![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 733388b8dfbca3a250879e3fa6d28a95b185e0a3..038ac68ad51c12dd0280e56fd1aed03d0031366d 100644 (file)
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
*
*****************************************************************************/
-#define PROGNAME "check_http"
+const char *progname = "check_http";
#define REVISION "$Revision$"
#define COPYRIGHT "1999-2001"
#define AUTHORS "Ethan Galstad/Karl DeBisschop"
#include "config.h"
#include "common.h"
-#include "version.h"
#include "netutils.h"
#include "utils.h"
certificate expiration times.\n"
#define OPTIONS "\
-\(-H <vhost> | -I <IP-address>) [-u <uri>] [-p <port>]\n\
+(-H <vhost> | -I <IP-address>) [-u <uri>] [-p <port>]\n\
[-w <warn time>] [-c <critical time>] [-t <timeout>] [-L]\n\
[-a auth] [-f <ok | warn | critcal | follow>] [-e <expect>]\n\
- [-s string] [-r <regex> | -R <case-insensitive regex>]\n\
- [-P string]"
+ [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n\
+ [-P string] [-m min_pg_size] [-4|-6]"
#define LONGOPTIONS "\
-H, --hostname=ADDRESS\n\
Host name argument for servers using host headers (virtual host)\n\
-I, --IP-address=ADDRESS\n\
IP address or name (use numeric address if possible to bypass DNS lookup).\n\
+ -4, --use-ipv4\n\
+ Use IPv4 protocol\n\
+ -6, --use-ipv6\n\
+ Use IPv6 protocol\n\
-e, --expect=STRING\n\
String to expect in first (status) line of server response (default: %s)\n\
If specified skips all other status line logic (ex: 3xx, 4xx, 5xx processing)\n\
-L, --link=URL\n\
Wrap output in HTML link (obsoleted by urlize)\n\
-f, --onredirect=<ok|warning|critical|follow>\n\
- How to handle redirected pages\n%s\
+ How to handle redirected pages\n%s%s\
+-m, --min=INTEGER\n\
+ Minimum page size required (bytes)\n\
-v, --verbose\n\
Show details for command-line debugging (do not use with nagios server)\n\
-h, --help\n\
#define SSLOPTIONS ""
#endif
+#ifdef HAVE_REGEX_H
+#define REGOPTIONS "\
+ -l, --linespan\n\
+ Allow regex to span newlines (must precede -r or -R)\n\
+ -r, --regex, --ereg=STRING\n\
+ Search page for regex STRING\n\
+ -R, --eregi=STRING\n\
+ Search page for case-insensitive regex STRING\n"
+#else
+#define REGOPTIONS ""
+#endif
+
#define DESCRIPTION "\
This plugin will attempt to open an HTTP connection with the host. Successul\n\
connects return STATE_OK, refusals and timeouts return STATE_CRITICAL, other\n\
#ifdef HAVE_SSL
int check_cert = FALSE;
int days_till_exp;
-unsigned char *randbuff;
+char *randbuff = "";
SSL_CTX *ctx;
SSL *ssl;
X509 *server_cert;
#endif
#ifdef HAVE_REGEX_H
-#define REGS 2
-#define MAX_RE_SIZE 256
+enum {
+ REGS = 2,
+ MAX_RE_SIZE = 256
+};
#include <regex.h>
regex_t preg;
regmatch_t pmatch[REGS];
int errcode;
#endif
+struct timeval tv;
+
#define server_type_check(server_type) \
(strcmp (server_type, "https") ? FALSE : TRUE)
#define server_port_check(use_ssl) (use_ssl ? HTTPS_PORT : HTTP_PORT)
-#define MAX_IPV4_HOSTLENGTH 64
+/* per RFC 2396 */
+
#define HDR_LOCATION "%*[Ll]%*[Oo]%*[Cc]%*[Aa]%*[Tt]%*[Ii]%*[Oo]%*[Nn]: "
#define URI_HTTP "%[HTPShtps]://"
-#define URI_HOST "%[a-zA-Z0-9.-]"
-#define URI_PORT ":%[0-9]"
-#define URI_PATH "%[/a-zA-Z0-9._-=@,]"
+#define URI_HOST "%[-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]"
+#define URI_PORT ":%[0123456789]"
+#define URI_PATH "%[-_.!~*'();/?:@&=+$,%#abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]"
+
+enum {
+ MAX_IPV4_HOSTLENGTH = 255,
+ HTTP_PORT = 80,
+ HTTPS_PORT = 443
+};
-#define HTTP_PORT 80
-#define HTTPS_PORT 443
#define HTTP_EXPECT "HTTP/1."
#define HTTP_URL "/"
+#define CRLF "\r\n"
char timestamp[17] = "";
int specify_port = FALSE;
int server_port = HTTP_PORT;
char server_port_text[6] = "";
char server_type[6] = "http";
-/*@null@*/ char *server_address = NULL;
-/*@null@*/ char *host_name = NULL;
-/*@null@*/ char *server_url = NULL;
-int server_url_length = 0;
+char *server_address = "";
+char *host_name = "";
+char *server_url = "";
+int server_url_length;
int server_expect_yn = 0;
char server_expect[MAX_INPUT_BUFFER] = HTTP_EXPECT;
char string_expect[MAX_INPUT_BUFFER] = "";
-int warning_time = 0;
+double warning_time = 0;
int check_warning_time = FALSE;
-int critical_time = 0;
+double critical_time = 0;
int check_critical_time = FALSE;
char user_auth[MAX_INPUT_BUFFER] = "";
int display_html = FALSE;
int use_ssl = FALSE;
int verbose = FALSE;
int sd;
-/*@null@*/ char *http_method = NULL;
-/*@null@*/ char *http_post_data = NULL;
+int min_page_len = 0;
+char *http_method = "GET";
+char *http_post_data = "";
char buffer[MAX_INPUT_BUFFER];
void print_usage (void);
void print_help (void);
int process_arguments (int, char **);
-int call_getopt (int, char **);
static char *base64 (char *bin, int len);
int check_http (void);
int my_recv (void);
{
int result = STATE_UNKNOWN;
+ /* Set default URL. Must be malloced for subsequent realloc if --onredirect=follow */
+ asprintf (&server_url, "%s", HTTP_URL);
+ server_url_length = strlen(server_url);
+
if (process_arguments (argc, argv) == ERROR)
usage ("check_http: could not parse arguments\n");
if (strstr (timestamp, ":")) {
if (strstr (server_url, "?"))
- server_url = ssprintf (server_url, "%s&%s", server_url, timestamp);
+ asprintf (&server_url, "%s&%s", server_url, timestamp);
else
- server_url = ssprintf (server_url, "%s?%s", server_url, timestamp);
+ asprintf (&server_url, "%s?%s", server_url, timestamp);
}
if (display_html == TRUE)
/* initialize alarm signal handling, set socket timeout, start timer */
(void) signal (SIGALRM, socket_timeout_alarm_handler);
(void) alarm (socket_timeout);
- (void) time (&start_time);
+ gettimeofday (&tv, NULL);
#ifdef HAVE_SSL
if (use_ssl && check_cert == TRUE) {
int
process_arguments (int argc, char **argv)
{
- int c, i = 1;
- char optchars[MAX_INPUT_BUFFER];
+ int c = 1;
-#ifdef HAVE_GETOPT_H
int option_index = 0;
static struct option long_options[] = {
- STD_OPTS_LONG,
+ STD_LONG_OPTS,
+ {"file",required_argument,0,'F'},
{"link", no_argument, 0, 'L'},
{"nohtml", no_argument, 0, 'n'},
{"ssl", no_argument, 0, 'S'},
{"regex", required_argument, 0, 'r'},
{"ereg", required_argument, 0, 'r'},
{"eregi", required_argument, 0, 'R'},
+ {"linespan", no_argument, 0, 'l'},
{"onredirect", required_argument, 0, 'f'},
{"certificate", required_argument, 0, 'C'},
+ {"min", required_argument, 0, 'm'},
+ {"use-ipv4", no_argument, 0, '4'},
+ {"use-ipv6", no_argument, 0, '6'},
{0, 0, 0, 0}
};
-#endif
if (argc < 2)
return ERROR;
strcpy (argv[c], "-n");
}
- snprintf (optchars, MAX_INPUT_BUFFER, "%s%s", STD_OPTS,
- "P:I:a:e:p:s:R:r:u:f:C:nLS");
-
while (1) {
-#ifdef HAVE_GETOPT_H
- c = getopt_long (argc, argv, optchars, long_options, &option_index);
-#else
- c = getopt (argc, argv, optchars);
-#endif
+ c = getopt_long (argc, argv, "Vvh46t:c:w:H:P:I:a:e:p:s:R:r:u:f:C:nlLSm:", long_options, &option_index);
if (c == -1 || c == EOF)
break;
exit (STATE_OK);
break;
case 'V': /* version */
- print_revision (PROGNAME, REVISION);
+ print_revision (progname, REVISION);
exit (STATE_OK);
break;
case 't': /* timeout period */
case 'c': /* critical time threshold */
if (!is_intnonneg (optarg))
usage2 ("invalid critical threshold", optarg);
- critical_time = atoi (optarg);
+ critical_time = strtod (optarg, NULL);
check_critical_time = TRUE;
break;
case 'w': /* warning time threshold */
if (!is_intnonneg (optarg))
usage2 ("invalid warning threshold", optarg);
- warning_time = atoi (optarg);
+ warning_time = strtod (optarg, NULL);
check_warning_time = TRUE;
break;
case 'L': /* show html link */
if (specify_port == FALSE)
server_port = HTTPS_PORT;
break;
- case 'C': /* warning time threshold */
+ case 'C': /* Check SSL cert validity */
#ifdef HAVE_SSL
if (!is_intnonneg (optarg))
usage2 ("invalid certificate expiration period", optarg);
break;
/* Note: H, I, and u must be malloc'd or will fail on redirects */
case 'H': /* Host Name (virtual host) */
- host_name = strscpy (host_name, optarg);
+ asprintf (&host_name, "%s", optarg);
break;
case 'I': /* Server IP-address */
- server_address = strscpy (server_address, optarg);
+ asprintf (&server_address, "%s", optarg);
break;
case 'u': /* Host or server */
- server_url = strscpy (server_url, optarg);
- server_url_length = strlen (optarg);
+ asprintf (&server_url, "%s", optarg);
+ server_url_length = strlen (server_url);
break;
case 'p': /* Host or server */
if (!is_intnonneg (optarg))
user_auth[MAX_INPUT_BUFFER - 1] = 0;
break;
case 'P': /* HTTP POST data in URL encoded format */
- http_method = strscpy (http_method, "POST");
- http_post_data = strscpy (http_post_data, optarg);
+ asprintf (&http_method, "%s", "POST");
+ asprintf (&http_post_data, "%s", optarg);
break;
case 's': /* string or substring */
strncpy (string_expect, optarg, MAX_INPUT_BUFFER - 1);
server_expect[MAX_INPUT_BUFFER - 1] = 0;
server_expect_yn = 1;
break;
- case 'R': /* regex */
-#ifdef HAVE_REGEX_H
- cflags = REG_ICASE;
-#else
+#ifndef HAVE_REGEX_H
+ case 'l': /* linespan */
+ case 'r': /* linespan */
+ case 'R': /* linespan */
usage ("check_http: call for regex which was not a compiled option\n");
-#endif
+ break;
+#else
+ case 'l': /* linespan */
+ cflags &= ~REG_NEWLINE;
+ break;
+ case 'R': /* regex */
+ cflags |= REG_ICASE;
case 'r': /* regex */
-#ifdef HAVE_REGEX_H
- cflags |= REG_EXTENDED | REG_NOSUB | REG_NEWLINE;
strncpy (regexp, optarg, MAX_RE_SIZE - 1);
regexp[MAX_RE_SIZE - 1] = 0;
errcode = regcomp (&preg, regexp, cflags);
printf ("Could Not Compile Regular Expression: %s", errbuf);
return ERROR;
}
+ break;
+#endif
+ case '4':
+ address_family = AF_INET;
+ break;
+ case '6':
+#ifdef USE_IPV6
+ address_family = AF_INET6;
#else
- usage ("check_http: call for regex which was not a compiled option\n");
+ usage ("IPv6 support not available\n");
#endif
break;
case 'v': /* verbose */
verbose = TRUE;
break;
+ case 'm': /* min_page_length */
+ min_page_len = atoi (optarg);
+ break;
}
}
c = optind;
- if (server_address == NULL && host_name == NULL) {
- server_address = strscpy (NULL, argv[c]);
- host_name = strscpy (NULL, argv[c++]);
- }
-
- if (server_address == NULL && host_name == NULL)
- usage ("check_http: you must specify a host name\n");
+ if (strcmp (server_address, "") == 0 && c < argc)
+ asprintf (&server_address, "%s", argv[c++]);
- if (server_address == NULL)
- server_address = strscpy (NULL, host_name);
+ if (strcmp (host_name, "") == 0 && c < argc)
+ asprintf (&host_name, "%s", argv[c++]);
- if (host_name == NULL)
- host_name = strscpy (NULL, server_address);
-
- if (http_method == NULL)
- http_method = strscpy (http_method, "GET");
-
- if (server_url == NULL) {
- server_url = strscpy (NULL, "/");
- server_url_length = strlen(HTTP_URL);
+ if (strcmp (server_address ,"") == 0) {
+ if (strcmp (host_name, "") == 0)
+ usage ("check_http: you must specify a server address or host name\n");
+ else
+ asprintf (&server_address, "%s", host_name);
}
+ if (check_critical_time && critical_time>(double)socket_timeout)
+ socket_timeout = (int)critical_time + 1;
+
return TRUE;
}
\f
check_http (void)
{
char *msg = NULL;
- char *status_line = NULL;
+ char *status_line = "";
char *header = NULL;
- char *page = NULL;
+ char *page = "";
char *auth = NULL;
int i = 0;
size_t pagesize = 0;
- char *full_page = NULL;
+ char *full_page = "";
char *buf = NULL;
- char *pos = NULL;
+ char *pos = "";
char *x = NULL;
char *orig_url = NULL;
+ double elapsed_time;
+ int page_len = 0;
+#ifdef HAVE_SSL
+ int sslerr;
+#endif
/* try to connect to the host at the given port number */
#ifdef HAVE_SSL
if (use_ssl == TRUE) {
if (connect_SSL () != OK) {
- msg = ssprintf (msg, "Unable to open TCP socket");
- terminate (STATE_CRITICAL, msg);
+ terminate (STATE_CRITICAL, "Unable to open TCP socket");
}
if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
return STATE_CRITICAL;
}
- buf = ssprintf (buf, "%s %s HTTP/1.0\r\n", http_method, server_url);
- if (SSL_write (ssl, buf, strlen (buf)) == -1) {
- ERR_print_errors_fp (stderr);
- return STATE_CRITICAL;
- }
+ }
+ else {
+#endif
+ if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK)
+ terminate (STATE_CRITICAL, "Unable to open TCP socket");
+#ifdef HAVE_SSL
+ }
+#endif
- /* optionally send the host header info (not clear if it's usable) */
- if (strcmp (host_name, "")) {
- buf = ssprintf (buf, "Host: %s\r\n", host_name);
- if (SSL_write (ssl, buf, strlen (buf)) == -1) {
- ERR_print_errors_fp (stderr);
- return STATE_CRITICAL;
- }
- }
+ asprintf (&buf, "%s %s HTTP/1.0\r\n", http_method, server_url);
- /* send user agent */
- buf = ssprintf (buf, "User-Agent: check_http/%s (nagios-plugins %s)\r\n",
- clean_revstring (REVISION), PACKAGE_VERSION);
- if (SSL_write (ssl, buf, strlen (buf)) == -1) {
- ERR_print_errors_fp (stderr);
- return STATE_CRITICAL;
- }
+ /* optionally send the host header info (not clear if it's usable) */
+ if (strcmp (host_name, ""))
+ asprintf (&buf, "%sHost: %s\r\n", buf, host_name);
- /* optionally send the authentication info */
- if (strcmp (user_auth, "")) {
- auth = base64 (user_auth, strlen (user_auth));
- buf = ssprintf (buf, "Authorization: Basic %s\r\n", auth);
- if (SSL_write (ssl, buf, strlen (buf)) == -1) {
- ERR_print_errors_fp (stderr);
- return STATE_CRITICAL;
- }
- }
+ /* send user agent */
+ asprintf (&buf, "%sUser-Agent: check_http/%s (nagios-plugins %s)\r\n",
+ buf, clean_revstring (REVISION), PACKAGE_VERSION);
- /* optionally send http POST data */
- if (http_post_data) {
- buf = ssprintf (buf, "Content-Type: application/x-www-form-urlencoded\r\n");
- if (SSL_write (ssl, buf, strlen (buf)) == -1) {
- ERR_print_errors_fp (stderr);
- return STATE_CRITICAL;
- }
- buf = ssprintf (buf, "Content-Length: %i\r\n\r\n", strlen (http_post_data));
- if (SSL_write (ssl, buf, strlen (buf)) == -1) {
- ERR_print_errors_fp (stderr);
- return STATE_CRITICAL;
- }
- http_post_data = strscat (http_post_data, "\r\n");
- if (SSL_write (ssl, http_post_data, strlen (http_post_data)) == -1) {
- ERR_print_errors_fp (stderr);
- return STATE_CRITICAL;
- }
- }
+ /* optionally send the authentication info */
+ if (strcmp (user_auth, "")) {
+ auth = base64 (user_auth, strlen (user_auth));
+ asprintf (&buf, "%sAuthorization: Basic %s\r\n", buf, auth);
+ }
+
+ /* either send http POST data */
+ if (strlen (http_post_data)) {
+ asprintf (&buf, "%sContent-Type: application/x-www-form-urlencoded\r\n", buf);
+ asprintf (&buf, "%sContent-Length: %i\r\n\r\n", buf, strlen (http_post_data));
+ asprintf (&buf, "%s%s%s", buf, http_post_data, CRLF);
+ }
+ else {
+ /* or just a newline so the server knows we're done with the request */
+ asprintf (&buf, "%s%s", buf, CRLF);
+ }
- /* send a newline so the server knows we're done with the request */
- buf = ssprintf (buf, "\r\n\r\n");
+#ifdef HAVE_SSL
+ if (use_ssl == TRUE) {
if (SSL_write (ssl, buf, strlen (buf)) == -1) {
ERR_print_errors_fp (stderr);
return STATE_CRITICAL;
}
-
}
else {
#endif
- if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK) {
- msg = ssprintf (msg, "Unable to open TCP socket");
- terminate (STATE_CRITICAL, msg);
- }
- buf = ssprintf (buf, "%s %s HTTP/1.0\r\n", http_method, server_url);
- send (sd, buf, strlen (buf), 0);
-
-
-
- /* optionally send the host header info */
- if (strcmp (host_name, "")) {
- buf = ssprintf (buf, "Host: %s\r\n", host_name);
- send (sd, buf, strlen (buf), 0);
- }
-
- /* send user agent */
- buf = ssprintf (buf,
- "User-Agent: check_http/%s (nagios-plugins %s)\r\n",
- clean_revstring (REVISION), PACKAGE_VERSION);
- send (sd, buf, strlen (buf), 0);
-
- /* optionally send the authentication info */
- if (strcmp (user_auth, "")) {
- auth = base64 (user_auth, strlen (user_auth));
- buf = ssprintf (buf, "Authorization: Basic %s\r\n", auth);
- send (sd, buf, strlen (buf), 0);
- }
-
- /* optionally send http POST data */
- /* written by Chris Henesy <lurker@shadowtech.org> */
- if (http_post_data) {
- buf = ssprintf (buf, "Content-Type: application/x-www-form-urlencoded\r\n");
- send (sd, buf, strlen (buf), 0);
- buf = ssprintf (buf, "Content-Length: %i\r\n\r\n", strlen (http_post_data));
- send (sd, buf, strlen (buf), 0);
- http_post_data = strscat (http_post_data, "\r\n");
- send (sd, http_post_data, strlen (http_post_data), 0);
- }
-
- /* send a newline so the server knows we're done with the request */
- buf = ssprintf (buf, "\r\n\r\n");
send (sd, buf, strlen (buf), 0);
#ifdef HAVE_SSL
}
#endif
/* fetch the page */
- pagesize = (size_t) 0;
while ((i = my_recv ()) > 0) {
- full_page = strscat (full_page, buffer);
+ buffer[i] = '\0';
+ asprintf (&full_page, "%s%s", full_page, buffer);
pagesize += i;
}
- if (i < 0)
- terminate (STATE_CRITICAL, "Error in recv()");
+ if (i < 0 && errno != ECONNRESET) {
+#ifdef HAVE_SSL
+ if (use_ssl) {
+ sslerr=SSL_get_error(ssl, i);
+ if ( sslerr == SSL_ERROR_SSL ) {
+ terminate (STATE_WARNING, "Client Certificate Required\n");
+ } else {
+ terminate (STATE_CRITICAL, "Error in recv()");
+ }
+ }
+ else {
+#endif
+ terminate (STATE_CRITICAL, "Error in recv()");
+#ifdef HAVE_SSL
+ }
+#endif
+ }
/* return a CRITICAL status if we couldn't read any data */
if (pagesize == (size_t) 0)
page += (size_t) strcspn (page, "\r\n");
pos = page;
page += (size_t) strspn (page, "\r\n");
- status_line[pos - status_line] = 0;
+ status_line[strcspn(status_line, "\r\n")] = 0;
strip (status_line);
if (verbose)
printf ("STATUS: %s\n", status_line);
/* make sure the status line matches the response we are looking for */
if (!strstr (status_line, server_expect)) {
if (server_port == HTTP_PORT)
- msg = ssprintf (msg, "Invalid HTTP response received from host\n");
+ asprintf (&msg, "Invalid HTTP response received from host\n");
else
- msg = ssprintf (msg,
+ asprintf (&msg,
"Invalid HTTP response received from host on port %d\n",
server_port);
terminate (STATE_CRITICAL, msg);
/* Exit here if server_expect was set by user and not default */
if ( server_expect_yn ) {
- msg = ssprintf (msg, "HTTP OK: Status line output matched \"%s\"\n",
+ asprintf (&msg, "HTTP OK: Status line output matched \"%s\"\n",
server_expect);
if (verbose)
printf ("%s\n",msg);
strstr (status_line, "501") ||
strstr (status_line, "502") ||
strstr (status_line, "503")) {
- msg = ssprintf (msg, "HTTP CRITICAL: %s\n", status_line);
- terminate (STATE_CRITICAL, msg);
+ terminate (STATE_CRITICAL, "HTTP CRITICAL: %s\n", status_line);
}
/* client errors result in a warning state */
strstr (status_line, "402") ||
strstr (status_line, "403") ||
strstr (status_line, "404")) {
- msg = ssprintf (msg, "HTTP WARNING: %s\n", status_line);
- terminate (STATE_WARNING, msg);
+ terminate (STATE_WARNING, "HTTP WARNING: %s\n", status_line);
}
/* check redirected page if specified */
strstr (status_line, "304")) {
if (onredirect == STATE_DEPENDENT) {
- orig_url = strscpy(NULL, server_url);
+ asprintf (&orig_url, "%s", server_url);
pos = header;
while (pos) {
- server_address = realloc (server_address, MAX_IPV4_HOSTLENGTH);
+ server_address = realloc (server_address, MAX_IPV4_HOSTLENGTH + 1);
if (server_address == NULL)
terminate (STATE_UNKNOWN,
"HTTP UNKNOWN: could not allocate server_address");
server_url_length = strcspn (pos, "\r\n");
}
if (sscanf (pos, HDR_LOCATION URI_HTTP URI_HOST URI_PORT URI_PATH, server_type, server_address, server_port_text, server_url) == 4) {
- host_name = strscpy (host_name, server_address);
+ asprintf (&host_name, "%s", server_address);
use_ssl = server_type_check (server_type);
server_port = atoi (server_port_text);
check_http ();
}
else if (sscanf (pos, HDR_LOCATION URI_HTTP URI_HOST URI_PATH, server_type, server_address, server_url) == 3 ) {
- host_name = strscpy (host_name, server_address);
+ asprintf (&host_name, "%s", server_address);
use_ssl = server_type_check (server_type);
server_port = server_port_check (use_ssl);
check_http ();
}
else if (sscanf (pos, HDR_LOCATION URI_HTTP URI_HOST URI_PORT, server_type, server_address, server_port_text) == 3) {
- host_name = strscpy (host_name, server_address);
+ asprintf (&host_name, "%s", server_address);
strcpy (server_url, "/");
use_ssl = server_type_check (server_type);
server_port = atoi (server_port_text);
check_http ();
}
else if (sscanf (pos, HDR_LOCATION URI_HTTP URI_HOST, server_type, server_address) == 2) {
- host_name = strscpy (host_name, server_address);
+ asprintf (&host_name, "%s", server_address);
strcpy (server_url, "/");
use_ssl = server_type_check (server_type);
server_port = server_port_check (use_ssl);
else if (sscanf (pos, HDR_LOCATION URI_PATH, server_url) == 1) {
if ((server_url[0] != '/') && (x = strrchr(orig_url, '/'))) {
*x = '\0';
- server_url = ssprintf (server_url, "%s/%s", orig_url, server_url);
+ asprintf (&server_url, "%s/%s", orig_url, server_url);
}
check_http ();
}
pos += (size_t) strcspn (pos, "\r\n");
pos += (size_t) strspn (pos, "\r\n");
} /* end while (pos) */
- printf ("HTTP UNKNOWN: Could not find redirect location - %s%s",
+ printf ("UNKNOWN - Could not find redirect location - %s%s",
status_line, (display_html ? "</A>" : ""));
exit (STATE_UNKNOWN);
} /* end if (onredirect == STATE_DEPENDENT) */
else if (onredirect == STATE_UNKNOWN)
- printf ("HTTP UNKNOWN");
+ printf ("UNKNOWN");
else if (onredirect == STATE_OK)
- printf ("HTTP ok");
+ printf ("OK");
else if (onredirect == STATE_WARNING)
- printf ("HTTP WARNING");
+ printf ("WARNING");
else if (onredirect == STATE_CRITICAL)
- printf ("HTTP CRITICAL");
- time (&end_time);
- msg = ssprintf (msg, ": %s - %d second response time %s%s|time=%d\n",
- status_line, (int) (end_time - start_time), timestamp,
- (display_html ? "</A>" : ""), (int) (end_time - start_time));
+ printf ("CRITICAL");
+ elapsed_time = delta_time (tv);
+ asprintf (&msg, " - %s - %.3f second response time %s%s|time=%.3f\n",
+ status_line, elapsed_time, timestamp,
+ (display_html ? "</A>" : ""), elapsed_time);
terminate (onredirect, msg);
} /* end if (strstr (status_line, "30[0-4]") */
/* check elapsed time */
- time (&end_time);
- msg = ssprintf (msg, "HTTP problem: %s - %d second response time %s%s|time=%d\n",
- status_line, (int) (end_time - start_time), timestamp,
- (display_html ? "</A>" : ""), (int) (end_time - start_time));
- if (check_critical_time == TRUE && (end_time - start_time) > critical_time)
+ elapsed_time = delta_time (tv);
+ asprintf (&msg, "HTTP problem: %s - %.3f second response time %s%s|time=%.3f\n",
+ status_line, elapsed_time, timestamp,
+ (display_html ? "</A>" : ""), elapsed_time);
+ if (check_critical_time == TRUE && elapsed_time > critical_time)
terminate (STATE_CRITICAL, msg);
- if (check_warning_time == TRUE && (end_time - start_time) > warning_time)
+ if (check_warning_time == TRUE && elapsed_time > warning_time)
terminate (STATE_WARNING, msg);
/* Page and Header content checks go here */
if (strlen (string_expect)) {
if (strstr (page, string_expect)) {
- printf ("HTTP ok: %s - %d second response time %s%s|time=%d\n",
- status_line, (int) (end_time - start_time),
- timestamp, (display_html ? "</A>" : ""), (int) (end_time - start_time));
+ printf ("HTTP OK %s - %.3f second response time %s%s|time=%.3f\n",
+ status_line, elapsed_time,
+ timestamp, (display_html ? "</A>" : ""), elapsed_time);
exit (STATE_OK);
}
else {
- printf ("HTTP CRITICAL: string not found%s|time=%d\n",
- (display_html ? "</A>" : ""), (int) (end_time - start_time));
+ printf ("CRITICAL - string not found%s|time=%.3f\n",
+ (display_html ? "</A>" : ""), elapsed_time);
exit (STATE_CRITICAL);
}
}
if (strlen (regexp)) {
errcode = regexec (&preg, page, REGS, pmatch, 0);
if (errcode == 0) {
- printf ("HTTP ok: %s - %d second response time %s%s|time=%d\n",
- status_line, (int) (end_time - start_time),
- timestamp, (display_html ? "</A>" : ""), (int) (end_time - start_time));
+ printf ("HTTP OK %s - %.3f second response time %s%s|time=%.3f\n",
+ status_line, elapsed_time,
+ timestamp, (display_html ? "</A>" : ""), elapsed_time);
exit (STATE_OK);
}
else {
if (errcode == REG_NOMATCH) {
- printf ("HTTP CRITICAL: pattern not found%s|time=%d\n",
- (display_html ? "</A>" : ""), (int) (end_time - start_time));
+ printf ("CRITICAL - pattern not found%s|time=%.3f\n",
+ (display_html ? "</A>" : ""), elapsed_time);
exit (STATE_CRITICAL);
}
else {
regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
- printf ("Execute Error: %s\n", errbuf);
+ printf ("CRITICAL - Execute Error: %s\n", errbuf);
exit (STATE_CRITICAL);
}
}
}
#endif
+ /* make sure the page is of an appropriate size */
+ page_len = strlen (page);
+ if ((min_page_len > 0) && (page_len < min_page_len)) {
+ printf ("HTTP WARNING: page size too small%s|size=%i\n",
+ (display_html ? "</A>" : ""), page_len );
+ exit (STATE_WARNING);
+ }
/* We only get here if all tests have been passed */
- msg = ssprintf (msg, "HTTP ok: %s - %d second response time %s%s|time=%d\n",
- status_line, (int) (end_time - start_time),
- timestamp, (display_html ? "</A>" : ""), (int) (end_time - start_time));
+ asprintf (&msg, "HTTP OK %s - %.3f second response time %s%s|time=%.3f\n",
+ status_line, (float)elapsed_time,
+ timestamp, (display_html ? "</A>" : ""), elapsed_time);
terminate (STATE_OK, msg);
return STATE_UNKNOWN;
}
{
SSL_METHOD *meth;
- randbuff = strscpy (NULL, "qwertyuiopasdfghjkl");
+ asprintf (&randbuff, "%s", "qwertyuiopasdfghjklqwertyuiopasdfghjkl");
RAND_seed (randbuff, strlen (randbuff));
+ if (verbose)
+ printf("SSL seeding: %s\n", (RAND_status()==1 ? "OK" : "Failed") );
+
/* Initialize SSL context */
SSLeay_add_ssl_algorithms ();
meth = SSLv23_client_method ();
SSL_load_error_strings ();
if ((ctx = SSL_CTX_new (meth)) == NULL) {
- printf ("ERROR: Cannot create SSL context.\n");
+ printf ("CRITICAL - Cannot create SSL context.\n");
return STATE_CRITICAL;
}
alarm (socket_timeout);
/* Save start time */
- time (&start_time);
+ gettimeofday (&tv, NULL);
/* Make TCP connection */
if (my_tcp_connect (server_address, server_port, &sd) == STATE_OK) {
ERR_print_errors_fp (stderr);
}
else {
- printf ("ERROR: Cannot initiate SSL handshake.\n");
+ printf ("CRITICAL - Cannot initiate SSL handshake.\n");
}
SSL_free (ssl);
}
/* Generate tm structure to process timestamp */
if (tm->type == V_ASN1_UTCTIME) {
if (tm->length < 10) {
- printf ("ERROR: Wrong time format in certificate.\n");
+ printf ("CRITICAL - Wrong time format in certificate.\n");
return STATE_CRITICAL;
}
else {
}
else {
if (tm->length < 12) {
- printf ("ERROR: Wrong time format in certificate.\n");
+ printf ("CRITICAL - Wrong time format in certificate.\n");
return STATE_CRITICAL;
}
else {
stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
if (days_left > 0 && days_left <= days_till_exp) {
- printf ("Certificate expires in %d day(s) (%s).\n", days_left, timestamp);
+ printf ("WARNING - Certificate expires in %d day(s) (%s).\n", days_left, timestamp);
return STATE_WARNING;
}
if (days_left < 0) {
- printf ("Certificate expired on %s.\n", timestamp);
+ printf ("CRITICAL - Certificate expired on %s.\n", timestamp);
return STATE_CRITICAL;
}
if (days_left == 0) {
- printf ("Certificate expires today (%s).\n", timestamp);
+ printf ("WARNING - Certificate expires today (%s).\n", timestamp);
return STATE_WARNING;
}
- printf ("Certificate will expire on %s.\n", timestamp);
+ printf ("OK - Certificate will expire on %s.\n", timestamp);
return STATE_OK;
}
void
print_help (void)
{
- print_revision (PROGNAME, REVISION);
+ print_revision (progname, REVISION);
printf
("Copyright (c) %s %s <%s>\n\n%s\n",
COPYRIGHT, AUTHORS, EMAIL, SUMMARY);
print_usage ();
printf ("NOTE: One or both of -H and -I must be specified\n");
printf ("\nOptions:\n" LONGOPTIONS "\n", HTTP_EXPECT, HTTP_PORT,
- DEFAULT_SOCKET_TIMEOUT, SSLOPTIONS);
+ DEFAULT_SOCKET_TIMEOUT, SSLOPTIONS, REGOPTIONS);
#ifdef HAVE_SSL
printf (SSLDESCRIPTION);
#endif
void
print_usage (void)
{
- printf ("Usage:\n" " %s %s\n"
-#ifdef HAVE_GETOPT_H
- " %s (-h | --help) for detailed help\n"
- " %s (-V | --version) for version information\n",
-#else
- " %s -h for detailed help\n"
- " %s -V for version information\n",
-#endif
- PROGNAME, OPTIONS, PROGNAME, PROGNAME);
+ printf ("\
+Usage:\n\
+ %s %s\n\
+ %s (-h | --help) for detailed help\n\
+ %s (-V | --version) for version information\n",
+ progname, OPTIONS, progname, progname);
}