summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHolger Weiss <holger@zedat.fu-berlin.de>2013-09-10 11:09:22 +0200
committerHolger Weiss <holger@zedat.fu-berlin.de>2013-09-10 11:09:22 +0200
commit6b28ae739b1ca9f20519f7522b52d055ce3a0902 (patch)
tree440a23dc7092b7b1d5b31eadf307a48c05db3192
parent5bfca4b34d15ef40239ed6074b9ff9c061022946 (diff)
downloadmonitoring-plugins-6b28ae739b1ca9f20519f7522b52d055ce3a0902.tar.gz
check_http: Support HTTP CONNECT methodhw/http-connect
Add the -Y/--http-connect[=<port>] option which tells check_http to use the HTTP CONNECT method for tunneling an HTTPS connection through a proxy server. This is a modified version of a patch provided by Mark Frost in SourceForge tracker item #2975393, updated for the current check_http code. Changes include: - Let the new --http-connect option imply --ssl. - Allow for specifying the server port the proxy should connect to.
Diffstat
-rw-r--r--NEWS1
-rw-r--r--THANKS.in1
-rw-r--r--plugins/check_http.c56
3 files changed, 56 insertions, 2 deletions
diff --git a/NEWS b/NEWS
index 6c017764..17acce29 100644
--- a/NEWS
+++ b/NEWS
@@ -17,6 +17,7 @@ This file documents the major additions and syntax changes between releases.
17 New switch -E/--extended-perfdata for check_http to print additional performance data (Sebastian Nohn) 17 New switch -E/--extended-perfdata for check_http to print additional performance data (Sebastian Nohn)
18 New check_http -d option to specify a string to expect within the response headers 18 New check_http -d option to specify a string to expect within the response headers
19 New check_http -J/-K options for client certificate authentication support 19 New check_http -J/-K options for client certificate authentication support
20 New check_http -Y/--http-connect[=<port>] option for tunneling SSL connections through proxies
20 Add support for executing queries to check_pgsql 21 Add support for executing queries to check_pgsql
21 Let check_pgsql accept a UNIX socket directory as hostname 22 Let check_pgsql accept a UNIX socket directory as hostname
22 New check_pgsql -o option to specify additional connection parameters 23 New check_pgsql -o option to specify additional connection parameters
diff --git a/THANKS.in b/THANKS.in
index 61181434..a6caa460 100644
--- a/THANKS.in
+++ b/THANKS.in
@@ -286,3 +286,4 @@ Fabio Rueda
286Gabriele Tozzi 286Gabriele Tozzi
287Sebastian Nohn 287Sebastian Nohn
288Emmanuel Dreyfus 288Emmanuel Dreyfus
289Mark Frost
diff --git a/plugins/check_http.c b/plugins/check_http.c
index c44bb3ac..43c37e06 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -118,6 +118,8 @@ int use_ssl = FALSE;
118int use_sni = FALSE; 118int use_sni = FALSE;
119int verbose = FALSE; 119int verbose = FALSE;
120int show_extended_perfdata = FALSE; 120int show_extended_perfdata = FALSE;
121int http_connect = FALSE;
122int connect_port = HTTPS_PORT;
121int sd; 123int sd;
122int min_page_len = 0; 124int min_page_len = 0;
123int max_page_len = 0; 125int max_page_len = 0;
@@ -133,6 +135,7 @@ char *client_privkey = NULL;
133int process_arguments (int, char **); 135int process_arguments (int, char **);
134int check_http (void); 136int check_http (void);
135void redir (char *pos, char *status_line); 137void redir (char *pos, char *status_line);
138int http_connect_through_proxy (char *host_name, int port, char *user_agent, int sd);
136int server_type_check(const char *type); 139int server_type_check(const char *type);
137int server_port_check(int ssl_flag); 140int server_port_check(int ssl_flag);
138char *perfd_time (double microsec); 141char *perfd_time (double microsec);
@@ -209,6 +212,7 @@ process_arguments (int argc, char **argv)
209 {"nohtml", no_argument, 0, 'n'}, 212 {"nohtml", no_argument, 0, 'n'},
210 {"ssl", optional_argument, 0, 'S'}, 213 {"ssl", optional_argument, 0, 'S'},
211 {"sni", no_argument, 0, SNI_OPTION}, 214 {"sni", no_argument, 0, SNI_OPTION},
215 {"http-connect", optional_argument, 0, 'Y'},
212 {"post", required_argument, 0, 'P'}, 216 {"post", required_argument, 0, 'P'},
213 {"method", required_argument, 0, 'j'}, 217 {"method", required_argument, 0, 'j'},
214 {"IP-address", required_argument, 0, 'I'}, 218 {"IP-address", required_argument, 0, 'I'},
@@ -257,7 +261,7 @@ process_arguments (int argc, char **argv)
257 } 261 }
258 262
259 while (1) { 263 while (1) {
260 c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:nlLS::m:M:N:E", longopts, &option); 264 c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:Y::T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:nlLS::m:M:N:E", longopts, &option);
261 if (c == -1 || c == EOF) 265 if (c == -1 || c == EOF)
262 break; 266 break;
263 267
@@ -336,6 +340,13 @@ process_arguments (int argc, char **argv)
336 client_privkey = optarg; 340 client_privkey = optarg;
337 goto enable_ssl; 341 goto enable_ssl;
338#endif 342#endif
343 case 'Y': /* Use HTTP CONNECT */
344#ifdef HAVE_SSL
345 if (optarg != NULL && ((connect_port = atoi (optarg)) < 1 || connect_port > 65535))
346 usage2 (_("Invalid HTTP CONNECT port number"), optarg);
347 http_connect = TRUE;
348 goto enable_ssl;
349#endif
339 case 'S': /* use SSL */ 350 case 'S': /* use SSL */
340#ifdef HAVE_SSL 351#ifdef HAVE_SSL
341 enable_ssl: 352 enable_ssl:
@@ -879,6 +890,8 @@ check_http (void)
879 elapsed_time_connect = (double)microsec_connect / 1.0e6; 890 elapsed_time_connect = (double)microsec_connect / 1.0e6;
880 if (use_ssl == TRUE) { 891 if (use_ssl == TRUE) {
881 gettimeofday (&tv_temp, NULL); 892 gettimeofday (&tv_temp, NULL);
893 if (http_connect == TRUE && http_connect_through_proxy (host_name, connect_port, user_agent, sd) != STATE_OK)
894 die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open proxy tunnel TCP socket\n"));
882 result = np_net_ssl_init_with_hostname_version_and_cert(sd, (use_sni ? host_name : NULL), ssl_version, client_cert, client_privkey); 895 result = np_net_ssl_init_with_hostname_version_and_cert(sd, (use_sni ? host_name : NULL), ssl_version, client_cert, client_privkey);
883 if (result != STATE_OK) 896 if (result != STATE_OK)
884 return result; 897 return result;
@@ -1369,6 +1382,41 @@ redir (char *pos, char *status_line)
1369 check_http (); 1382 check_http ();
1370} 1383}
1371 1384
1385/* start the HTTP CONNECT method exchange with a proxy host */
1386int
1387http_connect_through_proxy (char *host_name, int port, char *user_agent, int sd)
1388{
1389 int result;
1390 char *send_buffer=NULL;
1391 char recv_buffer[MAX_INPUT_BUFFER];
1392 char *status_line;
1393 char *status_code;
1394 int http_status;
1395
1396 asprintf( &send_buffer, "CONNECT %s:%d HTTP/1.0\r\nUser-agent: %s\r\n\r\n", host_name, port, user_agent);
1397
1398 result = STATE_OK;
1399 result = send_tcp_request (sd, send_buffer, recv_buffer, sizeof(recv_buffer));
1400 if (result != STATE_OK)
1401 return result;
1402
1403 status_line = recv_buffer;
1404 status_line[strcspn(status_line, "\r\n")] = 0;
1405 strip (status_line);
1406 if (verbose)
1407 printf ("HTTP_CONNECT STATUS: %s\n", status_line);
1408
1409 status_code = strchr (status_line, ' ') + sizeof (char);
1410 if (strspn (status_code, "1234567890") != 3)
1411 die (STATE_CRITICAL, _("HTTP CRITICAL: HTTP_CONNECT Returns Invalid Status Line (%s)\n"), status_line);
1412
1413 http_status = atoi (status_code);
1414
1415 if (http_status != 200)
1416 die (STATE_CRITICAL, _("HTTP CRITICAL: Invalid HTTP Connect Proxy Status (%s)\n"), status_line);
1417
1418 return STATE_OK;
1419}
1372 1420
1373int 1421int
1374server_type_check (const char *type) 1422server_type_check (const char *type)
@@ -1479,6 +1527,10 @@ print_help (void)
1479 printf (" %s\n", "-K, --private-key=FILE"); 1527 printf (" %s\n", "-K, --private-key=FILE");
1480 printf (" %s\n", _("Name of file containing the private key (PEM format)")); 1528 printf (" %s\n", _("Name of file containing the private key (PEM format)"));
1481 printf (" %s\n", _("matching the client certificate")); 1529 printf (" %s\n", _("matching the client certificate"));
1530 printf (" %s\n", "-Y, --http-connect=PORT");
1531 printf (" %s\n", _("Connect to a proxy using the HTTP CONNECT method (SSL tunnel)."));
1532 printf (" %s\n", _("Implies -S. The optional PORT number specifies the port on the server the"));
1533 printf (" %s\n\n", _("proxy should connect to (default: 443)."));
1482#endif 1534#endif
1483 1535
1484 printf (" %s\n", "-e, --expect=STRING"); 1536 printf (" %s\n", "-e, --expect=STRING");
@@ -1589,7 +1641,7 @@ print_usage (void)
1589{ 1641{
1590 printf ("%s\n", _("Usage:")); 1642 printf ("%s\n", _("Usage:"));
1591 printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname); 1643 printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
1592 printf (" [-J <client certificate file>] [-K <private key>]\n"); 1644 printf (" [-J <client certificate file>] [-K <private key>] [-Y <port>]\n");
1593 printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n"); 1645 printf (" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n");
1594 printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n"); 1646 printf (" [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
1595 printf (" [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n"); 1647 printf (" [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");