diff options
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/check_curl.c | 39 | ||||
-rw-r--r-- | plugins/check_dns.c | 20 | ||||
-rw-r--r-- | plugins/check_http.c | 15 |
3 files changed, 63 insertions, 11 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 2d69b310..8f274c26 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c | |||
@@ -296,6 +296,28 @@ CURLcode sslctxfun(CURL *curl, SSL_CTX *sslctx, void *parm) | |||
296 | #endif /* USE_OPENSSL */ | 296 | #endif /* USE_OPENSSL */ |
297 | #endif /* HAVE_SSL */ | 297 | #endif /* HAVE_SSL */ |
298 | 298 | ||
299 | /* returns a string "HTTP/1.x" or "HTTP/2" */ | ||
300 | static char *string_statuscode (int major, int minor) | ||
301 | { | ||
302 | static char buf[10]; | ||
303 | |||
304 | switch (major) { | ||
305 | case 1: | ||
306 | snprintf (buf, sizeof (buf), "HTTP/%d.%d", major, minor); | ||
307 | break; | ||
308 | case 2: | ||
309 | case 3: | ||
310 | snprintf (buf, sizeof (buf), "HTTP/%d", major); | ||
311 | break; | ||
312 | default: | ||
313 | /* assuming here HTTP/N with N>=4 */ | ||
314 | snprintf (buf, sizeof (buf), "HTTP/%d", major); | ||
315 | break; | ||
316 | } | ||
317 | |||
318 | return buf; | ||
319 | } | ||
320 | |||
299 | /* Checks if the server 'reply' is one of the expected 'statuscodes' */ | 321 | /* Checks if the server 'reply' is one of the expected 'statuscodes' */ |
300 | static int | 322 | static int |
301 | expected_statuscode (const char *reply, const char *statuscodes) | 323 | expected_statuscode (const char *reply, const char *statuscodes) |
@@ -746,7 +768,8 @@ GOT_FIRST_CERT: | |||
746 | if (curlhelp_parse_statusline (header_buf.buf, &status_line) < 0) { | 768 | if (curlhelp_parse_statusline (header_buf.buf, &status_line) < 0) { |
747 | snprintf (msg, DEFAULT_BUFFER_SIZE, "Unparsable status line in %.3g seconds response time|%s\n", | 769 | snprintf (msg, DEFAULT_BUFFER_SIZE, "Unparsable status line in %.3g seconds response time|%s\n", |
748 | total_time, perfstring); | 770 | total_time, perfstring); |
749 | die (STATE_CRITICAL, "HTTP CRITICAL HTTP/1.x %ld unknown - %s", code, msg); | 771 | /* we cannot know the major/minor version here for sure as we cannot parse the first line */ |
772 | die (STATE_CRITICAL, "HTTP CRITICAL HTTP/x.x %ld unknown - %s", code, msg); | ||
750 | } | 773 | } |
751 | 774 | ||
752 | /* get result code from cURL */ | 775 | /* get result code from cURL */ |
@@ -823,8 +846,8 @@ GOT_FIRST_CERT: | |||
823 | 846 | ||
824 | /* check status codes, set exit status accordingly */ | 847 | /* check status codes, set exit status accordingly */ |
825 | if( status_line.http_code != code ) { | 848 | if( status_line.http_code != code ) { |
826 | die (STATE_CRITICAL, _("HTTP CRITICAL HTTP/%d.%d %d %s - different HTTP codes (cUrl has %ld)\n"), | 849 | die (STATE_CRITICAL, _("HTTP CRITICAL %s %d %s - different HTTP codes (cUrl has %ld)\n"), |
827 | status_line.http_major, status_line.http_minor, | 850 | string_statuscode (status_line.http_major, status_line.http_minor), |
828 | status_line.http_code, status_line.msg, code); | 851 | status_line.http_code, status_line.msg, code); |
829 | } | 852 | } |
830 | 853 | ||
@@ -895,8 +918,8 @@ GOT_FIRST_CERT: | |||
895 | msg[strlen(msg)-3] = '\0'; | 918 | msg[strlen(msg)-3] = '\0'; |
896 | 919 | ||
897 | /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */ | 920 | /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */ |
898 | die (result, "HTTP %s: HTTP/%d.%d %d %s%s%s - %d bytes in %.3f second response time %s|%s\n", | 921 | die (result, "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n", |
899 | state_text(result), status_line.http_major, status_line.http_minor, | 922 | state_text(result), string_statuscode (status_line.http_major, status_line.http_minor), |
900 | status_line.http_code, status_line.msg, | 923 | status_line.http_code, status_line.msg, |
901 | strlen(msg) > 0 ? " - " : "", | 924 | strlen(msg) > 0 ? " - " : "", |
902 | msg, page_len, total_time, | 925 | msg, page_len, total_time, |
@@ -1041,7 +1064,7 @@ redir (curlhelp_write_curlbuf* header_buf) | |||
1041 | const UriPathSegmentA* p = uri.pathHead; | 1064 | const UriPathSegmentA* p = uri.pathHead; |
1042 | for (; p; p = p->next) { | 1065 | for (; p; p = p->next) { |
1043 | strncat (new_url, "/", DEFAULT_BUFFER_SIZE); | 1066 | strncat (new_url, "/", DEFAULT_BUFFER_SIZE); |
1044 | strncat (new_url, uri_string (p->text, buf, DEFAULT_BUFFER_SIZE), DEFAULT_BUFFER_SIZE); | 1067 | strncat (new_url, uri_string (p->text, buf, DEFAULT_BUFFER_SIZE), DEFAULT_BUFFER_SIZE-1); |
1045 | } | 1068 | } |
1046 | } | 1069 | } |
1047 | 1070 | ||
@@ -1354,7 +1377,7 @@ process_arguments (int argc, char **argv) | |||
1354 | ssl_version = CURL_SSLVERSION_DEFAULT; | 1377 | ssl_version = CURL_SSLVERSION_DEFAULT; |
1355 | #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0) */ | 1378 | #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0) */ |
1356 | else | 1379 | else |
1357 | usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)")); | 1380 | usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2, 1.3 (with optional '+' suffix)")); |
1358 | } | 1381 | } |
1359 | #if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) | 1382 | #if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) |
1360 | if (got_plus) { | 1383 | if (got_plus) { |
@@ -1659,7 +1682,7 @@ print_help (void) | |||
1659 | printf (" %s\n", "-S, --ssl=VERSION[+]"); | 1682 | printf (" %s\n", "-S, --ssl=VERSION[+]"); |
1660 | printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents")); | 1683 | printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents")); |
1661 | printf (" %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,")); | 1684 | printf (" %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,")); |
1662 | printf (" %s\n", _("1.2 = TLSv1.2). With a '+' suffix, newer versions are also accepted.")); | 1685 | printf (" %s\n", _("1.2 = TLSv1.2, 1.3 = TLSv1.3). With a '+' suffix, newer versions are also accepted.")); |
1663 | printf (" %s\n", _("Note: SSLv2 and SSLv3 are deprecated and are usually disabled in libcurl")); | 1686 | printf (" %s\n", _("Note: SSLv2 and SSLv3 are deprecated and are usually disabled in libcurl")); |
1664 | printf (" %s\n", "--sni"); | 1687 | printf (" %s\n", "--sni"); |
1665 | printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); | 1688 | printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); |
diff --git a/plugins/check_dns.c b/plugins/check_dns.c index b90f50e6..0f2e6541 100644 --- a/plugins/check_dns.c +++ b/plugins/check_dns.c | |||
@@ -473,9 +473,23 @@ process_arguments (int argc, char **argv) | |||
473 | case 'a': /* expected address */ | 473 | case 'a': /* expected address */ |
474 | if (strlen (optarg) >= ADDRESS_LENGTH) | 474 | if (strlen (optarg) >= ADDRESS_LENGTH) |
475 | die (STATE_UNKNOWN, _("Input buffer overflow\n")); | 475 | die (STATE_UNKNOWN, _("Input buffer overflow\n")); |
476 | expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**)); | 476 | if (strchr(optarg, ',') != NULL) { |
477 | expected_address[expected_address_cnt] = strdup(optarg); | 477 | char *comma = strchr(optarg, ','); |
478 | expected_address_cnt++; | 478 | while (comma != NULL) { |
479 | expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**)); | ||
480 | expected_address[expected_address_cnt] = strndup(optarg, comma - optarg); | ||
481 | expected_address_cnt++; | ||
482 | optarg = comma + 1; | ||
483 | comma = strchr(optarg, ','); | ||
484 | } | ||
485 | expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**)); | ||
486 | expected_address[expected_address_cnt] = strdup(optarg); | ||
487 | expected_address_cnt++; | ||
488 | } else { | ||
489 | expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**)); | ||
490 | expected_address[expected_address_cnt] = strdup(optarg); | ||
491 | expected_address_cnt++; | ||
492 | } | ||
479 | break; | 493 | break; |
480 | case 'A': /* expect authority */ | 494 | case 'A': /* expect authority */ |
481 | expect_authority = TRUE; | 495 | expect_authority = TRUE; |
diff --git a/plugins/check_http.c b/plugins/check_http.c index de59a068..e2298b17 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c | |||
@@ -931,6 +931,21 @@ check_http (void) | |||
931 | 931 | ||
932 | if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT); | 932 | if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT); |
933 | asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent); | 933 | asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent); |
934 | if (strlen(proxy_auth)) { | ||
935 | base64_encode_alloc (proxy_auth, strlen (proxy_auth), &auth); | ||
936 | xasprintf (&buf, "%sProxy-Authorization: Basic %s\r\n", buf, auth); | ||
937 | } | ||
938 | /* optionally send any other header tag */ | ||
939 | if (http_opt_headers_count) { | ||
940 | for (i = 0; i < http_opt_headers_count ; i++) { | ||
941 | if (force_host_header != http_opt_headers[i]) { | ||
942 | xasprintf (&buf, "%s%s\r\n", buf, http_opt_headers[i]); | ||
943 | } | ||
944 | } | ||
945 | /* This cannot be free'd here because a redirection will then try to access this and segfault */ | ||
946 | /* Covered in a testcase in tests/check_http.t */ | ||
947 | /* free(http_opt_headers); */ | ||
948 | } | ||
934 | asprintf (&buf, "%sProxy-Connection: keep-alive\r\n", buf); | 949 | asprintf (&buf, "%sProxy-Connection: keep-alive\r\n", buf); |
935 | asprintf (&buf, "%sHost: %s\r\n", buf, host_name); | 950 | asprintf (&buf, "%sHost: %s\r\n", buf, host_name); |
936 | /* we finished our request, send empty line with CRLF */ | 951 | /* we finished our request, send empty line with CRLF */ |