#!/usr/bin/perl -w

# $Id: check_ica_program_neigbourhood.pl 1097 2005-01-25 09:05:53Z stanleyhopcroft $

# Revision 1.1  2005/01/25 09:05:53  stanleyhopcroft
# New plugin to check Citrix Metaframe XP "Program Neighbourhood"
#
# Revision 1.1  2005-01-25 16:50:30+11  anwsmh
# Initial revision
#

use strict ;

use Getopt::Long;

use utils qw($TIMEOUT %ERRORS &print_revision &support);
use LWP 5.65 ;
use XML::Parser ;

my $PROGNAME = 'check_program_neigbourhood' ;
my ($debug, $xml_debug, $pn_server, $pub_apps, $app_servers, $server_farm, $usage) ;

Getopt::Long::Configure('bundling', 'no_ignore_case') ;
GetOptions
        ("V|version"     => \&version,
        "A|published_app:s"        => \$pub_apps,
        "h|help"         => \&help,
        'usage|?'        => \&usage,
        "F|server_farm=s"  => \$server_farm,
        "P|pn_server=s"  => \$pn_server,
        "S|app_server=s" => \$app_servers,
        "v|verbose"        => \$debug,
        "x|xml_debug"    => \$xml_debug,
) ;

$pn_server		|| do  {
	print "Name or IP Address of _one_ Program Neighbourhood server is required.\n" ;
	&print_usage ;
	exit $ERRORS{UNKNOWN} ;
} ;

$pub_apps		||= 'Word 2003' ;
$pub_apps =~ s/["']//g ;
my @pub_apps = split /,\s*/, $pub_apps ;

my @app_servers = split /,\s*/, $app_servers ;

@app_servers		|| do  {
	print "IP Address of _each_ Application server in the Metaframe Citrix XP server farm is required.\n" ;
	&print_usage ;
	exit $ERRORS{UNKNOWN} ;
} ;

my @non_ip_addresses = grep ! /\d+\.\d+\.\d+\.\d+/, @app_servers ;

scalar(@non_ip_addresses) && do { 
	print qq(Application servers must be specified by IP Address (not name): "@non_ip_addresses".\n) ;
	&print_usage ;
	exit $ERRORS{UNKNOWN} ;
} ;

$server_farm		|| do {
	print "Name of Citrix Metaframe XP server farm is required.\n" ;
	&print_usage ;
	exit $ERRORS{UNKNOWN} ;
} ;

my %xml_tag = () ;
my @tag_stack = () ;

my $xml_p = new XML::Parser(Handlers => {Start => \&handle_start,
					 End   => sub { pop @tag_stack },
					 Char  => \&handle_char}) ;

# values required by Metaframe XP that don't appear to matter too much

my $client_host		= 'Nagios server (http://www.Nagios.ORG)' ;
my $user_name		= 'nagios' ;
my $domain			= 'Nagios_Uber_Alles' ;

# end values  required by Metaframe XP

my $nilpotent_req	= <<'EOR' ;
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE NFuseProtocol SYSTEM "NFuse.dtd"><NFuseProtocol version="1.1">
  <RequestProtocolInfo>
    <ServerAddress addresstype="dns-port" />
  </RequestProtocolInfo>
</NFuseProtocol>
EOR

my $server_farm_req	= <<'EOR' ;
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE NFuseProtocol SYSTEM "NFuse.dtd">
<NFuseProtocol version="1.1">
  <RequestServerFarmData>
    <Nil />
  </RequestServerFarmData>
</NFuseProtocol>
EOR

my $spec_server_farm_req = <<EOR ;
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE NFuseProtocol SYSTEM "NFuse.dtd">
<NFuseProtocol version="1.1">
  <RequestAddress>
    <Name>
      <UnspecifiedName>$server_farm*</UnspecifiedName>
    </Name>
    <ClientName>$client_host</ClientName>
    <ClientAddress addresstype="dns-port" />
    <ServerAddress addresstype="dns-port" />
    <Flags />
    <Credentials>
      <UserName>$user_name</UserName>
      <Domain>$domain</Domain>
    </Credentials>
  </RequestAddress>
</NFuseProtocol>
EOR

my $app_req		= <<EOR ;
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE NFuseProtocol SYSTEM "NFuse.dtd">
<NFuseProtocol version="1.1">
  <RequestAddress>
    <Name>
      <UnspecifiedName>PUBLISHED_APP_ENCODED</UnspecifiedName>
    </Name>
    <ClientName>Nagios_Service_Check</ClientName>
    <ClientAddress addresstype="dns-port"/>
    <ServerAddress addresstype="dns-port" />
    <Flags />
    <Credentials>
      <UserName>$PROGNAME</UserName>
      <Domain>$domain</Domain>
    </Credentials>
  </RequestAddress>
</NFuseProtocol>
EOR

my $ua = LWP::UserAgent->new ;
my $req = HTTP::Request->new('POST', "http://$pn_server/scripts/WPnBr.dll") ;
   $req->content_type('text/xml') ;

my $svr ;

my @pubapp_encoded = map { my $x = $_ ; $x =~ s/(\W)/'&#' . ord($1) . ';'/eg; $x } @pub_apps ;

my $error_tag_cr = sub { ! exists($xml_tag{ErrorId}) } ;

my @app_reqs = (
	# { Content => url,				Ok => ok_condition,				Seq => \d+ }

	{ Content => $nilpotent_req,	Ok => $error_tag_cr,			Seq => 0 }, 
	{ Content => $server_farm_req,	Ok => sub {
							! exists($xml_tag{ErrorId})			&&
							exists( $xml_tag{ServerFarmName})	&&
							defined($xml_tag{ServerFarmName})	&&
							$xml_tag{ServerFarmName} eq  $server_farm
									},								Seq => 2 },
	{ Content => $nilpotent_req,	Ok => $error_tag_cr,			Seq => 4 },
	{ Content => $spec_server_farm_req,	Ok => sub {
							! exists($xml_tag{ErrorId})			&&
							exists( $xml_tag{ServerAddress})	&&
							defined($xml_tag{ServerAddress})	&&
							$xml_tag{ServerAddress} =~ /\d+\.\d+\.\d+\.\d+:\d+/
									},								Seq => 6 },
	{ Content => $nilpotent_req,	Ok => $error_tag_cr,			Seq => 8 },
	{ Content => $app_req,			Ok => sub {
							! exists($xml_tag{ErrorId})			&&
							exists( $xml_tag{ServerAddress})	&&
							defined($xml_tag{ServerAddress})	&&
							(($svr) = split(/:/, $xml_tag{ServerAddress})) &&
							defined($svr)						&&
							scalar(grep $_ eq $svr, @app_servers)
									},								Seq => 10 }
) ;

my $app_location ;

foreach my $pub_app (@pub_apps) {

	my $pubapp_enc = shift @pubapp_encoded ;
	my $app_req_tmp = $app_reqs[5]{Content} ;
	$app_reqs[5]{Content} =~ s/PUBLISHED_APP_ENCODED/$pubapp_enc/ ;

	foreach (@app_reqs) {

		$req->content($_->{Content}) ;

		$debug			&& print STDERR "App: $pub_app Seq: $_->{Seq}\n", $req->as_string, "\n" ;

		my $resp = $ua->request($req) ;

		$debug			&& print STDERR "App: $pub_app Seq: ", $_->{Seq} + 1, "\n", $resp->as_string, "\n" ;

		$resp->is_error	&& do {
			my $err = $resp->as_string ;
			$err =~ s/\n//g ;
			&outahere(qq(Failed. HTTP error finding $pub_app at seq $_->{Seq}: "$err")) ;
        } ;
		my $xml = $resp->content ;

		my $xml_disp ;
		   ($xml_disp = $xml) =~ s/\n//g ;
		   $xml_disp =~ s/ \s+/ /g ;

		&outahere($resp->as_string)
		unless $xml ;

		my ($xml_ok, $whine) = &valid_xml($xml_p, $xml) ;

		$xml_ok			|| &outahere(qq(Failed. Bad XML finding $pub_app at eq $_->{Seq} in "$xml_disp".)) ;

		&{$_->{Ok}}		|| &outahere(qq(Failed. \"\&\$_->{Ok}\" false finding $pub_app at seq $_->{Seq} in "$xml_disp".)) ;

							# Ugly but alternative is $_->{Ok}->().
							# eval $_->{Ok} where $_->{Ok} is an
							# expression returning a bool is possible. but
							# sub { } prevent recompilation.

	}

	$app_reqs[5]{Content} = $app_req_tmp ;

	$app_location .= qq("$pub_app" => $svr, ) ;

}

substr($app_location, -2, 2) = '' ; 
print qq(Ok. Citrix XML service located all published apps $app_location.\n) ;
exit $ERRORS{'OK'} ;

sub outahere {
	print "Citrix XML service $_[0]\n" ;
	exit $ERRORS{CRITICAL} ;
}

sub valid_xml {
	my ($p, $input) = @_ ;

	%xml_tag   = () ;
	@tag_stack = () ;

	eval {
	$p->parse($input)
	} ;

	return (0, qq(XML::Parser->parse failed: Bad XML in "$input".!))
		if $@ ;

	if ( $xml_debug ) {
	print STDERR pack('A4 A30 A40', ' ', $_, qq(-> "$xml_tag{$_}")), "\n"
		foreach (keys %xml_tag)
	}

	return (1, 'valid xml')

}


sub handle_start {
	push @tag_stack, $_[1] ;

	$xml_debug		&& print STDERR pack('A8 A30 A40', ' ', 'handle_start - tag', " -> '$_[1]'"), "\n" ;
	$xml_debug 		&& print STDERR pack('A8 A30 A60', ' ', 'handle_start - @tag_stack', " -> (@tag_stack)"), "\n" ;
}

sub handle_char {
	my $text = $_[1] ;

	!($text =~ /\S/  || $text =~ /^[ \t]$/)       && return ;

	$text =~ s/\n//g ;

	my $tag = $tag_stack[-1] ;

	$xml_debug 		&& print STDERR pack('A8 A30 A30', ' ', 'handle_char - tag', " -> '$tag'"), "\n" ;
	$xml_debug 		&& print STDERR pack('A8 A30 A40', ' ', 'handle_char - text', " -> '$text'"), "\n" ;

	$xml_tag{$tag} .= $text ;

}


sub print_help() {

#          1        2         3         4         5         6         7         8
#12345678901234567890123456789012345678901234567890123456789012345678901234567890

	print_revision($PROGNAME,'$Revision: 1097 $ ');

my $help = <<EOHELP ;
Copyright (c) 2004 Karl DeBisschop/S Hopcroft

$PROGNAME -P <pn_server> -S <svr1,svr2,..> -A <app1,app2,..>
          -F <Farm> [-v -x -h -V]

Check the Citrix Metaframe XP service by completing an HTTP dialogue with a Program
Neigbourhood server (pn_server) that returns an ICA server in the named Server farm
hosting the specified applications (an ICA server in a farm which runs some MS app).
EOHELP

	print $help ;
	print "\n";
	print "\n";
	print_usage();
	print "\n";
	support();
}

sub print_usage () {

#          1        2         3         4         5         6         7         8
#12345678901234567890123456789012345678901234567890123456789012345678901234567890

my $usage = <<EOUSAGE ;
$PROGNAME
[-P | --pn_server] The name or address of the Citrix Metaframe XP
                   Program Neigbourhood server (required).
[-A | --pub_apps] The name or names of an application published by the
                  server farm (default 'Word 2003').
[-F | --server_farm] The name of a Citrix Metaframe XP server farm. (required)
[-S | --app_servers] The _IP addresses_ of _all_ of the Farms ICA servers expected
                     to host the published application.
                     Enter as a comma separated string eg 'Srv1, Svr2, ..,Srvn'.
                     Since the PN servers round-robin the app servers to the clients,
                     _all_ the server farm addresses must be specified or the check
                     will fail (required).
[-v | --verbose]
[-h | --help]
[-x | --xml_debug]
[-V | --version]
EOUSAGE

	print $usage ;

}

sub usage {
	&print_usage ;
	exit $ERRORS{'OK'} ;
}

sub version () {
	print_revision($PROGNAME,'$Revision: 1097 $ ');
	exit $ERRORS{'OK'};
}

sub help () {
	print_help();
	exit $ERRORS{'OK'};
}

=begin comment

This is the set of requests and responses transmitted between a Citrix Metaframe XP Program Neigbourhood (PN) client and a PN server.

This dialogue was captured by and reconstructed from tcpdump.

Citrix are not well known for documenting their protocols although the DTD may be informative. Note that the pair(s) 0 and 1, 4 and 5, ...
do not appear to do anything.

req 0
POST /scripts/WPnBr.dll HTTP/1.1
Content-type: text/xml
Host: 10.1.2.2:80
Content-Length: 220
Connection: Keep-Alive


<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE NFuseProtocol SYSTEM "NFuse.dtd">
<NFuseProtocol version="1.1"><RequestProtocolInfo><ServerAddress addresstype="dns-port" /></RequestProtocolInfo></NFuseProtocol>

HTTP/1.1 100 Continue
Server: Citrix Web PN Server
Date: Thu, 30 Sep 2004 00:12:40 GMT


resp 1
HTTP/1.1 200 OK
Server: Citrix Web PN Server
Date: Thu, 30 Sep 2004 00:12:40 GMT
Content-type: text/xml
Content-length: 253


<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE NFuseProtocol SYSTEM "NFuse.dtd">
<NFuseProtocol version="1.1">
    <ResponseProtocolInfo>
      <ServerAddress addresstype="no-change"></ServerAddress>
    </ResponseProtocolInfo>
</NFuseProtocol>

req 2
POST /scripts/WPnBr.dll HTTP/1.1
Content-type: text/xml
Host: 10.1.2.2:80
Content-Length: 191
Connection: Keep-Alive


<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE NFuseProtocol SYSTEM "NFuse.dtd">
<NFuseProtocol version="1.1"><RequestServerFarmData><Nil /></RequestServerFarmData></NFuseProtocol>

HTTP/1.1 100 Continue
Server: Citrix Web PN Server
Date: Thu, 30 Sep 2004 00:12:40 GMT


resp 3
HTTP/1.1 200 OK
Server: Citrix Web PN Server
Date: Thu, 30 Sep 2004 00:12:40 GMT
Content-type: text/xml
Content-length: 293


<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE NFuseProtocol SYSTEM "NFuse.dtd">
<NFuseProtocol version="1.1">
    <ResponseServerFarmData>
      <ServerFarmData>
        <ServerFarmName>FOOFARM01</ServerFarmName>
      </ServerFarmData>
    </ResponseServerFarmData>
</NFuseProtocol>

req 4
POST /scripts/WPnBr.dll HTTP/1.1
Content-type: text/xml
Host: 10.1.2.2:80
Content-Length: 220
Connection: Keep-Alive


<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE NFuseProtocol SYSTEM "NFuse.dtd">
<NFuseProtocol version="1.1"><RequestProtocolInfo><ServerAddress addresstype="dns-port" /></RequestProtocolInfo></NFuseProtocol>

HTTP/1.1 100 Continue
Server: Citrix Web PN Server
Date: Thu, 30 Sep 2004 00:12:55 GMT


resp 5
HTTP/1.1 200 OK
Server: Citrix Web PN Server
Date: Thu, 30 Sep 2004 00:12:55 GMT
Content-type: text/xml
Content-length: 253


<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE NFuseProtocol SYSTEM "NFuse.dtd">
<NFuseProtocol version="1.1">
    <ResponseProtocolInfo>
      <ServerAddress addresstype="no-change"></ServerAddress>
    </ResponseProtocolInfo>
</NFuseProtocol>

req 6
POST /scripts/WPnBr.dll HTTP/1.1
Content-type: text/xml
Host: 10.1.2.2:80
Content-Length: 442
Connection: Keep-Alive


<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE NFuseProtocol SYSTEM "NFuse.dtd">
<NFuseProtocol version="1.1">
<RequestAddress><Name>i
  <UnspecifiedName>FOOFARM01*</UnspecifiedName>
  </Name><ClientName>WS09535</ClientName>
  <ClientAddress addresstype="dns-port" />
  <ServerAddress addresstype="dns-port" />
  <Flags />
  <Credentials>
    <UserName>foo-user</UserName>
    <Domain>some-domain</Domain>
  </Credentials>
</RequestAddress></NFuseProtocol>

HTTP/1.1 100 Continue
Server: Citrix Web PN Server
Date: Thu, 30 Sep 2004 00:12:56 GMT


resp 7
HTTP/1.1 200 OK
Server: Citrix Web PN Server
Date: Thu, 30 Sep 2004 00:12:56 GMT
Content-type: text/xml
Content-length: 507


<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE NFuseProtocol SYSTEM "NFuse.dtd">
<NFuseProtocol version="1.1">
    <ResponseAddress>
      <ServerAddress addresstype="dot-port">10.1.2.2:1494</ServerAddress>
      <ServerType>win32</ServerType>
      <ConnectionType>tcp</ConnectionType>
      <ClientType>ica30</ClientType>
      <TicketTag>10.1.2.2</TicketTag>
      <SSLRelayAddress addresstype="dns-port">ica_svr01.some.domain:443</SSLRelayAddress>
    </ResponseAddress>
</NFuseProtocol>

req 8
POST /scripts/WPnBr.dll HTTP/1.1
Content-type: text/xml
Host: 10.1.2.2:80
Content-Length: 220
Connection: Keep-Alive


<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE NFuseProtocol SYSTEM "NFuse.dtd">
<NFuseProtocol version="1.1"><RequestProtocolInfo><ServerAddress addresstype="dns-port" /></RequestProtocolInfo></NFuseProtocol>

HTTP/1.1 100 Continue
Server: Citrix Web PN Server
Date: Thu, 30 Sep 2004 00:13:29 GMT


resp 9
HTTP/1.1 200 OK
Server: Citrix Web PN Server
Date: Thu, 30 Sep 2004 00:13:29 GMT
Content-type: text/xml
Content-length: 253


<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE NFuseProtocol SYSTEM "NFuse.dtd">
<NFuseProtocol version="1.1">
    <ResponseProtocolInfo>
      <ServerAddress addresstype="no-change"></ServerAddress>
    </ResponseProtocolInfo>
</NFuseProtocol>

req 10
POST /scripts/WPnBr.dll HTTP/1.1
Content-type: text/xml
Host: 10.1.2.2:80
Content-Length: 446
Connection: Keep-Alive


<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE NFuseProtocol SYSTEM "NFuse.dtd">
<NFuseProtocol version="1.1">
<RequestAddress>i
  <Name>
    <UnspecifiedName>EXCEL#32;2003</UnspecifiedName>
  </Name>
  <ClientName>WS09535</ClientName>
  <ClientAddress addresstype="dns-port" />
  <ServerAddress addresstype="dns-port" />
  <Flags />
    <Credentials><UserName>foo-user</UserName>
      <Domain>some-domain</Domain>
    </Credentials>
</RequestAddress>i
</NFuseProtocol>

HTTP/1.1 100 Continue
Server: Citrix Web PN Server
Date: Thu, 30 Sep 2004 00:13:29 GMT


resp 11
HTTP/1.1 200 OK
Server: Citrix Web PN Server
Date: Thu, 30 Sep 2004 00:13:29 GMT
Content-type: text/xml
Content-length: 509


<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE NFuseProtocol SYSTEM "NFuse.dtd">
<NFuseProtocol version="1.1">
    <ResponseAddress>
      <ServerAddress addresstype="dot-port">10.1.2.14:1494</ServerAddress>
      <ServerType>win32</ServerType>
      <ConnectionType>tcp</ConnectionType>
      <ClientType>ica30</ClientType>
      <TicketTag>10.1.2.14</TicketTag>
      <SSLRelayAddress addresstype="dns-port">ica_svr02.some.domain:443</SSLRelayAddress>
    </ResponseAddress>
</NFuseProtocol>

** One sees this XML on an error (there may well be other error XML also, but I haven't seen it) **

<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE NFuseProtocol SYSTEM "NFuse.dtd">
<NFuseProtocol version="1.1">
    <ResponseAddress>
      <ErrorId>unspecified</ErrorId>
      <BrowserError>0x0000000E</BrowserError>
    </ResponseAddress>
</NFuseProtocol>


=end comment

=cut


# You never know when you may be embedded ...