From ede8defad4f44478f69e148022b542a694498087 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Tue, 19 Jan 2021 18:32:27 +0100 Subject: check_curl: fixed help, usage and errors for TLS 1.3 --- plugins/check_curl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 2d69b310..ef77918b 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -1354,7 +1354,7 @@ process_arguments (int argc, char **argv) ssl_version = CURL_SSLVERSION_DEFAULT; #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0) */ else - usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)")); + usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2, 1.3 (with optional '+' suffix)")); } #if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) if (got_plus) { @@ -1659,7 +1659,7 @@ print_help (void) printf (" %s\n", "-S, --ssl=VERSION[+]"); printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents")); printf (" %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,")); - printf (" %s\n", _("1.2 = TLSv1.2). With a '+' suffix, newer versions are also accepted.")); + printf (" %s\n", _("1.2 = TLSv1.2, 1.3 = TLSv1.3). With a '+' suffix, newer versions are also accepted.")); printf (" %s\n", _("Note: SSLv2 and SSLv3 are deprecated and are usually disabled in libcurl")); printf (" %s\n", "--sni"); printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); -- cgit v1.2.3-74-g34f1 From d9a5d1faf0400b9da47dee516c035da1a93dc12c Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Tue, 19 Jan 2021 18:35:41 +0100 Subject: check_curl: fixed a potential buffer overflow in url buffer --- plugins/check_curl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index ef77918b..a3f63f16 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -1041,7 +1041,7 @@ redir (curlhelp_write_curlbuf* header_buf) const UriPathSegmentA* p = uri.pathHead; for (; p; p = p->next) { strncat (new_url, "/", DEFAULT_BUFFER_SIZE); - strncat (new_url, uri_string (p->text, buf, DEFAULT_BUFFER_SIZE), DEFAULT_BUFFER_SIZE); + strncat (new_url, uri_string (p->text, buf, DEFAULT_BUFFER_SIZE), DEFAULT_BUFFER_SIZE-1); } } -- cgit v1.2.3-74-g34f1 From 0f926a3566fb6f3333f3a24e47e2ad204fd0fba4 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Mon, 8 Mar 2021 19:46:43 +0100 Subject: check_curl: added string_statuscode function for printing HTTP/1.1 and HTTP/2 correctly --- plugins/check_curl.c | 33 ++++++++++++++++++++++++++++----- 1 file changed, 28 insertions(+), 5 deletions(-) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index a3f63f16..8f274c26 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -296,6 +296,28 @@ CURLcode sslctxfun(CURL *curl, SSL_CTX *sslctx, void *parm) #endif /* USE_OPENSSL */ #endif /* HAVE_SSL */ +/* returns a string "HTTP/1.x" or "HTTP/2" */ +static char *string_statuscode (int major, int minor) +{ + static char buf[10]; + + switch (major) { + case 1: + snprintf (buf, sizeof (buf), "HTTP/%d.%d", major, minor); + break; + case 2: + case 3: + snprintf (buf, sizeof (buf), "HTTP/%d", major); + break; + default: + /* assuming here HTTP/N with N>=4 */ + snprintf (buf, sizeof (buf), "HTTP/%d", major); + break; + } + + return buf; +} + /* Checks if the server 'reply' is one of the expected 'statuscodes' */ static int expected_statuscode (const char *reply, const char *statuscodes) @@ -746,7 +768,8 @@ GOT_FIRST_CERT: if (curlhelp_parse_statusline (header_buf.buf, &status_line) < 0) { snprintf (msg, DEFAULT_BUFFER_SIZE, "Unparsable status line in %.3g seconds response time|%s\n", total_time, perfstring); - die (STATE_CRITICAL, "HTTP CRITICAL HTTP/1.x %ld unknown - %s", code, msg); + /* we cannot know the major/minor version here for sure as we cannot parse the first line */ + die (STATE_CRITICAL, "HTTP CRITICAL HTTP/x.x %ld unknown - %s", code, msg); } /* get result code from cURL */ @@ -823,8 +846,8 @@ GOT_FIRST_CERT: /* check status codes, set exit status accordingly */ if( status_line.http_code != code ) { - die (STATE_CRITICAL, _("HTTP CRITICAL HTTP/%d.%d %d %s - different HTTP codes (cUrl has %ld)\n"), - status_line.http_major, status_line.http_minor, + die (STATE_CRITICAL, _("HTTP CRITICAL %s %d %s - different HTTP codes (cUrl has %ld)\n"), + string_statuscode (status_line.http_major, status_line.http_minor), status_line.http_code, status_line.msg, code); } @@ -895,8 +918,8 @@ GOT_FIRST_CERT: msg[strlen(msg)-3] = '\0'; /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */ - die (result, "HTTP %s: HTTP/%d.%d %d %s%s%s - %d bytes in %.3f second response time %s|%s\n", - state_text(result), status_line.http_major, status_line.http_minor, + die (result, "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n", + state_text(result), string_statuscode (status_line.http_major, status_line.http_minor), status_line.http_code, status_line.msg, strlen(msg) > 0 ? " - " : "", msg, page_len, total_time, -- cgit v1.2.3-74-g34f1 From 5cfc93d995cfd5cc7d1a469f3c1276c4884da2a2 Mon Sep 17 00:00:00 2001 From: Sven Nierlein Date: Thu, 11 Mar 2021 13:33:16 +0100 Subject: fix check_curl crash if http header contains leading spaces check_curl crashes when a (broken) http server returns invalid http header with leading spaces or double colons. This PR adds a fix and a test case for this. Signed-off-by: Sven Nierlein --- plugins/check_curl.c | 2 +- plugins/tests/check_curl.t | 16 +++++++++++++--- 2 files changed, 14 insertions(+), 4 deletions(-) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 2d69b310..ef96218c 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -2037,7 +2037,7 @@ get_header_value (const struct phr_header* headers, const size_t nof_headers, co { int i; for( i = 0; i < nof_headers; i++ ) { - if( strncasecmp( header, headers[i].name, max( headers[i].name_len, 4 ) ) == 0 ) { + if(headers[i].name != NULL && strncasecmp( header, headers[i].name, max( headers[i].name_len, 4 ) ) == 0 ) { return strndup( headers[i].value, headers[i].value_len ); } } diff --git a/plugins/tests/check_curl.t b/plugins/tests/check_curl.t index 1afbe4bb..0caad23d 100755 --- a/plugins/tests/check_curl.t +++ b/plugins/tests/check_curl.t @@ -21,7 +21,7 @@ use FindBin qw($Bin); $ENV{'LC_TIME'} = "C"; -my $common_tests = 70; +my $common_tests = 72; my $ssl_only_tests = 8; # Check that all dependent modules are available eval "use HTTP::Daemon 6.01;"; @@ -188,6 +188,12 @@ sub run_server { $c->send_basic_header; $c->send_header('foo'); $c->send_crlf; + } elsif ($r->url->path eq "/header_broken_check") { + $c->send_basic_header; + $c->send_header('foo'); + print $c "Test1:: broken\n"; + print $c " Test2: leading whitespace\n"; + $c->send_crlf; } elsif ($r->url->path eq "/virtual_port") { # return sent Host header $c->send_basic_header; @@ -247,7 +253,7 @@ my $cmd; # advanced checks with virtual hostname and virtual port SKIP: { skip "libcurl version is smaller than $required_version", 6 unless $use_advanced_checks; - + # http without virtual port $cmd = "./$plugin -H $virtual_host -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host:$port_http\$"; $result = NPTest->testCmd( $cmd ); @@ -259,7 +265,7 @@ SKIP: { $result = NPTest->testCmd( $cmd ); is( $result->return_code, 0, $cmd); like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); - + # http with virtual port (80) $cmd = "./$plugin -H $virtual_host:80 -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host\$"; $result = NPTest->testCmd( $cmd ); @@ -321,6 +327,10 @@ sub run_common_tests { is( $result->return_code, 2, "Missing header string check"); like( $result->output, qr%^HTTP CRITICAL: HTTP/1\.1 200 OK - header 'bar' not found on 'https?://127\.0\.0\.1:\d+/header_check'%, "Shows search string and location"); + $result = NPTest->testCmd( "$command -u /header_broken_check" ); + is( $result->return_code, 0, "header_check search for string"); + like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 138 bytes in [\d\.]+ second/', "Output correct" ); + my $cmd; $cmd = "$command -u /slow"; $result = NPTest->testCmd( $cmd ); -- cgit v1.2.3-74-g34f1 From 2482950e267a752b37d696c10ea091dc62d6d8a7 Mon Sep 17 00:00:00 2001 From: Barak Shohat Date: Tue, 6 Apr 2021 16:35:20 +0300 Subject: Updated check_curl.c to display a specific human-readable error message where possible --- plugins/check_curl.c | 6 +++--- plugins/t/check_curl.t | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 8f274c26..8cb2ff49 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -313,8 +313,8 @@ static char *string_statuscode (int major, int minor) /* assuming here HTTP/N with N>=4 */ snprintf (buf, sizeof (buf), "HTTP/%d", major); break; - } - + } + return buf; } @@ -662,7 +662,7 @@ check_http (void) /* Curl errors, result in critical Nagios state */ if (res != CURLE_OK) { snprintf (msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host on port %d: cURL returned %d - %s"), - server_port, res, curl_easy_strerror(res)); + server_port, res, errbuf[0] ? errbuf : curl_easy_strerror(res)); die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); } diff --git a/plugins/t/check_curl.t b/plugins/t/check_curl.t index 4bff538a..cc65f037 100644 --- a/plugins/t/check_curl.t +++ b/plugins/t/check_curl.t @@ -46,7 +46,7 @@ $res = NPTest->testCmd( ); cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" ); # was CRITICAL only, but both check_curl and check_http print HTTP CRITICAL (puzzle?!) -cmp_ok( $res->output, 'eq', "HTTP CRITICAL - Invalid HTTP response received from host on port 80: cURL returned 28 - Timeout was reached", "Output OK"); +like( $res->output, "/HTTP CRITICAL - Invalid HTTP response received from host on port 80: cURL returned 28 - Connection timed out after/", "Output OK"); $res = NPTest->testCmd( "./$plugin $hostname_invalid -wt 1 -ct 2" @@ -56,7 +56,7 @@ cmp_ok( $res->return_code, '==', 2, "Webserver $hostname_invalid not valid" ); # On Debian, it is Name or service not known, on Darwin, it is No address associated with nodename # Is also possible to get a socket timeout if DNS is not responding fast enough # cURL gives us consistent strings from it's own 'lib/strerror.c' -like( $res->output, "/cURL returned 6 - Couldn't resolve host name/", "Output OK"); +like( $res->output, "/cURL returned 6 - Could not resolve host:/", "Output OK"); # host header checks $res = NPTest->testCmd("./$plugin -v -H $host_tcp_http"); -- cgit v1.2.3-74-g34f1 From 6993c216955a54845d98dc568534613334c0b545 Mon Sep 17 00:00:00 2001 From: Barak Shohat Date: Wed, 7 Apr 2021 12:34:46 +0300 Subject: Add an option to check_curl to verify the peer certificate & host using the system CA's --- plugins/check_curl.c | 17 ++++++++++++++--- plugins/t/check_curl.t | 5 ++++- 2 files changed, 18 insertions(+), 4 deletions(-) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 8f274c26..19f80b74 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -195,6 +195,7 @@ int ssl_version = CURL_SSLVERSION_DEFAULT; char *client_cert = NULL; char *client_privkey = NULL; char *ca_cert = NULL; +int verify_peer_and_host = FALSE; int is_openssl_callback = FALSE; #if defined(HAVE_SSL) && defined(USE_OPENSSL) X509 *cert = NULL; @@ -489,9 +490,11 @@ check_http (void) if (client_privkey) handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLKEY, client_privkey), "CURLOPT_SSLKEY"); if (ca_cert) { + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CAINFO, ca_cert), "CURLOPT_CAINFO"); + } + if (ca_cert || verify_peer_and_host) { /* per default if we have a CA verify both the peer and the * hostname in the certificate, can be switched off later */ - handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CAINFO, ca_cert), "CURLOPT_CAINFO"); handle_curl_option_return_code (curl_easy_setopt( curl, CURLOPT_SSL_VERIFYPEER, 1), "CURLOPT_SSL_VERIFYPEER"); handle_curl_option_return_code (curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 2), "CURLOPT_SSL_VERIFYHOST"); } else { @@ -1159,6 +1162,7 @@ process_arguments (int argc, char **argv) {"client-cert", required_argument, 0, 'J'}, {"private-key", required_argument, 0, 'K'}, {"ca-cert", required_argument, 0, CA_CERT_OPTION}, + {"verify-cert", no_argument, 0, 'D'}, {"useragent", required_argument, 0, 'A'}, {"header", required_argument, 0, 'k'}, {"no-body", no_argument, 0, 'N'}, @@ -1193,7 +1197,7 @@ process_arguments (int argc, char **argv) server_url = strdup(DEFAULT_SERVER_URL); while (1) { - c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:nlLS::m:M:NE", longopts, &option); + c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:DnlLS::m:M:NE", longopts, &option); if (c == -1 || c == EOF || c == 1) break; @@ -1332,6 +1336,11 @@ process_arguments (int argc, char **argv) test_file(optarg); ca_cert = optarg; goto enable_ssl; +#endif +#ifdef LIBCURL_FEATURE_SSL + case 'D': /* verify peer certificate & host */ + verify_peer_and_host = TRUE; + goto enable_ssl; #endif case 'S': /* use SSL */ #ifdef LIBCURL_FEATURE_SSL @@ -1703,6 +1712,8 @@ print_help (void) printf (" %s\n", _("matching the client certificate")); printf (" %s\n", "--ca-cert=FILE"); printf (" %s\n", _("CA certificate file to verify peer against")); + printf (" %s\n", "-D, --verify-cert"); + printf (" %s\n", _("Verify the peer's SSL certificate and hostname")); #endif printf (" %s\n", "-e, --expect=STRING"); @@ -1836,7 +1847,7 @@ print_usage (void) { printf ("%s\n", _("Usage:")); printf (" %s -H | -I [-u ] [-p ]\n",progname); - printf (" [-J ] [-K ] [--ca-cert ]\n"); + printf (" [-J ] [-K ] [--ca-cert ] [-D]\n"); printf (" [-w ] [-c ] [-t ] [-L] [-E] [-a auth]\n"); printf (" [-b proxy_auth] [-f ]\n"); printf (" [-e ] [-d string] [-s string] [-l] [-r | -R ]\n"); diff --git a/plugins/t/check_curl.t b/plugins/t/check_curl.t index 4bff538a..55577add 100644 --- a/plugins/t/check_curl.t +++ b/plugins/t/check_curl.t @@ -9,7 +9,7 @@ use Test::More; use POSIX qw/mktime strftime/; use NPTest; -plan tests => 57; +plan tests => 58; my $successOutput = '/OK.*HTTP.*second/'; @@ -94,6 +94,9 @@ SKIP: { $res = NPTest->testCmd("./$plugin -v -H $host_tls_http:443 -S -p 443"); like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" ); + + $res = NPTest->testCmd("./$plugin -v -H $host_tls_http -D -p 443"); + like( $res->output, '/(^Host: '.$host_tls_http.'\s*$)|(cURL returned 60)/ms', "Host Header OK" ); }; SKIP: { -- cgit v1.2.3-74-g34f1 From f90aec83cb20263401ab620d07e4914355d9681d Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Thu, 8 Apr 2021 14:07:20 +0200 Subject: check_curl: Increase regexp limit (to 1024 as in check_http) --- plugins/check_curl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 8125ee84..f900f160 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -117,7 +117,7 @@ typedef enum curlhelp_ssl_library { enum { REGS = 2, - MAX_RE_SIZE = 256 + MAX_RE_SIZE = 1024 }; #include "regex.h" regex_t preg; -- cgit v1.2.3-74-g34f1 From a6acea7941a2a5519ab49d13b5adf946a50b5ea5 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Thu, 8 Apr 2021 14:15:54 +0200 Subject: check_curl: make -C obvious (from check_http) --- plugins/check_curl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index f900f160..892300ae 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -1852,9 +1852,11 @@ print_usage (void) printf (" [-b proxy_auth] [-f ]\n"); printf (" [-e ] [-d string] [-s string] [-l] [-r | -R ]\n"); printf (" [-P string] [-m :] [-4|-6] [-N] [-M ]\n"); - printf (" [-A string] [-k string] [-S ] [--sni] [-C [,]]\n"); + printf (" [-A string] [-k string] [-S ] [--sni]\n"); printf (" [-T ] [-j method]\n"); printf (" [--http-version=]\n"); + printf (" %s -H | -I -C [,]\n",progname); + printf (" [-p ] [-t ] [-4|-6] [--sni]\n"); printf ("\n"); printf ("%s\n", _("WARNING: check_curl is experimental. Please use")); printf ("%s\n\n", _("check_http if you need a stable version.")); -- cgit v1.2.3-74-g34f1 From 1debd29b573f4d81eeba4d7f78f797c348b231ce Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Thu, 8 Apr 2021 15:14:53 +0200 Subject: check_curl: make -C obvious (from check_http, part 2) --- plugins/check_curl.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 892300ae..8fc97f40 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -1858,6 +1858,10 @@ print_usage (void) printf (" %s -H | -I -C [,]\n",progname); printf (" [-p ] [-t ] [-4|-6] [--sni]\n"); printf ("\n"); +#ifdef LIBCURL_FEATURE_SSL + printf ("%s\n", _("In the first form, make an HTTP request.")); + printf ("%s\n\n", _("In the second form, connect to the server and check the TLS certificate.")); +#endif printf ("%s\n", _("WARNING: check_curl is experimental. Please use")); printf ("%s\n\n", _("check_http if you need a stable version.")); } -- cgit v1.2.3-74-g34f1 From cd358cd08a6ddceece836788078ec96b5f8eb0c5 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Thu, 8 Apr 2021 20:39:48 +0200 Subject: check_curl: backported --show-body/-B to print body (from check_http) --- plugins/check_curl.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 8fc97f40..99833f6f 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -145,6 +145,7 @@ thresholds *thlds; char user_agent[DEFAULT_BUFFER_SIZE]; int verbose = 0; int show_extended_perfdata = FALSE; +int show_body = FALSE; int min_page_len = 0; int max_page_len = 0; int redir_depth = 0; @@ -792,7 +793,9 @@ GOT_FIRST_CERT: snprintf(msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host: %s\n"), status_line.first_line); else snprintf(msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host on port %d: %s\n"), server_port, status_line.first_line); - die (STATE_CRITICAL, "HTTP CRITICAL - %s", msg); + die (STATE_CRITICAL, "HTTP CRITICAL - %s%s%s", msg, + show_body ? "\n" : "", + show_body ? body_buf.buf : ""); } if( server_expect_yn ) { @@ -921,13 +924,15 @@ GOT_FIRST_CERT: msg[strlen(msg)-3] = '\0'; /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */ - die (result, "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n", + die (result, "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n%s%s", state_text(result), string_statuscode (status_line.http_major, status_line.http_minor), status_line.http_code, status_line.msg, strlen(msg) > 0 ? " - " : "", msg, page_len, total_time, (display_html ? "" : ""), - perfstring); + perfstring, + (show_body ? body_buf.buf : ""), + (show_body ? "\n" : "") ); /* proper cleanup after die? */ curlhelp_free_statusline(&status_line); @@ -1173,6 +1178,7 @@ process_arguments (int argc, char **argv) {"use-ipv4", no_argument, 0, '4'}, {"use-ipv6", no_argument, 0, '6'}, {"extended-perfdata", no_argument, 0, 'E'}, + {"show-body", no_argument, 0, 'B'}, {"http-version", required_argument, 0, HTTP_VERSION_OPTION}, {0, 0, 0, 0} }; @@ -1197,7 +1203,7 @@ process_arguments (int argc, char **argv) server_url = strdup(DEFAULT_SERVER_URL); while (1) { - c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:DnlLS::m:M:NE", longopts, &option); + c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:DnlLS::m:M:NEB", longopts, &option); if (c == -1 || c == EOF || c == 1) break; @@ -1545,6 +1551,9 @@ process_arguments (int argc, char **argv) case 'E': /* show extended perfdata */ show_extended_perfdata = TRUE; break; + case 'B': /* print body content after status line */ + show_body = TRUE; + break; case HTTP_VERSION_OPTION: curl_http_version = CURL_HTTP_VERSION_NONE; if (strcmp (optarg, "1.0") == 0) { @@ -1757,6 +1766,8 @@ print_help (void) printf (" %s\n", _("Any other tags to be sent in http header. Use multiple times for additional headers")); printf (" %s\n", "-E, --extended-perfdata"); printf (" %s\n", _("Print additional performance data")); + printf (" %s\n", "-B, --show-body"); + printf (" %s\n", _("Print body content below status line")); printf (" %s\n", "-L, --link"); printf (" %s\n", _("Wrap output in HTML link (obsoleted by urlize)")); printf (" %s\n", "-f, --onredirect="); -- cgit v1.2.3-74-g34f1 From f0ac7fcc7c40fab04c00fbbc8c091e89e77b0f74 Mon Sep 17 00:00:00 2001 From: Barak Shohat Date: Mon, 12 Apr 2021 19:06:27 +0300 Subject: check_curl: Fix bug where headers beginning with HTTP_ cause the status line parsing to fail. --- plugins/check_curl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 99833f6f..3e0a6f94 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -1995,7 +1995,7 @@ curlhelp_parse_statusline (const char *buf, curlhelp_statusline *status_line) char *first_line_buf; /* find last start of a new header */ - start = strrstr2 (buf, "\r\nHTTP"); + start = strrstr2 (buf, "\r\nHTTP/"); if (start != NULL) { start += 2; buf = start; -- cgit v1.2.3-74-g34f1 From 63cb7ecfcf8d5b6c9f2be704eee7fa7cd9216f88 Mon Sep 17 00:00:00 2001 From: Barak Shohat Date: Mon, 24 May 2021 13:42:43 +0300 Subject: check_curl.c: bugfix: verify certificates option should not force SSL to be used --- plugins/check_curl.c | 2 +- plugins/t/check_curl.t | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 3e0a6f94..d29db0a6 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -1346,7 +1346,7 @@ process_arguments (int argc, char **argv) #ifdef LIBCURL_FEATURE_SSL case 'D': /* verify peer certificate & host */ verify_peer_and_host = TRUE; - goto enable_ssl; + break; #endif case 'S': /* use SSL */ #ifdef LIBCURL_FEATURE_SSL diff --git a/plugins/t/check_curl.t b/plugins/t/check_curl.t index 45ee5339..ada6a045 100644 --- a/plugins/t/check_curl.t +++ b/plugins/t/check_curl.t @@ -95,7 +95,7 @@ SKIP: { $res = NPTest->testCmd("./$plugin -v -H $host_tls_http:443 -S -p 443"); like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" ); - $res = NPTest->testCmd("./$plugin -v -H $host_tls_http -D -p 443"); + $res = NPTest->testCmd("./$plugin -v -H $host_tls_http -D -S -p 443"); like( $res->output, '/(^Host: '.$host_tls_http.'\s*$)|(cURL returned 60)/ms', "Host Header OK" ); }; -- cgit v1.2.3-74-g34f1 From beb609ffcf8c24c133f59829e0d3d82102661b82 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Thu, 27 May 2021 15:32:08 +0200 Subject: check_curl: - added verbose output in verify_callback - pin refcounting for certs (avoid subject extraction error when checking certs in is_openssl_callback mode) --- plugins/check_curl.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 3e0a6f94..59e398b2 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -285,6 +285,18 @@ int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) * TODO: is the last certificate always the server certificate? */ cert = X509_STORE_CTX_get_current_cert(x509_ctx); + X509_up_ref(cert); + if (verbose>=2) { + puts("* SSL verify callback with certificate:"); + X509_NAME *subject, *issuer; + printf("* issuer:\n"); + issuer = X509_get_issuer_name( cert ); + X509_NAME_print_ex_fp(stdout, issuer, 5, XN_FLAG_MULTILINE); + printf("* curl verify_callback:\n* subject:\n"); + subject = X509_get_subject_name( cert ); + X509_NAME_print_ex_fp(stdout, subject, 5, XN_FLAG_MULTILINE); + puts(""); + } return 1; } -- cgit v1.2.3-74-g34f1 From 20e9451fadb452636bc4b395fcb6aaf93a477c23 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Thu, 24 Jun 2021 11:02:28 +0200 Subject: added option --enable-automatic-decompression --- plugins/check_curl.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 59e398b2..d4442f51 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -206,6 +206,7 @@ int maximum_age = -1; int address_family = AF_UNSPEC; curlhelp_ssl_library ssl_library = CURLHELP_SSL_LIBRARY_UNKNOWN; int curl_http_version = CURL_HTTP_VERSION_NONE; +int automatic_decompression = FALSE; int process_arguments (int, char**); void handle_curl_option_return_code (CURLcode res, const char* option); @@ -383,6 +384,13 @@ check_http (void) /* print everything on stdout like check_http would do */ handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_STDERR, stdout), "CURLOPT_STDERR"); + if (automatic_decompression) +#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 21, 6) + handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_ACCEPT_ENCODING, ""), "CURLOPT_ACCEPT_ENCODING"); +#else + handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_ENCODING, ""), "CURLOPT_ENCODING"); +#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 21, 6) */ + /* initialize buffer for body of the answer */ if (curlhelp_initwritebuffer(&body_buf) < 0) die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating buffer for body\n"); @@ -1149,7 +1157,8 @@ process_arguments (int argc, char **argv) INVERT_REGEX = CHAR_MAX + 1, SNI_OPTION, CA_CERT_OPTION, - HTTP_VERSION_OPTION + HTTP_VERSION_OPTION, + AUTOMATIC_DECOMPRESSION }; int option = 0; @@ -1192,6 +1201,7 @@ process_arguments (int argc, char **argv) {"extended-perfdata", no_argument, 0, 'E'}, {"show-body", no_argument, 0, 'B'}, {"http-version", required_argument, 0, HTTP_VERSION_OPTION}, + {"enable-automatic-decompression", no_argument, 0, AUTOMATIC_DECOMPRESSION}, {0, 0, 0, 0} }; @@ -1583,6 +1593,9 @@ process_arguments (int argc, char **argv) exit (STATE_WARNING); } break; + case AUTOMATIC_DECOMPRESSION: + automatic_decompression = TRUE; + break; case '?': /* print short usage statement if args not parsable */ usage5 (); @@ -1793,6 +1806,8 @@ print_help (void) printf (" %s\n", "--http-version=VERSION"); printf (" %s\n", _("Connect via specific HTTP protocol.")); printf (" %s\n", _("1.0 = HTTP/1.0, 1.1 = HTTP/1.1, 2.0 = HTTP/2 (HTTP/2 will fail without -S)")); + printf (" %s\n", "--enable-automatic-decompression"); + printf (" %s\n", _("Enable automatic decompression of body (CURLOPT_ACCEPT_ENCODING).")); printf ("\n"); printf (UT_WARN_CRIT); -- cgit v1.2.3-74-g34f1 From 0b6838ffcaf372df419059771dd42f1bd69644c0 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Thu, 24 Jun 2021 17:08:20 +0000 Subject: fix for missing X509_up_ref on old systems with only OpenSSL 1.0 --- plugins/check_curl.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index d4442f51..daf64b0b 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -55,6 +55,10 @@ const char *email = "devel@monitoring-plugins.org"; #include +#if defined(HAVE_SSL) && defined(USE_OPENSSL) +#include +#endif + #define MAKE_LIBCURL_VERSION(major, minor, patch) ((major)*0x10000 + (minor)*0x100 + (patch)) #define DEFAULT_BUFFER_SIZE 2048 @@ -286,7 +290,9 @@ int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) * TODO: is the last certificate always the server certificate? */ cert = X509_STORE_CTX_get_current_cert(x509_ctx); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L X509_up_ref(cert); +#endif if (verbose>=2) { puts("* SSL verify callback with certificate:"); X509_NAME *subject, *issuer; -- cgit v1.2.3-74-g34f1 From 6e696643a5701ddd18945593743286b35b5944cb Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Sun, 4 Jul 2021 18:43:42 +0200 Subject: check_curl: changed to STATE_CRITICAL for infinite loops (-ffollow) --- plugins/check_curl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index daf64b0b..ba08c36b 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -1106,8 +1106,8 @@ redir (curlhelp_write_curlbuf* header_buf) !strncmp(server_address, new_host, MAX_IPV4_HOSTLENGTH) && (host_name && !strncmp(host_name, new_host, MAX_IPV4_HOSTLENGTH)) && !strcmp(server_url, new_url)) - die (STATE_WARNING, - _("HTTP WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"), + die (STATE_CRITICAL, + _("HTTP CRITICAL - redirection creates an infinite loop - %s://%s:%d%s%s\n"), use_ssl ? "https" : "http", new_host, new_port, new_url, (display_html ? "" : "")); /* set new values for redirected request */ -- cgit v1.2.3-74-g34f1 From 3f5c54c7830b0529030bb08e2c333497e70b6eb1 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Sun, 25 Jul 2021 18:39:07 +0200 Subject: check_curl: fixed DNS caching for SSL hostnames (avoid CURLOPT_RESOLVE entry errors) --- plugins/check_curl.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 51 insertions(+), 3 deletions(-) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index ba08c36b..2c91a275 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -59,6 +59,8 @@ const char *email = "devel@monitoring-plugins.org"; #include #endif +#include + #define MAKE_LIBCURL_VERSION(major, minor, patch) ((major)*0x10000 + (minor)*0x100 + (patch)) #define DEFAULT_BUFFER_SIZE 2048 @@ -369,6 +371,46 @@ handle_curl_option_return_code (CURLcode res, const char* option) } } +int +lookup_host (const char *host, char *buf, size_t buflen) +{ + struct addrinfo hints, *res, *result; + int errcode; + void *ptr; + + memset (&hints, 0, sizeof (hints)); + hints.ai_family = address_family; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags |= AI_CANONNAME; + + errcode = getaddrinfo (host, NULL, &hints, &result); + if (errcode != 0) + return errcode; + + res = result; + + while (res) { + inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen); + switch (res->ai_family) { + case AF_INET: + ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr; + break; + case AF_INET6: + ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr; + break; + } + inet_ntop (res->ai_family, ptr, buf, buflen); + if (verbose >= 1) + printf ("* getaddrinfo IPv%d address: %s\n", + res->ai_family == PF_INET6 ? 6 : 4, buf); + res = res->ai_next; + } + + freeaddrinfo(result); + + return 0; +} + int check_http (void) { @@ -376,6 +418,9 @@ check_http (void) int page_len = 0; int i; char *force_host_header = NULL; + struct curl_slist *host = NULL; + char addrstr[100]; + char dnscache[DEFAULT_BUFFER_SIZE]; /* initialize curl */ if (curl_global_init (CURL_GLOBAL_DEFAULT) != CURLE_OK) @@ -418,9 +463,12 @@ check_http (void) // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy if(use_ssl && host_name != NULL) { - struct curl_slist *host = NULL; - char dnscache[DEFAULT_BUFFER_SIZE]; - snprintf (dnscache, DEFAULT_BUFFER_SIZE, "%s:%d:%s", host_name, server_port, server_address); + if ( (res=lookup_host (server_address, addrstr, 100)) != 0) { + snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"), + server_address, res, gai_strerror (res)); + die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); + } + snprintf (dnscache, DEFAULT_BUFFER_SIZE, "%s:%d:%s", host_name, server_port, addrstr); host = curl_slist_append(NULL, dnscache); curl_easy_setopt(curl, CURLOPT_RESOLVE, host); if (verbose>=1) -- cgit v1.2.3-74-g34f1 From de5503063e4ea455a7a0a57afcc467a2041c859f Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Sun, 25 Jul 2021 18:49:06 +0200 Subject: check_curl: fixed a potential buffer overflow in retir/uri_string --- plugins/check_curl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 2c91a275..5990b95b 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -1033,8 +1033,8 @@ char* uri_string (const UriTextRangeA range, char* buf, size_t buflen) { if (!range.first) return "(null)"; - strncpy (buf, range.first, max (buflen, range.afterLast - range.first)); - buf[max (buflen, range.afterLast - range.first)] = '\0'; + strncpy (buf, range.first, max (buflen-1, range.afterLast - range.first)); + buf[max (buflen-1, range.afterLast - range.first)] = '\0'; buf[range.afterLast - range.first] = '\0'; return buf; } -- cgit v1.2.3-74-g34f1 From 737412f7391ae430a51e8f2c2a3b1ab2d35a6394 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Sat, 29 Jan 2022 11:11:36 +0100 Subject: check_http and check_curl: added --max-redirs=N option (feature #1684) --- plugins/check_curl.c | 16 ++++++++++++++-- plugins/check_http.c | 20 ++++++++++++++++---- 2 files changed, 30 insertions(+), 6 deletions(-) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 14cc8463..32d919fe 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -66,13 +66,13 @@ const char *email = "devel@monitoring-plugins.org"; #define DEFAULT_BUFFER_SIZE 2048 #define DEFAULT_SERVER_URL "/" #define HTTP_EXPECT "HTTP/" -#define DEFAULT_MAX_REDIRS 15 #define INET_ADDR_MAX_SIZE INET6_ADDRSTRLEN enum { MAX_IPV4_HOSTLENGTH = 255, HTTP_PORT = 80, HTTPS_PORT = 443, - MAX_PORT = 65535 + MAX_PORT = 65535, + DEFAULT_MAX_REDIRS = 15 }; enum { @@ -1210,6 +1210,7 @@ process_arguments (int argc, char **argv) enum { INVERT_REGEX = CHAR_MAX + 1, SNI_OPTION, + MAX_REDIRS_OPTION, CA_CERT_OPTION, HTTP_VERSION_OPTION, AUTOMATIC_DECOMPRESSION @@ -1254,6 +1255,7 @@ process_arguments (int argc, char **argv) {"use-ipv6", no_argument, 0, '6'}, {"extended-perfdata", no_argument, 0, 'E'}, {"show-body", no_argument, 0, 'B'}, + {"max-redirs", required_argument, 0, MAX_REDIRS_OPTION}, {"http-version", required_argument, 0, HTTP_VERSION_OPTION}, {"enable-automatic-decompression", no_argument, 0, AUTOMATIC_DECOMPRESSION}, {0, 0, 0, 0} @@ -1512,6 +1514,13 @@ process_arguments (int argc, char **argv) use_sni = TRUE; break; #endif /* LIBCURL_FEATURE_SSL */ + case MAX_REDIRS_OPTION: + if (!is_intnonneg (optarg)) + usage2 (_("Invalid max_redirs count"), optarg); + else { + max_depth = atoi (optarg); + } + break; case 'f': /* onredirect */ if (!strcmp (optarg, "ok")) onredirect = STATE_OK; @@ -1854,6 +1863,9 @@ print_help (void) printf (" %s\n", _("specified IP address. stickyport also ensures port stays the same.")); printf (" %s\n", _("follow uses the old redirection algorithm of check_http.")); printf (" %s\n", _("curl uses CURL_FOLLOWLOCATION built into libcurl.")); + printf (" %s\n", "--max-redirs=INTEGER"); + printf (" %s", _("Maximal number of redirects (default: ")); + printf ("%d)\n", DEFAULT_MAX_REDIRS); printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>"); printf (" %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)")); printf ("\n"); diff --git a/plugins/check_http.c b/plugins/check_http.c index 34fb4f01..df2a79c2 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c @@ -52,7 +52,8 @@ enum { MAX_IPV4_HOSTLENGTH = 255, HTTP_PORT = 80, HTTPS_PORT = 443, - MAX_PORT = 65535 + MAX_PORT = 65535, + DEFAULT_MAX_REDIRS = 15 }; #ifdef HAVE_SSL @@ -125,7 +126,7 @@ int sd; int min_page_len = 0; int max_page_len = 0; int redir_depth = 0; -int max_depth = 15; +int max_depth = DEFAULT_MAX_REDIRS; char *http_method; char *http_method_proxy; char *http_post_data; @@ -203,7 +204,8 @@ process_arguments (int argc, char **argv) enum { INVERT_REGEX = CHAR_MAX + 1, - SNI_OPTION + SNI_OPTION, + MAX_REDIRS_OPTION }; int option = 0; @@ -242,6 +244,7 @@ process_arguments (int argc, char **argv) {"use-ipv6", no_argument, 0, '6'}, {"extended-perfdata", no_argument, 0, 'E'}, {"show-body", no_argument, 0, 'B'}, + {"max-redirs", required_argument, 0, MAX_REDIRS_OPTION}, {0, 0, 0, 0} }; @@ -373,6 +376,13 @@ process_arguments (int argc, char **argv) case SNI_OPTION: use_sni = TRUE; break; + case MAX_REDIRS_OPTION: + if (!is_intnonneg (optarg)) + usage2 (_("Invalid max_redirs count"), optarg); + else { + max_depth = atoi (optarg); + } + break; case 'f': /* onredirect */ if (!strcmp (optarg, "stickyport")) onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST|STICKY_PORT; @@ -1657,9 +1667,11 @@ print_help (void) printf (" %s\n", "-f, --onredirect="); printf (" %s\n", _("How to handle redirected pages. sticky is like follow but stick to the")); printf (" %s\n", _("specified IP address. stickyport also ensures port stays the same.")); + printf (" %s\n", "--max-redirs=INTEGER"); + printf (" %s", _("Maximal number of redirects (default: ")); + printf ("%d)\n", DEFAULT_MAX_REDIRS); printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>"); printf (" %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)")); - printf (UT_WARN_CRIT); printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); -- cgit v1.2.3-74-g34f1 From ee2a60fc4e26828b115051564706f8fbc4c4b153 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Thu, 27 Jan 2022 10:00:58 +0100 Subject: fixed -ffollow for HTTP/2.0 (Fixes #1685): added major_version parsing to PicoHTTPParser --- plugins/check_curl.c | 6 +++--- plugins/picohttpparser/picohttpparser.c | 30 ++++++++++++++++++------------ plugins/picohttpparser/picohttpparser.h | 4 ++-- 3 files changed, 23 insertions(+), 17 deletions(-) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 32d919fe..7da84de4 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -1054,7 +1054,7 @@ redir (curlhelp_write_curlbuf* header_buf) char *new_url; int res = phr_parse_response (header_buf->buf, header_buf->buflen, - &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, + &status_line.http_major, &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, headers, &nof_headers, 0); location = get_header_value (headers, nof_headers, "location"); @@ -2200,7 +2200,7 @@ check_document_dates (const curlhelp_write_curlbuf *header_buf, char (*msg)[DEFA size_t msglen; int res = phr_parse_response (header_buf->buf, header_buf->buflen, - &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, + &status_line.http_major, &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, headers, &nof_headers, 0); server_date = get_header_value (headers, nof_headers, "date"); @@ -2258,7 +2258,7 @@ get_content_length (const curlhelp_write_curlbuf* header_buf, const curlhelp_wri curlhelp_statusline status_line; int res = phr_parse_response (header_buf->buf, header_buf->buflen, - &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, + &status_line.http_major, &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, headers, &nof_headers, 0); content_length_s = get_header_value (headers, nof_headers, "content-length"); diff --git a/plugins/picohttpparser/picohttpparser.c b/plugins/picohttpparser/picohttpparser.c index 74ccc3ef..d9680b79 100644 --- a/plugins/picohttpparser/picohttpparser.c +++ b/plugins/picohttpparser/picohttpparser.c @@ -242,7 +242,7 @@ static const char *is_complete(const char *buf, const char *buf_end, size_t last } while (0) /* returned pointer is always within [buf, buf_end), or null */ -static const char *parse_http_version(const char *buf, const char *buf_end, int *minor_version, int *ret) +static const char *parse_http_version(const char *buf, const char *buf_end, int *major_version, int *minor_version, int *ret) { /* we want at least [HTTP/1.] to try to parse */ if (buf_end - buf < 9) { @@ -254,9 +254,13 @@ static const char *parse_http_version(const char *buf, const char *buf_end, int EXPECT_CHAR_NO_CHECK('T'); EXPECT_CHAR_NO_CHECK('P'); EXPECT_CHAR_NO_CHECK('/'); - EXPECT_CHAR_NO_CHECK('1'); - EXPECT_CHAR_NO_CHECK('.'); - PARSE_INT(minor_version, 1); + PARSE_INT(major_version, 1); + if (*major_version == 1) { + EXPECT_CHAR_NO_CHECK('.'); + PARSE_INT(minor_version, 1); + } else { + *minor_version = 0; + } return buf; } @@ -339,7 +343,7 @@ static const char *parse_headers(const char *buf, const char *buf_end, struct ph } static const char *parse_request(const char *buf, const char *buf_end, const char **method, size_t *method_len, const char **path, - size_t *path_len, int *minor_version, struct phr_header *headers, size_t *num_headers, + size_t *path_len, int *major_version, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t max_headers, int *ret) { /* skip first empty line (some clients add CRLF after POST content) */ @@ -364,7 +368,7 @@ static const char *parse_request(const char *buf, const char *buf_end, const cha *ret = -1; return NULL; } - if ((buf = parse_http_version(buf, buf_end, minor_version, ret)) == NULL) { + if ((buf = parse_http_version(buf, buf_end, major_version, minor_version, ret)) == NULL) { return NULL; } if (*buf == '\015') { @@ -381,7 +385,7 @@ static const char *parse_request(const char *buf, const char *buf_end, const cha } int phr_parse_request(const char *buf_start, size_t len, const char **method, size_t *method_len, const char **path, - size_t *path_len, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len) + size_t *path_len, int *major_version, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len) { const char *buf = buf_start, *buf_end = buf_start + len; size_t max_headers = *num_headers; @@ -391,6 +395,7 @@ int phr_parse_request(const char *buf_start, size_t len, const char **method, si *method_len = 0; *path = NULL; *path_len = 0; + *major_version = -1; *minor_version = -1; *num_headers = 0; @@ -400,7 +405,7 @@ int phr_parse_request(const char *buf_start, size_t len, const char **method, si return r; } - if ((buf = parse_request(buf, buf_end, method, method_len, path, path_len, minor_version, headers, num_headers, max_headers, + if ((buf = parse_request(buf, buf_end, method, method_len, path, path_len, major_version, minor_version, headers, num_headers, max_headers, &r)) == NULL) { return r; } @@ -408,11 +413,11 @@ int phr_parse_request(const char *buf_start, size_t len, const char **method, si return (int)(buf - buf_start); } -static const char *parse_response(const char *buf, const char *buf_end, int *minor_version, int *status, const char **msg, +static const char *parse_response(const char *buf, const char *buf_end, int *major_version, int *minor_version, int *status, const char **msg, size_t *msg_len, struct phr_header *headers, size_t *num_headers, size_t max_headers, int *ret) { /* parse "HTTP/1.x" */ - if ((buf = parse_http_version(buf, buf_end, minor_version, ret)) == NULL) { + if ((buf = parse_http_version(buf, buf_end, major_version, minor_version, ret)) == NULL) { return NULL; } /* skip space */ @@ -451,13 +456,14 @@ static const char *parse_response(const char *buf, const char *buf_end, int *min return parse_headers(buf, buf_end, headers, num_headers, max_headers, ret); } -int phr_parse_response(const char *buf_start, size_t len, int *minor_version, int *status, const char **msg, size_t *msg_len, +int phr_parse_response(const char *buf_start, size_t len, int *major_version, int *minor_version, int *status, const char **msg, size_t *msg_len, struct phr_header *headers, size_t *num_headers, size_t last_len) { const char *buf = buf_start, *buf_end = buf + len; size_t max_headers = *num_headers; int r; + *major_version = -1; *minor_version = -1; *status = 0; *msg = NULL; @@ -470,7 +476,7 @@ int phr_parse_response(const char *buf_start, size_t len, int *minor_version, in return r; } - if ((buf = parse_response(buf, buf_end, minor_version, status, msg, msg_len, headers, num_headers, max_headers, &r)) == NULL) { + if ((buf = parse_response(buf, buf_end, major_version, minor_version, status, msg, msg_len, headers, num_headers, max_headers, &r)) == NULL) { return r; } diff --git a/plugins/picohttpparser/picohttpparser.h b/plugins/picohttpparser/picohttpparser.h index 0849f844..8f13b36f 100644 --- a/plugins/picohttpparser/picohttpparser.h +++ b/plugins/picohttpparser/picohttpparser.h @@ -49,10 +49,10 @@ struct phr_header { /* returns number of bytes consumed if successful, -2 if request is partial, * -1 if failed */ int phr_parse_request(const char *buf, size_t len, const char **method, size_t *method_len, const char **path, size_t *path_len, - int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len); + int *major_version, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len); /* ditto */ -int phr_parse_response(const char *_buf, size_t len, int *minor_version, int *status, const char **msg, size_t *msg_len, +int phr_parse_response(const char *_buf, size_t len, int *major_version, int *minor_version, int *status, const char **msg, size_t *msg_len, struct phr_header *headers, size_t *num_headers, size_t last_len); /* ditto */ -- cgit v1.2.3-74-g34f1 From a96bdd7349926f2f18aba07db02c5ed472f4caf6 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Sun, 10 Apr 2022 16:31:53 +0200 Subject: check_curl: added option --continue-after-certificate (#1761) --- plugins/check_curl.c | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 7da84de4..a69854a8 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -193,6 +193,7 @@ int followsticky = STICKY_NONE; int use_ssl = FALSE; int use_sni = TRUE; int check_cert = FALSE; +int continue_after_check_cert = FALSE; typedef union { struct curl_slist* to_info; struct curl_certinfo* to_certinfo; @@ -754,7 +755,9 @@ check_http (void) * and we actually have OpenSSL in the monitoring tools */ result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); - return result; + if (continue_after_check_cert == FALSE) { + return result; + } #else /* USE_OPENSSL */ die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n"); #endif /* USE_OPENSSL */ @@ -794,13 +797,17 @@ GOT_FIRST_CERT: } BIO_free (cert_BIO); result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); - return result; + if (continue_after_check_cert == FALSE) { + return result; + } #else /* USE_OPENSSL */ /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal, * so we use the libcurl CURLINFO data */ result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit); - return result; + if (continue_after_check_cert == FALSE) { + return result; + } #endif /* USE_OPENSSL */ } else { snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates - cURL returned %d - %s"), @@ -1211,6 +1218,7 @@ process_arguments (int argc, char **argv) INVERT_REGEX = CHAR_MAX + 1, SNI_OPTION, MAX_REDIRS_OPTION, + CONTINUE_AFTER_CHECK_CERT, CA_CERT_OPTION, HTTP_VERSION_OPTION, AUTOMATIC_DECOMPRESSION @@ -1244,6 +1252,7 @@ process_arguments (int argc, char **argv) {"private-key", required_argument, 0, 'K'}, {"ca-cert", required_argument, 0, CA_CERT_OPTION}, {"verify-cert", no_argument, 0, 'D'}, + {"continue-after-certificate", no_argument, 0, CONTINUE_AFTER_CHECK_CERT}, {"useragent", required_argument, 0, 'A'}, {"header", required_argument, 0, 'k'}, {"no-body", no_argument, 0, 'N'}, @@ -1402,6 +1411,11 @@ process_arguments (int argc, char **argv) } check_cert = TRUE; goto enable_ssl; +#endif + case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */ +#ifdef HAVE_SSL + continue_after_check_cert = TRUE; + break; #endif case 'J': /* use client certificate */ #ifdef LIBCURL_FEATURE_SSL @@ -1800,7 +1814,11 @@ print_help (void) #endif printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); - printf (" %s\n", _("(when this option is used the URL is not checked.)")); + printf (" %s\n", _("(when this option is used the URL is not checked by default. You can use")); + printf (" %s\n", _(" --continue-after-certificate to override this behavior)")); + printf (" %s\n", "--continue-after-certificate"); + printf (" %s\n", _("Allows the HTTP check to continue after performing the certificate check.")); + printf (" %s\n", _("Does nothing unless -C is used.")); printf (" %s\n", "-J, --client-cert=FILE"); printf (" %s\n", _("Name of file that contains the client certificate (PEM format)")); printf (" %s\n", _("to be used in establishing the SSL session")); -- cgit v1.2.3-74-g34f1 From 4a5ddd201119260028db6a4f27027d72aa9a160a Mon Sep 17 00:00:00 2001 From: Lorenz <12514511+RincewindsHat@users.noreply.github.com> Date: Mon, 7 Nov 2022 17:48:28 +0100 Subject: Check curl detect ipv6 (#1809) * If server_address is an IPv6 address surround it with brackets * If the message is too short, we should not have an underflow * Add simple conditional test case available if IPv6 is --- .github/workflows/test.yml | 2 +- plugins/check_curl.c | 22 ++++++++++++++++++---- plugins/t/check_curl.t | 39 ++++++++++++++++++++++++++++----------- 3 files changed, 47 insertions(+), 16 deletions(-) (limited to 'plugins/check_curl.c') diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d2785a41..80d49f7e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -40,7 +40,7 @@ jobs: ${{ matrix.distro }} \ /bin/sh -c '${{ matrix.prepare }} && \ tools/setup && \ - ./configure --enable-libtap --with-ipv6=no && \ + ./configure --enable-libtap --with-ipv6=no && \ make && \ make test' docker container prune -f diff --git a/plugins/check_curl.c b/plugins/check_curl.c index a69854a8..2ad373c0 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -476,6 +476,18 @@ check_http (void) printf ("* curl CURLOPT_RESOLVE: %s\n", dnscache); } + // If server_address is an IPv6 address it must be surround by square brackets + struct in6_addr tmp_in_addr; + if (inet_pton(AF_INET6, server_address, &tmp_in_addr) == 1) { + char *new_server_address = malloc(strlen(server_address) + 3); + if (new_server_address == NULL) { + die(STATE_UNKNOWN, "HTTP UNKNOWN - Unable to allocate memory\n"); + } + snprintf(new_server_address, strlen(server_address)+3, "[%s]", server_address); + free(server_address); + server_address = new_server_address; + } + /* compose URL: use the address we want to connect to, set Host: header later */ snprintf (url, DEFAULT_BUFFER_SIZE, "%s://%s:%d%s", use_ssl ? "https" : "http", @@ -999,10 +1011,12 @@ GOT_FIRST_CERT: result = max_state_alt(get_status(total_time, thlds), result); /* Cut-off trailing characters */ - if(msg[strlen(msg)-2] == ',') - msg[strlen(msg)-2] = '\0'; - else - msg[strlen(msg)-3] = '\0'; + if (strlen(msg) >= 2) { + if(msg[strlen(msg)-2] == ',') + msg[strlen(msg)-2] = '\0'; + else + msg[strlen(msg)-3] = '\0'; + } /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */ die (result, "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n%s%s", diff --git a/plugins/t/check_curl.t b/plugins/t/check_curl.t index 693f4b25..eae98cc1 100644 --- a/plugins/t/check_curl.t +++ b/plugins/t/check_curl.t @@ -1,15 +1,22 @@ #! /usr/bin/perl -w -I .. # -# HyperText Transfer Protocol (HTTP) Test via check_http +# HyperText Transfer Protocol (HTTP) Test via check_curl # # use strict; use Test::More; use POSIX qw/mktime strftime/; -use NPTest; -plan tests => 57; +use vars qw($tests $has_ipv6); + +BEGIN { + use NPTest; + $has_ipv6 = NPTest::has_ipv6(); + $tests = $has_ipv6 ? 59 : 57; + plan tests => $tests; +} + my $successOutput = '/OK.*HTTP.*second/'; @@ -18,6 +25,7 @@ my $plugin = 'check_http'; $plugin = 'check_curl' if $0 =~ m/check_curl/mx; my $host_tcp_http = getTestParameter("NP_HOST_TCP_HTTP", "A host providing the HTTP Service (a web server)", "localhost"); +my $host_tcp_http_ipv6 = getTestParameter("NP_HOST_TCP_HTTP_IPV6", "An IPv6 address providing a HTTP Service (a web server)", "::1"); my $host_tls_http = getTestParameter("NP_HOST_TLS_HTTP", "A host providing the HTTPS Service (a tls web server)", "localhost"); my $host_tls_cert = getTestParameter("NP_HOST_TLS_CERT", "the common name of the certificate.", "localhost"); my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1"); @@ -31,26 +39,35 @@ my $faketime = -x '/usr/bin/faketime' ? 1 : 0; $res = NPTest->testCmd( - "./$plugin $host_tcp_http -wt 300 -ct 600" - ); + "./$plugin $host_tcp_http -wt 300 -ct 600" + ); cmp_ok( $res->return_code, '==', 0, "Webserver $host_tcp_http responded" ); like( $res->output, $successOutput, "Output OK" ); +if ($has_ipv6) { + # Test for IPv6 formatting + $res = NPTest->testCmd( + "./$plugin -I $host_tcp_http_ipv6 -wt 300 -ct 600" + ); + cmp_ok( $res->return_code, '==', 0, "IPv6 URL formatting is working" ); + like( $res->output, $successOutput, "Output OK" ); +} + $res = NPTest->testCmd( - "./$plugin $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'" - ); + "./$plugin $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'" + ); like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" ); $res = NPTest->testCmd( - "./$plugin $host_nonresponsive -wt 1 -ct 2 -t 3" - ); + "./$plugin $host_nonresponsive -wt 1 -ct 2 -t 3" + ); cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" ); # was CRITICAL only, but both check_curl and check_http print HTTP CRITICAL (puzzle?!) like( $res->output, "/HTTP CRITICAL - Invalid HTTP response received from host on port 80: cURL returned 28 - Connection timed out after/", "Output OK"); $res = NPTest->testCmd( - "./$plugin $hostname_invalid -wt 1 -ct 2" - ); + "./$plugin $hostname_invalid -wt 1 -ct 2" + ); cmp_ok( $res->return_code, '==', 2, "Webserver $hostname_invalid not valid" ); # The first part of the message comes from the OS catalogue, so cannot check this. # On Debian, it is Name or service not known, on Darwin, it is No address associated with nodename -- cgit v1.2.3-74-g34f1 From 765b29f09bd3bc2a938260caa5f263343aafadb7 Mon Sep 17 00:00:00 2001 From: Sven Nierlein Date: Thu, 22 Dec 2022 12:51:18 +0100 Subject: check_curl: fix checking large bodys (#1823) check_curl fails on large pages: HTTP CRITICAL - Invalid HTTP response received from host on port 5080: cURL returned 23 - Failure writing output to destination for example trying to run check_curl on the test from #1822 I guess the idea is to double the buffer size each time it is to small. But the code exponentially grows the buffer size which works well 2-3 times, but then fails. --- plugins/check_curl.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 2ad373c0..55de22fd 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -2024,9 +2024,12 @@ curlhelp_buffer_write_callback (void *buffer, size_t size, size_t nmemb, void *s curlhelp_write_curlbuf *buf = (curlhelp_write_curlbuf *)stream; while (buf->bufsize < buf->buflen + size * nmemb + 1) { - buf->bufsize *= buf->bufsize * 2; + buf->bufsize = buf->bufsize * 2; buf->buf = (char *)realloc (buf->buf, buf->bufsize); - if (buf->buf == NULL) return -1; + if (buf->buf == NULL) { + fprintf(stderr, "malloc failed (%d) %s\n", errno, strerror(errno)); + return -1; + } } memcpy (buf->buf + buf->buflen, buffer, size * nmemb); -- cgit v1.2.3-74-g34f1 From 72147140ed6c9a06db722930e893c90a230e6da9 Mon Sep 17 00:00:00 2001 From: waja Date: Tue, 17 Jan 2023 15:42:54 +0100 Subject: Fixing spelling errors (#1826) --- plugins/check_apt.c | 2 +- plugins/check_curl.c | 2 +- plugins/check_fping.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_apt.c b/plugins/check_apt.c index 312909b7..fa982ae3 100644 --- a/plugins/check_apt.c +++ b/plugins/check_apt.c @@ -528,7 +528,7 @@ print_help (void) printf (" %s\n", _("of upgrades will be printed, but any non-critical upgrades will not cause")); printf (" %s\n", _("the plugin to return WARNING status.")); printf (" %s\n", "-w, --packages-warning"); - printf (" %s\n", _("Minumum number of packages available for upgrade to return WARNING status.")); + printf (" %s\n", _("Minimum number of packages available for upgrade to return WARNING status.")); printf (" %s\n\n", _("Default is 1 package.")); printf ("%s\n\n", _("The following options require root privileges and should be used with care:")); diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 55de22fd..c6593df1 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -1680,7 +1680,7 @@ process_arguments (int argc, char **argv) curl_http_version = CURL_HTTP_VERSION_NONE; #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 33, 0) */ } else { - fprintf (stderr, "unkown http-version parameter: %s\n", optarg); + fprintf (stderr, "unknown http-version parameter: %s\n", optarg); exit (STATE_WARNING); } break; diff --git a/plugins/check_fping.c b/plugins/check_fping.c index be9362ad..db433162 100644 --- a/plugins/check_fping.c +++ b/plugins/check_fping.c @@ -492,7 +492,7 @@ void print_help (void) { printf (" %s\n", "-c, --critical=THRESHOLD"); printf (" %s\n", _("critical threshold pair")); printf (" %s\n", "-a, --alive"); - printf (" %s\n", _("Return OK after first successfull reply")); + printf (" %s\n", _("Return OK after first successful reply")); printf (" %s\n", "-b, --bytes=INTEGER"); printf (" %s (default: %d)\n", _("size of ICMP packet"),PACKET_SIZE); printf (" %s\n", "-n, --number=INTEGER"); -- cgit v1.2.3-74-g34f1 From 53f07a468db98247dc4012de0ee678f29cc2bfec Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Sun, 5 Feb 2023 20:34:41 +0100 Subject: using CURLOPT_REDIR_PROTOCOLS_STR instead of CURLOPT_REDIR_PROTOCOLS for curl >= 7.85.0 --- plugins/check_curl.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index c6593df1..7916eb55 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -688,9 +688,13 @@ check_http (void) handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_MAXREDIRS, max_depth+1), "CURLOPT_MAXREDIRS"); /* for now allow only http and https (we are a http(s) check plugin in the end) */ +#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 85, 0) + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_REDIR_PROTOCOLS_STR, "http,https"), "CURLOPT_REDIR_PROTOCOLS_STR"); +#else #if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4) handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS), "CURLOPT_REDIRECT_PROTOCOLS"); #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4) */ +#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 85, 4) */ /* TODO: handle the following aspects of redirection, make them * command line options too later: -- cgit v1.2.3-74-g34f1 From 27b0c6964559ba60ff6c7a626d51e62e5256ed62 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Sat, 11 Feb 2023 18:39:24 +0100 Subject: fixed regerror is MAX_INPUT_BUFFER writting into too small errbuf --- plugins/check_curl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 7916eb55..406f6f88 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -173,7 +173,7 @@ double time_connect; double time_appconnect; double time_headers; double time_firstbyte; -char errbuf[CURL_ERROR_SIZE+1]; +char errbuf[MAX_INPUT_BUFFER]; CURLcode res; char url[DEFAULT_BUFFER_SIZE]; char msg[DEFAULT_BUFFER_SIZE]; -- cgit v1.2.3-74-g34f1 From f6978deaa1bf7c6a7196363104ebfcef143080ab Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Sat, 11 Feb 2023 19:11:07 +0100 Subject: added --cookie-jar and doing proper cleanup of libcurl --- plugins/check_curl.c | 47 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 34 insertions(+), 13 deletions(-) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 406f6f88..35d1237b 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -214,6 +214,7 @@ int address_family = AF_UNSPEC; curlhelp_ssl_library ssl_library = CURLHELP_SSL_LIBRARY_UNKNOWN; int curl_http_version = CURL_HTTP_VERSION_NONE; int automatic_decompression = FALSE; +char *cookie_jar_file = NULL; int process_arguments (int, char**); void handle_curl_option_return_code (CURLcode res, const char* option); @@ -412,6 +413,19 @@ lookup_host (const char *host, char *buf, size_t buflen) return 0; } +static void +cleanup (void) +{ + curlhelp_free_statusline(&status_line); + curl_easy_cleanup (curl); + curl_global_cleanup (); + curlhelp_freewritebuffer (&body_buf); + curlhelp_freewritebuffer (&header_buf); + if (!strcmp (http_method, "PUT")) { + curlhelp_freereadbuffer (&put_buf); + } +} + int check_http (void) { @@ -743,7 +757,16 @@ check_http (void) handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_INFILESIZE, (curl_off_t)strlen (http_post_data)), "CURLOPT_INFILESIZE"); } } + + /* cookie handling */ + if (cookie_jar_file != NULL) { + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_COOKIEJAR, cookie_jar_file), "CURLOPT_COOKIEJAR"); + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_COOKIEFILE, cookie_jar_file), "CURLOPT_COOKIEFILE"); + } + /* register cleanup function to shut down libcurl properly */ + atexit (cleanup); + /* do the request */ res = curl_easy_perform(curl); @@ -1021,7 +1044,7 @@ GOT_FIRST_CERT: else msg[strlen(msg)-3] = '\0'; } - + /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */ die (result, "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n%s%s", state_text(result), string_statuscode (status_line.http_major, status_line.http_minor), @@ -1033,16 +1056,6 @@ GOT_FIRST_CERT: (show_body ? body_buf.buf : ""), (show_body ? "\n" : "") ); - /* proper cleanup after die? */ - curlhelp_free_statusline(&status_line); - curl_easy_cleanup (curl); - curl_global_cleanup (); - curlhelp_freewritebuffer (&body_buf); - curlhelp_freewritebuffer (&header_buf); - if (!strcmp (http_method, "PUT")) { - curlhelp_freereadbuffer (&put_buf); - } - return result; } @@ -1239,7 +1252,8 @@ process_arguments (int argc, char **argv) CONTINUE_AFTER_CHECK_CERT, CA_CERT_OPTION, HTTP_VERSION_OPTION, - AUTOMATIC_DECOMPRESSION + AUTOMATIC_DECOMPRESSION, + COOKIE_JAR }; int option = 0; @@ -1285,6 +1299,7 @@ process_arguments (int argc, char **argv) {"max-redirs", required_argument, 0, MAX_REDIRS_OPTION}, {"http-version", required_argument, 0, HTTP_VERSION_OPTION}, {"enable-automatic-decompression", no_argument, 0, AUTOMATIC_DECOMPRESSION}, + {"cookie-jar", required_argument, 0, COOKIE_JAR}, {0, 0, 0, 0} }; @@ -1691,6 +1706,9 @@ process_arguments (int argc, char **argv) case AUTOMATIC_DECOMPRESSION: automatic_decompression = TRUE; break; + case COOKIE_JAR: + cookie_jar_file = optarg; + break; case '?': /* print short usage statement if args not parsable */ usage5 (); @@ -1910,6 +1928,8 @@ print_help (void) printf (" %s\n", _("1.0 = HTTP/1.0, 1.1 = HTTP/1.1, 2.0 = HTTP/2 (HTTP/2 will fail without -S)")); printf (" %s\n", "--enable-automatic-decompression"); printf (" %s\n", _("Enable automatic decompression of body (CURLOPT_ACCEPT_ENCODING).")); + printf (" %s\n", "---cookie-jar=FILE"); + printf (" %s\n", _("Store cookies in the cookie jar and send them out when requested.")); printf ("\n"); printf (UT_WARN_CRIT); @@ -1994,7 +2014,8 @@ print_usage (void) printf (" [-P string] [-m :] [-4|-6] [-N] [-M ]\n"); printf (" [-A string] [-k string] [-S ] [--sni]\n"); printf (" [-T ] [-j method]\n"); - printf (" [--http-version=]\n"); + printf (" [--http-version=] [--enable-automatic-decompression]\n"); + printf (" [--cookie-jar=\n"); printf (" %s -H | -I -C [,]\n",progname); printf (" [-p ] [-t ] [-4|-6] [--sni]\n"); printf ("\n"); -- cgit v1.2.3-74-g34f1 From 40da85e6913ba4898f5a80772c7b3ea0cba0d3eb Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Sun, 12 Feb 2023 12:11:38 +0100 Subject: better cleanup of curl structures and buffers --- plugins/check_curl.c | 31 ++++++++++++++++++++----------- 1 file changed, 20 insertions(+), 11 deletions(-) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 35d1237b..a49cac8a 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -161,9 +161,13 @@ char *http_post_data = NULL; char *http_content_type = NULL; CURL *curl; struct curl_slist *header_list = NULL; +int body_buf_initialized = 0; curlhelp_write_curlbuf body_buf; +int header_buf_initialized = 0; curlhelp_write_curlbuf header_buf; +int status_line_initialized = 0; curlhelp_statusline status_line; +int put_buf_initialized = 0; curlhelp_read_curlbuf put_buf; char http_header[DEFAULT_BUFFER_SIZE]; long code; @@ -416,14 +420,12 @@ lookup_host (const char *host, char *buf, size_t buflen) static void cleanup (void) { - curlhelp_free_statusline(&status_line); + if (status_line_initialized) curlhelp_free_statusline(&status_line); curl_easy_cleanup (curl); curl_global_cleanup (); - curlhelp_freewritebuffer (&body_buf); - curlhelp_freewritebuffer (&header_buf); - if (!strcmp (http_method, "PUT")) { - curlhelp_freereadbuffer (&put_buf); - } + if (body_buf_initialized) curlhelp_freewritebuffer (&body_buf); + if (header_buf_initialized) curlhelp_freewritebuffer (&header_buf); + if (put_buf_initialized) curlhelp_freereadbuffer (&put_buf); } int @@ -441,9 +443,14 @@ check_http (void) if (curl_global_init (CURL_GLOBAL_DEFAULT) != CURLE_OK) die (STATE_UNKNOWN, "HTTP UNKNOWN - curl_global_init failed\n"); - if ((curl = curl_easy_init()) == NULL) + if ((curl = curl_easy_init()) == NULL) { + curl_global_cleanup (); die (STATE_UNKNOWN, "HTTP UNKNOWN - curl_easy_init failed\n"); + } + /* register cleanup function to shut down libcurl properly */ + atexit (cleanup); + if (verbose >= 1) handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_VERBOSE, TRUE), "CURLOPT_VERBOSE"); @@ -460,12 +467,14 @@ check_http (void) /* initialize buffer for body of the answer */ if (curlhelp_initwritebuffer(&body_buf) < 0) die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating buffer for body\n"); + body_buf_initialized = 1; handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEFUNCTION, (curl_write_callback)curlhelp_buffer_write_callback), "CURLOPT_WRITEFUNCTION"); handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEDATA, (void *)&body_buf), "CURLOPT_WRITEDATA"); /* initialize buffer for header of the answer */ if (curlhelp_initwritebuffer( &header_buf ) < 0) die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating buffer for header\n" ); + header_buf_initialized = 1; handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_HEADERFUNCTION, (curl_write_callback)curlhelp_buffer_write_callback), "CURLOPT_HEADERFUNCTION"); handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEHEADER, (void *)&header_buf), "CURLOPT_WRITEHEADER"); @@ -752,7 +761,9 @@ check_http (void) handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_POSTFIELDS, http_post_data), "CURLOPT_POSTFIELDS"); } else if (!strcmp(http_method, "PUT")) { handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_READFUNCTION, (curl_read_callback)curlhelp_buffer_read_callback), "CURLOPT_READFUNCTION"); - curlhelp_initreadbuffer (&put_buf, http_post_data, strlen (http_post_data)); + if (curlhelp_initreadbuffer (&put_buf, http_post_data, strlen (http_post_data)) < 0) + die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating read buffer for PUT\n"); + put_buf_initialized = 1; handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_READDATA, (void *)&put_buf), "CURLOPT_READDATA"); handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_INFILESIZE, (curl_off_t)strlen (http_post_data)), "CURLOPT_INFILESIZE"); } @@ -764,9 +775,6 @@ check_http (void) handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_COOKIEFILE, cookie_jar_file), "CURLOPT_COOKIEFILE"); } - /* register cleanup function to shut down libcurl properly */ - atexit (cleanup); - /* do the request */ res = curl_easy_perform(curl); @@ -2159,6 +2167,7 @@ curlhelp_parse_statusline (const char *buf, curlhelp_statusline *status_line) first_line_len = (size_t)(first_line_end - buf); status_line->first_line = (char *)malloc (first_line_len + 1); + status_line_initialized = 1; if (status_line->first_line == NULL) return -1; memcpy (status_line->first_line, buf, first_line_len); status_line->first_line[first_line_len] = '\0'; -- cgit v1.2.3-74-g34f1 From 6563267c3ad84bcc4779d282b5ae20520a4a2a6b Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Sun, 12 Feb 2023 13:16:25 +0100 Subject: fixed double frees when doing old-style redirects --- plugins/check_curl.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index a49cac8a..1127d601 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -160,6 +160,8 @@ char *http_method = NULL; char *http_post_data = NULL; char *http_content_type = NULL; CURL *curl; +int curl_global_initialized = 0; +int curl_easy_initialized = 0; struct curl_slist *header_list = NULL; int body_buf_initialized = 0; curlhelp_write_curlbuf body_buf; @@ -421,11 +423,17 @@ static void cleanup (void) { if (status_line_initialized) curlhelp_free_statusline(&status_line); - curl_easy_cleanup (curl); - curl_global_cleanup (); + status_line_initialized = 0; + if (curl_easy_initialized) curl_easy_cleanup (curl); + curl_easy_initialized = 0; + if (curl_global_initialized) curl_global_cleanup (); + curl_global_initialized = 0; if (body_buf_initialized) curlhelp_freewritebuffer (&body_buf); + body_buf_initialized = 0; if (header_buf_initialized) curlhelp_freewritebuffer (&header_buf); + header_buf_initialized = 0; if (put_buf_initialized) curlhelp_freereadbuffer (&put_buf); + put_buf_initialized = 0; } int @@ -442,11 +450,12 @@ check_http (void) /* initialize curl */ if (curl_global_init (CURL_GLOBAL_DEFAULT) != CURLE_OK) die (STATE_UNKNOWN, "HTTP UNKNOWN - curl_global_init failed\n"); + curl_global_initialized = 1; if ((curl = curl_easy_init()) == NULL) { - curl_global_cleanup (); die (STATE_UNKNOWN, "HTTP UNKNOWN - curl_easy_init failed\n"); } + curl_easy_initialized = 1; /* register cleanup function to shut down libcurl properly */ atexit (cleanup); @@ -903,6 +912,7 @@ GOT_FIRST_CERT: /* we cannot know the major/minor version here for sure as we cannot parse the first line */ die (STATE_CRITICAL, "HTTP CRITICAL HTTP/x.x %ld unknown - %s", code, msg); } + status_line_initialized = 1; /* get result code from cURL */ handle_curl_option_return_code (curl_easy_getinfo (curl, CURLINFO_RESPONSE_CODE, &code), "CURLINFO_RESPONSE_CODE"); @@ -1234,6 +1244,7 @@ redir (curlhelp_write_curlbuf* header_buf) * attached to the URL in Location */ + cleanup (); check_http (); } @@ -2167,7 +2178,6 @@ curlhelp_parse_statusline (const char *buf, curlhelp_statusline *status_line) first_line_len = (size_t)(first_line_end - buf); status_line->first_line = (char *)malloc (first_line_len + 1); - status_line_initialized = 1; if (status_line->first_line == NULL) return -1; memcpy (status_line->first_line, buf, first_line_len); status_line->first_line[first_line_len] = '\0'; -- cgit v1.2.3-74-g34f1 From 8e1bbf5e6ed4069d4256bf549a408bb8759861fa Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Sun, 12 Feb 2023 15:09:02 +0100 Subject: changed #else/#if to #elif in libcurl library checks --- plugins/check_curl.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 1127d601..284cf4ea 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -722,11 +722,9 @@ check_http (void) /* for now allow only http and https (we are a http(s) check plugin in the end) */ #if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 85, 0) handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_REDIR_PROTOCOLS_STR, "http,https"), "CURLOPT_REDIR_PROTOCOLS_STR"); -#else -#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4) +#elif LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4) handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS), "CURLOPT_REDIRECT_PROTOCOLS"); -#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4) */ -#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 85, 4) */ +#endif /* TODO: handle the following aspects of redirection, make them * command line options too later: -- cgit v1.2.3-74-g34f1 From ad6b638acb420f4416b10cf52fdd6c75c3c8e6fa Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Fri, 17 Feb 2023 14:03:55 +0100 Subject: using real boolean in check_curl --- plugins/check_curl.c | 160 ++++++++++++++++++++++++++------------------------- 1 file changed, 82 insertions(+), 78 deletions(-) (limited to 'plugins/check_curl.c') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 284cf4ea..c37d45d9 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -37,6 +37,7 @@ const char *progname = "check_curl"; const char *copyright = "2006-2019"; const char *email = "devel@monitoring-plugins.org"; +#include #include #include "common.h" @@ -131,14 +132,14 @@ regmatch_t pmatch[REGS]; char regexp[MAX_RE_SIZE]; int cflags = REG_NOSUB | REG_EXTENDED | REG_NEWLINE; int errcode; -int invert_regex = 0; +bool invert_regex = false; char *server_address = NULL; char *host_name = NULL; char *server_url = 0; char server_ip[DEFAULT_BUFFER_SIZE]; struct curl_slist *server_ips = NULL; -int specify_port = FALSE; +bool specify_port = false; unsigned short server_port = HTTP_PORT; unsigned short virtual_port = 0; int host_name_length; @@ -150,8 +151,8 @@ int days_till_exp_warn, days_till_exp_crit; thresholds *thlds; char user_agent[DEFAULT_BUFFER_SIZE]; int verbose = 0; -int show_extended_perfdata = FALSE; -int show_body = FALSE; +bool show_extended_perfdata = false; +bool show_body = false; int min_page_len = 0; int max_page_len = 0; int redir_depth = 0; @@ -160,16 +161,16 @@ char *http_method = NULL; char *http_post_data = NULL; char *http_content_type = NULL; CURL *curl; -int curl_global_initialized = 0; -int curl_easy_initialized = 0; +bool curl_global_initialized = false; +bool curl_easy_initialized = false; struct curl_slist *header_list = NULL; -int body_buf_initialized = 0; +bool body_buf_initialized = false; curlhelp_write_curlbuf body_buf; -int header_buf_initialized = 0; +bool header_buf_initialized = false; curlhelp_write_curlbuf header_buf; -int status_line_initialized = 0; +bool status_line_initialized = false; curlhelp_statusline status_line; -int put_buf_initialized = 0; +bool put_buf_initialized = false; curlhelp_read_curlbuf put_buf; char http_header[DEFAULT_BUFFER_SIZE]; long code; @@ -192,14 +193,14 @@ char user_auth[MAX_INPUT_BUFFER] = ""; char proxy_auth[MAX_INPUT_BUFFER] = ""; char **http_opt_headers; int http_opt_headers_count = 0; -int display_html = FALSE; +bool display_html = false; int onredirect = STATE_OK; int followmethod = FOLLOW_HTTP_CURL; int followsticky = STICKY_NONE; -int use_ssl = FALSE; -int use_sni = TRUE; -int check_cert = FALSE; -int continue_after_check_cert = FALSE; +bool use_ssl = false; +bool use_sni = true; +bool check_cert = false; +bool continue_after_check_cert = false; typedef union { struct curl_slist* to_info; struct curl_certinfo* to_certinfo; @@ -209,20 +210,20 @@ int ssl_version = CURL_SSLVERSION_DEFAULT; char *client_cert = NULL; char *client_privkey = NULL; char *ca_cert = NULL; -int verify_peer_and_host = FALSE; -int is_openssl_callback = FALSE; +bool verify_peer_and_host = false; +bool is_openssl_callback = false; #if defined(HAVE_SSL) && defined(USE_OPENSSL) X509 *cert = NULL; #endif /* defined(HAVE_SSL) && defined(USE_OPENSSL) */ -int no_body = FALSE; +bool no_body = false; int maximum_age = -1; int address_family = AF_UNSPEC; curlhelp_ssl_library ssl_library = CURLHELP_SSL_LIBRARY_UNKNOWN; int curl_http_version = CURL_HTTP_VERSION_NONE; -int automatic_decompression = FALSE; +bool automatic_decompression = false; char *cookie_jar_file = NULL; -int process_arguments (int, char**); +bool process_arguments (int, char**); void handle_curl_option_return_code (CURLcode res, const char* option); int check_http (void); void redir (curlhelp_write_curlbuf*); @@ -276,10 +277,10 @@ main (int argc, char **argv) progname, NP_VERSION, VERSION, curl_version()); /* parse arguments */ - if (process_arguments (argc, argv) == ERROR) + if (process_arguments (argc, argv) == false) usage4 (_("Could not parse arguments")); - if (display_html == TRUE) + if (display_html) printf ("", use_ssl ? "https" : "http", host_name ? host_name : server_address, @@ -423,17 +424,17 @@ static void cleanup (void) { if (status_line_initialized) curlhelp_free_statusline(&status_line); - status_line_initialized = 0; + status_line_initialized = false; if (curl_easy_initialized) curl_easy_cleanup (curl); - curl_easy_initialized = 0; + curl_easy_initialized = false; if (curl_global_initialized) curl_global_cleanup (); - curl_global_initialized = 0; + curl_global_initialized = false; if (body_buf_initialized) curlhelp_freewritebuffer (&body_buf); - body_buf_initialized = 0; + body_buf_initialized = false; if (header_buf_initialized) curlhelp_freewritebuffer (&header_buf); - header_buf_initialized = 0; + header_buf_initialized = false; if (put_buf_initialized) curlhelp_freereadbuffer (&put_buf); - put_buf_initialized = 0; + put_buf_initialized = false; } int @@ -450,18 +451,18 @@ check_http (void) /* initialize curl */ if (curl_global_init (CURL_GLOBAL_DEFAULT) != CURLE_OK) die (STATE_UNKNOWN, "HTTP UNKNOWN - curl_global_init failed\n"); - curl_global_initialized = 1; + curl_global_initialized = true; if ((curl = curl_easy_init()) == NULL) { die (STATE_UNKNOWN, "HTTP UNKNOWN - curl_easy_init failed\n"); } - curl_easy_initialized = 1; + curl_easy_initialized = true; /* register cleanup function to shut down libcurl properly */ atexit (cleanup); if (verbose >= 1) - handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_VERBOSE, TRUE), "CURLOPT_VERBOSE"); + handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_VERBOSE, 1), "CURLOPT_VERBOSE"); /* print everything on stdout like check_http would do */ handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_STDERR, stdout), "CURLOPT_STDERR"); @@ -476,14 +477,14 @@ check_http (void) /* initialize buffer for body of the answer */ if (curlhelp_initwritebuffer(&body_buf) < 0) die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating buffer for body\n"); - body_buf_initialized = 1; + body_buf_initialized = true; handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEFUNCTION, (curl_write_callback)curlhelp_buffer_write_callback), "CURLOPT_WRITEFUNCTION"); handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEDATA, (void *)&body_buf), "CURLOPT_WRITEDATA"); /* initialize buffer for header of the answer */ if (curlhelp_initwritebuffer( &header_buf ) < 0) die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating buffer for header\n" ); - header_buf_initialized = 1; + header_buf_initialized = true; handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_HEADERFUNCTION, (curl_write_callback)curlhelp_buffer_write_callback), "CURLOPT_HEADERFUNCTION"); handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEHEADER, (void *)&header_buf), "CURLOPT_WRITEHEADER"); @@ -544,7 +545,7 @@ check_http (void) /* disable body for HEAD request */ if (http_method && !strcmp (http_method, "HEAD" )) { - no_body = TRUE; + no_body = true; } /* set HTTP protocol version */ @@ -641,7 +642,7 @@ check_http (void) #ifdef USE_OPENSSL /* libcurl and monitoring plugins built with OpenSSL, good */ handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun), "CURLOPT_SSL_CTX_FUNCTION"); - is_openssl_callback = TRUE; + is_openssl_callback = true; #else /* USE_OPENSSL */ #endif /* USE_OPENSSL */ /* libcurl is built with OpenSSL, monitoring plugins, so falling @@ -770,7 +771,7 @@ check_http (void) handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_READFUNCTION, (curl_read_callback)curlhelp_buffer_read_callback), "CURLOPT_READFUNCTION"); if (curlhelp_initreadbuffer (&put_buf, http_post_data, strlen (http_post_data)) < 0) die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating read buffer for PUT\n"); - put_buf_initialized = 1; + put_buf_initialized = true; handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_READDATA, (void *)&put_buf), "CURLOPT_READDATA"); handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_INFILESIZE, (curl_off_t)strlen (http_post_data)), "CURLOPT_INFILESIZE"); } @@ -801,15 +802,15 @@ check_http (void) /* certificate checks */ #ifdef LIBCURL_FEATURE_SSL - if (use_ssl == TRUE) { - if (check_cert == TRUE) { + if (use_ssl) { + if (check_cert) { if (is_openssl_callback) { #ifdef USE_OPENSSL /* check certificate with OpenSSL functions, curl has been built against OpenSSL * and we actually have OpenSSL in the monitoring tools */ result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); - if (continue_after_check_cert == FALSE) { + if (!continue_after_check_cert) { return result; } #else /* USE_OPENSSL */ @@ -851,7 +852,7 @@ GOT_FIRST_CERT: } BIO_free (cert_BIO); result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); - if (continue_after_check_cert == FALSE) { + if (!continue_after_check_cert) { return result; } #else /* USE_OPENSSL */ @@ -859,7 +860,7 @@ GOT_FIRST_CERT: * so we use the libcurl CURLINFO data */ result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit); - if (continue_after_check_cert == FALSE) { + if (!continue_after_check_cert) { return result; } #endif /* USE_OPENSSL */ @@ -887,7 +888,7 @@ GOT_FIRST_CERT: perfd_time(total_time), perfd_size(page_len), perfd_time_connect(time_connect), - use_ssl == TRUE ? perfd_time_ssl (time_appconnect-time_connect) : "", + use_ssl ? perfd_time_ssl (time_appconnect-time_connect) : "", perfd_time_headers(time_headers - time_appconnect), perfd_time_firstbyte(time_firstbyte - time_headers), perfd_time_transfer(total_time-time_firstbyte) @@ -910,7 +911,7 @@ GOT_FIRST_CERT: /* we cannot know the major/minor version here for sure as we cannot parse the first line */ die (STATE_CRITICAL, "HTTP CRITICAL HTTP/x.x %ld unknown - %s", code, msg); } - status_line_initialized = 1; + status_line_initialized = true; /* get result code from cURL */ handle_curl_option_return_code (curl_easy_getinfo (curl, CURLINFO_RESPONSE_CODE, &code), "CURLINFO_RESPONSE_CODE"); @@ -1023,12 +1024,12 @@ GOT_FIRST_CERT: if (strlen (regexp)) { errcode = regexec (&preg, body_buf.buf, REGS, pmatch, 0); - if ((errcode == 0 && invert_regex == 0) || (errcode == REG_NOMATCH && invert_regex == 1)) { + if ((errcode == 0 && !invert_regex) || (errcode == REG_NOMATCH && invert_regex)) { /* OK - No-op to avoid changing the logic around it */ result = max_state_alt(STATE_OK, result); } - else if ((errcode == REG_NOMATCH && invert_regex == 0) || (errcode == 0 && invert_regex == 1)) { - if (invert_regex == 0) + else if ((errcode == REG_NOMATCH && !invert_regex) || (errcode == 0 && invert_regex)) { + if (!invert_regex) snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spattern not found, "), msg); else snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spattern found, "), msg); @@ -1167,7 +1168,10 @@ redir (curlhelp_write_curlbuf* header_buf) } } - use_ssl = !uri_strcmp (uri.scheme, "https"); + if (!uri_strcmp (uri.scheme, "https")) + use_ssl = true; + else + use_ssl = false; /* we do a sloppy test here only, because uriparser would have failed * above, if the port would be invalid, we just check for MAX_PORT @@ -1255,7 +1259,7 @@ test_file (char *path) usage2 (_("file does not exist or is not readable"), path); } -int +bool process_arguments (int argc, char **argv) { char *p; @@ -1321,7 +1325,7 @@ process_arguments (int argc, char **argv) }; if (argc < 2) - return ERROR; + return false; /* support check_http compatible arguments */ for (c = 1; c < argc; c++) { @@ -1401,7 +1405,7 @@ process_arguments (int argc, char **argv) if( strtol(optarg, NULL, 10) > MAX_PORT) usage2 (_("Invalid port number, supplied port number is too big"), optarg); server_port = (unsigned short)strtol(optarg, NULL, 10); - specify_port = TRUE; + specify_port = true; } break; case 'a': /* authorization info */ @@ -1435,10 +1439,10 @@ process_arguments (int argc, char **argv) http_opt_headers[http_opt_headers_count - 1] = optarg; break; case 'L': /* show html link */ - display_html = TRUE; + display_html = true; break; case 'n': /* do not show html link */ - display_html = FALSE; + display_html = false; break; case 'C': /* Check SSL cert validity */ #ifdef LIBCURL_FEATURE_SSL @@ -1459,12 +1463,12 @@ process_arguments (int argc, char **argv) usage2 (_("Invalid certificate expiration period"), optarg); days_till_exp_warn = atoi (optarg); } - check_cert = TRUE; + check_cert = true; goto enable_ssl; #endif case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */ #ifdef HAVE_SSL - continue_after_check_cert = TRUE; + continue_after_check_cert = true; break; #endif case 'J': /* use client certificate */ @@ -1487,13 +1491,13 @@ process_arguments (int argc, char **argv) #endif #ifdef LIBCURL_FEATURE_SSL case 'D': /* verify peer certificate & host */ - verify_peer_and_host = TRUE; + verify_peer_and_host = true; break; #endif case 'S': /* use SSL */ #ifdef LIBCURL_FEATURE_SSL enable_ssl: - use_ssl = TRUE; + use_ssl = true; /* ssl_version initialized to CURL_SSLVERSION_DEFAULT as a default. * Only set if it's non-zero. This helps when we include multiple * parameters, like -S and -C combinations */ @@ -1567,15 +1571,15 @@ process_arguments (int argc, char **argv) #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) */ if (verbose >= 2) printf(_("* Set SSL/TLS version to %d\n"), ssl_version); - if (specify_port == FALSE) + if (!specify_port) server_port = HTTPS_PORT; break; #else /* LIBCURL_FEATURE_SSL */ /* -C -J and -K fall through to here without SSL */ usage4 (_("Invalid option - SSL is not available")); break; - case SNI_OPTION: /* --sni is parsed, but ignored, the default is TRUE with libcurl */ - use_sni = TRUE; + case SNI_OPTION: /* --sni is parsed, but ignored, the default is true with libcurl */ + use_sni = true; break; #endif /* LIBCURL_FEATURE_SSL */ case MAX_REDIRS_OPTION: @@ -1636,11 +1640,11 @@ process_arguments (int argc, char **argv) if (errcode != 0) { (void) regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER); printf (_("Could Not Compile Regular Expression: %s"), errbuf); - return ERROR; + return false; } break; case INVERT_REGEX: - invert_regex = 1; + invert_regex = true; break; case '4': address_family = AF_INET; @@ -1675,7 +1679,7 @@ process_arguments (int argc, char **argv) break; } case 'N': /* no-body */ - no_body = TRUE; + no_body = true; break; case 'M': /* max-age */ { @@ -1698,10 +1702,10 @@ process_arguments (int argc, char **argv) } break; case 'E': /* show extended perfdata */ - show_extended_perfdata = TRUE; + show_extended_perfdata = true; break; case 'B': /* print body content after status line */ - show_body = TRUE; + show_body = true; break; case HTTP_VERSION_OPTION: curl_http_version = CURL_HTTP_VERSION_NONE; @@ -1721,7 +1725,7 @@ process_arguments (int argc, char **argv) } break; case AUTOMATIC_DECOMPRESSION: - automatic_decompression = TRUE; + automatic_decompression = true; break; case COOKIE_JAR: cookie_jar_file = optarg; @@ -1765,52 +1769,52 @@ process_arguments (int argc, char **argv) virtual_port = server_port; else { if ((use_ssl && server_port == HTTPS_PORT) || (!use_ssl && server_port == HTTP_PORT)) - if(specify_port == FALSE) + if(!specify_port) server_port = virtual_port; } - return TRUE; + return true; } char *perfd_time (double elapsed_time) { return fperfdata ("time", elapsed_time, "s", - thlds->warning?TRUE:FALSE, thlds->warning?thlds->warning->end:0, - thlds->critical?TRUE:FALSE, thlds->critical?thlds->critical->end:0, - TRUE, 0, TRUE, socket_timeout); + thlds->warning?true:false, thlds->warning?thlds->warning->end:0, + thlds->critical?true:false, thlds->critical?thlds->critical->end:0, + true, 0, true, socket_timeout); } char *perfd_time_connect (double elapsed_time_connect) { - return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout); + return fperfdata ("time_connect", elapsed_time_connect, "s", false, 0, false, 0, false, 0, true, socket_timeout); } char *perfd_time_ssl (double elapsed_time_ssl) { - return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout); + return fperfdata ("time_ssl", elapsed_time_ssl, "s", false, 0, false, 0, false, 0, true, socket_timeout); } char *perfd_time_headers (double elapsed_time_headers) { - return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout); + return fperfdata ("time_headers", elapsed_time_headers, "s", false, 0, false, 0, false, 0, true, socket_timeout); } char *perfd_time_firstbyte (double elapsed_time_firstbyte) { - return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout); + return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", false, 0, false, 0, false, 0, true, socket_timeout); } char *perfd_time_transfer (double elapsed_time_transfer) { - return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout); + return fperfdata ("time_transfer", elapsed_time_transfer, "s", false, 0, false, 0, false, 0, true, socket_timeout); } char *perfd_size (int page_len) { return perfdata ("size", page_len, "B", - (min_page_len>0?TRUE:FALSE), min_page_len, - (min_page_len>0?TRUE:FALSE), 0, - TRUE, 0, FALSE, 0); + (min_page_len>0?true:false), min_page_len, + (min_page_len>0?true:false), 0, + true, 0, false, 0); } void -- cgit v1.2.3-74-g34f1