![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 5e33ec86113e485a55a24b1750e3ef6aea799bab..6c53f7ad495e0bb2d264de080b1e5ffc202babff 100644 (file)
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
-/******************************************************************************
-*
+/*****************************************************************************
+*
* Nagios check_http plugin
-*
+*
* License: GPL
-* Copyright (c) 1999-2006 nagios-plugins team
-*
-* Last Modified: $Date$
-*
+* Copyright (c) 1999-2008 Nagios Plugins Development Team
+*
* Description:
-*
+*
* This file contains the check_http plugin
-*
-* This plugin tests the HTTP service on the specified host. It can test
-* normal (http) and secure (https) servers, follow redirects, search for
-* strings and regular expressions, check connection times, and report on
-* certificate expiration times.
-*
-*
-* License Information:
-*
-* This program is free software; you can redistribute it and/or modify
+*
+* This plugin tests the HTTP service on the specified host. It can test
+* normal (http) and secure (https) servers, follow redirects, search for
+* strings and regular expressions, check connection times, and report on
+* certificate expiration times.
+*
+*
+* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
-* the Free Software Foundation; either version 2 of the License, or
+* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
-*
+*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
-*
+*
* You should have received a copy of the GNU General Public License
-* along with this program; if not, write to the Free Software
-* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+* along with this program. If not, see <http://www.gnu.org/licenses/>.
+*
+*
+*****************************************************************************/
- $Id$
-
-******************************************************************************/
/* splint -I. -I../../plugins -I../../lib/ -I/usr/kerberos/include/ ../../plugins/check_http.c */
const char *progname = "check_http";
-const char *revision = "$Revision$";
-const char *copyright = "1999-2006";
+const char *copyright = "1999-2008";
const char *email = "nagiosplug-devel@lists.sourceforge.net";
#include "common.h"
#include "netutils.h"
#include "utils.h"
+#include "base64.h"
+#include <ctype.h>
#define INPUT_DELIMITER ";"
+#define STICKY_NONE 0
+#define STICKY_HOST 1
+#define STICKY_PORT 2
#define HTTP_EXPECT "HTTP/1."
enum {
MAX_IPV4_HOSTLENGTH = 255,
HTTP_PORT = 80,
- HTTPS_PORT = 443
+ HTTPS_PORT = 443,
+ MAX_PORT = 65535
};
#ifdef HAVE_SSL
double critical_time = 0;
int check_critical_time = FALSE;
char user_auth[MAX_INPUT_BUFFER] = "";
+char proxy_auth[MAX_INPUT_BUFFER] = "";
int display_html = FALSE;
char **http_opt_headers;
int http_opt_headers_count = 0;
int onredirect = STATE_OK;
+int followsticky = STICKY_NONE;
int use_ssl = FALSE;
+int use_sni = FALSE;
int verbose = FALSE;
int sd;
int min_page_len = 0;
char buffer[MAX_INPUT_BUFFER];
int process_arguments (int, char **);
-static char *base64 (const char *bin, size_t len);
int check_http (void);
void redir (char *pos, char *status_line);
int server_type_check(const char *type);
{
int result = STATE_UNKNOWN;
+ setlocale (LC_ALL, "");
+ bindtextdomain (PACKAGE, LOCALEDIR);
+ textdomain (PACKAGE);
+
/* Set default URL. Must be malloced for subsequent realloc if --onredirect=follow */
server_url = strdup(HTTP_URL);
server_url_length = strlen(server_url);
- asprintf (&user_agent, "User-Agent: check_http/%s (nagios-plugins %s)",
- clean_revstring (revision), VERSION);
+ asprintf (&user_agent, "User-Agent: check_http/v%s (nagios-plugins %s)",
+ NP_VERSION, VERSION);
+
+ /* Parse extra opts if any */
+ argv=np_extra_opts (&argc, argv, progname);
if (process_arguments (argc, argv) == ERROR)
usage4 (_("Could not parse arguments"));
if (display_html == TRUE)
- printf ("<A HREF=\"%s://%s:%d%s\" target=\"_blank\">",
- use_ssl ? "https" : "http", host_name,
+ printf ("<A HREF=\"%s://%s:%d%s\" target=\"_blank\">",
+ use_ssl ? "https" : "http", host_name ? host_name : server_address,
server_port, server_url);
/* initialize alarm signal handling, set socket timeout, start timer */
process_arguments (int argc, char **argv)
{
int c = 1;
+ char *p;
enum {
- INVERT_REGEX = CHAR_MAX + 1
+ INVERT_REGEX = CHAR_MAX + 1,
+ SNI_OPTION
};
int option = 0;
{"link", no_argument, 0, 'L'},
{"nohtml", no_argument, 0, 'n'},
{"ssl", no_argument, 0, 'S'},
+ {"sni", no_argument, 0, SNI_OPTION},
{"post", required_argument, 0, 'P'},
+ {"method", required_argument, 0, 'j'},
{"IP-address", required_argument, 0, 'I'},
{"url", required_argument, 0, 'u'},
{"port", required_argument, 0, 'p'},
{"authorization", required_argument, 0, 'a'},
+ {"proxy_authorization", required_argument, 0, 'b'},
{"string", required_argument, 0, 's'},
{"expect", required_argument, 0, 'e'},
{"regex", required_argument, 0, 'r'},
}
while (1) {
- c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:T:I:a:e:p:s:R:r:u:f:C:nlLSm:M:N", longopts, &option);
+ c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:e:p:s:R:r:u:f:C:nlLSm:M:N", longopts, &option);
if (c == -1 || c == EOF)
break;
exit (STATE_OK);
break;
case 'V': /* version */
- print_revision (progname, revision);
+ print_revision (progname, NP_VERSION);
exit (STATE_OK);
break;
case 't': /* timeout period */
if (specify_port == FALSE)
server_port = HTTPS_PORT;
break;
+ case SNI_OPTION:
+ use_sni = TRUE;
+ break;
case 'f': /* onredirect */
- if (!strcmp (optarg, "follow"))
- onredirect = STATE_DEPENDENT;
- if (!strcmp (optarg, "unknown"))
+ if (!strcmp (optarg, "stickyport"))
+ onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST|STICKY_PORT;
+ else if (!strcmp (optarg, "sticky"))
+ onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST;
+ else if (!strcmp (optarg, "follow"))
+ onredirect = STATE_DEPENDENT, followsticky = STICKY_NONE;
+ else if (!strcmp (optarg, "unknown"))
onredirect = STATE_UNKNOWN;
- if (!strcmp (optarg, "ok"))
+ else if (!strcmp (optarg, "ok"))
onredirect = STATE_OK;
- if (!strcmp (optarg, "warning"))
+ else if (!strcmp (optarg, "warning"))
onredirect = STATE_WARNING;
- if (!strcmp (optarg, "critical"))
+ else if (!strcmp (optarg, "critical"))
onredirect = STATE_CRITICAL;
+ else usage2 (_("Invalid onredirect option"), optarg);
if (verbose)
- printf(_("option f:%d \n"), onredirect);
+ printf(_("option f:%d \n"), onredirect);
break;
/* Note: H, I, and u must be malloc'd or will fail on redirects */
case 'H': /* Host Name (virtual host) */
host_name = strdup (optarg);
- if (strstr (optarg, ":"))
- sscanf (optarg, "%*[^:]:%d", &server_port);
+ if (host_name[0] == '[') {
+ if ((p = strstr (host_name, "]:")) != NULL) /* [IPv6]:port */
+ server_port = atoi (p + 2);
+ } else if ((p = strchr (host_name, ':')) != NULL
+ && strchr (++p, ':') == NULL) /* IPv4:port or host:port */
+ server_port = atoi (p);
break;
case 'I': /* Server IP-address */
server_address = strdup (optarg);
strncpy (user_auth, optarg, MAX_INPUT_BUFFER - 1);
user_auth[MAX_INPUT_BUFFER - 1] = 0;
break;
- case 'P': /* HTTP POST data in URL encoded format */
- if (http_method || http_post_data) break;
- http_method = strdup("POST");
- http_post_data = strdup (optarg);
+ case 'b': /* proxy-authorization info */
+ strncpy (proxy_auth, optarg, MAX_INPUT_BUFFER - 1);
+ proxy_auth[MAX_INPUT_BUFFER - 1] = 0;
+ break;
+ case 'P': /* HTTP POST data in URL encoded format; ignored if settings already */
+ if (! http_post_data)
+ http_post_data = strdup (optarg);
+ if (! http_method)
+ http_method = strdup("POST");
+ break;
+ case 'j': /* Set HTTP method */
+ if (http_method)
+ free(http_method);
+ http_method = strdup (optarg);
break;
case 's': /* string or substring */
strncpy (string_expect, optarg, MAX_INPUT_BUFFER - 1);
exit (STATE_WARNING);
} else
max_page_len = atoi(tmp);
- } else
+ } else
min_page_len = atoi (optarg);
break;
}
-/* written by lauri alanko */
-static char *
-base64 (const char *bin, size_t len)
-{
-
- char *buf = (char *) malloc ((len + 2) / 3 * 4 + 1);
- size_t i = 0, j = 0;
-
- char BASE64_END = '=';
- char base64_table[64];
- strncpy (base64_table, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", 64);
-
- while (j < len - 2) {
- buf[i++] = base64_table[bin[j] >> 2];
- buf[i++] = base64_table[((bin[j] & 3) << 4) | (bin[j + 1] >> 4)];
- buf[i++] = base64_table[((bin[j + 1] & 15) << 2) | (bin[j + 2] >> 6)];
- buf[i++] = base64_table[bin[j + 2] & 63];
- j += 3;
- }
-
- switch (len - j) {
- case 1:
- buf[i++] = base64_table[bin[j] >> 2];
- buf[i++] = base64_table[(bin[j] & 3) << 4];
- buf[i++] = BASE64_END;
- buf[i++] = BASE64_END;
- break;
- case 2:
- buf[i++] = base64_table[bin[j] >> 2];
- buf[i++] = base64_table[((bin[j] & 3) << 4) | (bin[j + 1] >> 4)];
- buf[i++] = base64_table[(bin[j + 1] & 15) << 2];
- buf[i++] = BASE64_END;
- break;
- case 0:
- break;
- }
-
- buf[i] = '\0';
- return buf;
-}
-
-
-
/* Returns 1 if we're done processing the document body; 0 to keep going */
static int
document_headers_done (char *full_page)
if (tm.tm_mon < 0 || tm.tm_mday < 1 || tm.tm_mday > 31)
return 0;
- /*
+ /*
This is actually wrong: we need to subtract the local timezone
offset from GMT from this value. But, that's ok in this usage,
because we only comparing these two GMT dates against each other,
}
}
+/* Checks if the server 'reply' is one of the expected 'statuscodes' */
+static int
+expected_statuscode (const char *reply, const char *statuscodes)
+{
+ char *expected, *code;
+ int result = 0;
+
+ if ((expected = strdup (statuscodes)) == NULL)
+ die (STATE_UNKNOWN, _("HTTP UNKNOWN - Memory allocation error\n"));
+
+ for (code = strtok (expected, ","); code != NULL; code = strtok (NULL, ","))
+ if (strstr (reply, code) != NULL) {
+ result = 1;
+ break;
+ }
+ free (expected);
+ return result;
+}
-static void
-check_document_dates (const char *headers)
+static int
+check_document_dates (const char *headers, char **msg)
{
const char *s;
char *server_date = 0;
char *document_date = 0;
+ int date_result = STATE_OK;
s = headers;
while (*s) {
/* Skip to the end of the header, including continuation lines. */
while (*s && !(*s == '\n' && (s[1] != ' ' && s[1] != '\t')))
s++;
- s++;
+
+ /* Avoid stepping over end-of-string marker */
+ if (*s)
+ s++;
/* Process this header. */
if (value && value > field+2) {
/* Done parsing the body. Now check the dates we (hopefully) parsed. */
if (!server_date || !*server_date) {
- die (STATE_UNKNOWN, _("HTTP UNKNOWN - Server date unknown\n"));
+ asprintf (msg, _("%sServer date unknown, "), *msg);
+ date_result = max_state_alt(STATE_UNKNOWN, date_result);
} else if (!document_date || !*document_date) {
- die (STATE_CRITICAL, _("HTTP CRITICAL - Document modification date unknown\n"));
+ asprintf (msg, _("%sDocument modification date unknown, "), *msg);
+ date_result = max_state_alt(STATE_CRITICAL, date_result);
} else {
time_t srv_data = parse_time_string (server_date);
time_t doc_data = parse_time_string (document_date);
if (srv_data <= 0) {
- die (STATE_CRITICAL, _("HTTP CRITICAL - Server date \"%100s\" unparsable"), server_date);
+ asprintf (msg, _("%sServer date \"%100s\" unparsable, "), *msg, server_date);
+ date_result = max_state_alt(STATE_CRITICAL, date_result);
} else if (doc_data <= 0) {
- die (STATE_CRITICAL, _("HTTP CRITICAL - Document date \"%100s\" unparsable"), document_date);
+ asprintf (msg, _("%sDocument date \"%100s\" unparsable, "), *msg, document_date);
+ date_result = max_state_alt(STATE_CRITICAL, date_result);
} else if (doc_data > srv_data + 30) {
- die (STATE_CRITICAL, _("HTTP CRITICAL - Document is %d seconds in the future\n"), (int)doc_data - (int)srv_data);
+ asprintf (msg, _("%sDocument is %d seconds in the future, "), *msg, (int)doc_data - (int)srv_data);
+ date_result = max_state_alt(STATE_CRITICAL, date_result);
} else if (doc_data < srv_data - maximum_age) {
- int n = (srv_data - doc_data);
- if (n > (60 * 60 * 24 * 2))
- die (STATE_CRITICAL,
- _("HTTP CRITICAL - Last modified %.1f days ago\n"),
- ((float) n) / (60 * 60 * 24));
- else
- die (STATE_CRITICAL,
- _("HTTP CRITICAL - Last modified %d:%02d:%02d ago\n"),
- n / (60 * 60), (n / 60) % 60, n % 60);
+ int n = (srv_data - doc_data);
+ if (n > (60 * 60 * 24 * 2)) {
+ asprintf (msg, _("%sLast modified %.1f days ago, "), *msg, ((float) n) / (60 * 60 * 24));
+ date_result = max_state_alt(STATE_CRITICAL, date_result);
+ } else {
+ asprintf (msg, _("%sLast modified %d:%02d:%02d ago, "), *msg, n / (60 * 60), (n / 60) % 60, n % 60);
+ date_result = max_state_alt(STATE_CRITICAL, date_result);
+ }
}
-
free (server_date);
free (document_date);
}
+ return date_result;
}
int
/* Skip to the end of the header, including continuation lines. */
while (*s && !(*s == '\n' && (s[1] != ' ' && s[1] != '\t')))
s++;
- s++;
+
+ /* Avoid stepping over end-of-string marker */
+ if (*s)
+ s++;
/* Process this header. */
if (value && value > field+2) {
return (content_length);
}
+char *
+prepend_slash (char *path)
+{
+ char *newpath;
+
+ if (path[0] == '/')
+ return path;
+
+ if ((newpath = malloc (strlen(path) + 2)) == NULL)
+ die (STATE_UNKNOWN, _("HTTP UNKNOWN - Memory allocation error\n"));
+ newpath[0] = '/';
+ strcpy (newpath + 1, path);
+ free (path);
+ return newpath;
+}
+
int
check_http (void)
{
int i = 0;
size_t pagesize = 0;
char *full_page;
+ char *full_page_new;
char *buf;
char *pos;
long microsec;
double elapsed_time;
int page_len = 0;
- int result = STATE_UNKNOWN;
+ int result = STATE_OK;
/* try to connect to the host at the given port number */
if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK)
die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
#ifdef HAVE_SSL
if (use_ssl == TRUE) {
- np_net_ssl_init(sd);
+ np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL));
if (check_cert == TRUE) {
result = np_net_ssl_check_cert(days_till_exp);
np_net_ssl_cleanup();
- if(sd) close(sd);
+ if (sd) close(sd);
return result;
}
}
#endif /* HAVE_SSL */
- asprintf (&buf, "%s %s HTTP/1.0\r\n%s\r\n", http_method, server_url, user_agent);
+ asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
+
+ /* tell HTTP/1.1 servers not to keep the connection alive */
+ asprintf (&buf, "%sConnection: close\r\n", buf);
/* optionally send the host header info */
- if (host_name)
- asprintf (&buf, "%sHost: %s\r\n", buf, host_name);
+ if (host_name) {
+ /*
+ * Specify the port only if we're using a non-default port (see RFC 2616,
+ * 14.23). Some server applications/configurations cause trouble if the
+ * (default) port is explicitly specified in the "Host:" header line.
+ */
+ if ((use_ssl == FALSE && server_port == HTTP_PORT) ||
+ (use_ssl == TRUE && server_port == HTTPS_PORT))
+ asprintf (&buf, "%sHost: %s\r\n", buf, host_name);
+ else
+ asprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, server_port);
+ }
/* optionally send any other header tag */
if (http_opt_headers_count) {
for ((pos = strtok(http_opt_headers[i], INPUT_DELIMITER)); pos; (pos = strtok(NULL, INPUT_DELIMITER)))
asprintf (&buf, "%s%s\r\n", buf, pos);
}
- free(http_opt_headers);
+ /* This cannot be free'd here because a redirection will then try to access this and segfault */
+ /* Covered in a testcase in tests/check_http.t */
+ /* free(http_opt_headers); */
}
/* optionally send the authentication info */
if (strlen(user_auth)) {
- auth = base64 (user_auth, strlen (user_auth));
+ base64_encode_alloc (user_auth, strlen (user_auth), &auth);
asprintf (&buf, "%sAuthorization: Basic %s\r\n", buf, auth);
}
- /* either send http POST data */
+ /* optionally send the proxy authentication info */
+ if (strlen(proxy_auth)) {
+ base64_encode_alloc (proxy_auth, strlen (proxy_auth), &auth);
+ asprintf (&buf, "%sProxy-Authorization: Basic %s\r\n", buf, auth);
+ }
+
+ /* either send http POST data (any data, not only POST)*/
if (http_post_data) {
if (http_content_type) {
asprintf (&buf, "%sContent-Type: %s\r\n", buf, http_content_type);
} else {
asprintf (&buf, "%sContent-Type: application/x-www-form-urlencoded\r\n", buf);
}
-
+
asprintf (&buf, "%sContent-Length: %i\r\n\r\n", buf, (int)strlen (http_post_data));
asprintf (&buf, "%s%s%s", buf, http_post_data, CRLF);
}
full_page = strdup("");
while ((i = my_recv (buffer, MAX_INPUT_BUFFER-1)) > 0) {
buffer[i] = '\0';
- asprintf (&full_page, "%s%s", full_page, buffer);
+ asprintf (&full_page_new, "%s%s", full_page, buffer);
+ free (full_page);
+ full_page = full_page_new;
pagesize += i;
if (no_body && document_headers_done (full_page)) {
#ifdef HAVE_SSL
np_net_ssl_cleanup();
#endif
- if(sd) close(sd);
+ if (sd) close(sd);
- /* reset the alarm */
- alarm (0);
+ /* Save check time */
+ microsec = deltime (tv);
+ elapsed_time = (double)microsec / 1.0e6;
/* leave full_page untouched so we can free it later */
page = full_page;
(no_body ? " [[ skipped ]]" : page));
/* make sure the status line matches the response we are looking for */
- if (!strstr (status_line, server_expect)) {
+ if (!expected_statuscode (status_line, server_expect)) {
if (server_port == HTTP_PORT)
asprintf (&msg,
- _("Invalid HTTP response received from host\n"));
+ _("Invalid HTTP response received from host: %s\n"),
+ status_line);
else
asprintf (&msg,
- _("Invalid HTTP response received from host on port %d\n"),
- server_port);
+ _("Invalid HTTP response received from host on port %d: %s\n"),
+ server_port, status_line);
die (STATE_CRITICAL, "HTTP CRITICAL - %s", msg);
}
- /* Exit here if server_expect was set by user and not default */
+ /* Bypass normal status line check if server_expect was set by user and not default */
+ /* NOTE: After this if/else block msg *MUST* be an asprintf-allocated string */
if ( server_expect_yn ) {
asprintf (&msg,
- _("HTTP OK: Status line output matched \"%s\"\n"),
- server_expect);
+ _("Status line output matched \"%s\" - "), server_expect);
if (verbose)
printf ("%s\n",msg);
}
/* check the return code */
- if (http_status >= 600 || http_status < 100)
+ if (http_status >= 600 || http_status < 100) {
die (STATE_CRITICAL, _("HTTP CRITICAL: Invalid Status (%s)\n"), status_line);
-
+ }
/* server errors result in a critical state */
- else if (http_status >= 500)
- die (STATE_CRITICAL, _("HTTP CRITICAL: %s\n"), status_line);
-
+ else if (http_status >= 500) {
+ asprintf (&msg, _("%s - "), status_line);
+ result = STATE_CRITICAL;
+ }
/* client errors result in a warning state */
- else if (http_status >= 400)
- die (STATE_WARNING, _("HTTP WARNING: %s\n"), status_line);
-
+ else if (http_status >= 400) {
+ asprintf (&msg, _("%s - "), status_line);
+ result = max_state_alt(STATE_WARNING, result);
+ }
/* check redirected page if specified */
else if (http_status >= 300) {
if (onredirect == STATE_DEPENDENT)
redir (header, status_line);
- else if (onredirect == STATE_UNKNOWN)
- printf (_("HTTP UNKNOWN"));
- else if (onredirect == STATE_OK)
- printf (_("HTTP OK"));
- else if (onredirect == STATE_WARNING)
- printf (_("HTTP WARNING"));
- else if (onredirect == STATE_CRITICAL)
- printf (_("HTTP CRITICAL"));
- microsec = deltime (tv);
- elapsed_time = (double)microsec / 1.0e6;
- die (onredirect,
- _(" - %s - %.3f second response time %s|%s %s\n"),
- status_line, elapsed_time,
- (display_html ? "</A>" : ""),
- perfd_time (elapsed_time), perfd_size (pagesize));
+ else
+ result = max_state_alt(onredirect, result);
+ asprintf (&msg, _("%s - "), status_line);
} /* end if (http_status >= 300) */
+ else {
+ /* Print OK status anyway */
+ asprintf (&msg, _("%s - "), status_line);
+ }
} /* end else (server_expect_yn) */
-
- if (maximum_age >= 0) {
- check_document_dates (header);
- }
- /* check elapsed time */
- microsec = deltime (tv);
- elapsed_time = (double)microsec / 1.0e6;
- asprintf (&msg,
- _("HTTP WARNING: %s - %.3f second response time %s|%s %s\n"),
- status_line, elapsed_time,
- (display_html ? "</A>" : ""),
- perfd_time (elapsed_time), perfd_size (pagesize));
- if (check_critical_time == TRUE && elapsed_time > critical_time)
- die (STATE_CRITICAL, "%s", msg);
- if (check_warning_time == TRUE && elapsed_time > warning_time)
- die (STATE_WARNING, "%s", msg);
+ /* reset the alarm - must be called *after* redir or we'll never die on redirects! */
+ alarm (0);
+
+ if (maximum_age >= 0) {
+ result = max_state_alt(check_document_dates(header, &msg), result);
+ }
/* Page and Header content checks go here */
- /* these checks should be last */
if (strlen (string_expect)) {
- if (strstr (page, string_expect)) {
- printf (_("HTTP OK %s - %.3f second response time %s|%s %s\n"),
- status_line, elapsed_time,
- (display_html ? "</A>" : ""),
- perfd_time (elapsed_time), perfd_size (pagesize));
- exit (STATE_OK);
- }
- else {
- printf (_("HTTP CRITICAL - string not found%s|%s %s\n"),
- (display_html ? "</A>" : ""),
- perfd_time (elapsed_time), perfd_size (pagesize));
- exit (STATE_CRITICAL);
+ if (!strstr (page, string_expect)) {
+ asprintf (&msg, _("%sstring not found, "), msg);
+ result = STATE_CRITICAL;
}
}
if (strlen (regexp)) {
errcode = regexec (&preg, page, REGS, pmatch, 0);
if ((errcode == 0 && invert_regex == 0) || (errcode == REG_NOMATCH && invert_regex == 1)) {
- printf (_("HTTP OK %s - %.3f second response time %s|%s %s\n"),
- status_line, elapsed_time,
- (display_html ? "</A>" : ""),
- perfd_time (elapsed_time), perfd_size (pagesize));
- exit (STATE_OK);
+ /* OK - No-op to avoid changing the logic around it */
+ result = max_state_alt(STATE_OK, result);
}
else if ((errcode == REG_NOMATCH && invert_regex == 0) || (errcode == 0 && invert_regex == 1)) {
- if (invert_regex == 0)
- msg = strdup(_("pattern not found"));
- else
- msg = strdup(_("pattern found"));
- printf (("%s - %s%s|%s %s\n"),
- _("HTTP CRITICAL"),
- msg,
- (display_html ? "</A>" : ""),
- perfd_time (elapsed_time), perfd_size (pagesize));
- exit (STATE_CRITICAL);
+ if (invert_regex == 0)
+ asprintf (&msg, _("%spattern not found, "), msg);
+ else
+ asprintf (&msg, _("%spattern found, "), msg);
+ result = STATE_CRITICAL;
}
else {
+ /* FIXME: Shouldn't that be UNKNOWN? */
regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
- printf (_("HTTP CRITICAL - Execute Error: %s\n"), errbuf);
- exit (STATE_CRITICAL);
+ asprintf (&msg, _("%sExecute Error: %s, "), msg, errbuf);
+ result = STATE_CRITICAL;
}
}
/* make sure the page is of an appropriate size */
/* page_len = get_content_length(header); */
+ /* FIXME: Will this work with -N ? IMHO we should use
+ * get_content_length(header) and always check if it's different than the
+ * returned pagesize
+ */
+ /* FIXME: IIRC pagesize returns headers - shouldn't we make
+ * it == get_content_length(header) ??
+ */
page_len = pagesize;
if ((max_page_len > 0) && (page_len > max_page_len)) {
- printf (_("HTTP WARNING: page size %d too large%s|%s\n"),
- page_len, (display_html ? "</A>" : ""), perfd_size (page_len) );
- exit (STATE_WARNING);
+ asprintf (&msg, _("%spage size %d too large, "), msg, page_len);
+ result = max_state_alt(STATE_WARNING, result);
} else if ((min_page_len > 0) && (page_len < min_page_len)) {
- printf (_("HTTP WARNING: page size %d too small%s|%s\n"),
- page_len, (display_html ? "</A>" : ""), perfd_size (page_len) );
- exit (STATE_WARNING);
+ asprintf (&msg, _("%spage size %d too small, "), msg, page_len);
+ result = max_state_alt(STATE_WARNING, result);
}
- /* We only get here if all tests have been passed */
- asprintf (&msg, _("HTTP OK %s - %d bytes in %.3f seconds %s|%s %s\n"),
- status_line, page_len, elapsed_time,
+
+ /* Cut-off trailing characters */
+ if(msg[strlen(msg)-2] == ',')
+ msg[strlen(msg)-2] = '\0';
+ else
+ msg[strlen(msg)-3] = '\0';
+
+ /* check elapsed time */
+ asprintf (&msg,
+ _("%s - %d bytes in %.3f second response time %s|%s %s"),
+ msg, page_len, elapsed_time,
(display_html ? "</A>" : ""),
perfd_time (elapsed_time), perfd_size (page_len));
- die (STATE_OK, "%s", msg);
+
+ if (check_critical_time == TRUE && elapsed_time > critical_time)
+ result = STATE_CRITICAL;
+ if (check_warning_time == TRUE && elapsed_time > warning_time)
+ result = max_state_alt(STATE_WARNING, result);
+
+ die (result, "HTTP %s: %s\n", state_text(result), msg);
+ /* die failed? */
return STATE_UNKNOWN;
}
/* per RFC 2396 */
-#define HDR_LOCATION "%*[Ll]%*[Oo]%*[Cc]%*[Aa]%*[Tt]%*[Ii]%*[Oo]%*[Nn]: "
-#define URI_HTTP "%[HTPShtps]://"
-#define URI_HOST "%[-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]"
-#define URI_PORT ":%[0123456789]"
+#define URI_HTTP "%5[HTPShtps]"
+#define URI_HOST "%255[-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]"
+#define URI_PORT "%6d" /* MAX_PORT's width is 5 chars, 6 to detect overflow */
#define URI_PATH "%[-_.!~*'();/?:@&=+$,%#abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]"
-#define HD1 URI_HTTP URI_HOST URI_PORT URI_PATH
-#define HD2 URI_HTTP URI_HOST URI_PATH
-#define HD3 URI_HTTP URI_HOST URI_PORT
-#define HD4 URI_HTTP URI_HOST
+#define HD1 URI_HTTP "://" URI_HOST ":" URI_PORT "/" URI_PATH
+#define HD2 URI_HTTP "://" URI_HOST "/" URI_PATH
+#define HD3 URI_HTTP "://" URI_HOST ":" URI_PORT
+#define HD4 URI_HTTP "://" URI_HOST
#define HD5 URI_PATH
void
char xx[2];
char type[6];
char *addr;
- char port[6];
char *url;
addr = malloc (MAX_IPV4_HOSTLENGTH + 1);
if (addr == NULL)
die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate addr\n"));
-
+
url = malloc (strcspn (pos, "\r\n"));
if (url == NULL)
- die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate url\n"));
+ die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate URL\n"));
while (pos) {
- sscanf (pos, "%[Ll]%*[Oo]%*[Cc]%*[Aa]%*[Tt]%*[Ii]%*[Oo]%*[Nn]:%n", xx, &i);
+ sscanf (pos, "%1[Ll]%*1[Oo]%*1[Cc]%*1[Aa]%*1[Tt]%*1[Ii]%*1[Oo]%*1[Nn]:%n", xx, &i);
if (i == 0) {
pos += (size_t) strcspn (pos, "\r\n");
pos += (size_t) strspn (pos, "\r\n");
- if (strlen(pos) == 0)
+ if (strlen(pos) == 0)
die (STATE_UNKNOWN,
_("HTTP UNKNOWN - Could not find redirect location - %s%s\n"),
status_line, (display_html ? "</A>" : ""));
}
pos += i;
- pos += strspn (pos, " \t\r\n");
+ pos += strspn (pos, " \t");
+
+ /*
+ * RFC 2616 (4.2): ``Header fields can be extended over multiple lines by
+ * preceding each extra line with at least one SP or HT.''
+ */
+ for (; (i = strspn (pos, "\r\n")); pos += i) {
+ pos += i;
+ if (!(i = strspn (pos, " \t"))) {
+ die (STATE_UNKNOWN, _("HTTP UNKNOWN - Empty redirect location%s\n"),
+ display_html ? "</A>" : "");
+ }
+ }
- url = realloc (url, strcspn (pos, "\r\n"));
+ url = realloc (url, strcspn (pos, "\r\n") + 1);
if (url == NULL)
- die (STATE_UNKNOWN, _("HTTP UNKNOWN - could not allocate url\n"));
+ die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate URL\n"));
/* URI_HTTP, URI_HOST, URI_PORT, URI_PATH */
- if (sscanf (pos, HD1, type, addr, port, url) == 4) {
+ if (sscanf (pos, HD1, type, addr, &i, url) == 4) {
+ url = prepend_slash (url);
use_ssl = server_type_check (type);
- i = atoi (port);
}
/* URI_HTTP URI_HOST URI_PATH */
- else if (sscanf (pos, HD2, type, addr, url) == 3 ) {
+ else if (sscanf (pos, HD2, type, addr, url) == 3 ) {
+ url = prepend_slash (url);
use_ssl = server_type_check (type);
i = server_port_check (use_ssl);
}
/* URI_HTTP URI_HOST URI_PORT */
- else if(sscanf (pos, HD3, type, addr, port) == 3) {
+ else if (sscanf (pos, HD3, type, addr, &i) == 3) {
strcpy (url, HTTP_URL);
use_ssl = server_type_check (type);
- i = atoi (port);
}
/* URI_HTTP URI_HOST */
- else if(sscanf (pos, HD4, type, addr) == 2) {
+ else if (sscanf (pos, HD4, type, addr) == 2) {
strcpy (url, HTTP_URL);
use_ssl = server_type_check (type);
i = server_port_check (use_ssl);
}
i = server_port;
strcpy (type, server_type);
- strcpy (addr, host_name);
- }
+ strcpy (addr, host_name ? host_name : server_address);
+ }
else {
die (STATE_UNKNOWN,
_("HTTP WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"),
type, addr, i, url, (display_html ? "</A>" : ""));
- server_port = i;
strcpy (server_type, type);
free (host_name);
host_name = strdup (addr);
- free (server_address);
- server_address = strdup (addr);
+ if (!(followsticky & STICKY_HOST)) {
+ free (server_address);
+ server_address = strdup (addr);
+ }
+ if (!(followsticky & STICKY_PORT)) {
+ server_port = i;
+ }
free (server_url);
- server_url = strdup (url);
+ server_url = url;
+
+ if (server_port > MAX_PORT)
+ die (STATE_UNKNOWN,
+ _("HTTP UNKNOWN - Redirection to port above %d - %s://%s:%d%s%s\n"),
+ MAX_PORT, server_type, server_address, server_port, server_url,
+ display_html ? "</A>" : "");
+
+ if (verbose)
+ printf (_("Redirection to %s://%s:%d%s\n"), server_type,
+ host_name ? host_name : server_address, server_port, server_url);
check_http ();
}
-
int
server_type_check (const char *type)
{
void
print_help (void)
{
- print_revision (progname, revision);
+ print_revision (progname, NP_VERSION);
printf ("Copyright (c) 1999 Ethan Galstad <nagios@nagios.org>\n");
printf (COPYRIGHT, copyright, email);
printf ("\n");
- printf (_(UT_HELP_VRSN));
+ printf (UT_HELP_VRSN);
+ printf (UT_EXTRA_OPTS);
printf (" %s\n", "-H, --hostname=ADDRESS");
printf (" %s\n", _("Host name argument for servers using host headers (virtual host)"));
printf (" %s\n", "-I, --IP-address=ADDRESS");
printf (" %s\n", _("IP address or name (use numeric address if possible to bypass DNS lookup)."));
printf (" %s\n", "-p, --port=INTEGER");
- printf (" %s", _("Port number (default: "));
+ printf (" %s", _("Port number (default: "));
printf ("%d)\n", HTTP_PORT);
- printf (_(UT_IPv46));
+ printf (UT_IPv46);
#ifdef HAVE_SSL
printf (" %s\n", "-S, --ssl");
printf (" %s\n", _("Connect via SSL. Port defaults to 443"));
+ printf (" %s\n", "--sni");
+ printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
printf (" %s\n", "-C, --certificate=INTEGER");
printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
- printf (" %s\n", _("(when this option is used the url is not checked.)\n"));
+ printf (" %s\n", _("(when this option is used the URL is not checked.)\n"));
#endif
printf (" %s\n", "-e, --expect=STRING");
- printf (" %s\n", _("String to expect in first (status) line of server response (default: "));
+ printf (" %s\n", _("Comma-delimited list of strings, at least one of them is expected in"));
+ printf (" %s", _("the first (status) line of the server response (default: "));
printf ("%s)\n", HTTP_EXPECT);
printf (" %s\n", _("If specified skips all other status line logic (ex: 3xx, 4xx, 5xx processing)"));
printf (" %s\n", "-s, --string=STRING");
printf (" %s\n", _("URL to GET or POST (default: /)"));
printf (" %s\n", "-P, --post=STRING");
printf (" %s\n", _("URL encoded http POST data"));
+ printf (" %s\n", "-j, --method=STRING (for example: HEAD, OPTIONS, TRACE, PUT, DELETE)");
+ printf (" %s\n", _("Set HTTP method."));
printf (" %s\n", "-N, --no-body");
printf (" %s\n", _("Don't wait for document body: stop reading after headers."));
printf (" %s\n", _("(Note that this still does an HTTP GET or POST, not a HEAD.)"));
printf (" %s\n", "-a, --authorization=AUTH_PAIR");
printf (" %s\n", _("Username:password on sites with basic authentication"));
+ printf (" %s\n", "-b, --proxy-authorization=AUTH_PAIR");
+ printf (" %s\n", _("Username:password on proxy-servers with basic authentication"));
printf (" %s\n", "-A, --useragent=STRING");
printf (" %s\n", _("String to be sent in http header as \"User Agent\""));
printf (" %s\n", "-k, --header=STRING");
printf (" %s\n", _(" Any other tags to be sent in http header. Use multiple times for additional headers"));
printf (" %s\n", "-L, --link");
printf (" %s\n", _("Wrap output in HTML link (obsoleted by urlize)"));
- printf (" %s\n", "-f, --onredirect=<ok|warning|critical|follow>");
- printf (" %s\n", _("How to handle redirected pages"));
+ printf (" %s\n", "-f, --onredirect=<ok|warning|critical|follow|sticky|stickyport>");
+ printf (" %s\n", _("How to handle redirected pages. sticky is like follow but stick to the"));
+ printf (" %s\n", _("specified IP address. stickyport also ensure post stays the same."));
printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>");
printf (" %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)"));
- printf (_(UT_WARN_CRIT));
+ printf (UT_WARN_CRIT);
- printf (_(UT_TIMEOUT), DEFAULT_SOCKET_TIMEOUT);
+ printf (UT_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
- printf (_(UT_VERBOSE));
+ printf (UT_VERBOSE);
- printf (_("Notes:"));
+ printf ("\n");
+ printf ("%s\n", _("Notes:"));
printf (" %s\n", _("This plugin will attempt to open an HTTP connection with the host."));
printf (" %s\n", _("Successful connects return STATE_OK, refusals and timeouts return STATE_CRITICAL"));
printf (" %s\n", _("other errors return STATE_UNKNOWN. Successful connects, but incorrect reponse"));
printf (" %s\n", _("messages from the host result in STATE_WARNING return values. If you are"));
printf (" %s\n", _("checking a virtual server that uses 'host headers' you must supply the FQDN"));
printf (" %s\n", _("(fully qualified domain name) as the [host_name] argument."));
+ printf ("\n");
+ printf (UT_EXTRA_OPTS_NOTES);
#ifdef HAVE_SSL
+ printf ("\n");
printf (" %s\n", _("This plugin can also check whether an SSL enabled web server is able to"));
printf (" %s\n", _("serve content (optionally within a specified time) or whether the X509 "));
printf (" %s\n", _("certificate is still valid for the specified number of days."));
- printf (_("Examples:"));
+ printf ("\n");
+ printf ("%s\n", _("Examples:"));
printf (" %s\n\n", "CHECK CONTENT: check_http -w 5 -c 10 --ssl -H www.verisign.com");
printf (" %s\n", _("When the 'www.verisign.com' server returns its content within 5 seconds,"));
printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds"));
printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 14 days,"));
printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when"));
- printf (" %s\n\n", _("the certificate is expired."));
+ printf (" %s\n", _("the certificate is expired."));
#endif
- printf (_(UT_SUPPORT));
+ printf (UT_SUPPORT);
}
{
printf (_("Usage:"));
printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
- printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L]\n");
- printf (" [-a auth] [-f <ok | warn | critcal | follow>] [-e <expect>]\n");
- printf (" [-s string] [-l] [-r <regex> | -R <case-insensitive regex>] [-P string]\n");
- printf (" [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>] [-A string]\n");
- printf (" [-k string] [-S] [-C <age>] [-T <content-type>]\n");
+ printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-a auth]\n");
+ printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
+ printf (" [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
+ printf (" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
+ printf (" [-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]\n");
+ printf (" [-j method]\n");
}