![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 2f2460c637b53c0604ab6d31c23de961376f4d93..433c28e3f789dc246bd6383fd03174d30b5d2d2e 100644 (file)
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
#include <ctype.h>
#define INPUT_DELIMITER ";"
+#define STICKY_NONE 0
+#define STICKY_HOST 1
+#define STICKY_PORT 2
#define HTTP_EXPECT "HTTP/1."
enum {
int server_expect_yn = 0;
char server_expect[MAX_INPUT_BUFFER] = HTTP_EXPECT;
char string_expect[MAX_INPUT_BUFFER] = "";
-double warning_time = 0;
-int check_warning_time = FALSE;
-double critical_time = 0;
-int check_critical_time = FALSE;
+char output_string_search[30] = "";
+char *warning_thresholds = NULL;
+char *critical_thresholds = NULL;
+thresholds *thlds;
char user_auth[MAX_INPUT_BUFFER] = "";
+char proxy_auth[MAX_INPUT_BUFFER] = "";
int display_html = FALSE;
char **http_opt_headers;
int http_opt_headers_count = 0;
int onredirect = STATE_OK;
-int followsticky = 0;
+int followsticky = STICKY_NONE;
int use_ssl = FALSE;
+int use_sni = FALSE;
int verbose = FALSE;
int sd;
int min_page_len = 0;
char *p;
enum {
- INVERT_REGEX = CHAR_MAX + 1
+ INVERT_REGEX = CHAR_MAX + 1,
+ SNI_OPTION
};
int option = 0;
{"link", no_argument, 0, 'L'},
{"nohtml", no_argument, 0, 'n'},
{"ssl", no_argument, 0, 'S'},
+ {"sni", no_argument, 0, SNI_OPTION},
{"post", required_argument, 0, 'P'},
{"method", required_argument, 0, 'j'},
{"IP-address", required_argument, 0, 'I'},
{"url", required_argument, 0, 'u'},
{"port", required_argument, 0, 'p'},
{"authorization", required_argument, 0, 'a'},
+ {"proxy_authorization", required_argument, 0, 'b'},
{"string", required_argument, 0, 's'},
{"expect", required_argument, 0, 'e'},
{"regex", required_argument, 0, 'r'},
}
while (1) {
- c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:e:p:s:R:r:u:f:C:nlLSm:M:N", longopts, &option);
+ c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:e:p:s:R:r:u:f:C:nlLSm:M:N", longopts, &option);
if (c == -1 || c == EOF)
break;
socket_timeout = atoi (optarg);
break;
case 'c': /* critical time threshold */
- if (!is_nonnegative (optarg))
- usage2 (_("Critical threshold must be integer"), optarg);
- else {
- critical_time = strtod (optarg, NULL);
- check_critical_time = TRUE;
- }
+ critical_thresholds = optarg;
break;
case 'w': /* warning time threshold */
- if (!is_nonnegative (optarg))
- usage2 (_("Warning threshold must be integer"), optarg);
- else {
- warning_time = strtod (optarg, NULL);
- check_warning_time = TRUE;
- }
+ warning_thresholds = optarg;
break;
case 'A': /* User Agent String */
asprintf (&user_agent, "User-Agent: %s", optarg);
if (specify_port == FALSE)
server_port = HTTPS_PORT;
break;
+ case SNI_OPTION:
+ use_sni = TRUE;
+ break;
case 'f': /* onredirect */
- if (!strcmp (optarg, "sticky"))
- onredirect = STATE_DEPENDENT, followsticky = 1;
- if (!strcmp (optarg, "follow"))
- onredirect = STATE_DEPENDENT, followsticky = 0;
- if (!strcmp (optarg, "unknown"))
+ if (!strcmp (optarg, "stickyport"))
+ onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST|STICKY_PORT;
+ else if (!strcmp (optarg, "sticky"))
+ onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST;
+ else if (!strcmp (optarg, "follow"))
+ onredirect = STATE_DEPENDENT, followsticky = STICKY_NONE;
+ else if (!strcmp (optarg, "unknown"))
onredirect = STATE_UNKNOWN;
- if (!strcmp (optarg, "ok"))
+ else if (!strcmp (optarg, "ok"))
onredirect = STATE_OK;
- if (!strcmp (optarg, "warning"))
+ else if (!strcmp (optarg, "warning"))
onredirect = STATE_WARNING;
- if (!strcmp (optarg, "critical"))
+ else if (!strcmp (optarg, "critical"))
onredirect = STATE_CRITICAL;
+ else usage2 (_("Invalid onredirect option"), optarg);
if (verbose)
printf(_("option f:%d \n"), onredirect);
break;
strncpy (user_auth, optarg, MAX_INPUT_BUFFER - 1);
user_auth[MAX_INPUT_BUFFER - 1] = 0;
break;
+ case 'b': /* proxy-authorization info */
+ strncpy (proxy_auth, optarg, MAX_INPUT_BUFFER - 1);
+ proxy_auth[MAX_INPUT_BUFFER - 1] = 0;
+ break;
case 'P': /* HTTP POST data in URL encoded format; ignored if settings already */
if (! http_post_data)
http_post_data = strdup (optarg);
server_address = strdup (host_name);
}
- if (check_critical_time && critical_time>(double)socket_timeout)
- socket_timeout = (int)critical_time + 1;
+ set_thresholds(&thlds, warning_thresholds, critical_thresholds);
+
+ if (critical_thresholds && thlds->critical->end>(double)socket_timeout)
+ socket_timeout = (int)thlds->critical->end + 1;
if (http_method == NULL)
http_method = strdup ("GET");
/* Skip to the end of the header, including continuation lines. */
while (*s && !(*s == '\n' && (s[1] != ' ' && s[1] != '\t')))
s++;
- s++;
+
+ /* Avoid stepping over end-of-string marker */
+ if (*s)
+ s++;
/* Process this header. */
if (value && value > field+2) {
int i = 0;
size_t pagesize = 0;
char *full_page;
+ char *full_page_new;
char *buf;
char *pos;
long microsec;
die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
#ifdef HAVE_SSL
if (use_ssl == TRUE) {
- np_net_ssl_init(sd);
+ np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL));
if (check_cert == TRUE) {
result = np_net_ssl_check_cert(days_till_exp);
np_net_ssl_cleanup();
asprintf (&buf, "%sAuthorization: Basic %s\r\n", buf, auth);
}
+ /* optionally send the proxy authentication info */
+ if (strlen(proxy_auth)) {
+ base64_encode_alloc (proxy_auth, strlen (proxy_auth), &auth);
+ asprintf (&buf, "%sProxy-Authorization: Basic %s\r\n", buf, auth);
+ }
+
/* either send http POST data (any data, not only POST)*/
if (http_post_data) {
if (http_content_type) {
full_page = strdup("");
while ((i = my_recv (buffer, MAX_INPUT_BUFFER-1)) > 0) {
buffer[i] = '\0';
- asprintf (&full_page, "%s%s", full_page, buffer);
+ asprintf (&full_page_new, "%s%s", full_page, buffer);
+ free (full_page);
+ full_page = full_page_new;
pagesize += i;
if (no_body && document_headers_done (full_page)) {
#endif
if (sd) close(sd);
- /* reset the alarm */
- alarm (0);
-
/* Save check time */
microsec = deltime (tv);
elapsed_time = (double)microsec / 1.0e6;
} /* end else (server_expect_yn) */
+ /* reset the alarm - must be called *after* redir or we'll never die on redirects! */
+ alarm (0);
+
if (maximum_age >= 0) {
result = max_state_alt(check_document_dates(header, &msg), result);
}
if (strlen (string_expect)) {
if (!strstr (page, string_expect)) {
- asprintf (&msg, _("%sstring not found, "), msg);
+ strncpy(&output_string_search[0],string_expect,sizeof(output_string_search));
+ if(output_string_search[sizeof(output_string_search)-1]!='\0') {
+ bcopy("...",&output_string_search[sizeof(output_string_search)-4],4);
+ }
+ asprintf (&msg, _("%sstring '%s' not found on '%s://%s:%d%s', "), msg, output_string_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
result = STATE_CRITICAL;
}
}
(display_html ? "</A>" : ""),
perfd_time (elapsed_time), perfd_size (page_len));
- if (check_critical_time == TRUE && elapsed_time > critical_time)
- result = STATE_CRITICAL;
- if (check_warning_time == TRUE && elapsed_time > warning_time)
- result = max_state_alt(STATE_WARNING, result);
+ result = max_state_alt(get_status(elapsed_time, thlds), result);
die (result, "HTTP %s: %s\n", state_text(result), msg);
/* die failed? */
free (host_name);
host_name = strdup (addr);
- if (followsticky == 0) {
+ if (!(followsticky & STICKY_HOST)) {
free (server_address);
server_address = strdup (addr);
}
+ if (!(followsticky & STICKY_PORT)) {
+ server_port = i;
+ }
free (server_url);
server_url = url;
- if ((server_port = i) > MAX_PORT)
+ if (server_port > MAX_PORT)
die (STATE_UNKNOWN,
_("HTTP UNKNOWN - Redirection to port above %d - %s://%s:%d%s%s\n"),
MAX_PORT, server_type, server_address, server_port, server_url,
char *perfd_time (double elapsed_time)
{
return fperfdata ("time", elapsed_time, "s",
- check_warning_time, warning_time,
- check_critical_time, critical_time,
+ thlds->warning?TRUE:FALSE, thlds->warning?thlds->warning->end:0,
+ thlds->critical?TRUE:FALSE, thlds->critical?thlds->critical->end:0,
TRUE, 0, FALSE, 0);
}
printf ("\n");
- printf (_(UT_HELP_VRSN));
- printf (_(UT_EXTRA_OPTS));
+ printf (UT_HELP_VRSN);
+ printf (UT_EXTRA_OPTS);
printf (" %s\n", "-H, --hostname=ADDRESS");
printf (" %s\n", _("Host name argument for servers using host headers (virtual host)"));
printf (" %s", _("Port number (default: "));
printf ("%d)\n", HTTP_PORT);
- printf (_(UT_IPv46));
+ printf (UT_IPv46);
#ifdef HAVE_SSL
printf (" %s\n", "-S, --ssl");
- printf (" %s\n", _("Connect via SSL. Port defaults to 443"));
+ printf (" %s\n", _("Connect via SSL. Port defaults to 443"));
+ printf (" %s\n", "--sni");
+ printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
printf (" %s\n", "-C, --certificate=INTEGER");
- printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
- printf (" %s\n", _("(when this option is used the URL is not checked.)\n"));
+ printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
+ printf (" %s\n", _("(when this option is used the URL is not checked.)\n"));
#endif
printf (" %s\n", "-e, --expect=STRING");
printf (" %s\n", "-a, --authorization=AUTH_PAIR");
printf (" %s\n", _("Username:password on sites with basic authentication"));
+ printf (" %s\n", "-b, --proxy-authorization=AUTH_PAIR");
+ printf (" %s\n", _("Username:password on proxy-servers with basic authentication"));
printf (" %s\n", "-A, --useragent=STRING");
printf (" %s\n", _("String to be sent in http header as \"User Agent\""));
printf (" %s\n", "-k, --header=STRING");
- printf (" %s\n", _(" Any other tags to be sent in http header. Use multiple times for additional headers"));
+ printf (" %s\n", _("Any other tags to be sent in http header. Use multiple times for additional headers"));
printf (" %s\n", "-L, --link");
printf (" %s\n", _("Wrap output in HTML link (obsoleted by urlize)"));
- printf (" %s\n", "-f, --onredirect=<ok|warning|critical|follow|sticky>");
+ printf (" %s\n", "-f, --onredirect=<ok|warning|critical|follow|sticky|stickyport>");
printf (" %s\n", _("How to handle redirected pages. sticky is like follow but stick to the"));
- printf (" %s\n", _("specified IP address"));
+ printf (" %s\n", _("specified IP address. stickyport also ensures port stays the same."));
printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>");
printf (" %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)"));
- printf (_(UT_WARN_CRIT));
+ printf (UT_WARN_CRIT);
- printf (_(UT_TIMEOUT), DEFAULT_SOCKET_TIMEOUT);
+ printf (UT_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
- printf (_(UT_VERBOSE));
+ printf (UT_VERBOSE);
printf ("\n");
printf ("%s\n", _("Notes:"));
printf (" %s\n", _("messages from the host result in STATE_WARNING return values. If you are"));
printf (" %s\n", _("checking a virtual server that uses 'host headers' you must supply the FQDN"));
printf (" %s\n", _("(fully qualified domain name) as the [host_name] argument."));
- printf ("\n");
- printf (_(UT_EXTRA_OPTS_NOTES));
#ifdef HAVE_SSL
printf ("\n");
printf (" %s\n", _("the certificate is expired."));
#endif
- printf (_(UT_SUPPORT));
+ printf (UT_SUPPORT);
}
void
print_usage (void)
{
- printf (_("Usage:"));
+ printf ("%s\n", _("Usage:"));
printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
- printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L]\n");
- printf (" [-a auth] [-f <ok | warn | critcal | follow>] [-e <expect>]\n");
- printf (" [-s string] [-l] [-r <regex> | -R <case-insensitive regex>] [-P string]\n");
- printf (" [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>] [-A string]\n");
- printf (" [-k string] [-S] [-C <age>] [-T <content-type>] [-j method]\n");
+ printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-a auth]\n");
+ printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
+ printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
+ printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
+ printf (" [-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]\n");
+ printf (" [-j method]\n");
}