X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=plugins%2Fcheck_http.c;h=6c53f7ad495e0bb2d264de080b1e5ffc202babff;hb=25d1ee331dbe4977a4a1a756c67f32bd51d9b070;hp=5a859f98774bafa8513cbe64d91bb08fdfd277d2;hpb=e7cdcfee2a6025b41f67ead5020df3965ef05a98;p=nagiosplug.git diff --git a/plugins/check_http.c b/plugins/check_http.c index 5a859f9..6c53f7a 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c @@ -105,12 +105,14 @@ int check_warning_time = FALSE; double critical_time = 0; int check_critical_time = FALSE; char user_auth[MAX_INPUT_BUFFER] = ""; +char proxy_auth[MAX_INPUT_BUFFER] = ""; int display_html = FALSE; char **http_opt_headers; int http_opt_headers_count = 0; int onredirect = STATE_OK; int followsticky = STICKY_NONE; int use_ssl = FALSE; +int use_sni = FALSE; int verbose = FALSE; int sd; int min_page_len = 0; @@ -177,7 +179,8 @@ process_arguments (int argc, char **argv) char *p; enum { - INVERT_REGEX = CHAR_MAX + 1 + INVERT_REGEX = CHAR_MAX + 1, + SNI_OPTION }; int option = 0; @@ -186,12 +189,14 @@ process_arguments (int argc, char **argv) {"link", no_argument, 0, 'L'}, {"nohtml", no_argument, 0, 'n'}, {"ssl", no_argument, 0, 'S'}, + {"sni", no_argument, 0, SNI_OPTION}, {"post", required_argument, 0, 'P'}, {"method", required_argument, 0, 'j'}, {"IP-address", required_argument, 0, 'I'}, {"url", required_argument, 0, 'u'}, {"port", required_argument, 0, 'p'}, {"authorization", required_argument, 0, 'a'}, + {"proxy_authorization", required_argument, 0, 'b'}, {"string", required_argument, 0, 's'}, {"expect", required_argument, 0, 'e'}, {"regex", required_argument, 0, 'r'}, @@ -229,7 +234,7 @@ process_arguments (int argc, char **argv) } while (1) { - c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:e:p:s:R:r:u:f:C:nlLSm:M:N", longopts, &option); + c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:e:p:s:R:r:u:f:C:nlLSm:M:N", longopts, &option); if (c == -1 || c == EOF) break; @@ -302,21 +307,25 @@ process_arguments (int argc, char **argv) if (specify_port == FALSE) server_port = HTTPS_PORT; break; + case SNI_OPTION: + use_sni = TRUE; + break; case 'f': /* onredirect */ if (!strcmp (optarg, "stickyport")) onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST|STICKY_PORT; - if (!strcmp (optarg, "sticky")) + else if (!strcmp (optarg, "sticky")) onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST; - if (!strcmp (optarg, "follow")) + else if (!strcmp (optarg, "follow")) onredirect = STATE_DEPENDENT, followsticky = STICKY_NONE; - if (!strcmp (optarg, "unknown")) + else if (!strcmp (optarg, "unknown")) onredirect = STATE_UNKNOWN; - if (!strcmp (optarg, "ok")) + else if (!strcmp (optarg, "ok")) onredirect = STATE_OK; - if (!strcmp (optarg, "warning")) + else if (!strcmp (optarg, "warning")) onredirect = STATE_WARNING; - if (!strcmp (optarg, "critical")) + else if (!strcmp (optarg, "critical")) onredirect = STATE_CRITICAL; + else usage2 (_("Invalid onredirect option"), optarg); if (verbose) printf(_("option f:%d \n"), onredirect); break; @@ -349,6 +358,10 @@ process_arguments (int argc, char **argv) strncpy (user_auth, optarg, MAX_INPUT_BUFFER - 1); user_auth[MAX_INPUT_BUFFER - 1] = 0; break; + case 'b': /* proxy-authorization info */ + strncpy (proxy_auth, optarg, MAX_INPUT_BUFFER - 1); + proxy_auth[MAX_INPUT_BUFFER - 1] = 0; + break; case 'P': /* HTTP POST data in URL encoded format; ignored if settings already */ if (! http_post_data) http_post_data = strdup (optarg); @@ -720,7 +733,10 @@ get_content_length (const char *headers) /* Skip to the end of the header, including continuation lines. */ while (*s && !(*s == '\n' && (s[1] != ' ' && s[1] != '\t'))) s++; - s++; + + /* Avoid stepping over end-of-string marker */ + if (*s) + s++; /* Process this header. */ if (value && value > field+2) { @@ -777,6 +793,7 @@ check_http (void) int i = 0; size_t pagesize = 0; char *full_page; + char *full_page_new; char *buf; char *pos; long microsec; @@ -789,7 +806,7 @@ check_http (void) die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); #ifdef HAVE_SSL if (use_ssl == TRUE) { - np_net_ssl_init(sd); + np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL)); if (check_cert == TRUE) { result = np_net_ssl_check_cert(days_till_exp); np_net_ssl_cleanup(); @@ -835,6 +852,12 @@ check_http (void) asprintf (&buf, "%sAuthorization: Basic %s\r\n", buf, auth); } + /* optionally send the proxy authentication info */ + if (strlen(proxy_auth)) { + base64_encode_alloc (proxy_auth, strlen (proxy_auth), &auth); + asprintf (&buf, "%sProxy-Authorization: Basic %s\r\n", buf, auth); + } + /* either send http POST data (any data, not only POST)*/ if (http_post_data) { if (http_content_type) { @@ -858,7 +881,9 @@ check_http (void) full_page = strdup(""); while ((i = my_recv (buffer, MAX_INPUT_BUFFER-1)) > 0) { buffer[i] = '\0'; - asprintf (&full_page, "%s%s", full_page, buffer); + asprintf (&full_page_new, "%s%s", full_page, buffer); + free (full_page); + full_page = full_page_new; pagesize += i; if (no_body && document_headers_done (full_page)) { @@ -1290,8 +1315,8 @@ print_help (void) printf ("\n"); - printf (_(UT_HELP_VRSN)); - printf (_(UT_EXTRA_OPTS)); + printf (UT_HELP_VRSN); + printf (UT_EXTRA_OPTS); printf (" %s\n", "-H, --hostname=ADDRESS"); printf (" %s\n", _("Host name argument for servers using host headers (virtual host)")); @@ -1302,11 +1327,13 @@ print_help (void) printf (" %s", _("Port number (default: ")); printf ("%d)\n", HTTP_PORT); - printf (_(UT_IPv46)); + printf (UT_IPv46); #ifdef HAVE_SSL printf (" %s\n", "-S, --ssl"); printf (" %s\n", _("Connect via SSL. Port defaults to 443")); + printf (" %s\n", "--sni"); + printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); printf (" %s\n", "-C, --certificate=INTEGER"); printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); printf (" %s\n", _("(when this option is used the URL is not checked.)\n")); @@ -1345,6 +1372,8 @@ print_help (void) printf (" %s\n", "-a, --authorization=AUTH_PAIR"); printf (" %s\n", _("Username:password on sites with basic authentication")); + printf (" %s\n", "-b, --proxy-authorization=AUTH_PAIR"); + printf (" %s\n", _("Username:password on proxy-servers with basic authentication")); printf (" %s\n", "-A, --useragent=STRING"); printf (" %s\n", _("String to be sent in http header as \"User Agent\"")); printf (" %s\n", "-k, --header=STRING"); @@ -1357,11 +1386,11 @@ print_help (void) printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>"); printf (" %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)")); - printf (_(UT_WARN_CRIT)); + printf (UT_WARN_CRIT); - printf (_(UT_TIMEOUT), DEFAULT_SOCKET_TIMEOUT); + printf (UT_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); - printf (_(UT_VERBOSE)); + printf (UT_VERBOSE); printf ("\n"); printf ("%s\n", _("Notes:")); @@ -1372,7 +1401,7 @@ print_help (void) printf (" %s\n", _("checking a virtual server that uses 'host headers' you must supply the FQDN")); printf (" %s\n", _("(fully qualified domain name) as the [host_name] argument.")); printf ("\n"); - printf (_(UT_EXTRA_OPTS_NOTES)); + printf (UT_EXTRA_OPTS_NOTES); #ifdef HAVE_SSL printf ("\n"); @@ -1394,7 +1423,7 @@ print_help (void) printf (" %s\n", _("the certificate is expired.")); #endif - printf (_(UT_SUPPORT)); + printf (UT_SUPPORT); } @@ -1405,9 +1434,10 @@ print_usage (void) { printf (_("Usage:")); printf (" %s -H | -I [-u ] [-p ]\n",progname); - printf (" [-w ] [-c ] [-t ] [-L]\n"); - printf (" [-a auth] [-f ] [-e ]\n"); - printf (" [-s string] [-l] [-r | -R ] [-P string]\n"); - printf (" [-m :] [-4|-6] [-N] [-M ] [-A string]\n"); - printf (" [-k string] [-S] [-C ] [-T ] [-j method]\n"); + printf (" [-w ] [-c ] [-t ] [-L] [-a auth]\n"); + printf (" [-b proxy_auth] [-f ]\n"); + printf (" [-e ] [-s string] [-l] [-r | -R ]\n"); + printf (" [-P string] [-m :] [-4|-6] [-N] [-M ]\n"); + printf (" [-A string] [-k string] [-S] [--sni] [-C ] [-T ]\n"); + printf (" [-j method]\n"); }