diff --git a/plugins/check_http.c b/plugins/check_http.c
index 5a859f98774bafa8513cbe64d91bb08fdfd277d2..0a8910c318fa39a71c8a706b993dfe4bb23b0703 100644 (file)
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
double critical_time = 0;
int check_critical_time = FALSE;
char user_auth[MAX_INPUT_BUFFER] = "";
+char proxy_auth[MAX_INPUT_BUFFER] = "";
int display_html = FALSE;
char **http_opt_headers;
int http_opt_headers_count = 0;
int onredirect = STATE_OK;
int followsticky = STICKY_NONE;
int use_ssl = FALSE;
+int use_sni = FALSE;
int verbose = FALSE;
int sd;
int min_page_len = 0;
char *p;
enum {
- INVERT_REGEX = CHAR_MAX + 1
+ INVERT_REGEX = CHAR_MAX + 1,
+ SNI_OPTION
};
int option = 0;
{"link", no_argument, 0, 'L'},
{"nohtml", no_argument, 0, 'n'},
{"ssl", no_argument, 0, 'S'},
+ {"sni", no_argument, 0, SNI_OPTION},
{"post", required_argument, 0, 'P'},
{"method", required_argument, 0, 'j'},
{"IP-address", required_argument, 0, 'I'},
{"url", required_argument, 0, 'u'},
{"port", required_argument, 0, 'p'},
{"authorization", required_argument, 0, 'a'},
+ {"proxy_authorization", required_argument, 0, 'b'},
{"string", required_argument, 0, 's'},
{"expect", required_argument, 0, 'e'},
{"regex", required_argument, 0, 'r'},
}
while (1) {
- c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:e:p:s:R:r:u:f:C:nlLSm:M:N", longopts, &option);
+ c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:e:p:s:R:r:u:f:C:nlLSm:M:N", longopts, &option);
if (c == -1 || c == EOF)
break;
if (specify_port == FALSE)
server_port = HTTPS_PORT;
break;
+ case SNI_OPTION:
+ use_sni = TRUE;
+ break;
case 'f': /* onredirect */
if (!strcmp (optarg, "stickyport"))
onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST|STICKY_PORT;
- if (!strcmp (optarg, "sticky"))
+ else if (!strcmp (optarg, "sticky"))
onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST;
- if (!strcmp (optarg, "follow"))
+ else if (!strcmp (optarg, "follow"))
onredirect = STATE_DEPENDENT, followsticky = STICKY_NONE;
- if (!strcmp (optarg, "unknown"))
+ else if (!strcmp (optarg, "unknown"))
onredirect = STATE_UNKNOWN;
- if (!strcmp (optarg, "ok"))
+ else if (!strcmp (optarg, "ok"))
onredirect = STATE_OK;
- if (!strcmp (optarg, "warning"))
+ else if (!strcmp (optarg, "warning"))
onredirect = STATE_WARNING;
- if (!strcmp (optarg, "critical"))
+ else if (!strcmp (optarg, "critical"))
onredirect = STATE_CRITICAL;
+ else usage2 (_("Invalid onredirect option"), optarg);
if (verbose)
printf(_("option f:%d \n"), onredirect);
break;
strncpy (user_auth, optarg, MAX_INPUT_BUFFER - 1);
user_auth[MAX_INPUT_BUFFER - 1] = 0;
break;
+ case 'b': /* proxy-authorization info */
+ strncpy (proxy_auth, optarg, MAX_INPUT_BUFFER - 1);
+ proxy_auth[MAX_INPUT_BUFFER - 1] = 0;
+ break;
case 'P': /* HTTP POST data in URL encoded format; ignored if settings already */
if (! http_post_data)
http_post_data = strdup (optarg);
/* Skip to the end of the header, including continuation lines. */
while (*s && !(*s == '\n' && (s[1] != ' ' && s[1] != '\t')))
s++;
- s++;
+
+ /* Avoid stepping over end-of-string marker */
+ if (*s)
+ s++;
/* Process this header. */
if (value && value > field+2) {
int i = 0;
size_t pagesize = 0;
char *full_page;
+ char *full_page_new;
char *buf;
char *pos;
long microsec;
die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
#ifdef HAVE_SSL
if (use_ssl == TRUE) {
- np_net_ssl_init(sd);
+ np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL));
if (check_cert == TRUE) {
result = np_net_ssl_check_cert(days_till_exp);
np_net_ssl_cleanup();
asprintf (&buf, "%sAuthorization: Basic %s\r\n", buf, auth);
}
+ /* optionally send the proxy authentication info */
+ if (strlen(proxy_auth)) {
+ base64_encode_alloc (proxy_auth, strlen (proxy_auth), &auth);
+ asprintf (&buf, "%sProxy-Authorization: Basic %s\r\n", buf, auth);
+ }
+
/* either send http POST data (any data, not only POST)*/
if (http_post_data) {
if (http_content_type) {
full_page = strdup("");
while ((i = my_recv (buffer, MAX_INPUT_BUFFER-1)) > 0) {
buffer[i] = '\0';
- asprintf (&full_page, "%s%s", full_page, buffer);
+ asprintf (&full_page_new, "%s%s", full_page, buffer);
+ free (full_page);
+ full_page = full_page_new;
pagesize += i;
if (no_body && document_headers_done (full_page)) {
#ifdef HAVE_SSL
printf (" %s\n", "-S, --ssl");
printf (" %s\n", _("Connect via SSL. Port defaults to 443"));
+ printf (" %s\n", "--sni");
+ printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
printf (" %s\n", "-C, --certificate=INTEGER");
printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
printf (" %s\n", _("(when this option is used the URL is not checked.)\n"));
printf (" %s\n", "-a, --authorization=AUTH_PAIR");
printf (" %s\n", _("Username:password on sites with basic authentication"));
+ printf (" %s\n", "-b, --proxy-authorization=AUTH_PAIR");
+ printf (" %s\n", _("Username:password on proxy-servers with basic authentication"));
printf (" %s\n", "-A, --useragent=STRING");
printf (" %s\n", _("String to be sent in http header as \"User Agent\""));
printf (" %s\n", "-k, --header=STRING");
{
printf (_("Usage:"));
printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
- printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L]\n");
- printf (" [-a auth] [-f <ok | warn | critcal | follow>] [-e <expect>]\n");
- printf (" [-s string] [-l] [-r <regex> | -R <case-insensitive regex>] [-P string]\n");
- printf (" [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>] [-A string]\n");
- printf (" [-k string] [-S] [-C <age>] [-T <content-type>] [-j method]\n");
+ printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-a auth]\n");
+ printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
+ printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
+ printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
+ printf (" [-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]\n");
+ printf (" [-j method]\n");
}