1 /******************************************************************************
2 *
3 * This file is part of the Nagios Plugins.
4 *
5 * Copyright (c) 1999 Ethan Galstad <nagios@nagios.org>
6 *
7 * The Nagios Plugins are free software; you can redistribute them
8 * and/or modify them under the terms of the GNU General Public
9 * License as published by the Free Software Foundation; either
10 * version 2 of the License, or (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 *
21 * $Id$
22 *
23 *****************************************************************************/
25 #define PROGRAM check_tcp
26 #define REVISION "$Revision$"
27 #define DESCRIPTION "Check a TCP port"
28 #define AUTHOR "Ethan Galstad"
29 #define EMAIL "nagios@nagios.org"
30 #define COPYRIGHTDATE "2002"
32 #include "config.h"
33 #include "common.h"
34 #include "netutils.h"
35 #include "utils.h"
37 #ifdef HAVE_SSL_H
38 #include <rsa.h>
39 #include <crypto.h>
40 #include <x509.h>
41 #include <pem.h>
42 #include <ssl.h>
43 #include <err.h>
44 #endif
46 #ifdef HAVE_OPENSSL_SSL_H
47 #include <openssl/rsa.h>
48 #include <openssl/crypto.h>
49 #include <openssl/x509.h>
50 #include <openssl/pem.h>
51 #include <openssl/ssl.h>
52 #include <openssl/err.h>
53 #endif
55 #ifdef HAVE_SSL
56 SSL_CTX *ctx;
57 SSL *ssl;
58 int connect_SSL (void);
59 #endif
61 #define TCP_PROTOCOL 1
62 #define UDP_PROTOCOL 2
64 int process_arguments (int, char **);
65 void print_usage (void);
66 void print_help (void);
68 char *PROGNAME = NULL;
69 char *SERVICE = NULL;
70 char *SEND = NULL;
71 char *EXPECT = NULL;
72 char *QUIT = NULL;
73 int PROTOCOL = 0;
74 int PORT = 0;
76 int server_port = 0;
77 char *server_address = NULL;
78 char *server_send = NULL;
79 char *server_quit = NULL;
80 char **server_expect = NULL;
81 int server_expect_count = 0;
82 char **warn_codes = NULL;
83 int warn_codes_count = 0;
84 char **crit_codes = NULL;
85 int crit_codes_count = 0;
86 int delay = 0;
87 double warning_time = 0;
88 int check_warning_time = FALSE;
89 double critical_time = 0;
90 int check_critical_time = FALSE;
91 double elapsed_time = 0;
92 int verbose = FALSE;
93 int use_ssl = FALSE;
94 int sd;
96 int
97 main (int argc, char **argv)
98 {
99 int result;
100 int i;
101 char buffer[MAX_INPUT_BUFFER] = "";
102 char *status = "";
103 struct timeval tv;
105 if (strstr (argv[0], "check_udp")) {
106 PROGNAME = strscpy (PROGNAME, "check_udp");
107 SERVICE = strscpy (SERVICE, "UDP");
108 SEND = NULL;
109 EXPECT = NULL;
110 QUIT = NULL;
111 PROTOCOL = UDP_PROTOCOL;
112 PORT = 0;
113 }
114 else if (strstr (argv[0], "check_tcp")) {
115 PROGNAME = strscpy (PROGNAME, "check_tcp");
116 SERVICE = strscpy (SERVICE, "TCP");
117 SEND = NULL;
118 EXPECT = NULL;
119 QUIT = NULL;
120 PROTOCOL = TCP_PROTOCOL;
121 PORT = 0;
122 }
123 else if (strstr (argv[0], "check_ftp")) {
124 PROGNAME = strscpy (PROGNAME, "check_ftp");
125 SERVICE = strscpy (SERVICE, "FTP");
126 SEND = NULL;
127 EXPECT = strscpy (EXPECT, "220");
128 QUIT = strscpy (QUIT, "QUIT\r\n");
129 PROTOCOL = TCP_PROTOCOL;
130 PORT = 21;
131 }
132 else if (strstr (argv[0], "check_smtp")) {
133 PROGNAME = strscpy (PROGNAME, "check_smtp");
134 SERVICE = strscpy (SERVICE, "SMTP");
135 SEND = NULL;
136 EXPECT = strscpy (EXPECT, "220");
137 QUIT = strscpy (QUIT, "QUIT\r\n");
138 PROTOCOL = TCP_PROTOCOL;
139 PORT = 25;
140 }
141 else if (strstr (argv[0], "check_pop")) {
142 PROGNAME = strscpy (PROGNAME, "check_pop");
143 SERVICE = strscpy (SERVICE, "POP");
144 SEND = NULL;
145 EXPECT = strscpy (EXPECT, "110");
146 QUIT = strscpy (QUIT, "QUIT\r\n");
147 PROTOCOL = TCP_PROTOCOL;
148 PORT = 110;
149 }
150 else if (strstr (argv[0], "check_imap")) {
151 PROGNAME = strscpy (PROGNAME, "check_imap");
152 SERVICE = strscpy (SERVICE, "IMAP");
153 SEND = NULL;
154 EXPECT = strscpy (EXPECT, "* OK");
155 QUIT = strscpy (QUIT, "a1 LOGOUT\r\n");
156 PROTOCOL = TCP_PROTOCOL;
157 PORT = 143;
158 }
159 #ifdef HAVE_SSL
160 else if (strstr(argv[0],"check_simap")) {
161 PROGNAME=strscpy(PROGNAME,"check_simap");
162 SERVICE=strscpy(SERVICE,"SIMAP");
163 SEND=NULL;
164 EXPECT=strscpy(EXPECT,"* OK");
165 QUIT=strscpy(QUIT,"a1 LOGOUT\r\n");
166 PROTOCOL=TCP_PROTOCOL;
167 use_ssl=TRUE;
168 PORT=993;
169 }
170 else if (strstr(argv[0],"check_spop")) {
171 PROGNAME=strscpy(PROGNAME,"check_spop");
172 SERVICE=strscpy(SERVICE,"SPOP");
173 SEND=NULL;
174 EXPECT=strscpy(EXPECT,"110");
175 QUIT=strscpy(QUIT,"QUIT\r\n");
176 PROTOCOL=TCP_PROTOCOL;
177 use_ssl=TRUE;
178 PORT=995;
179 }
180 #endif
181 else if (strstr (argv[0], "check_nntp")) {
182 PROGNAME = strscpy (PROGNAME, "check_nntp");
183 SERVICE = strscpy (SERVICE, "NNTP");
184 SEND = NULL;
185 EXPECT = NULL;
186 server_expect = realloc (server_expect, ++server_expect_count);
187 server_expect[server_expect_count - 1] = strscpy (EXPECT, "200");
188 server_expect = realloc (server_expect, ++server_expect_count);
189 server_expect[server_expect_count - 1] = strscpy (NULL, "201");
190 QUIT = strscpy (QUIT, "QUIT\r\n");
191 PROTOCOL = TCP_PROTOCOL;
192 PORT = 119;
193 }
194 else {
195 usage ("ERROR: Generic check_tcp called with unknown service\n");
196 }
198 server_address = strscpy (NULL, "127.0.0.1");
199 server_port = PORT;
200 server_send = SEND;
201 server_quit = QUIT;
203 if (process_arguments (argc, argv) == ERROR)
204 usage ("Could not parse arguments\n");
206 /* use default expect if none listed in process_arguments() */
207 if (EXPECT && server_expect_count == 0) {
208 server_expect = malloc (1);
209 server_expect[server_expect_count - 1] = EXPECT;
210 }
212 /* initialize alarm signal handling */
213 signal (SIGALRM, socket_timeout_alarm_handler);
215 /* set socket timeout */
216 alarm (socket_timeout);
218 /* try to connect to the host at the given port number */
219 gettimeofday (&tv, NULL);
220 #ifdef HAVE_SSL
221 if (use_ssl)
222 result = connect_SSL ();
223 else
224 #endif
225 {
226 if (PROTOCOL == UDP_PROTOCOL)
227 result = my_udp_connect (server_address, server_port, &sd);
228 else /* default is TCP */
229 result = my_tcp_connect (server_address, server_port, &sd);
230 }
232 if (result == STATE_CRITICAL)
233 return STATE_CRITICAL;
235 if (server_send != NULL) { /* Something to send? */
236 asprintf (&server_send, "%s\r\n", server_send);
237 #ifdef HAVE_SSL
238 if (use_ssl)
239 SSL_write(ssl, server_send, strlen (server_send));
240 else
241 #endif
242 send (sd, server_send, strlen (server_send), 0);
243 }
245 if (delay > 0) {
246 tv.tv_sec += delay;
247 sleep (delay);
248 }
250 if (server_send || server_expect_count > 0) {
252 /* watch for the expect string */
253 #ifdef HAVE_SSL
254 if (use_ssl && SSL_read (ssl, buffer, MAX_INPUT_BUFFER - 1)>=0)
255 asprintf (&status, "%s%s", status, buffer);
256 else
257 #endif
258 {
259 if (recv (sd, buffer, MAX_INPUT_BUFFER - 1, 0) >= 0)
260 asprintf (&status, "%s%s", status, buffer);
261 }
262 strip (status);
264 /* return a CRITICAL status if we couldn't read any data */
265 if (status == NULL)
266 terminate (STATE_CRITICAL, "No data received from host\n");
268 if (status && verbose)
269 printf ("%s\n", status);
271 if (server_expect_count > 0) {
272 for (i = 0;; i++) {
273 if (verbose)
274 printf ("%d %d\n", i, server_expect_count);
275 if (i >= server_expect_count)
276 terminate (STATE_WARNING, "Invalid response from host\n");
277 if (strstr (status, server_expect[i]))
278 break;
279 }
280 }
281 }
283 if (server_quit)
284 #ifdef HAVE_SSL
285 if (use_ssl) {
286 SSL_write (ssl, QUIT, strlen (QUIT));
287 SSL_shutdown (ssl);
288 SSL_free (ssl);
289 SSL_CTX_free (ctx);
290 }
291 else
292 #endif
293 send (sd, server_quit, strlen (server_quit), 0);
295 /* close the connection */
296 close (sd);
298 elapsed_time = delta_time (tv);
300 if (check_critical_time == TRUE && elapsed_time > critical_time)
301 result = STATE_CRITICAL;
302 else if (check_warning_time == TRUE && elapsed_time > warning_time)
303 result = STATE_WARNING;
305 /* reset the alarm */
306 alarm (0);
308 printf
309 ("%s %s - %7.3f second response time on port %d",
310 SERVICE,
311 state_text (result), elapsed_time, server_port);
313 if (strlen (status))
314 printf (" [%s]", status);
316 printf ("|time=%7.3f\n", elapsed_time);
318 return result;
319 }
327 /* process command-line arguments */
328 int
329 process_arguments (int argc, char **argv)
330 {
331 int c;
333 #ifdef HAVE_GETOPT_H
334 int option_index = 0;
335 static struct option long_options[] = {
336 {"hostname", required_argument, 0, 'H'},
337 {"critical-time", required_argument, 0, 'c'},
338 {"warning-time", required_argument, 0, 'w'},
339 {"critical-codes", required_argument, 0, 'C'},
340 {"warning-codes", required_argument, 0, 'W'},
341 {"timeout", required_argument, 0, 't'},
342 {"protocol", required_argument, 0, 'P'},
343 {"port", required_argument, 0, 'p'},
344 {"send", required_argument, 0, 's'},
345 {"expect", required_argument, 0, 'e'},
346 {"quit", required_argument, 0, 'q'},
347 {"delay", required_argument, 0, 'd'},
348 {"verbose", no_argument, 0, 'v'},
349 {"version", no_argument, 0, 'V'},
350 {"help", no_argument, 0, 'h'},
351 {0, 0, 0, 0}
352 };
353 #endif
355 if (argc < 2)
356 usage ("No arguments found\n");
358 /* backwards compatibility */
359 for (c = 1; c < argc; c++) {
360 if (strcmp ("-to", argv[c]) == 0)
361 strcpy (argv[c], "-t");
362 else if (strcmp ("-wt", argv[c]) == 0)
363 strcpy (argv[c], "-w");
364 else if (strcmp ("-ct", argv[c]) == 0)
365 strcpy (argv[c], "-c");
366 }
368 if (!is_option (argv[1])) {
369 server_address = argv[1];
370 argv[1] = argv[0];
371 argv = &argv[1];
372 argc--;
373 }
375 while (1) {
376 #ifdef HAVE_GETOPT_H
377 c =
378 getopt_long (argc, argv, "+hVvH:s:e:q:c:w:t:p:C:W:d:S", long_options,
379 &option_index);
380 #else
381 c = getopt (argc, argv, "+hVvH:s:e:q:c:w:t:p:C:W:d:S");
382 #endif
384 if (c == -1 || c == EOF || c == 1)
385 break;
387 switch (c) {
388 case '?': /* print short usage statement if args not parsable */
389 printf ("%s: Unknown argument: %s\n\n", my_basename (argv[0]), optarg);
390 print_usage ();
391 exit (STATE_UNKNOWN);
392 case 'h': /* help */
393 print_help ();
394 exit (STATE_OK);
395 case 'V': /* version */
396 print_revision (PROGNAME, "$Revision$");
397 exit (STATE_OK);
398 case 'v': /* verbose mode */
399 verbose = TRUE;
400 break;
401 case 'H': /* hostname */
402 if (is_host (optarg) == FALSE)
403 usage ("Invalid host name/address\n");
404 server_address = optarg;
405 break;
406 case 'c': /* critical */
407 if (!is_intnonneg (optarg))
408 usage ("Critical threshold must be a nonnegative integer\n");
409 critical_time = strtod (optarg, NULL);
410 check_critical_time = TRUE;
411 break;
412 case 'w': /* warning */
413 if (!is_intnonneg (optarg))
414 usage ("Warning threshold must be a nonnegative integer\n");
415 warning_time = strtod (optarg, NULL);
416 check_warning_time = TRUE;
417 break;
418 case 'C':
419 crit_codes = realloc (crit_codes, ++crit_codes_count);
420 crit_codes[crit_codes_count - 1] = optarg;
421 break;
422 case 'W':
423 warn_codes = realloc (warn_codes, ++warn_codes_count);
424 warn_codes[warn_codes_count - 1] = optarg;
425 break;
426 case 't': /* timeout */
427 if (!is_intpos (optarg))
428 usage ("Timeout interval must be a positive integer\n");
429 socket_timeout = atoi (optarg);
430 break;
431 case 'p': /* port */
432 if (!is_intpos (optarg))
433 usage ("Server port must be a positive integer\n");
434 server_port = atoi (optarg);
435 break;
436 case 's':
437 server_send = optarg;
438 break;
439 case 'e': /* expect string (may be repeated) */
440 EXPECT = NULL;
441 if (server_expect_count == 0)
442 server_expect = malloc (++server_expect_count);
443 else
444 server_expect = realloc (server_expect, ++server_expect_count);
445 server_expect[server_expect_count - 1] = optarg;
446 break;
447 case 'q':
448 server_quit = optarg;
449 break;
450 case 'd':
451 if (is_intpos (optarg))
452 delay = atoi (optarg);
453 else
454 usage ("Delay must be a positive integer\n");
455 break;
456 case 'S':
457 #ifndef HAVE_SSL
458 terminate (STATE_UNKNOWN,
459 "SSL support not available. Install OpenSSL and recompile.");
460 #endif
461 use_ssl = TRUE;
462 break;
463 }
464 }
466 if (server_address == NULL)
467 usage ("You must provide a server address\n");
469 return OK;
470 }
476 void
477 print_usage (void)
478 {
479 printf
480 ("Usage: %s -H host -p port [-w warn_time] [-c crit_time] [-s send]\n"
481 " [-e expect] [-W wait] [-t to_sec] [-v]\n", PROGNAME);
482 }
488 void
489 print_help (void)
490 {
491 print_revision (PROGNAME, "$Revision$");
492 printf
493 ("Copyright (c) 1999 Ethan Galstad (nagios@nagios.org)\n\n"
494 "This plugin tests %s connections with the specified host.\n\n",
495 SERVICE);
496 print_usage ();
497 printf
498 ("Options:\n"
499 " -H, --hostname=ADDRESS\n"
500 " Host name argument for servers using host headers (use numeric\n"
501 " address if possible to bypass DNS lookup).\n"
502 " -p, --port=INTEGER\n"
503 " Port number\n"
504 " -s, --send=STRING\n"
505 " String to send to the server\n"
506 " -e, --expect=STRING\n"
507 " String to expect in server response"
508 " -W, --wait=INTEGER\n"
509 " Seconds to wait between sending string and polling for response\n"
510 " -w, --warning=DOUBLE\n"
511 " Response time to result in warning status (seconds)\n"
512 " -c, --critical=DOUBLE\n"
513 " Response time to result in critical status (seconds)\n"
514 " -t, --timeout=INTEGER\n"
515 " Seconds before connection times out (default: %d)\n"
516 " -v"
517 " Show details for command-line debugging (do not use with nagios server)\n"
518 " -h, --help\n"
519 " Print detailed help screen\n"
520 " -V, --version\n"
521 " Print version information\n", DEFAULT_SOCKET_TIMEOUT);
522 }
525 #ifdef HAVE_SSL
526 int
527 connect_SSL (void)
528 {
529 SSL_METHOD *meth;
531 /* Initialize SSL context */
532 SSLeay_add_ssl_algorithms ();
533 meth = SSLv2_client_method ();
534 SSL_load_error_strings ();
535 if ((ctx = SSL_CTX_new (meth)) == NULL)
536 {
537 printf ("ERROR: Cannot create SSL context.\n");
538 return STATE_CRITICAL;
539 }
541 /* Initialize alarm signal handling */
542 signal (SIGALRM, socket_timeout_alarm_handler);
544 /* Set socket timeout */
545 alarm (socket_timeout);
547 /* Save start time */
548 time (&start_time);
550 /* Make TCP connection */
551 if (my_tcp_connect (server_address, server_port, &sd) == STATE_OK)
552 {
553 /* Do the SSL handshake */
554 if ((ssl = SSL_new (ctx)) != NULL)
555 {
556 SSL_set_fd (ssl, sd);
557 if (SSL_connect (ssl) != -1)
558 return OK;
559 ERR_print_errors_fp (stderr);
560 }
561 else
562 {
563 printf ("ERROR: Cannot initiate SSL handshake.\n");
564 }
565 SSL_free (ssl);
566 }
568 SSL_CTX_free (ctx);
569 close (sd);
571 return STATE_CRITICAL;
572 }
573 #endif