![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/plugins/check_http.c b/plugins/check_http.c
index b4e60041f0fc1d27cb3b1f06007720590c1f05a3..433c28e3f789dc246bd6383fd03174d30b5d2d2e 100644 (file)
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
int server_expect_yn = 0;
char server_expect[MAX_INPUT_BUFFER] = HTTP_EXPECT;
char string_expect[MAX_INPUT_BUFFER] = "";
-double warning_time = 0;
-int check_warning_time = FALSE;
-double critical_time = 0;
-int check_critical_time = FALSE;
+char output_string_search[30] = "";
+char *warning_thresholds = NULL;
+char *critical_thresholds = NULL;
+thresholds *thlds;
char user_auth[MAX_INPUT_BUFFER] = "";
char proxy_auth[MAX_INPUT_BUFFER] = "";
int display_html = FALSE;
int onredirect = STATE_OK;
int followsticky = STICKY_NONE;
int use_ssl = FALSE;
+int use_sni = FALSE;
int verbose = FALSE;
int sd;
int min_page_len = 0;
char *p;
enum {
- INVERT_REGEX = CHAR_MAX + 1
+ INVERT_REGEX = CHAR_MAX + 1,
+ SNI_OPTION
};
int option = 0;
{"link", no_argument, 0, 'L'},
{"nohtml", no_argument, 0, 'n'},
{"ssl", no_argument, 0, 'S'},
+ {"sni", no_argument, 0, SNI_OPTION},
{"post", required_argument, 0, 'P'},
{"method", required_argument, 0, 'j'},
{"IP-address", required_argument, 0, 'I'},
socket_timeout = atoi (optarg);
break;
case 'c': /* critical time threshold */
- if (!is_nonnegative (optarg))
- usage2 (_("Critical threshold must be integer"), optarg);
- else {
- critical_time = strtod (optarg, NULL);
- check_critical_time = TRUE;
- }
+ critical_thresholds = optarg;
break;
case 'w': /* warning time threshold */
- if (!is_nonnegative (optarg))
- usage2 (_("Warning threshold must be integer"), optarg);
- else {
- warning_time = strtod (optarg, NULL);
- check_warning_time = TRUE;
- }
+ warning_thresholds = optarg;
break;
case 'A': /* User Agent String */
asprintf (&user_agent, "User-Agent: %s", optarg);
if (specify_port == FALSE)
server_port = HTTPS_PORT;
break;
+ case SNI_OPTION:
+ use_sni = TRUE;
+ break;
case 'f': /* onredirect */
if (!strcmp (optarg, "stickyport"))
onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST|STICKY_PORT;
server_address = strdup (host_name);
}
- if (check_critical_time && critical_time>(double)socket_timeout)
- socket_timeout = (int)critical_time + 1;
+ set_thresholds(&thlds, warning_thresholds, critical_thresholds);
+
+ if (critical_thresholds && thlds->critical->end>(double)socket_timeout)
+ socket_timeout = (int)thlds->critical->end + 1;
if (http_method == NULL)
http_method = strdup ("GET");
/* Skip to the end of the header, including continuation lines. */
while (*s && !(*s == '\n' && (s[1] != ' ' && s[1] != '\t')))
s++;
- s++;
+
+ /* Avoid stepping over end-of-string marker */
+ if (*s)
+ s++;
/* Process this header. */
if (value && value > field+2) {
int i = 0;
size_t pagesize = 0;
char *full_page;
+ char *full_page_new;
char *buf;
char *pos;
long microsec;
die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
#ifdef HAVE_SSL
if (use_ssl == TRUE) {
- np_net_ssl_init_with_hostname(sd, host_name);
+ np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL));
if (check_cert == TRUE) {
result = np_net_ssl_check_cert(days_till_exp);
np_net_ssl_cleanup();
full_page = strdup("");
while ((i = my_recv (buffer, MAX_INPUT_BUFFER-1)) > 0) {
buffer[i] = '\0';
- asprintf (&full_page, "%s%s", full_page, buffer);
+ asprintf (&full_page_new, "%s%s", full_page, buffer);
+ free (full_page);
+ full_page = full_page_new;
pagesize += i;
if (no_body && document_headers_done (full_page)) {
if (strlen (string_expect)) {
if (!strstr (page, string_expect)) {
- asprintf (&msg, _("%sstring not found, "), msg);
+ strncpy(&output_string_search[0],string_expect,sizeof(output_string_search));
+ if(output_string_search[sizeof(output_string_search)-1]!='\0') {
+ bcopy("...",&output_string_search[sizeof(output_string_search)-4],4);
+ }
+ asprintf (&msg, _("%sstring '%s' not found on '%s://%s:%d%s', "), msg, output_string_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
result = STATE_CRITICAL;
}
}
(display_html ? "</A>" : ""),
perfd_time (elapsed_time), perfd_size (page_len));
- if (check_critical_time == TRUE && elapsed_time > critical_time)
- result = STATE_CRITICAL;
- if (check_warning_time == TRUE && elapsed_time > warning_time)
- result = max_state_alt(STATE_WARNING, result);
+ result = max_state_alt(get_status(elapsed_time, thlds), result);
die (result, "HTTP %s: %s\n", state_text(result), msg);
/* die failed? */
char *perfd_time (double elapsed_time)
{
return fperfdata ("time", elapsed_time, "s",
- check_warning_time, warning_time,
- check_critical_time, critical_time,
+ thlds->warning?TRUE:FALSE, thlds->warning?thlds->warning->end:0,
+ thlds->critical?TRUE:FALSE, thlds->critical?thlds->critical->end:0,
TRUE, 0, FALSE, 0);
}
printf ("\n");
- printf (_(UT_HELP_VRSN));
- printf (_(UT_EXTRA_OPTS));
+ printf (UT_HELP_VRSN);
+ printf (UT_EXTRA_OPTS);
printf (" %s\n", "-H, --hostname=ADDRESS");
printf (" %s\n", _("Host name argument for servers using host headers (virtual host)"));
printf (" %s", _("Port number (default: "));
printf ("%d)\n", HTTP_PORT);
- printf (_(UT_IPv46));
+ printf (UT_IPv46);
#ifdef HAVE_SSL
printf (" %s\n", "-S, --ssl");
- printf (" %s\n", _("Connect via SSL. Port defaults to 443"));
+ printf (" %s\n", _("Connect via SSL. Port defaults to 443"));
+ printf (" %s\n", "--sni");
+ printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
printf (" %s\n", "-C, --certificate=INTEGER");
- printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
- printf (" %s\n", _("(when this option is used the URL is not checked.)\n"));
+ printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
+ printf (" %s\n", _("(when this option is used the URL is not checked.)\n"));
#endif
printf (" %s\n", "-e, --expect=STRING");
printf (" %s\n", "-a, --authorization=AUTH_PAIR");
printf (" %s\n", _("Username:password on sites with basic authentication"));
printf (" %s\n", "-b, --proxy-authorization=AUTH_PAIR");
- printf (" %s\n", _("Username:password on proxy-servers with basic authentication"));
+ printf (" %s\n", _("Username:password on proxy-servers with basic authentication"));
printf (" %s\n", "-A, --useragent=STRING");
printf (" %s\n", _("String to be sent in http header as \"User Agent\""));
printf (" %s\n", "-k, --header=STRING");
- printf (" %s\n", _(" Any other tags to be sent in http header. Use multiple times for additional headers"));
+ printf (" %s\n", _("Any other tags to be sent in http header. Use multiple times for additional headers"));
printf (" %s\n", "-L, --link");
printf (" %s\n", _("Wrap output in HTML link (obsoleted by urlize)"));
printf (" %s\n", "-f, --onredirect=<ok|warning|critical|follow|sticky|stickyport>");
printf (" %s\n", _("How to handle redirected pages. sticky is like follow but stick to the"));
- printf (" %s\n", _("specified IP address. stickyport also ensure post stays the same."));
+ printf (" %s\n", _("specified IP address. stickyport also ensures port stays the same."));
printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>");
printf (" %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)"));
- printf (_(UT_WARN_CRIT));
+ printf (UT_WARN_CRIT);
- printf (_(UT_TIMEOUT), DEFAULT_SOCKET_TIMEOUT);
+ printf (UT_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
- printf (_(UT_VERBOSE));
+ printf (UT_VERBOSE);
printf ("\n");
printf ("%s\n", _("Notes:"));
printf (" %s\n", _("messages from the host result in STATE_WARNING return values. If you are"));
printf (" %s\n", _("checking a virtual server that uses 'host headers' you must supply the FQDN"));
printf (" %s\n", _("(fully qualified domain name) as the [host_name] argument."));
- printf ("\n");
- printf (_(UT_EXTRA_OPTS_NOTES));
#ifdef HAVE_SSL
printf ("\n");
printf (" %s\n", _("the certificate is expired."));
#endif
- printf (_(UT_SUPPORT));
+ printf (UT_SUPPORT);
}
void
print_usage (void)
{
- printf (_("Usage:"));
+ printf ("%s\n", _("Usage:"));
printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
- printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L]\n");
- printf (" [-a auth] [-b proxy_auth] [-f <ok | warn | critcal | follow | sticky | stickyport>]\n");
+ printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-a auth]\n");
+ printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
- printf (" [-A string] [-k string] [-S] [-C <age>] [-T <content-type>] [-j method]\n");
+ printf (" [-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]\n");
+ printf (" [-j method]\n");
}