From 5d37ec20be202d6fecd5df8c9496499b66bbdc23 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Sun, 22 Jan 2017 10:00:09 +0100 Subject: added -r and --invert-regex --- plugins/check_curl.c | 119 ++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 109 insertions(+), 10 deletions(-) diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 3b4f2ed5..a0e6d8f9 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -49,9 +49,11 @@ const char *email = "devel@monitoring-plugins.org"; #define DEFAULT_BUFFER_SIZE 2048 #define DEFAULT_SERVER_URL "/" -#define DEFAULT_HTTP_PORT 80 -#define DEFAULT_HTTPS_PORT 443 -#define MAX_PORT 65535 +enum { + HTTP_PORT = 80, + HTTPS_PORT = 443, + MAX_PORT = 65535 +}; /* for buffers for header and body */ typedef struct { @@ -72,10 +74,22 @@ typedef struct { char *first_line; /* a copy of the first line */ } curlhelp_statusline; +enum { + REGS = 2, + MAX_RE_SIZE = 256 +}; +#include "regex.h" +regex_t preg; +regmatch_t pmatch[REGS]; +char regexp[MAX_RE_SIZE]; +int cflags = REG_NOSUB | REG_EXTENDED | REG_NEWLINE; +int errcode; +int invert_regex = 0; + char *server_address; char *host_name; char *server_url = DEFAULT_SERVER_URL; -unsigned short server_port = DEFAULT_HTTP_PORT; +unsigned short server_port = HTTP_PORT; char output_string_search[30] = ""; char *warning_thresholds = NULL; char *critical_thresholds = NULL; @@ -341,6 +355,27 @@ main (int argc, char **argv) } } + if (strlen (regexp)) { + errcode = regexec (&preg, body_buf.buf, REGS, pmatch, 0); + if ((errcode == 0 && invert_regex == 0) || (errcode == REG_NOMATCH && invert_regex == 1)) { + /* OK - No-op to avoid changing the logic around it */ + result = max_state_alt(STATE_OK, result); + } + else if ((errcode == REG_NOMATCH && invert_regex == 0) || (errcode == 0 && invert_regex == 1)) { + if (invert_regex == 0) + snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spattern not found"), msg); + else + snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spattern found"), msg); + result = STATE_CRITICAL; + } + else { + /* FIXME: Shouldn't that be UNKNOWN? */ + regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER); + snprintf (msg, DEFAULT_BUFFER_SIZE, _("%sExecute Error: %s, "), msg, errbuf); + result = STATE_CRITICAL; + } + } + /* -w, -c: check warning and critical level */ result = max_state_alt(get_status(total_time, thlds), result); @@ -375,7 +410,8 @@ process_arguments (int argc, char **argv) int c; enum { - SNI_OPTION = CHAR_MAX + 1, + INVERT_REGEX = CHAR_MAX + 1, + SNI_OPTION, CA_CERT_OPTION }; @@ -388,6 +424,7 @@ process_arguments (int argc, char **argv) {"port", required_argument, 0, 'p'}, {"authorization", required_argument, 0, 'a'}, {"string", required_argument, 0, 's'}, + {"regex", required_argument, 0, 'r'}, {"onredirect", required_argument, 0, 'f'}, {"client-cert", required_argument, 0, 'J'}, {"private-key", required_argument, 0, 'K'}, @@ -401,7 +438,7 @@ process_arguments (int argc, char **argv) usage ("\n"); while (1) { - c = getopt_long (argc, argv, "Vvht:c:w:A:H:I:a:p:s:u:f:C:J:K:S::", longopts, &option); + c = getopt_long (argc, argv, "Vvht:c:w:A:H:I:a:p:s:r:u:f:C:J:K:S::", longopts, &option); if (c == -1 || c == EOF || c == 1) break; @@ -503,8 +540,8 @@ process_arguments (int argc, char **argv) else usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)")); } - if (server_port == DEFAULT_HTTP_PORT) - server_port = DEFAULT_HTTPS_PORT; + if (server_port == HTTP_PORT) + server_port = HTTPS_PORT; #else /* -C -J and -K fall through to here without SSL */ usage4 (_("Invalid option - SSL is not available")); @@ -532,6 +569,19 @@ process_arguments (int argc, char **argv) strncpy (string_expect, optarg, MAX_INPUT_BUFFER - 1); string_expect[MAX_INPUT_BUFFER - 1] = 0; break; + case 'r': /* regex */ + strncpy (regexp, optarg, MAX_RE_SIZE - 1); + regexp[MAX_RE_SIZE - 1] = 0; + errcode = regcomp (&preg, regexp, cflags); + if (errcode != 0) { + (void) regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER); + printf (_("Could Not Compile Regular Expression: %s"), errbuf); + return ERROR; + } + break; + case INVERT_REGEX: + invert_regex = 1; + break; case '?': /* print short usage statement if args not parsable */ usage5 (); @@ -608,7 +658,7 @@ print_help (void) printf (" %s\n", _("IP address or name (use numeric address if possible to bypass DNS lookup).")); printf (" %s\n", "-p, --port=INTEGER"); printf (" %s", _("Port number (default: ")); - printf ("%d)\n", DEFAULT_HTTP_PORT); + printf ("%d)\n", HTTP_PORT); #ifdef LIBCURL_FEATURE_SSL printf (" %s\n", "-S, --ssl=VERSION[+]"); @@ -640,7 +690,8 @@ print_help (void) printf (" %s\n", _("String to expect in the content")); printf (" %s\n", "-u, --url=PATH"); printf (" %s\n", _("URL to GET or POST (default: /)")); - + printf (" %s\n", "-r, --regex, --ereg=STRING"); + printf (" %s\n", _("Search page for regex STRING")); printf (" %s\n", "-a, --authorization=AUTH_PAIR"); printf (" %s\n", _("Username:password on sites with basic authentication")); printf (" %s\n", "-A, --useragent=STRING"); @@ -654,6 +705,53 @@ print_help (void) printf (UT_VERBOSE); + printf ("\n"); + printf ("%s\n", _("Notes:")); + printf (" %s\n", _("This plugin will attempt to open an HTTP connection with the host.")); + printf (" %s\n", _("Successful connects return STATE_OK, refusals and timeouts return STATE_CRITICAL")); + printf (" %s\n", _("other errors return STATE_UNKNOWN. Successful connects, but incorrect response")); + printf (" %s\n", _("messages from the host result in STATE_WARNING return values. If you are")); + printf (" %s\n", _("checking a virtual server that uses 'host headers' you must supply the FQDN")); + printf (" %s\n", _("(fully qualified domain name) as the [host_name] argument.")); + +#ifdef LIBCURL_FEATURE_SSL + printf ("\n"); + printf (" %s\n", _("This plugin can also check whether an SSL enabled web server is able to")); + printf (" %s\n", _("serve content (optionally within a specified time) or whether the X509 ")); + printf (" %s\n", _("certificate is still valid for the specified number of days.")); + printf ("\n"); + printf (" %s\n", _("Please note that this plugin does not check if the presented server")); + printf (" %s\n", _("certificate matches the hostname of the server, or if the certificate")); + printf (" %s\n", _("has a valid chain of trust to one of the locally installed CAs.")); + printf ("\n"); + printf ("%s\n", _("Examples:")); + printf (" %s\n\n", "CHECK CONTENT: check_http -w 5 -c 10 --ssl -H www.verisign.com"); + printf (" %s\n", _("When the 'www.verisign.com' server returns its content within 5 seconds,")); + printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds")); + printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,")); + printf (" %s\n", _("a STATE_CRITICAL will be returned.")); + printf ("\n"); + printf (" %s\n\n", "CHECK CERTIFICATE: check_http -H www.verisign.com -C 14"); + printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 14 days,")); + printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); + printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when")); + printf (" %s\n\n", _("the certificate is expired.")); + printf ("\n"); + printf (" %s\n\n", "CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14"); + printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,")); + printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); + printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned.")); + printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days")); + + printf (" %s\n\n", "CHECK SSL WEBSERVER CONTENT VIA PROXY USING HTTP 1.1 CONNECT: "); + printf (" %s\n", _("check_http -I 192.168.100.35 -p 80 -u https://www.verisign.com/ -S -j CONNECT -H www.verisign.com ")); + printf (" %s\n", _("all these options are needed: -I -p -u -S(sl) -j CONNECT -H ")); + printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds")); + printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,")); + printf (" %s\n", _("a STATE_CRITICAL will be returned.")); + +#endif + printf (UT_SUPPORT); } @@ -665,6 +763,7 @@ print_usage (void) printf (" [-J ] [-K ] [--ca-cert ]\n"); printf (" [-w ] [-c ] [-t ] [-a auth]\n"); printf (" [-f ]\n"); + printf (" [-s string] [-r \n"); printf (" [-A string] [-S ] [-C]\n"); printf (" [-v verbose]\n", progname); printf ("\n"); -- cgit v1.2.3-74-g34f1