From 455fdc1072b85e7d05783546d9e99ed2e61716de Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Sun, 10 Apr 2022 16:31:47 +0200 Subject: check_http: added option --continue-after-certificate (#1761) diff --git a/plugins/check_http.c b/plugins/check_http.c index df2a79c..f8ec853 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c @@ -58,6 +58,7 @@ enum { #ifdef HAVE_SSL int check_cert = FALSE; +int continue_after_check_cert = FALSE; int ssl_version = 0; int days_till_exp_warn, days_till_exp_crit; char *randbuff; @@ -205,7 +206,8 @@ process_arguments (int argc, char **argv) enum { INVERT_REGEX = CHAR_MAX + 1, SNI_OPTION, - MAX_REDIRS_OPTION + MAX_REDIRS_OPTION, + CONTINUE_AFTER_CHECK_CERT }; int option = 0; @@ -233,6 +235,7 @@ process_arguments (int argc, char **argv) {"certificate", required_argument, 0, 'C'}, {"client-cert", required_argument, 0, 'J'}, {"private-key", required_argument, 0, 'K'}, + {"continue-after-certificate", no_argument, 0, CONTINUE_AFTER_CHECK_CERT}, {"useragent", required_argument, 0, 'A'}, {"header", required_argument, 0, 'k'}, {"no-body", no_argument, 0, 'N'}, @@ -332,6 +335,11 @@ process_arguments (int argc, char **argv) check_cert = TRUE; goto enable_ssl; #endif + case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */ +#ifdef HAVE_SSL + continue_after_check_cert = TRUE; + break; +#endif case 'J': /* use client certificate */ #ifdef HAVE_SSL test_file(optarg); @@ -981,9 +989,11 @@ check_http (void) elapsed_time_ssl = (double)microsec_ssl / 1.0e6; if (check_cert == TRUE) { result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); - if (sd) close(sd); - np_net_ssl_cleanup(); - return result; + if (continue_after_check_cert == FALSE) { + if (sd) close(sd); + np_net_ssl_cleanup(); + return result; + } } } #endif /* HAVE_SSL */ @@ -1608,7 +1618,11 @@ print_help (void) printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); - printf (" %s\n", _("(when this option is used the URL is not checked.)")); + printf (" %s\n", _("(when this option is used the URL is not checked by default. You can use")); + printf (" %s\n", _(" --continue-after-certificate to override this behavior)")); + printf (" %s\n", "--continue-after-certificate"); + printf (" %s\n", _("Allows the HTTP check to continue after performing the certificate check.")); + printf (" %s\n", _("Does nothing unless -C is used.")); printf (" %s\n", "-J, --client-cert=FILE"); printf (" %s\n", _("Name of file that contains the client certificate (PEM format)")); printf (" %s\n", _("to be used in establishing the SSL session")); -- cgit v0.10-9-g596f From a96bdd7349926f2f18aba07db02c5ed472f4caf6 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Sun, 10 Apr 2022 16:31:53 +0200 Subject: check_curl: added option --continue-after-certificate (#1761) diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 7da84de..a69854a 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -193,6 +193,7 @@ int followsticky = STICKY_NONE; int use_ssl = FALSE; int use_sni = TRUE; int check_cert = FALSE; +int continue_after_check_cert = FALSE; typedef union { struct curl_slist* to_info; struct curl_certinfo* to_certinfo; @@ -754,7 +755,9 @@ check_http (void) * and we actually have OpenSSL in the monitoring tools */ result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); - return result; + if (continue_after_check_cert == FALSE) { + return result; + } #else /* USE_OPENSSL */ die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n"); #endif /* USE_OPENSSL */ @@ -794,13 +797,17 @@ GOT_FIRST_CERT: } BIO_free (cert_BIO); result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); - return result; + if (continue_after_check_cert == FALSE) { + return result; + } #else /* USE_OPENSSL */ /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal, * so we use the libcurl CURLINFO data */ result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit); - return result; + if (continue_after_check_cert == FALSE) { + return result; + } #endif /* USE_OPENSSL */ } else { snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates - cURL returned %d - %s"), @@ -1211,6 +1218,7 @@ process_arguments (int argc, char **argv) INVERT_REGEX = CHAR_MAX + 1, SNI_OPTION, MAX_REDIRS_OPTION, + CONTINUE_AFTER_CHECK_CERT, CA_CERT_OPTION, HTTP_VERSION_OPTION, AUTOMATIC_DECOMPRESSION @@ -1244,6 +1252,7 @@ process_arguments (int argc, char **argv) {"private-key", required_argument, 0, 'K'}, {"ca-cert", required_argument, 0, CA_CERT_OPTION}, {"verify-cert", no_argument, 0, 'D'}, + {"continue-after-certificate", no_argument, 0, CONTINUE_AFTER_CHECK_CERT}, {"useragent", required_argument, 0, 'A'}, {"header", required_argument, 0, 'k'}, {"no-body", no_argument, 0, 'N'}, @@ -1403,6 +1412,11 @@ process_arguments (int argc, char **argv) check_cert = TRUE; goto enable_ssl; #endif + case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */ +#ifdef HAVE_SSL + continue_after_check_cert = TRUE; + break; +#endif case 'J': /* use client certificate */ #ifdef LIBCURL_FEATURE_SSL test_file(optarg); @@ -1800,7 +1814,11 @@ print_help (void) #endif printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); - printf (" %s\n", _("(when this option is used the URL is not checked.)")); + printf (" %s\n", _("(when this option is used the URL is not checked by default. You can use")); + printf (" %s\n", _(" --continue-after-certificate to override this behavior)")); + printf (" %s\n", "--continue-after-certificate"); + printf (" %s\n", _("Allows the HTTP check to continue after performing the certificate check.")); + printf (" %s\n", _("Does nothing unless -C is used.")); printf (" %s\n", "-J, --client-cert=FILE"); printf (" %s\n", _("Name of file that contains the client certificate (PEM format)")); printf (" %s\n", _("to be used in establishing the SSL session")); -- cgit v0.10-9-g596f From d63bb62e5d47d02e9cfd7bcfc25ef5a700fbe6d2 Mon Sep 17 00:00:00 2001 From: CDMIUB Date: Sat, 18 Jun 2022 09:15:58 +0200 Subject: Cdmiub (#1770) * added timout option to check_disk_smb diff --git a/plugins-scripts/check_disk_smb.pl b/plugins-scripts/check_disk_smb.pl old mode 100755 new mode 100644 index ad71e6a..15d1634 --- a/plugins-scripts/check_disk_smb.pl +++ b/plugins-scripts/check_disk_smb.pl @@ -22,7 +22,7 @@ require 5.004; use POSIX qw(setsid); use strict; use Getopt::Long; -use vars qw($opt_P $opt_V $opt_h $opt_H $opt_s $opt_W $opt_u $opt_p $opt_w $opt_c $opt_a $opt_C $verbose); +use vars qw($opt_P $opt_V $opt_h $opt_H $opt_s $opt_W $opt_u $opt_p $opt_w $opt_c $opt_a $opt_C $opt_t $verbose); use vars qw($PROGNAME); use FindBin; use lib "$FindBin::Bin"; @@ -43,6 +43,7 @@ $ENV{'ENV'}=''; Getopt::Long::Configure('bundling'); GetOptions ("v" => \$verbose, "verbose" => \$verbose, + "t=i" => \$opt_t, "timeout=i" => \$opt_t, "P=s" => \$opt_P, "port=s" => \$opt_P, "V" => \$opt_V, "version" => \$opt_V, "h" => \$opt_h, "help" => \$opt_h, @@ -96,6 +97,8 @@ my $crit = $1 if ($opt_c =~ /^([0-9]{1,2}\%?|100\%?|[0-9]+[kMG])$/); my $configfile = $opt_C if ($opt_C); usage("Unable to read config file $configfile\n") if ($configfile) && (! -r $configfile); +if ($opt_t && $opt_t =~ /^([0-9]+)$/) { $TIMEOUT = $1; } + # Execute the given command line and return anything it writes to STDOUT and/or # STDERR. (This might be useful for other plugins, too, so it should possibly # be moved to utils.pm.) @@ -298,7 +301,8 @@ exit $ERRORS{$state}; sub print_usage () { print "Usage: $PROGNAME -H -s -u -p - -w -c [-W ] [-P ] [-a ] [-C ]\n"; + -w -c [-W ] [-P ] [-a ] [-t timeout] + [-C ]\n"; } sub print_help () { @@ -326,6 +330,8 @@ Perl Check SMB Disk plugin for monitoring Percent of used space at which a warning will be generated (Default: 85%) -c, --critical=INTEGER or INTEGER[kMG] Percent of used space at which a critical will be generated (Defaults: 95%) +-t, --timeout=INTEGER + Seconds before connection times out (Default: 15) -P, --port=INTEGER Port to be used to connect to. Some Windows boxes use 139, others 445 (Defaults to smbclient default) -C, --configfile=STRING -- cgit v0.10-9-g596f From 175e43133c9dbeb156e52b8e54cd04e44401f424 Mon Sep 17 00:00:00 2001 From: Lorenz <12514511+RincewindsHat@users.noreply.github.com> Date: Sun, 3 Jul 2022 15:57:55 +0200 Subject: Update CodeQL and update runner before installing (#1775) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 9de367e..afe6ab4 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -53,6 +53,7 @@ jobs: - name: Install packages run: | + sudo apt update sudo apt-get install -y --no-install-recommends m4 gettext automake autoconf make build-essential sudo apt-get install -y --no-install-recommends perl autotools-dev libdbi-dev libldap2-dev libpq-dev \ libmysqlclient-dev libradcli-dev libkrb5-dev libdbi0-dev \ @@ -62,10 +63,10 @@ jobs: run: | ./tools/setup ./configure --enable-libtap - + - name: Build run: | make - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v2 -- cgit v0.10-9-g596f