summaryrefslogtreecommitdiffstats
path: root/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'plugins')
-rw-r--r--plugins/check_http.c336
1 files changed, 174 insertions, 162 deletions
diff --git a/plugins/check_http.c b/plugins/check_http.c
index b5f2a56..eba8ac2 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -1,27 +1,20 @@
1/**************************************************************************** 1/******************************************************************************
2 * 2
3 * Program: HTTP plugin for Nagios 3 This program is free software; you can redistribute it and/or modify
4 * License: GPL 4 it under the terms of the GNU General Public License as published by
5 * 5 the Free Software Foundation; either version 2 of the License, or
6 * License Information: 6 (at your option) any later version.
7 * 7
8 * This program is free software; you can redistribute it and/or modify 8 This program is distributed in the hope that it will be useful,
9 * it under the terms of the GNU General Public License as published by 9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * the Free Software Foundation; either version 2 of the License, or 10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * (at your option) any later version. 11 GNU General Public License for more details.
12 * 12
13 * This program is distributed in the hope that it will be useful, 13 You should have received a copy of the GNU General Public License
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 along with this program; if not, write to the Free Software
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
16 * GNU General Public License for more details. 16
17 * 17******************************************************************************/
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 *
22 * $Id$
23 *
24 *****************************************************************************/
25 18
26const char *progname = "check_http"; 19const char *progname = "check_http";
27const char *revision = "$Revision$"; 20const char *revision = "$Revision$";
@@ -39,125 +32,6 @@ enum {
39 HTTPS_PORT = 443 32 HTTPS_PORT = 443
40}; 33};
41 34
42void
43print_usage (void)
44{
45 printf (_("\
46Usage: %s (-H <vhost> | -I <IP-address>) [-u <uri>] [-p <port>]\n\
47 [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L]\n\
48 [-a auth] [-f <ok | warn | critcal | follow>] [-e <expect>]\n\
49 [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n\
50 [-P string] [-m min_pg_size] [-4|-6]\n"), progname);
51 printf (_(UT_HLP_VRS), progname, progname);
52}
53
54void
55print_help (void)
56{
57 print_revision (progname, revision);
58
59 printf (_(COPYRIGHT), copyright, email);
60
61 printf (_("\
62This plugin tests the HTTP service on the specified host. It can test\n\
63normal (http) and secure (https) servers, follow redirects, search for\n\
64strings and regular expressions, check connection times, and report on\n\
65certificate expiration times.\n"));
66
67 print_usage ();
68
69 printf (_("NOTE: One or both of -H and -I must be specified\n"));
70
71 printf (_(UT_HELP_VRSN));
72
73 printf (_("\
74 -H, --hostname=ADDRESS\n\
75 Host name argument for servers using host headers (virtual host)\n\
76 -I, --IP-address=ADDRESS\n\
77 IP address or name (use numeric address if possible to bypass DNS lookup).\n\
78 -p, --port=INTEGER\n\
79 Port number (default: %d)\n"), HTTP_PORT);
80
81 printf (_(UT_IPv46));
82
83#ifdef HAVE_SSL
84 printf (_("\
85 -S, --ssl\n\
86 Connect via SSL\n\
87 -C, --certificate=INTEGER\n\
88 Minimum number of days a certificate has to be valid.\n\
89 (when this option is used the url is not checked.)\n"));
90#endif
91
92 printf (_("\
93 -e, --expect=STRING\n\
94 String to expect in first (status) line of server response (default: %s)\n\
95 If specified skips all other status line logic (ex: 3xx, 4xx, 5xx processing)\n\
96 -s, --string=STRING\n\
97 String to expect in the content\n\
98 -u, --url=PATH\n\
99 URL to GET or POST (default: /)\n\
100 -P, --post=STRING\n\
101 URL encoded http POST data\n"), HTTP_EXPECT);
102
103#ifdef HAVE_REGEX_H
104 printf (_("\
105 -l, --linespan\n\
106 Allow regex to span newlines (must precede -r or -R)\n\
107 -r, --regex, --ereg=STRING\n\
108 Search page for regex STRING\n\
109 -R, --eregi=STRING\n\
110 Search page for case-insensitive regex STRING\n"));
111#endif
112
113 printf (_("\
114 -a, --authorization=AUTH_PAIR\n\
115 Username:password on sites with basic authentication\n\
116 -L, --link=URL\n\
117 Wrap output in HTML link (obsoleted by urlize)\n\
118 -f, --onredirect=<ok|warning|critical|follow>\n\
119 How to handle redirected pages\n\
120 -m, --min=INTEGER\n\
121 Minimum page size required (bytes)\n"));
122
123 printf (_(UT_WARN_CRIT));
124
125 printf (_(UT_TIMEOUT), DEFAULT_SOCKET_TIMEOUT);
126
127 printf (_(UT_VERBOSE));
128
129 printf (_("\
130This plugin will attempt to open an HTTP connection with the host. Successful\n\
131connects return STATE_OK, refusals and timeouts return STATE_CRITICAL, other\n\
132errors return STATE_UNKNOWN. Successful connects, but incorrect reponse\n\
133messages from the host result in STATE_WARNING return values. If you are\n\
134checking a virtual server that uses 'host headers' you must supply the FQDN\n\
135(fully qualified domain name) as the [host_name] argument.\n"));
136
137#ifdef HAVE_SSL
138 printf (_("\n\
139This plugin can also check whether an SSL enabled web server is able to\n\
140serve content (optionally within a specified time) or whether the X509 \n\
141certificate is still valid for the specified number of days.\n"));
142 printf (_("\n\
143CHECK CONTENT: check_http -w 5 -c 10 --ssl www.verisign.com\n\n\
144When the 'www.verisign.com' server returns its content within 5 seconds, a\n\
145STATE_OK will be returned. When the server returns its content but exceeds\n\
146the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,\n\
147a STATE_CRITICAL will be returned.\n\n"));
148
149 printf (_("\
150CHECK CERTIFICATE: check_http www.verisign.com -C 14\n\n\
151When the certificate of 'www.verisign.com' is valid for more than 14 days, a\n\
152STATE_OK is returned. When the certificate is still valid, but for less than\n\
15314 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when\n\
154the certificate is expired.\n"));
155#endif
156
157 printf (_(UT_SUPPORT));
158
159}
160
161#ifdef HAVE_SSL_H 35#ifdef HAVE_SSL_H
162#include <rsa.h> 36#include <rsa.h>
163#include <crypto.h> 37#include <crypto.h>
@@ -249,10 +123,12 @@ char *http_post_data = "";
249char buffer[MAX_INPUT_BUFFER]; 123char buffer[MAX_INPUT_BUFFER];
250 124
251int process_arguments (int, char **); 125int process_arguments (int, char **);
252static char *base64 (char *bin, int len); 126static char *base64 (char *bin, size_t len);
253int check_http (void); 127int check_http (void);
254int my_recv (void); 128int my_recv (void);
255int my_close (void); 129int my_close (void);
130void print_help (void);
131void print_usage (void);
256 132
257int 133int
258main (int argc, char **argv) 134main (int argc, char **argv)
@@ -376,19 +252,24 @@ process_arguments (int argc, char **argv)
376 case 't': /* timeout period */ 252 case 't': /* timeout period */
377 if (!is_intnonneg (optarg)) 253 if (!is_intnonneg (optarg))
378 usage2 (_("timeout interval must be a non-negative integer"), optarg); 254 usage2 (_("timeout interval must be a non-negative integer"), optarg);
379 socket_timeout = atoi (optarg); 255 else
256 socket_timeout = atoi (optarg);
380 break; 257 break;
381 case 'c': /* critical time threshold */ 258 case 'c': /* critical time threshold */
382 if (!is_intnonneg (optarg)) 259 if (!is_intnonneg (optarg))
383 usage2 (_("invalid critical threshold"), optarg); 260 usage2 (_("invalid critical threshold"), optarg);
384 critical_time = strtod (optarg, NULL); 261 else {
385 check_critical_time = TRUE; 262 critical_time = strtod (optarg, NULL);
263 check_critical_time = TRUE;
264 }
386 break; 265 break;
387 case 'w': /* warning time threshold */ 266 case 'w': /* warning time threshold */
388 if (!is_intnonneg (optarg)) 267 if (!is_intnonneg (optarg))
389 usage2 (_("invalid warning threshold"), optarg); 268 usage2 (_("invalid warning threshold"), optarg);
390 warning_time = strtod (optarg, NULL); 269 else {
391 check_warning_time = TRUE; 270 warning_time = strtod (optarg, NULL);
271 check_warning_time = TRUE;
272 }
392 break; 273 break;
393 case 'L': /* show html link */ 274 case 'L': /* show html link */
394 display_html = TRUE; 275 display_html = TRUE;
@@ -408,8 +289,10 @@ process_arguments (int argc, char **argv)
408#ifdef HAVE_SSL 289#ifdef HAVE_SSL
409 if (!is_intnonneg (optarg)) 290 if (!is_intnonneg (optarg))
410 usage2 (_("invalid certificate expiration period"), optarg); 291 usage2 (_("invalid certificate expiration period"), optarg);
411 days_till_exp = atoi (optarg); 292 else {
412 check_cert = TRUE; 293 days_till_exp = atoi (optarg);
294 check_cert = TRUE;
295 }
413#else 296#else
414 usage (_("check_http: invalid option - SSL is not available\n")); 297 usage (_("check_http: invalid option - SSL is not available\n"));
415#endif 298#endif
@@ -442,8 +325,10 @@ process_arguments (int argc, char **argv)
442 case 'p': /* Host or server */ 325 case 'p': /* Host or server */
443 if (!is_intnonneg (optarg)) 326 if (!is_intnonneg (optarg))
444 usage2 (_("invalid port number"), optarg); 327 usage2 (_("invalid port number"), optarg);
445 server_port = atoi (optarg); 328 else {
446 specify_port = TRUE; 329 server_port = atoi (optarg);
330 specify_port = TRUE;
331 }
447 break; 332 break;
448 case 'a': /* authorization info */ 333 case 'a': /* authorization info */
449 strncpy (user_auth, optarg, MAX_INPUT_BUFFER - 1); 334 strncpy (user_auth, optarg, MAX_INPUT_BUFFER - 1);
@@ -529,11 +414,11 @@ process_arguments (int argc, char **argv)
529 414
530/* written by lauri alanko */ 415/* written by lauri alanko */
531static char * 416static char *
532base64 (char *bin, int len) 417base64 (char *bin, size_t len)
533{ 418{
534 419
535 char *buf = (char *) malloc ((len + 2) / 3 * 4 + 1); 420 char *buf = (char *) malloc ((len + 2) / 3 * 4 + 1);
536 int i = 0, j = 0; 421 size_t i = 0, j = 0;
537 422
538 char BASE64_END = '='; 423 char BASE64_END = '=';
539 char base64_table[64]; 424 char base64_table[64];
@@ -645,7 +530,7 @@ check_http (void)
645 530
646#ifdef HAVE_SSL 531#ifdef HAVE_SSL
647 if (use_ssl == TRUE) { 532 if (use_ssl == TRUE) {
648 if (SSL_write (ssl, buf, strlen (buf)) == -1) { 533 if (SSL_write (ssl, buf, (int)strlen(buf)) == -1) {
649 ERR_print_errors_fp (stderr); 534 ERR_print_errors_fp (stderr);
650 return STATE_CRITICAL; 535 return STATE_CRITICAL;
651 } 536 }
@@ -732,7 +617,7 @@ check_http (void)
732 asprintf (&msg, 617 asprintf (&msg,
733 _("Invalid HTTP response received from host on port %d\n"), 618 _("Invalid HTTP response received from host on port %d\n"),
734 server_port); 619 server_port);
735 die (STATE_CRITICAL, msg); 620 die (STATE_CRITICAL, "%s", msg);
736 } 621 }
737 622
738 623
@@ -840,7 +725,7 @@ check_http (void)
840 asprintf (&msg, _(" - %s - %.3f second response time %s%s|time=%.3f\n"), 725 asprintf (&msg, _(" - %s - %.3f second response time %s%s|time=%.3f\n"),
841 status_line, elapsed_time, timestamp, 726 status_line, elapsed_time, timestamp,
842 (display_html ? "</A>" : ""), elapsed_time); 727 (display_html ? "</A>" : ""), elapsed_time);
843 die (onredirect, msg); 728 die (onredirect, "%s", msg);
844 } /* end if (strstr (status_line, "30[0-4]") */ 729 } /* end if (strstr (status_line, "30[0-4]") */
845 730
846 731
@@ -853,9 +738,9 @@ check_http (void)
853 status_line, elapsed_time, timestamp, 738 status_line, elapsed_time, timestamp,
854 (display_html ? "</A>" : ""), elapsed_time); 739 (display_html ? "</A>" : ""), elapsed_time);
855 if (check_critical_time == TRUE && elapsed_time > critical_time) 740 if (check_critical_time == TRUE && elapsed_time > critical_time)
856 die (STATE_CRITICAL, msg); 741 die (STATE_CRITICAL, "%s", msg);
857 if (check_warning_time == TRUE && elapsed_time > warning_time) 742 if (check_warning_time == TRUE && elapsed_time > warning_time)
858 die (STATE_WARNING, msg); 743 die (STATE_WARNING, "%s", msg);
859 744
860 /* Page and Header content checks go here */ 745 /* Page and Header content checks go here */
861 /* these checks should be last */ 746 /* these checks should be last */
@@ -908,7 +793,7 @@ check_http (void)
908 asprintf (&msg, _("HTTP OK %s - %.3f second response time %s%s|time=%.3f\n"), 793 asprintf (&msg, _("HTTP OK %s - %.3f second response time %s%s|time=%.3f\n"),
909 status_line, (float)elapsed_time, 794 status_line, (float)elapsed_time,
910 timestamp, (display_html ? "</A>" : ""), elapsed_time); 795 timestamp, (display_html ? "</A>" : ""), elapsed_time);
911 die (STATE_OK, msg); 796 die (STATE_OK, "%s", msg);
912 return STATE_UNKNOWN; 797 return STATE_UNKNOWN;
913} 798}
914 799
@@ -920,7 +805,7 @@ int connect_SSL (void)
920 SSL_METHOD *meth; 805 SSL_METHOD *meth;
921 806
922 asprintf (&randbuff, "%s", "qwertyuiopasdfghjklqwertyuiopasdfghjkl"); 807 asprintf (&randbuff, "%s", "qwertyuiopasdfghjklqwertyuiopasdfghjkl");
923 RAND_seed (randbuff, strlen (randbuff)); 808 RAND_seed (randbuff, (int)strlen(randbuff));
924 if (verbose) 809 if (verbose)
925 printf(_("SSL seeding: %s\n"), (RAND_status()==1 ? _("OK") : _("Failed")) ); 810 printf(_("SSL seeding: %s\n"), (RAND_status()==1 ? _("OK") : _("Failed")) );
926 811
@@ -1078,3 +963,130 @@ my_close (void)
1078 } 963 }
1079#endif 964#endif
1080} 965}
966
967
968
969
970
971
972void
973print_help (void)
974{
975 print_revision (progname, revision);
976
977 printf (_(COPYRIGHT), copyright, email);
978
979 printf (_("\
980This plugin tests the HTTP service on the specified host. It can test\n\
981normal (http) and secure (https) servers, follow redirects, search for\n\
982strings and regular expressions, check connection times, and report on\n\
983certificate expiration times.\n"));
984
985 print_usage ();
986
987 printf (_("NOTE: One or both of -H and -I must be specified\n"));
988
989 printf (_(UT_HELP_VRSN));
990
991 printf (_("\
992 -H, --hostname=ADDRESS\n\
993 Host name argument for servers using host headers (virtual host)\n\
994 -I, --IP-address=ADDRESS\n\
995 IP address or name (use numeric address if possible to bypass DNS lookup).\n\
996 -p, --port=INTEGER\n\
997 Port number (default: %d)\n"), HTTP_PORT);
998
999 printf (_(UT_IPv46));
1000
1001#ifdef HAVE_SSL
1002 printf (_("\
1003 -S, --ssl\n\
1004 Connect via SSL\n\
1005 -C, --certificate=INTEGER\n\
1006 Minimum number of days a certificate has to be valid.\n\
1007 (when this option is used the url is not checked.)\n"));
1008#endif
1009
1010 printf (_("\
1011 -e, --expect=STRING\n\
1012 String to expect in first (status) line of server response (default: %s)\n\
1013 If specified skips all other status line logic (ex: 3xx, 4xx, 5xx processing)\n\
1014 -s, --string=STRING\n\
1015 String to expect in the content\n\
1016 -u, --url=PATH\n\
1017 URL to GET or POST (default: /)\n\
1018 -P, --post=STRING\n\
1019 URL encoded http POST data\n"), HTTP_EXPECT);
1020
1021#ifdef HAVE_REGEX_H
1022 printf (_("\
1023 -l, --linespan\n\
1024 Allow regex to span newlines (must precede -r or -R)\n\
1025 -r, --regex, --ereg=STRING\n\
1026 Search page for regex STRING\n\
1027 -R, --eregi=STRING\n\
1028 Search page for case-insensitive regex STRING\n"));
1029#endif
1030
1031 printf (_("\
1032 -a, --authorization=AUTH_PAIR\n\
1033 Username:password on sites with basic authentication\n\
1034 -L, --link=URL\n\
1035 Wrap output in HTML link (obsoleted by urlize)\n\
1036 -f, --onredirect=<ok|warning|critical|follow>\n\
1037 How to handle redirected pages\n\
1038 -m, --min=INTEGER\n\
1039 Minimum page size required (bytes)\n"));
1040
1041 printf (_(UT_WARN_CRIT));
1042
1043 printf (_(UT_TIMEOUT), DEFAULT_SOCKET_TIMEOUT);
1044
1045 printf (_(UT_VERBOSE));
1046
1047 printf (_("\
1048This plugin will attempt to open an HTTP connection with the host. Successful\n\
1049connects return STATE_OK, refusals and timeouts return STATE_CRITICAL, other\n\
1050errors return STATE_UNKNOWN. Successful connects, but incorrect reponse\n\
1051messages from the host result in STATE_WARNING return values. If you are\n\
1052checking a virtual server that uses 'host headers' you must supply the FQDN\n\
1053(fully qualified domain name) as the [host_name] argument.\n"));
1054
1055#ifdef HAVE_SSL
1056 printf (_("\n\
1057This plugin can also check whether an SSL enabled web server is able to\n\
1058serve content (optionally within a specified time) or whether the X509 \n\
1059certificate is still valid for the specified number of days.\n"));
1060 printf (_("\n\
1061CHECK CONTENT: check_http -w 5 -c 10 --ssl www.verisign.com\n\n\
1062When the 'www.verisign.com' server returns its content within 5 seconds, a\n\
1063STATE_OK will be returned. When the server returns its content but exceeds\n\
1064the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,\n\
1065a STATE_CRITICAL will be returned.\n\n"));
1066
1067 printf (_("\
1068CHECK CERTIFICATE: check_http www.verisign.com -C 14\n\n\
1069When the certificate of 'www.verisign.com' is valid for more than 14 days, a\n\
1070STATE_OK is returned. When the certificate is still valid, but for less than\n\
107114 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when\n\
1072the certificate is expired.\n"));
1073#endif
1074
1075 printf (_(UT_SUPPORT));
1076
1077}
1078
1079
1080
1081
1082void
1083print_usage (void)
1084{
1085 printf (_("\
1086Usage: %s (-H <vhost> | -I <IP-address>) [-u <uri>] [-p <port>]\n\
1087 [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L]\n\
1088 [-a auth] [-f <ok | warn | critcal | follow>] [-e <expect>]\n\
1089 [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n\
1090 [-P string] [-m min_pg_size] [-4|-6]\n"), progname);
1091 printf (_(UT_HLP_VRS), progname, progname);
1092}