From 499c0a07ae42ef48b3a1f25031fb933c3c59e327 Mon Sep 17 00:00:00 2001 From: RincewindsHat <12514511+RincewindsHat@users.noreply.github.com> Date: Thu, 31 Oct 2024 03:29:32 +0100 Subject: check_dns: clang-format --- plugins/check_dns.c | 1067 ++++++++++++++++++++++++--------------------------- 1 file changed, 509 insertions(+), 558 deletions(-) (limited to 'plugins') diff --git a/plugins/check_dns.c b/plugins/check_dns.c index 468bc958..7cd23162 100644 --- a/plugins/check_dns.c +++ b/plugins/check_dns.c @@ -1,33 +1,33 @@ /***************************************************************************** -* -* Monitoring check_dns plugin -* -* License: GPL -* Copyright (c) 2000-2008 Monitoring Plugins Development Team -* -* Description: -* -* This file contains the check_dns plugin -* -* LIMITATION: nslookup on Solaris 7 can return output over 2 lines, which -* will not be picked up by this plugin -* -* -* This program is free software: you can redistribute it and/or modify -* it under the terms of the GNU General Public License as published by -* the Free Software Foundation, either version 3 of the License, or -* (at your option) any later version. -* -* This program is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU General Public License for more details. -* -* You should have received a copy of the GNU General Public License -* along with this program. If not, see . -* -* -*****************************************************************************/ + * + * Monitoring check_dns plugin + * + * License: GPL + * Copyright (c) 2000-2008 Monitoring Plugins Development Team + * + * Description: + * + * This file contains the check_dns plugin + * + * LIMITATION: nslookup on Solaris 7 can return output over 2 lines, which + * will not be picked up by this plugin + * + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + * + *****************************************************************************/ const char *progname = "check_dns"; const char *copyright = "2000-2008"; @@ -39,13 +39,13 @@ const char *email = "devel@monitoring-plugins.org"; #include "netutils.h" #include "runcmd.h" -int process_arguments (int, char **); -int validate_arguments (void); -int error_scan (char *, bool *); +int process_arguments(int, char **); +int validate_arguments(void); +int error_scan(char *, bool *); bool ip_match_cidr(const char *, const char *); unsigned long ip2long(const char *); -void print_help (void); -void print_usage (void); +void print_help(void); +void print_usage(void); #define ADDRESS_LENGTH 256 char query_address[ADDRESS_LENGTH] = ""; @@ -60,558 +60,509 @@ bool expect_authority = false; bool all_match = false; thresholds *time_thresholds = NULL; -static int -qstrcmp(const void *p1, const void *p2) -{ +static int qstrcmp(const void *p1, const void *p2) { /* The actual arguments to this function are "pointers to pointers to char", but strcmp() arguments are "pointers to char", hence the following cast plus dereference */ - return strcmp(* (char * const *) p1, * (char * const *) p2); + return strcmp(*(char *const *)p1, *(char *const *)p2); } +int main(int argc, char **argv) { + char *command_line = NULL; + char input_buffer[MAX_INPUT_BUFFER]; + char *address = NULL; /* comma separated str with addrs/ptrs (sorted) */ + char **addresses = NULL; + int n_addresses = 0; + char *msg = NULL; + char *temp_buffer = NULL; + bool non_authoritative = false; + int result = STATE_UNKNOWN; + double elapsed_time; + long microsec; + struct timeval tv; + bool parse_address = false; /* This flag scans for Address: but only after Name: */ + output chld_out, chld_err; + bool is_nxdomain = false; + + setlocale(LC_ALL, ""); + bindtextdomain(PACKAGE, LOCALEDIR); + textdomain(PACKAGE); + + /* Set signal handling and alarm */ + if (signal(SIGALRM, runcmd_timeout_alarm_handler) == SIG_ERR) { + usage_va(_("Cannot catch SIGALRM")); + } + + /* Parse extra opts if any */ + argv = np_extra_opts(&argc, argv, progname); + + if (process_arguments(argc, argv) == ERROR) { + usage_va(_("Could not parse arguments")); + } + + /* get the command to run */ + xasprintf(&command_line, "%s %s %s", NSLOOKUP_COMMAND, query_address, dns_server); + + alarm(timeout_interval); + gettimeofday(&tv, NULL); + + if (verbose) + printf("%s\n", command_line); + + /* run the command */ + if ((np_runcmd(command_line, &chld_out, &chld_err, 0)) != 0) { + msg = (char *)_("nslookup returned an error status"); + result = STATE_WARNING; + } + + /* scan stdout */ + for (size_t i = 0; i < chld_out.lines; i++) { + if (addresses == NULL) + addresses = malloc(sizeof(*addresses) * 10); + else if (!(n_addresses % 10)) + addresses = realloc(addresses, sizeof(*addresses) * (n_addresses + 10)); + + if (verbose) + puts(chld_out.line[i]); + + if (strcasestr(chld_out.line[i], ".in-addr.arpa") || strcasestr(chld_out.line[i], ".ip6.arpa")) { + if ((temp_buffer = strstr(chld_out.line[i], "name = "))) + addresses[n_addresses++] = strdup(temp_buffer + 7); + else { + msg = (char *)_("Warning plugin error"); + result = STATE_WARNING; + } + } + + /* bug ID: 2946553 - Older versions of bind will use all available dns + servers, we have to match the one specified */ + if (strstr(chld_out.line[i], "Server:") && strlen(dns_server) > 0) { + temp_buffer = strchr(chld_out.line[i], ':'); + temp_buffer++; + + /* Strip leading tabs */ + for (; *temp_buffer != '\0' && *temp_buffer == '\t'; temp_buffer++) + /* NOOP */; + + strip(temp_buffer); + if (temp_buffer == NULL || strlen(temp_buffer) == 0) { + die(STATE_CRITICAL, _("DNS CRITICAL - '%s' returned empty server string\n"), NSLOOKUP_COMMAND); + } + + if (strcmp(temp_buffer, dns_server) != 0) { + die(STATE_CRITICAL, _("DNS CRITICAL - No response from DNS %s\n"), dns_server); + } + } + + /* the server is responding, we just got the host name... */ + if (strstr(chld_out.line[i], "Name:")) + parse_address = true; + else if (parse_address && (strstr(chld_out.line[i], "Address:") || strstr(chld_out.line[i], "Addresses:"))) { + temp_buffer = index(chld_out.line[i], ':'); + temp_buffer++; + + /* Strip leading spaces */ + while (*temp_buffer == ' ') + temp_buffer++; + + strip(temp_buffer); + if (temp_buffer == NULL || strlen(temp_buffer) == 0) { + die(STATE_CRITICAL, _("DNS CRITICAL - '%s' returned empty host name string\n"), NSLOOKUP_COMMAND); + } + + addresses[n_addresses++] = strdup(temp_buffer); + } else if (strstr(chld_out.line[i], _("Non-authoritative answer:"))) { + non_authoritative = true; + } + + result = error_scan(chld_out.line[i], &is_nxdomain); + if (result != STATE_OK) { + msg = strchr(chld_out.line[i], ':'); + if (msg) + msg++; + break; + } + } + + /* scan stderr */ + for (size_t i = 0; i < chld_err.lines; i++) { + if (verbose) + puts(chld_err.line[i]); + + if (error_scan(chld_err.line[i], &is_nxdomain) != STATE_OK) { + result = max_state(result, error_scan(chld_err.line[i], &is_nxdomain)); + msg = strchr(input_buffer, ':'); + if (msg) + msg++; + else + msg = input_buffer; + } + } + + if (is_nxdomain && !expect_nxdomain) { + die(STATE_CRITICAL, _("Domain '%s' was not found by the server\n"), query_address); + } -int -main (int argc, char **argv) -{ - char *command_line = NULL; - char input_buffer[MAX_INPUT_BUFFER]; - char *address = NULL; /* comma separated str with addrs/ptrs (sorted) */ - char **addresses = NULL; - int n_addresses = 0; - char *msg = NULL; - char *temp_buffer = NULL; - bool non_authoritative = false; - int result = STATE_UNKNOWN; - double elapsed_time; - long microsec; - struct timeval tv; - bool parse_address = false; /* This flag scans for Address: but only after Name: */ - output chld_out, chld_err; - bool is_nxdomain = false; - - setlocale (LC_ALL, ""); - bindtextdomain (PACKAGE, LOCALEDIR); - textdomain (PACKAGE); - - /* Set signal handling and alarm */ - if (signal (SIGALRM, runcmd_timeout_alarm_handler) == SIG_ERR) { - usage_va(_("Cannot catch SIGALRM")); - } - - /* Parse extra opts if any */ - argv=np_extra_opts (&argc, argv, progname); - - if (process_arguments (argc, argv) == ERROR) { - usage_va(_("Could not parse arguments")); - } - - /* get the command to run */ - xasprintf (&command_line, "%s %s %s", NSLOOKUP_COMMAND, query_address, dns_server); - - alarm (timeout_interval); - gettimeofday (&tv, NULL); - - if (verbose) - printf ("%s\n", command_line); - - /* run the command */ - if((np_runcmd(command_line, &chld_out, &chld_err, 0)) != 0) { - msg = (char *)_("nslookup returned an error status"); - result = STATE_WARNING; - } - - /* scan stdout */ - for(size_t i = 0; i < chld_out.lines; i++) { - if (addresses == NULL) - addresses = malloc(sizeof(*addresses)*10); - else if (!(n_addresses % 10)) - addresses = realloc(addresses,sizeof(*addresses) * (n_addresses + 10)); - - if (verbose) - puts(chld_out.line[i]); - - if (strcasestr (chld_out.line[i], ".in-addr.arpa") || strcasestr (chld_out.line[i], ".ip6.arpa")) { - if ((temp_buffer = strstr (chld_out.line[i], "name = "))) - addresses[n_addresses++] = strdup (temp_buffer + 7); - else { - msg = (char *)_("Warning plugin error"); - result = STATE_WARNING; - } - } - - /* bug ID: 2946553 - Older versions of bind will use all available dns - servers, we have to match the one specified */ - if (strstr (chld_out.line[i], "Server:") && strlen(dns_server) > 0) { - temp_buffer = strchr (chld_out.line[i], ':'); - temp_buffer++; - - /* Strip leading tabs */ - for (; *temp_buffer != '\0' && *temp_buffer == '\t'; temp_buffer++) - /* NOOP */; - - strip(temp_buffer); - if (temp_buffer==NULL || strlen(temp_buffer)==0) { - die (STATE_CRITICAL, - _("DNS CRITICAL - '%s' returned empty server string\n"), - NSLOOKUP_COMMAND); - } - - if (strcmp(temp_buffer, dns_server) != 0) { - die (STATE_CRITICAL, _("DNS CRITICAL - No response from DNS %s\n"), dns_server); - } - } - - /* the server is responding, we just got the host name... */ - if (strstr (chld_out.line[i], "Name:")) - parse_address = true; - else if (parse_address && (strstr (chld_out.line[i], "Address:") || - strstr (chld_out.line[i], "Addresses:"))) { - temp_buffer = index (chld_out.line[i], ':'); - temp_buffer++; - - /* Strip leading spaces */ - while (*temp_buffer == ' ') - temp_buffer++; - - strip(temp_buffer); - if (temp_buffer==NULL || strlen(temp_buffer)==0) { - die (STATE_CRITICAL, - _("DNS CRITICAL - '%s' returned empty host name string\n"), - NSLOOKUP_COMMAND); - } - - addresses[n_addresses++] = strdup(temp_buffer); - } - else if (strstr (chld_out.line[i], _("Non-authoritative answer:"))) { - non_authoritative = true; - } - - - result = error_scan (chld_out.line[i], &is_nxdomain); - if (result != STATE_OK) { - msg = strchr (chld_out.line[i], ':'); - if(msg) msg++; - break; - } - } - - /* scan stderr */ - for(size_t i = 0; i < chld_err.lines; i++) { - if (verbose) - puts(chld_err.line[i]); - - if (error_scan (chld_err.line[i], &is_nxdomain) != STATE_OK) { - result = max_state (result, error_scan (chld_err.line[i], &is_nxdomain)); - msg = strchr(input_buffer, ':'); - if(msg) - msg++; - else - msg = input_buffer; - } - } - - if (is_nxdomain && !expect_nxdomain) { - die (STATE_CRITICAL, _("Domain '%s' was not found by the server\n"), query_address); - } - - if (addresses) { - int i,slen; - char *adrp; - qsort(addresses, n_addresses, sizeof(*addresses), qstrcmp); - for(i=0, slen=1; i < n_addresses; i++) { - slen += strlen(addresses[i])+1; - } - adrp = address = malloc(slen); - for(i=0; i < n_addresses; i++) { - if (i) *adrp++ = ','; - strcpy(adrp, addresses[i]); - adrp += strlen(addresses[i]); - } - *adrp = 0; - } else - die (STATE_CRITICAL, - _("DNS CRITICAL - '%s' msg parsing exited with no address\n"), - NSLOOKUP_COMMAND); - - /* compare to expected address */ - if (result == STATE_OK && expected_address_cnt > 0) { - result = STATE_CRITICAL; - temp_buffer = ""; - unsigned long expect_match = (1 << expected_address_cnt) - 1; - unsigned long addr_match = (1 << n_addresses) - 1; - - for (int i=0; iwarning != NULL) && (time_thresholds->critical != NULL)) { - printf ("|%s\n", fperfdata ("time", elapsed_time, "s", - true, time_thresholds->warning->end, - true, time_thresholds->critical->end, - true, 0, false, 0)); - } else if ((time_thresholds->warning == NULL) && (time_thresholds->critical != NULL)) { - printf ("|%s\n", fperfdata ("time", elapsed_time, "s", - false, 0, - true, time_thresholds->critical->end, - true, 0, false, 0)); - } else if ((time_thresholds->warning != NULL) && (time_thresholds->critical == NULL)) { - printf ("|%s\n", fperfdata ("time", elapsed_time, "s", - true, time_thresholds->warning->end, - false, 0, - true, 0, false, 0)); - } else - printf ("|%s\n", fperfdata ("time", elapsed_time, "s", false, 0, false, 0, true, 0, false, 0)); - } - else if (result == STATE_WARNING) - printf (_("DNS WARNING - %s\n"), - !strcmp (msg, "") ? _(" Probably a non-existent host/domain") : msg); - else if (result == STATE_CRITICAL) - printf (_("DNS CRITICAL - %s\n"), - !strcmp (msg, "") ? _(" Probably a non-existent host/domain") : msg); - else - printf (_("DNS UNKNOWN - %s\n"), - !strcmp (msg, "") ? _(" Probably a non-existent host/domain") : msg); - - return result; + if (addresses) { + int i, slen; + char *adrp; + qsort(addresses, n_addresses, sizeof(*addresses), qstrcmp); + for (i = 0, slen = 1; i < n_addresses; i++) { + slen += strlen(addresses[i]) + 1; + } + adrp = address = malloc(slen); + for (i = 0; i < n_addresses; i++) { + if (i) + *adrp++ = ','; + strcpy(adrp, addresses[i]); + adrp += strlen(addresses[i]); + } + *adrp = 0; + } else + die(STATE_CRITICAL, _("DNS CRITICAL - '%s' msg parsing exited with no address\n"), NSLOOKUP_COMMAND); + + /* compare to expected address */ + if (result == STATE_OK && expected_address_cnt > 0) { + result = STATE_CRITICAL; + temp_buffer = ""; + unsigned long expect_match = (1 << expected_address_cnt) - 1; + unsigned long addr_match = (1 << n_addresses) - 1; + + for (int i = 0; i < expected_address_cnt; i++) { + int j; + /* check if we get a match on 'raw' ip or cidr */ + for (j = 0; j < n_addresses; j++) { + if (strcmp(addresses[j], expected_address[i]) == 0 || ip_match_cidr(addresses[j], expected_address[i])) { + result = STATE_OK; + addr_match &= ~(1 << j); + expect_match &= ~(1 << i); + } + } + + /* prepare an error string */ + xasprintf(&temp_buffer, "%s%s; ", temp_buffer, expected_address[i]); + } + /* check if expected_address must cover all in addresses and none may be missing */ + if (all_match && (expect_match != 0 || addr_match != 0)) + result = STATE_CRITICAL; + if (result == STATE_CRITICAL) { + /* Strip off last semicolon... */ + temp_buffer[strlen(temp_buffer) - 2] = '\0'; + xasprintf(&msg, _("expected '%s' but got '%s'"), temp_buffer, address); + } + } + + if (expect_nxdomain) { + if (!is_nxdomain) { + result = STATE_CRITICAL; + xasprintf(&msg, _("Domain '%s' was found by the server: '%s'\n"), query_address, address); + } else { + if (address != NULL) + free(address); + address = "NXDOMAIN"; + } + } + + /* check if authoritative */ + if (result == STATE_OK && expect_authority && non_authoritative) { + result = STATE_CRITICAL; + xasprintf(&msg, _("server %s is not authoritative for %s"), dns_server, query_address); + } + + microsec = deltime(tv); + elapsed_time = (double)microsec / 1.0e6; + + if (result == STATE_OK) { + result = get_status(elapsed_time, time_thresholds); + if (result == STATE_OK) { + printf("DNS %s: ", _("OK")); + } else if (result == STATE_WARNING) { + printf("DNS %s: ", _("WARNING")); + } else if (result == STATE_CRITICAL) { + printf("DNS %s: ", _("CRITICAL")); + } + printf(ngettext("%.3f second response time", "%.3f seconds response time", elapsed_time), elapsed_time); + printf(_(". %s returns %s"), query_address, address); + if ((time_thresholds->warning != NULL) && (time_thresholds->critical != NULL)) { + printf("|%s\n", fperfdata("time", elapsed_time, "s", true, time_thresholds->warning->end, true, time_thresholds->critical->end, + true, 0, false, 0)); + } else if ((time_thresholds->warning == NULL) && (time_thresholds->critical != NULL)) { + printf("|%s\n", fperfdata("time", elapsed_time, "s", false, 0, true, time_thresholds->critical->end, true, 0, false, 0)); + } else if ((time_thresholds->warning != NULL) && (time_thresholds->critical == NULL)) { + printf("|%s\n", fperfdata("time", elapsed_time, "s", true, time_thresholds->warning->end, false, 0, true, 0, false, 0)); + } else + printf("|%s\n", fperfdata("time", elapsed_time, "s", false, 0, false, 0, true, 0, false, 0)); + } else if (result == STATE_WARNING) + printf(_("DNS WARNING - %s\n"), !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg); + else if (result == STATE_CRITICAL) + printf(_("DNS CRITICAL - %s\n"), !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg); + else + printf(_("DNS UNKNOWN - %s\n"), !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg); + + return result; } bool ip_match_cidr(const char *addr, const char *cidr_ro) { - char *subnet, *mask_c, *cidr = strdup(cidr_ro); - int mask; - subnet = strtok(cidr, "/"); - mask_c = strtok(NULL, "\0"); - if (!subnet || !mask_c) { - return false; + char *subnet, *mask_c, *cidr = strdup(cidr_ro); + int mask; + subnet = strtok(cidr, "/"); + mask_c = strtok(NULL, "\0"); + if (!subnet || !mask_c) { + return false; } - mask = atoi(mask_c); + mask = atoi(mask_c); - /* https://www.cryptobells.com/verifying-ips-in-a-subnet-in-php/ */ - return (ip2long(addr) & ~((1 << (32 - mask)) - 1)) == (ip2long(subnet) >> (32 - mask)) << (32 - mask); + /* https://www.cryptobells.com/verifying-ips-in-a-subnet-in-php/ */ + return (ip2long(addr) & ~((1 << (32 - mask)) - 1)) == (ip2long(subnet) >> (32 - mask)) << (32 - mask); } -unsigned long -ip2long(const char* src) { - unsigned long ip[4]; - /* http://computer-programming-forum.com/47-c-language/1376ffb92a12c471.htm */ - return (sscanf(src, "%3lu.%3lu.%3lu.%3lu", - &ip[0], &ip[1], &ip[2], &ip[3]) == 4 && - ip[0] < 256 && ip[1] < 256 && - ip[2] < 256 && ip[3] < 256) - ? ip[0] << 24 | ip[1] << 16 | ip[2] << 8 | ip[3] - : 0; +unsigned long ip2long(const char *src) { + unsigned long ip[4]; + /* http://computer-programming-forum.com/47-c-language/1376ffb92a12c471.htm */ + return (sscanf(src, "%3lu.%3lu.%3lu.%3lu", &ip[0], &ip[1], &ip[2], &ip[3]) == 4 && ip[0] < 256 && ip[1] < 256 && ip[2] < 256 && + ip[3] < 256) + ? ip[0] << 24 | ip[1] << 16 | ip[2] << 8 | ip[3] + : 0; } -int -error_scan (char *input_buffer, bool *is_nxdomain) -{ - - const int nxdomain = strstr (input_buffer, "Non-existent") || - strstr (input_buffer, "** server can't find") || - strstr (input_buffer, "** Can't find") || - strstr (input_buffer, "NXDOMAIN"); - if (nxdomain) *is_nxdomain = true; - - /* the DNS lookup timed out */ - if (strstr (input_buffer, _("Note: nslookup is deprecated and may be removed from future releases.")) || - strstr (input_buffer, _("Consider using the `dig' or `host' programs instead. Run nslookup with")) || - strstr (input_buffer, _("the `-sil[ent]' option to prevent this message from appearing."))) - return STATE_OK; - - /* DNS server is not running... */ - else if (strstr (input_buffer, "No response from server")) - die (STATE_CRITICAL, _("No response from DNS %s\n"), dns_server); - else if (strstr (input_buffer, "no servers could be reached")) - die (STATE_CRITICAL, _("No response from DNS %s\n"), dns_server); - - /* Host name is valid, but server doesn't have records... */ - else if (strstr (input_buffer, "No records")) - die (STATE_CRITICAL, _("DNS %s has no records\n"), dns_server); - - /* Connection was refused */ - else if (strstr (input_buffer, "Connection refused") || - strstr (input_buffer, "Couldn't find server") || - strstr (input_buffer, "Refused") || - (strstr (input_buffer, "** server can't find") && - strstr (input_buffer, ": REFUSED"))) - die (STATE_CRITICAL, _("Connection to DNS %s was refused\n"), dns_server); - - /* Query refused (usually by an ACL in the namserver) */ - else if (strstr (input_buffer, "Query refused")) - die (STATE_CRITICAL, _("Query was refused by DNS server at %s\n"), dns_server); - - /* No information (e.g. nameserver IP has two PTR records) */ - else if (strstr (input_buffer, "No information")) - die (STATE_CRITICAL, _("No information returned by DNS server at %s\n"), dns_server); - - /* Network is unreachable */ - else if (strstr (input_buffer, "Network is unreachable")) - die (STATE_CRITICAL, _("Network is unreachable\n")); - - /* Internal server failure */ - else if (strstr (input_buffer, "Server failure")) - die (STATE_CRITICAL, _("DNS failure for %s\n"), dns_server); - - /* Request error or the DNS lookup timed out */ - else if (strstr (input_buffer, "Format error") || - strstr (input_buffer, "Timed out")) - return STATE_WARNING; - - return STATE_OK; +int error_scan(char *input_buffer, bool *is_nxdomain) { -} + const int nxdomain = strstr(input_buffer, "Non-existent") || strstr(input_buffer, "** server can't find") || + strstr(input_buffer, "** Can't find") || strstr(input_buffer, "NXDOMAIN"); + if (nxdomain) + *is_nxdomain = true; + + /* the DNS lookup timed out */ + if (strstr(input_buffer, _("Note: nslookup is deprecated and may be removed from future releases.")) || + strstr(input_buffer, _("Consider using the `dig' or `host' programs instead. Run nslookup with")) || + strstr(input_buffer, _("the `-sil[ent]' option to prevent this message from appearing."))) + return STATE_OK; + + /* DNS server is not running... */ + else if (strstr(input_buffer, "No response from server")) + die(STATE_CRITICAL, _("No response from DNS %s\n"), dns_server); + else if (strstr(input_buffer, "no servers could be reached")) + die(STATE_CRITICAL, _("No response from DNS %s\n"), dns_server); + + /* Host name is valid, but server doesn't have records... */ + else if (strstr(input_buffer, "No records")) + die(STATE_CRITICAL, _("DNS %s has no records\n"), dns_server); + + /* Connection was refused */ + else if (strstr(input_buffer, "Connection refused") || strstr(input_buffer, "Couldn't find server") || + strstr(input_buffer, "Refused") || (strstr(input_buffer, "** server can't find") && strstr(input_buffer, ": REFUSED"))) + die(STATE_CRITICAL, _("Connection to DNS %s was refused\n"), dns_server); + + /* Query refused (usually by an ACL in the namserver) */ + else if (strstr(input_buffer, "Query refused")) + die(STATE_CRITICAL, _("Query was refused by DNS server at %s\n"), dns_server); + + /* No information (e.g. nameserver IP has two PTR records) */ + else if (strstr(input_buffer, "No information")) + die(STATE_CRITICAL, _("No information returned by DNS server at %s\n"), dns_server); + + /* Network is unreachable */ + else if (strstr(input_buffer, "Network is unreachable")) + die(STATE_CRITICAL, _("Network is unreachable\n")); + + /* Internal server failure */ + else if (strstr(input_buffer, "Server failure")) + die(STATE_CRITICAL, _("DNS failure for %s\n"), dns_server); + /* Request error or the DNS lookup timed out */ + else if (strstr(input_buffer, "Format error") || strstr(input_buffer, "Timed out")) + return STATE_WARNING; + + return STATE_OK; +} /* process command-line arguments */ -int -process_arguments (int argc, char **argv) -{ - int c; - char *warning = NULL; - char *critical = NULL; - - int opt_index = 0; - static struct option long_opts[] = { - {"help", no_argument, 0, 'h'}, - {"version", no_argument, 0, 'V'}, - {"verbose", no_argument, 0, 'v'}, - {"timeout", required_argument, 0, 't'}, - {"hostname", required_argument, 0, 'H'}, - {"server", required_argument, 0, 's'}, - {"reverse-server", required_argument, 0, 'r'}, - {"expected-address", required_argument, 0, 'a'}, - {"expect-nxdomain", no_argument, 0, 'n'}, - {"expect-authority", no_argument, 0, 'A'}, - {"all", no_argument, 0, 'L'}, - {"warning", required_argument, 0, 'w'}, - {"critical", required_argument, 0, 'c'}, - {0, 0, 0, 0} - }; - - if (argc < 2) - return ERROR; - - for (c = 1; c < argc; c++) - if (strcmp ("-to", argv[c]) == 0) - strcpy (argv[c], "-t"); - - while (1) { - c = getopt_long (argc, argv, "hVvALnt:H:s:r:a:w:c:", long_opts, &opt_index); - - if (c == -1 || c == EOF) - break; - - switch (c) { - case 'h': /* help */ - print_help (); - exit (STATE_UNKNOWN); - case 'V': /* version */ - print_revision (progname, NP_VERSION); - exit (STATE_UNKNOWN); - case 'v': /* version */ - verbose = true; - break; - case 't': /* timeout period */ - timeout_interval = atoi (optarg); - break; - case 'H': /* hostname */ - if (strlen (optarg) >= ADDRESS_LENGTH) - die (STATE_UNKNOWN, _("Input buffer overflow\n")); - strcpy (query_address, optarg); - break; - case 's': /* server name */ - /* TODO: this host_or_die check is probably unnecessary. - * Better to confirm nslookup response matches */ - host_or_die(optarg); - if (strlen (optarg) >= ADDRESS_LENGTH) - die (STATE_UNKNOWN, _("Input buffer overflow\n")); - strcpy (dns_server, optarg); - break; - case 'r': /* reverse server name */ - /* TODO: Is this host_or_die necessary? */ - host_or_die(optarg); - if (strlen (optarg) >= ADDRESS_LENGTH) - die (STATE_UNKNOWN, _("Input buffer overflow\n")); - strcpy (ptr_server, optarg); - break; - case 'a': /* expected address */ - if (strlen (optarg) >= ADDRESS_LENGTH) - die (STATE_UNKNOWN, _("Input buffer overflow\n")); - if (strchr(optarg, ',') != NULL) { - char *comma = strchr(optarg, ','); - while (comma != NULL) { - expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**)); - expected_address[expected_address_cnt] = strndup(optarg, comma - optarg); - expected_address_cnt++; - optarg = comma + 1; - comma = strchr(optarg, ','); +int process_arguments(int argc, char **argv) { + int c; + char *warning = NULL; + char *critical = NULL; + + int opt_index = 0; + static struct option long_opts[] = {{"help", no_argument, 0, 'h'}, + {"version", no_argument, 0, 'V'}, + {"verbose", no_argument, 0, 'v'}, + {"timeout", required_argument, 0, 't'}, + {"hostname", required_argument, 0, 'H'}, + {"server", required_argument, 0, 's'}, + {"reverse-server", required_argument, 0, 'r'}, + {"expected-address", required_argument, 0, 'a'}, + {"expect-nxdomain", no_argument, 0, 'n'}, + {"expect-authority", no_argument, 0, 'A'}, + {"all", no_argument, 0, 'L'}, + {"warning", required_argument, 0, 'w'}, + {"critical", required_argument, 0, 'c'}, + {0, 0, 0, 0}}; + + if (argc < 2) + return ERROR; + + for (c = 1; c < argc; c++) + if (strcmp("-to", argv[c]) == 0) + strcpy(argv[c], "-t"); + + while (1) { + c = getopt_long(argc, argv, "hVvALnt:H:s:r:a:w:c:", long_opts, &opt_index); + + if (c == -1 || c == EOF) + break; + + switch (c) { + case 'h': /* help */ + print_help(); + exit(STATE_UNKNOWN); + case 'V': /* version */ + print_revision(progname, NP_VERSION); + exit(STATE_UNKNOWN); + case 'v': /* version */ + verbose = true; + break; + case 't': /* timeout period */ + timeout_interval = atoi(optarg); + break; + case 'H': /* hostname */ + if (strlen(optarg) >= ADDRESS_LENGTH) + die(STATE_UNKNOWN, _("Input buffer overflow\n")); + strcpy(query_address, optarg); + break; + case 's': /* server name */ + /* TODO: this host_or_die check is probably unnecessary. + * Better to confirm nslookup response matches */ + host_or_die(optarg); + if (strlen(optarg) >= ADDRESS_LENGTH) + die(STATE_UNKNOWN, _("Input buffer overflow\n")); + strcpy(dns_server, optarg); + break; + case 'r': /* reverse server name */ + /* TODO: Is this host_or_die necessary? */ + host_or_die(optarg); + if (strlen(optarg) >= ADDRESS_LENGTH) + die(STATE_UNKNOWN, _("Input buffer overflow\n")); + strcpy(ptr_server, optarg); + break; + case 'a': /* expected address */ + if (strlen(optarg) >= ADDRESS_LENGTH) + die(STATE_UNKNOWN, _("Input buffer overflow\n")); + if (strchr(optarg, ',') != NULL) { + char *comma = strchr(optarg, ','); + while (comma != NULL) { + expected_address = (char **)realloc(expected_address, (expected_address_cnt + 1) * sizeof(char **)); + expected_address[expected_address_cnt] = strndup(optarg, comma - optarg); + expected_address_cnt++; + optarg = comma + 1; + comma = strchr(optarg, ','); + } + expected_address = (char **)realloc(expected_address, (expected_address_cnt + 1) * sizeof(char **)); + expected_address[expected_address_cnt] = strdup(optarg); + expected_address_cnt++; + } else { + expected_address = (char **)realloc(expected_address, (expected_address_cnt + 1) * sizeof(char **)); + expected_address[expected_address_cnt] = strdup(optarg); + expected_address_cnt++; + } + break; + case 'n': /* expect NXDOMAIN */ + expect_nxdomain = true; + break; + case 'A': /* expect authority */ + expect_authority = true; + break; + case 'L': /* all must match */ + all_match = true; + break; + case 'w': + warning = optarg; + break; + case 'c': + critical = optarg; + break; + default: /* args not parsable */ + usage5(); + } } - expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**)); - expected_address[expected_address_cnt] = strdup(optarg); - expected_address_cnt++; - } else { - expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**)); - expected_address[expected_address_cnt] = strdup(optarg); - expected_address_cnt++; - } - break; - case 'n': /* expect NXDOMAIN */ - expect_nxdomain = true; - break; - case 'A': /* expect authority */ - expect_authority = true; - break; - case 'L': /* all must match */ - all_match = true; - break; - case 'w': - warning = optarg; - break; - case 'c': - critical = optarg; - break; - default: /* args not parsable */ - usage5(); - } - } - - c = optind; - if (strlen(query_address)==0 && c=ADDRESS_LENGTH) - die (STATE_UNKNOWN, _("Input buffer overflow\n")); - strcpy (query_address, argv[c++]); - } - - if (strlen(dns_server)==0 && c= ADDRESS_LENGTH) - die (STATE_UNKNOWN, _("Input buffer overflow\n")); - strcpy (dns_server, argv[c++]); - } - - set_thresholds(&time_thresholds, warning, critical); - - return validate_arguments (); -} + c = optind; + if (strlen(query_address) == 0 && c < argc) { + if (strlen(argv[c]) >= ADDRESS_LENGTH) + die(STATE_UNKNOWN, _("Input buffer overflow\n")); + strcpy(query_address, argv[c++]); + } -int -validate_arguments () -{ - if (query_address[0] == 0) { - printf ("missing --host argument\n"); - return ERROR; - } + if (strlen(dns_server) == 0 && c < argc) { + /* TODO: See -s option */ + host_or_die(argv[c]); + if (strlen(argv[c]) >= ADDRESS_LENGTH) + die(STATE_UNKNOWN, _("Input buffer overflow\n")); + strcpy(dns_server, argv[c++]); + } - if (expected_address_cnt > 0 && expect_nxdomain) { - printf ("--expected-address and --expect-nxdomain cannot be combined\n"); - return ERROR; - } + set_thresholds(&time_thresholds, warning, critical); - return OK; + return validate_arguments(); } +int validate_arguments() { + if (query_address[0] == 0) { + printf("missing --host argument\n"); + return ERROR; + } + + if (expected_address_cnt > 0 && expect_nxdomain) { + printf("--expected-address and --expect-nxdomain cannot be combined\n"); + return ERROR; + } -void -print_help (void) -{ - print_revision (progname, NP_VERSION); - - printf ("Copyright (c) 1999 Ethan Galstad \n"); - printf (COPYRIGHT, copyright, email); - - printf ("%s\n", _("This plugin uses the nslookup program to obtain the IP address for the given host/domain query.")); - printf ("%s\n", _("An optional DNS server to use may be specified.")); - printf ("%s\n", _("If no DNS server is specified, the default server(s) specified in /etc/resolv.conf will be used.")); - - printf ("\n\n"); - - print_usage (); - - printf (UT_HELP_VRSN); - printf (UT_EXTRA_OPTS); - - printf (" -H, --hostname=HOST\n"); - printf (" %s\n", _("The name or address you want to query")); - printf (" -s, --server=HOST\n"); - printf (" %s\n", _("Optional DNS server you want to use for the lookup")); - printf (" -a, --expected-address=IP-ADDRESS|CIDR|HOST\n"); - printf (" %s\n", _("Optional IP-ADDRESS/CIDR you expect the DNS server to return. HOST must end")); - printf (" %s\n", _("with a dot (.). This option can be repeated multiple times (Returns OK if any")); - printf (" %s\n", _("value matches).")); - printf (" -n, --expect-nxdomain\n"); - printf (" %s\n", _("Expect the DNS server to return NXDOMAIN (i.e. the domain was not found)")); - printf (" %s\n", _("Cannot be used together with -a")); - printf (" -A, --expect-authority\n"); - printf (" %s\n", _("Optionally expect the DNS server to be authoritative for the lookup")); - printf (" -w, --warning=seconds\n"); - printf (" %s\n", _("Return warning if elapsed time exceeds value. Default off")); - printf (" -c, --critical=seconds\n"); - printf (" %s\n", _("Return critical if elapsed time exceeds value. Default off")); - printf (" -L, --all\n"); - printf (" %s\n", _("Return critical if the list of expected addresses does not match all addresses")); - printf (" %s\n", _("returned. Default off")); - - printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); - - printf (UT_SUPPORT); + return OK; } +void print_help(void) { + print_revision(progname, NP_VERSION); + + printf("Copyright (c) 1999 Ethan Galstad \n"); + printf(COPYRIGHT, copyright, email); + + printf("%s\n", _("This plugin uses the nslookup program to obtain the IP address for the given host/domain query.")); + printf("%s\n", _("An optional DNS server to use may be specified.")); + printf("%s\n", _("If no DNS server is specified, the default server(s) specified in /etc/resolv.conf will be used.")); + + printf("\n\n"); + + print_usage(); + + printf(UT_HELP_VRSN); + printf(UT_EXTRA_OPTS); + + printf(" -H, --hostname=HOST\n"); + printf(" %s\n", _("The name or address you want to query")); + printf(" -s, --server=HOST\n"); + printf(" %s\n", _("Optional DNS server you want to use for the lookup")); + printf(" -a, --expected-address=IP-ADDRESS|CIDR|HOST\n"); + printf(" %s\n", _("Optional IP-ADDRESS/CIDR you expect the DNS server to return. HOST must end")); + printf(" %s\n", _("with a dot (.). This option can be repeated multiple times (Returns OK if any")); + printf(" %s\n", _("value matches).")); + printf(" -n, --expect-nxdomain\n"); + printf(" %s\n", _("Expect the DNS server to return NXDOMAIN (i.e. the domain was not found)")); + printf(" %s\n", _("Cannot be used together with -a")); + printf(" -A, --expect-authority\n"); + printf(" %s\n", _("Optionally expect the DNS server to be authoritative for the lookup")); + printf(" -w, --warning=seconds\n"); + printf(" %s\n", _("Return warning if elapsed time exceeds value. Default off")); + printf(" -c, --critical=seconds\n"); + printf(" %s\n", _("Return critical if elapsed time exceeds value. Default off")); + printf(" -L, --all\n"); + printf(" %s\n", _("Return critical if the list of expected addresses does not match all addresses")); + printf(" %s\n", _("returned. Default off")); + + printf(UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); + + printf(UT_SUPPORT); +} -void -print_usage (void) -{ - printf ("%s\n", _("Usage:")); - printf ("%s -H host [-s server] [-a expected-address] [-n] [-A] [-t timeout] [-w warn] [-c crit] [-L]\n", progname); +void print_usage(void) { + printf("%s\n", _("Usage:")); + printf("%s -H host [-s server] [-a expected-address] [-n] [-A] [-t timeout] [-w warn] [-c crit] [-L]\n", progname); } -- cgit v1.2.3-74-g34f1