @@ main (int argc, char **argv)
126 return result; 101 return result;
127} 102}
128 103
129
130
131/* process command-line arguments */ 104/* process command-line arguments */
132int 105int
133process_arguments (int argc, char **argv) 106process_arguments (int argc, char **argv)
134{ 107{
135 int c; 108 int c;
136
137 int option = 0; 109 int option = 0;
138 static struct option longopts[] = { 110 static struct option longopts[] = {
139 {"critical", required_argument, 0, 'c'}, 111 {"critical", required_argument, 0, 'c'},
@@ -183,7 +155,6 @@ process_arguments (int argc, char **argv)
183 else 155 else
184 wusers = atoi (argv[c++]); 156 wusers = atoi (argv[c++]);
185 } 157 }
186
187 if (cusers == -1 && argc > c) { 158 if (cusers == -1 && argc > c) {
188 if (is_intnonneg (argv[c]) == FALSE) 159 if (is_intnonneg (argv[c]) == FALSE)
189 usage4 (_("Warning threshold must be a positive integer")); 160 usage4 (_("Warning threshold must be a positive integer"));
@@ -194,8 +165,6 @@ process_arguments (int argc, char **argv)
194 return OK; 165 return OK;
195} 166}
196 167
197
198
199void 168void
200print_help (void) 169print_help (void)
201{ 170{
@@ -205,9 +174,9 @@ print_help (void)
205 printf (COPYRIGHT, copyright, email); 174 printf (COPYRIGHT, copyright, email);
206 175
207 printf ("%s\n", _("This plugin checks the number of users currently logged in on the local")); 176 printf ("%s\n", _("This plugin checks the number of users currently logged in on the local"));
208 printf ("%s\n", _("system and generates an error if the number exceeds the thresholds specified.")); 177 printf ("%s\n", _("system and generates an error if the number exceeds the thresholds specified."));
209 178
210 printf ("\n\n"); 179 printf ("\n\n");
211 180
212 print_usage (); 181 print_usage ();
213 182
@@ -215,17 +184,16 @@ print_help (void)
215 printf (UT_EXTRA_OPTS); 184 printf (UT_EXTRA_OPTS);
216 185
217 printf (" %s\n", "-w, --warning=INTEGER"); 186 printf (" %s\n", "-w, --warning=INTEGER");
218 printf (" %s\n", _("Set WARNING status if more than INTEGER users are logged in")); 187 printf (" %s\n", _("Set WARNING status if more than INTEGER users are logged in"));
219 printf (" %s\n", "-c, --critical=INTEGER"); 188 printf (" %s\n", "-c, --critical=INTEGER");
220 printf (" %s\n", _("Set CRITICAL status if more than INTEGER users are logged in")); 189 printf (" %s\n", _("Set CRITICAL status if more than INTEGER users are logged in"));
221 190
222 printf (UT_SUPPORT); 191 printf (UT_SUPPORT);
223} 192}
224 193
225
226void 194void
227print_usage (void) 195print_usage (void)
228{ 196{
229 printf ("%s\n", _("Usage:")); 197 printf ("%s\n", _("Usage:"));
230 printf ("%s -w <users> -c <users>\n", progname); 198 printf ("%s -w <users> -c <users>\n", progname);
231} 199}
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index 0bc61ed..5425bb2 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -36,66 +36,97 @@ static SSL_CTX *c=NULL;
36static SSL *s=NULL; 36static SSL *s=NULL;
37static int initialized=0; 37static int initialized=0;
38 38
39int np_net_ssl_init (int sd) { 39int np_net_ssl_init(int sd) {
40 return np_net_ssl_init_with_hostname(sd, NULL); 40 return np_net_ssl_init_with_hostname(sd, NULL);
41} 41}
42 42
43int np_net_ssl_init_with_hostname (int sd, char *host_name) { 43int np_net_ssl_init_with_hostname(int sd, char *host_name) {
44 if (!initialized) { 44 return np_net_ssl_init_with_hostname_and_version(sd, host_name, 0);
45 /* Initialize SSL context */ 45}
46 SSLeay_add_ssl_algorithms (); 46
47 SSL_load_error_strings (); 47int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int version) {
48 OpenSSL_add_all_algorithms (); 48 const SSL_METHOD *method = NULL;
49 initialized = 1; 49
50 } 50 switch (version) {
51 if ((c = SSL_CTX_new (SSLv23_client_method ())) == NULL) { 51 case 0: /* Deafult to auto negotiation */
52 printf ("%s\n", _("CRITICAL - Cannot create SSL context.")); 52 method = SSLv23_client_method();
53 return STATE_CRITICAL; 53 break;
54 } 54 case 1: /* TLSv1 protocol */
55 if ((s = SSL_new (c)) != NULL){ 55 method = TLSv1_client_method();
56 break;
57 case 2: /* SSLv2 protocol */
58#if defined(USE_GNUTLS) || defined(OPENSSL_NO_SSL2)
59 printf(("%s\n", _("CRITICAL - SSL protocol version 2 is not supported by your SSL library.")));
60 return STATE_CRITICAL;
61#else
62 method = SSLv2_client_method();
63#endif
64 break;
65 case 3: /* SSLv3 protocol */
66 method = SSLv3_client_method();
67 break;
68 default: /* Unsupported */
69 printf("%s\n", _("CRITICAL - Unsupported SSL protocol version."));
70 return STATE_CRITICAL;
71 }
72 if (!initialized) {
73 /* Initialize SSL context */
74 SSLeay_add_ssl_algorithms();
75 SSL_load_error_strings();
76 OpenSSL_add_all_algorithms();
77 initialized = 1;
78 }
79 if ((c = SSL_CTX_new(method)) == NULL) {
80 printf("%s\n", _("CRITICAL - Cannot create SSL context."));
81 return STATE_CRITICAL;
82 }
83#ifdef SSL_OP_NO_TICKET
84 SSL_CTX_set_options(c, SSL_OP_NO_TICKET);
85#endif
86 if ((s = SSL_new(c)) != NULL) {
56#ifdef SSL_set_tlsext_host_name 87#ifdef SSL_set_tlsext_host_name
57 if (host_name != NULL) 88 if (host_name != NULL)
58 SSL_set_tlsext_host_name(s, host_name); 89 SSL_set_tlsext_host_name(s, host_name);
59#endif 90#endif
60 SSL_set_fd (s, sd); 91 SSL_set_fd(s, sd);
61 if (SSL_connect(s) == 1){ 92 if (SSL_connect(s) == 1) {
62 return OK; 93 return OK;
63 } else { 94 } else {
64 printf ("%s\n", _("CRITICAL - Cannot make SSL connection ")); 95 printf("%s\n", _("CRITICAL - Cannot make SSL connection."));
65# ifdef USE_OPENSSL /* XXX look into ERR_error_string */ 96# ifdef USE_OPENSSL /* XXX look into ERR_error_string */
66 ERR_print_errors_fp (stdout); 97 ERR_print_errors_fp(stdout);
67# endif /* USE_OPENSSL */ 98# endif /* USE_OPENSSL */
68 }
69 } else {
70 printf ("%s\n", _("CRITICAL - Cannot initiate SSL handshake."));
71 } 99 }
72 return STATE_CRITICAL; 100 } else {
101 printf("%s\n", _("CRITICAL - Cannot initiate SSL handshake."));
102 }
103 return STATE_CRITICAL;
73} 104}
74 105
75void np_net_ssl_cleanup (){ 106void np_net_ssl_cleanup() {
76 if(s){ 107 if (s) {
77#ifdef SSL_set_tlsext_host_name 108#ifdef SSL_set_tlsext_host_name
78 SSL_set_tlsext_host_name(s, NULL); 109 SSL_set_tlsext_host_name(s, NULL);
79#endif 110#endif
80 SSL_shutdown (s); 111 SSL_shutdown(s);
81 SSL_free (s); 112 SSL_free(s);
82 if(c) { 113 if (c) {
83 SSL_CTX_free (c); 114 SSL_CTX_free(c);
84 c=NULL; 115 c=NULL;
85 }
86 s=NULL;
87 } 116 }
117 s=NULL;
118 }
88} 119}
89 120
90int np_net_ssl_write(const void *buf, int num){ 121int np_net_ssl_write(const void *buf, int num) {
91 return SSL_write(s, buf, num); 122 return SSL_write(s, buf, num);
92} 123}
93 124
94int np_net_ssl_read(void *buf, int num){ 125int np_net_ssl_read(void *buf, int num) {
95 return SSL_read(s, buf, num); 126 return SSL_read(s, buf, num);
96} 127}
97 128
98int np_net_ssl_check_cert(int days_till_exp){ 129int np_net_ssl_check_cert(int days_till_exp) {
99# ifdef USE_OPENSSL 130# ifdef USE_OPENSSL
100 X509 *certificate=NULL; 131 X509 *certificate=NULL;
101 X509_NAME *subj=NULL; 132 X509_NAME *subj=NULL;
@@ -111,29 +142,29 @@ int np_net_ssl_check_cert(int days_till_exp){
111 char timestamp[17] = ""; 142 char timestamp[17] = "";
112 143
113 certificate=SSL_get_peer_certificate(s); 144 certificate=SSL_get_peer_certificate(s);
114 if(! certificate){ 145 if (!certificate) {
115 printf ("%s\n",_("CRITICAL - Cannot retrieve server certificate.")); 146 printf("%s\n",_("CRITICAL - Cannot retrieve server certificate."));
116 return STATE_CRITICAL; 147 return STATE_CRITICAL;
117 } 148 }
118 149
119 /* Extract CN from certificate subject */ 150 /* Extract CN from certificate subject */
120 subj=X509_get_subject_name(certificate); 151 subj=X509_get_subject_name(certificate);
121 152
122 if(! subj){ 153 if (!subj) {
123 printf ("%s\n",_("CRITICAL - Cannot retrieve certificate subject.")); 154 printf("%s\n",_("CRITICAL - Cannot retrieve certificate subject."));
124 return STATE_CRITICAL; 155 return STATE_CRITICAL;
125 } 156 }
126 cnlen = X509_NAME_get_text_by_NID (subj, NID_commonName, cn, sizeof(cn)); 157 cnlen = X509_NAME_get_text_by_NID(subj, NID_commonName, cn, sizeof(cn));
127 if ( cnlen == -1 ) 158 if (cnlen == -1)
128 strcpy(cn , _("Unknown CN")); 159 strcpy(cn, _("Unknown CN"));
129 160
130 /* Retrieve timestamp of certificate */ 161 /* Retrieve timestamp of certificate */
131 tm = X509_get_notAfter (certificate); 162 tm = X509_get_notAfter(certificate);
132 163
133 /* Generate tm structure to process timestamp */ 164 /* Generate tm structure to process timestamp */
134 if (tm->type == V_ASN1_UTCTIME) { 165 if (tm->type == V_ASN1_UTCTIME) {
135 if (tm->length < 10) { 166 if (tm->length < 10) {
136 printf ("%s\n", _("CRITICAL - Wrong time format in certificate.")); 167 printf("%s\n", _("CRITICAL - Wrong time format in certificate."));
137 return STATE_CRITICAL; 168 return STATE_CRITICAL;
138 } else { 169 } else {
139 stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0'); 170 stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0');
@@ -143,7 +174,7 @@ int np_net_ssl_check_cert(int days_till_exp){
143 } 174 }
144 } else { 175 } else {
145 if (tm->length < 12) { 176 if (tm->length < 12) {
146 printf ("%s\n", _("CRITICAL - Wrong time format in certificate.")); 177 printf("%s\n", _("CRITICAL - Wrong time format in certificate."));
147 return STATE_CRITICAL; 178 return STATE_CRITICAL;
148 } else { 179 } else {
149 stamp.tm_year = 180 stamp.tm_year =
@@ -172,22 +203,22 @@ int np_net_ssl_check_cert(int days_till_exp){
172 stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); 203 stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
173 204
174 if (days_left > 0 && days_left <= days_till_exp) { 205 if (days_left > 0 && days_left <= days_till_exp) {
175 printf (_("WARNING - Certificate '%s' expires in %d day(s) (%s).\n"), cn, days_left, timestamp); 206 printf(_("WARNING - Certificate '%s' expires in %d day(s) (%s).\n"), cn, days_left, timestamp);
176 status=STATE_WARNING; 207 status=STATE_WARNING;
177 } else if (time_left < 0) { 208 } else if (time_left < 0) {
178 printf (_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp); 209 printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp);
179 status=STATE_CRITICAL; 210 status=STATE_CRITICAL;
180 } else if (days_left == 0) { 211 } else if (days_left == 0) {
181 printf (_("WARNING - Certificate '%s' expires today (%s).\n"), cn, timestamp); 212 printf(_("WARNING - Certificate '%s' expires today (%s).\n"), cn, timestamp);
182 status=STATE_WARNING; 213 status=STATE_WARNING;
183 } else { 214 } else {
184 printf (_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp); 215 printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp);
185 status=STATE_OK; 216 status=STATE_OK;
186 } 217 }
187 X509_free (certificate); 218 X509_free(certificate);
188 return status; 219 return status;
189# else /* ifndef USE_OPENSSL */ 220# else /* ifndef USE_OPENSSL */
190 printf ("%s\n", _("WARNING - Plugin does not support checking certificates.")); 221 printf("%s\n", _("WARNING - Plugin does not support checking certificates."));
191 return STATE_WARNING; 222 return STATE_WARNING;
192# endif /* USE_OPENSSL */ 223# endif /* USE_OPENSSL */
193} 224}
diff --git a/plugins/t/check_by_ssh.t b/plugins/t/check_by_ssh.t
index cca72c9..8d1b190 100644
--- a/plugins/t/check_by_ssh.t
+++ b/plugins/t/check_by_ssh.t
@@ -27,11 +27,11 @@ plan skip_all => "SSH_HOST and SSH_IDENTITY must be defined" unless ($ssh_servic
27plan tests => 42; 27plan tests => 42;
28 28
29# Some random check strings/response 29# Some random check strings/response
30my @responce = ('OK: Everything is fine!', 30my @responce = ('OK: Everything is fine',
31 'WARNING: Hey, pick me, pick me!', 31 'WARNING: Hey, pick me, pick me',
32 'CRITICAL: Shit happens...', 32 'CRITICAL: Shit happens',
33 'UNKNOWN: What can I do for ya?', 33 'UNKNOWN: What can I do for ya',
34 'WOOPS: What did I smoke?', 34 'WOOPS: What did I smoke',
35); 35);
36my @responce_re; 36my @responce_re;
37my @check; 37my @check;