X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=plugins%2Fcheck_http.c;h=6370e32b823c3f050b65d0bde0e2038604461410;hb=bfe20df4a54f9b173e87cf2b13db0998a6303335;hp=248c0f94d3b652c27c3b38f0c366c99a500a4aeb;hpb=6b8502bee6f426eb7c3239c346c909c948bc3e77;p=nagiosplug.git diff --git a/plugins/check_http.c b/plugins/check_http.c index 248c0f9..6370e32 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c @@ -44,6 +44,9 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net"; #include #define INPUT_DELIMITER ";" +#define STICKY_NONE 0 +#define STICKY_HOST 1 +#define STICKY_PORT 2 #define HTTP_EXPECT "HTTP/1." enum { @@ -97,17 +100,20 @@ int server_url_length; int server_expect_yn = 0; char server_expect[MAX_INPUT_BUFFER] = HTTP_EXPECT; char string_expect[MAX_INPUT_BUFFER] = ""; +char output_string_search[30] = ""; double warning_time = 0; int check_warning_time = FALSE; double critical_time = 0; int check_critical_time = FALSE; char user_auth[MAX_INPUT_BUFFER] = ""; +char proxy_auth[MAX_INPUT_BUFFER] = ""; int display_html = FALSE; char **http_opt_headers; int http_opt_headers_count = 0; int onredirect = STATE_OK; -int followsticky = 0; +int followsticky = STICKY_NONE; int use_ssl = FALSE; +int use_sni = FALSE; int verbose = FALSE; int sd; int min_page_len = 0; @@ -174,7 +180,8 @@ process_arguments (int argc, char **argv) char *p; enum { - INVERT_REGEX = CHAR_MAX + 1 + INVERT_REGEX = CHAR_MAX + 1, + SNI_OPTION }; int option = 0; @@ -183,12 +190,14 @@ process_arguments (int argc, char **argv) {"link", no_argument, 0, 'L'}, {"nohtml", no_argument, 0, 'n'}, {"ssl", no_argument, 0, 'S'}, + {"sni", no_argument, 0, SNI_OPTION}, {"post", required_argument, 0, 'P'}, {"method", required_argument, 0, 'j'}, {"IP-address", required_argument, 0, 'I'}, {"url", required_argument, 0, 'u'}, {"port", required_argument, 0, 'p'}, {"authorization", required_argument, 0, 'a'}, + {"proxy_authorization", required_argument, 0, 'b'}, {"string", required_argument, 0, 's'}, {"expect", required_argument, 0, 'e'}, {"regex", required_argument, 0, 'r'}, @@ -226,7 +235,7 @@ process_arguments (int argc, char **argv) } while (1) { - c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:e:p:s:R:r:u:f:C:nlLSm:M:N", longopts, &option); + c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:e:p:s:R:r:u:f:C:nlLSm:M:N", longopts, &option); if (c == -1 || c == EOF) break; @@ -299,19 +308,25 @@ process_arguments (int argc, char **argv) if (specify_port == FALSE) server_port = HTTPS_PORT; break; + case SNI_OPTION: + use_sni = TRUE; + break; case 'f': /* onredirect */ - if (!strcmp (optarg, "sticky")) - onredirect = STATE_DEPENDENT, followsticky = 1; - if (!strcmp (optarg, "follow")) - onredirect = STATE_DEPENDENT, followsticky = 0; - if (!strcmp (optarg, "unknown")) + if (!strcmp (optarg, "stickyport")) + onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST|STICKY_PORT; + else if (!strcmp (optarg, "sticky")) + onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST; + else if (!strcmp (optarg, "follow")) + onredirect = STATE_DEPENDENT, followsticky = STICKY_NONE; + else if (!strcmp (optarg, "unknown")) onredirect = STATE_UNKNOWN; - if (!strcmp (optarg, "ok")) + else if (!strcmp (optarg, "ok")) onredirect = STATE_OK; - if (!strcmp (optarg, "warning")) + else if (!strcmp (optarg, "warning")) onredirect = STATE_WARNING; - if (!strcmp (optarg, "critical")) + else if (!strcmp (optarg, "critical")) onredirect = STATE_CRITICAL; + else usage2 (_("Invalid onredirect option"), optarg); if (verbose) printf(_("option f:%d \n"), onredirect); break; @@ -344,6 +359,10 @@ process_arguments (int argc, char **argv) strncpy (user_auth, optarg, MAX_INPUT_BUFFER - 1); user_auth[MAX_INPUT_BUFFER - 1] = 0; break; + case 'b': /* proxy-authorization info */ + strncpy (proxy_auth, optarg, MAX_INPUT_BUFFER - 1); + proxy_auth[MAX_INPUT_BUFFER - 1] = 0; + break; case 'P': /* HTTP POST data in URL encoded format; ignored if settings already */ if (! http_post_data) http_post_data = strdup (optarg); @@ -715,7 +734,10 @@ get_content_length (const char *headers) /* Skip to the end of the header, including continuation lines. */ while (*s && !(*s == '\n' && (s[1] != ' ' && s[1] != '\t'))) s++; - s++; + + /* Avoid stepping over end-of-string marker */ + if (*s) + s++; /* Process this header. */ if (value && value > field+2) { @@ -772,6 +794,7 @@ check_http (void) int i = 0; size_t pagesize = 0; char *full_page; + char *full_page_new; char *buf; char *pos; long microsec; @@ -784,7 +807,7 @@ check_http (void) die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); #ifdef HAVE_SSL if (use_ssl == TRUE) { - np_net_ssl_init(sd); + np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL)); if (check_cert == TRUE) { result = np_net_ssl_check_cert(days_till_exp); np_net_ssl_cleanup(); @@ -794,7 +817,7 @@ check_http (void) } #endif /* HAVE_SSL */ - asprintf (&buf, "%s %s HTTP/1.0\r\n%s\r\n", http_method, server_url, user_agent); + asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent); /* tell HTTP/1.1 servers not to keep the connection alive */ asprintf (&buf, "%sConnection: close\r\n", buf); @@ -830,6 +853,12 @@ check_http (void) asprintf (&buf, "%sAuthorization: Basic %s\r\n", buf, auth); } + /* optionally send the proxy authentication info */ + if (strlen(proxy_auth)) { + base64_encode_alloc (proxy_auth, strlen (proxy_auth), &auth); + asprintf (&buf, "%sProxy-Authorization: Basic %s\r\n", buf, auth); + } + /* either send http POST data (any data, not only POST)*/ if (http_post_data) { if (http_content_type) { @@ -853,7 +882,9 @@ check_http (void) full_page = strdup(""); while ((i = my_recv (buffer, MAX_INPUT_BUFFER-1)) > 0) { buffer[i] = '\0'; - asprintf (&full_page, "%s%s", full_page, buffer); + asprintf (&full_page_new, "%s%s", full_page, buffer); + free (full_page); + full_page = full_page_new; pagesize += i; if (no_body && document_headers_done (full_page)) { @@ -894,9 +925,6 @@ check_http (void) #endif if (sd) close(sd); - /* reset the alarm */ - alarm (0); - /* Save check time */ microsec = deltime (tv); elapsed_time = (double)microsec / 1.0e6; @@ -999,6 +1027,9 @@ check_http (void) } /* end else (server_expect_yn) */ + /* reset the alarm - must be called *after* redir or we'll never die on redirects! */ + alarm (0); + if (maximum_age >= 0) { result = max_state_alt(check_document_dates(header, &msg), result); } @@ -1007,7 +1038,11 @@ check_http (void) if (strlen (string_expect)) { if (!strstr (page, string_expect)) { - asprintf (&msg, _("%sstring not found, "), msg); + strncpy(&output_string_search[0],string_expect,sizeof(output_string_search)); + if(output_string_search[sizeof(output_string_search)-1]!='\0') { + bcopy("...",&output_string_search[sizeof(output_string_search)-4],4); + } + asprintf (&msg, _("%sstring '%s' not found on '%s://%s:%d%s', "), msg, output_string_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url); result = STATE_CRITICAL; } } @@ -1203,15 +1238,18 @@ redir (char *pos, char *status_line) free (host_name); host_name = strdup (addr); - if (followsticky == 0) { + if (!(followsticky & STICKY_HOST)) { free (server_address); server_address = strdup (addr); } + if (!(followsticky & STICKY_PORT)) { + server_port = i; + } free (server_url); server_url = url; - if ((server_port = i) > MAX_PORT) + if (server_port > MAX_PORT) die (STATE_UNKNOWN, _("HTTP UNKNOWN - Redirection to port above %d - %s://%s:%d%s%s\n"), MAX_PORT, server_type, server_address, server_port, server_url, @@ -1282,8 +1320,8 @@ print_help (void) printf ("\n"); - printf (_(UT_HELP_VRSN)); - printf (_(UT_EXTRA_OPTS)); + printf (UT_HELP_VRSN); + printf (UT_EXTRA_OPTS); printf (" %s\n", "-H, --hostname=ADDRESS"); printf (" %s\n", _("Host name argument for servers using host headers (virtual host)")); @@ -1294,11 +1332,13 @@ print_help (void) printf (" %s", _("Port number (default: ")); printf ("%d)\n", HTTP_PORT); - printf (_(UT_IPv46)); + printf (UT_IPv46); #ifdef HAVE_SSL printf (" %s\n", "-S, --ssl"); printf (" %s\n", _("Connect via SSL. Port defaults to 443")); + printf (" %s\n", "--sni"); + printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); printf (" %s\n", "-C, --certificate=INTEGER"); printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); printf (" %s\n", _("(when this option is used the URL is not checked.)\n")); @@ -1337,23 +1377,25 @@ print_help (void) printf (" %s\n", "-a, --authorization=AUTH_PAIR"); printf (" %s\n", _("Username:password on sites with basic authentication")); + printf (" %s\n", "-b, --proxy-authorization=AUTH_PAIR"); + printf (" %s\n", _("Username:password on proxy-servers with basic authentication")); printf (" %s\n", "-A, --useragent=STRING"); printf (" %s\n", _("String to be sent in http header as \"User Agent\"")); printf (" %s\n", "-k, --header=STRING"); printf (" %s\n", _(" Any other tags to be sent in http header. Use multiple times for additional headers")); printf (" %s\n", "-L, --link"); printf (" %s\n", _("Wrap output in HTML link (obsoleted by urlize)")); - printf (" %s\n", "-f, --onredirect="); + printf (" %s\n", "-f, --onredirect="); printf (" %s\n", _("How to handle redirected pages. sticky is like follow but stick to the")); - printf (" %s\n", _("specified IP address")); + printf (" %s\n", _("specified IP address. stickyport also ensures port stays the same.")); printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>"); printf (" %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)")); - printf (_(UT_WARN_CRIT)); + printf (UT_WARN_CRIT); - printf (_(UT_TIMEOUT), DEFAULT_SOCKET_TIMEOUT); + printf (UT_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); - printf (_(UT_VERBOSE)); + printf (UT_VERBOSE); printf ("\n"); printf ("%s\n", _("Notes:")); @@ -1363,8 +1405,6 @@ print_help (void) printf (" %s\n", _("messages from the host result in STATE_WARNING return values. If you are")); printf (" %s\n", _("checking a virtual server that uses 'host headers' you must supply the FQDN")); printf (" %s\n", _("(fully qualified domain name) as the [host_name] argument.")); - printf ("\n"); - printf (_(UT_EXTRA_OPTS_NOTES)); #ifdef HAVE_SSL printf ("\n"); @@ -1386,7 +1426,7 @@ print_help (void) printf (" %s\n", _("the certificate is expired.")); #endif - printf (_(UT_SUPPORT)); + printf (UT_SUPPORT); } @@ -1395,11 +1435,12 @@ print_help (void) void print_usage (void) { - printf (_("Usage:")); + printf ("%s\n", _("Usage:")); printf (" %s -H | -I [-u ] [-p ]\n",progname); - printf (" [-w ] [-c ] [-t ] [-L]\n"); - printf (" [-a auth] [-f ] [-e ]\n"); - printf (" [-s string] [-l] [-r | -R ] [-P string]\n"); - printf (" [-m :] [-4|-6] [-N] [-M ] [-A string]\n"); - printf (" [-k string] [-S] [-C ] [-T ] [-j method]\n"); + printf (" [-w ] [-c ] [-t ] [-L] [-a auth]\n"); + printf (" [-b proxy_auth] [-f ]\n"); + printf (" [-e ] [-s string] [-l] [-r | -R ]\n"); + printf (" [-P string] [-m :] [-4|-6] [-N] [-M ]\n"); + printf (" [-A string] [-k string] [-S] [--sni] [-C ] [-T ]\n"); + printf (" [-j method]\n"); }