summaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'plugins')
-rw-r--r--plugins/check_curl.c251
1 files changed, 184 insertions, 67 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index 41c25d9..67ae2b0 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -378,8 +378,12 @@ void
378handle_curl_option_return_code (CURLcode res, const char* option) 378handle_curl_option_return_code (CURLcode res, const char* option)
379{ 379{
380 if (res != CURLE_OK) { 380 if (res != CURLE_OK) {
381 snprintf (msg, DEFAULT_BUFFER_SIZE, _("Error while setting cURL option '%s': cURL returned %d - %s"), 381 snprintf (msg,
382 option, res, curl_easy_strerror(res)); 382 DEFAULT_BUFFER_SIZE,
383 _("Error while setting cURL option '%s': cURL returned %d - %s"),
384 option,
385 res,
386 curl_easy_strerror(res));
383 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); 387 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
384 } 388 }
385} 389}
@@ -519,9 +523,13 @@ check_http (void)
519 // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy 523 // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy
520 if(use_ssl && host_name != NULL) { 524 if(use_ssl && host_name != NULL) {
521 if ( (res=lookup_host (server_address, addrstr, DEFAULT_BUFFER_SIZE/2)) != 0) { 525 if ( (res=lookup_host (server_address, addrstr, DEFAULT_BUFFER_SIZE/2)) != 0) {
522 snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"), 526 snprintf (msg,
523 server_address, res, gai_strerror (res)); 527 DEFAULT_BUFFER_SIZE,
524 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); 528 _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"),
529 server_address,
530 res,
531 gai_strerror (res));
532 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
525 } 533 }
526 snprintf (dnscache, DEFAULT_BUFFER_SIZE, "%s:%d:%s", host_name, server_port, addrstr); 534 snprintf (dnscache, DEFAULT_BUFFER_SIZE, "%s:%d:%s", host_name, server_port, addrstr);
527 host = curl_slist_append(NULL, dnscache); 535 host = curl_slist_append(NULL, dnscache);
@@ -819,9 +827,13 @@ check_http (void)
819 827
820 /* Curl errors, result in critical Nagios state */ 828 /* Curl errors, result in critical Nagios state */
821 if (res != CURLE_OK) { 829 if (res != CURLE_OK) {
822 snprintf (msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host on port %d: cURL returned %d - %s"), 830 snprintf (msg,
823 server_port, res, errbuf[0] ? errbuf : curl_easy_strerror(res)); 831 DEFAULT_BUFFER_SIZE,
824 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); 832 _("Invalid HTTP response received from host on port %d: cURL returned %d - %s"),
833 server_port,
834 res,
835 errbuf[0] ? errbuf : curl_easy_strerror(res));
836 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
825 } 837 }
826 838
827 /* certificate checks */ 839 /* certificate checks */
@@ -864,15 +876,19 @@ check_http (void)
864 } 876 }
865GOT_FIRST_CERT: 877GOT_FIRST_CERT:
866 if (!raw_cert) { 878 if (!raw_cert) {
867 snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates from CERTINFO information - certificate data was empty")); 879 snprintf (msg,
868 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); 880 DEFAULT_BUFFER_SIZE,
881 _("Cannot retrieve certificates from CERTINFO information - certificate data was empty"));
882 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
869 } 883 }
870 BIO* cert_BIO = BIO_new (BIO_s_mem()); 884 BIO* cert_BIO = BIO_new (BIO_s_mem());
871 BIO_write (cert_BIO, raw_cert, strlen(raw_cert)); 885 BIO_write (cert_BIO, raw_cert, strlen(raw_cert));
872 cert = PEM_read_bio_X509 (cert_BIO, NULL, NULL, NULL); 886 cert = PEM_read_bio_X509 (cert_BIO, NULL, NULL, NULL);
873 if (!cert) { 887 if (!cert) {
874 snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot read certificate from CERTINFO information - BIO error")); 888 snprintf (msg,
875 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); 889 DEFAULT_BUFFER_SIZE,
890 _("Cannot read certificate from CERTINFO information - BIO error"));
891 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
876 } 892 }
877 BIO_free (cert_BIO); 893 BIO_free (cert_BIO);
878 result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); 894 result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
@@ -889,9 +905,12 @@ GOT_FIRST_CERT:
889 } 905 }
890#endif /* USE_OPENSSL */ 906#endif /* USE_OPENSSL */
891 } else { 907 } else {
892 snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates - cURL returned %d - %s"), 908 snprintf (msg,
893 res, curl_easy_strerror(res)); 909 DEFAULT_BUFFER_SIZE,
894 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); 910 _("Cannot retrieve certificates - cURL returned %d - %s"),
911 res,
912 curl_easy_strerror(res));
913 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
895 } 914 }
896 } 915 }
897 } 916 }
@@ -930,8 +949,11 @@ GOT_FIRST_CERT:
930 949
931 /* get status line of answer, check sanity of HTTP code */ 950 /* get status line of answer, check sanity of HTTP code */
932 if (curlhelp_parse_statusline (header_buf.buf, &status_line) < 0) { 951 if (curlhelp_parse_statusline (header_buf.buf, &status_line) < 0) {
933 snprintf (msg, DEFAULT_BUFFER_SIZE, "Unparsable status line in %.3g seconds response time|%s\n", 952 snprintf (msg,
934 total_time, perfstring); 953 DEFAULT_BUFFER_SIZE,
954 "Unparsable status line in %.3g seconds response time|%s\n",
955 total_time,
956 perfstring);
935 /* we cannot know the major/minor version here for sure as we cannot parse the first line */ 957 /* we cannot know the major/minor version here for sure as we cannot parse the first line */
936 die (STATE_CRITICAL, "HTTP CRITICAL HTTP/x.x %ld unknown - %s", code, msg); 958 die (STATE_CRITICAL, "HTTP CRITICAL HTTP/x.x %ld unknown - %s", code, msg);
937 } 959 }
@@ -951,9 +973,16 @@ GOT_FIRST_CERT:
951 /* make sure the status line matches the response we are looking for */ 973 /* make sure the status line matches the response we are looking for */
952 if (!expected_statuscode(status_line.first_line, server_expect)) { 974 if (!expected_statuscode(status_line.first_line, server_expect)) {
953 if (server_port == HTTP_PORT) 975 if (server_port == HTTP_PORT)
954 snprintf(msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host: %s\n"), status_line.first_line); 976 snprintf(msg,
977 DEFAULT_BUFFER_SIZE,
978 _("Invalid HTTP response received from host: %s\n"),
979 status_line.first_line);
955 else 980 else
956 snprintf(msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host on port %d: %s\n"), server_port, status_line.first_line); 981 snprintf(msg,
982 DEFAULT_BUFFER_SIZE,
983 _("Invalid HTTP response received from host on port %d: %s\n"),
984 server_port,
985 status_line.first_line);
957 die (STATE_CRITICAL, "HTTP CRITICAL - %s%s%s", msg, 986 die (STATE_CRITICAL, "HTTP CRITICAL - %s%s%s", msg,
958 show_body ? "\n" : "", 987 show_body ? "\n" : "",
959 show_body ? body_buf.buf : ""); 988 show_body ? body_buf.buf : "");
@@ -1026,23 +1055,60 @@ GOT_FIRST_CERT:
1026 1055
1027 if (strlen (header_expect)) { 1056 if (strlen (header_expect)) {
1028 if (!strstr (header_buf.buf, header_expect)) { 1057 if (!strstr (header_buf.buf, header_expect)) {
1058
1029 strncpy(&output_header_search[0],header_expect,sizeof(output_header_search)); 1059 strncpy(&output_header_search[0],header_expect,sizeof(output_header_search));
1060
1030 if(output_header_search[sizeof(output_header_search)-1]!='\0') { 1061 if(output_header_search[sizeof(output_header_search)-1]!='\0') {
1031 bcopy("...",&output_header_search[sizeof(output_header_search)-4],4); 1062 bcopy("...",&output_header_search[sizeof(output_header_search)-4],4);
1032 } 1063 }
1033 snprintf (msg, DEFAULT_BUFFER_SIZE, _("%sheader '%s' not found on '%s://%s:%d%s', "), msg, output_header_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url); 1064
1034 result = STATE_CRITICAL; 1065 char *tmp = malloc(DEFAULT_BUFFER_SIZE);
1066
1067 if (tmp == NULL) {
1068 die(STATE_UNKNOWN, "Failed to allocate buffer for output: %s\n", strerror(errno));
1069 }
1070
1071 snprintf (tmp,
1072 DEFAULT_BUFFER_SIZE,
1073 _("%sheader '%s' not found on '%s://%s:%d%s', "),
1074 msg,
1075 output_header_search,
1076 use_ssl ? "https" : "http",
1077 host_name ? host_name : server_address,
1078 server_port,
1079 server_url);
1080
1081 strcpy(msg, tmp);
1082 free(tmp);
1083
1084 result = STATE_CRITICAL;
1035 } 1085 }
1036 } 1086 }
1037 1087
1038 if (strlen (string_expect)) { 1088 if (strlen (string_expect)) {
1039 if (!strstr (body_buf.buf, string_expect)) { 1089 if (!strstr (body_buf.buf, string_expect)) {
1090
1040 strncpy(&output_string_search[0],string_expect,sizeof(output_string_search)); 1091 strncpy(&output_string_search[0],string_expect,sizeof(output_string_search));
1092
1041 if(output_string_search[sizeof(output_string_search)-1]!='\0') { 1093 if(output_string_search[sizeof(output_string_search)-1]!='\0') {
1042 bcopy("...",&output_string_search[sizeof(output_string_search)-4],4); 1094 bcopy("...",&output_string_search[sizeof(output_string_search)-4],4);
1043 } 1095 }
1044 snprintf (msg, DEFAULT_BUFFER_SIZE, _("%sstring '%s' not found on '%s://%s:%d%s', "), msg, output_string_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url); 1096
1045 result = STATE_CRITICAL; 1097 char tmp[DEFAULT_BUFFER_SIZE];
1098
1099 snprintf (tmp,
1100 DEFAULT_BUFFER_SIZE,
1101 _("%sstring '%s' not found on '%s://%s:%d%s', "),
1102 msg,
1103 output_string_search,
1104 use_ssl ? "https" : "http",
1105 host_name ? host_name : server_address,
1106 server_port,
1107 server_url);
1108
1109 strcpy(msg, tmp);
1110
1111 result = STATE_CRITICAL;
1046 } 1112 }
1047 } 1113 }
1048 1114
@@ -1053,27 +1119,48 @@ GOT_FIRST_CERT:
1053 result = max_state_alt(STATE_OK, result); 1119 result = max_state_alt(STATE_OK, result);
1054 } 1120 }
1055 else if ((errcode == REG_NOMATCH && !invert_regex) || (errcode == 0 && invert_regex)) { 1121 else if ((errcode == REG_NOMATCH && !invert_regex) || (errcode == 0 && invert_regex)) {
1056 if (!invert_regex) 1122 if (!invert_regex) {
1057 snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spattern not found, "), msg); 1123 char tmp[DEFAULT_BUFFER_SIZE];
1058 else 1124
1059 snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spattern found, "), msg); 1125 snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%spattern not found, "), msg);
1060 result = STATE_CRITICAL; 1126 strcpy(msg, tmp);
1061 } 1127
1062 else { 1128 } else {
1063 regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER); 1129 char tmp[DEFAULT_BUFFER_SIZE];
1064 snprintf (msg, DEFAULT_BUFFER_SIZE, _("%sExecute Error: %s, "), msg, errbuf); 1130
1065 result = STATE_UNKNOWN; 1131 snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%spattern found, "), msg);
1066 } 1132 strcpy(msg, tmp);
1133
1134 }
1135 result = STATE_CRITICAL;
1136 } else {
1137 regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
1138
1139 char tmp[DEFAULT_BUFFER_SIZE];
1140
1141 snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%sExecute Error: %s, "), msg, errbuf);
1142 strcpy(msg, tmp);
1143 result = STATE_UNKNOWN;
1144 }
1067 } 1145 }
1068 1146
1069 /* make sure the page is of an appropriate size */ 1147 /* make sure the page is of an appropriate size */
1070 if ((max_page_len > 0) && (page_len > max_page_len)) { 1148 if ((max_page_len > 0) && (page_len > max_page_len)) {
1071 snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spage size %d too large, "), msg, page_len); 1149 char tmp[DEFAULT_BUFFER_SIZE];
1072 result = max_state_alt(STATE_WARNING, result); 1150
1073 } else if ((min_page_len > 0) && (page_len < min_page_len)) { 1151 snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%spage size %d too large, "), msg, page_len);
1074 snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spage size %d too small, "), msg, page_len); 1152
1075 result = max_state_alt(STATE_WARNING, result); 1153 strcpy(msg, tmp);
1076 } 1154
1155 result = max_state_alt(STATE_WARNING, result);
1156
1157 } else if ((min_page_len > 0) && (page_len < min_page_len)) {
1158 char tmp[DEFAULT_BUFFER_SIZE];
1159
1160 snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%spage size %d too small, "), msg, page_len);
1161 strcpy(msg, tmp);
1162 result = max_state_alt(STATE_WARNING, result);
1163 }
1077 1164
1078 /* -w, -c: check warning and critical level */ 1165 /* -w, -c: check warning and critical level */
1079 result = max_state_alt(get_status(total_time, thlds), result); 1166 result = max_state_alt(get_status(total_time, thlds), result);
@@ -2312,37 +2399,67 @@ check_document_dates (const curlhelp_write_curlbuf *header_buf, char (*msg)[DEFA
2312 server_date = get_header_value (headers, nof_headers, "date"); 2399 server_date = get_header_value (headers, nof_headers, "date");
2313 document_date = get_header_value (headers, nof_headers, "last-modified"); 2400 document_date = get_header_value (headers, nof_headers, "last-modified");
2314 2401
2315 if (!server_date || !*server_date) { 2402 if (!server_date || !*server_date) {
2316 snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sServer date unknown, "), *msg); 2403 char tmp[DEFAULT_BUFFER_SIZE];
2317 date_result = max_state_alt(STATE_UNKNOWN, date_result); 2404
2318 } else if (!document_date || !*document_date) { 2405 snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%sServer date unknown, "), *msg);
2319 snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sDocument modification date unknown, "), *msg); 2406 strcpy(*msg, tmp);
2320 date_result = max_state_alt(STATE_CRITICAL, date_result); 2407
2408 date_result = max_state_alt(STATE_UNKNOWN, date_result);
2409
2410 } else if (!document_date || !*document_date) {
2411 char tmp[DEFAULT_BUFFER_SIZE];
2412
2413 snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%sDocument modification date unknown, "), *msg);
2414 strcpy(*msg, tmp);
2415
2416 date_result = max_state_alt(STATE_CRITICAL, date_result);
2417
2321 } else { 2418 } else {
2322 time_t srv_data = curl_getdate (server_date, NULL); 2419 time_t srv_data = curl_getdate (server_date, NULL);
2323 time_t doc_data = curl_getdate (document_date, NULL); 2420 time_t doc_data = curl_getdate (document_date, NULL);
2324 if (verbose >= 2) 2421 if (verbose >= 2)
2325 printf ("* server date: '%s' (%d), doc_date: '%s' (%d)\n", server_date, (int)srv_data, document_date, (int)doc_data); 2422 printf ("* server date: '%s' (%d), doc_date: '%s' (%d)\n", server_date, (int)srv_data, document_date, (int)doc_data);
2326 if (srv_data <= 0) { 2423 if (srv_data <= 0) {
2327 snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sServer date \"%100s\" unparsable, "), *msg, server_date); 2424 char tmp[DEFAULT_BUFFER_SIZE];
2328 date_result = max_state_alt(STATE_CRITICAL, date_result); 2425
2329 } else if (doc_data <= 0) { 2426 snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%sServer date \"%100s\" unparsable, "), *msg, server_date);
2330 snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sDocument date \"%100s\" unparsable, "), *msg, document_date); 2427 strcpy(*msg, tmp);
2331 date_result = max_state_alt(STATE_CRITICAL, date_result); 2428
2332 } else if (doc_data > srv_data + 30) { 2429 date_result = max_state_alt(STATE_CRITICAL, date_result);
2333 snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sDocument is %d seconds in the future, "), *msg, (int)doc_data - (int)srv_data); 2430 } else if (doc_data <= 0) {
2334 date_result = max_state_alt(STATE_CRITICAL, date_result); 2431 char tmp[DEFAULT_BUFFER_SIZE];
2335 } else if (doc_data < srv_data - maximum_age) { 2432
2336 int n = (srv_data - doc_data); 2433 snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%sDocument date \"%100s\" unparsable, "), *msg, document_date);
2337 if (n > (60 * 60 * 24 * 2)) { 2434 strcpy(*msg, tmp);
2338 snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sLast modified %.1f days ago, "), *msg, ((float) n) / (60 * 60 * 24)); 2435
2339 date_result = max_state_alt(STATE_CRITICAL, date_result); 2436 date_result = max_state_alt(STATE_CRITICAL, date_result);
2340 } else { 2437 } else if (doc_data > srv_data + 30) {
2341 snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sLast modified %d:%02d:%02d ago, "), *msg, n / (60 * 60), (n / 60) % 60, n % 60); 2438 char tmp[DEFAULT_BUFFER_SIZE];
2342 date_result = max_state_alt(STATE_CRITICAL, date_result); 2439
2343 } 2440 snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%sDocument is %d seconds in the future, "), *msg, (int)doc_data - (int)srv_data);
2344 } 2441 strcpy(*msg, tmp);
2345 } 2442
2443 date_result = max_state_alt(STATE_CRITICAL, date_result);
2444 } else if (doc_data < srv_data - maximum_age) {
2445 int n = (srv_data - doc_data);
2446 if (n > (60 * 60 * 24 * 2)) {
2447 char tmp[DEFAULT_BUFFER_SIZE];
2448
2449 snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%sLast modified %.1f days ago, "), *msg, ((float) n) / (60 * 60 * 24));
2450 strcpy(*msg, tmp);
2451
2452 date_result = max_state_alt(STATE_CRITICAL, date_result);
2453 } else {
2454 char tmp[DEFAULT_BUFFER_SIZE];
2455
2456 snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%sLast modified %d:%02d:%02d ago, "), *msg, n / (60 * 60), (n / 60) % 60, n % 60);
2457 strcpy(*msg, tmp);
2458
2459 date_result = max_state_alt(STATE_CRITICAL, date_result);
2460 }
2461 }
2462 }
2346 2463
2347 if (server_date) free (server_date); 2464 if (server_date) free (server_date);
2348 if (document_date) free (document_date); 2465 if (document_date) free (document_date);