diff options
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/Makefile.am | 2 | ||||
-rw-r--r-- | plugins/check_http.c | 25 | ||||
-rw-r--r-- | plugins/check_ping.c | 42 | ||||
-rw-r--r-- | plugins/check_users.c | 68 | ||||
-rw-r--r-- | plugins/sslutils.c | 143 | ||||
-rw-r--r-- | plugins/t/check_by_ssh.t | 10 |
6 files changed, 150 insertions, 140 deletions
diff --git a/plugins/Makefile.am b/plugins/Makefile.am index 36a28b0b..3a2afc15 100644 --- a/plugins/Makefile.am +++ b/plugins/Makefile.am | |||
@@ -101,7 +101,7 @@ check_tcp_LDADD = $(SSLOBJS) $(NETLIBS) $(SSLLIBS) | |||
101 | check_time_LDADD = $(NETLIBS) | 101 | check_time_LDADD = $(NETLIBS) |
102 | check_ntp_time_LDADD = $(NETLIBS) $(MATHLIBS) | 102 | check_ntp_time_LDADD = $(NETLIBS) $(MATHLIBS) |
103 | check_ups_LDADD = $(NETLIBS) | 103 | check_ups_LDADD = $(NETLIBS) |
104 | check_users_LDADD = $(BASEOBJS) popen.o | 104 | check_users_LDADD = $(BASEOBJS) |
105 | check_by_ssh_LDADD = $(NETLIBS) | 105 | check_by_ssh_LDADD = $(NETLIBS) |
106 | check_ide_smart_LDADD = $(BASEOBJS) | 106 | check_ide_smart_LDADD = $(BASEOBJS) |
107 | negate_LDADD = $(BASEOBJS) | 107 | negate_LDADD = $(BASEOBJS) |
diff --git a/plugins/check_http.c b/plugins/check_http.c index 3175f6cb..315848fc 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c | |||
@@ -34,7 +34,7 @@ | |||
34 | /* splint -I. -I../../plugins -I../../lib/ -I/usr/kerberos/include/ ../../plugins/check_http.c */ | 34 | /* splint -I. -I../../plugins -I../../lib/ -I/usr/kerberos/include/ ../../plugins/check_http.c */ |
35 | 35 | ||
36 | const char *progname = "check_http"; | 36 | const char *progname = "check_http"; |
37 | const char *copyright = "1999-2008"; | 37 | const char *copyright = "1999-2011"; |
38 | const char *email = "nagiosplug-devel@lists.sourceforge.net"; | 38 | const char *email = "nagiosplug-devel@lists.sourceforge.net"; |
39 | 39 | ||
40 | #include "common.h" | 40 | #include "common.h" |
@@ -59,6 +59,7 @@ enum { | |||
59 | #ifdef HAVE_SSL | 59 | #ifdef HAVE_SSL |
60 | int check_cert = FALSE; | 60 | int check_cert = FALSE; |
61 | int days_till_exp; | 61 | int days_till_exp; |
62 | int ssl_version; | ||
62 | char *randbuff; | 63 | char *randbuff; |
63 | X509 *server_cert; | 64 | X509 *server_cert; |
64 | # define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) | 65 | # define my_recv(buf, len) ((use_ssl) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) |
@@ -188,7 +189,7 @@ process_arguments (int argc, char **argv) | |||
188 | STD_LONG_OPTS, | 189 | STD_LONG_OPTS, |
189 | {"link", no_argument, 0, 'L'}, | 190 | {"link", no_argument, 0, 'L'}, |
190 | {"nohtml", no_argument, 0, 'n'}, | 191 | {"nohtml", no_argument, 0, 'n'}, |
191 | {"ssl", no_argument, 0, 'S'}, | 192 | {"ssl", optional_argument, 0, 'S'}, |
192 | {"sni", no_argument, 0, SNI_OPTION}, | 193 | {"sni", no_argument, 0, SNI_OPTION}, |
193 | {"post", required_argument, 0, 'P'}, | 194 | {"post", required_argument, 0, 'P'}, |
194 | {"method", required_argument, 0, 'j'}, | 195 | {"method", required_argument, 0, 'j'}, |
@@ -234,7 +235,7 @@ process_arguments (int argc, char **argv) | |||
234 | } | 235 | } |
235 | 236 | ||
236 | while (1) { | 237 | while (1) { |
237 | c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:e:p:s:R:r:u:f:C:nlLSm:M:N", longopts, &option); | 238 | c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:e:p:s:R:r:u:f:C:nlLS::m:M:N", longopts, &option); |
238 | if (c == -1 || c == EOF) | 239 | if (c == -1 || c == EOF) |
239 | break; | 240 | break; |
240 | 241 | ||
@@ -294,6 +295,13 @@ process_arguments (int argc, char **argv) | |||
294 | usage4 (_("Invalid option - SSL is not available")); | 295 | usage4 (_("Invalid option - SSL is not available")); |
295 | #endif | 296 | #endif |
296 | use_ssl = TRUE; | 297 | use_ssl = TRUE; |
298 | if (optarg == NULL || c != 'S') | ||
299 | ssl_version = 0; | ||
300 | else { | ||
301 | ssl_version = atoi(optarg); | ||
302 | if (ssl_version < 1 || ssl_version > 3) | ||
303 | usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2) or 3 (SSLv3)")); | ||
304 | } | ||
297 | if (specify_port == FALSE) | 305 | if (specify_port == FALSE) |
298 | server_port = HTTPS_PORT; | 306 | server_port = HTTPS_PORT; |
299 | break; | 307 | break; |
@@ -798,7 +806,9 @@ check_http (void) | |||
798 | die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); | 806 | die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); |
799 | #ifdef HAVE_SSL | 807 | #ifdef HAVE_SSL |
800 | if (use_ssl == TRUE) { | 808 | if (use_ssl == TRUE) { |
801 | np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL)); | 809 | result = np_net_ssl_init_with_hostname_and_version(sd, (use_sni ? host_name : NULL), ssl_version); |
810 | if (result != STATE_OK) | ||
811 | return result; | ||
802 | if (check_cert == TRUE) { | 812 | if (check_cert == TRUE) { |
803 | result = np_net_ssl_check_cert(days_till_exp); | 813 | result = np_net_ssl_check_cert(days_till_exp); |
804 | np_net_ssl_cleanup(); | 814 | np_net_ssl_cleanup(); |
@@ -1323,8 +1333,9 @@ print_help (void) | |||
1323 | printf (UT_IPv46); | 1333 | printf (UT_IPv46); |
1324 | 1334 | ||
1325 | #ifdef HAVE_SSL | 1335 | #ifdef HAVE_SSL |
1326 | printf (" %s\n", "-S, --ssl"); | 1336 | printf (" %s\n", "-S, --ssl=VERSION"); |
1327 | printf (" %s\n", _("Connect via SSL. Port defaults to 443")); | 1337 | printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents")); |
1338 | printf (" %s\n", _("auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3).")); | ||
1328 | printf (" %s\n", "--sni"); | 1339 | printf (" %s\n", "--sni"); |
1329 | printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); | 1340 | printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); |
1330 | printf (" %s\n", "-C, --certificate=INTEGER"); | 1341 | printf (" %s\n", "-C, --certificate=INTEGER"); |
@@ -1433,6 +1444,6 @@ print_usage (void) | |||
1433 | printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n"); | 1444 | printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n"); |
1434 | printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); | 1445 | printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); |
1435 | printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n"); | 1446 | printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n"); |
1436 | printf (" [-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]\n"); | 1447 | printf (" [-A string] [-k string] [-S <version>] [--sni] [-C <age>] [-T <content-type>]\n"); |
1437 | printf (" [-j method]\n"); | 1448 | printf (" [-j method]\n"); |
1438 | } | 1449 | } |
diff --git a/plugins/check_ping.c b/plugins/check_ping.c index 9f9dcabd..23dcd6a8 100644 --- a/plugins/check_ping.c +++ b/plugins/check_ping.c | |||
@@ -432,6 +432,7 @@ run_ping (const char *cmd, const char *addr) | |||
432 | { | 432 | { |
433 | char buf[MAX_INPUT_BUFFER]; | 433 | char buf[MAX_INPUT_BUFFER]; |
434 | int result = STATE_UNKNOWN; | 434 | int result = STATE_UNKNOWN; |
435 | int match; | ||
435 | 436 | ||
436 | if ((child_process = spopen (cmd)) == NULL) | 437 | if ((child_process = spopen (cmd)) == NULL) |
437 | die (STATE_UNKNOWN, _("Could not open pipe: %s\n"), cmd); | 438 | die (STATE_UNKNOWN, _("Could not open pipe: %s\n"), cmd); |
@@ -448,28 +449,29 @@ run_ping (const char *cmd, const char *addr) | |||
448 | result = max_state (result, error_scan (buf, addr)); | 449 | result = max_state (result, error_scan (buf, addr)); |
449 | 450 | ||
450 | /* get the percent loss statistics */ | 451 | /* get the percent loss statistics */ |
451 | if(sscanf(buf,"%*d packets transmitted, %*d packets received, +%*d errors, %d%% packet loss",&pl)==1 || | 452 | match = 0; |
452 | sscanf(buf,"%*d packets transmitted, %*d packets received, +%*d duplicates, %d%% packet loss", &pl) == 1 || | 453 | if((sscanf(buf,"%*d packets transmitted, %*d packets received, +%*d errors, %d%% packet loss%n",&pl,&match) && match) || |
453 | sscanf(buf,"%*d packets transmitted, %*d received, +%*d duplicates, %d%% packet loss", &pl) == 1 || | 454 | (sscanf(buf,"%*d packets transmitted, %*d packets received, +%*d duplicates, %d%% packet loss%n",&pl,&match) && match) || |
454 | sscanf(buf,"%*d packets transmitted, %*d packets received, %d%% packet loss",&pl)==1 || | 455 | (sscanf(buf,"%*d packets transmitted, %*d received, +%*d duplicates, %d%% packet loss%n",&pl,&match) && match) || |
455 | sscanf(buf,"%*d packets transmitted, %*d packets received, %d%% loss, time",&pl)==1 || | 456 | (sscanf(buf,"%*d packets transmitted, %*d packets received, %d%% packet loss%n",&pl,&match) && match) || |
456 | sscanf(buf,"%*d packets transmitted, %*d received, %d%% loss, time", &pl)==1 || | 457 | (sscanf(buf,"%*d packets transmitted, %*d packets received, %d%% loss, time%n",&pl,&match) && match) || |
457 | sscanf(buf,"%*d packets transmitted, %*d received, %d%% packet loss, time", &pl)==1 || | 458 | (sscanf(buf,"%*d packets transmitted, %*d received, %d%% loss, time%n",&pl,&match) && match) || |
458 | sscanf(buf,"%*d packets transmitted, %*d received, +%*d errors, %d%% packet loss", &pl) == 1 || | 459 | (sscanf(buf,"%*d packets transmitted, %*d received, %d%% packet loss, time%n",&pl,&match) && match) || |
459 | sscanf(buf,"%*d packets transmitted %*d received, +%*d errors, %d%% packet loss", &pl) == 1 | 460 | (sscanf(buf,"%*d packets transmitted, %*d received, +%*d errors, %d%% packet loss%n",&pl,&match) && match) || |
461 | (sscanf(buf,"%*d packets transmitted %*d received, +%*d errors, %d%% packet loss%n",&pl,&match) && match) | ||
460 | ) | 462 | ) |
461 | continue; | 463 | continue; |
462 | 464 | ||
463 | /* get the round trip average */ | 465 | /* get the round trip average */ |
464 | else | 466 | else |
465 | if(sscanf(buf,"round-trip min/avg/max = %*f/%f/%*f",&rta)==1 || | 467 | if((sscanf(buf,"round-trip min/avg/max = %*f/%f/%*f%n",&rta,&match) && match) || |
466 | sscanf(buf,"round-trip min/avg/max/mdev = %*f/%f/%*f/%*f",&rta)==1 || | 468 | (sscanf(buf,"round-trip min/avg/max/mdev = %*f/%f/%*f/%*f%n",&rta,&match) && match) || |
467 | sscanf(buf,"round-trip min/avg/max/sdev = %*f/%f/%*f/%*f",&rta)==1 || | 469 | (sscanf(buf,"round-trip min/avg/max/sdev = %*f/%f/%*f/%*f%n",&rta,&match) && match) || |
468 | sscanf(buf,"round-trip min/avg/max/stddev = %*f/%f/%*f/%*f",&rta)==1 || | 470 | (sscanf(buf,"round-trip min/avg/max/stddev = %*f/%f/%*f/%*f%n",&rta,&match) && match) || |
469 | sscanf(buf,"round-trip min/avg/max/std-dev = %*f/%f/%*f/%*f",&rta)==1 || | 471 | (sscanf(buf,"round-trip min/avg/max/std-dev = %*f/%f/%*f/%*f%n",&rta,&match) && match) || |
470 | sscanf(buf,"round-trip (ms) min/avg/max = %*f/%f/%*f",&rta)==1 || | 472 | (sscanf(buf,"round-trip (ms) min/avg/max = %*f/%f/%*f%n",&rta,&match) && match) || |
471 | sscanf(buf,"round-trip (ms) min/avg/max/stddev = %*f/%f/%*f/%*f",&rta)==1 || | 473 | (sscanf(buf,"round-trip (ms) min/avg/max/stddev = %*f/%f/%*f/%*f%n",&rta,&match) && match) || |
472 | sscanf(buf,"rtt min/avg/max/mdev = %*f/%f/%*f/%*f ms",&rta)==1) | 474 | (sscanf(buf,"rtt min/avg/max/mdev = %*f/%f/%*f/%*f ms%n",&rta,&match) && match)) |
473 | continue; | 475 | continue; |
474 | } | 476 | } |
475 | 477 | ||
@@ -498,9 +500,7 @@ run_ping (const char *cmd, const char *addr) | |||
498 | (void) fclose (child_stderr); | 500 | (void) fclose (child_stderr); |
499 | 501 | ||
500 | 502 | ||
501 | /* close the pipe - WARNING if status is set */ | 503 | spclose (child_process); |
502 | if (spclose (child_process)) | ||
503 | result = max_state (result, STATE_WARNING); | ||
504 | 504 | ||
505 | if (warn_text == NULL) | 505 | if (warn_text == NULL) |
506 | warn_text = strdup(""); | 506 | warn_text = strdup(""); |
@@ -534,7 +534,7 @@ error_scan (char buf[MAX_INPUT_BUFFER], const char *addr) | |||
534 | else if (strstr (buf, "Time to live exceeded")) | 534 | else if (strstr (buf, "Time to live exceeded")) |
535 | die (STATE_CRITICAL, _("CRITICAL - Time to live exceeded (%s)"), addr); | 535 | die (STATE_CRITICAL, _("CRITICAL - Time to live exceeded (%s)"), addr); |
536 | else if (strstr (buf, "Destination unreachable: ")) | 536 | else if (strstr (buf, "Destination unreachable: ")) |
537 | die (STATE_CRITICAL, _("CRITICAL - DestinationUnreachable (%s)"), addr); | 537 | die (STATE_CRITICAL, _("CRITICAL - Destination Unreachable (%s)"), addr); |
538 | 538 | ||
539 | if (strstr (buf, "(DUP!)") || strstr (buf, "DUPLICATES FOUND")) { | 539 | if (strstr (buf, "(DUP!)") || strstr (buf, "DUPLICATES FOUND")) { |
540 | if (warn_text == NULL) | 540 | if (warn_text == NULL) |
diff --git a/plugins/check_users.c b/plugins/check_users.c index 8368612a..37662928 100644 --- a/plugins/check_users.c +++ b/plugins/check_users.c | |||
@@ -3,7 +3,7 @@ | |||
3 | * Nagios check_users plugin | 3 | * Nagios check_users plugin |
4 | * | 4 | * |
5 | * License: GPL | 5 | * License: GPL |
6 | * Copyright (c) 2000-2007 Nagios Plugins Development Team | 6 | * Copyright (c) 2000-2012 Nagios Plugins Development Team |
7 | * | 7 | * |
8 | * Description: | 8 | * Description: |
9 | * | 9 | * |
@@ -35,8 +35,8 @@ const char *copyright = "2000-2007"; | |||
35 | const char *email = "nagiosplug-devel@lists.sourceforge.net"; | 35 | const char *email = "nagiosplug-devel@lists.sourceforge.net"; |
36 | 36 | ||
37 | #include "common.h" | 37 | #include "common.h" |
38 | #include "popen.h" | ||
39 | #include "utils.h" | 38 | #include "utils.h" |
39 | #include <utmpx.h> | ||
40 | 40 | ||
41 | #define possibly_set(a,b) ((a) == 0 ? (b) : 0) | 41 | #define possibly_set(a,b) ((a) == 0 ? (b) : 0) |
42 | 42 | ||
@@ -52,58 +52,33 @@ main (int argc, char **argv) | |||
52 | { | 52 | { |
53 | int users = -1; | 53 | int users = -1; |
54 | int result = STATE_UNKNOWN; | 54 | int result = STATE_UNKNOWN; |
55 | char input_buffer[MAX_INPUT_BUFFER]; | ||
56 | char *perf; | 55 | char *perf; |
56 | struct utmpx *putmpx; | ||
57 | 57 | ||
58 | setlocale (LC_ALL, ""); | 58 | setlocale (LC_ALL, ""); |
59 | bindtextdomain (PACKAGE, LOCALEDIR); | 59 | bindtextdomain (PACKAGE, LOCALEDIR); |
60 | textdomain (PACKAGE); | 60 | textdomain (PACKAGE); |
61 | 61 | ||
62 | perf = strdup(""); | 62 | perf = strdup (""); |
63 | 63 | ||
64 | /* Parse extra opts if any */ | 64 | /* Parse extra opts if any */ |
65 | argv=np_extra_opts (&argc, argv, progname); | 65 | argv = np_extra_opts (&argc, argv, progname); |
66 | 66 | ||
67 | if (process_arguments (argc, argv) == ERROR) | 67 | if (process_arguments (argc, argv) == ERROR) |
68 | usage4 (_("Could not parse arguments")); | 68 | usage4 (_("Could not parse arguments")); |
69 | 69 | ||
70 | /* run the command */ | ||
71 | child_process = spopen (WHO_COMMAND); | ||
72 | if (child_process == NULL) { | ||
73 | printf (_("Could not open pipe: %s\n"), WHO_COMMAND); | ||
74 | return STATE_UNKNOWN; | ||
75 | } | ||
76 | |||
77 | child_stderr = fdopen (child_stderr_array[fileno (child_process)], "r"); | ||
78 | if (child_stderr == NULL) | ||
79 | printf (_("Could not open stderr for %s\n"), WHO_COMMAND); | ||
80 | |||
81 | users = 0; | 70 | users = 0; |
82 | 71 | ||
83 | while (fgets (input_buffer, MAX_INPUT_BUFFER - 1, child_process)) { | 72 | /* get currently logged users from utmpx */ |
73 | setutxent (); | ||
84 | 74 | ||
85 | /* increment 'users' on all lines except total user count */ | 75 | while ((putmpx = getutxent ()) != NULL) |
86 | if (input_buffer[0] != '#') { | 76 | if (putmpx->ut_type == USER_PROCESS) |
87 | users++; | 77 | users++; |
88 | continue; | ||
89 | } | ||
90 | |||
91 | /* get total logged in users */ | ||
92 | if (sscanf (input_buffer, _("# users=%d"), &users) == 1) | ||
93 | break; | ||
94 | |||
95 | } | ||
96 | 78 | ||
97 | /* check STDERR */ | 79 | endutxent (); |
98 | if (fgets (input_buffer, MAX_INPUT_BUFFER - 1, child_stderr)) | ||
99 | result = possibly_set (result, STATE_UNKNOWN); | ||
100 | (void) fclose (child_stderr); | ||
101 | 80 | ||
102 | /* close the pipe */ | 81 | /* check the user count against warning and critical thresholds */ |
103 | if (spclose (child_process)) | ||
104 | result = possibly_set (result, STATE_UNKNOWN); | ||
105 | |||
106 | /* else check the user count against warning and critical thresholds */ | ||
107 | if (users > cusers) | 82 | if (users > cusers) |
108 | result = STATE_CRITICAL; | 83 | result = STATE_CRITICAL; |
109 | else if (users > wusers) | 84 | else if (users > wusers) |
@@ -114,7 +89,7 @@ main (int argc, char **argv) | |||
114 | if (result == STATE_UNKNOWN) | 89 | if (result == STATE_UNKNOWN) |
115 | printf ("%s\n", _("Unable to read output")); | 90 | printf ("%s\n", _("Unable to read output")); |
116 | else { | 91 | else { |
117 | asprintf(&perf, "%s", perfdata ("users", users, "", | 92 | asprintf (&perf, "%s", perfdata ("users", users, "", |
118 | TRUE, wusers, | 93 | TRUE, wusers, |
119 | TRUE, cusers, | 94 | TRUE, cusers, |
120 | TRUE, 0, | 95 | TRUE, 0, |
@@ -126,14 +101,11 @@ main (int argc, char **argv) | |||
126 | return result; | 101 | return result; |
127 | } | 102 | } |
128 | 103 | ||
129 | |||
130 | |||
131 | /* process command-line arguments */ | 104 | /* process command-line arguments */ |
132 | int | 105 | int |
133 | process_arguments (int argc, char **argv) | 106 | process_arguments (int argc, char **argv) |
134 | { | 107 | { |
135 | int c; | 108 | int c; |
136 | |||
137 | int option = 0; | 109 | int option = 0; |
138 | static struct option longopts[] = { | 110 | static struct option longopts[] = { |
139 | {"critical", required_argument, 0, 'c'}, | 111 | {"critical", required_argument, 0, 'c'}, |
@@ -183,7 +155,6 @@ process_arguments (int argc, char **argv) | |||
183 | else | 155 | else |
184 | wusers = atoi (argv[c++]); | 156 | wusers = atoi (argv[c++]); |
185 | } | 157 | } |
186 | |||
187 | if (cusers == -1 && argc > c) { | 158 | if (cusers == -1 && argc > c) { |
188 | if (is_intnonneg (argv[c]) == FALSE) | 159 | if (is_intnonneg (argv[c]) == FALSE) |
189 | usage4 (_("Warning threshold must be a positive integer")); | 160 | usage4 (_("Warning threshold must be a positive integer")); |
@@ -194,8 +165,6 @@ process_arguments (int argc, char **argv) | |||
194 | return OK; | 165 | return OK; |
195 | } | 166 | } |
196 | 167 | ||
197 | |||
198 | |||
199 | void | 168 | void |
200 | print_help (void) | 169 | print_help (void) |
201 | { | 170 | { |
@@ -205,9 +174,9 @@ print_help (void) | |||
205 | printf (COPYRIGHT, copyright, email); | 174 | printf (COPYRIGHT, copyright, email); |
206 | 175 | ||
207 | printf ("%s\n", _("This plugin checks the number of users currently logged in on the local")); | 176 | printf ("%s\n", _("This plugin checks the number of users currently logged in on the local")); |
208 | printf ("%s\n", _("system and generates an error if the number exceeds the thresholds specified.")); | 177 | printf ("%s\n", _("system and generates an error if the number exceeds the thresholds specified.")); |
209 | 178 | ||
210 | printf ("\n\n"); | 179 | printf ("\n\n"); |
211 | 180 | ||
212 | print_usage (); | 181 | print_usage (); |
213 | 182 | ||
@@ -215,17 +184,16 @@ print_help (void) | |||
215 | printf (UT_EXTRA_OPTS); | 184 | printf (UT_EXTRA_OPTS); |
216 | 185 | ||
217 | printf (" %s\n", "-w, --warning=INTEGER"); | 186 | printf (" %s\n", "-w, --warning=INTEGER"); |
218 | printf (" %s\n", _("Set WARNING status if more than INTEGER users are logged in")); | 187 | printf (" %s\n", _("Set WARNING status if more than INTEGER users are logged in")); |
219 | printf (" %s\n", "-c, --critical=INTEGER"); | 188 | printf (" %s\n", "-c, --critical=INTEGER"); |
220 | printf (" %s\n", _("Set CRITICAL status if more than INTEGER users are logged in")); | 189 | printf (" %s\n", _("Set CRITICAL status if more than INTEGER users are logged in")); |
221 | 190 | ||
222 | printf (UT_SUPPORT); | 191 | printf (UT_SUPPORT); |
223 | } | 192 | } |
224 | 193 | ||
225 | |||
226 | void | 194 | void |
227 | print_usage (void) | 195 | print_usage (void) |
228 | { | 196 | { |
229 | printf ("%s\n", _("Usage:")); | 197 | printf ("%s\n", _("Usage:")); |
230 | printf ("%s -w <users> -c <users>\n", progname); | 198 | printf ("%s -w <users> -c <users>\n", progname); |
231 | } | 199 | } |
diff --git a/plugins/sslutils.c b/plugins/sslutils.c index 0bc61ed3..5425bb2c 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c | |||
@@ -36,66 +36,97 @@ static SSL_CTX *c=NULL; | |||
36 | static SSL *s=NULL; | 36 | static SSL *s=NULL; |
37 | static int initialized=0; | 37 | static int initialized=0; |
38 | 38 | ||
39 | int np_net_ssl_init (int sd) { | 39 | int np_net_ssl_init(int sd) { |
40 | return np_net_ssl_init_with_hostname(sd, NULL); | 40 | return np_net_ssl_init_with_hostname(sd, NULL); |
41 | } | 41 | } |
42 | 42 | ||
43 | int np_net_ssl_init_with_hostname (int sd, char *host_name) { | 43 | int np_net_ssl_init_with_hostname(int sd, char *host_name) { |
44 | if (!initialized) { | 44 | return np_net_ssl_init_with_hostname_and_version(sd, host_name, 0); |
45 | /* Initialize SSL context */ | 45 | } |
46 | SSLeay_add_ssl_algorithms (); | 46 | |
47 | SSL_load_error_strings (); | 47 | int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int version) { |
48 | OpenSSL_add_all_algorithms (); | 48 | const SSL_METHOD *method = NULL; |
49 | initialized = 1; | 49 | |
50 | } | 50 | switch (version) { |
51 | if ((c = SSL_CTX_new (SSLv23_client_method ())) == NULL) { | 51 | case 0: /* Deafult to auto negotiation */ |
52 | printf ("%s\n", _("CRITICAL - Cannot create SSL context.")); | 52 | method = SSLv23_client_method(); |
53 | return STATE_CRITICAL; | 53 | break; |
54 | } | 54 | case 1: /* TLSv1 protocol */ |
55 | if ((s = SSL_new (c)) != NULL){ | 55 | method = TLSv1_client_method(); |
56 | break; | ||
57 | case 2: /* SSLv2 protocol */ | ||
58 | #if defined(USE_GNUTLS) || defined(OPENSSL_NO_SSL2) | ||
59 | printf(("%s\n", _("CRITICAL - SSL protocol version 2 is not supported by your SSL library."))); | ||
60 | return STATE_CRITICAL; | ||
61 | #else | ||
62 | method = SSLv2_client_method(); | ||
63 | #endif | ||
64 | break; | ||
65 | case 3: /* SSLv3 protocol */ | ||
66 | method = SSLv3_client_method(); | ||
67 | break; | ||
68 | default: /* Unsupported */ | ||
69 | printf("%s\n", _("CRITICAL - Unsupported SSL protocol version.")); | ||
70 | return STATE_CRITICAL; | ||
71 | } | ||
72 | if (!initialized) { | ||
73 | /* Initialize SSL context */ | ||
74 | SSLeay_add_ssl_algorithms(); | ||
75 | SSL_load_error_strings(); | ||
76 | OpenSSL_add_all_algorithms(); | ||
77 | initialized = 1; | ||
78 | } | ||
79 | if ((c = SSL_CTX_new(method)) == NULL) { | ||
80 | printf("%s\n", _("CRITICAL - Cannot create SSL context.")); | ||
81 | return STATE_CRITICAL; | ||
82 | } | ||
83 | #ifdef SSL_OP_NO_TICKET | ||
84 | SSL_CTX_set_options(c, SSL_OP_NO_TICKET); | ||
85 | #endif | ||
86 | if ((s = SSL_new(c)) != NULL) { | ||
56 | #ifdef SSL_set_tlsext_host_name | 87 | #ifdef SSL_set_tlsext_host_name |
57 | if (host_name != NULL) | 88 | if (host_name != NULL) |
58 | SSL_set_tlsext_host_name(s, host_name); | 89 | SSL_set_tlsext_host_name(s, host_name); |
59 | #endif | 90 | #endif |
60 | SSL_set_fd (s, sd); | 91 | SSL_set_fd(s, sd); |
61 | if (SSL_connect(s) == 1){ | 92 | if (SSL_connect(s) == 1) { |
62 | return OK; | 93 | return OK; |
63 | } else { | 94 | } else { |
64 | printf ("%s\n", _("CRITICAL - Cannot make SSL connection ")); | 95 | printf("%s\n", _("CRITICAL - Cannot make SSL connection.")); |
65 | # ifdef USE_OPENSSL /* XXX look into ERR_error_string */ | 96 | # ifdef USE_OPENSSL /* XXX look into ERR_error_string */ |
66 | ERR_print_errors_fp (stdout); | 97 | ERR_print_errors_fp(stdout); |
67 | # endif /* USE_OPENSSL */ | 98 | # endif /* USE_OPENSSL */ |
68 | } | ||
69 | } else { | ||
70 | printf ("%s\n", _("CRITICAL - Cannot initiate SSL handshake.")); | ||
71 | } | 99 | } |
72 | return STATE_CRITICAL; | 100 | } else { |
101 | printf("%s\n", _("CRITICAL - Cannot initiate SSL handshake.")); | ||
102 | } | ||
103 | return STATE_CRITICAL; | ||
73 | } | 104 | } |
74 | 105 | ||
75 | void np_net_ssl_cleanup (){ | 106 | void np_net_ssl_cleanup() { |
76 | if(s){ | 107 | if (s) { |
77 | #ifdef SSL_set_tlsext_host_name | 108 | #ifdef SSL_set_tlsext_host_name |
78 | SSL_set_tlsext_host_name(s, NULL); | 109 | SSL_set_tlsext_host_name(s, NULL); |
79 | #endif | 110 | #endif |
80 | SSL_shutdown (s); | 111 | SSL_shutdown(s); |
81 | SSL_free (s); | 112 | SSL_free(s); |
82 | if(c) { | 113 | if (c) { |
83 | SSL_CTX_free (c); | 114 | SSL_CTX_free(c); |
84 | c=NULL; | 115 | c=NULL; |
85 | } | ||
86 | s=NULL; | ||
87 | } | 116 | } |
117 | s=NULL; | ||
118 | } | ||
88 | } | 119 | } |
89 | 120 | ||
90 | int np_net_ssl_write(const void *buf, int num){ | 121 | int np_net_ssl_write(const void *buf, int num) { |
91 | return SSL_write(s, buf, num); | 122 | return SSL_write(s, buf, num); |
92 | } | 123 | } |
93 | 124 | ||
94 | int np_net_ssl_read(void *buf, int num){ | 125 | int np_net_ssl_read(void *buf, int num) { |
95 | return SSL_read(s, buf, num); | 126 | return SSL_read(s, buf, num); |
96 | } | 127 | } |
97 | 128 | ||
98 | int np_net_ssl_check_cert(int days_till_exp){ | 129 | int np_net_ssl_check_cert(int days_till_exp) { |
99 | # ifdef USE_OPENSSL | 130 | # ifdef USE_OPENSSL |
100 | X509 *certificate=NULL; | 131 | X509 *certificate=NULL; |
101 | X509_NAME *subj=NULL; | 132 | X509_NAME *subj=NULL; |
@@ -111,29 +142,29 @@ int np_net_ssl_check_cert(int days_till_exp){ | |||
111 | char timestamp[17] = ""; | 142 | char timestamp[17] = ""; |
112 | 143 | ||
113 | certificate=SSL_get_peer_certificate(s); | 144 | certificate=SSL_get_peer_certificate(s); |
114 | if(! certificate){ | 145 | if (!certificate) { |
115 | printf ("%s\n",_("CRITICAL - Cannot retrieve server certificate.")); | 146 | printf("%s\n",_("CRITICAL - Cannot retrieve server certificate.")); |
116 | return STATE_CRITICAL; | 147 | return STATE_CRITICAL; |
117 | } | 148 | } |
118 | 149 | ||
119 | /* Extract CN from certificate subject */ | 150 | /* Extract CN from certificate subject */ |
120 | subj=X509_get_subject_name(certificate); | 151 | subj=X509_get_subject_name(certificate); |
121 | 152 | ||
122 | if(! subj){ | 153 | if (!subj) { |
123 | printf ("%s\n",_("CRITICAL - Cannot retrieve certificate subject.")); | 154 | printf("%s\n",_("CRITICAL - Cannot retrieve certificate subject.")); |
124 | return STATE_CRITICAL; | 155 | return STATE_CRITICAL; |
125 | } | 156 | } |
126 | cnlen = X509_NAME_get_text_by_NID (subj, NID_commonName, cn, sizeof(cn)); | 157 | cnlen = X509_NAME_get_text_by_NID(subj, NID_commonName, cn, sizeof(cn)); |
127 | if ( cnlen == -1 ) | 158 | if (cnlen == -1) |
128 | strcpy(cn , _("Unknown CN")); | 159 | strcpy(cn, _("Unknown CN")); |
129 | 160 | ||
130 | /* Retrieve timestamp of certificate */ | 161 | /* Retrieve timestamp of certificate */ |
131 | tm = X509_get_notAfter (certificate); | 162 | tm = X509_get_notAfter(certificate); |
132 | 163 | ||
133 | /* Generate tm structure to process timestamp */ | 164 | /* Generate tm structure to process timestamp */ |
134 | if (tm->type == V_ASN1_UTCTIME) { | 165 | if (tm->type == V_ASN1_UTCTIME) { |
135 | if (tm->length < 10) { | 166 | if (tm->length < 10) { |
136 | printf ("%s\n", _("CRITICAL - Wrong time format in certificate.")); | 167 | printf("%s\n", _("CRITICAL - Wrong time format in certificate.")); |
137 | return STATE_CRITICAL; | 168 | return STATE_CRITICAL; |
138 | } else { | 169 | } else { |
139 | stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0'); | 170 | stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0'); |
@@ -143,7 +174,7 @@ int np_net_ssl_check_cert(int days_till_exp){ | |||
143 | } | 174 | } |
144 | } else { | 175 | } else { |
145 | if (tm->length < 12) { | 176 | if (tm->length < 12) { |
146 | printf ("%s\n", _("CRITICAL - Wrong time format in certificate.")); | 177 | printf("%s\n", _("CRITICAL - Wrong time format in certificate.")); |
147 | return STATE_CRITICAL; | 178 | return STATE_CRITICAL; |
148 | } else { | 179 | } else { |
149 | stamp.tm_year = | 180 | stamp.tm_year = |
@@ -172,22 +203,22 @@ int np_net_ssl_check_cert(int days_till_exp){ | |||
172 | stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); | 203 | stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); |
173 | 204 | ||
174 | if (days_left > 0 && days_left <= days_till_exp) { | 205 | if (days_left > 0 && days_left <= days_till_exp) { |
175 | printf (_("WARNING - Certificate '%s' expires in %d day(s) (%s).\n"), cn, days_left, timestamp); | 206 | printf(_("WARNING - Certificate '%s' expires in %d day(s) (%s).\n"), cn, days_left, timestamp); |
176 | status=STATE_WARNING; | 207 | status=STATE_WARNING; |
177 | } else if (time_left < 0) { | 208 | } else if (time_left < 0) { |
178 | printf (_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp); | 209 | printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp); |
179 | status=STATE_CRITICAL; | 210 | status=STATE_CRITICAL; |
180 | } else if (days_left == 0) { | 211 | } else if (days_left == 0) { |
181 | printf (_("WARNING - Certificate '%s' expires today (%s).\n"), cn, timestamp); | 212 | printf(_("WARNING - Certificate '%s' expires today (%s).\n"), cn, timestamp); |
182 | status=STATE_WARNING; | 213 | status=STATE_WARNING; |
183 | } else { | 214 | } else { |
184 | printf (_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp); | 215 | printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp); |
185 | status=STATE_OK; | 216 | status=STATE_OK; |
186 | } | 217 | } |
187 | X509_free (certificate); | 218 | X509_free(certificate); |
188 | return status; | 219 | return status; |
189 | # else /* ifndef USE_OPENSSL */ | 220 | # else /* ifndef USE_OPENSSL */ |
190 | printf ("%s\n", _("WARNING - Plugin does not support checking certificates.")); | 221 | printf("%s\n", _("WARNING - Plugin does not support checking certificates.")); |
191 | return STATE_WARNING; | 222 | return STATE_WARNING; |
192 | # endif /* USE_OPENSSL */ | 223 | # endif /* USE_OPENSSL */ |
193 | } | 224 | } |
diff --git a/plugins/t/check_by_ssh.t b/plugins/t/check_by_ssh.t index cca72c96..8d1b1904 100644 --- a/plugins/t/check_by_ssh.t +++ b/plugins/t/check_by_ssh.t | |||
@@ -27,11 +27,11 @@ plan skip_all => "SSH_HOST and SSH_IDENTITY must be defined" unless ($ssh_servic | |||
27 | plan tests => 42; | 27 | plan tests => 42; |
28 | 28 | ||
29 | # Some random check strings/response | 29 | # Some random check strings/response |
30 | my @responce = ('OK: Everything is fine!', | 30 | my @responce = ('OK: Everything is fine', |
31 | 'WARNING: Hey, pick me, pick me!', | 31 | 'WARNING: Hey, pick me, pick me', |
32 | 'CRITICAL: Shit happens...', | 32 | 'CRITICAL: Shit happens', |
33 | 'UNKNOWN: What can I do for ya?', | 33 | 'UNKNOWN: What can I do for ya', |
34 | 'WOOPS: What did I smoke?', | 34 | 'WOOPS: What did I smoke', |
35 | ); | 35 | ); |
36 | my @responce_re; | 36 | my @responce_re; |
37 | my @check; | 37 | my @check; |