From bb16b73130519cf5e93340480c8fd5e7e696a15f Mon Sep 17 00:00:00 2001 From: nafets Date: Mon, 17 Nov 2014 23:00:45 +0100 Subject: added option to exit with an warning, if there is output on STDERR --- plugins/check_by_ssh.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/plugins/check_by_ssh.c b/plugins/check_by_ssh.c index a877f888..bc172c97 100644 --- a/plugins/check_by_ssh.c +++ b/plugins/check_by_ssh.c @@ -49,6 +49,7 @@ unsigned int commands = 0; unsigned int services = 0; int skip_stdout = 0; int skip_stderr = 0; +int warn_on_stderr = 0; char *remotecmd = NULL; char **commargv = NULL; int commargc = 0; @@ -109,7 +110,10 @@ main (int argc, char **argv) if(chld_err.lines > skip_stderr) { printf (_("Remote command execution failed: %s\n"), chld_err.line[skip_stderr]); - return max_state_alt(result, STATE_UNKNOWN); + if ( warn_on_stderr ) + return max_state_alt(result, STATE_WARNING); + else + return max_state_alt(result, STATE_UNKNOWN); } /* this is simple if we're not supposed to be passive. @@ -182,6 +186,7 @@ process_arguments (int argc, char **argv) {"skip", optional_argument, 0, 'S'}, /* backwards compatibility */ {"skip-stdout", optional_argument, 0, 'S'}, {"skip-stderr", optional_argument, 0, 'E'}, + {"warn-on-stderr", no_argument, 0, 'W'}, {"proto1", no_argument, 0, '1'}, {"proto2", no_argument, 0, '2'}, {"use-ipv4", no_argument, 0, '4'}, @@ -301,6 +306,9 @@ process_arguments (int argc, char **argv) else skip_stderr = atoi (optarg); break; + case 'W': /* exit with warning if there is an output on stderr */ + warn_on_stderr = 1; + break; case 'o': /* Extra options for the ssh command */ comm_append("-o"); comm_append(optarg); @@ -408,6 +416,8 @@ print_help (void) printf (" %s\n", _("Ignore all or (if specified) first n lines on STDOUT [optional]")); printf (" %s\n", "-E, --skip-stderr[=n]"); printf (" %s\n", _("Ignore all or (if specified) first n lines on STDERR [optional]")); + printf (" %s\n", "-W, --warn-on-stderr]"); + printf (" %s\n", _("Exit with an warning, if there is an output on STDERR")); printf (" %s\n", "-f"); printf (" %s\n", _("tells ssh to fork rather than create a tty [optional]. This will always return OK if ssh is executed")); printf (" %s\n","-C, --command='COMMAND STRING'"); @@ -460,7 +470,7 @@ print_usage (void) { printf ("%s\n", _("Usage:")); printf (" %s -H -C [-fqv] [-1|-2] [-4|-6]\n" - " [-S [lines]] [-E [lines]] [-t timeout] [-i identity]\n" + " [-S [lines]] [-E [lines]] [-W] [-t timeout] [-i identity]\n" " [-l user] [-n name] [-s servicelist] [-O outputfile]\n" " [-p port] [-o ssh-option] [-F configfile]\n", progname); -- cgit v1.2.3-74-g34f1 From 05ac8a98a85e748643e6f2ab268587e6f78244f6 Mon Sep 17 00:00:00 2001 From: Elan Ruusamäe Date: Thu, 3 Mar 2016 21:31:27 +0200 Subject: understang ping6 output from iputils package --- plugins/check_ping.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/plugins/check_ping.c b/plugins/check_ping.c index 423ecbe5..36de7cf6 100644 --- a/plugins/check_ping.c +++ b/plugins/check_ping.c @@ -521,12 +521,13 @@ int error_scan (char buf[MAX_INPUT_BUFFER], const char *addr) { if (strstr (buf, "Network is unreachable") || - strstr (buf, "Destination Net Unreachable") + strstr (buf, "Destination Net Unreachable") || + strstr (buf, "No route") ) die (STATE_CRITICAL, _("CRITICAL - Network Unreachable (%s)\n"), addr); - else if (strstr (buf, "Destination Host Unreachable")) + else if (strstr (buf, "Destination Host Unreachable") || strstr(buf, "Address unreachable")) die (STATE_CRITICAL, _("CRITICAL - Host Unreachable (%s)\n"), addr); - else if (strstr (buf, "Destination Port Unreachable")) + else if (strstr (buf, "Destination Port Unreachable") || strstr(buf, "Port unreachable")) die (STATE_CRITICAL, _("CRITICAL - Bogus ICMP: Port Unreachable (%s)\n"), addr); else if (strstr (buf, "Destination Protocol Unreachable")) die (STATE_CRITICAL, _("CRITICAL - Bogus ICMP: Protocol Unreachable (%s)\n"), addr); @@ -534,11 +535,11 @@ error_scan (char buf[MAX_INPUT_BUFFER], const char *addr) die (STATE_CRITICAL, _("CRITICAL - Network Prohibited (%s)\n"), addr); else if (strstr (buf, "Destination Host Prohibited")) die (STATE_CRITICAL, _("CRITICAL - Host Prohibited (%s)\n"), addr); - else if (strstr (buf, "Packet filtered")) + else if (strstr (buf, "Packet filtered") || strstr(buf, "Administratively prohibited")) die (STATE_CRITICAL, _("CRITICAL - Packet Filtered (%s)\n"), addr); else if (strstr (buf, "unknown host" )) die (STATE_CRITICAL, _("CRITICAL - Host not found (%s)\n"), addr); - else if (strstr (buf, "Time to live exceeded")) + else if (strstr (buf, "Time to live exceeded") || strstr(buf, "Time exceeded")) die (STATE_CRITICAL, _("CRITICAL - Time to live exceeded (%s)\n"), addr); else if (strstr (buf, "Destination unreachable: ")) die (STATE_CRITICAL, _("CRITICAL - Destination Unreachable (%s)\n"), addr); -- cgit v1.2.3-74-g34f1 From a1f328900049852d9a2b4c810c28b49e2101e337 Mon Sep 17 00:00:00 2001 From: Ken D Date: Mon, 19 Jun 2017 14:06:05 -0500 Subject: Added option for null zero length string exit codes When using a large distributed network with the same group of checks used against a large number of devices, occationally there are missing cards in a few devices that are present in other devices. Rather than having a large number of unknown results, disable active checking on those large number of result or having to create a unique check configuration for those devices. This option allows you to select an OK, WARNING, CRITICAL or UNKNOWN status while still retaining the default behavior when not present. This also allows a for the check to immediately start checks as intended should the hardware be added that the check is looking for. --- plugins/check_snmp.c | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c index abe54cfb..66d761c6 100644 --- a/plugins/check_snmp.c +++ b/plugins/check_snmp.c @@ -113,6 +113,7 @@ char *authproto = NULL; char *privproto = NULL; char *authpasswd = NULL; char *privpasswd = NULL; +int nulloid = 3; char **oids = NULL; size_t oids_size = 0; char *label; @@ -472,8 +473,16 @@ main (int argc, char **argv) print_thresholds(" thresholds", thlds[i]); } ptr = strpbrk (show, "-0123456789"); - if (ptr == NULL) - die (STATE_UNKNOWN,_("No valid data returned (%s)\n"), show); + if (ptr == NULL){ + if (nulloid == 3) + die (STATE_UNKNOWN,_("No valid data returned (%s)\n"), show); + else if (nulloid == 0) + die (STATE_OK,_("No valid data returned (%s)\n"), show); + else if (nulloid == 1) + die (STATE_WARNING,_("No valid data returned (%s)\n"), show); + else if (nulloid == 2) + die (STATE_CRITICAL,_("No valid data returned (%s)\n"), show); + } while (i >= response_size) { response_size += OID_COUNT_STEP; response_value = realloc(response_value, response_size * sizeof(*response_value)); @@ -661,6 +670,7 @@ process_arguments (int argc, char **argv) {"oid", required_argument, 0, 'o'}, {"object", required_argument, 0, 'o'}, {"delimiter", required_argument, 0, 'd'}, + {"nulloid", required_argument, 0, 'z'}, {"output-delimiter", required_argument, 0, 'D'}, {"string", required_argument, 0, 's'}, {"timeout", required_argument, 0, 't'}, @@ -705,7 +715,7 @@ process_arguments (int argc, char **argv) } while (1) { - c = getopt_long (argc, argv, "nhvVO46t:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:", + c = getopt_long (argc, argv, "nhvVO46t:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:z:", longopts, &option); if (c == -1 || c == EOF) @@ -816,6 +826,12 @@ process_arguments (int argc, char **argv) eval_method[j+1] |= CRIT_PRESENT; } break; + case 'z': /* Null OID Return Check */ + if (!is_integer (optarg)) + usage2 (_("Exit status must be a positive integer"), optarg); + else + nulloid = atoi(optarg); + break; case 's': /* string or substring */ strncpy (string_value, optarg, sizeof (string_value) - 1); string_value[sizeof (string_value) - 1] = 0; @@ -1181,6 +1197,14 @@ print_help (void) printf (" %s \"%s\"\n", _("Delimiter to use when parsing returned data. Default is"), DEFAULT_DELIMITER); printf (" %s\n", _("Any data on the right hand side of the delimiter is considered")); printf (" %s\n", _("to be the data that should be used in the evaluation.")); + printf (" %s\n", "-z, --nulloid=#"); + printf (" %s\n", _("If the check returns a 0 length string or NULL value")); + printf (" %s\n", _("This option allows you to choose what status you want it to exit")); + printf (" %s\n", _("Excluding this option renders the default exit of 3(STATE_UNKNOWN)")); + printf (" %s\n", _("0 = OK")); + printf (" %s\n", _("1 = WARNING")); + printf (" %s\n", _("2 = CRITICAL")); + printf (" %s\n", _("3 = UNKNOWN")); /* Tests Against Integers */ printf (" %s\n", "-w, --warning=THRESHOLD(s)"); -- cgit v1.2.3-74-g34f1 From 69fed9d08363085e8f6689bc8c9df2e9ad0f4cdb Mon Sep 17 00:00:00 2001 From: Ken D Date: Mon, 27 Aug 2018 09:53:11 -0500 Subject: Updated int state to human readable --- plugins/check_snmp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c index 66d761c6..bd13e579 100644 --- a/plugins/check_snmp.c +++ b/plugins/check_snmp.c @@ -113,7 +113,7 @@ char *authproto = NULL; char *privproto = NULL; char *authpasswd = NULL; char *privpasswd = NULL; -int nulloid = 3; +int nulloid = STATE_UNKNOWN; char **oids = NULL; size_t oids_size = 0; char *label; -- cgit v1.2.3-74-g34f1 From c255656a4c80514dc649e0521dfd64ca923329ce Mon Sep 17 00:00:00 2001 From: Lorenz <12514511+RincewindsHat@users.noreply.github.com> Date: Fri, 21 Jan 2022 15:12:35 +0100 Subject: Rebase to master (#1731) --- plugins-scripts/check_mailq.pl | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/plugins-scripts/check_mailq.pl b/plugins-scripts/check_mailq.pl index 3914f4a7..8cc3d0f6 100755 --- a/plugins-scripts/check_mailq.pl +++ b/plugins-scripts/check_mailq.pl @@ -567,12 +567,14 @@ exit $state; sub process_arguments(){ GetOptions - ("V" => \$opt_V, "version" => \$opt_V, - "v" => \$opt_v, "verbose" => \$opt_v, - "h" => \$opt_h, "help" => \$opt_h, + ("V" => \$opt_V, "version" => \$opt_V, + "v" => \$opt_v, "verbose" => \$opt_v, + "h" => \$opt_h, "help" => \$opt_h, "M:s" => \$opt_M, "mailserver:s" => \$opt_M, # mailserver (default sendmail) "w=i" => \$opt_w, "warning=i" => \$opt_w, # warning if above this number - "c=i" => \$opt_c, "critical=i" => \$opt_c, # critical if above this number + "c=i" => \$opt_c, "critical=i" => \$opt_c, # critical if above this number + "W=i" => \$opt_W, "warning-domain=i" => \$opt_W, # Warning if above this number + "C=i" => \$opt_C, "critical-domain=i" => \$opt_C, # Critical if above this number "t=i" => \$opt_t, "timeout=i" => \$opt_t, "s" => \$opt_s, "sudo" => \$opt_s, "d:s" => \$opt_d, "configdir:s" => \$opt_d, @@ -671,15 +673,15 @@ sub print_help () { print " Feedback/patches to support non-sendmail mailqueue welcome\n\n"; print "-w (--warning) = Min. number of messages in queue to generate warning\n"; print "-c (--critical) = Min. number of messages in queue to generate critical alert ( w < c )\n"; - print "-W = Min. number of messages for same domain in queue to generate warning\n"; - print "-C = Min. number of messages for same domain in queue to generate critical alert ( W < C )\n"; + print "-W (--warning-domain) = Min. number of messages for same domain in queue to generate warning\n"; + print "-C (--critical-domain) = Min. number of messages for same domain in queue to generate critical alert ( W < C )\n"; print "-t (--timeout) = Plugin timeout in seconds (default = $utils::TIMEOUT)\n"; print "-M (--mailserver) = [ sendmail | qmail | postfix | exim | nullmailer ] (default = autodetect)\n"; print "-s (--sudo) = Use sudo to call the mailq command\n"; print "-d (--configdir) = Config file or directory\n"; print "-h (--help)\n"; print "-V (--version)\n"; - print "-v (--verbose) = debugging output\n"; + print "-v (--verbose) = debugging output\n"; print "\n\n"; print "Note: -w and -c are required arguments. -W and -C are optional.\n"; print " -W and -C are applied to domains listed on the queues - both FROM and TO. (sendmail)\n"; -- cgit v1.2.3-74-g34f1 From 3b252b9ae61b5e5c577ea57f3c6bf00c3bb7517d Mon Sep 17 00:00:00 2001 From: "Mark A. Ziesemer" Date: Sat, 22 Jan 2022 08:58:59 -0600 Subject: Trivial source code formatting only: Use tabs consistently for source code indentation (whitespace), as per https://github.com/monitoring-plugins/monitoring-plugins/blob/master/CODING . (#1424) Looks good, thank you very much. --- plugins/check_ping.c | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/plugins/check_ping.c b/plugins/check_ping.c index 5ea11294..741f732e 100644 --- a/plugins/check_ping.c +++ b/plugins/check_ping.c @@ -140,7 +140,7 @@ main (int argc, char **argv) if (pl == UNKNOWN_PACKET_LOSS || rta < 0.0) { printf ("%s\n", cmd); die (STATE_UNKNOWN, - _("CRITICAL - Could not interpret output from ping command\n")); + _("CRITICAL - Could not interpret output from ping command\n")); } if (pl >= cpl || rta >= crta || rta < 0) @@ -554,7 +554,7 @@ error_scan (char buf[MAX_INPUT_BUFFER], const char *addr) if (warn_text == NULL) warn_text = strdup (_(WARN_DUPLICATES)); else if (! strstr (warn_text, _(WARN_DUPLICATES)) && - xasprintf (&warn_text, "%s %s", warn_text, _(WARN_DUPLICATES)) == -1) + xasprintf (&warn_text, "%s %s", warn_text, _(WARN_DUPLICATES)) == -1) die (STATE_UNKNOWN, _("Unable to realloc warn_text\n")); return (STATE_WARNING); } @@ -574,7 +574,7 @@ print_help (void) printf (_("Use ping to check connection statistics for a remote host.")); - printf ("\n\n"); + printf ("\n\n"); print_usage (); @@ -584,29 +584,29 @@ print_help (void) printf (UT_IPv46); printf (" %s\n", "-H, --hostname=HOST"); - printf (" %s\n", _("host to ping")); - printf (" %s\n", "-w, --warning=THRESHOLD"); - printf (" %s\n", _("warning threshold pair")); - printf (" %s\n", "-c, --critical=THRESHOLD"); - printf (" %s\n", _("critical threshold pair")); - printf (" %s\n", "-p, --packets=INTEGER"); - printf (" %s ", _("number of ICMP ECHO packets to send")); - printf (_("(Default: %d)\n"), DEFAULT_MAX_PACKETS); - printf (" %s\n", "-L, --link"); - printf (" %s\n", _("show HTML in the plugin output (obsoleted by urlize)")); + printf (" %s\n", _("host to ping")); + printf (" %s\n", "-w, --warning=THRESHOLD"); + printf (" %s\n", _("warning threshold pair")); + printf (" %s\n", "-c, --critical=THRESHOLD"); + printf (" %s\n", _("critical threshold pair")); + printf (" %s\n", "-p, --packets=INTEGER"); + printf (" %s ", _("number of ICMP ECHO packets to send")); + printf (_("(Default: %d)\n"), DEFAULT_MAX_PACKETS); + printf (" %s\n", "-L, --link"); + printf (" %s\n", _("show HTML in the plugin output (obsoleted by urlize)")); printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); - printf ("\n"); + printf ("\n"); printf ("%s\n", _("THRESHOLD is ,% where is the round trip average travel")); - printf ("%s\n", _("time (ms) which triggers a WARNING or CRITICAL state, and is the")); - printf ("%s\n", _("percentage of packet loss to trigger an alarm state.")); + printf ("%s\n", _("time (ms) which triggers a WARNING or CRITICAL state, and is the")); + printf ("%s\n", _("percentage of packet loss to trigger an alarm state.")); - printf ("\n"); + printf ("\n"); printf ("%s\n", _("This plugin uses the ping command to probe the specified host for packet loss")); - printf ("%s\n", _("(percentage) and round trip average (milliseconds). It can produce HTML output")); - printf ("%s\n", _("linking to a traceroute CGI contributed by Ian Cass. The CGI can be found in")); - printf ("%s\n", _("the contrib area of the downloads section at http://www.nagios.org/")); + printf ("%s\n", _("(percentage) and round trip average (milliseconds). It can produce HTML output")); + printf ("%s\n", _("linking to a traceroute CGI contributed by Ian Cass. The CGI can be found in")); + printf ("%s\n", _("the contrib area of the downloads section at http://www.nagios.org/")); printf (UT_SUPPORT); } @@ -614,7 +614,7 @@ print_help (void) void print_usage (void) { - printf ("%s\n", _("Usage:")); + printf ("%s\n", _("Usage:")); printf ("%s -H -w ,%% -c ,%%\n", progname); - printf (" [-p packets] [-t timeout] [-4|-6]\n"); + printf (" [-p packets] [-t timeout] [-4|-6]\n"); } -- cgit v1.2.3-74-g34f1 From cf669f5ff51b746569ded30e990b9d53e5234da0 Mon Sep 17 00:00:00 2001 From: Lorenz <12514511+RincewindsHat@users.noreply.github.com> Date: Sat, 22 Jan 2022 22:23:13 +0100 Subject: Trivial printf fix and a little bit of code style (#1695) * Fix several warnings (and some downright bugs probably) with formating in check_disk Update to master * Fix merge error, I forgot the last time * Fix indentation Co-authored-by: rincewind --- plugins/check_disk.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/plugins/check_disk.c b/plugins/check_disk.c index 54befcad..9652f453 100644 --- a/plugins/check_disk.c +++ b/plugins/check_disk.c @@ -230,8 +230,10 @@ main (int argc, char **argv) /* Process for every path in list */ for (path = path_select_list; path; path=path->name_next) { if (verbose >= 3 && path->freespace_percent->warning != NULL && path->freespace_percent->critical != NULL) - printf("Thresholds(pct) for %s warn: %f crit %f\n",path->name, path->freespace_percent->warning->end, - path->freespace_percent->critical->end); + printf("Thresholds(pct) for %s warn: %f crit %f\n", + path->name, + path->freespace_percent->warning->end, + path->freespace_percent->critical->end); if (verbose >= 3 && path->group != NULL) printf("Group of %s: %s\n",path->name,path->group); -- cgit v1.2.3-74-g34f1 From b14e251d0f28cc2acb93df79da099bb3cdb5ec08 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Fri, 21 Jan 2022 11:04:14 +0100 Subject: Implements 'host-alive' mode (Closes. #1027) To reduce the check-duration, it addes a host-alive flag which stops testing after the first successful reply. --- plugins/check_fping.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/plugins/check_fping.c b/plugins/check_fping.c index 521d0fef..540650ae 100644 --- a/plugins/check_fping.c +++ b/plugins/check_fping.c @@ -65,6 +65,7 @@ double crta; double wrta; int cpl_p = FALSE; int wpl_p = FALSE; +int alive_p = FALSE; int crta_p = FALSE; int wrta_p = FALSE; @@ -150,6 +151,19 @@ main (int argc, char **argv) if (result = spclose (child_process)) /* need to use max_state not max */ status = max_state (status, STATE_WARNING); + if (alive_p && strstr (buf, "avg, 0% loss)")){ + rtastr = strstr (buf, "ms ("); + rtastr = 1 + index (rtastr, '('); + rta = strtod (rtastr, NULL); + loss=strtod ("0",NULL); + die (STATE_OK, + _("FPING %s - %s (rta=%f ms)|%s %s\n"), + state_text (STATE_OK), server_name,rta, + perfdata ("loss", (long int)loss, "%", wpl_p, wpl, cpl_p, cpl, TRUE, 0, TRUE, 100), + fperfdata ("rta", rta/1.0e3, "s", wrta_p, wrta/1.0e3, crta_p, crta/1.0e3, TRUE, 0, FALSE, 0)); + + } + if (result > 1 ) { status = max_state (status, STATE_UNKNOWN); @@ -275,6 +289,9 @@ process_arguments (int argc, char **argv) static struct option longopts[] = { {"hostname", required_argument, 0, 'H'}, {"sourceip", required_argument, 0, 'S'}, + case 'a': /* host alive mode */ + alive_p = TRUE; + break; {"sourceif", required_argument, 0, 'I'}, {"critical", required_argument, 0, 'c'}, {"warning", required_argument, 0, 'w'}, @@ -304,7 +321,7 @@ process_arguments (int argc, char **argv) } while (1) { - c = getopt_long (argc, argv, "+hVvH:S:c:w:b:n:T:i:I:46", longopts, &option); + c = getopt_long (argc, argv, "+hVvaH:S:c:w:b:n:T:i:I:46", longopts, &option); if (c == -1 || c == EOF || c == 1) break; @@ -416,6 +433,9 @@ get_threshold (char *arg, char *rv[2]) arg2 = 1 + strpbrk (arg1, ",:"); if (arg2) { + printf (" %s\n", "-a"); + printf (" %s\n", _("Return OK after first successfull reply")); + arg1[strcspn (arg1, ",:")] = 0; if (strstr (arg1, "%") && strstr (arg2, "%")) die (STATE_UNKNOWN, -- cgit v1.2.3-74-g34f1 From 3bcc64396d8768d984eb58eb0a80213c2a8528ca Mon Sep 17 00:00:00 2001 From: RincewindsHat <12514511+RincewindsHat@users.noreply.github.com> Date: Sat, 22 Jan 2022 20:01:49 +0100 Subject: Fixes the positioning of the code and some other changes --- plugins/check_fping.c | 53 +++++++++++++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 27 deletions(-) diff --git a/plugins/check_fping.c b/plugins/check_fping.c index 540650ae..be9362ad 100644 --- a/plugins/check_fping.c +++ b/plugins/check_fping.c @@ -37,6 +37,7 @@ const char *email = "devel@monitoring-plugins.org"; #include "popen.h" #include "netutils.h" #include "utils.h" +#include enum { PACKET_COUNT = 1, @@ -65,7 +66,7 @@ double crta; double wrta; int cpl_p = FALSE; int wpl_p = FALSE; -int alive_p = FALSE; +bool alive_p = FALSE; int crta_p = FALSE; int wrta_p = FALSE; @@ -148,23 +149,12 @@ main (int argc, char **argv) (void) fclose (child_stderr); /* close the pipe */ - if (result = spclose (child_process)) + result = spclose (child_process); + if (result) { /* need to use max_state not max */ status = max_state (status, STATE_WARNING); - if (alive_p && strstr (buf, "avg, 0% loss)")){ - rtastr = strstr (buf, "ms ("); - rtastr = 1 + index (rtastr, '('); - rta = strtod (rtastr, NULL); - loss=strtod ("0",NULL); - die (STATE_OK, - _("FPING %s - %s (rta=%f ms)|%s %s\n"), - state_text (STATE_OK), server_name,rta, - perfdata ("loss", (long int)loss, "%", wpl_p, wpl, cpl_p, cpl, TRUE, 0, TRUE, 100), - fperfdata ("rta", rta/1.0e3, "s", wrta_p, wrta/1.0e3, crta_p, crta/1.0e3, TRUE, 0, FALSE, 0)); - } - if (result > 1 ) { status = max_state (status, STATE_UNKNOWN); if (result == 2) { @@ -185,10 +175,7 @@ main (int argc, char **argv) } - -int -textscan (char *buf) -{ +int textscan (char *buf) { char *rtastr = NULL; char *losstr = NULL; char *xmtstr = NULL; @@ -197,6 +184,20 @@ textscan (char *buf) double xmt; int status = STATE_UNKNOWN; + /* stops testing after the first successful reply. */ + if (alive_p && strstr(buf, "avg, 0% loss)")) { + rtastr = strstr (buf, "ms ("); + rtastr = 1 + index(rtastr, '('); + rta = strtod(rtastr, NULL); + loss=strtod("0",NULL); + die (STATE_OK, + _("FPING %s - %s (rta=%f ms)|%s\n"), + state_text (STATE_OK), server_name,rta, + /* No loss since we only waited for the first reply + perfdata ("loss", (long int)loss, "%", wpl_p, wpl, cpl_p, cpl, TRUE, 0, TRUE, 100), */ + fperfdata ("rta", rta/1.0e3, "s", wrta_p, wrta/1.0e3, crta_p, crta/1.0e3, TRUE, 0, FALSE, 0)); + } + if (strstr (buf, "not found")) { die (STATE_CRITICAL, _("FPING UNKNOWN - %s not found\n"), server_name); @@ -289,12 +290,10 @@ process_arguments (int argc, char **argv) static struct option longopts[] = { {"hostname", required_argument, 0, 'H'}, {"sourceip", required_argument, 0, 'S'}, - case 'a': /* host alive mode */ - alive_p = TRUE; - break; {"sourceif", required_argument, 0, 'I'}, {"critical", required_argument, 0, 'c'}, {"warning", required_argument, 0, 'w'}, + {"alive", no_argument, 0, 'a'}, {"bytes", required_argument, 0, 'b'}, {"number", required_argument, 0, 'n'}, {"target-timeout", required_argument, 0, 'T'}, @@ -329,6 +328,9 @@ process_arguments (int argc, char **argv) switch (c) { case '?': /* print short usage statement if args not parsable */ usage5 (); + case 'a': /* host alive mode */ + alive_p = TRUE; + break; case 'h': /* help */ print_help (); exit (STATE_UNKNOWN); @@ -433,9 +435,6 @@ get_threshold (char *arg, char *rv[2]) arg2 = 1 + strpbrk (arg1, ",:"); if (arg2) { - printf (" %s\n", "-a"); - printf (" %s\n", _("Return OK after first successfull reply")); - arg1[strcspn (arg1, ",:")] = 0; if (strstr (arg1, "%") && strstr (arg2, "%")) die (STATE_UNKNOWN, @@ -466,9 +465,7 @@ get_threshold (char *arg, char *rv[2]) } -void -print_help (void) -{ +void print_help (void) { print_revision (progname, NP_VERSION); @@ -494,6 +491,8 @@ print_help (void) printf (" %s\n", _("warning threshold pair")); printf (" %s\n", "-c, --critical=THRESHOLD"); printf (" %s\n", _("critical threshold pair")); + printf (" %s\n", "-a, --alive"); + printf (" %s\n", _("Return OK after first successfull reply")); printf (" %s\n", "-b, --bytes=INTEGER"); printf (" %s (default: %d)\n", _("size of ICMP packet"),PACKET_SIZE); printf (" %s\n", "-n, --number=INTEGER"); -- cgit v1.2.3-74-g34f1 From 49bf8b3e61264d9783b07bc1299492c448e3a0eb Mon Sep 17 00:00:00 2001 From: Lorenz <12514511+RincewindsHat@users.noreply.github.com> Date: Sun, 23 Jan 2022 14:41:16 +0100 Subject: Point to Icinga Exchange instead of dead Monitoring Exchange (#1737) --- doc/developer-guidelines.sgml | 146 +++++++++++++++++++++--------------------- 1 file changed, 73 insertions(+), 73 deletions(-) diff --git a/doc/developer-guidelines.sgml b/doc/developer-guidelines.sgml index 6f31f365..28674e05 100644 --- a/doc/developer-guidelines.sgml +++ b/doc/developer-guidelines.sgml @@ -13,7 +13,7 @@ 2013 Monitoring Plugins Development Guidelines - + 1796 @@ -72,14 +72,14 @@
Plugin Output for Nagios - - You should always print something to STDOUT that tells if the - service is working or why it is failing. Try to keep the output short - - probably less that 80 characters. Remember that you ideally would like + + You should always print something to STDOUT that tells if the + service is working or why it is failing. Try to keep the output short - + probably less that 80 characters. Remember that you ideally would like the entire output to appear in a pager message, which will get chopped off after a certain length. - As Nagios does not capture stderr output, you should only output to + As Nagios does not capture stderr output, you should only output to STDOUT and not print to STDERR.
Print only one line of text @@ -101,7 +101,7 @@ SERVICE STATUS: Information text However, note that this is not a requirement of the API, so you cannot depend on this - being an accurate reflection of the status of the service - the status should always + being an accurate reflection of the status of the service - the status should always be determined by the return code.
@@ -148,7 +148,7 @@ Code and output should try to respect the 80x25 size of a crt (remember when fixing stuff in the server room!)
- +
Plugin Return Codes The return codes below are based on the POSIX spec of returning a positive value. Netsaint prior to v0.0.7 supported non-POSIX @@ -157,11 +157,11 @@ Note: Some plugins will on occasion print on STDOUT that an error occurred and error code is 138 or 255 or some such number. These - are usually caused by plugins using system commands and having not + are usually caused by plugins using system commands and having not enough checks to catch unexpected output. Developers should include a default catch-all for system command output that returns an UNKNOWN return code. - + Plugin Return Codes @@ -175,20 +175,20 @@ 0 OK - The plugin was able to check the service and it + The plugin was able to check the service and it appeared to be functioning properly 1 Warning - The plugin was able to check the service, but it - appeared to be above some "warning" threshold or did not appear + The plugin was able to check the service, but it + appeared to be above some "warning" threshold or did not appear to be working properly 2 Critical - The plugin detected that either the service was not + The plugin detected that either the service was not running or it was above some "critical" threshold @@ -207,7 +207,7 @@
- +
Threshold and ranges @@ -218,7 +218,7 @@ set_thresholds(thresholds *, char *, char *) function to set the thresholds. The theory is that the plugin will do some sort of check which returns - back a numerical value, or metric, which is then compared to the warning and + back a numerical value, or metric, which is then compared to the warning and critical thresholds. Use the get_status(double, thresholds *) function to compare the value against the thresholds. This is the generalised format for ranges: @@ -226,14 +226,14 @@ [@]start:end - + Notes: start ≤ end start and ":" is not required if start=0 - if range is of format "start:" and end is not specified, + if range is of format "start:" and end is not specified, assume end is infinity to specify negative infinity, use "~" @@ -245,7 +245,7 @@ (inclusive of endpoints) - + Note: Not all plugins are coded to expect ranges in this format yet. There will be some work in providing multiple metrics. @@ -344,7 +344,7 @@ label can contain any characters except the equals sign or single quote (') - the single quotes for the label are optional. Required if + the single quotes for the label are optional. Required if spaces are in the label label length is arbitrary, but ideally the first 19 characters @@ -353,7 +353,7 @@ to specify a quote character, use two single quotes - warn, crit, min or max may be null (for example, if the threshold is + warn, crit, min or max may be null (for example, if the threshold is not defined or min and max do not apply). Trailing unfilled semicolons can be dropped @@ -363,12 +363,12 @@ same UOM. value may be a literal "U" instead, this would indicate that the actual value couldn't be determined - warn and crit are in the range format (see + warn and crit are in the range format (see ). Must be the same UOM UOM (unit of measurement) is one of: - no unit specified - assume a number (int or float) + no unit specified - assume a number (int or float) of things (eg, users, processes, load averages) s - seconds (also us, ms) @@ -385,9 +385,9 @@
Translations - If possible, use translation tools for all output to respect the user's language - settings. See for guidelines - for the core plugins. + If possible, use translation tools for all output to respect the user's language + settings. See for guidelines + for the core plugins.
@@ -436,7 +436,7 @@ - + @@ -447,17 +447,17 @@ Perl Nagios (ePN) requires stricter use of the some of Perl's features. This section outlines some of the steps needed to use ePN effectively. - + - - Do not use BEGIN and END blocks since they will be called - only once (when Nagios starts and shuts down) with Embedded Perl (ePN). In + + Do not use BEGIN and END blocks since they will be called + only once (when Nagios starts and shuts down) with Embedded Perl (ePN). In particular, do not use BEGIN blocks to initialize variables. - + To use utils.pm, you need to provide a full path to the module in order for it to work. - + e.g. use lib "/usr/local/nagios/libexec"; @@ -467,24 +467,24 @@ Perl scripts should be called with "-w" - + All Perl plugins must compile cleanly under "use strict" - i.e. at least explicitly package names as in "$main::x" or predeclare every variable. - + Explicitly initialize each variable in use. Otherwise with caching enabled, the plugin will not be recompiled each time, and therefore Perl will not reinitialize all the variables. All old variable values will still be in effect. - + Do not use >DATA< handles (these simply do not compile under ePN). Do not use global variables in named subroutines. This is bad practise anyway, but with ePN the compiler will report an error "<global_var> will not stay shared ..". Values used by - subroutines should be passed in the argument list. + subroutines should be passed in the argument list. If writing to a file (perhaps recording @@ -492,8 +492,8 @@ calls exit; that is caught by p1.pl, so output streams are never closed. - - As in all plugins need + + As in all plugins need to monitor their runtime, specially if they are using network resources. Use of the alarm is recommended noting that some Perl modules (eg LWP) manage timers, so that an alarm @@ -507,9 +507,9 @@ and then "exit $ERRORS{'OK'}" rather than "exit 0" - + - +
Runtime Timeouts @@ -524,14 +524,14 @@ df could lock up like that. Plus, it should just be more error resistant to be able to time out rather than consume resources. - +
Use DEFAULT_SOCKET_TIMEOUT All network plugins should use DEFAULT_SOCKET_TIMEOUT to timeout
- +
Add alarms to network plugins If you write a plugin which communicates with another @@ -543,16 +543,16 @@
- +
Plugin Options - - A well written plugin should have --help as a way to get + + A well written plugin should have --help as a way to get verbose help. Code and output should try to respect the 80x25 size of a crt (remember when fixing stuff in the server room!) - +
Option Processing For plugins written in C, we recommend the C standard @@ -585,11 +585,11 @@ -p port or password (--port or --passwd/--password)monitors operational -u url or username (--url or --username) - + Look at check_pgsql and check_procs to see how I currently think this can work. Standard options are: - + The option -V or --version should be present in all plugins. For C plugins it should result in a call to print_revision, a function in utils.c which takes two character arguments, the @@ -603,7 +603,7 @@ The option -h or --help should be present in all plugins. In C plugins, it should result in a call to print_help (or - equivalent). The function print_help should call print_revision, + equivalent). The function print_help should call print_revision, then print_usage, then should provide detailed help. Help text should fit on an 80-character width display, but may run as many lines as needed. @@ -666,7 +666,7 @@ As always, comments are welcome - making this consistent without a host of long options was quite a hassle, and I would - suspect that there are flaws in this strategy. + suspect that there are flaws in this strategy.
@@ -678,7 +678,7 @@ create and update test cases where possible. -To run a test, from the top level directory, run "make test". This will run +To run a test, from the top level directory, run "make test". This will run all the current tests and report an overall success rate. @@ -697,7 +697,7 @@ This runs the test in a summary format. -For a good and amusing tutorial on using Test::More, see this +For a good and amusing tutorial on using Test::More, see this link @@ -706,16 +706,16 @@ link
Testing the C library functions -We use the libtap library, which gives +We use the libtap library, which gives perl's TAP (Test Anything Protocol) output. This is used by the FreeBSD team for their regression testing. -To run tests using the libtap library, download the latest tar ball and extract. -There is a problem with tap-1.01 where +To run tests using the libtap library, download the latest tar ball and extract. +There is a problem with tap-1.01 where pthread support doesn't appear to work -properly on non-FreeBSD systems. Install with 'CPPFLAGS="-UHAVE_LIBPTHREAD" ./configure && make && make check && make install'. +properly on non-FreeBSD systems. Install with 'CPPFLAGS="-UHAVE_LIBPTHREAD" ./configure && make && make check && make install'. @@ -729,8 +729,8 @@ setup the tests. Run "make test" to run all the tests. See GNU Coding standards for general guidelines.
C coding - - Variables should be declared at the beginning of code blocks and + + Variables should be declared at the beginning of code blocks and not inline because of portability with older compilers. You should use /* */ for comments and not // as some compilers @@ -745,8 +745,8 @@ setup the tests. Run "make test" to run all the tests. If you have copied a routine from another source, make sure the licence from your source allows this. Add a comment referencing the ACKNOWLEDGEMENTS file, where you can put more detail about the source. - For contributed code, do not add any named credits in the source code - - contributors should be added into the THANKS.in file instead. + For contributed code, do not add any named credits in the source code + - contributors should be added into the THANKS.in file instead.
@@ -809,11 +809,11 @@ setup the tests. Run "make test" to run all the tests.
Contributed plugins - Plugins that have been contributed to the project and + Plugins that have been contributed to the project and distributed with the Monitoring Plugins files are held in the contrib/ directory and are not installed - by default. These plugins are not officially supported by the team. - The current policy is that these plugins should be owned and maintained by the original - contributor, preferably hosted on Monitoring Exchange. + by default. These plugins are not officially supported by the team. + The current policy is that these plugins should be owned and maintained by the original + contributor, preferably hosted on Icinga Exchange. If patches or bugs are raised to an contributed plugin, we will start communications with the original contributor, but seek to remove the plugin from our distribution. @@ -824,11 +824,11 @@ setup the tests. Run "make test" to run all the tests.
New plugins If you would like others to use your plugins, please add it to - the official 3rd party plugin repository, - Monitoring Exchange. + the official 3rd party plugin repository, + Icinga Exchange. - We are not accepting requests for inclusion of plugins into + We are not accepting requests for inclusion of plugins into our distribution at the moment, but when we do, these are the minimum requirements: @@ -843,9 +843,9 @@ setup the tests. Run "make test" to run all the tests. --timeout, --warning, --critical) - It is determined to be not redundant (for instance, we would not - add a new version of check_disk just because someone had provide - a plugin that had perf checking - we would incorporate the features + It is determined to be not redundant (for instance, we would not + add a new version of check_disk just because someone had provide + a plugin that had perf checking - we would incorporate the features into an exisiting plugin) @@ -857,7 +857,7 @@ setup the tests. Run "make test" to run all the tests. utils (perl or c or sh) rather than using its own - Includes patches to configure.in if required (via the EXTRAS list if + Includes patches to configure.in if required (via the EXTRAS list if it will only work on some platforms) @@ -870,5 +870,5 @@ utils (perl or c or sh) rather than using its own
- + -- cgit v1.2.3-74-g34f1 From e2397167c7e5c7a02b68de45de946f63706e7d12 Mon Sep 17 00:00:00 2001 From: datamuc Date: Tue, 25 Jan 2022 10:57:02 +0100 Subject: add --queryname parameter to check_pgsql (#1741) This is used in the long output instead of the actual query. So instead of OK - 'select stuff from various, tables where some_stuff is null and other_stuff is not null' returned 42 one can use --queryname=check_greatest_basket and it will print OK - check_greatest_basket returned 42 That's nicer for alerting purposes, at least in our use case. --- plugins/check_pgsql.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/plugins/check_pgsql.c b/plugins/check_pgsql.c index b8fc5f1d..c893386c 100644 --- a/plugins/check_pgsql.c +++ b/plugins/check_pgsql.c @@ -85,6 +85,8 @@ char *pgparams = NULL; double twarn = (double)DEFAULT_WARN; double tcrit = (double)DEFAULT_CRIT; char *pgquery = NULL; +#define OPTID_QUERYNAME -1000 +char *pgqueryname = NULL; char *query_warning = NULL; char *query_critical = NULL; thresholds *qthresholds = NULL; @@ -285,6 +287,7 @@ process_arguments (int argc, char **argv) {"database", required_argument, 0, 'd'}, {"option", required_argument, 0, 'o'}, {"query", required_argument, 0, 'q'}, + {"queryname", required_argument, 0, OPTID_QUERYNAME}, {"query_critical", required_argument, 0, 'C'}, {"query_warning", required_argument, 0, 'W'}, {"verbose", no_argument, 0, 'v'}, @@ -368,6 +371,9 @@ process_arguments (int argc, char **argv) case 'q': pgquery = optarg; break; + case OPTID_QUERYNAME: + pgqueryname = optarg; + break; case 'v': verbose++; break; @@ -529,6 +535,9 @@ print_help (void) printf (" %s\n", "-q, --query=STRING"); printf (" %s\n", _("SQL query to run. Only first column in first row will be read")); + printf (" %s\n", "--queryname=STRING"); + printf (" %s\n", _("A name for the query, this string is used instead of the query")); + printf (" %s\n", _("in the long output of the plugin")); printf (" %s\n", "-W, --query-warning=RANGE"); printf (" %s\n", _("SQL query value to result in warning status (double)")); printf (" %s\n", "-C, --query-critical=RANGE"); @@ -642,7 +651,13 @@ do_query (PGconn *conn, char *query) : (my_status == STATE_CRITICAL) ? _("CRITICAL") : _("UNKNOWN")); - printf (_("'%s' returned %f"), query, value); + if(pgqueryname) { + printf (_("%s returned %f"), pgqueryname, value); + } + else { + printf (_("'%s' returned %f"), query, value); + } + printf ("|query=%f;%s;%s;;\n", value, query_warning ? query_warning : "", query_critical ? query_critical : ""); -- cgit v1.2.3-74-g34f1 From 737412f7391ae430a51e8f2c2a3b1ab2d35a6394 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Sat, 29 Jan 2022 11:11:36 +0100 Subject: check_http and check_curl: added --max-redirs=N option (feature #1684) --- plugins/check_curl.c | 16 ++++++++++++++-- plugins/check_http.c | 20 ++++++++++++++++---- 2 files changed, 30 insertions(+), 6 deletions(-) diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 14cc8463..32d919fe 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -66,13 +66,13 @@ const char *email = "devel@monitoring-plugins.org"; #define DEFAULT_BUFFER_SIZE 2048 #define DEFAULT_SERVER_URL "/" #define HTTP_EXPECT "HTTP/" -#define DEFAULT_MAX_REDIRS 15 #define INET_ADDR_MAX_SIZE INET6_ADDRSTRLEN enum { MAX_IPV4_HOSTLENGTH = 255, HTTP_PORT = 80, HTTPS_PORT = 443, - MAX_PORT = 65535 + MAX_PORT = 65535, + DEFAULT_MAX_REDIRS = 15 }; enum { @@ -1210,6 +1210,7 @@ process_arguments (int argc, char **argv) enum { INVERT_REGEX = CHAR_MAX + 1, SNI_OPTION, + MAX_REDIRS_OPTION, CA_CERT_OPTION, HTTP_VERSION_OPTION, AUTOMATIC_DECOMPRESSION @@ -1254,6 +1255,7 @@ process_arguments (int argc, char **argv) {"use-ipv6", no_argument, 0, '6'}, {"extended-perfdata", no_argument, 0, 'E'}, {"show-body", no_argument, 0, 'B'}, + {"max-redirs", required_argument, 0, MAX_REDIRS_OPTION}, {"http-version", required_argument, 0, HTTP_VERSION_OPTION}, {"enable-automatic-decompression", no_argument, 0, AUTOMATIC_DECOMPRESSION}, {0, 0, 0, 0} @@ -1512,6 +1514,13 @@ process_arguments (int argc, char **argv) use_sni = TRUE; break; #endif /* LIBCURL_FEATURE_SSL */ + case MAX_REDIRS_OPTION: + if (!is_intnonneg (optarg)) + usage2 (_("Invalid max_redirs count"), optarg); + else { + max_depth = atoi (optarg); + } + break; case 'f': /* onredirect */ if (!strcmp (optarg, "ok")) onredirect = STATE_OK; @@ -1854,6 +1863,9 @@ print_help (void) printf (" %s\n", _("specified IP address. stickyport also ensures port stays the same.")); printf (" %s\n", _("follow uses the old redirection algorithm of check_http.")); printf (" %s\n", _("curl uses CURL_FOLLOWLOCATION built into libcurl.")); + printf (" %s\n", "--max-redirs=INTEGER"); + printf (" %s", _("Maximal number of redirects (default: ")); + printf ("%d)\n", DEFAULT_MAX_REDIRS); printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>"); printf (" %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)")); printf ("\n"); diff --git a/plugins/check_http.c b/plugins/check_http.c index 34fb4f01..df2a79c2 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c @@ -52,7 +52,8 @@ enum { MAX_IPV4_HOSTLENGTH = 255, HTTP_PORT = 80, HTTPS_PORT = 443, - MAX_PORT = 65535 + MAX_PORT = 65535, + DEFAULT_MAX_REDIRS = 15 }; #ifdef HAVE_SSL @@ -125,7 +126,7 @@ int sd; int min_page_len = 0; int max_page_len = 0; int redir_depth = 0; -int max_depth = 15; +int max_depth = DEFAULT_MAX_REDIRS; char *http_method; char *http_method_proxy; char *http_post_data; @@ -203,7 +204,8 @@ process_arguments (int argc, char **argv) enum { INVERT_REGEX = CHAR_MAX + 1, - SNI_OPTION + SNI_OPTION, + MAX_REDIRS_OPTION }; int option = 0; @@ -242,6 +244,7 @@ process_arguments (int argc, char **argv) {"use-ipv6", no_argument, 0, '6'}, {"extended-perfdata", no_argument, 0, 'E'}, {"show-body", no_argument, 0, 'B'}, + {"max-redirs", required_argument, 0, MAX_REDIRS_OPTION}, {0, 0, 0, 0} }; @@ -373,6 +376,13 @@ process_arguments (int argc, char **argv) case SNI_OPTION: use_sni = TRUE; break; + case MAX_REDIRS_OPTION: + if (!is_intnonneg (optarg)) + usage2 (_("Invalid max_redirs count"), optarg); + else { + max_depth = atoi (optarg); + } + break; case 'f': /* onredirect */ if (!strcmp (optarg, "stickyport")) onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST|STICKY_PORT; @@ -1657,9 +1667,11 @@ print_help (void) printf (" %s\n", "-f, --onredirect="); printf (" %s\n", _("How to handle redirected pages. sticky is like follow but stick to the")); printf (" %s\n", _("specified IP address. stickyport also ensures port stays the same.")); + printf (" %s\n", "--max-redirs=INTEGER"); + printf (" %s", _("Maximal number of redirects (default: ")); + printf ("%d)\n", DEFAULT_MAX_REDIRS); printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>"); printf (" %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)")); - printf (UT_WARN_CRIT); printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); -- cgit v1.2.3-74-g34f1 From ee2a60fc4e26828b115051564706f8fbc4c4b153 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Thu, 27 Jan 2022 10:00:58 +0100 Subject: fixed -ffollow for HTTP/2.0 (Fixes #1685): added major_version parsing to PicoHTTPParser --- plugins/check_curl.c | 6 +++--- plugins/picohttpparser/picohttpparser.c | 30 ++++++++++++++++++------------ plugins/picohttpparser/picohttpparser.h | 4 ++-- 3 files changed, 23 insertions(+), 17 deletions(-) diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 32d919fe..7da84de4 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -1054,7 +1054,7 @@ redir (curlhelp_write_curlbuf* header_buf) char *new_url; int res = phr_parse_response (header_buf->buf, header_buf->buflen, - &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, + &status_line.http_major, &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, headers, &nof_headers, 0); location = get_header_value (headers, nof_headers, "location"); @@ -2200,7 +2200,7 @@ check_document_dates (const curlhelp_write_curlbuf *header_buf, char (*msg)[DEFA size_t msglen; int res = phr_parse_response (header_buf->buf, header_buf->buflen, - &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, + &status_line.http_major, &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, headers, &nof_headers, 0); server_date = get_header_value (headers, nof_headers, "date"); @@ -2258,7 +2258,7 @@ get_content_length (const curlhelp_write_curlbuf* header_buf, const curlhelp_wri curlhelp_statusline status_line; int res = phr_parse_response (header_buf->buf, header_buf->buflen, - &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, + &status_line.http_major, &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, headers, &nof_headers, 0); content_length_s = get_header_value (headers, nof_headers, "content-length"); diff --git a/plugins/picohttpparser/picohttpparser.c b/plugins/picohttpparser/picohttpparser.c index 74ccc3ef..d9680b79 100644 --- a/plugins/picohttpparser/picohttpparser.c +++ b/plugins/picohttpparser/picohttpparser.c @@ -242,7 +242,7 @@ static const char *is_complete(const char *buf, const char *buf_end, size_t last } while (0) /* returned pointer is always within [buf, buf_end), or null */ -static const char *parse_http_version(const char *buf, const char *buf_end, int *minor_version, int *ret) +static const char *parse_http_version(const char *buf, const char *buf_end, int *major_version, int *minor_version, int *ret) { /* we want at least [HTTP/1.] to try to parse */ if (buf_end - buf < 9) { @@ -254,9 +254,13 @@ static const char *parse_http_version(const char *buf, const char *buf_end, int EXPECT_CHAR_NO_CHECK('T'); EXPECT_CHAR_NO_CHECK('P'); EXPECT_CHAR_NO_CHECK('/'); - EXPECT_CHAR_NO_CHECK('1'); - EXPECT_CHAR_NO_CHECK('.'); - PARSE_INT(minor_version, 1); + PARSE_INT(major_version, 1); + if (*major_version == 1) { + EXPECT_CHAR_NO_CHECK('.'); + PARSE_INT(minor_version, 1); + } else { + *minor_version = 0; + } return buf; } @@ -339,7 +343,7 @@ static const char *parse_headers(const char *buf, const char *buf_end, struct ph } static const char *parse_request(const char *buf, const char *buf_end, const char **method, size_t *method_len, const char **path, - size_t *path_len, int *minor_version, struct phr_header *headers, size_t *num_headers, + size_t *path_len, int *major_version, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t max_headers, int *ret) { /* skip first empty line (some clients add CRLF after POST content) */ @@ -364,7 +368,7 @@ static const char *parse_request(const char *buf, const char *buf_end, const cha *ret = -1; return NULL; } - if ((buf = parse_http_version(buf, buf_end, minor_version, ret)) == NULL) { + if ((buf = parse_http_version(buf, buf_end, major_version, minor_version, ret)) == NULL) { return NULL; } if (*buf == '\015') { @@ -381,7 +385,7 @@ static const char *parse_request(const char *buf, const char *buf_end, const cha } int phr_parse_request(const char *buf_start, size_t len, const char **method, size_t *method_len, const char **path, - size_t *path_len, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len) + size_t *path_len, int *major_version, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len) { const char *buf = buf_start, *buf_end = buf_start + len; size_t max_headers = *num_headers; @@ -391,6 +395,7 @@ int phr_parse_request(const char *buf_start, size_t len, const char **method, si *method_len = 0; *path = NULL; *path_len = 0; + *major_version = -1; *minor_version = -1; *num_headers = 0; @@ -400,7 +405,7 @@ int phr_parse_request(const char *buf_start, size_t len, const char **method, si return r; } - if ((buf = parse_request(buf, buf_end, method, method_len, path, path_len, minor_version, headers, num_headers, max_headers, + if ((buf = parse_request(buf, buf_end, method, method_len, path, path_len, major_version, minor_version, headers, num_headers, max_headers, &r)) == NULL) { return r; } @@ -408,11 +413,11 @@ int phr_parse_request(const char *buf_start, size_t len, const char **method, si return (int)(buf - buf_start); } -static const char *parse_response(const char *buf, const char *buf_end, int *minor_version, int *status, const char **msg, +static const char *parse_response(const char *buf, const char *buf_end, int *major_version, int *minor_version, int *status, const char **msg, size_t *msg_len, struct phr_header *headers, size_t *num_headers, size_t max_headers, int *ret) { /* parse "HTTP/1.x" */ - if ((buf = parse_http_version(buf, buf_end, minor_version, ret)) == NULL) { + if ((buf = parse_http_version(buf, buf_end, major_version, minor_version, ret)) == NULL) { return NULL; } /* skip space */ @@ -451,13 +456,14 @@ static const char *parse_response(const char *buf, const char *buf_end, int *min return parse_headers(buf, buf_end, headers, num_headers, max_headers, ret); } -int phr_parse_response(const char *buf_start, size_t len, int *minor_version, int *status, const char **msg, size_t *msg_len, +int phr_parse_response(const char *buf_start, size_t len, int *major_version, int *minor_version, int *status, const char **msg, size_t *msg_len, struct phr_header *headers, size_t *num_headers, size_t last_len) { const char *buf = buf_start, *buf_end = buf + len; size_t max_headers = *num_headers; int r; + *major_version = -1; *minor_version = -1; *status = 0; *msg = NULL; @@ -470,7 +476,7 @@ int phr_parse_response(const char *buf_start, size_t len, int *minor_version, in return r; } - if ((buf = parse_response(buf, buf_end, minor_version, status, msg, msg_len, headers, num_headers, max_headers, &r)) == NULL) { + if ((buf = parse_response(buf, buf_end, major_version, minor_version, status, msg, msg_len, headers, num_headers, max_headers, &r)) == NULL) { return r; } diff --git a/plugins/picohttpparser/picohttpparser.h b/plugins/picohttpparser/picohttpparser.h index 0849f844..8f13b36f 100644 --- a/plugins/picohttpparser/picohttpparser.h +++ b/plugins/picohttpparser/picohttpparser.h @@ -49,10 +49,10 @@ struct phr_header { /* returns number of bytes consumed if successful, -2 if request is partial, * -1 if failed */ int phr_parse_request(const char *buf, size_t len, const char **method, size_t *method_len, const char **path, size_t *path_len, - int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len); + int *major_version, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len); /* ditto */ -int phr_parse_response(const char *_buf, size_t len, int *minor_version, int *status, const char **msg, size_t *msg_len, +int phr_parse_response(const char *_buf, size_t len, int *major_version, int *minor_version, int *status, const char **msg, size_t *msg_len, struct phr_header *headers, size_t *num_headers, size_t last_len); /* ditto */ -- cgit v1.2.3-74-g34f1 From 986b2479465648c49a7eefc3fbf4df8860e3e4b7 Mon Sep 17 00:00:00 2001 From: ghciv6 Date: Mon, 20 Dec 2021 22:39:57 +0000 Subject: - delay set_source_ip() until address_family is detected - add a test to check '-s' --- plugins-root/check_icmp.c | 5 ++++- plugins-root/t/check_icmp.t | 8 +++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c index 01ae174a..f97b0ed7 100644 --- a/plugins-root/check_icmp.c +++ b/plugins-root/check_icmp.c @@ -410,6 +410,7 @@ main(int argc, char **argv) #ifdef SO_TIMESTAMP int on = 1; #endif + char *source_ip = NULL; char * opts_str = "vhVw:c:n:p:t:H:s:i:b:I:l:m:64"; setlocale (LC_ALL, ""); @@ -542,7 +543,7 @@ main(int argc, char **argv) } break; case 's': /* specify source IP address */ - set_source_ip(optarg); + source_ip = optarg; break; case 'V': /* version */ print_revision (progname, NP_VERSION); @@ -597,6 +598,8 @@ main(int argc, char **argv) sockets |= HAVE_ICMP; else icmp_sockerrno = errno; + if( source_ip ) + set_source_ip(source_ip); #ifdef SO_TIMESTAMP if(setsockopt(icmp_sock, SOL_SOCKET, SO_TIMESTAMP, &on, sizeof(on))) diff --git a/plugins-root/t/check_icmp.t b/plugins-root/t/check_icmp.t index e043d4ed..55edc31b 100644 --- a/plugins-root/t/check_icmp.t +++ b/plugins-root/t/check_icmp.t @@ -12,7 +12,7 @@ my $allow_sudo = getTestParameter( "NP_ALLOW_SUDO", "no" ); if ($allow_sudo eq "yes" or $> == 0) { - plan tests => 16; + plan tests => 18; } else { plan skip_all => "Need sudo to test check_icmp"; } @@ -83,3 +83,9 @@ $res = NPTest->testCmd( is( $res->return_code, 2, "One of two host nonresponsive - two required" ); like( $res->output, $failureOutput, "Output OK" ); +$res = NPTest->testCmd( + "$sudo ./check_icmp -H $host_responsive -s 127.0.15.15 -w 10000ms,100% -c 10000ms,100% -n 1 -m 2" + ); +is( $res->return_code, 0, "IPv4 source_ip accepted" ); +like( $res->output, $successOutput, "Output OK" ); + -- cgit v1.2.3-74-g34f1 From 31bdbfce92de2dc7717fe13a8d1ca8e7dbf850d4 Mon Sep 17 00:00:00 2001 From: Tobias Wiese Date: Sun, 23 May 2021 01:39:15 +0200 Subject: sslutils: use chain from client certificates sslutils used to load only the first certificate when it was given a client certificate file. Added tests for check_http to connect to a http server that expects a client certificate (simple and with chain). Signed-off-by: Tobias Wiese --- plugins/sslutils.c | 2 +- plugins/tests/certs/.gitignore | 2 + plugins/tests/certs/client-cert.pem | 22 ++ plugins/tests/certs/client-key.pem | 28 +++ plugins/tests/certs/clientca-cert.pem | 25 +++ plugins/tests/certs/clientca-key.pem | 28 +++ plugins/tests/certs/clientchain-cert.pem | 45 +++++ plugins/tests/certs/clientchain-key.pem | 28 +++ plugins/tests/certs/clientintermediate-cert.pem | 23 +++ plugins/tests/certs/clientintermediate-key.pem | 28 +++ plugins/tests/certs/expired-cert.pem | 32 +-- plugins/tests/certs/expired-key.pem | 52 ++--- plugins/tests/certs/ext.cnf | 2 + plugins/tests/certs/generate-certs.sh | 63 ++++++ plugins/tests/certs/server-cert.pem | 44 ++-- plugins/tests/certs/server-key.pem | 52 ++--- plugins/tests/check_curl.t | 10 +- plugins/tests/check_http.t | 256 ++++++++++++++---------- 18 files changed, 538 insertions(+), 204 deletions(-) create mode 100644 plugins/tests/certs/.gitignore create mode 100644 plugins/tests/certs/client-cert.pem create mode 100644 plugins/tests/certs/client-key.pem create mode 100644 plugins/tests/certs/clientca-cert.pem create mode 100644 plugins/tests/certs/clientca-key.pem create mode 100644 plugins/tests/certs/clientchain-cert.pem create mode 100644 plugins/tests/certs/clientchain-key.pem create mode 100644 plugins/tests/certs/clientintermediate-cert.pem create mode 100644 plugins/tests/certs/clientintermediate-key.pem create mode 100644 plugins/tests/certs/ext.cnf create mode 100755 plugins/tests/certs/generate-certs.sh diff --git a/plugins/sslutils.c b/plugins/sslutils.c index 14f6579d..286273f6 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c @@ -134,7 +134,7 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int return STATE_CRITICAL; } if (cert && privkey) { - SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM); + SSL_CTX_use_certificate_chain_file(c, cert); SSL_CTX_use_PrivateKey_file(c, privkey, SSL_FILETYPE_PEM); #ifdef USE_OPENSSL if (!SSL_CTX_check_private_key(c)) { diff --git a/plugins/tests/certs/.gitignore b/plugins/tests/certs/.gitignore new file mode 100644 index 00000000..79acaaa5 --- /dev/null +++ b/plugins/tests/certs/.gitignore @@ -0,0 +1,2 @@ +/*.csr +/*.srl diff --git a/plugins/tests/certs/client-cert.pem b/plugins/tests/certs/client-cert.pem new file mode 100644 index 00000000..5709750d --- /dev/null +++ b/plugins/tests/certs/client-cert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDtDCCApwCAQIwDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAkRFMRAwDgYD +VQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gxGzAZBgNVBAoMEk1vbml0b3Jp +bmcgUGx1Z2luczEkMCIGA1UEAwwbTW9uaXRvcmluZyBQbHVnaW5zIENsaWVudENB +MSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdpbnMub3JnMB4X +DTIxMDIyODIxMDIxMloXDTMwMTEyODIxMDIxMlowgZ4xCzAJBgNVBAYTAkRFMRAw +DgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gxGzAZBgNVBAoMEk1vbml0 +b3JpbmcgUGx1Z2luczEiMCAGA1UEAwwZTW9uaXRvcmluZyBQbHVnaW5zIENsaWVu +dDErMCkGCSqGSIb3DQEJARYcZGV2ZWxAbW9uaXRvcmluZy1wbHVnaW5zLm9yZzCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM3EiqfFPomm5dZQPGYG5SrF +rPvyqseXTzCkwUIUzGf+Sfm3s13zx7e3ije/04yKhTXgK59EQ793q7E2aWhSOz3s +hwKKdylFkOIyc5jgbAfF1/pLZMK209rLt/mMRksXCRXYrHdTjRMx1ev4C2407+8Y +8qkf77DuYQmUqCQe7DPOvqLeagdw9JcLGmQNTKHg3fl6wyRl5K1Bsy+qXu2XvEjZ +0Ng7n8LHjOUkTqUEJndOxci9gL5cHU5ttul/GW34dKOtTuMU/pQX6/ywYusOGVOx +RYI76OolRqj5BqbNctDIB/obe2RLo+UVx74/0jAxtH4XS23pYjO7NUpJcytsVG8C +AwEAATANBgkqhkiG9w0BAQsFAAOCAQEAYfaY5n4pCq0NWPCdeVVRr4nr+GAfv1TC +/PKcGuEoJZKt7TQT+OOA5yeZMZb53OvtA49D1r9aoJzWe946KElWOEBqxDRi5Cdr +wkqpwGcPT2RfAqA3/cvQZ1XsquboXrCf7ajdl5OC64bs2jkqCFh9gnxuI140g8Ar +Njol8BFxRPaYWOnwuQwmh/2t0FJqr3WSD85HrNqtxUSNGbTdSsvCfgF0v7QVkvLG +3/cbx6z5hxzj2JUjhMnCvn+EbasoJt4xyBFvg67Q2229SMwu9YNqS63GVoKUqhCB +4Gl5v31qx8dAFKuRvnez3ze/6oohwmakZkst4hcQdgZocHhzesvKlg== +-----END CERTIFICATE----- diff --git a/plugins/tests/certs/client-key.pem b/plugins/tests/certs/client-key.pem new file mode 100644 index 00000000..09b6761d --- /dev/null +++ b/plugins/tests/certs/client-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDNxIqnxT6JpuXW +UDxmBuUqxaz78qrHl08wpMFCFMxn/kn5t7Nd88e3t4o3v9OMioU14CufREO/d6ux +NmloUjs97IcCincpRZDiMnOY4GwHxdf6S2TCttPay7f5jEZLFwkV2Kx3U40TMdXr ++AtuNO/vGPKpH++w7mEJlKgkHuwzzr6i3moHcPSXCxpkDUyh4N35esMkZeStQbMv +ql7tl7xI2dDYO5/Cx4zlJE6lBCZ3TsXIvYC+XB1Obbbpfxlt+HSjrU7jFP6UF+v8 +sGLrDhlTsUWCO+jqJUao+QamzXLQyAf6G3tkS6PlFce+P9IwMbR+F0tt6WIzuzVK +SXMrbFRvAgMBAAECggEBALtc2pB3p0E6KpAiEU0pvCRdSO1FgsIpAd+eNadRPur2 +fi+XWQkUwGeGBaJL1npja3aqP65PP40pj7nWfNaUAgOZyznCEU0QXiPJor6yo0vU +l5v+aKpwRao107i0RRF80TYGTMx+1LeEqnCqNOZN56gERHlBbkTiWpOZvBzf1143 +oegTcyM6+Ee6+FYNhHaDyIYD0md1S2wGR+IBPet6HwWiakLNKahFPa7lOLIKfmmD +iTtifcbf4724wSe44a0uTeP4JrquZSeIKakm8MEmffmYqpycnaakYefd0Xc5UEsH ++VbhKpOWGY3d8FKHqUsTa+6QyXb2uFPo6A+yWm0pdJECgYEA7Prd5sbWACvXOcHT +ONDBAgyfAVDQwOXi3D4dk6D5mg+/jxl5ZQY5slszJrwsLFtoEzXtYpNfTy3cpNOp +JLbBDZYnqty+5tD8t3/Zv2IBXCAgvuk5CgfJWP5FNAfiyUEE6Vbp6J/5/vAnODsa +fxZryN5UsH0X8ew7AlbfcVNyj4kCgYEA3khetIgn+GR6sv9jFRdCT6aJbp0xMsms +6F4v3L5FG4Kp+SwDHL1bVOhieJ5g8odYp9hDbgTEEqbJfNmyCOu9+OQmZ/mztku7 +6reU8HhYBIvi+hFeJmvqKpdIgU0Zveg4Bst5QordmhPk8AHjBC4xvQ++uh7rwYKd +WVsS08bGDjcCgYEAlAuNARUKsASzakOqHv5a9VrJIttH7povBYRQmd+gzxwzgcRa +UEB5XvEWnYZE2lkoRYgVCtYiXqa6BsasDmGVbVV25okNQckhd8mJUMR7MQBpNJsi +pR+EK/J9bSnYBf52gQdpDYiTdy60ca6KuQZaw5wRsEgV426+1pFK+dM16HECgYBY +cTsdYb9lmbUoW201CxgbUQwFsw3MQ2pE2pT4o8wjcg3nUpe6a61XT08+5uV0Gl4w +CmBp+gN52Fr7DjNEUWg5C64sWLIkqmWOspTUSU3cITyiex6W8wEtCRyUNfU0Fp2U +Nol87HvXvmqtBFMraqXnr8gXjg4H5MxurUoEcWaEaQKBgCT4iIGZwW0Qf2rkFC7B +xObzVGefivVVbaf8/c/LRO8TMLdnExkShMOmCzHeHV4mMEZDLbMOusHCI7xm10EX +l3L1I1Kyqnhm1RH3e7TVWgkTmIDW3V5Fgrhm1jx5Iz6et4sb4Uh+bZq9tTLyqfZY +8s0yJUrfpjRggfk7eUs5s7aY +-----END PRIVATE KEY----- diff --git a/plugins/tests/certs/clientca-cert.pem b/plugins/tests/certs/clientca-cert.pem new file mode 100644 index 00000000..9ce7cd7d --- /dev/null +++ b/plugins/tests/certs/clientca-cert.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEIzCCAwugAwIBAgIUL9Jfp5zv5B29NgDsNEFU2OM/UHswDQYJKoZIhvcNAQEL +BQAwgaAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZN +dW5pY2gxGzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEkMCIGA1UEAwwbTW9u +aXRvcmluZyBQbHVnaW5zIENsaWVudENBMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBt +b25pdG9yaW5nLXBsdWdpbnMub3JnMB4XDTIxMDIyODIxMDIxMVoXDTMwMTEyODIx +MDIxMVowgaAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQH +DAZNdW5pY2gxGzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEkMCIGA1UEAwwb +TW9uaXRvcmluZyBQbHVnaW5zIENsaWVudENBMSswKQYJKoZIhvcNAQkBFhxkZXZl +bEBtb25pdG9yaW5nLXBsdWdpbnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAyxiWsGrsJFHw3VR0pqHviXUfbfKMw8LaCxI5EQZfInsMVkBIGWEW +tFW6qDuAOsMdzsrKOnQRNNt852ts/0Uz++z8zysoauAGpc4JnCZuM5A1DU5CFXBx +w6Ax+1ft3UsTt8C6kfLfs8mPCbtNVqAHrMrIqDxsNSRRxQSqkzp1vD8rwSKcbB1h +u2+lut1bEqMe7dp89jKOtc6G/1tHUFQuLAGFoX/qk9yPscmQNzL6YbLP4m9r/416 +PsxWsAfyY97hmoYo6mSCue5LmeanOsjf4Kzq90hIJRwrpiUGmxGjW+tPLEhQBZw6 +C2wHyN74YIJYX2xREz2ijT0mgsqdhO5ZxwIDAQABo1MwUTAdBgNVHQ4EFgQUtsP9 +Z3fKkhmFp97Kh/cW/UqHMIMwHwYDVR0jBBgwFoAUtsP9Z3fKkhmFp97Kh/cW/UqH +MIMwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEApO5o+YECwTEv +s+elDJZQ20UYwDSiU9Lpf4EcdnRv6FAb5UlhfRTH3ZdKCc/HX7kcKuy3PsF+b8Pw +EusoKito9OlNEOF5HYAI9/J54/qceqn+SC0INsISeE19PvT0dma7lBSj4OvBv0IS +GYbdztVaKLWqYgYs0mcEzteUc4MZcy1/C+Ru1i1Kp2s9/vIeAw2PV2+kpWtw88Pb +FRJomGngP/hQdwniayCltG/Q1smS4iFEHNI5ayLZj1qJGMHwzqGiRr4KknJKfHzv +fl4NQaFyMY31s1FRIS6QVIRFHVzUAlKZTdzwqEJygg3fUS9n9uDBnyDI/sW7DQuj +yjSmYRS1hw== +-----END CERTIFICATE----- diff --git a/plugins/tests/certs/clientca-key.pem b/plugins/tests/certs/clientca-key.pem new file mode 100644 index 00000000..a939f035 --- /dev/null +++ b/plugins/tests/certs/clientca-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDLGJawauwkUfDd +VHSmoe+JdR9t8ozDwtoLEjkRBl8iewxWQEgZYRa0VbqoO4A6wx3Oyso6dBE023zn +a2z/RTP77PzPKyhq4AalzgmcJm4zkDUNTkIVcHHDoDH7V+3dSxO3wLqR8t+zyY8J +u01WoAesysioPGw1JFHFBKqTOnW8PyvBIpxsHWG7b6W63VsSox7t2nz2Mo61zob/ +W0dQVC4sAYWhf+qT3I+xyZA3Mvphss/ib2v/jXo+zFawB/Jj3uGahijqZIK57kuZ +5qc6yN/grOr3SEglHCumJQabEaNb608sSFAFnDoLbAfI3vhgglhfbFETPaKNPSaC +yp2E7lnHAgMBAAECggEAJqAWiJbNMlsjI/Tb+pTxqYLM52wpuVFlhpWApOxBS517 +SywOikUcvE9RoI0wZfyVvq5yp4tLenID3z9fC21t5Yu8yOm8VhclLINy8G+epc/X +RyCLEOjBuiLNXq/qXRvaNChDU16NjPPYcFFe9AqbaxFl+BkFu1Wc94tbpYSIv7Qt +L6iBxUTXdgvLM5doa9AazIQzJx+jUsVCgRVQQf3zsLqtp9hH0Pfq+KWFIy5TA+bG +0NFmYyQndRjtT0ihWGuNU7D8AXa+z7abzk+HydIlx4D//vGgdNq92QYPdnu2BBya +5Fs6LkmkUonX/I8FbkLbRKkQWNPMt+Ks21t3xcVBgQKBgQDn4HuHVCPwxgU6Mv+5 +0sHJXYBq1fDzrUt0+iTtYkRqViX+9Mp4sUpYgXext/wXFLcKzQQp5B0g1dLYLSRS +KwhsdiN0J7ZcoP1GMStw8zsayRTf8C3WRU6aACqyFiylYbyh56XomfYgwhja/7l9 +pzpVJD9ecG+mLVAyAkJtK2JolQKBgQDgOZfvrQj0L4QG+9E5VmFc3PE+6k3g+zDO +MWqTSh0fOHqdTEyet4bMC4DogXGVsvw0/UKwbrGHOk0+ltA5VyKUtK/whSutr/+S +nhCHljhV0XUN/I3OFcvezFjM3g0oC4uy1cL30hoM4IfeHM1d3EYse9N1Y/Op+mR6 +Sx+fEku16wKBgQC0KQ7RjuZ95N2a4pUe5En9EtD8MU4Nhs/iC5k1d+yAUn8jIT9P +lzCUo8NEKheMN2Qg2Dor8jlPkdNIc4qM7TKWUxQo49IlFlCzgPCnydRac3HsrMhw +e1ke/pIt3FzEArR1d27I0xcRTL3TKm4M2ynPjWJPFj0peHue33KNL/A+IQKBgEpL +awd0Sxo1wEZcG9gmwf32C01wbzuTn3lCsHB7Ryj4GtCR3nVclCJ50U24zjzu4Fhi +bj1tgA8xhzSs3fOR5phlQkKsrWtQfJtFGm8CnEn7LBDlVMsrN7Dr/qRrEuro4HHy +GDbq+8y2fO5glr955BqLMOadprf0imRnDeQ0OLffAoGBAJio+X+xpglgMOC4BeH9 +9LcYi9nUEw8MDJNGo9/3e0XKA7spd3HShLDvt8YZhFJ2m168qBpGfezuw0+jpWxy +PV9q0dokAgDx4pvCzIKaptZ1D30CWXJZHq25VK1tA41PCUIOh8JD5+R0MpxA5rn2 +DbqL4Vq7K7K0imGENYhHdyM+ +-----END PRIVATE KEY----- diff --git a/plugins/tests/certs/clientchain-cert.pem b/plugins/tests/certs/clientchain-cert.pem new file mode 100644 index 00000000..acd1e3e8 --- /dev/null +++ b/plugins/tests/certs/clientchain-cert.pem @@ -0,0 +1,45 @@ +-----BEGIN CERTIFICATE----- +MIIDuTCCAqECAQQwDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAkRFMRAwDgYD +VQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gxGzAZBgNVBAoMEk1vbml0b3Jp +bmcgUGx1Z2luczEkMCIGA1UEAwwbTW9uaXRvcmluZyBQbHVnaW5zIENsaWVudENB +MSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdpbnMub3JnMB4X +DTIxMDIyODIxMDIxMloXDTMwMTEyODIxMDIxMlowgaMxCzAJBgNVBAYTAkRFMRAw +DgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gxGzAZBgNVBAoMEk1vbml0 +b3JpbmcgUGx1Z2luczEnMCUGA1UEAwweTW9uaXRvcmluZyBQbHVnaW5zIENsaWVu +dENoYWluMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdpbnMu +b3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphvoJBbi/rDvm3+X +8xok0sLCJvCRuUpSbU5wEmREQlkoOGmWK4l6r1JyOphKRBo8+n2MxPiCMvAmTrqx +VlBmkcmyrwWj392Nga+2SLWTziASk5nFrrhV6U79PkgXnETV2Wk1/FNVIFkB8N+B +undsTce8LLiCs7hfA5CK7ctJg8fqsAsmgKBNGzBRWwkbvxZPd6xlY6foIJeD7PQ2 +elvTmrD6WXSZq7GshFpDEkL3AifqrPMdsTnbBpyGgJ/fBM1b2dx9k53e25mgEQmn +iSuYQxn08BsUT0FOvav8ksZLBQz859fuqCtwhikpODO635fD9zK5YkBPlVl+/5xo +SvKOywIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBh4zeSKjENfY+VDLtPssaNQz2a +R1ioY40lZ0WoihDSrfG32dqTK/R2YsLKBABjJ7uRYS1NIBMrtS2OktK8BWD5IUTF +FuGuWilu6IWiTKZrLiZh1rsilNDVqwhorRPxDnbF+qVt9EMIvzKnKdJLGF+CWHN9 +yYJDeTD8MK5uR7zUJR3PsgW4ve5pFTi7z2UJ/xRvgOds6bmeeQnvaWDEL7k2+hrr +0G899A086NL3htzaOnIllg0xo2D1o4ToncAJn+cUQVJmHZSg9HYiD4Lg3z8uXPAl +rt/MX7dBm4dnImLXbSg7N3e8FdUtz+kZT9z+beKAeIe9JTbpxtsVUTzUZBBA +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID2jCCAsKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx +EDAOBgNVBAgMB0JhdmFyaWExDzANBgNVBAcMBk11bmljaDEbMBkGA1UECgwSTW9u +aXRvcmluZyBQbHVnaW5zMSQwIgYDVQQDDBtNb25pdG9yaW5nIFBsdWdpbnMgQ2xp +ZW50Q0ExKzApBgkqhkiG9w0BCQEWHGRldmVsQG1vbml0b3JpbmctcGx1Z2lucy5v +cmcwHhcNMjEwMjI4MjEwMjEyWhcNMzAxMTI4MjEwMjEyWjCBqjELMAkGA1UEBhMC +REUxEDAOBgNVBAgMB0JhdmFyaWExDzANBgNVBAcMBk11bmljaDEbMBkGA1UECgwS +TW9uaXRvcmluZyBQbHVnaW5zMS4wLAYDVQQDDCVNb25pdG9yaW5nIFBsdWdpbnMg +Q2xpZW50SW50ZXJtZWRpYXRlMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9y +aW5nLXBsdWdpbnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +6rUgOZ9pAOxrcgeeOT3Vmu1YmY2O/C9tXhpKzDzjTaWUzcdDg00KdsjXfgbDzSiV +uvMzjX63aKpmqeFG+05D2VzQGit3knqerUgl10FnTotiJGF5CU5/gY1aPxTJ7rj2 +tD6LINBkJcPTyQ4MoJT19pssvCax9erY1RxoXxLblJ+31C+VvrftdmBP4nVKXK26 +4anb1oUQhkgpXpJimJBmF+v7NbDs1Wh21Be80KXUh9SKgePhSQblr2QlRcA7jLgJ +4PMjZ+KYF+da+4RB7s+DvTXVDMn9AL84E1w5Ut1E8XZV+u4RjWPvNdhK/7GnuxOR +C9SdxonqkPQ8hiI7thP9bQIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqG +SIb3DQEBCwUAA4IBAQDKQeiDbyr0/7sEhX33MmTDv84GeWgKl9qqHecx+d/0vImb +c8XHK0PDa4lVqo/BW4P1hjKzpt2DW35kbOhuqGqM0lasIczef43aCDDEBLwstAe6 +qMoyWGVGoAQbpwT3li2pMrsIYoPwMvoSGNUphjrkdpviff2POkLly7a5RrR1X3qt +Dai6eYbeMCr9NdgW7AZ5++/sKlFoe+zVk/Ed31s4D2lh3awrApZhVgcoquPmEwpt +gm+OgRmHw50U4SF3ZaJPwDyLMbx+clH/bgUg0+Za9e53Br1NtGKmw7hh/7CG/hy0 +yxeLd930pH4vZu7s0XM56N/ckkfUzRkAH8dSmhH4 +-----END CERTIFICATE----- diff --git a/plugins/tests/certs/clientchain-key.pem b/plugins/tests/certs/clientchain-key.pem new file mode 100644 index 00000000..0263604f --- /dev/null +++ b/plugins/tests/certs/clientchain-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCmG+gkFuL+sO+b +f5fzGiTSwsIm8JG5SlJtTnASZERCWSg4aZYriXqvUnI6mEpEGjz6fYzE+IIy8CZO +urFWUGaRybKvBaPf3Y2Br7ZItZPOIBKTmcWuuFXpTv0+SBecRNXZaTX8U1UgWQHw +34G6d2xNx7wsuIKzuF8DkIrty0mDx+qwCyaAoE0bMFFbCRu/Fk93rGVjp+ggl4Ps +9DZ6W9OasPpZdJmrsayEWkMSQvcCJ+qs8x2xOdsGnIaAn98EzVvZ3H2Tnd7bmaAR +CaeJK5hDGfTwGxRPQU69q/ySxksFDPzn1+6oK3CGKSk4M7rfl8P3MrliQE+VWX7/ +nGhK8o7LAgMBAAECggEAAfTqMyKh4eYrrGVAYPi53lG0/8htrwUVG3yFDXJo628p +biCwSCsCavZJqi8JEOxOM5UvB1L2FauGh/7i/+VKkAUUOcOTPpvZguGTACBDcXYn +Qd3Z2kkJmgn4Kbenr4uQCVOX8zT4F710rGW1nYCyoefsa4pw37UYSW52dH6kiwzW +9k4X251nDMl/twBdOcjZbL768IEa5l4nySLpUNwfrVbSb1NzBoH0dVioh3DTLjt6 +gaShW4eIpaKczht1U97n6/7WNLl6vHX/mR99k/py8OhzhR1ccYpd2IfSHAWyQT0M +K8BoNnkjICrr9oc0FCr2BVJa3IzKHlhukF4GTZiGYQKBgQDWCHTwAmwL4FFEBVhj +pZne/sjaZc8TzPPxA8SkmxwDIZrM7tSu7qUuYgWTM432jZbLILWTyGfXf2PpqyF6 +wOpoBJj1ETkre8ZfRmYvsSvS5vtjF3Drszol+XvZnOclfB5VG3m5P2vYkQ8wI9OE +Y5jUBgDj0RsCNd8QnrC1u54U/wKBgQDGrd5y8S9kUT0P0lkZit7bYjSPJExtClXt +V7YNTjELrVCdc0jranxBWaub8NP3e6TGTi9HiQWvk2eOAS2qyccqlK4+YAK5XO3D +EpFUNNcClq8CErw2POuCAKajrPuSp6vd6q8h4lTzDExVctQS4R9fRKKFBKkPUV5G +UiKFllnKNQKBgQDBGIQXfLfpxwjKK2BhFihKDOc8UhmOrZtvV4zzTJTrJkg4l0f+ +QoN34ytQcHSleXwP6oSmvWkh/GYxjBj6XE2eZndwsYc4ecSwdB0A7gCxl345Gg7g +NqRBWmGoJGxNXzsmYVFiFZvAmK5xKgFMMWbR8lCfOCn7xopmviSC8K9gFQKBgFRb +KmH/SbH8VELNews/TVQ0pEBKlzCM/OLjJOcNVgGxOtM/Say677sHibeST0168AFK +3QQwh3t+yK8gjPVA6xGHQ1w0g7OUY1c6IP5x2QC+XdwxfDxDLXNrN1WzcrVX/78f +j/CBGrR/ekGlmanSb/GRQLfdvLJGSBLveLzjk4gpAoGBANN9RUm/aRz3dDBWex46 +kJ15xKJfLZiUeyDvY5+5d7YF4/tw5LU4XmKQNhiojHecykrTzPUMaGyMrbMPNn32 +WFW9CKMjuBEwWpMDJJb1/5NLEvpwu++sr7bUPZkQl76ot6OqgNHodbP8ATqrNr80 +5b8FrEN1LyfkTbabxNyAWcA0 +-----END PRIVATE KEY----- diff --git a/plugins/tests/certs/clientintermediate-cert.pem b/plugins/tests/certs/clientintermediate-cert.pem new file mode 100644 index 00000000..608a8fa2 --- /dev/null +++ b/plugins/tests/certs/clientintermediate-cert.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID2jCCAsKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx +EDAOBgNVBAgMB0JhdmFyaWExDzANBgNVBAcMBk11bmljaDEbMBkGA1UECgwSTW9u +aXRvcmluZyBQbHVnaW5zMSQwIgYDVQQDDBtNb25pdG9yaW5nIFBsdWdpbnMgQ2xp +ZW50Q0ExKzApBgkqhkiG9w0BCQEWHGRldmVsQG1vbml0b3JpbmctcGx1Z2lucy5v +cmcwHhcNMjEwMjI4MjEwMjEyWhcNMzAxMTI4MjEwMjEyWjCBqjELMAkGA1UEBhMC +REUxEDAOBgNVBAgMB0JhdmFyaWExDzANBgNVBAcMBk11bmljaDEbMBkGA1UECgwS +TW9uaXRvcmluZyBQbHVnaW5zMS4wLAYDVQQDDCVNb25pdG9yaW5nIFBsdWdpbnMg +Q2xpZW50SW50ZXJtZWRpYXRlMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9y +aW5nLXBsdWdpbnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +6rUgOZ9pAOxrcgeeOT3Vmu1YmY2O/C9tXhpKzDzjTaWUzcdDg00KdsjXfgbDzSiV +uvMzjX63aKpmqeFG+05D2VzQGit3knqerUgl10FnTotiJGF5CU5/gY1aPxTJ7rj2 +tD6LINBkJcPTyQ4MoJT19pssvCax9erY1RxoXxLblJ+31C+VvrftdmBP4nVKXK26 +4anb1oUQhkgpXpJimJBmF+v7NbDs1Wh21Be80KXUh9SKgePhSQblr2QlRcA7jLgJ +4PMjZ+KYF+da+4RB7s+DvTXVDMn9AL84E1w5Ut1E8XZV+u4RjWPvNdhK/7GnuxOR +C9SdxonqkPQ8hiI7thP9bQIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqG +SIb3DQEBCwUAA4IBAQDKQeiDbyr0/7sEhX33MmTDv84GeWgKl9qqHecx+d/0vImb +c8XHK0PDa4lVqo/BW4P1hjKzpt2DW35kbOhuqGqM0lasIczef43aCDDEBLwstAe6 +qMoyWGVGoAQbpwT3li2pMrsIYoPwMvoSGNUphjrkdpviff2POkLly7a5RrR1X3qt +Dai6eYbeMCr9NdgW7AZ5++/sKlFoe+zVk/Ed31s4D2lh3awrApZhVgcoquPmEwpt +gm+OgRmHw50U4SF3ZaJPwDyLMbx+clH/bgUg0+Za9e53Br1NtGKmw7hh/7CG/hy0 +yxeLd930pH4vZu7s0XM56N/ckkfUzRkAH8dSmhH4 +-----END CERTIFICATE----- diff --git a/plugins/tests/certs/clientintermediate-key.pem b/plugins/tests/certs/clientintermediate-key.pem new file mode 100644 index 00000000..13f68874 --- /dev/null +++ b/plugins/tests/certs/clientintermediate-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDqtSA5n2kA7Gty +B545PdWa7ViZjY78L21eGkrMPONNpZTNx0ODTQp2yNd+BsPNKJW68zONfrdoqmap +4Ub7TkPZXNAaK3eSep6tSCXXQWdOi2IkYXkJTn+BjVo/FMnuuPa0Posg0GQlw9PJ +DgyglPX2myy8JrH16tjVHGhfEtuUn7fUL5W+t+12YE/idUpcrbrhqdvWhRCGSCle +kmKYkGYX6/s1sOzVaHbUF7zQpdSH1IqB4+FJBuWvZCVFwDuMuAng8yNn4pgX51r7 +hEHuz4O9NdUMyf0AvzgTXDlS3UTxdlX67hGNY+812Er/sae7E5EL1J3GieqQ9DyG +Iju2E/1tAgMBAAECggEACyYJXtNUoIeaXvM/r8ZhJBfMEpcnyJDUKBklnmfyABky +ZUfmzBDXw2as3b6ihFc+LYAp3bm8KouVjtI1lfBUxrli5StVZa7PZLm9mmjv6Eo0 +ojfDEQ8afWPieoaZRO6iQVOLNkbPyv9vSuiQ7vvEZy9dw54u69h47j6IMqPprDiG +ropUNeGAvTnh1Vf9/8aCHEvHUNHcc4zjzGiQ+E60JgnbpGVeJKoeiMgrQE0yjweo +KyKA47Y6vqP6+AxAaPplXtmrx2UCbMjktHNvLvg42+2UlLS5roiwmJYEN9c6iT6t +y82MJrjEFGZyLG2u6ZQANSJiIWaCnOyT1o2deJ8NoQKBgQD7UxivDTuljQD0so+E +JX9UaFZ9PgS+8LC9v56PciL4XQ7bcCVP5vVgZZPABiQ9i989Wq7qI042Jrfu5qtE +SthlOAu80GvAQV+Oujwo7ZzM6ciQtjMsj63r2uayWXnmQ07QcIg7x7y161Pt9Bqr +LIDrqHziIj/lzT7+6QKZaQwFaQKBgQDvEuSC14CBlMhy2jji71kB/3Ya3c+8dP+A +kQZL9wEWK4a4dm8IaTS8jl1/luhQUzFRMyh2rWaTqqigSe3dvs5DRblhE5NPwTSI +9TO7t1EnzjW3R8LxZZsySyiSFnZ/8mR0empxq0Mov37OdXBj0tXuuzREf/hwijWh +WuLxJUSjZQKBgAIDZ2Y3l+u6lnBfYdDwL/XwJAk6zvTsnq3WdCG4C1mr/St62YGr +WvnbtnRKWE356d7m9BHCGKVMaBrM1EBmzRb6fPWVQde3blmJWmQFi0UE9mtaWkyY +Fg+WoFR7bQOQNHhs/lpkPjnC2dhFJVWLtLiuj9mL5rEjlMab/T5XXhZJAoGBAMEP +FZ8fXbPGrTQqSwPfWpZFcF9zvbynEmkFM/uGRMddcNZnNXSqWJ7nrFNLTuEGvW2g +DU4A6zPV/YQrDz4hRjmHBZOCFlSyZbUvpY4yFAQ7/p66AY+kiHZNwT5vi1P5Luvs +qyaNsZcnRMR+i7rg2EeHv0aNvNdMlNBvL5KikNINAoGAU2P/phdwJOUcqgHavQcQ +ureTEyZ5i5AeNomNeHSj0slG24V9nxOqEL7D00JKln7oAPovYBUWocEnF39uBJe0 +p0Hy7fCCK6EI8/0QyiQuuZmJfDEEvjQqE6irONNH63r2UwDEpDNGFvGsZNuWHLZc +SXADu5oSNu6o6IydiyOx528= +-----END PRIVATE KEY----- diff --git a/plugins/tests/certs/expired-cert.pem b/plugins/tests/certs/expired-cert.pem index 77a9166e..87fc8e47 100644 --- a/plugins/tests/certs/expired-cert.pem +++ b/plugins/tests/certs/expired-cert.pem @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEETCCAvmgAwIBAgIUFDsP6WnV/uqeQMpD/DYSqouE13kwDQYJKoZIhvcNAQEL +MIIEETCCAvmgAwIBAgIUVDKkhcUoYFnjYCw12tScPIqQzqIwDQYJKoZIhvcNAQEL BQAwgZcxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZN dW5pY2gxGzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9u aXRvcmluZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5n -LXBsdWdpbnMub3JnMB4XDTA4MDEwMTExMDAyNloXDTA4MDEwMjExMDAyNlowgZcx +LXBsdWdpbnMub3JnMB4XDTA4MDEwMTEyMDAwMFoXDTA4MDEwMjEyMDAwMFowgZcx CzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gx GzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9uaXRvcmlu ZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdp -bnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyeHKwKFjJWUX -YHKsisypUf9dHlIPQAISyGP1BX6UL26ZLvE6kKbx3LFQ9W2POGoQWlzFiB1soGeV -WDd0U0JtWdCKmOXWdcXpupQlTSUtRCMDQkfqLN8GR5TBTd73rezp5mz08nMfLwu0 -p5VQ191Ui8JHFgrAOalAn8Uw5De8vj4VmTXmU5NJ2UFoC0ddU/Th/lwRCayHc1cn -MVq2F7c/uhMUUQYNBmJy0pxoHawp+j9NKl/xIYsjgQNgahQyNuswuGHjaEwhPu+7 -G03XsW4ehu+H1898M/MkSln6LQAU1syoJ8ypPM8tV+zgx4uwj7udnZ2hceN95uW7 -0PWg5DQyUwIDAQABo1MwUTAdBgNVHQ4EFgQUt9ps3KJ1XiMuy/ijFBjMzf6jgwkw -HwYDVR0jBBgwFoAUt9ps3KJ1XiMuy/ijFBjMzf6jgwkwDwYDVR0TAQH/BAUwAwEB -/zANBgkqhkiG9w0BAQsFAAOCAQEAVPBZwMHbrnHFbmhbcPuvYd5cxk0uSVNAUzsl -2biCq5P+ZHo10VHGygXtdV4utqk/IrAt2u5qSxycWPStCtAgTd3Q8ncfjOkaHM4z -2bxTkhLyQeU8NWPuDBqDszo2GOaFTv+lm36LEKiAfqB1tjQVePSkycdrWIhkamBV -EgMe6uHLdU7QQk1ajQfrBdakN1beqki/dKieA6gm+XF/QS4SSYINmsHB/2X5cT9U -b/KMB8xurCnuJQuk1P4VsSkJCOSeHjWZgK9pKNdsIJZr4wDVfhjQgU0XT6xakSf7 -eCaHtO0VKsbLZoiTmpxidjsdYiXyeKYIQNtUpTjyJ5V/cZsq9w== +bnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwg1dmGT3rVqM +beVWWLy8EAiq9re07AF8sTERy9oIYF5EUq9f0xO53mwwqIWV77O9mF99/kDFGQuQ +NOnICMSHXNtMXEXzfBaMighw0uyCh1o/VCejNQ5x/HU8aLh930g5DIcOJQ3fZ4v9 +8kBaie7+aPgRMVDM1vIrILfedq9Kt56zvPizkXhDeqxjKyIZdrdoBlX5zAfftWtY +HpQ+lkThSSXqQnchN6S2JFejmRtsNnceDVOBBdvlzmH0NlfwjynLK3/EJooTsINy +i9dXD8/Oe8r+UA+nokWvnWC2IAUJjpxW+XAyTG/NofGwX+PwquT0YD5cSlODIwZA +WAimygWLqQIDAQABo1MwUTAdBgNVHQ4EFgQUsKyJAwR9OXWEcSZMQz73GfpxCJIw +HwYDVR0jBBgwFoAUsKyJAwR9OXWEcSZMQz73GfpxCJIwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAYKFGX7J3Fc/T9s278w61E2dSsY4DS/mjSDik +fMWvod6eKw0fE3wJOnkWxjEH3VywTY6CmHd/oiJOaD8lr/Vk+BJfYNVBaVNmguyg +4LXoWz9Benx0bAIeuDbNAhOvA4H4aIz8UrD9lKFvKdRp42gPMLtMEbzbLcBdT95D +6BX7EhYm7vTnpitLPgFxVCsJ1JFqv2AQfUm+IkqQkezPs5x0tWLyrvCDNRGJ0kfv +UuowpUZXDOh3k1vB+xaSOFviieLaCW8TSdd5FZgI2HQj4e6vCKsMGuKKZXrMUTI/ +qtrFlUfsOuwourfC5LMHtCyYo5B3uvAWT1eTXxhrGqyleSlxJQ== -----END CERTIFICATE----- diff --git a/plugins/tests/certs/expired-key.pem b/plugins/tests/certs/expired-key.pem index c1510b2d..c5bba569 100644 --- a/plugins/tests/certs/expired-key.pem +++ b/plugins/tests/certs/expired-key.pem @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJ4crAoWMlZRdg -cqyKzKlR/10eUg9AAhLIY/UFfpQvbpku8TqQpvHcsVD1bY84ahBaXMWIHWygZ5VY -N3RTQm1Z0IqY5dZ1xem6lCVNJS1EIwNCR+os3wZHlMFN3vet7OnmbPTycx8vC7Sn -lVDX3VSLwkcWCsA5qUCfxTDkN7y+PhWZNeZTk0nZQWgLR11T9OH+XBEJrIdzVycx -WrYXtz+6ExRRBg0GYnLSnGgdrCn6P00qX/EhiyOBA2BqFDI26zC4YeNoTCE+77sb -Tdexbh6G74fXz3wz8yRKWfotABTWzKgnzKk8zy1X7ODHi7CPu52dnaFx433m5bvQ -9aDkNDJTAgMBAAECggEACrLFfNnQmD24NGs/S4e2/VpsA9xTZI/3kNkDNgxULANP -aNZtxRajwI9A/BCXQ2UTgsZhzWnJxOJYXrlpl7PweY78mUesysb3MOUC6QisUm0M -kimfdktHWOnAKLFFLNleN9DUVjjVkTeslijqhNX80f80py1grG2UuCLKCX4OqYIm -qACE8TMmSZLz42AO96TndNtKplQ8LuGLEmByW95wEfhx3Gm4ckkL7qII/U3DnQXr -0T+3xLaj+eNJzYDpIFZiw4sNzOuAyCz+4Cc4sPDuMnzquXF+enpkemoycC1RmEpG -KIDTwmFsc8TrbGV0qifC6fsCrDivdYLqL7R/q3IBQQKBgQDmfvO3VYTEKY8NA+AT -5s6+7NTxRsXxJUCEhCNBWimSH3EzmBAvrodLY6A0oYg8i81bgNX1I9GPVXJZ/QA7 -ukd84HUIQoGS5Usmo4rp+kz4P6KkLXDemZtWPU5GXxicfajHRQlkbW6St6SpV7IS -ibJcDADeoiaPL1xvue1ToP/LoQKBgQDgOFHjYpep00gabvjXfYW7vhrg1vVwaKUM -rf0+UW8Exk4nbBw0eEC2YjxIwzdktlkdbzGaXYULnhg8GnfxYesMOpCLPw1JdB8o -ixETAFpW5bKrUsjEFRUGhzWnsCSFIQ4smpmtGLTxOQ8AkoDdORY5Z+Wv7JtFF6Do -PSoblckZcwKBgB3TD3YJesRnHDty5OuuUdIikuslXTd2uoJrFqS+JeLibqNeabnB -u3/lxDULMbWj4U6VvRmbKOKDC+jY887Gq7lc0cff0yROxwqY3sCnwo3crg7QUmp7 -Nb5S8G3qoCSfndcq96wm/Me/O28uCbycVJfUdchY8uRUHIHYbP0FOBQBAoGBAMgh -fPX4imaKr1DovDObVkK87EDDnU84GBm5MtDs3qrkVd3aIVK0Aw7HoAdSN58tI12i -YiPmVVqJQhhjh6tsOuAvZdTj8ngdrbICbrsHFZt6an+A5LIgHyQ0iy+hiPdLCdvG -ImTeKKMmyr04Bs1upueWVO0xw2VoMbcY4Py+NUEBAoGASQqedfCSKGLT+5lLZrhP -CbFVMmswEPjBcRb1trcuA09vfExn9FfUNFnnw3i9miprED5kufvAjb+6nduXizKg -7HQYHCwVvakgtXgbiDMaNgYZcjWm+MdnfiwLJjJTO3DfI1JF2PJ8y9R95DPlAkDm -xH3OV8KV4UiTEVxS7ksmGzY= +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDCDV2YZPetWoxt +5VZYvLwQCKr2t7TsAXyxMRHL2ghgXkRSr1/TE7nebDCohZXvs72YX33+QMUZC5A0 +6cgIxIdc20xcRfN8FoyKCHDS7IKHWj9UJ6M1DnH8dTxouH3fSDkMhw4lDd9ni/3y +QFqJ7v5o+BExUMzW8isgt952r0q3nrO8+LOReEN6rGMrIhl2t2gGVfnMB9+1a1ge +lD6WROFJJepCdyE3pLYkV6OZG2w2dx4NU4EF2+XOYfQ2V/CPKcsrf8QmihOwg3KL +11cPz857yv5QD6eiRa+dYLYgBQmOnFb5cDJMb82h8bBf4/Cq5PRgPlxKU4MjBkBY +CKbKBYupAgMBAAECggEBAJ2mdCKJ7LoWdT4W8pZ3BqZUFGkKCF8wOhhOUDH3+ZQp +IYK3XbdDMF7mMIXIuW4a7W4sLlTwU/Ar98U1JMESwRIMS7YvUke+ngDKKLcDVGwY +Qpjg9vP0v2Al8qT1NbW/nDF0S2aJJbWfAvnblHK5ClFHL9iL107NQYJ8PqzXbnFL +gCQRiZxVHlrbn/73ZUMHPGEoU0711U9hSjrsqrRuSAMC+V38s4HxOomZWutlVAHF +HwClNZBqRO+a2njPyUuV9DM/rl5Tm9IQ89iFo3/QEORICK77HjJYhi+UzdfI5F35 +UntRJt+WLaiAP+K6Vt6oxHSm58qXnOkeLzaAunTTie0CgYEA6OLYfme8xe5zYXWX +rqmKNYdcVfMkvL+vUfVT475o/piRtE54JC1LYWEFAN8paxEWHD5HZMy0+ONNXfGm +zyNNTN/Lagz4WcpdFzKQmhfdro7DzRiDfdvwSLmaZDyE41PPPVVvfrI9IeDiUNY4 +nWLSb3sWo96Iuns+RoMqeA9wkqsCgYEA1U/UqeVQVTPlrWyiB2VXoI1xvFCCJTf8 +4NC0gcisxLRrtINk0BwrUJrRy0x1OLpJWiKwUl/W1GgvPPfhbYcUOb669JNtTIjY +FeIZblCTjz9GzKKmXeDciXvccyEdCJVUlPO3/e2JiJ4mCDjULprifq0a2gcQevFS +PfqVULhBOvsCgYB5KfS7J1vGmv36ucSWAe0/VlKLATqe3RfpCzt/JQTZWSWNaroF +EG/ElUaWIoUZCEW5oglg/0Q0rYYGF4DTCingkhrx7ReVF70BIbSsBzi15d8nKNbY +t4I3RCF4fyggYe1TmsysXS2DH85/gkToVY7oo2CvF0uJwi8vXnTNDDNkiwKBgHKs +mAc94BHt9GtnGzQepx0I7TvvjAe2MZwqlt+uojKdS8mfWXMHscGDeYVxdRMqEoUC +YQfnvfYyjDKaj/XxyE3C237gQsICTyh0hHdpmepIeidIyWdumyDOFZVPF+ylWvM4 +kpFQQb/QRWHmKyti2KCBLw5G/fUaBryLGfprE6ZBAoGBANy5rr41A679UQZ0abev +bOZb7YWOHYp/wReJaQbvLAyR30os3aEY/0ht9S+OWdrgGMezPKvsx2Sqr/CwoFXI +esiklpknr11maEPxnQJYi4FYiXS1a3NCg7yBvKzFEgx2XnMAC3s6zhuZXaFq4zNu +pm5Btrq/NZqtVXovS+UhGLvJ -----END PRIVATE KEY----- diff --git a/plugins/tests/certs/ext.cnf b/plugins/tests/certs/ext.cnf new file mode 100644 index 00000000..d09cee13 --- /dev/null +++ b/plugins/tests/certs/ext.cnf @@ -0,0 +1,2 @@ +[ client_ca ] +basicConstraints = critical, CA:true diff --git a/plugins/tests/certs/generate-certs.sh b/plugins/tests/certs/generate-certs.sh new file mode 100755 index 00000000..78660a26 --- /dev/null +++ b/plugins/tests/certs/generate-certs.sh @@ -0,0 +1,63 @@ +#!/bin/sh -e +# +# Recreates the https server certificates +# +# Set the GEN_EXPIRED environment variable to also regenerate +# the expired certificate. + +cd "$(dirname "$0")" +trap 'rm -f *.csr; rm -f clientca-cert.srl' EXIT + +subj() { + c="DE" + st="Bavaria" + l="Munich" + o="Monitoring Plugins" + cn="Monitoring Plugins" + emailAddress="devel@monitoring-plugins.org" + + if [ -n "$1" ]; then + # Add to CN + cn="$cn $1" + fi + + printf "/C=%s/ST=%s/L=%s/O=%s/CN=%s/emailAddress=%s" \ + "$c" "$st" "$l" "$o" "$cn" "$emailAddress" +} + +# server +openssl req -new -x509 -days 3560 -nodes \ + -keyout server-key.pem -out server-cert.pem \ + -subj "$(subj)" +# server, expired +# there is generally no need to regenerate this, as it will stay epxired +[ -n "$GEN_EXPIRED" ] && TZ=UTC faketime -f '2008-01-01 12:00:00' \ + openssl req -new -x509 -days 1 -nodes \ + -keyout expired-key.pem -out expired-cert.pem \ + -subj "$(subj)" + +# client, ca +openssl req -new -x509 -days 3560 -nodes \ + -keyout clientca-key.pem -out clientca-cert.pem \ + -subj "$(subj ClientCA)" +echo "01" >clientca-cert.srl +# client +openssl req -new -nodes \ + -keyout client-key.pem -out client-cert.csr \ + -subj "$(subj Client)" +openssl x509 -days 3560 -req -CA clientca-cert.pem -CAkey clientca-key.pem \ + -in client-cert.csr -out client-cert.pem +# client, intermediate +openssl req -new -nodes \ + -keyout clientintermediate-key.pem -out clientintermediate-cert.csr \ + -subj "$(subj ClientIntermediate)" +openssl x509 -days 3560 -req -CA clientca-cert.pem -CAkey clientca-key.pem \ + -extfile ext.cnf -extensions client_ca \ + -in clientintermediate-cert.csr -out clientintermediate-cert.pem +# client, chain +openssl req -new -nodes \ + -keyout clientchain-key.pem -out clientchain-cert.csr \ + -subj "$(subj ClientChain)" +openssl x509 -days 3560 -req -CA clientca-cert.pem -CAkey clientca-key.pem \ + -in clientchain-cert.csr -out clientchain-cert.pem +cat clientintermediate-cert.pem >>clientchain-cert.pem diff --git a/plugins/tests/certs/server-cert.pem b/plugins/tests/certs/server-cert.pem index b84b91d2..d1249ef1 100644 --- a/plugins/tests/certs/server-cert.pem +++ b/plugins/tests/certs/server-cert.pem @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIEBjCCAu6gAwIBAgIJANbQ5QQrKhUGMA0GCSqGSIb3DQEBCwUAMIGXMQswCQYD -VQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEPMA0GA1UEBwwGTXVuaWNoMRswGQYD -VQQKDBJNb25pdG9yaW5nIFBsdWdpbnMxGzAZBgNVBAMMEk1vbml0b3JpbmcgUGx1 -Z2luczErMCkGCSqGSIb3DQEJARYcZGV2ZWxAbW9uaXRvcmluZy1wbHVnaW5zLm9y -ZzAeFw0xOTAyMTkxNTMxNDRaFw0yOTAyMTYxNTMxNDRaMIGXMQswCQYDVQQGEwJE -RTEQMA4GA1UECAwHQmF2YXJpYTEPMA0GA1UEBwwGTXVuaWNoMRswGQYDVQQKDBJN -b25pdG9yaW5nIFBsdWdpbnMxGzAZBgNVBAMMEk1vbml0b3JpbmcgUGx1Z2luczEr -MCkGCSqGSIb3DQEJARYcZGV2ZWxAbW9uaXRvcmluZy1wbHVnaW5zLm9yZzCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKgV2yp8pQvJuN+aJGdAe6Hd0tja -uteCPcNIcM92WLOF69TLTSYon1XDon4tHTh4Z5d4lD8bfsGzFVBmDSgWidhAUf+v -EqEXwbp293ej/Frc0pXCvmrz6kI1tWrLtQhL/VdbxFYxhV7JjKb+PY3SxGFpSLPe -PQ/5SwVndv7rZIwcjseL22K5Uy2TIrkgzzm2pRs/IvoxRybYr/+LGoHyrtJC6AO8 -ylp8A/etL0gwtUvRnrnZeTQ2pA1uZ5QN3anTL8JP/ZRZYNegIkaawqMtTKbhM6pi -u3/4a3Uppvt0y7vmGfQlYejxCpICnMrvHMpw8L58zv/98AbCGjDU3UwCt6MCAwEA -AaNTMFEwHQYDVR0OBBYEFG/UH6nGYPlVcM75UXzXBF5GZyrcMB8GA1UdIwQYMBaA -FG/UH6nGYPlVcM75UXzXBF5GZyrcMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN -AQELBQADggEBAGwitJPOnlIKLndNf+iCLMIs0dxsl8kAaejFcjoT0n4ja7Y6Zrqz -VSIidzz9vQWvy24xKJpAOdj/iLRHCUOG+Pf5fA6+/FiuqXr6gE2/lm0eC58BNONr -E5OzjQ/VoQ8RX4hDntgu6FYbaVa/vhwn16igt9qmdNGGZXf2/+DM3JADwyaA4EK8 -vm7KdofX9zkxXecHPNvf3jiVLPiDDt6tkGpHPEsyP/yc+RUdltUeZvHfliV0cCuC -jJX+Fm9ysjSpHIFFr+jUMuMHibWoOD8iy3eYxfCDoWsH488pCbj8MNuAq6vd6DBk -bOZxDz43vjWuYMkwXJTxJQh7Pne6kK0vE1g= +MIIEETCCAvmgAwIBAgIUZwOhY4myaCUaPek3NM+MxbLG9vwwDQYJKoZIhvcNAQEL +BQAwgZcxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZN +dW5pY2gxGzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9u +aXRvcmluZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5n +LXBsdWdpbnMub3JnMB4XDTIxMDIyODIxMDIxMVoXDTMwMTEyODIxMDIxMVowgZcx +CzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gx +GzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9uaXRvcmlu +ZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdp +bnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2/3eBA4WG6xz +LfM6xcWywxThb1Rp7XAW3ewQd9/PdoWXEe8BJWlLfyYi1drLMcsDywhLkKmW4Vp9 +1R4PAkiljjrB/ZaUMDLJ1ri3dwX4RvXG7crsU3QWFWCBOrf5V2FTRQ2m/H/KyB/6 +rVZANsU47HqTFSPiUm2j7P3wx/wtHeYC+qmNG7zZTjAYPYxfKiod0lytTSmb+h54 +6lxn3+VPEXZAQZlLvPnm/58JnXGrUv7B2yocf5MhKkLJOrGxH2hfwKISfaj2gpOV +m4PUVYiDzCSpq1fPvwbUxIvdO27xprx+mrGOFM6f2UCEOc35w8FSmYiR2yQTnEJK +pbSQD6t1jQIDAQABo1MwUTAdBgNVHQ4EFgQUMeYgglT2aWDlF8KEeF2376AlTGYw +HwYDVR0jBBgwFoAUMeYgglT2aWDlF8KEeF2376AlTGYwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAFcEg83rTJdgkp7JLYqK0j8JogSHNlDYchr/r +VxKBgQwfnjSp5A8d5+uTQ9s3QDabw8v7YeSrzYXbbjuWZ61mnl84tzOQ8LMeESnC +CBXRCxB8Ow22WsVTVJq279SGYT+cZrdsmqGVWDi1A0C5kH+XTLAioG5CZmmxemD/ +S92ZoRxGyYfg33r+3X6EMcEYtHKGxCUa3EPcPOL4dq2F3nOnyjiWPZm3786H3NY2 +nsYwrEhAdUFtbYSsV5O0c/Zlc33fmTfh654ab35io1DtwmFo7q8J532dUE007EN0 +mIQmhdrjNJJHIftgSt0fuN5m48oLOnX7vvkz+X0WLWfVTtMr0w== -----END CERTIFICATE----- diff --git a/plugins/tests/certs/server-key.pem b/plugins/tests/certs/server-key.pem index 11947555..0de63f8f 100644 --- a/plugins/tests/certs/server-key.pem +++ b/plugins/tests/certs/server-key.pem @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCoFdsqfKULybjf -miRnQHuh3dLY2rrXgj3DSHDPdlizhevUy00mKJ9Vw6J+LR04eGeXeJQ/G37BsxVQ -Zg0oFonYQFH/rxKhF8G6dvd3o/xa3NKVwr5q8+pCNbVqy7UIS/1XW8RWMYVeyYym -/j2N0sRhaUiz3j0P+UsFZ3b+62SMHI7Hi9tiuVMtkyK5IM85tqUbPyL6MUcm2K// -ixqB8q7SQugDvMpafAP3rS9IMLVL0Z652Xk0NqQNbmeUDd2p0y/CT/2UWWDXoCJG -msKjLUym4TOqYrt/+Gt1Kab7dMu75hn0JWHo8QqSApzK7xzKcPC+fM7//fAGwhow -1N1MArejAgMBAAECggEANuvdTwanTzC8jaNqHaq+OuemS2E9B8nwsGxtH/zFgvNR -WZiMPtmrJnTkFWJcV+VPw/iMSAqN4nDHmBugVOb4Z4asxGTKK4T9shXJSnh0rqPU -00ZsvbmxY6z0+E5TesCJqQ+9GYTY1V357V7JchvaOxIRxWPqg9urHbru8OCtW/I5 -Fh5HPUZlgCvlMpjlhyjydIf/oXyVA3RNsXlwe8+2cKuGIrjEzm2j9o3VF0sctTX0 -ItP8A9qDmDQN7GIWX0MW6gncojpS1omC2wcFsdjj/xfPyiDal1X4aq/2YqG8351c -YlM/+6Va0u9WWE/i64gASTAVqpMV4Yg8y0gGycuA0QKBgQDbgI2QeLd3FvMcURiU -l3w9qJgw/Jp3jaNC/9LkVGGz4f4lKKB67lPZvI4noMK8GqO/LcXgqP/RY1oJojoA -/6JKVvzYGASZ7VgMoG9bk1AneP1PGdibuTUEwimGlcObxnDFIC/yjwPFu3jIdqdS -zZi1RZzyqAogN5y3SBEypSmn9wKBgQDECKsqqlcizmCl8v5aVk875AzGN+DOHZqx -bkmztlnLO/2e2Fmk3G5Vvnui0FYisf8Eq19tUTQCF6lSfJlGQeFAT119wkFZhLu+ -FfLGqoEMH0ijJg/8PpdpFRK3I94YcISoTNN6yxMvE6xdDGfKCt5a+IX5bwQi9Zdc -B242gEc6tQKBgA6tM8n7KFlAIZU9HuWgk2AUC8kKutFPmSD7tgAqXDYI4FNfugs+ -MEEYyHCB4UNujJBV4Ss6YZCAkh6eyD4U2aca1eElCfm40vBVMdzvpqZdAqLtWXxg -D9l3mgszrFaYGCY2Fr6jLV9lP5g3xsxUjudf9jSLY9HvpfzjRrMaNATVAoGBALTl -/vYfPMucwKlC5B7++J0e4/7iv6vUu9SyHocdZh1anb9AjPDKjXLIlZT4RhQ8R0XK -0wOw5JpttU2uN08TKkbLNk3/vYhbKVjPLjrQSseh8sjDLgsqw1QwIxYnniLVakVY -p+rvjSNrNyqicQCMKQavwgocvSd5lJRTMwxOMezlAoGBAKWj71BX+0CK00/2S6lC -TcNcuUPG0d8y1czZ4q6tUlG4htwq1FMOpaghATXjkdsOGTLS+H1aA0Kt7Ai9zDhc -/bzOJEJ+jvBXV4Gcs7jl1r/HTKv0tT9ZSI5Vzkida0rfqxDGzcMVlLuCdH0cb8Iu -N0wdmCAqlQwHR13+F1zrAD7V +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDb/d4EDhYbrHMt +8zrFxbLDFOFvVGntcBbd7BB33892hZcR7wElaUt/JiLV2ssxywPLCEuQqZbhWn3V +Hg8CSKWOOsH9lpQwMsnWuLd3BfhG9cbtyuxTdBYVYIE6t/lXYVNFDab8f8rIH/qt +VkA2xTjsepMVI+JSbaPs/fDH/C0d5gL6qY0bvNlOMBg9jF8qKh3SXK1NKZv6Hnjq +XGff5U8RdkBBmUu8+eb/nwmdcatS/sHbKhx/kyEqQsk6sbEfaF/AohJ9qPaCk5Wb +g9RViIPMJKmrV8+/BtTEi907bvGmvH6asY4Uzp/ZQIQ5zfnDwVKZiJHbJBOcQkql +tJAPq3WNAgMBAAECggEBAIvJDUjQVpXxByL8eazviT5SR0jBf6mC3tTWykQRb7ck +/bBEiRrnhDRf3CS9KP4TvO5G8BUU3a2GHYzM08akuKXeiiODidfyfbQ1nUZBAdi9 +FVFF7tK8YcflkVfpTMOMMSggm6m33fc58sQvmQ/0U85XuJvnOEkeJ9pQJa49e8GR +lpCQImF7ygltHPEz4o8qOtNMuPxiHOxpc517+ozQULZk153NTfGok1XctDFFZ3YX +8okLSfcqZ28mdHYSvI9xf60Cm7cT9tunXHwZ0f1esTFiVYpAp+oTJqtdYxr/fYlL +oO8G8iIQ7LjdJfgo84PscpKdSRCq3BfnmER1Eyg6hrUCgYEA/0hL5Y/haz/2jYGy +aa8yZSuD1ZcWtj7pLKrBQnHPHIHsjSBggWhopvonCFvCjgSS1pOFOUAwMGc0T+Dw +rWo3w8cEUyECl3Bw8gbCWtRXaigzU9TPgCWyx1j5dTopQhLObzS/m7fJFElnYNru +jqhsUfWS+NKk8a5+A7i9lv4iBLMCgYEA3Jws3Lfj/Xs7LljrvryTMpPthvUGBcyt +U9Qmf1Hmur90RP5V1rx4FqPQzIeaGQyZDNIUnkhBSqQZNCts3Rzay7N4uQzk8OEg +S8Llnw76wLwi0SJ4okDtT5tpTR6fcS0M9lGN+zvvfUB4+ul8oub0pMcyme/pywEz +ap+x3xAQPL8CgYEAiYOBVtTNof9fqdRurh1w8SyipKDx3BRBeQ02c7tozLt0GIWT +VsJOdXwVIJyFTglKrAnlXvSjwL8nX8wU+eVYyr5fJwSGJ9urC8T2VwVBXW7wTz04 +1Zf5GQdlwW8mIHCPATqR6Kj0yVfNN1BX50L0rqWxmRWnQoUzXn/aqQaWfp8CgYAW +9693/zEeR8EejyVkAy/z+RCml0XcPrXg31pusPErihkpwazgIVkDSmTHlmqFpxkc +C5cX73/UrIbvNoIr9wAUawfrhBsltNpu6MiNKbsTa8LYMRWMFuReAFkTLVf+KWmL +D2yPtmq1iIvP25UdRJw9t3teKWsWtnZK6HtVNM/r8wKBgQDKlqUpy8r4KK+S2w80 +H7rAQJo1DgXsYrgSa2gfppSKro4lm3ltyAfVIrKQKP7uCo9xTGKVQAUPttMs2+17 +nwbwvt7/nG7G1Dk/C/t6b7SJ80VY5b9ZZKIJ0wOjajLufSjPNCe0ZTRn32XusZUn +nYGB5/QXYr5WGV9YhAkRsFJYgA== -----END PRIVATE KEY----- diff --git a/plugins/tests/check_curl.t b/plugins/tests/check_curl.t index 29cb03f2..aa72ef67 100755 --- a/plugins/tests/check_curl.t +++ b/plugins/tests/check_curl.t @@ -228,23 +228,25 @@ SKIP: { skip "HTTP::Daemon::SSL not installed", $common_tests + $ssl_only_tests if ! exists $servers->{https}; run_common_tests( { command => "$command -p $port_https", ssl => 1 } ); + my $expiry = "Thu Nov 28 21:02:11 2030 +0000"; + $result = NPTest->testCmd( "$command -p $port_https -S -C 14" ); is( $result->return_code, 0, "$command -p $port_https -S -C 14" ); - is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on Fri Feb 16 15:31:44 2029 +0000.", "output ok" ); + is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on $expiry.", "output ok" ); $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" ); is( $result->return_code, 1, "$command -p $port_https -S -C 14000" ); - like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" ); + like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(' . quotemeta($expiry) . '\)./', "output ok" ); # Expired cert tests $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" ); is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" ); - like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" ); + like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(' . quotemeta($expiry) . '\)./', "output ok" ); $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" ); is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" ); is( $result->output, - 'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan 2 11:00:26 2008 +0000.', + 'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan 2 12:00:00 2008 +0000.', "output ok" ); } diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t index 188f5e75..ea11b2ac 100755 --- a/plugins/tests/check_http.t +++ b/plugins/tests/check_http.t @@ -3,16 +3,7 @@ # Test check_http by having an actual HTTP server running # # To create the https server certificate: -# openssl req -new -x509 -keyout server-key.pem -out server-cert.pem -days 3650 -nodes -# to create a new expired certificate: -# faketime '2008-01-01 12:00:00' openssl req -new -x509 -keyout expired-key.pem -out expired-cert.pem -days 1 -nodes -# Country Name (2 letter code) [AU]:DE -# State or Province Name (full name) [Some-State]:Bavaria -# Locality Name (eg, city) []:Munich -# Organization Name (eg, company) [Internet Widgits Pty Ltd]:Monitoring Plugins -# Organizational Unit Name (eg, section) []: -# Common Name (e.g. server FQDN or YOUR name) []:Monitoring Plugins -# Email Address []:devel@monitoring-plugins.org +# ./certs/generate-certs.sh use strict; use Test::More; @@ -23,7 +14,7 @@ $ENV{'LC_TIME'} = "C"; my $common_tests = 70; my $virtual_port_tests = 8; -my $ssl_only_tests = 8; +my $ssl_only_tests = 12; # Check that all dependent modules are available eval "use HTTP::Daemon 6.01;"; plan skip_all => 'HTTP::Daemon >= 6.01 required' if $@; @@ -59,61 +50,87 @@ $HTTP::Daemon::VERSION = "1.00"; my $port_http = 50000 + int(rand(1000)); my $port_https = $port_http + 1; my $port_https_expired = $port_http + 2; +my $port_https_clientcert = $port_http + 3; # This array keeps sockets around for implementing timeouts my @persist; # Start up all servers my @pids; -my $pid = fork(); -if ($pid) { - # Parent - push @pids, $pid; - if (exists $servers->{https}) { - # Fork a normal HTTPS server - $pid = fork(); - if ($pid) { - # Parent - push @pids, $pid; - # Fork an expired cert server - $pid = fork(); - if ($pid) { - push @pids, $pid; - } else { - my $d = HTTP::Daemon::SSL->new( - LocalPort => $port_https_expired, - LocalAddr => "127.0.0.1", - SSL_cert_file => "$Bin/certs/expired-cert.pem", - SSL_key_file => "$Bin/certs/expired-key.pem", - ) || die; - print "Please contact https expired at: url, ">\n"; - run_server( $d ); - exit; - } - } else { - # closing the connection after -C cert checks make the daemon exit with a sigpipe otherwise - local $SIG{'PIPE'} = 'IGNORE'; - my $d = HTTP::Daemon::SSL->new( - LocalPort => $port_https, - LocalAddr => "127.0.0.1", - SSL_cert_file => "$Bin/certs/server-cert.pem", - SSL_key_file => "$Bin/certs/server-key.pem", - ) || die; - print "Please contact https at: url, ">\n"; - run_server( $d ); - exit; - } - } -} else { - # Child - #print "child\n"; +# Fork a HTTP server +my $pid = fork; +defined $pid or die "Failed to fork"; +if (!$pid) { + undef @pids; my $d = HTTP::Daemon->new( LocalPort => $port_http, LocalAddr => "127.0.0.1", ) || die; print "Please contact http at: url, ">\n"; run_server( $d ); - exit; + die "webserver stopped"; +} +push @pids, $pid; + +if (exists $servers->{https}) { + # Fork a normal HTTPS server + $pid = fork; + defined $pid or die "Failed to fork"; + if (!$pid) { + undef @pids; + # closing the connection after -C cert checks make the daemon exit with a sigpipe otherwise + local $SIG{'PIPE'} = 'IGNORE'; + my $d = HTTP::Daemon::SSL->new( + LocalPort => $port_https, + LocalAddr => "127.0.0.1", + SSL_cert_file => "$Bin/certs/server-cert.pem", + SSL_key_file => "$Bin/certs/server-key.pem", + ) || die; + print "Please contact https at: url, ">\n"; + run_server( $d ); + die "webserver stopped"; + } + push @pids, $pid; + + # Fork an expired cert server + $pid = fork; + defined $pid or die "Failed to fork"; + if (!$pid) { + undef @pids; + # closing the connection after -C cert checks make the daemon exit with a sigpipe otherwise + local $SIG{'PIPE'} = 'IGNORE'; + my $d = HTTP::Daemon::SSL->new( + LocalPort => $port_https_expired, + LocalAddr => "127.0.0.1", + SSL_cert_file => "$Bin/certs/expired-cert.pem", + SSL_key_file => "$Bin/certs/expired-key.pem", + ) || die; + print "Please contact https expired at: url, ">\n"; + run_server( $d ); + die "webserver stopped"; + } + push @pids, $pid; + + # Fork an client cert expecting server + $pid = fork; + defined $pid or die "Failed to fork"; + if (!$pid) { + undef @pids; + # closing the connection after -C cert checks make the daemon exit with a sigpipe otherwise + local $SIG{'PIPE'} = 'IGNORE'; + my $d = HTTP::Daemon::SSL->new( + LocalPort => $port_https_clientcert, + LocalAddr => "127.0.0.1", + SSL_cert_file => "$Bin/certs/server-cert.pem", + SSL_key_file => "$Bin/certs/server-key.pem", + SSL_verify_mode => IO::Socket::SSL->SSL_VERIFY_PEER | IO::Socket::SSL->SSL_VERIFY_FAIL_IF_NO_PEER_CERT, + SSL_ca_file => "$Bin/certs/clientca-cert.pem", + ) || die; + print "Please contact https client cert at: url, ">\n"; + run_server( $d ); + die "webserver stopped"; + } + push @pids, $pid; } # give our webservers some time to startup @@ -122,60 +139,62 @@ sleep(3); # Run the same server on http and https sub run_server { my $d = shift; - MAINLOOP: while (my $c = $d->accept ) { - while (my $r = $c->get_request) { - if ($r->method eq "GET" and $r->url->path =~ m^/statuscode/(\d+)^) { - $c->send_basic_header($1); - $c->send_crlf; - } elsif ($r->method eq "GET" and $r->url->path =~ m^/file/(.*)^) { - $c->send_basic_header; - $c->send_crlf; - $c->send_file_response("$Bin/var/$1"); - } elsif ($r->method eq "GET" and $r->url->path eq "/slow") { - $c->send_basic_header; - $c->send_crlf; - sleep 1; - $c->send_response("slow"); - } elsif ($r->url->path eq "/method") { - if ($r->method eq "DELETE") { - $c->send_error(HTTP::Status->RC_METHOD_NOT_ALLOWED); - } elsif ($r->method eq "foo") { - $c->send_error(HTTP::Status->RC_NOT_IMPLEMENTED); + while (1) { + MAINLOOP: while (my $c = $d->accept) { + while (my $r = $c->get_request) { + if ($r->method eq "GET" and $r->url->path =~ m^/statuscode/(\d+)^) { + $c->send_basic_header($1); + $c->send_crlf; + } elsif ($r->method eq "GET" and $r->url->path =~ m^/file/(.*)^) { + $c->send_basic_header; + $c->send_crlf; + $c->send_file_response("$Bin/var/$1"); + } elsif ($r->method eq "GET" and $r->url->path eq "/slow") { + $c->send_basic_header; + $c->send_crlf; + sleep 1; + $c->send_response("slow"); + } elsif ($r->url->path eq "/method") { + if ($r->method eq "DELETE") { + $c->send_error(HTTP::Status->RC_METHOD_NOT_ALLOWED); + } elsif ($r->method eq "foo") { + $c->send_error(HTTP::Status->RC_NOT_IMPLEMENTED); + } else { + $c->send_status_line(200, $r->method); + } + } elsif ($r->url->path eq "/postdata") { + $c->send_basic_header; + $c->send_crlf; + $c->send_response($r->method.":".$r->content); + } elsif ($r->url->path eq "/redirect") { + $c->send_redirect( "/redirect2" ); + } elsif ($r->url->path eq "/redir_external") { + $c->send_redirect(($d->isa('HTTP::Daemon::SSL') ? "https" : "http") . "://169.254.169.254/redirect2" ); + } elsif ($r->url->path eq "/redirect2") { + $c->send_basic_header; + $c->send_crlf; + $c->send_response(HTTP::Response->new( 200, 'OK', undef, 'redirected' )); + } elsif ($r->url->path eq "/redir_timeout") { + $c->send_redirect( "/timeout" ); + } elsif ($r->url->path eq "/timeout") { + # Keep $c from being destroyed, but prevent severe leaks + unshift @persist, $c; + delete($persist[1000]); + next MAINLOOP; + } elsif ($r->url->path eq "/header_check") { + $c->send_basic_header; + $c->send_header('foo'); + $c->send_crlf; + } elsif ($r->url->path eq "/virtual_port") { + # return sent Host header + $c->send_basic_header; + $c->send_crlf; + $c->send_response(HTTP::Response->new( 200, 'OK', undef, $r->header ('Host'))); } else { - $c->send_status_line(200, $r->method); + $c->send_error(HTTP::Status->RC_FORBIDDEN); } - } elsif ($r->url->path eq "/postdata") { - $c->send_basic_header; - $c->send_crlf; - $c->send_response($r->method.":".$r->content); - } elsif ($r->url->path eq "/redirect") { - $c->send_redirect( "/redirect2" ); - } elsif ($r->url->path eq "/redir_external") { - $c->send_redirect(($d->isa('HTTP::Daemon::SSL') ? "https" : "http") . "://169.254.169.254/redirect2" ); - } elsif ($r->url->path eq "/redirect2") { - $c->send_basic_header; - $c->send_crlf; - $c->send_response(HTTP::Response->new( 200, 'OK', undef, 'redirected' )); - } elsif ($r->url->path eq "/redir_timeout") { - $c->send_redirect( "/timeout" ); - } elsif ($r->url->path eq "/timeout") { - # Keep $c from being destroyed, but prevent severe leaks - unshift @persist, $c; - delete($persist[1000]); - next MAINLOOP; - } elsif ($r->url->path eq "/header_check") { - $c->send_basic_header; - $c->send_header('foo'); - $c->send_crlf; - } elsif ($r->url->path eq "/virtual_port") { - # return sent Host header - $c->send_basic_header; - $c->send_crlf; - $c->send_response(HTTP::Response->new( 200, 'OK', undef, $r->header ('Host'))); - } else { - $c->send_error(HTTP::Status->RC_FORBIDDEN); + $c->close; } - $c->close; } } } @@ -200,25 +219,44 @@ SKIP: { skip "HTTP::Daemon::SSL not installed", $common_tests + $ssl_only_tests if ! exists $servers->{https}; run_common_tests( { command => "$command -p $port_https", ssl => 1 } ); + my $expiry = "Thu Nov 28 21:02:11 2030 +0000"; + $result = NPTest->testCmd( "$command -p $port_https -S -C 14" ); is( $result->return_code, 0, "$command -p $port_https -S -C 14" ); - is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on Fri Feb 16 15:31:44 2029 +0000.", "output ok" ); + is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on $expiry.", "output ok" ); $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" ); is( $result->return_code, 1, "$command -p $port_https -S -C 14000" ); - like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" ); + like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(' . quotemeta($expiry) . '\)./', "output ok" ); # Expired cert tests $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" ); is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" ); - like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" ); + like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(' . quotemeta($expiry) . '\)./', "output ok" ); $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" ); is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" ); is( $result->output, - 'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan 2 11:00:26 2008 +0000.', + 'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan 2 12:00:00 2008 +0000.', "output ok" ); + # client cert tests + my $cmd; + $cmd = "$command -p $port_https_clientcert" + . " -J \"$Bin/certs/client-cert.pem\"" + . " -K \"$Bin/certs/client-key.pem\"" + . " -u /statuscode/200"; + $result = NPTest->testCmd($cmd); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); + + $cmd = "$command -p $port_https_clientcert" + . " -J \"$Bin/certs/clientchain-cert.pem\"" + . " -K \"$Bin/certs/clientchain-key.pem\"" + . " -u /statuscode/200"; + $result = NPTest->testCmd($cmd); + is( $result->return_code, 0, $cmd); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); } my $cmd; -- cgit v1.2.3-74-g34f1 From e781e0d1010b57da0e468cb7e9afb03860870218 Mon Sep 17 00:00:00 2001 From: Lorenz <12514511+RincewindsHat@users.noreply.github.com> Date: Sun, 30 Jan 2022 12:44:02 +0100 Subject: Fix double percentage sign in usage (#1743) --- plugins/check_procs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/check_procs.c b/plugins/check_procs.c index 48723404..a025ee89 100644 --- a/plugins/check_procs.c +++ b/plugins/check_procs.c @@ -775,7 +775,7 @@ be the total number of running processes\n\n")); printf (" %s\n", "check_procs -w 50000 -c 100000 --metric=VSZ"); printf (" %s\n\n", _("Alert if VSZ of any processes over 50K or 100K")); printf (" %s\n", "check_procs -w 10 -c 20 --metric=CPU"); - printf (" %s\n", _("Alert if CPU of any processes over 10%% or 20%%")); + printf (" %s\n", _("Alert if CPU of any processes over 10\% or 20\%")); printf (UT_SUPPORT); } -- cgit v1.2.3-74-g34f1 From d485b64ef0c08eb04fd6152b61b167c5edadab02 Mon Sep 17 00:00:00 2001 From: Lorenz <12514511+RincewindsHat@users.noreply.github.com> Date: Sun, 30 Jan 2022 19:41:36 +0100 Subject: Description for -M was the wrong way around (#1746) Using -M should show the mountpoint instead of the device the file system originated from. Seems like this was not the case for a long time and now the default is to show the mount point. Using `-M` reverts to showing the (block) device instead. The usage Description was adjusted with this commit. --- plugins/check_disk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/check_disk.c b/plugins/check_disk.c index 9652f453..66c5dd39 100644 --- a/plugins/check_disk.c +++ b/plugins/check_disk.c @@ -961,7 +961,7 @@ print_help (void) printf (" %s\n", _("Only check local filesystems against thresholds. Yet call stat on remote filesystems")); printf (" %s\n", _("to test if they are accessible (e.g. to detect Stale NFS Handles)")); printf (" %s\n", "-M, --mountpoint"); - printf (" %s\n", _("Display the mountpoint instead of the partition")); + printf (" %s\n", _("Display the (block) device instead of the mount point")); printf (" %s\n", "-m, --megabytes"); printf (" %s\n", _("Same as '--units MB'")); printf (" %s\n", "-A, --all"); -- cgit v1.2.3-74-g34f1 From 5943528121033579033c5a372df6c5e91b22e723 Mon Sep 17 00:00:00 2001 From: Lorenz <12514511+RincewindsHat@users.noreply.github.com> Date: Tue, 1 Feb 2022 09:57:50 +0100 Subject: Use silent automake by default (#1747) --- configure.ac | 1 + 1 file changed, 1 insertion(+) diff --git a/configure.ac b/configure.ac index dfc37b5e..8c5ca70a 100644 --- a/configure.ac +++ b/configure.ac @@ -5,6 +5,7 @@ AC_CONFIG_SRCDIR(NPTest.pm) AC_CONFIG_FILES([gl/Makefile]) AC_CONFIG_AUX_DIR(build-aux) AM_INIT_AUTOMAKE([1.8.3]) +AM_SILENT_RULES([yes]) AM_MAINTAINER_MODE([enable]) AC_CONFIG_HEADERS([config.h]) AC_CANONICAL_HOST -- cgit v1.2.3-74-g34f1 From c99a166a43fb9da42ba68073224921124a435aab Mon Sep 17 00:00:00 2001 From: Andreas Motl Date: Sat, 12 Feb 2022 14:41:54 +0100 Subject: check_uptime: Add option to report uptime in days instead of seconds Currently, the plugin output is: CRITICAL: Uptime is 38829029 seconds. When using the proposed `--days|-d` option, it will be: CRITICAL: Uptime is 449 days. --- plugins-scripts/check_uptime.pl | 17 +++++++++++++++-- plugins-scripts/t/check_uptime.t | 8 +++++++- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/plugins-scripts/check_uptime.pl b/plugins-scripts/check_uptime.pl index 4c9f22da..04324b2e 100755 --- a/plugins-scripts/check_uptime.pl +++ b/plugins-scripts/check_uptime.pl @@ -25,7 +25,7 @@ use POSIX; use strict; use Getopt::Long; use vars qw($opt_V $opt_h $opt_v $verbose $PROGNAME $opt_w $opt_c - $opt_f $opt_s + $opt_f $opt_s $opt_d $lower_warn_threshold $upper_warn_threshold $lower_crit_threshold $upper_crit_threshold $status $state $msg); @@ -137,9 +137,20 @@ if ( $uptime_seconds > $upper_crit_threshold ) { $state_str = "OK"; } +# Prepare uptime value (seconds or days) +my $uptime_text = ""; +my $uptime_unit = ""; +if ( $opt_d ) { + $uptime_text = floor($uptime_seconds / 60 / 60 / 24); + $uptime_unit = "days"; +} else { + $uptime_text = $uptime_seconds; + $uptime_unit = "seconds"; +} + $msg = "$state_str: "; -$msg .= "uptime is $uptime_seconds seconds. "; +$msg .= "uptime is $uptime_text $uptime_unit. "; $msg .= "Exceeds $out_of_bounds_text threshold. " if $out_of_bounds_text; $msg .= "Running for $pretty_uptime. " if $opt_f; if ( $opt_s ) { @@ -167,6 +178,7 @@ sub process_arguments(){ "c=s" => \$opt_c, "critical=s" => \$opt_c, # critical if above this number "f" => \$opt_f, "for" => \$opt_f, # show "running for ..." "s" => \$opt_s, "since" => \$opt_s, # show "running since ..." + "d" => \$opt_d, "days" => \$opt_d, # report uptime in days ); if ($opt_V) { @@ -262,6 +274,7 @@ sub print_help () { print "-c (--critical) = Min. number of uptime to generate critical alert ( w < c )\n"; print "-f (--for) = Show uptime in a pretty format (Running for x weeks, x days, ...)\n"; print "-s (--since) = Show last boot in yyyy-mm-dd HH:MM:SS format (output from 'uptime -s')\n"; + print "-d (--days) = Show uptime in days\n"; print "-h (--help)\n"; print "-V (--version)\n"; print "-v (--verbose) = debugging output\n"; diff --git a/plugins-scripts/t/check_uptime.t b/plugins-scripts/t/check_uptime.t index c395307c..b31d0c6c 100644 --- a/plugins-scripts/t/check_uptime.t +++ b/plugins-scripts/t/check_uptime.t @@ -5,7 +5,7 @@ # use strict; -use Test::More tests => 40; +use Test::More tests => 42; use NPTest; my $result; @@ -45,6 +45,12 @@ $result = NPTest->testCmd( cmp_ok( $result->return_code, '==', 2, "Uptime higher than 2 seconds" ); like ( $result->output, '/Running since \d+/', "Output for the s parameter correct" ); +$result = NPTest->testCmd( + "./check_uptime -d -w 1 -c 2" + ); +cmp_ok( $result->return_code, '==', 2, "Uptime higher than 2 seconds" ); +like ( $result->output, '/CRITICAL: uptime is \d+ days/', "Output for the d parameter correct" ); + $result = NPTest->testCmd( "./check_uptime -w 1 -c 2" ); -- cgit v1.2.3-74-g34f1 From 6c8b45a1691f4ce98f1c559a1e9cd1fef68c0fe2 Mon Sep 17 00:00:00 2001 From: Andreas Motl Date: Tue, 15 Feb 2022 01:39:21 +0100 Subject: check_uptime: Fix lowercase typo in plugin output --- plugins-scripts/check_uptime.pl | 2 +- plugins-scripts/t/check_uptime.t | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/plugins-scripts/check_uptime.pl b/plugins-scripts/check_uptime.pl index 04324b2e..f9542872 100755 --- a/plugins-scripts/check_uptime.pl +++ b/plugins-scripts/check_uptime.pl @@ -150,7 +150,7 @@ if ( $opt_d ) { $msg = "$state_str: "; -$msg .= "uptime is $uptime_text $uptime_unit. "; +$msg .= "Uptime is $uptime_text $uptime_unit. "; $msg .= "Exceeds $out_of_bounds_text threshold. " if $out_of_bounds_text; $msg .= "Running for $pretty_uptime. " if $opt_f; if ( $opt_s ) { diff --git a/plugins-scripts/t/check_uptime.t b/plugins-scripts/t/check_uptime.t index b31d0c6c..6e81db3c 100644 --- a/plugins-scripts/t/check_uptime.t +++ b/plugins-scripts/t/check_uptime.t @@ -49,32 +49,32 @@ $result = NPTest->testCmd( "./check_uptime -d -w 1 -c 2" ); cmp_ok( $result->return_code, '==', 2, "Uptime higher than 2 seconds" ); -like ( $result->output, '/CRITICAL: uptime is \d+ days/', "Output for the d parameter correct" ); +like ( $result->output, '/CRITICAL: Uptime is \d+ days/', "Output for the d parameter correct" ); $result = NPTest->testCmd( "./check_uptime -w 1 -c 2" ); cmp_ok( $result->return_code, '==', 2, "Uptime higher than 2 seconds" ); -like ( $result->output, '/^CRITICAL: uptime is \d+ seconds/', "Output for uptime higher than 2 seconds correct" ); +like ( $result->output, '/^CRITICAL: Uptime is \d+ seconds/', "Output for uptime higher than 2 seconds correct" ); $result = NPTest->testCmd( "./check_uptime -w 1 -c 9999w" ); cmp_ok( $result->return_code, '==', 1, "Uptime lower than 9999 weeks" ); -like ( $result->output, '/^WARNING: uptime is \d+ seconds/', "Output for uptime lower than 9999 weeks correct" ); +like ( $result->output, '/^WARNING: Uptime is \d+ seconds/', "Output for uptime lower than 9999 weeks correct" ); $result = NPTest->testCmd( "./check_uptime -w 9998w -c 9999w" ); cmp_ok( $result->return_code, '==', 0, "Uptime lower than 9998 weeks" ); -like ( $result->output, '/^OK: uptime is \d+ seconds/', "Output for uptime lower than 9998 weeks correct" ); +like ( $result->output, '/^OK: Uptime is \d+ seconds/', "Output for uptime lower than 9998 weeks correct" ); like ( $result->output, '/\|uptime=[0-9]+s;6046790400;6047395200;/', "Checking for performance output" ); $result = NPTest->testCmd( "./check_uptime -w 111222d -c 222333d" ); cmp_ok( $result->return_code, '==', 0, "Uptime lower than 111222 days" ); -like ( $result->output, '/^OK: uptime is \d+ seconds/', "Output for uptime lower than 111222 days correct" ); +like ( $result->output, '/^OK: Uptime is \d+ seconds/', "Output for uptime lower than 111222 days correct" ); like ( $result->output, '/\|uptime=[0-9]+s;9609580800;19209571200;/', "Checking for performance output" ); # Same as before, hopefully uptime is higher than 2 seconds so no warning @@ -82,7 +82,7 @@ $result = NPTest->testCmd( "./check_uptime -w 2:111222d -c 1:222333d" ); cmp_ok( $result->return_code, '==', 0, "Uptime lower than 111222 days, and higher 2 seconds" ); -like ( $result->output, '/^OK: uptime is \d+ seconds/', "Output for uptime lower than 111222 days, and higher 2 seconds correct" ); +like ( $result->output, '/^OK: Uptime is \d+ seconds/', "Output for uptime lower than 111222 days, and higher 2 seconds correct" ); like ( $result->output, '/\|uptime=[0-9]+s;9609580800;19209571200;/', "Checking for performance output" ); # Same as before, now the low warning should trigger @@ -90,7 +90,7 @@ $result = NPTest->testCmd( "./check_uptime -w 111221d:111222d -c 1:222333d" ); cmp_ok( $result->return_code, '==', 1, "Uptime lower than 111221 days raises warning" ); -like ( $result->output, '/^WARNING: uptime is \d+ seconds/', "Output for uptime lower than 111221 days correct" ); +like ( $result->output, '/^WARNING: Uptime is \d+ seconds/', "Output for uptime lower than 111221 days correct" ); like ( $result->output, '/Exceeds lower warn threshold/', "Exceeds text correct" ); like ( $result->output, '/\|uptime=[0-9]+s;9609580800;19209571200;/', "Checking for performance output" ); @@ -99,7 +99,7 @@ $result = NPTest->testCmd( "./check_uptime -w 111221d:111222d -c 111220d:222333d" ); cmp_ok( $result->return_code, '==', 2, "Uptime lower than 111220 days raises critical" ); -like ( $result->output, '/^CRITICAL: uptime is \d+ seconds/', "Output for uptime lower than 111220 days correct" ); +like ( $result->output, '/^CRITICAL: Uptime is \d+ seconds/', "Output for uptime lower than 111220 days correct" ); like ( $result->output, '/Exceeds lower crit threshold/', "Exceeds text correct" ); like ( $result->output, '/\|uptime=[0-9]+s;9609580800;19209571200;/', "Checking for performance output" ); -- cgit v1.2.3-74-g34f1 From 605405557102c04e740fc3249675cc5154436d11 Mon Sep 17 00:00:00 2001 From: Lorenz <12514511+RincewindsHat@users.noreply.github.com> Date: Tue, 15 Mar 2022 22:00:55 +0100 Subject: check_icmp: buffer offerflow (#1733) * Fix different overflows * Less includes * Add testcases * Remove unused variable * Remove unused and commented includes --- plugins-root/check_icmp.c | 66 +++++++++++++++++++++++++-------------------- plugins-root/t/check_icmp.t | 7 ++++- 2 files changed, 43 insertions(+), 30 deletions(-) diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c index f97b0ed7..61198237 100644 --- a/plugins-root/check_icmp.c +++ b/plugins-root/check_icmp.c @@ -50,19 +50,11 @@ const char *email = "devel@monitoring-plugins.org"; #if HAVE_SYS_SOCKIO_H #include #endif -#include + #include -#include -#include -#include -#include -#include -#include #include -#include +#include #include -#include -#include #include #include #include @@ -71,8 +63,6 @@ const char *email = "devel@monitoring-plugins.org"; #include #include #include -#include -#include /** sometimes undefined system macros (quite a few, actually) **/ @@ -207,7 +197,7 @@ static int add_target(char *); static int add_target_ip(char *, struct sockaddr_storage *); static int handle_random_icmp(unsigned char *, struct sockaddr_storage *); static void parse_address(struct sockaddr_storage *, char *, int); -static unsigned short icmp_checksum(unsigned short *, int); +static unsigned short icmp_checksum(uint16_t *, size_t); static void finish(int); static void crash(const char *, ...); @@ -465,7 +455,6 @@ main(int argc, char **argv) /* Parse protocol arguments first */ for(i = 1; i < argc; i++) { while((arg = getopt(argc, argv, opts_str)) != EOF) { - unsigned short size; switch(arg) { case '4': if (address_family != -1) @@ -488,10 +477,10 @@ main(int argc, char **argv) /* Reset argument scanning */ optind = 1; + unsigned short size; /* parse the arguments */ for(i = 1; i < argc; i++) { while((arg = getopt(argc, argv, opts_str)) != EOF) { - unsigned short size; switch(arg) { case 'v': debug++; @@ -720,7 +709,7 @@ main(int argc, char **argv) static void run_checks() { - u_int i, t, result; + u_int i, t; u_int final_wait, time_passed; /* this loop might actually violate the pkt_interval or target_interval @@ -738,9 +727,9 @@ run_checks() /* we're still in the game, so send next packet */ (void)send_icmp_ping(icmp_sock, table[t]); - result = wait_for_reply(icmp_sock, target_interval); + wait_for_reply(icmp_sock, target_interval); } - result = wait_for_reply(icmp_sock, pkt_interval * targets); + wait_for_reply(icmp_sock, pkt_interval * targets); } if(icmp_pkts_en_route && targets_alive) { @@ -760,7 +749,7 @@ run_checks() * haven't yet */ if(debug) printf("Waiting for %u micro-seconds (%0.3f msecs)\n", final_wait, (float)final_wait / 1000); - result = wait_for_reply(icmp_sock, final_wait); + wait_for_reply(icmp_sock, final_wait); } } @@ -779,7 +768,7 @@ static int wait_for_reply(int sock, u_int t) { int n, hlen; - static unsigned char buf[4096]; + static unsigned char buf[65536]; struct sockaddr_storage resp_addr; union ip_hdr *ip; union icmp_packet packet; @@ -916,9 +905,27 @@ wait_for_reply(int sock, u_int t) if(debug) { char address[INET6_ADDRSTRLEN]; parse_address(&resp_addr, address, sizeof(address)); - printf("%0.3f ms rtt from %s, outgoing ttl: %u, incoming ttl: %u, max: %0.3f, min: %0.3f\n", - (float)tdiff / 1000, address, - ttl, ip->ip.ip_ttl, (float)host->rtmax / 1000, (float)host->rtmin / 1000); + + switch(address_family) { + case AF_INET: { + printf("%0.3f ms rtt from %s, outgoing ttl: %u, incoming ttl: %u, max: %0.3f, min: %0.3f\n", + (float)tdiff / 1000, + address, + ttl, + ip->ip.ip_ttl, + (float)host->rtmax / 1000, + (float)host->rtmin / 1000); + break; + }; + case AF_INET6: { + printf("%0.3f ms rtt from %s, outgoing ttl: %u, max: %0.3f, min: %0.3f\n", + (float)tdiff / 1000, + address, + ttl, + (float)host->rtmax / 1000, + (float)host->rtmin / 1000); + }; + } } /* if we're in hostcheck mode, exit with limited printouts */ @@ -980,7 +987,7 @@ send_icmp_ping(int sock, struct rta_host *host) icp->icmp_cksum = 0; icp->icmp_id = htons(pid); icp->icmp_seq = htons(host->id++); - icp->icmp_cksum = icmp_checksum((unsigned short*)buf, icmp_pkt_size); + icp->icmp_cksum = icmp_checksum((uint16_t*)buf, (size_t)icmp_pkt_size); if (debug > 2) printf("Sending ICMP echo-request of len %lu, id %u, seq %u, cksum 0x%X to host %s\n", @@ -1517,18 +1524,19 @@ get_threshold(char *str, threshold *th) } unsigned short -icmp_checksum(unsigned short *p, int n) +icmp_checksum(uint16_t *p, size_t n) { unsigned short cksum; long sum = 0; - while(n > 2) { - sum += *p++; - n -= sizeof(unsigned short); + /* sizeof(uint16_t) == 2 */ + while(n >= 2) { + sum += *(p++); + n -= 2; } /* mop up the occasional odd byte */ - if(n == 1) sum += (unsigned char)*p; + if(n == 1) sum += *((uint8_t *)p -1); sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */ sum += (sum >> 16); /* add carry */ diff --git a/plugins-root/t/check_icmp.t b/plugins-root/t/check_icmp.t index 55edc31b..f6aa6813 100644 --- a/plugins-root/t/check_icmp.t +++ b/plugins-root/t/check_icmp.t @@ -12,7 +12,7 @@ my $allow_sudo = getTestParameter( "NP_ALLOW_SUDO", "no" ); if ($allow_sudo eq "yes" or $> == 0) { - plan tests => 18; + plan tests => 20; } else { plan skip_all => "Need sudo to test check_icmp"; } @@ -89,3 +89,8 @@ $res = NPTest->testCmd( is( $res->return_code, 0, "IPv4 source_ip accepted" ); like( $res->output, $successOutput, "Output OK" ); +$res = NPTest->testCmd( + "$sudo ./check_icmp -H $host_responsive -b 65507" + ); +is( $res->return_code, 0, "Try max paket size" ); +like( $res->output, $successOutput, "Output OK - Didn't overflow" ); -- cgit v1.2.3-74-g34f1 From 9a659f46ffb5b183f91879b08bad7822548ae662 Mon Sep 17 00:00:00 2001 From: Claudio Kuenzler Date: Thu, 17 Mar 2022 10:01:50 +0100 Subject: Add configfile feature to check_disk_smb (#1402) --- plugins-scripts/check_disk_smb.pl | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/plugins-scripts/check_disk_smb.pl b/plugins-scripts/check_disk_smb.pl index 28c49e84..ad71e6a2 100755 --- a/plugins-scripts/check_disk_smb.pl +++ b/plugins-scripts/check_disk_smb.pl @@ -22,7 +22,7 @@ require 5.004; use POSIX qw(setsid); use strict; use Getopt::Long; -use vars qw($opt_P $opt_V $opt_h $opt_H $opt_s $opt_W $opt_u $opt_p $opt_w $opt_c $opt_a $verbose); +use vars qw($opt_P $opt_V $opt_h $opt_H $opt_s $opt_W $opt_u $opt_p $opt_w $opt_c $opt_a $opt_C $verbose); use vars qw($PROGNAME); use FindBin; use lib "$FindBin::Bin"; @@ -53,7 +53,8 @@ GetOptions "s=s" => \$opt_s, "share=s" => \$opt_s, "W=s" => \$opt_W, "workgroup=s" => \$opt_W, "H=s" => \$opt_H, "hostname=s" => \$opt_H, - "a=s" => \$opt_a, "address=s" => \$opt_a); + "a=s" => \$opt_a, "address=s" => \$opt_a, + "C=s" => \$opt_C, "configfile=s" => \$opt_C); if ($opt_V) { print_revision($PROGNAME,'@NP_VERSION@'); #' @@ -91,6 +92,10 @@ my $warn = $1 if ($opt_w =~ /^([0-9]{1,2}\%?|100\%?|[0-9]+[kMG])$/); my $crit = $1 if ($opt_c =~ /^([0-9]{1,2}\%?|100\%?|[0-9]+[kMG])$/); ($crit) || usage("Invalid critical threshold: $opt_c\n"); +($opt_C) || ($opt_C = shift @ARGV) || ($opt_C = ""); +my $configfile = $opt_C if ($opt_C); +usage("Unable to read config file $configfile\n") if ($configfile) && (! -r $configfile); + # Execute the given command line and return anything it writes to STDOUT and/or # STDERR. (This might be useful for other plugins, too, so it should possibly # be moved to utils.pm.) @@ -193,6 +198,7 @@ my @cmd = ( defined($workgroup) ? ("-W", $workgroup) : (), defined($address) ? ("-I", $address) : (), defined($opt_P) ? ("-p", $opt_P) : (), + defined($configfile) ? ("-s", $configfile) : (), "-c", "du" ); @@ -292,7 +298,7 @@ exit $ERRORS{$state}; sub print_usage () { print "Usage: $PROGNAME -H -s -u -p - -w -c [-W ] [-P ] [-a ]\n"; + -w -c [-W ] [-P ] [-a ] [-C ]\n"; } sub print_help () { @@ -318,11 +324,12 @@ Perl Check SMB Disk plugin for monitoring Password to log in to server. (Defaults to an empty password) -w, --warning=INTEGER or INTEGER[kMG] Percent of used space at which a warning will be generated (Default: 85%) - -c, --critical=INTEGER or INTEGER[kMG] Percent of used space at which a critical will be generated (Defaults: 95%) -P, --port=INTEGER Port to be used to connect to. Some Windows boxes use 139, others 445 (Defaults to smbclient default) +-C, --configfile=STRING + Path to configfile which should be used by smbclient (Defaults to smb.conf of your smb installation) If thresholds are followed by either a k, M, or G then check to see if that much disk space is available (kilobytes, Megabytes, Gigabytes) -- cgit v1.2.3-74-g34f1 From 066b6e68242b5e7a6f1eb665df9b227d896aec66 Mon Sep 17 00:00:00 2001 From: Tobias Fiebig Date: Sat, 26 Mar 2022 12:55:23 +0100 Subject: remove duplicate W=i/C=i args (#1755) Co-authored-by: Tobias Fiebig --- plugins-scripts/check_mailq.pl | 2 -- 1 file changed, 2 deletions(-) diff --git a/plugins-scripts/check_mailq.pl b/plugins-scripts/check_mailq.pl index 8cc3d0f6..4c72332a 100755 --- a/plugins-scripts/check_mailq.pl +++ b/plugins-scripts/check_mailq.pl @@ -578,8 +578,6 @@ sub process_arguments(){ "t=i" => \$opt_t, "timeout=i" => \$opt_t, "s" => \$opt_s, "sudo" => \$opt_s, "d:s" => \$opt_d, "configdir:s" => \$opt_d, - "W=i" => \$opt_W, # warning if above this number - "C=i" => \$opt_C, # critical if above this number ); if ($opt_V) { -- cgit v1.2.3-74-g34f1 From 455fdc1072b85e7d05783546d9e99ed2e61716de Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Sun, 10 Apr 2022 16:31:47 +0200 Subject: check_http: added option --continue-after-certificate (#1761) --- plugins/check_http.c | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/plugins/check_http.c b/plugins/check_http.c index df2a79c2..f8ec853b 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c @@ -58,6 +58,7 @@ enum { #ifdef HAVE_SSL int check_cert = FALSE; +int continue_after_check_cert = FALSE; int ssl_version = 0; int days_till_exp_warn, days_till_exp_crit; char *randbuff; @@ -205,7 +206,8 @@ process_arguments (int argc, char **argv) enum { INVERT_REGEX = CHAR_MAX + 1, SNI_OPTION, - MAX_REDIRS_OPTION + MAX_REDIRS_OPTION, + CONTINUE_AFTER_CHECK_CERT }; int option = 0; @@ -233,6 +235,7 @@ process_arguments (int argc, char **argv) {"certificate", required_argument, 0, 'C'}, {"client-cert", required_argument, 0, 'J'}, {"private-key", required_argument, 0, 'K'}, + {"continue-after-certificate", no_argument, 0, CONTINUE_AFTER_CHECK_CERT}, {"useragent", required_argument, 0, 'A'}, {"header", required_argument, 0, 'k'}, {"no-body", no_argument, 0, 'N'}, @@ -331,6 +334,11 @@ process_arguments (int argc, char **argv) } check_cert = TRUE; goto enable_ssl; +#endif + case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */ +#ifdef HAVE_SSL + continue_after_check_cert = TRUE; + break; #endif case 'J': /* use client certificate */ #ifdef HAVE_SSL @@ -981,9 +989,11 @@ check_http (void) elapsed_time_ssl = (double)microsec_ssl / 1.0e6; if (check_cert == TRUE) { result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); - if (sd) close(sd); - np_net_ssl_cleanup(); - return result; + if (continue_after_check_cert == FALSE) { + if (sd) close(sd); + np_net_ssl_cleanup(); + return result; + } } } #endif /* HAVE_SSL */ @@ -1608,7 +1618,11 @@ print_help (void) printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); - printf (" %s\n", _("(when this option is used the URL is not checked.)")); + printf (" %s\n", _("(when this option is used the URL is not checked by default. You can use")); + printf (" %s\n", _(" --continue-after-certificate to override this behavior)")); + printf (" %s\n", "--continue-after-certificate"); + printf (" %s\n", _("Allows the HTTP check to continue after performing the certificate check.")); + printf (" %s\n", _("Does nothing unless -C is used.")); printf (" %s\n", "-J, --client-cert=FILE"); printf (" %s\n", _("Name of file that contains the client certificate (PEM format)")); printf (" %s\n", _("to be used in establishing the SSL session")); -- cgit v1.2.3-74-g34f1 From a96bdd7349926f2f18aba07db02c5ed472f4caf6 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Sun, 10 Apr 2022 16:31:53 +0200 Subject: check_curl: added option --continue-after-certificate (#1761) --- plugins/check_curl.c | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 7da84de4..a69854a8 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -193,6 +193,7 @@ int followsticky = STICKY_NONE; int use_ssl = FALSE; int use_sni = TRUE; int check_cert = FALSE; +int continue_after_check_cert = FALSE; typedef union { struct curl_slist* to_info; struct curl_certinfo* to_certinfo; @@ -754,7 +755,9 @@ check_http (void) * and we actually have OpenSSL in the monitoring tools */ result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); - return result; + if (continue_after_check_cert == FALSE) { + return result; + } #else /* USE_OPENSSL */ die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n"); #endif /* USE_OPENSSL */ @@ -794,13 +797,17 @@ GOT_FIRST_CERT: } BIO_free (cert_BIO); result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); - return result; + if (continue_after_check_cert == FALSE) { + return result; + } #else /* USE_OPENSSL */ /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal, * so we use the libcurl CURLINFO data */ result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit); - return result; + if (continue_after_check_cert == FALSE) { + return result; + } #endif /* USE_OPENSSL */ } else { snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates - cURL returned %d - %s"), @@ -1211,6 +1218,7 @@ process_arguments (int argc, char **argv) INVERT_REGEX = CHAR_MAX + 1, SNI_OPTION, MAX_REDIRS_OPTION, + CONTINUE_AFTER_CHECK_CERT, CA_CERT_OPTION, HTTP_VERSION_OPTION, AUTOMATIC_DECOMPRESSION @@ -1244,6 +1252,7 @@ process_arguments (int argc, char **argv) {"private-key", required_argument, 0, 'K'}, {"ca-cert", required_argument, 0, CA_CERT_OPTION}, {"verify-cert", no_argument, 0, 'D'}, + {"continue-after-certificate", no_argument, 0, CONTINUE_AFTER_CHECK_CERT}, {"useragent", required_argument, 0, 'A'}, {"header", required_argument, 0, 'k'}, {"no-body", no_argument, 0, 'N'}, @@ -1402,6 +1411,11 @@ process_arguments (int argc, char **argv) } check_cert = TRUE; goto enable_ssl; +#endif + case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */ +#ifdef HAVE_SSL + continue_after_check_cert = TRUE; + break; #endif case 'J': /* use client certificate */ #ifdef LIBCURL_FEATURE_SSL @@ -1800,7 +1814,11 @@ print_help (void) #endif printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); - printf (" %s\n", _("(when this option is used the URL is not checked.)")); + printf (" %s\n", _("(when this option is used the URL is not checked by default. You can use")); + printf (" %s\n", _(" --continue-after-certificate to override this behavior)")); + printf (" %s\n", "--continue-after-certificate"); + printf (" %s\n", _("Allows the HTTP check to continue after performing the certificate check.")); + printf (" %s\n", _("Does nothing unless -C is used.")); printf (" %s\n", "-J, --client-cert=FILE"); printf (" %s\n", _("Name of file that contains the client certificate (PEM format)")); printf (" %s\n", _("to be used in establishing the SSL session")); -- cgit v1.2.3-74-g34f1 From d63bb62e5d47d02e9cfd7bcfc25ef5a700fbe6d2 Mon Sep 17 00:00:00 2001 From: CDMIUB Date: Sat, 18 Jun 2022 09:15:58 +0200 Subject: Cdmiub (#1770) * added timout option to check_disk_smb --- plugins-scripts/check_disk_smb.pl | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) mode change 100755 => 100644 plugins-scripts/check_disk_smb.pl diff --git a/plugins-scripts/check_disk_smb.pl b/plugins-scripts/check_disk_smb.pl old mode 100755 new mode 100644 index ad71e6a2..15d16340 --- a/plugins-scripts/check_disk_smb.pl +++ b/plugins-scripts/check_disk_smb.pl @@ -22,7 +22,7 @@ require 5.004; use POSIX qw(setsid); use strict; use Getopt::Long; -use vars qw($opt_P $opt_V $opt_h $opt_H $opt_s $opt_W $opt_u $opt_p $opt_w $opt_c $opt_a $opt_C $verbose); +use vars qw($opt_P $opt_V $opt_h $opt_H $opt_s $opt_W $opt_u $opt_p $opt_w $opt_c $opt_a $opt_C $opt_t $verbose); use vars qw($PROGNAME); use FindBin; use lib "$FindBin::Bin"; @@ -43,6 +43,7 @@ $ENV{'ENV'}=''; Getopt::Long::Configure('bundling'); GetOptions ("v" => \$verbose, "verbose" => \$verbose, + "t=i" => \$opt_t, "timeout=i" => \$opt_t, "P=s" => \$opt_P, "port=s" => \$opt_P, "V" => \$opt_V, "version" => \$opt_V, "h" => \$opt_h, "help" => \$opt_h, @@ -96,6 +97,8 @@ my $crit = $1 if ($opt_c =~ /^([0-9]{1,2}\%?|100\%?|[0-9]+[kMG])$/); my $configfile = $opt_C if ($opt_C); usage("Unable to read config file $configfile\n") if ($configfile) && (! -r $configfile); +if ($opt_t && $opt_t =~ /^([0-9]+)$/) { $TIMEOUT = $1; } + # Execute the given command line and return anything it writes to STDOUT and/or # STDERR. (This might be useful for other plugins, too, so it should possibly # be moved to utils.pm.) @@ -298,7 +301,8 @@ exit $ERRORS{$state}; sub print_usage () { print "Usage: $PROGNAME -H -s -u -p - -w -c [-W ] [-P ] [-a ] [-C ]\n"; + -w -c [-W ] [-P ] [-a ] [-t timeout] + [-C ]\n"; } sub print_help () { @@ -326,6 +330,8 @@ Perl Check SMB Disk plugin for monitoring Percent of used space at which a warning will be generated (Default: 85%) -c, --critical=INTEGER or INTEGER[kMG] Percent of used space at which a critical will be generated (Defaults: 95%) +-t, --timeout=INTEGER + Seconds before connection times out (Default: 15) -P, --port=INTEGER Port to be used to connect to. Some Windows boxes use 139, others 445 (Defaults to smbclient default) -C, --configfile=STRING -- cgit v1.2.3-74-g34f1 From 175e43133c9dbeb156e52b8e54cd04e44401f424 Mon Sep 17 00:00:00 2001 From: Lorenz <12514511+RincewindsHat@users.noreply.github.com> Date: Sun, 3 Jul 2022 15:57:55 +0200 Subject: Update CodeQL and update runner before installing (#1775) --- .github/workflows/codeql-analysis.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 9de367e5..afe6ab4f 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -53,6 +53,7 @@ jobs: - name: Install packages run: | + sudo apt update sudo apt-get install -y --no-install-recommends m4 gettext automake autoconf make build-essential sudo apt-get install -y --no-install-recommends perl autotools-dev libdbi-dev libldap2-dev libpq-dev \ libmysqlclient-dev libradcli-dev libkrb5-dev libdbi0-dev \ @@ -62,10 +63,10 @@ jobs: run: | ./tools/setup ./configure --enable-libtap - + - name: Build run: | make - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v2 -- cgit v1.2.3-74-g34f1 From ccf4ed25f9c96e4d0cd647bbd8d91f38df75dfc0 Mon Sep 17 00:00:00 2001 From: "Archie L. Cobbs" Date: Thu, 14 Jul 2022 01:47:54 -0500 Subject: check_by_ssh: Add "-U" flag (#1123). (#1774) This causes a 255 exit value from ssh(1), which indicates a connection failure, to return UNKNOWN instead of CRITICAL; similar to check_nrpe's "-u" flag. --- plugins/check_by_ssh.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/plugins/check_by_ssh.c b/plugins/check_by_ssh.c index 39d49070..1ad547ed 100644 --- a/plugins/check_by_ssh.c +++ b/plugins/check_by_ssh.c @@ -50,6 +50,7 @@ unsigned int services = 0; int skip_stdout = 0; int skip_stderr = 0; int warn_on_stderr = 0; +bool unknown_timeout = FALSE; char *remotecmd = NULL; char **commargv = NULL; int commargc = 0; @@ -101,6 +102,13 @@ main (int argc, char **argv) result = cmd_run_array (commargv, &chld_out, &chld_err, 0); + /* SSH returns 255 if connection attempt fails; include the first line of error output */ + if (result == 255 && unknown_timeout) { + printf (_("SSH connection failed: %s\n"), + chld_err.lines > 0 ? chld_err.line[0] : "(no error output)"); + return STATE_UNKNOWN; + } + if (verbose) { for(i = 0; i < chld_out.lines; i++) printf("stdout: %s\n", chld_out.line[i]); @@ -180,6 +188,7 @@ process_arguments (int argc, char **argv) {"verbose", no_argument, 0, 'v'}, {"fork", no_argument, 0, 'f'}, {"timeout", required_argument, 0, 't'}, + {"unknown-timeout", no_argument, 0, 'U'}, {"host", required_argument, 0, 'H'}, /* backward compatibility */ {"hostname", required_argument, 0, 'H'}, {"port", required_argument,0,'p'}, @@ -212,7 +221,7 @@ process_arguments (int argc, char **argv) strcpy (argv[c], "-t"); while (1) { - c = getopt_long (argc, argv, "Vvh1246fqt:H:O:p:i:u:l:C:S::E::n:s:o:F:", longopts, + c = getopt_long (argc, argv, "Vvh1246fqt:UH:O:p:i:u:l:C:S::E::n:s:o:F:", longopts, &option); if (c == -1 || c == EOF) @@ -234,6 +243,9 @@ process_arguments (int argc, char **argv) else timeout_interval = atoi (optarg); break; + case 'U': + unknown_timeout = TRUE; + break; case 'H': /* host */ hostname = optarg; break; @@ -445,6 +457,8 @@ print_help (void) printf (" %s\n", _("Tell ssh to suppress warning and diagnostic messages [optional]")); printf (UT_WARN_CRIT); printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); + printf (" %s\n","-U, --unknown-timeout"); + printf (" %s\n", _("Make connection problems return UNKNOWN instead of CRITICAL")); printf (UT_VERBOSE); printf("\n"); printf (" %s\n", _("The most common mode of use is to refer to a local identity file with")); @@ -474,7 +488,7 @@ void print_usage (void) { printf ("%s\n", _("Usage:")); - printf (" %s -H -C [-fqv] [-1|-2] [-4|-6]\n" + printf (" %s -H -C [-fqvU] [-1|-2] [-4|-6]\n" " [-S [lines]] [-E [lines]] [-W] [-t timeout] [-i identity]\n" " [-l user] [-n name] [-s servicelist] [-O outputfile]\n" " [-p port] [-o ssh-option] [-F configfile]\n", -- cgit v1.2.3-74-g34f1 From ee50ddf6988e9d14502ed3fa4645dcd679f347f8 Mon Sep 17 00:00:00 2001 From: eriksejr Date: Thu, 14 Jul 2022 04:25:51 -0400 Subject: Set msg_namelen to the size of the sockaddr struct for the appropriate address family and not sockaddr_storage (#1771) Co-authored-by: Erik Sejr Co-authored-by: Lorenz <12514511+RincewindsHat@users.noreply.github.com> --- plugins-root/check_icmp.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c index 61198237..f8f15351 100644 --- a/plugins-root/check_icmp.c +++ b/plugins-root/check_icmp.c @@ -213,7 +213,7 @@ static int mode, protocols, sockets, debug = 0, timeout = 10; static unsigned short icmp_data_size = DEFAULT_PING_DATA_SIZE; static unsigned short icmp_pkt_size = DEFAULT_PING_DATA_SIZE + ICMP_MINLEN; -static unsigned int icmp_sent = 0, icmp_recv = 0, icmp_lost = 0; +static unsigned int icmp_sent = 0, icmp_recv = 0, icmp_lost = 0, ttl = 0; #define icmp_pkts_en_route (icmp_sent - (icmp_recv + icmp_lost)) static unsigned short targets_down = 0, targets = 0, packets = 0; #define targets_alive (targets - targets_down) @@ -223,7 +223,6 @@ static pid_t pid; static struct timezone tz; static struct timeval prog_start; static unsigned long long max_completion_time = 0; -static unsigned char ttl = 0; /* outgoing ttl */ static unsigned int warn_down = 1, crit_down = 1; /* host down threshold values */ static int min_hosts_alive = -1; float pkt_backoff_factor = 1.5; @@ -520,7 +519,7 @@ main(int argc, char **argv) add_target(optarg); break; case 'l': - ttl = (unsigned char)strtoul(optarg, NULL, 0); + ttl = (int)strtoul(optarg, NULL, 0); break; case 'm': min_hosts_alive = (int)strtoul(optarg, NULL, 0); @@ -948,6 +947,7 @@ static int send_icmp_ping(int sock, struct rta_host *host) { long int len; + size_t addrlen; struct icmp_ping_data data; struct msghdr hdr; struct iovec iov; @@ -979,6 +979,7 @@ send_icmp_ping(int sock, struct rta_host *host) if (address_family == AF_INET) { struct icmp *icp = (struct icmp*)buf; + addrlen = sizeof(struct sockaddr_in); memcpy(&icp->icmp_data, &data, sizeof(data)); @@ -995,7 +996,10 @@ send_icmp_ping(int sock, struct rta_host *host) } else { struct icmp6_hdr *icp6 = (struct icmp6_hdr*)buf; + addrlen = sizeof(struct sockaddr_in6); + memcpy(&icp6->icmp6_dataun.icmp6_un_data8[4], &data, sizeof(data)); + icp6->icmp6_type = ICMP6_ECHO_REQUEST; icp6->icmp6_code = 0; icp6->icmp6_cksum = 0; @@ -1016,7 +1020,7 @@ send_icmp_ping(int sock, struct rta_host *host) memset(&hdr, 0, sizeof(hdr)); hdr.msg_name = (struct sockaddr *)&host->saddr_in; - hdr.msg_namelen = sizeof(struct sockaddr_storage); + hdr.msg_namelen = addrlen; hdr.msg_iov = &iov; hdr.msg_iovlen = 1; -- cgit v1.2.3-74-g34f1 From 65fc7064295ac70d1388fa4db4d4d2cddd531e24 Mon Sep 17 00:00:00 2001 From: Lorenz <12514511+RincewindsHat@users.noreply.github.com> Date: Wed, 20 Jul 2022 13:33:49 +0200 Subject: Remove check_http and check_curl test which are somehow always failing (#1777) * Remove failing checks for check_http * Remove failing checks for check_curl --- plugins/t/check_curl.t | 7 +------ plugins/t/check_http.t | 8 +------- 2 files changed, 2 insertions(+), 13 deletions(-) diff --git a/plugins/t/check_curl.t b/plugins/t/check_curl.t index ada6a045..693f4b25 100644 --- a/plugins/t/check_curl.t +++ b/plugins/t/check_curl.t @@ -9,7 +9,7 @@ use Test::More; use POSIX qw/mktime strftime/; use NPTest; -plan tests => 58; +plan tests => 57; my $successOutput = '/OK.*HTTP.*second/'; @@ -188,11 +188,6 @@ SKIP: { like ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' ); like ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' ); - $res = NPTest->testCmd( - "./$plugin --ssl -H www.e-paycobalt.com" - ); - cmp_ok( $res->return_code, "==", 0, "Can read https for www.e-paycobalt.com (uses AES certificate)" ); - $res = NPTest->testCmd( "./$plugin -H www.mozilla.com -u /firefox -f curl" ); is( $res->return_code, 0, "Redirection based on location is okay"); diff --git a/plugins/t/check_http.t b/plugins/t/check_http.t index c137f7b4..0c866229 100644 --- a/plugins/t/check_http.t +++ b/plugins/t/check_http.t @@ -9,7 +9,7 @@ use Test::More; use POSIX qw/mktime strftime/; use NPTest; -plan tests => 50; +plan tests => 49; my $successOutput = '/OK.*HTTP.*second/'; @@ -166,12 +166,6 @@ SKIP: { like ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' ); like ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' ); - $res = NPTest->testCmd( - "./$plugin --ssl -H www.e-paycobalt.com" - ); - cmp_ok( $res->return_code, "==", 0, "Can read https for www.e-paycobalt.com (uses AES certificate)" ); - - $res = NPTest->testCmd( "./$plugin -H www.mozilla.com -u /firefox -f follow" ); is( $res->return_code, 0, "Redirection based on location is okay"); -- cgit v1.2.3-74-g34f1 From 9f2a9ca3d72023ff9b5707d1872c54d65edc9017 Mon Sep 17 00:00:00 2001 From: adrb Date: Sun, 24 Jul 2022 16:44:16 +0200 Subject: check_snmp: Segfault if number of processed lines is greater than number of thresholds Segfault at line 489 if number of processed lines is greater than number (#1589) of thresholds Co-authored-by: Lorenz <12514511+RincewindsHat@users.noreply.github.com> --- plugins/check_snmp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c index bd13e579..2601ccd8 100644 --- a/plugins/check_snmp.c +++ b/plugins/check_snmp.c @@ -376,7 +376,7 @@ main (int argc, char **argv) } } - for (line=0, i=0; line < chld_out.lines; line++, i++) { + for (line=0, i=0; line < chld_out.lines && i < numoids ; line++, i++) { if(calculate_rate) conv = "%.10g"; else -- cgit v1.2.3-74-g34f1 From a01de7b33dee837e7a474d9e00131942d7f177f0 Mon Sep 17 00:00:00 2001 From: Sven Nierlein Date: Mon, 25 Jul 2022 10:00:18 +0200 Subject: fix parsing swap values (#1780) tmp_KB changed from float to uint64, so change the sscanf format accordingly. --- plugins/check_swap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/check_swap.c b/plugins/check_swap.c index bb854beb..6c9418f2 100644 --- a/plugins/check_swap.c +++ b/plugins/check_swap.c @@ -150,7 +150,7 @@ main (int argc, char **argv) * The following sscanf call looks for lines looking like: "SwapTotal: 123" and "SwapFree: 123" * This format exists at least on Debian Linux with a 5.* kernel */ - else if (sscanf (input_buffer, "%*[S]%*[w]%*[a]%*[p]%[TotalFreCchd]%*[:] %f %*[k]%*[B]", str, &tmp_KB)) { + else if (sscanf (input_buffer, "%*[S]%*[w]%*[a]%*[p]%[TotalFreCchd]%*[:] %lu %*[k]%*[B]", str, &tmp_KB)) { if (verbose >= 3) { printf("Got %s with %lu\n", str, tmp_KB); } -- cgit v1.2.3-74-g34f1 From 3ad5fe9d84138da1451429bfac3b9b4024393d25 Mon Sep 17 00:00:00 2001 From: Lorenz <12514511+RincewindsHat@users.noreply.github.com> Date: Mon, 25 Jul 2022 10:11:43 +0200 Subject: check_swap: Fix unit for total in perfdata (#1779) * check_swap: Fix unit for total in perfdata * Remove trailing whitespaces --- plugins/check_swap.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/plugins/check_swap.c b/plugins/check_swap.c index 6c9418f2..ff58b15f 100644 --- a/plugins/check_swap.c +++ b/plugins/check_swap.c @@ -1,30 +1,30 @@ /***************************************************************************** -* +* * Monitoring check_swap plugin -* +* * License: GPL * Copyright (c) 2000 Karl DeBisschop (kdebisschop@users.sourceforge.net) * Copyright (c) 2000-2007 Monitoring Plugins Development Team -* +* * Description: -* +* * This file contains the check_swap plugin -* -* +* +* * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. -* +* * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. -* +* * You should have received a copy of the GNU General Public License * along with this program. If not, see . -* -* +* +* *****************************************************************************/ const char *progname = "check_swap"; @@ -389,7 +389,7 @@ main (int argc, char **argv) TRUE, warn_print, TRUE, crit_print, TRUE, 0, - TRUE, (long) total_swap_mb)); + TRUE, (long) total_swap_mb * 1024 * 1024)); return result; } -- cgit v1.2.3-74-g34f1