X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=plugins%2Fcheck_dns.c;h=94d4300c85e5f54c004120549a62b3f21562813f;hb=187f86275426bfb501c7180c48161e1e22af1ef7;hp=242052947e9739397d170fbc6f12a39865aa1211;hpb=cbd91ff6719930ab8366e28577dedf859c80af69;p=nagiosplug.git diff --git a/plugins/check_dns.c b/plugins/check_dns.c index 2420529..94d4300 100644 --- a/plugins/check_dns.c +++ b/plugins/check_dns.c @@ -7,7 +7,7 @@ This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License @@ -16,19 +16,21 @@ LIMITATION: nslookup on Solaris 7 can return output over 2 lines, which will not be picked up by this plugin + + $Id$ ******************************************************************************/ -#include "common.h" -#include "popen.h" -#include "utils.h" -#include "netutils.h" - const char *progname = "check_dns"; const char *revision = "$Revision$"; const char *copyright = "2000-2004"; const char *email = "nagiosplug-devel@lists.sourceforge.net"; +#include "common.h" +#include "popen.h" +#include "utils.h" +#include "netutils.h" + int process_arguments (int, char **); int validate_arguments (void); int error_scan (char *); @@ -42,6 +44,7 @@ char ptr_server[ADDRESS_LENGTH] = ""; int verbose = FALSE; char expected_address[ADDRESS_LENGTH] = ""; int match_expected_address = FALSE; +int expect_authority = FALSE; int main (int argc, char **argv) @@ -51,12 +54,13 @@ main (int argc, char **argv) char *output = NULL; char *address = NULL; char *temp_buffer = NULL; + int non_authoritative = FALSE; int result = STATE_UNKNOWN; double elapsed_time; long microsec; struct timeval tv; int multi_address; - int parse_address = FALSE; /* This flag scans for Address: but only after Name: */ + int parse_address = FALSE; /* This flag scans for Address: but only after Name: */ setlocale (LC_ALL, ""); bindtextdomain (PACKAGE, LOCALEDIR); @@ -64,17 +68,15 @@ main (int argc, char **argv) /* Set signal handling and alarm */ if (signal (SIGALRM, popen_timeout_alarm_handler) == SIG_ERR) { - printf (_("Cannot catch SIGALRM")); - return STATE_UNKNOWN; + usage4 (_("Cannot catch SIGALRM")); } - if (process_arguments (argc, argv) != OK) { - print_usage (); - return STATE_UNKNOWN; + if (process_arguments (argc, argv) == ERROR) { + usage4 (_("Could not parse arguments")); } /* get the command to run */ - asprintf (&command_line, "%s %s %s", NSLOOKUP_COMMAND, query_address, dns_server); + asprintf (&command_line, "%s %s %s", NSLOOKUP_COMMAND, query_address, dns_server); alarm (timeout_interval); gettimeofday (&tv, NULL); @@ -103,7 +105,7 @@ main (int argc, char **argv) if ((temp_buffer = strstr (input_buffer, "name = "))) address = strdup (temp_buffer + 7); else { - output = strdup (_("Unknown error (plugin)")); + output = strdup (_("Warning plugin error")); result = STATE_WARNING; } } @@ -111,7 +113,8 @@ main (int argc, char **argv) /* the server is responding, we just got the host name... */ if (strstr (input_buffer, "Name:")) parse_address = TRUE; - else if (parse_address == TRUE && (strstr (input_buffer, "Address:") || strstr (input_buffer, "Addresses:"))) { + else if (parse_address == TRUE && (strstr (input_buffer, "Address:") || + strstr (input_buffer, "Addresses:"))) { temp_buffer = index (input_buffer, ':'); temp_buffer++; @@ -121,8 +124,9 @@ main (int argc, char **argv) strip(temp_buffer); if (temp_buffer==NULL || strlen(temp_buffer)==0) { - die (STATE_CRITICAL, _("DNS CRITICAL - '%s' returned empty host name string\n"), - NSLOOKUP_COMMAND); + die (STATE_CRITICAL, + _("DNS CRITICAL - '%s' returned empty host name string\n"), + NSLOOKUP_COMMAND); } if (address == NULL) @@ -131,6 +135,10 @@ main (int argc, char **argv) asprintf(&address, "%s,%s", address, temp_buffer); } + else if (strstr (input_buffer, _("Non-authoritative answer:"))) { + non_authoritative = TRUE; + } + result = error_scan (input_buffer); if (result != STATE_OK) { output = strdup (1 + index (input_buffer, ':')); @@ -142,6 +150,10 @@ main (int argc, char **argv) /* scan stderr */ while (fgets (input_buffer, MAX_INPUT_BUFFER - 1, child_stderr)) { + + if (verbose) + printf ("%s", input_buffer); + if (error_scan (input_buffer) != STATE_OK) { result = max_state (result, error_scan (input_buffer)); output = strdup (1 + index (input_buffer, ':')); @@ -155,7 +167,7 @@ main (int argc, char **argv) /* close stdout */ if (spclose (child_process)) { result = max_state (result, STATE_WARNING); - if (!strcmp (output, "")) + if (output == NULL || !strcmp (output, "")) output = strdup (_("nslookup returned error status")); } @@ -163,8 +175,8 @@ main (int argc, char **argv) and we can segfault if we do not */ if (address==NULL || strlen(address)==0) die (STATE_CRITICAL, - _("DNS CRITICAL - '%s' output parsing exited with no address\n"), - NSLOOKUP_COMMAND); + _("DNS CRITICAL - '%s' output parsing exited with no address\n"), + NSLOOKUP_COMMAND); /* compare to expected address */ if (result == STATE_OK && match_expected_address && strcmp(address, expected_address)) { @@ -172,6 +184,12 @@ main (int argc, char **argv) asprintf(&output, _("expected %s but got %s"), expected_address, address); } + /* check if authoritative */ + if (result == STATE_OK && expect_authority && non_authoritative) { + result = STATE_CRITICAL; + asprintf(&output, _("server %s is not authoritative for %s"), dns_server, query_address); + } + microsec = deltime (tv); elapsed_time = (double)microsec / 1.0e6; @@ -181,53 +199,64 @@ main (int argc, char **argv) else multi_address = TRUE; - printf ("%s %s: ", _("DNS"), _("OK")); - printf (ngettext("%.3f second response time, ", "%.3f seconds response time, ", elapsed_time), elapsed_time); + printf ("DNS %s: ", _("OK")); + printf (ngettext("%.3f second response time ", "%.3f seconds response time ", elapsed_time), elapsed_time); printf (_("%s returns %s"), query_address, address); - printf ("|%s\n", perfdata ("time", microsec, "us", FALSE, 0, FALSE, 0, TRUE, 0, FALSE, 0)); + printf ("|%s\n", fperfdata ("time", elapsed_time, "s", FALSE, 0, FALSE, 0, TRUE, 0, FALSE, 0)); } else if (result == STATE_WARNING) printf (_("DNS WARNING - %s\n"), - !strcmp (output, "") ? _(" Probably a non-existent host/domain") : output); + !strcmp (output, "") ? _(" Probably a non-existent host/domain") : output); else if (result == STATE_CRITICAL) printf (_("DNS CRITICAL - %s\n"), - !strcmp (output, "") ? _(" Probably a non-existent host/domain") : output); + !strcmp (output, "") ? _(" Probably a non-existent host/domain") : output); else - printf (_("DNS problem - %s\n"), - !strcmp (output, "") ? _(" Probably a non-existent host/domain") : output); + printf (_("DNS UNKNOW - %s\n"), + !strcmp (output, "") ? _(" Probably a non-existent host/domain") : output); return result; } + + int error_scan (char *input_buffer) { /* the DNS lookup timed out */ - if (strstr (input_buffer, "Note: nslookup is deprecated and may be removed from future releases.") || - strstr (input_buffer, "Consider using the `dig' or `host' programs instead. Run nslookup with") || - strstr (input_buffer, "the `-sil[ent]' option to prevent this message from appearing.")) + if (strstr (input_buffer, _("Note: nslookup is deprecated and may be removed from future releases.")) || + strstr (input_buffer, _("Consider using the `dig' or `host' programs instead. Run nslookup with")) || + strstr (input_buffer, _("the `-sil[ent]' option to prevent this message from appearing."))) return STATE_OK; /* DNS server is not running... */ else if (strstr (input_buffer, "No response from server")) - die (STATE_CRITICAL, _("No response from name server %s\n"), dns_server); + die (STATE_CRITICAL, _("No response from DNS %s\n"), dns_server); /* Host name is valid, but server doesn't have records... */ else if (strstr (input_buffer, "No records")) - die (STATE_CRITICAL, _("Name server %s has no records\n"), dns_server); + die (STATE_CRITICAL, _("DNS %s has no records\n"), dns_server); /* Connection was refused */ else if (strstr (input_buffer, "Connection refused") || + strstr (input_buffer, "Couldn't find server") || + strstr (input_buffer, "Refused") || (strstr (input_buffer, "** server can't find") && - strstr (input_buffer, ": REFUSED")) || - (strstr (input_buffer, "Refused"))) - die (STATE_CRITICAL, _("Connection to name server %s was refused\n"), dns_server); + strstr (input_buffer, ": REFUSED"))) + die (STATE_CRITICAL, _("Connection to DNS %s was refused\n"), dns_server); + + /* Query refused (usually by an ACL in the namserver) */ + else if (strstr (input_buffer, "Query refused")) + die (STATE_CRITICAL, _("Query was refused by DNS server at %s\n"), dns_server); + + /* No information (e.g. nameserver IP has two PTR records) */ + else if (strstr (input_buffer, "No information")) + die (STATE_CRITICAL, _("No information returned by DNS server at %s\n"), dns_server); /* Host or domain name does not exist */ else if (strstr (input_buffer, "Non-existent") || strstr (input_buffer, "** server can't find") || - strstr (input_buffer,"NXDOMAIN")) + strstr (input_buffer,"NXDOMAIN")) die (STATE_CRITICAL, _("Domain %s was not found by the server\n"), query_address); /* Network is unreachable */ @@ -236,7 +265,7 @@ error_scan (char *input_buffer) /* Internal server failure */ else if (strstr (input_buffer, "Server failure")) - die (STATE_CRITICAL, _("Server failure for %s\n"), dns_server); + die (STATE_CRITICAL, _("DNS failure for %s\n"), dns_server); /* Request error or the DNS lookup timed out */ else if (strstr (input_buffer, "Format error") || @@ -247,6 +276,7 @@ error_scan (char *input_buffer) } + /* process command-line arguments */ int process_arguments (int argc, char **argv) @@ -263,6 +293,7 @@ process_arguments (int argc, char **argv) {"server", required_argument, 0, 's'}, {"reverse-server", required_argument, 0, 'r'}, {"expected-address", required_argument, 0, 'a'}, + {"expect-authority", no_argument, 0, 'A'}, {0, 0, 0, 0} }; @@ -274,16 +305,14 @@ process_arguments (int argc, char **argv) strcpy (argv[c], "-t"); while (1) { - c = getopt_long (argc, argv, "hVvt:H:s:r:a:", long_opts, &opt_index); + c = getopt_long (argc, argv, "hVvAt:H:s:r:a:", long_opts, &opt_index); if (c == -1 || c == EOF) break; switch (c) { case '?': /* args not parsable */ - printf (_("%s: Unknown argument: %s\n\n"), progname, optarg); - print_usage (); - exit (STATE_UNKNOWN); + usage2 (_("Unknown argument"), optarg); case 'h': /* help */ print_help (); exit (STATE_OK); @@ -302,12 +331,10 @@ process_arguments (int argc, char **argv) strcpy (query_address, optarg); break; case 's': /* server name */ - /* TODO: this is_host check is probably unnecessary. Better to confirm nslookup - response matches */ + /* TODO: this is_host check is probably unnecessary. */ + /* Better to confirm nslookup response matches */ if (is_host (optarg) == FALSE) { - printf (_("Invalid server name/address\n\n")); - print_usage (); - exit (STATE_UNKNOWN); + usage2 (_("Invalid hostname/address"), optarg); } if (strlen (optarg) >= ADDRESS_LENGTH) die (STATE_UNKNOWN, _("Input buffer overflow\n")); @@ -316,9 +343,7 @@ process_arguments (int argc, char **argv) case 'r': /* reverse server name */ /* TODO: Is this is_host necessary? */ if (is_host (optarg) == FALSE) { - printf (_("Invalid host name/address\n\n")); - print_usage (); - exit (STATE_UNKNOWN); + usage2 (_("Invalid hostname/address"), optarg); } if (strlen (optarg) >= ADDRESS_LENGTH) die (STATE_UNKNOWN, _("Input buffer overflow\n")); @@ -330,6 +355,9 @@ process_arguments (int argc, char **argv) strcpy (expected_address, optarg); match_expected_address = TRUE; break; + case 'A': /* expect authority */ + expect_authority = TRUE; + break; } } @@ -343,7 +371,7 @@ process_arguments (int argc, char **argv) if (strlen(dns_server)==0 && c= ADDRESS_LENGTH) @@ -354,6 +382,7 @@ process_arguments (int argc, char **argv) return validate_arguments (); } + int validate_arguments () { @@ -364,17 +393,19 @@ validate_arguments () } - - - - void print_help (void) { print_revision (progname, revision); - printf (_("Copyright (c) 1999 Ethan Galstad \n")); - printf (_(COPYRIGHT), copyright, email); + printf ("Copyright (c) 1999 Ethan Galstad \n"); + printf (COPYRIGHT, copyright, email); + + printf (_("\ +This plugin uses the nslookup program to obtain the IP address\n\ +for the given host/domain query. A optional DNS server to use may\n\ +be specified. If no DNS server is specified, the default server(s)\n\ +specified in /etc/resolv.conf will be used.\n\n")); print_usage (); @@ -386,28 +417,19 @@ print_help (void) -s, --server=HOST\n\ Optional DNS server you want to use for the lookup\n\ -a, --expected-address=IP-ADDRESS\n\ - Optional IP address you expect the DNS server to return\n")); + Optional IP address you expect the DNS server to return\n\ +-A, --expect-authority\n\ + Optionally expect the DNS server to be authoritative for the lookup\n")); printf (_(UT_TIMEOUT), DEFAULT_SOCKET_TIMEOUT); - printf (_("\n\ -This plugin uses the nslookup program to obtain the IP address\n\ -for the given host/domain query. A optional DNS server to use may\n\ -be specified. If no DNS server is specified, the default server(s)\n\ -specified in /etc/resolv.conf will be used.\n")); - printf (_(UT_SUPPORT)); } - - void print_usage (void) { - printf (_("\ -Usage: %s -H host [-s server] [-a expected-address] [-t timeout]\n\ - %s --help\n\ - %s --version\n"), - progname, progname, progname); + printf ("\ +Usage: %s -H host [-s server] [-a expected-address] [-A] [-t timeout]\n", progname); }