summaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'plugins')
-rw-r--r--plugins/check_disk.c48
-rw-r--r--plugins/check_mysql.c35
-rw-r--r--plugins/check_ntp.c2
-rw-r--r--plugins/check_snmp.c10
-rw-r--r--plugins/common.h14
-rw-r--r--plugins/netutils.h2
-rw-r--r--plugins/popen.c16
-rw-r--r--plugins/popen.h2
-rw-r--r--plugins/runcmd.c12
-rw-r--r--plugins/sslutils.c77
-rw-r--r--plugins/t/check_imap.t2
-rw-r--r--plugins/t/check_users.t2
-rwxr-xr-xplugins/tests/check_curl.t2
-rw-r--r--plugins/utils.c16
-rw-r--r--plugins/utils.h2
15 files changed, 120 insertions, 122 deletions
diff --git a/plugins/check_disk.c b/plugins/check_disk.c
index 05e55022..2f066c7b 100644
--- a/plugins/check_disk.c
+++ b/plugins/check_disk.c
@@ -93,11 +93,11 @@ static int stat_remote_fs = 0;
93 93
94/* Linked list of filesystem types to omit. 94/* Linked list of filesystem types to omit.
95 If the list is empty, don't exclude any types. */ 95 If the list is empty, don't exclude any types. */
96static struct name_list *fs_exclude_list; 96static struct regex_list *fs_exclude_list = NULL;
97 97
98/* Linked list of filesystem types to check. 98/* Linked list of filesystem types to check.
99 If the list is empty, include all types. */ 99 If the list is empty, include all types. */
100static struct name_list *fs_include_list; 100static struct regex_list *fs_include_list;
101 101
102static struct name_list *dp_exclude_list; 102static struct name_list *dp_exclude_list;
103 103
@@ -300,7 +300,7 @@ main (int argc, char **argv)
300 } else if (me->me_dummy && !show_all_fs) { 300 } else if (me->me_dummy && !show_all_fs) {
301 continue; 301 continue;
302 /* Skip excluded fstypes */ 302 /* Skip excluded fstypes */
303 } else if (fs_exclude_list && np_find_name (fs_exclude_list, me->me_type)) { 303 } else if (fs_exclude_list && np_find_regmatch (fs_exclude_list, me->me_type)) {
304 continue; 304 continue;
305 /* Skip excluded fs's */ 305 /* Skip excluded fs's */
306 } else if (dp_exclude_list && 306 } else if (dp_exclude_list &&
@@ -308,7 +308,7 @@ main (int argc, char **argv)
308 np_find_name (dp_exclude_list, me->me_mountdir))) { 308 np_find_name (dp_exclude_list, me->me_mountdir))) {
309 continue; 309 continue;
310 /* Skip not included fstypes */ 310 /* Skip not included fstypes */
311 } else if (fs_include_list && !np_find_name (fs_include_list, me->me_type)) { 311 } else if (fs_include_list && !np_find_regmatch(fs_include_list, me->me_type)) {
312 continue; 312 continue;
313 } 313 }
314 } 314 }
@@ -543,7 +543,7 @@ process_arguments (int argc, char **argv)
543 if (argc < 2) 543 if (argc < 2)
544 return ERROR; 544 return ERROR;
545 545
546 np_add_name(&fs_exclude_list, "iso9660"); 546 np_add_regex(&fs_exclude_list, "iso9660", REG_EXTENDED);
547 547
548 for (c = 1; c < argc; c++) 548 for (c = 1; c < argc; c++)
549 if (strcmp ("-to", argv[c]) == 0) 549 if (strcmp ("-to", argv[c]) == 0)
@@ -716,10 +716,18 @@ process_arguments (int argc, char **argv)
716 np_add_name(&dp_exclude_list, optarg); 716 np_add_name(&dp_exclude_list, optarg);
717 break; 717 break;
718 case 'X': /* exclude file system type */ 718 case 'X': /* exclude file system type */
719 np_add_name(&fs_exclude_list, optarg); 719 err = np_add_regex(&fs_exclude_list, optarg, REG_EXTENDED);
720 if (err != 0) {
721 regerror (err, &fs_exclude_list->regex, errbuf, MAX_INPUT_BUFFER);
722 die (STATE_UNKNOWN, "DISK %s: %s - %s\n",_("UNKNOWN"), _("Could not compile regular expression"), errbuf);
723 }
720 break; 724 break;
721 case 'N': /* include file system type */ 725 case 'N': /* include file system type */
722 np_add_name(&fs_include_list, optarg); 726 err = np_add_regex(&fs_include_list, optarg, REG_EXTENDED);
727 if (err != 0) {
728 regerror (err, &fs_exclude_list->regex, errbuf, MAX_INPUT_BUFFER);
729 die (STATE_UNKNOWN, "DISK %s: %s - %s\n",_("UNKNOWN"), _("Could not compile regular expression"), errbuf);
730 }
723 break; 731 break;
724 case 'v': /* verbose */ 732 case 'v': /* verbose */
725 verbose++; 733 verbose++;
@@ -798,7 +806,7 @@ process_arguments (int argc, char **argv)
798 crit_freespace_percent || warn_usedspace_units || crit_usedspace_units || 806 crit_freespace_percent || warn_usedspace_units || crit_usedspace_units ||
799 warn_usedspace_percent || crit_usedspace_percent || warn_usedinodes_percent || 807 warn_usedspace_percent || crit_usedspace_percent || warn_usedinodes_percent ||
800 crit_usedinodes_percent || warn_freeinodes_percent || crit_freeinodes_percent )) { 808 crit_usedinodes_percent || warn_freeinodes_percent || crit_freeinodes_percent )) {
801 die (STATE_UNKNOWN, "DISK %s: %s", _("UNKNOWN"), _("Must set a threshold value before using -r/-R\n")); 809 die (STATE_UNKNOWN, "DISK %s: %s", _("UNKNOWN"), _("Must set a threshold value before using -r/-R/-A (--ereg-path/--eregi-path/--all)\n"));
802 } 810 }
803 811
804 err = regcomp(&re, optarg, cflags); 812 err = regcomp(&re, optarg, cflags);
@@ -1003,18 +1011,26 @@ print_help (void)
1003 printf (" %s\n", "-u, --units=STRING"); 1011 printf (" %s\n", "-u, --units=STRING");
1004 printf (" %s\n", _("Choose bytes, kB, MB, GB, TB (default: MB)")); 1012 printf (" %s\n", _("Choose bytes, kB, MB, GB, TB (default: MB)"));
1005 printf (UT_VERBOSE); 1013 printf (UT_VERBOSE);
1006 printf (" %s\n", "-X, --exclude-type=TYPE"); 1014 printf (" %s\n", "-X, --exclude-type=TYPE_REGEX");
1007 printf (" %s\n", _("Ignore all filesystems of indicated type (may be repeated)")); 1015 printf (" %s\n", _("Ignore all filesystems of types matching given regex(7) (may be repeated)"));
1008 printf (" %s\n", "-N, --include-type=TYPE"); 1016 printf (" %s\n", "-N, --include-type=TYPE_REGEX");
1009 printf (" %s\n", _("Check only filesystems of indicated type (may be repeated)")); 1017 printf (" %s\n", _("Check only filesystems where the type matches this given regex(7) (may be repeated)"));
1018
1019 printf ("\n");
1020 printf ("%s\n", _("General usage hints:"));
1021 printf (" %s\n", _("- Arguments are positional! \"-w 5 -c 1 -p /foo -w6 -c2 -p /bar\" is not the same as"));
1022 printf (" %s\n", _("\"-w 5 -c 1 -p /bar w6 -c2 -p /foo\"."));
1023 printf (" %s\n", _("- The syntax is broadly: \"{thresholds a} {paths a} -C {thresholds b} {thresholds b} ...\""));
1024
1025
1010 1026
1011 printf ("\n"); 1027 printf ("\n");
1012 printf ("%s\n", _("Examples:")); 1028 printf ("%s\n", _("Examples:"));
1013 printf (" %s\n", "check_disk -w 10% -c 5% -p /tmp -p /var -C -w 100000 -c 50000 -p /"); 1029 printf (" %s\n", "check_disk -w 10% -c 5% -p /tmp -p /var -C -w 100000 -c 50000 -p /");
1014 printf (" %s\n", _("Checks /tmp and /var at 10% and 5%, and / at 100MB and 50MB")); 1030 printf (" %s\n\n", _("Checks /tmp and /var at 10% and 5%, and / at 100MB and 50MB"));
1015 printf (" %s\n", "check_disk -w 100 -c 50 -C -w 1000 -c 500 -g sidDATA -r '^/oracle/SID/data.*$'"); 1031 printf (" %s\n", "check_disk -w 100 -c 50 -C -w 1000 -c 500 -g sidDATA -r '^/oracle/SID/data.*$'");
1016 printf (" %s\n", _("Checks all filesystems not matching -r at 100M and 50M. The fs matching the -r regex")); 1032 printf (" %s\n", _("Checks all filesystems not matching -r at 100M and 50M. The fs matching the -r regex"));
1017 printf (" %s\n", _("are grouped which means the freespace thresholds are applied to all disks together")); 1033 printf (" %s\n\n", _("are grouped which means the freespace thresholds are applied to all disks together"));
1018 printf (" %s\n", "check_disk -w 100 -c 50 -C -w 1000 -c 500 -p /foo -C -w 5% -c 3% -p /bar"); 1034 printf (" %s\n", "check_disk -w 100 -c 50 -C -w 1000 -c 500 -p /foo -C -w 5% -c 3% -p /bar");
1019 printf (" %s\n", _("Checks /foo for 1000M/500M and /bar for 5/3%. All remaining volumes use 100M/50M")); 1035 printf (" %s\n", _("Checks /foo for 1000M/500M and /bar for 5/3%. All remaining volumes use 100M/50M"));
1020 1036
@@ -1027,9 +1043,9 @@ void
1027print_usage (void) 1043print_usage (void)
1028{ 1044{
1029 printf ("%s\n", _("Usage:")); 1045 printf ("%s\n", _("Usage:"));
1030 printf (" %s {-w absolute_limit |-w percentage_limit% | -W inode_percentage_limit } {-c absolute_limit|-c percentage_limit% | -K inode_percentage_limit } {-p path | -x device}\n", progname); 1046 printf (" %s {-w absolute_limit |-w percentage_limit%% | -W inode_percentage_limit } {-c absolute_limit|-c percentage_limit%% | -K inode_percentage_limit } {-p path | -x device}\n", progname);
1031 printf ("[-C] [-E] [-e] [-f] [-g group ] [-k] [-l] [-M] [-m] [-R path ] [-r path ]\n"); 1047 printf ("[-C] [-E] [-e] [-f] [-g group ] [-k] [-l] [-M] [-m] [-R path ] [-r path ]\n");
1032 printf ("[-t timeout] [-u unit] [-v] [-X type] [-N type]\n"); 1048 printf ("[-t timeout] [-u unit] [-v] [-X type_regex] [-N type]\n");
1033} 1049}
1034 1050
1035bool 1051bool
diff --git a/plugins/check_mysql.c b/plugins/check_mysql.c
index 91e150fb..7d855544 100644
--- a/plugins/check_mysql.c
+++ b/plugins/check_mysql.c
@@ -34,7 +34,7 @@ const char *progname = "check_mysql";
34const char *copyright = "1999-2011"; 34const char *copyright = "1999-2011";
35const char *email = "devel@monitoring-plugins.org"; 35const char *email = "devel@monitoring-plugins.org";
36 36
37#define SLAVERESULTSIZE 70 37#define SLAVERESULTSIZE 96
38 38
39#include "common.h" 39#include "common.h"
40#include "utils.h" 40#include "utils.h"
@@ -89,6 +89,8 @@ static const char *metric_counter[LENGTH_METRIC_COUNTER] = {
89 "Uptime" 89 "Uptime"
90}; 90};
91 91
92#define MYSQLDUMP_THREADS_QUERY "SELECT COUNT(1) mysqldumpThreads FROM information_schema.processlist WHERE info LIKE 'SELECT /*!40001 SQL_NO_CACHE */%'"
93
92thresholds *my_threshold = NULL; 94thresholds *my_threshold = NULL;
93 95
94int process_arguments (int, char **); 96int process_arguments (int, char **);
@@ -108,7 +110,7 @@ main (int argc, char **argv)
108 110
109 char *result = NULL; 111 char *result = NULL;
110 char *error = NULL; 112 char *error = NULL;
111 char slaveresult[SLAVERESULTSIZE]; 113 char slaveresult[SLAVERESULTSIZE] = { 0 };
112 char* perf; 114 char* perf;
113 115
114 perf = strdup (""); 116 perf = strdup ("");
@@ -278,11 +280,30 @@ main (int argc, char **argv)
278 /* Save slave status in slaveresult */ 280 /* Save slave status in slaveresult */
279 snprintf (slaveresult, SLAVERESULTSIZE, "Slave IO: %s Slave SQL: %s Seconds Behind Master: %s", row[slave_io_field], row[slave_sql_field], seconds_behind_field!=-1?row[seconds_behind_field]:"Unknown"); 281 snprintf (slaveresult, SLAVERESULTSIZE, "Slave IO: %s Slave SQL: %s Seconds Behind Master: %s", row[slave_io_field], row[slave_sql_field], seconds_behind_field!=-1?row[seconds_behind_field]:"Unknown");
280 282
281 /* Raise critical error if SQL THREAD or IO THREAD are stopped */ 283 /* Raise critical error if SQL THREAD or IO THREAD are stopped, but only if there are no mysqldump threads running */
282 if (strcmp (row[slave_io_field], "Yes") != 0 || strcmp (row[slave_sql_field], "Yes") != 0) { 284 if (strcmp (row[slave_io_field], "Yes") != 0 || strcmp (row[slave_sql_field], "Yes") != 0) {
283 mysql_free_result (res); 285 MYSQL_RES *res_mysqldump;
284 mysql_close (&mysql); 286 MYSQL_ROW row_mysqldump;
285 die (STATE_CRITICAL, "%s\n", slaveresult); 287 unsigned int mysqldump_threads = 0;
288
289 if (mysql_query (&mysql, MYSQLDUMP_THREADS_QUERY) == 0) {
290 /* store the result */
291 if ( (res_mysqldump = mysql_store_result (&mysql)) != NULL) {
292 if (mysql_num_rows(res_mysqldump) == 1) {
293 if ( (row_mysqldump = mysql_fetch_row (res_mysqldump)) != NULL) {
294 mysqldump_threads = atoi(row_mysqldump[0]);
295 }
296 }
297 /* free the result */
298 mysql_free_result (res_mysqldump);
299 }
300 mysql_close (&mysql);
301 }
302 if (mysqldump_threads == 0) {
303 die (STATE_CRITICAL, "%s\n", slaveresult);
304 } else {
305 strncat(slaveresult, " Mysqldump: in progress", SLAVERESULTSIZE-1);
306 }
286 } 307 }
287 308
288 if (verbose >=3) { 309 if (verbose >=3) {
@@ -294,7 +315,7 @@ main (int argc, char **argv)
294 } 315 }
295 316
296 /* Check Seconds Behind against threshold */ 317 /* Check Seconds Behind against threshold */
297 if ((seconds_behind_field != -1) && (strcmp (row[seconds_behind_field], "NULL") != 0)) { 318 if ((seconds_behind_field != -1) && (row[seconds_behind_field] != NULL && strcmp (row[seconds_behind_field], "NULL") != 0)) {
298 double value = atof(row[seconds_behind_field]); 319 double value = atof(row[seconds_behind_field]);
299 int status; 320 int status;
300 321
diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c
index 36146505..99537c88 100644
--- a/plugins/check_ntp.c
+++ b/plugins/check_ntp.c
@@ -486,7 +486,7 @@ double offset_request(const char *host, int *status){
486 } 486 }
487 487
488 /* cleanup */ 488 /* cleanup */
489 /* FIXME: Not closing the socket to avoid re-use of the local port 489 /* FIXME: Not closing the socket to avoid reuse of the local port
490 * which can cause old NTP packets to be read instead of NTP control 490 * which can cause old NTP packets to be read instead of NTP control
491 * packets in jitter_request(). THERE MUST BE ANOTHER WAY... 491 * packets in jitter_request(). THERE MUST BE ANOTHER WAY...
492 * for(j=0; j<num_hosts; j++){ close(socklist[j]); } */ 492 * for(j=0; j<num_hosts; j++){ close(socklist[j]); } */
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c
index 2acada22..56a586ad 100644
--- a/plugins/check_snmp.c
+++ b/plugins/check_snmp.c
@@ -159,6 +159,7 @@ int perf_labels = 1;
159char* ip_version = ""; 159char* ip_version = "";
160double multiplier = 1.0; 160double multiplier = 1.0;
161char *fmtstr = ""; 161char *fmtstr = "";
162bool fmtstr_set = false;
162char buffer[DEFAULT_BUFFER_SIZE]; 163char buffer[DEFAULT_BUFFER_SIZE];
163bool ignore_mib_parsing_errors = false; 164bool ignore_mib_parsing_errors = false;
164 165
@@ -437,7 +438,8 @@ main (int argc, char **argv)
437 } 438 }
438 else if (strstr (response, "INTEGER: ")) { 439 else if (strstr (response, "INTEGER: ")) {
439 show = multiply (strstr (response, "INTEGER: ") + 9); 440 show = multiply (strstr (response, "INTEGER: ") + 9);
440 if (fmtstr != "") { 441
442 if (fmtstr_set) {
441 conv = fmtstr; 443 conv = fmtstr;
442 } 444 }
443 } 445 }
@@ -611,8 +613,9 @@ main (int argc, char **argv)
611 len = sizeof(perfstr)-strlen(perfstr)-1; 613 len = sizeof(perfstr)-strlen(perfstr)-1;
612 strncat(perfstr, show, len>ptr-show ? ptr-show : len); 614 strncat(perfstr, show, len>ptr-show ? ptr-show : len);
613 615
614 if (type) 616 if (strcmp(type, "") != 0) {
615 strncat(perfstr, type, sizeof(perfstr)-strlen(perfstr)-1); 617 strncat(perfstr, type, sizeof(perfstr)-strlen(perfstr)-1);
618 }
616 619
617 if (warning_thresholds) { 620 if (warning_thresholds) {
618 strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1); 621 strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1);
@@ -988,6 +991,7 @@ process_arguments (int argc, char **argv)
988 case 'f': 991 case 'f':
989 if (multiplier != 1.0) { 992 if (multiplier != 1.0) {
990 fmtstr=optarg; 993 fmtstr=optarg;
994 fmtstr_set = true;
991 } 995 }
992 break; 996 break;
993 case L_IGNORE_MIB_PARSING_ERRORS: 997 case L_IGNORE_MIB_PARSING_ERRORS:
@@ -1204,7 +1208,7 @@ multiply (char *str)
1204 if(verbose>2) 1208 if(verbose>2)
1205 printf(" multiply extracted double: %f\n", val); 1209 printf(" multiply extracted double: %f\n", val);
1206 val *= multiplier; 1210 val *= multiplier;
1207 if (fmtstr != "") { 1211 if (fmtstr_set) {
1208 conv = fmtstr; 1212 conv = fmtstr;
1209 } 1213 }
1210 if (val == (int)val) { 1214 if (val == (int)val) {
diff --git a/plugins/common.h b/plugins/common.h
index 0f08e2f6..6bf4fca4 100644
--- a/plugins/common.h
+++ b/plugins/common.h
@@ -225,18 +225,4 @@ enum {
225# define __attribute__(x) /* do nothing */ 225# define __attribute__(x) /* do nothing */
226#endif 226#endif
227 227
228/* Try sysconf(_SC_OPEN_MAX) first, as it can be higher than OPEN_MAX.
229 * If that fails and the macro isn't defined, we fall back to an educated
230 * guess. There's no guarantee that our guess is adequate and the program
231 * will die with SIGSEGV if it isn't and the upper boundary is breached. */
232#define DEFAULT_MAXFD 256 /* fallback value if no max open files value is set */
233#define MAXFD_LIMIT 8192 /* upper limit of open files */
234#ifdef _SC_OPEN_MAX
235static long maxfd = 0;
236#elif defined(OPEN_MAX)
237# define maxfd OPEN_MAX
238#else /* sysconf macro unavailable, so guess (may be wildly inaccurate) */
239# define maxfd DEFAULT_MAXFD
240#endif
241
242#endif /* _COMMON_H_ */ 228#endif /* _COMMON_H_ */
diff --git a/plugins/netutils.h b/plugins/netutils.h
index d7ee0ddd..ea653e72 100644
--- a/plugins/netutils.h
+++ b/plugins/netutils.h
@@ -92,7 +92,7 @@ extern int econn_refuse_state;
92extern int was_refused; 92extern int was_refused;
93extern int address_family; 93extern int address_family;
94 94
95RETSIGTYPE socket_timeout_alarm_handler (int) __attribute__((noreturn)); 95void socket_timeout_alarm_handler (int) __attribute__((noreturn));
96 96
97/* SSL-Related functionality */ 97/* SSL-Related functionality */
98#ifdef HAVE_SSL 98#ifdef HAVE_SSL
diff --git a/plugins/popen.c b/plugins/popen.c
index 723817d5..036bc608 100644
--- a/plugins/popen.c
+++ b/plugins/popen.c
@@ -38,8 +38,9 @@
38* 38*
39*****************************************************************************/ 39*****************************************************************************/
40 40
41#include "common.h" 41#include "./common.h"
42#include "utils.h" 42#include "./utils.h"
43#include "../lib/maxfd.h"
43 44
44/* extern so plugin has pid to kill exec'd process on timeouts */ 45/* extern so plugin has pid to kill exec'd process on timeouts */
45extern pid_t *childpid; 46extern pid_t *childpid;
@@ -49,9 +50,9 @@ extern FILE *child_process;
49FILE *spopen (const char *); 50FILE *spopen (const char *);
50int spclose (FILE *); 51int spclose (FILE *);
51#ifdef REDHAT_SPOPEN_ERROR 52#ifdef REDHAT_SPOPEN_ERROR
52RETSIGTYPE popen_sigchld_handler (int); 53void popen_sigchld_handler (int);
53#endif 54#endif
54RETSIGTYPE popen_timeout_alarm_handler (int); 55void popen_timeout_alarm_handler (int);
55 56
56#include <stdarg.h> /* ANSI C header file */ 57#include <stdarg.h> /* ANSI C header file */
57#include <fcntl.h> 58#include <fcntl.h>
@@ -177,8 +178,7 @@ spopen (const char *cmdstring)
177 } 178 }
178 argv[i] = NULL; 179 argv[i] = NULL;
179 180
180 if(maxfd == 0) 181 long maxfd = mp_open_max();
181 maxfd = open_max();
182 182
183 if (childpid == NULL) { /* first time through */ 183 if (childpid == NULL) { /* first time through */
184 if ((childpid = calloc ((size_t)maxfd, sizeof (pid_t))) == NULL) 184 if ((childpid = calloc ((size_t)maxfd, sizeof (pid_t))) == NULL)
@@ -266,7 +266,7 @@ spclose (FILE * fp)
266} 266}
267 267
268#ifdef REDHAT_SPOPEN_ERROR 268#ifdef REDHAT_SPOPEN_ERROR
269RETSIGTYPE 269void
270popen_sigchld_handler (int signo) 270popen_sigchld_handler (int signo)
271{ 271{
272 if (signo == SIGCHLD) 272 if (signo == SIGCHLD)
@@ -274,7 +274,7 @@ popen_sigchld_handler (int signo)
274} 274}
275#endif 275#endif
276 276
277RETSIGTYPE 277void
278popen_timeout_alarm_handler (int signo) 278popen_timeout_alarm_handler (int signo)
279{ 279{
280 int fh; 280 int fh;
diff --git a/plugins/popen.h b/plugins/popen.h
index a5dd8fa7..1ea69632 100644
--- a/plugins/popen.h
+++ b/plugins/popen.h
@@ -5,7 +5,7 @@
5 5
6FILE *spopen (const char *); 6FILE *spopen (const char *);
7int spclose (FILE *); 7int spclose (FILE *);
8RETSIGTYPE popen_timeout_alarm_handler (int); 8void popen_timeout_alarm_handler (int);
9 9
10pid_t *childpid=NULL; 10pid_t *childpid=NULL;
11int *child_stderr_array=NULL; 11int *child_stderr_array=NULL;
diff --git a/plugins/runcmd.c b/plugins/runcmd.c
index c1d675d0..4f3e349b 100644
--- a/plugins/runcmd.c
+++ b/plugins/runcmd.c
@@ -60,6 +60,8 @@
60# define SIG_ERR ((Sigfunc *)-1) 60# define SIG_ERR ((Sigfunc *)-1)
61#endif 61#endif
62 62
63#include "../lib/maxfd.h"
64
63/* This variable must be global, since there's no way the caller 65/* This variable must be global, since there's no way the caller
64 * can forcibly slay a dead or ungainly running program otherwise. 66 * can forcibly slay a dead or ungainly running program otherwise.
65 * Multithreading apps and plugins can initialize it (via NP_RUNCMD_INIT) 67 * Multithreading apps and plugins can initialize it (via NP_RUNCMD_INIT)
@@ -88,8 +90,7 @@ extern void die (int, const char *, ...)
88 * through this api and thus achieve async-safeness throughout the api */ 90 * through this api and thus achieve async-safeness throughout the api */
89void np_runcmd_init(void) 91void np_runcmd_init(void)
90{ 92{
91 if(maxfd == 0) 93 long maxfd = mp_open_max();
92 maxfd = open_max();
93 if(!np_pids) np_pids = calloc(maxfd, sizeof(pid_t)); 94 if(!np_pids) np_pids = calloc(maxfd, sizeof(pid_t));
94} 95}
95 96
@@ -116,10 +117,6 @@ np_runcmd_open(const char *cmdstring, int *pfd, int *pfderr)
116 env[0] = strdup("LC_ALL=C"); 117 env[0] = strdup("LC_ALL=C");
117 env[1] = '\0'; 118 env[1] = '\0';
118 119
119 /* if no command was passed, return with no error */
120 if (cmdstring == NULL)
121 return -1;
122
123 /* make copy of command string so strtok() doesn't silently modify it */ 120 /* make copy of command string so strtok() doesn't silently modify it */
124 /* (the calling program may want to access it later) */ 121 /* (the calling program may want to access it later) */
125 cmdlen = strlen(cmdstring); 122 cmdlen = strlen(cmdstring);
@@ -196,6 +193,7 @@ np_runcmd_open(const char *cmdstring, int *pfd, int *pfderr)
196 /* close all descriptors in np_pids[] 193 /* close all descriptors in np_pids[]
197 * This is executed in a separate address space (pure child), 194 * This is executed in a separate address space (pure child),
198 * so we don't have to worry about async safety */ 195 * so we don't have to worry about async safety */
196 long maxfd = mp_open_max();
199 for (i = 0; i < maxfd; i++) 197 for (i = 0; i < maxfd; i++)
200 if(np_pids[i] > 0) 198 if(np_pids[i] > 0)
201 close (i); 199 close (i);
@@ -223,6 +221,7 @@ np_runcmd_close(int fd)
223 pid_t pid; 221 pid_t pid;
224 222
225 /* make sure this fd was opened by popen() */ 223 /* make sure this fd was opened by popen() */
224 long maxfd = mp_open_max();
226 if(fd < 0 || fd > maxfd || !np_pids || (pid = np_pids[fd]) == 0) 225 if(fd < 0 || fd > maxfd || !np_pids || (pid = np_pids[fd]) == 0)
227 return -1; 226 return -1;
228 227
@@ -246,6 +245,7 @@ runcmd_timeout_alarm_handler (int signo)
246 if (signo == SIGALRM) 245 if (signo == SIGALRM)
247 puts(_("CRITICAL - Plugin timed out while executing system call")); 246 puts(_("CRITICAL - Plugin timed out while executing system call"));
248 247
248 long maxfd = mp_open_max();
249 if(np_pids) for(i = 0; i < maxfd; i++) { 249 if(np_pids) for(i = 0; i < maxfd; i++) {
250 if(np_pids[i] != 0) kill(np_pids[i], SIGKILL); 250 if(np_pids[i] != 0) kill(np_pids[i], SIGKILL);
251 } 251 }
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index 666a0120..6bc0ba81 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -31,9 +31,8 @@
31#include "netutils.h" 31#include "netutils.h"
32 32
33#ifdef HAVE_SSL 33#ifdef HAVE_SSL
34static SSL_CTX *c=NULL; 34static SSL_CTX *ctx=NULL;
35static SSL *s=NULL; 35static SSL *s=NULL;
36static int initialized=0;
37 36
38int np_net_ssl_init(int sd) { 37int np_net_ssl_init(int sd) {
39 return np_net_ssl_init_with_hostname(sd, NULL); 38 return np_net_ssl_init_with_hostname(sd, NULL);
@@ -48,24 +47,24 @@ int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int versi
48} 47}
49 48
50int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int version, char *cert, char *privkey) { 49int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int version, char *cert, char *privkey) {
51 const SSL_METHOD *method = NULL;
52 long options = 0; 50 long options = 0;
53 51
52 if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL) {
53 printf("%s\n", _("CRITICAL - Cannot create SSL context."));
54 return STATE_CRITICAL;
55 }
56
54 switch (version) { 57 switch (version) {
55 case MP_SSLv2: /* SSLv2 protocol */ 58 case MP_SSLv2: /* SSLv2 protocol */
56#if defined(USE_GNUTLS) || defined(OPENSSL_NO_SSL2)
57 printf("%s\n", _("UNKNOWN - SSL protocol version 2 is not supported by your SSL library.")); 59 printf("%s\n", _("UNKNOWN - SSL protocol version 2 is not supported by your SSL library."));
58 return STATE_UNKNOWN; 60 return STATE_UNKNOWN;
59#else
60 method = SSLv2_client_method();
61 break;
62#endif
63 case MP_SSLv3: /* SSLv3 protocol */ 61 case MP_SSLv3: /* SSLv3 protocol */
64#if defined(OPENSSL_NO_SSL3) 62#if defined(OPENSSL_NO_SSL3)
65 printf("%s\n", _("UNKNOWN - SSL protocol version 3 is not supported by your SSL library.")); 63 printf("%s\n", _("UNKNOWN - SSL protocol version 3 is not supported by your SSL library."));
66 return STATE_UNKNOWN; 64 return STATE_UNKNOWN;
67#else 65#else
68 method = SSLv3_client_method(); 66 SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
67 SSL_CTX_set_max_proto_version(ctx, SSL3_VERSION);
69 break; 68 break;
70#endif 69#endif
71 case MP_TLSv1: /* TLSv1 protocol */ 70 case MP_TLSv1: /* TLSv1 protocol */
@@ -73,7 +72,8 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
73 printf("%s\n", _("UNKNOWN - TLS protocol version 1 is not supported by your SSL library.")); 72 printf("%s\n", _("UNKNOWN - TLS protocol version 1 is not supported by your SSL library."));
74 return STATE_UNKNOWN; 73 return STATE_UNKNOWN;
75#else 74#else
76 method = TLSv1_client_method(); 75 SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
76 SSL_CTX_set_max_proto_version(ctx, TLS1_VERSION);
77 break; 77 break;
78#endif 78#endif
79 case MP_TLSv1_1: /* TLSv1.1 protocol */ 79 case MP_TLSv1_1: /* TLSv1.1 protocol */
@@ -81,7 +81,8 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
81 printf("%s\n", _("UNKNOWN - TLS protocol version 1.1 is not supported by your SSL library.")); 81 printf("%s\n", _("UNKNOWN - TLS protocol version 1.1 is not supported by your SSL library."));
82 return STATE_UNKNOWN; 82 return STATE_UNKNOWN;
83#else 83#else
84 method = TLSv1_1_client_method(); 84 SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
85 SSL_CTX_set_max_proto_version(ctx, TLS1_1_VERSION);
85 break; 86 break;
86#endif 87#endif
87 case MP_TLSv1_2: /* TLSv1.2 protocol */ 88 case MP_TLSv1_2: /* TLSv1.2 protocol */
@@ -89,7 +90,8 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
89 printf("%s\n", _("UNKNOWN - TLS protocol version 1.2 is not supported by your SSL library.")); 90 printf("%s\n", _("UNKNOWN - TLS protocol version 1.2 is not supported by your SSL library."));
90 return STATE_UNKNOWN; 91 return STATE_UNKNOWN;
91#else 92#else
92 method = TLSv1_2_client_method(); 93 SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
94 SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION);
93 break; 95 break;
94#endif 96#endif
95 case MP_TLSv1_2_OR_NEWER: 97 case MP_TLSv1_2_OR_NEWER:
@@ -97,56 +99,43 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
97 printf("%s\n", _("UNKNOWN - Disabling TLSv1.1 is not supported by your SSL library.")); 99 printf("%s\n", _("UNKNOWN - Disabling TLSv1.1 is not supported by your SSL library."));
98 return STATE_UNKNOWN; 100 return STATE_UNKNOWN;
99#else 101#else
100 options |= SSL_OP_NO_TLSv1_1; 102 SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
103 break;
101#endif 104#endif
102 /* FALLTHROUGH */
103 case MP_TLSv1_1_OR_NEWER: 105 case MP_TLSv1_1_OR_NEWER:
104#if !defined(SSL_OP_NO_TLSv1) 106#if !defined(SSL_OP_NO_TLSv1)
105 printf("%s\n", _("UNKNOWN - Disabling TLSv1 is not supported by your SSL library.")); 107 printf("%s\n", _("UNKNOWN - Disabling TLSv1 is not supported by your SSL library."));
106 return STATE_UNKNOWN; 108 return STATE_UNKNOWN;
107#else 109#else
108 options |= SSL_OP_NO_TLSv1; 110 SSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION);
111 break;
109#endif 112#endif
110 /* FALLTHROUGH */
111 case MP_TLSv1_OR_NEWER: 113 case MP_TLSv1_OR_NEWER:
112#if defined(SSL_OP_NO_SSLv3) 114#if defined(SSL_OP_NO_SSLv3)
113 options |= SSL_OP_NO_SSLv3; 115 SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);
116 break;
114#endif 117#endif
115 /* FALLTHROUGH */
116 case MP_SSLv3_OR_NEWER: 118 case MP_SSLv3_OR_NEWER:
117#if defined(SSL_OP_NO_SSLv2) 119#if defined(SSL_OP_NO_SSLv2)
118 options |= SSL_OP_NO_SSLv2; 120 SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION);
121 break;
119#endif 122#endif
120 case MP_SSLv2_OR_NEWER:
121 /* FALLTHROUGH */
122 default: /* Default to auto negotiation */
123 method = SSLv23_client_method();
124 }
125 if (!initialized) {
126 /* Initialize SSL context */
127 SSLeay_add_ssl_algorithms();
128 SSL_load_error_strings();
129 OpenSSL_add_all_algorithms();
130 initialized = 1;
131 }
132 if ((c = SSL_CTX_new(method)) == NULL) {
133 printf("%s\n", _("CRITICAL - Cannot create SSL context."));
134 return STATE_CRITICAL;
135 } 123 }
124
136 if (cert && privkey) { 125 if (cert && privkey) {
137#ifdef USE_OPENSSL 126#ifdef USE_OPENSSL
138 if (!SSL_CTX_use_certificate_chain_file(c, cert)) { 127 if (!SSL_CTX_use_certificate_chain_file(ctx, cert)) {
139#elif USE_GNUTLS 128#elif USE_GNUTLS
140 if (!SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM)) { 129 if (!SSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM)) {
141#else 130#else
142#error Unported for unknown SSL library 131#error Unported for unknown SSL library
143#endif 132#endif
144 printf ("%s\n", _("CRITICAL - Unable to open certificate chain file!\n")); 133 printf ("%s\n", _("CRITICAL - Unable to open certificate chain file!\n"));
145 return STATE_CRITICAL; 134 return STATE_CRITICAL;
146 } 135 }
147 SSL_CTX_use_PrivateKey_file(c, privkey, SSL_FILETYPE_PEM); 136 SSL_CTX_use_PrivateKey_file(ctx, privkey, SSL_FILETYPE_PEM);
148#ifdef USE_OPENSSL 137#ifdef USE_OPENSSL
149 if (!SSL_CTX_check_private_key(c)) { 138 if (!SSL_CTX_check_private_key(ctx)) {
150 printf ("%s\n", _("CRITICAL - Private key does not seem to match certificate!\n")); 139 printf ("%s\n", _("CRITICAL - Private key does not seem to match certificate!\n"));
151 return STATE_CRITICAL; 140 return STATE_CRITICAL;
152 } 141 }
@@ -155,9 +144,9 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
155#ifdef SSL_OP_NO_TICKET 144#ifdef SSL_OP_NO_TICKET
156 options |= SSL_OP_NO_TICKET; 145 options |= SSL_OP_NO_TICKET;
157#endif 146#endif
158 SSL_CTX_set_options(c, options); 147 SSL_CTX_set_options(ctx, options);
159 SSL_CTX_set_mode(c, SSL_MODE_AUTO_RETRY); 148 SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
160 if ((s = SSL_new(c)) != NULL) { 149 if ((s = SSL_new(ctx)) != NULL) {
161#ifdef SSL_set_tlsext_host_name 150#ifdef SSL_set_tlsext_host_name
162 if (host_name != NULL) 151 if (host_name != NULL)
163 SSL_set_tlsext_host_name(s, host_name); 152 SSL_set_tlsext_host_name(s, host_name);
@@ -184,9 +173,9 @@ void np_net_ssl_cleanup() {
184#endif 173#endif
185 SSL_shutdown(s); 174 SSL_shutdown(s);
186 SSL_free(s); 175 SSL_free(s);
187 if (c) { 176 if (ctx) {
188 SSL_CTX_free(c); 177 SSL_CTX_free(ctx);
189 c=NULL; 178 ctx=NULL;
190 } 179 }
191 s=NULL; 180 s=NULL;
192 } 181 }
diff --git a/plugins/t/check_imap.t b/plugins/t/check_imap.t
index 7c74e564..cf2f81c8 100644
--- a/plugins/t/check_imap.t
+++ b/plugins/t/check_imap.t
@@ -25,7 +25,7 @@ $t = NPTest->testCmd( "./check_imap $host_tcp_imap -p 143 -wt 9 -ct 9 -to 10 -e
25cmp_ok( $t->return_code, '==', 0, "Check old parameter options" ); 25cmp_ok( $t->return_code, '==', 0, "Check old parameter options" );
26 26
27$t = NPTest->testCmd( "./check_imap $host_nonresponsive" ); 27$t = NPTest->testCmd( "./check_imap $host_nonresponsive" );
28cmp_ok( $t->return_code, '==', 2, "Get error with non reponsive host" ); 28cmp_ok( $t->return_code, '==', 2, "Get error with non responsive host" );
29 29
30$t = NPTest->testCmd( "./check_imap $hostname_invalid" ); 30$t = NPTest->testCmd( "./check_imap $hostname_invalid" );
31cmp_ok( $t->return_code, '==', 2, "Invalid hostname" ); 31cmp_ok( $t->return_code, '==', 2, "Invalid hostname" );
diff --git a/plugins/t/check_users.t b/plugins/t/check_users.t
index 088f3b52..9ebc2fc6 100644
--- a/plugins/t/check_users.t
+++ b/plugins/t/check_users.t
@@ -2,7 +2,7 @@
2# 2#
3# Logged in Users Tests via check_users 3# Logged in Users Tests via check_users
4# 4#
5# Trick: This ckeck requires at least 1 user logged in. These commands should 5# Trick: This check requires at least 1 user logged in. These commands should
6# leave a session open forever in the background: 6# leave a session open forever in the background:
7# 7#
8# $ ssh -tt localhost </dev/null >/dev/null 2>/dev/null & 8# $ ssh -tt localhost </dev/null >/dev/null 2>/dev/null &
diff --git a/plugins/tests/check_curl.t b/plugins/tests/check_curl.t
index 72f2b7c2..3c914830 100755
--- a/plugins/tests/check_curl.t
+++ b/plugins/tests/check_curl.t
@@ -9,7 +9,7 @@
9# Country Name (2 letter code) [AU]:DE 9# Country Name (2 letter code) [AU]:DE
10# State or Province Name (full name) [Some-State]:Bavaria 10# State or Province Name (full name) [Some-State]:Bavaria
11# Locality Name (eg, city) []:Munich 11# Locality Name (eg, city) []:Munich
12# Organization Name (eg, company) [Internet Widgits Pty Ltd]:Monitoring Plugins 12# Organization Name (eg, company) [Internet Widgets Pty Ltd]:Monitoring Plugins
13# Organizational Unit Name (eg, section) []: 13# Organizational Unit Name (eg, section) []:
14# Common Name (e.g. server FQDN or YOUR name) []:Monitoring Plugins 14# Common Name (e.g. server FQDN or YOUR name) []:Monitoring Plugins
15# Email Address []:devel@monitoring-plugins.org 15# Email Address []:devel@monitoring-plugins.org
diff --git a/plugins/utils.c b/plugins/utils.c
index b4214c61..71c0bdd8 100644
--- a/plugins/utils.c
+++ b/plugins/utils.c
@@ -804,19 +804,3 @@ char *sperfdata_int (const char *label,
804 804
805 return data; 805 return data;
806} 806}
807
808int
809open_max (void)
810{
811 errno = 0;
812 if (maxfd > 0)
813 return(maxfd);
814
815 if ((maxfd = sysconf (_SC_OPEN_MAX)) < 0) {
816 if (errno == 0)
817 maxfd = DEFAULT_MAXFD; /* it's indeterminate */
818 else
819 die (STATE_UNKNOWN, _("sysconf error for _SC_OPEN_MAX\n"));
820 }
821 return(maxfd);
822}
diff --git a/plugins/utils.h b/plugins/utils.h
index c76b3216..cb979ce7 100644
--- a/plugins/utils.h
+++ b/plugins/utils.h
@@ -106,8 +106,6 @@ char *sperfdata (const char *, double, const char *, char *, char *,
106char *sperfdata_int (const char *, int, const char *, char *, char *, 106char *sperfdata_int (const char *, int, const char *, char *, char *,
107 int, int, int, int); 107 int, int, int, int);
108 108
109int open_max (void);
110
111/* The idea here is that, although not every plugin will use all of these, 109/* The idea here is that, although not every plugin will use all of these,
112 most will or should. Therefore, for consistency, these very common 110 most will or should. Therefore, for consistency, these very common
113 options should have only these meanings throughout the overall suite */ 111 options should have only these meanings throughout the overall suite */