X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=plugins%2Fcheck_http.c;h=0a8910c318fa39a71c8a706b993dfe4bb23b0703;hb=aef79b7f411244385151880683651c884597e4eb;hp=620e1578097d1761d44e07937d1956d3809c0504;hpb=d00a53dd1e4b818f36dd8ef0ee9245445b0ee8e9;p=nagiosplug.git

diff --git a/plugins/check_http.c b/plugins/check_http.c
index 620e157..0a8910c 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -44,6 +44,9 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net";
 #include <ctype.h>
 
 #define INPUT_DELIMITER ";"
+#define STICKY_NONE 0
+#define STICKY_HOST 1
+#define STICKY_PORT 2
 
 #define HTTP_EXPECT "HTTP/1."
 enum {
@@ -102,12 +105,14 @@ int check_warning_time = FALSE;
 double critical_time = 0;
 int check_critical_time = FALSE;
 char user_auth[MAX_INPUT_BUFFER] = "";
+char proxy_auth[MAX_INPUT_BUFFER] = "";
 int display_html = FALSE;
 char **http_opt_headers;
 int http_opt_headers_count = 0;
 int onredirect = STATE_OK;
-int followsticky = 0;
+int followsticky = STICKY_NONE;
 int use_ssl = FALSE;
+int use_sni = FALSE;
 int verbose = FALSE;
 int sd;
 int min_page_len = 0;
@@ -174,7 +179,8 @@ process_arguments (int argc, char **argv)
   char *p;
 
   enum {
-    INVERT_REGEX = CHAR_MAX + 1
+    INVERT_REGEX = CHAR_MAX + 1,
+    SNI_OPTION
   };
 
   int option = 0;
@@ -183,12 +189,14 @@ process_arguments (int argc, char **argv)
     {"link", no_argument, 0, 'L'},
     {"nohtml", no_argument, 0, 'n'},
     {"ssl", no_argument, 0, 'S'},
+    {"sni", no_argument, 0, SNI_OPTION},
     {"post", required_argument, 0, 'P'},
     {"method", required_argument, 0, 'j'},
     {"IP-address", required_argument, 0, 'I'},
     {"url", required_argument, 0, 'u'},
     {"port", required_argument, 0, 'p'},
     {"authorization", required_argument, 0, 'a'},
+    {"proxy_authorization", required_argument, 0, 'b'},
     {"string", required_argument, 0, 's'},
     {"expect", required_argument, 0, 'e'},
     {"regex", required_argument, 0, 'r'},
@@ -226,7 +234,7 @@ process_arguments (int argc, char **argv)
   }
 
   while (1) {
-    c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:e:p:s:R:r:u:f:C:nlLSm:M:N", longopts, &option);
+    c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:e:p:s:R:r:u:f:C:nlLSm:M:N", longopts, &option);
     if (c == -1 || c == EOF)
       break;
 
@@ -299,19 +307,25 @@ process_arguments (int argc, char **argv)
       if (specify_port == FALSE)
         server_port = HTTPS_PORT;
       break;
+    case SNI_OPTION:
+      use_sni = TRUE;
+      break;
     case 'f': /* onredirect */
-      if (!strcmp (optarg, "sticky"))
-        onredirect = STATE_DEPENDENT, followsticky = 1;
-      if (!strcmp (optarg, "follow"))
-        onredirect = STATE_DEPENDENT, followsticky = 0;
-      if (!strcmp (optarg, "unknown"))
+      if (!strcmp (optarg, "stickyport"))
+        onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST|STICKY_PORT;
+      else if (!strcmp (optarg, "sticky"))
+        onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST;
+      else if (!strcmp (optarg, "follow"))
+        onredirect = STATE_DEPENDENT, followsticky = STICKY_NONE;
+      else if (!strcmp (optarg, "unknown"))
         onredirect = STATE_UNKNOWN;
-      if (!strcmp (optarg, "ok"))
+      else if (!strcmp (optarg, "ok"))
         onredirect = STATE_OK;
-      if (!strcmp (optarg, "warning"))
+      else if (!strcmp (optarg, "warning"))
         onredirect = STATE_WARNING;
-      if (!strcmp (optarg, "critical"))
+      else if (!strcmp (optarg, "critical"))
         onredirect = STATE_CRITICAL;
+      else usage2 (_("Invalid onredirect option"), optarg);
       if (verbose)
         printf(_("option f:%d \n"), onredirect);
       break;
@@ -344,6 +358,10 @@ process_arguments (int argc, char **argv)
       strncpy (user_auth, optarg, MAX_INPUT_BUFFER - 1);
       user_auth[MAX_INPUT_BUFFER - 1] = 0;
       break;
+    case 'b': /* proxy-authorization info */
+      strncpy (proxy_auth, optarg, MAX_INPUT_BUFFER - 1);
+      proxy_auth[MAX_INPUT_BUFFER - 1] = 0;
+      break;
     case 'P': /* HTTP POST data in URL encoded format; ignored if settings already */
       if (! http_post_data)
         http_post_data = strdup (optarg);
@@ -715,7 +733,10 @@ get_content_length (const char *headers)
     /* Skip to the end of the header, including continuation lines. */
     while (*s && !(*s == '\n' && (s[1] != ' ' && s[1] != '\t')))
       s++;
-    s++;
+
+    /* Avoid stepping over end-of-string marker */
+    if (*s)
+      s++;
 
     /* Process this header. */
     if (value && value > field+2) {
@@ -772,6 +793,7 @@ check_http (void)
   int i = 0;
   size_t pagesize = 0;
   char *full_page;
+  char *full_page_new;
   char *buf;
   char *pos;
   long microsec;
@@ -784,7 +806,7 @@ check_http (void)
     die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
 #ifdef HAVE_SSL
   if (use_ssl == TRUE) {
-    np_net_ssl_init(sd);
+    np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL));
     if (check_cert == TRUE) {
       result = np_net_ssl_check_cert(days_till_exp);
       np_net_ssl_cleanup();
@@ -794,7 +816,7 @@ check_http (void)
   }
 #endif /* HAVE_SSL */
 
-  asprintf (&buf, "%s %s HTTP/1.0\r\n%s\r\n", http_method, server_url, user_agent);
+  asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
 
   /* tell HTTP/1.1 servers not to keep the connection alive */
   asprintf (&buf, "%sConnection: close\r\n", buf);
@@ -830,6 +852,12 @@ check_http (void)
     asprintf (&buf, "%sAuthorization: Basic %s\r\n", buf, auth);
   }
 
+  /* optionally send the proxy authentication info */
+  if (strlen(proxy_auth)) {
+    base64_encode_alloc (proxy_auth, strlen (proxy_auth), &auth);
+    asprintf (&buf, "%sProxy-Authorization: Basic %s\r\n", buf, auth);
+  }
+
   /* either send http POST data (any data, not only POST)*/
   if (http_post_data) {
     if (http_content_type) {
@@ -853,7 +881,9 @@ check_http (void)
   full_page = strdup("");
   while ((i = my_recv (buffer, MAX_INPUT_BUFFER-1)) > 0) {
     buffer[i] = '\0';
-    asprintf (&full_page, "%s%s", full_page, buffer);
+    asprintf (&full_page_new, "%s%s", full_page, buffer);
+    free (full_page);
+    full_page = full_page_new;
     pagesize += i;
 
                 if (no_body && document_headers_done (full_page)) {
@@ -894,9 +924,6 @@ check_http (void)
 #endif
   if (sd) close(sd);
 
-  /* reset the alarm */
-  alarm (0);
-
   /* Save check time */
   microsec = deltime (tv);
   elapsed_time = (double)microsec / 1.0e6;
@@ -975,7 +1002,7 @@ check_http (void)
     }
     /* server errors result in a critical state */
     else if (http_status >= 500) {
-      asprintf (&msg, _("%s - "), msg, status_line);
+      asprintf (&msg, _("%s - "), status_line);
       result = STATE_CRITICAL;
     }
     /* client errors result in a warning state */
@@ -999,6 +1026,9 @@ check_http (void)
 
   } /* end else (server_expect_yn)  */
 
+  /* reset the alarm - must be called *after* redir or we'll never die on redirects! */
+  alarm (0);
+
   if (maximum_age >= 0) {
     result = max_state_alt(check_document_dates(header, &msg), result);
   }
@@ -1059,8 +1089,8 @@ check_http (void)
 
   /* check elapsed time */
   asprintf (&msg,
-            _("%s - %.3f second response time %s|%s %s"),
-            msg, elapsed_time,
+            _("%s - %d bytes in %.3f second response time %s|%s %s"),
+            msg, page_len, elapsed_time,
             (display_html ? "</A>" : ""),
             perfd_time (elapsed_time), perfd_size (page_len));
 
@@ -1103,7 +1133,7 @@ redir (char *pos, char *status_line)
 
   url = malloc (strcspn (pos, "\r\n"));
   if (url == NULL)
-    die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate url\n"));
+    die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate URL\n"));
 
   while (pos) {
     sscanf (pos, "%1[Ll]%*1[Oo]%*1[Cc]%*1[Aa]%*1[Tt]%*1[Ii]%*1[Oo]%*1[Nn]:%n", xx, &i);
@@ -1134,7 +1164,7 @@ redir (char *pos, char *status_line)
 
     url = realloc (url, strcspn (pos, "\r\n") + 1);
     if (url == NULL)
-      die (STATE_UNKNOWN, _("HTTP UNKNOWN - could not allocate url\n"));
+      die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate URL\n"));
 
     /* URI_HTTP, URI_HOST, URI_PORT, URI_PATH */
     if (sscanf (pos, HD1, type, addr, &i, url) == 4) {
@@ -1203,15 +1233,18 @@ redir (char *pos, char *status_line)
   free (host_name);
   host_name = strdup (addr);
 
-  if (followsticky == 0) {
+  if (!(followsticky & STICKY_HOST)) {
     free (server_address);
     server_address = strdup (addr);
   }
+  if (!(followsticky & STICKY_PORT)) {
+    server_port = i;
+  }
 
   free (server_url);
   server_url = url;
 
-  if ((server_port = i) > MAX_PORT)
+  if (server_port > MAX_PORT)
     die (STATE_UNKNOWN,
          _("HTTP UNKNOWN - Redirection to port above %d - %s://%s:%d%s%s\n"),
          MAX_PORT, server_type, server_address, server_port, server_url,
@@ -1299,9 +1332,11 @@ print_help (void)
 #ifdef HAVE_SSL
   printf (" %s\n", "-S, --ssl");
   printf ("   %s\n", _("Connect via SSL. Port defaults to 443"));
+  printf (" %s\n", "--sni");
+  printf ("   %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
   printf (" %s\n", "-C, --certificate=INTEGER");
   printf ("   %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
-  printf ("   %s\n", _("(when this option is used the url is not checked.)\n"));
+  printf ("   %s\n", _("(when this option is used the URL is not checked.)\n"));
 #endif
 
   printf (" %s\n", "-e, --expect=STRING");
@@ -1337,15 +1372,17 @@ print_help (void)
 
   printf (" %s\n", "-a, --authorization=AUTH_PAIR");
   printf ("    %s\n", _("Username:password on sites with basic authentication"));
+  printf (" %s\n", "-b, --proxy-authorization=AUTH_PAIR");
+  printf (" 	%s\n", _("Username:password on proxy-servers with basic authentication"));
   printf (" %s\n", "-A, --useragent=STRING");
   printf ("    %s\n", _("String to be sent in http header as \"User Agent\""));
   printf (" %s\n", "-k, --header=STRING");
   printf ("    %s\n", _(" Any other tags to be sent in http header. Use multiple times for additional headers"));
   printf (" %s\n", "-L, --link");
   printf ("    %s\n", _("Wrap output in HTML link (obsoleted by urlize)"));
-  printf (" %s\n", "-f, --onredirect=<ok|warning|critical|follow|sticky>");
+  printf (" %s\n", "-f, --onredirect=<ok|warning|critical|follow|sticky|stickyport>");
   printf ("    %s\n", _("How to handle redirected pages. sticky is like follow but stick to the"));
-  printf ("    %s\n", _("specified IP address"));
+  printf ("    %s\n", _("specified IP address. stickyport also ensure post stays the same."));
   printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>");
   printf ("    %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)"));
 
@@ -1397,9 +1434,10 @@ print_usage (void)
 {
   printf (_("Usage:"));
   printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
-  printf ("       [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L]\n");
-  printf ("       [-a auth] [-f <ok | warn | critcal | follow>] [-e <expect>]\n");
-  printf ("       [-s string] [-l] [-r <regex> | -R <case-insensitive regex>] [-P string]\n");
-  printf ("       [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>] [-A string]\n");
-  printf ("       [-k string] [-S] [-C <age>] [-T <content-type>] [-j method]\n");
+  printf ("       [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-a auth]\n");
+  printf ("       [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
+  printf ("       [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
+  printf ("       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
+  printf ("       [-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]\n");
+  printf ("       [-j method]\n");
 }