summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--plugins/check_dns.c370
-rw-r--r--plugins/check_dns.d/config.h34
2 files changed, 246 insertions, 158 deletions
diff --git a/plugins/check_dns.c b/plugins/check_dns.c
index e1e7c00e..a4c8e9b1 100644
--- a/plugins/check_dns.c
+++ b/plugins/check_dns.c
@@ -39,26 +39,22 @@ const char *email = "devel@monitoring-plugins.org";
39#include "netutils.h" 39#include "netutils.h"
40#include "runcmd.h" 40#include "runcmd.h"
41 41
42static int process_arguments(int /*argc*/, char ** /*argv*/); 42#include "states.h"
43static int validate_arguments(void); 43#include "check_dns.d/config.h"
44static int error_scan(char * /*input_buffer*/, bool *); 44
45typedef struct {
46 int errorcode;
47 check_dns_config config;
48} check_dns_config_wrapper;
49static check_dns_config_wrapper process_arguments(int /*argc*/, char ** /*argv*/);
50static check_dns_config_wrapper validate_arguments(check_dns_config_wrapper /*config_wrapper*/);
51static mp_state_enum error_scan(char * /*input_buffer*/, bool * /*is_nxdomain*/, const char /*dns_server*/[ADDRESS_LENGTH]);
45static bool ip_match_cidr(const char * /*addr*/, const char * /*cidr_ro*/); 52static bool ip_match_cidr(const char * /*addr*/, const char * /*cidr_ro*/);
46static unsigned long ip2long(const char * /*src*/); 53static unsigned long ip2long(const char * /*src*/);
47static void print_help(void); 54static void print_help(void);
48void print_usage(void); 55void print_usage(void);
49 56
50#define ADDRESS_LENGTH 256
51static char query_address[ADDRESS_LENGTH] = "";
52static char dns_server[ADDRESS_LENGTH] = "";
53static char ptr_server[ADDRESS_LENGTH] = "";
54static bool verbose = false; 57static bool verbose = false;
55static char **expected_address = NULL;
56static int expected_address_cnt = 0;
57static bool expect_nxdomain = false;
58
59static bool expect_authority = false;
60static bool all_match = false;
61static thresholds *time_thresholds = NULL;
62 58
63static int qstrcmp(const void *p1, const void *p2) { 59static int qstrcmp(const void *p1, const void *p2) {
64 /* The actual arguments to this function are "pointers to 60 /* The actual arguments to this function are "pointers to
@@ -68,23 +64,6 @@ static int qstrcmp(const void *p1, const void *p2) {
68} 64}
69 65
70int main(int argc, char **argv) { 66int main(int argc, char **argv) {
71 char *command_line = NULL;
72 char input_buffer[MAX_INPUT_BUFFER];
73 char *address = NULL; /* comma separated str with addrs/ptrs (sorted) */
74 char **addresses = NULL;
75 int n_addresses = 0;
76 char *msg = NULL;
77 char *temp_buffer = NULL;
78 bool non_authoritative = false;
79 int result = STATE_UNKNOWN;
80 double elapsed_time;
81 long microsec;
82 struct timeval tv;
83 bool parse_address = false; /* This flag scans for Address: but only after Name: */
84 output chld_out;
85 output chld_err;
86 bool is_nxdomain = false;
87
88 setlocale(LC_ALL, ""); 67 setlocale(LC_ALL, "");
89 bindtextdomain(PACKAGE, LOCALEDIR); 68 bindtextdomain(PACKAGE, LOCALEDIR);
90 textdomain(PACKAGE); 69 textdomain(PACKAGE);
@@ -97,39 +76,62 @@ int main(int argc, char **argv) {
97 /* Parse extra opts if any */ 76 /* Parse extra opts if any */
98 argv = np_extra_opts(&argc, argv, progname); 77 argv = np_extra_opts(&argc, argv, progname);
99 78
100 if (process_arguments(argc, argv) == ERROR) { 79 check_dns_config_wrapper tmp = process_arguments(argc, argv);
80
81 if (tmp.errorcode == ERROR) {
101 usage_va(_("Could not parse arguments")); 82 usage_va(_("Could not parse arguments"));
102 } 83 }
103 84
85 const check_dns_config config = tmp.config;
86
87 char *command_line = NULL;
104 /* get the command to run */ 88 /* get the command to run */
105 xasprintf(&command_line, "%s %s %s", NSLOOKUP_COMMAND, query_address, dns_server); 89 xasprintf(&command_line, "%s %s %s", NSLOOKUP_COMMAND, config.query_address, config.dns_server);
106 90
91 struct timeval tv;
107 alarm(timeout_interval); 92 alarm(timeout_interval);
108 gettimeofday(&tv, NULL); 93 gettimeofday(&tv, NULL);
109 94
110 if (verbose) 95 if (verbose) {
111 printf("%s\n", command_line); 96 printf("%s\n", command_line);
97 }
112 98
99 output chld_out;
100 output chld_err;
101 char *msg = NULL;
102 mp_state_enum result = STATE_UNKNOWN;
113 /* run the command */ 103 /* run the command */
114 if ((np_runcmd(command_line, &chld_out, &chld_err, 0)) != 0) { 104 if ((np_runcmd(command_line, &chld_out, &chld_err, 0)) != 0) {
115 msg = (char *)_("nslookup returned an error status"); 105 msg = (char *)_("nslookup returned an error status");
116 result = STATE_WARNING; 106 result = STATE_WARNING;
117 } 107 }
118 108
119 /* scan stdout */ 109 /* =====
110 * scan stdout, main results get retrieved here
111 * =====
112 */
113 char *address = NULL; /* comma separated str with addrs/ptrs (sorted) */
114 char **addresses = NULL; // All addresses parsed from stdout
115 size_t n_addresses = 0; // counter for retrieved addresses
116 bool non_authoritative = false;
117 bool is_nxdomain = false;
118 bool parse_address = false; /* This flag scans for Address: but only after Name: */
120 for (size_t i = 0; i < chld_out.lines; i++) { 119 for (size_t i = 0; i < chld_out.lines; i++) {
121 if (addresses == NULL) 120 if (addresses == NULL) {
122 addresses = malloc(sizeof(*addresses) * 10); 121 addresses = malloc(sizeof(*addresses) * 10);
123 else if (!(n_addresses % 10)) 122 } else if (!(n_addresses % 10)) {
124 addresses = realloc(addresses, sizeof(*addresses) * (n_addresses + 10)); 123 addresses = realloc(addresses, sizeof(*addresses) * (n_addresses + 10));
124 }
125 125
126 if (verbose) 126 if (verbose) {
127 puts(chld_out.line[i]); 127 puts(chld_out.line[i]);
128 }
128 129
129 if (strcasestr(chld_out.line[i], ".in-addr.arpa") || strcasestr(chld_out.line[i], ".ip6.arpa")) { 130 if (strcasestr(chld_out.line[i], ".in-addr.arpa") || strcasestr(chld_out.line[i], ".ip6.arpa")) {
130 if ((temp_buffer = strstr(chld_out.line[i], "name = "))) 131 char *temp_buffer = NULL;
132 if ((temp_buffer = strstr(chld_out.line[i], "name = "))) {
131 addresses[n_addresses++] = strdup(temp_buffer + 7); 133 addresses[n_addresses++] = strdup(temp_buffer + 7);
132 else { 134 } else {
133 msg = (char *)_("Warning plugin error"); 135 msg = (char *)_("Warning plugin error");
134 result = STATE_WARNING; 136 result = STATE_WARNING;
135 } 137 }
@@ -137,37 +139,47 @@ int main(int argc, char **argv) {
137 139
138 /* bug ID: 2946553 - Older versions of bind will use all available dns 140 /* bug ID: 2946553 - Older versions of bind will use all available dns
139 servers, we have to match the one specified */ 141 servers, we have to match the one specified */
140 if (strstr(chld_out.line[i], "Server:") && strlen(dns_server) > 0) { 142 if (strstr(chld_out.line[i], "Server:") && strlen(config.dns_server) > 0) {
141 temp_buffer = strchr(chld_out.line[i], ':'); 143 char *temp_buffer = strchr(chld_out.line[i], ':');
144 if (temp_buffer == NULL) {
145 die(STATE_UNKNOWN, _("'%s' returned a weirdly formatted Server line\n"), NSLOOKUP_COMMAND);
146 }
147
142 temp_buffer++; 148 temp_buffer++;
143 149
144 /* Strip leading tabs */ 150 /* Strip leading tabs */
145 for (; *temp_buffer != '\0' && *temp_buffer == '\t'; temp_buffer++) 151 for (; *temp_buffer != '\0' && *temp_buffer == '\t'; temp_buffer++) {
146 /* NOOP */; 152 /* NOOP */;
153 }
147 154
148 strip(temp_buffer); 155 strip(temp_buffer);
149 if (temp_buffer == NULL || strlen(temp_buffer) == 0) { 156 if (strlen(temp_buffer) == 0) {
150 die(STATE_CRITICAL, _("DNS CRITICAL - '%s' returned empty server string\n"), NSLOOKUP_COMMAND); 157 die(STATE_CRITICAL, _("DNS CRITICAL - '%s' returned empty server string\n"), NSLOOKUP_COMMAND);
151 } 158 }
152 159
153 if (strcmp(temp_buffer, dns_server) != 0) { 160 if (strcmp(temp_buffer, config.dns_server) != 0) {
154 die(STATE_CRITICAL, _("DNS CRITICAL - No response from DNS %s\n"), dns_server); 161 die(STATE_CRITICAL, _("DNS CRITICAL - No response from DNS %s\n"), config.dns_server);
155 } 162 }
156 } 163 }
157 164
158 /* the server is responding, we just got the host name... */ 165 /* the server is responding, we just got the host name... */
159 if (strstr(chld_out.line[i], "Name:")) 166 if (strstr(chld_out.line[i], "Name:")) {
160 parse_address = true; 167 parse_address = true;
161 else if (parse_address && (strstr(chld_out.line[i], "Address:") || strstr(chld_out.line[i], "Addresses:"))) { 168 } else if (parse_address && (strstr(chld_out.line[i], "Address:") || strstr(chld_out.line[i], "Addresses:"))) {
162 temp_buffer = index(chld_out.line[i], ':'); 169 char *temp_buffer = strchr(chld_out.line[i], ':');
170 if (temp_buffer == NULL) {
171 die(STATE_UNKNOWN, _("'%s' returned a weirdly formatted Address line\n"), NSLOOKUP_COMMAND);
172 }
173
163 temp_buffer++; 174 temp_buffer++;
164 175
165 /* Strip leading spaces */ 176 /* Strip leading spaces */
166 while (*temp_buffer == ' ') 177 while (*temp_buffer == ' ') {
167 temp_buffer++; 178 temp_buffer++;
179 }
168 180
169 strip(temp_buffer); 181 strip(temp_buffer);
170 if (temp_buffer == NULL || strlen(temp_buffer) == 0) { 182 if (strlen(temp_buffer) == 0) {
171 die(STATE_CRITICAL, _("DNS CRITICAL - '%s' returned empty host name string\n"), NSLOOKUP_COMMAND); 183 die(STATE_CRITICAL, _("DNS CRITICAL - '%s' returned empty host name string\n"), NSLOOKUP_COMMAND);
172 } 184 }
173 185
@@ -176,65 +188,71 @@ int main(int argc, char **argv) {
176 non_authoritative = true; 188 non_authoritative = true;
177 } 189 }
178 190
179 result = error_scan(chld_out.line[i], &is_nxdomain); 191 result = error_scan(chld_out.line[i], &is_nxdomain, config.dns_server);
180 if (result != STATE_OK) { 192 if (result != STATE_OK) {
181 msg = strchr(chld_out.line[i], ':'); 193 msg = strchr(chld_out.line[i], ':');
182 if (msg) 194 if (msg) {
183 msg++; 195 msg++;
196 }
184 break; 197 break;
185 } 198 }
186 } 199 }
187 200
201 char input_buffer[MAX_INPUT_BUFFER];
188 /* scan stderr */ 202 /* scan stderr */
189 for (size_t i = 0; i < chld_err.lines; i++) { 203 for (size_t i = 0; i < chld_err.lines; i++) {
190 if (verbose) 204 if (verbose) {
191 puts(chld_err.line[i]); 205 puts(chld_err.line[i]);
206 }
192 207
193 if (error_scan(chld_err.line[i], &is_nxdomain) != STATE_OK) { 208 if (error_scan(chld_err.line[i], &is_nxdomain, config.dns_server) != STATE_OK) {
194 result = max_state(result, error_scan(chld_err.line[i], &is_nxdomain)); 209 result = max_state(result, error_scan(chld_err.line[i], &is_nxdomain, config.dns_server));
195 msg = strchr(input_buffer, ':'); 210 msg = strchr(input_buffer, ':');
196 if (msg) 211 if (msg) {
197 msg++; 212 msg++;
198 else 213 } else {
199 msg = input_buffer; 214 msg = input_buffer;
215 }
200 } 216 }
201 } 217 }
202 218
203 if (is_nxdomain && !expect_nxdomain) { 219 if (is_nxdomain && !config.expect_nxdomain) {
204 die(STATE_CRITICAL, _("Domain '%s' was not found by the server\n"), query_address); 220 die(STATE_CRITICAL, _("Domain '%s' was not found by the server\n"), config.query_address);
205 } 221 }
206 222
207 if (addresses) { 223 if (addresses) {
208 int i; 224 size_t slen = 1;
209 int slen; 225 char *adrp = NULL;
210 char *adrp;
211 qsort(addresses, n_addresses, sizeof(*addresses), qstrcmp); 226 qsort(addresses, n_addresses, sizeof(*addresses), qstrcmp);
212 for (i = 0, slen = 1; i < n_addresses; i++) { 227 for (size_t i = 0; i < n_addresses; i++) {
213 slen += strlen(addresses[i]) + 1; 228 slen += strlen(addresses[i]) + 1;
214 } 229 }
230
231 // Temporary pointer adrp gets moved, address stays on the beginning
215 adrp = address = malloc(slen); 232 adrp = address = malloc(slen);
216 for (i = 0; i < n_addresses; i++) { 233 for (size_t i = 0; i < n_addresses; i++) {
217 if (i) 234 if (i) {
218 *adrp++ = ','; 235 *adrp++ = ',';
236 }
219 strcpy(adrp, addresses[i]); 237 strcpy(adrp, addresses[i]);
220 adrp += strlen(addresses[i]); 238 adrp += strlen(addresses[i]);
221 } 239 }
222 *adrp = 0; 240 *adrp = 0;
223 } else 241 } else {
224 die(STATE_CRITICAL, _("DNS CRITICAL - '%s' msg parsing exited with no address\n"), NSLOOKUP_COMMAND); 242 die(STATE_CRITICAL, _("DNS CRITICAL - '%s' msg parsing exited with no address\n"), NSLOOKUP_COMMAND);
243 }
225 244
226 /* compare to expected address */ 245 /* compare to expected address */
227 if (result == STATE_OK && expected_address_cnt > 0) { 246 if (result == STATE_OK && config.expected_address_cnt > 0) {
228 result = STATE_CRITICAL; 247 result = STATE_CRITICAL;
229 temp_buffer = ""; 248 char *temp_buffer = "";
230 unsigned long expect_match = (1 << expected_address_cnt) - 1; 249 unsigned long expect_match = (1 << config.expected_address_cnt) - 1;
231 unsigned long addr_match = (1 << n_addresses) - 1; 250 unsigned long addr_match = (1 << n_addresses) - 1;
232 251
233 for (int i = 0; i < expected_address_cnt; i++) { 252 for (size_t i = 0; i < config.expected_address_cnt; i++) {
234 int j;
235 /* check if we get a match on 'raw' ip or cidr */ 253 /* check if we get a match on 'raw' ip or cidr */
236 for (j = 0; j < n_addresses; j++) { 254 for (size_t j = 0; j < n_addresses; j++) {
237 if (strcmp(addresses[j], expected_address[i]) == 0 || ip_match_cidr(addresses[j], expected_address[i])) { 255 if (strcmp(addresses[j], config.expected_address[i]) == 0 || ip_match_cidr(addresses[j], config.expected_address[i])) {
238 result = STATE_OK; 256 result = STATE_OK;
239 addr_match &= ~(1 << j); 257 addr_match &= ~(1 << j);
240 expect_match &= ~(1 << i); 258 expect_match &= ~(1 << i);
@@ -242,11 +260,12 @@ int main(int argc, char **argv) {
242 } 260 }
243 261
244 /* prepare an error string */ 262 /* prepare an error string */
245 xasprintf(&temp_buffer, "%s%s; ", temp_buffer, expected_address[i]); 263 xasprintf(&temp_buffer, "%s%s; ", temp_buffer, config.expected_address[i]);
246 } 264 }
247 /* check if expected_address must cover all in addresses and none may be missing */ 265 /* check if expected_address must cover all in addresses and none may be missing */
248 if (all_match && (expect_match != 0 || addr_match != 0)) 266 if (config.all_match && (expect_match != 0 || addr_match != 0)) {
249 result = STATE_CRITICAL; 267 result = STATE_CRITICAL;
268 }
250 if (result == STATE_CRITICAL) { 269 if (result == STATE_CRITICAL) {
251 /* Strip off last semicolon... */ 270 /* Strip off last semicolon... */
252 temp_buffer[strlen(temp_buffer) - 2] = '\0'; 271 temp_buffer[strlen(temp_buffer) - 2] = '\0';
@@ -254,28 +273,29 @@ int main(int argc, char **argv) {
254 } 273 }
255 } 274 }
256 275
257 if (expect_nxdomain) { 276 if (config.expect_nxdomain) {
258 if (!is_nxdomain) { 277 if (!is_nxdomain) {
259 result = STATE_CRITICAL; 278 result = STATE_CRITICAL;
260 xasprintf(&msg, _("Domain '%s' was found by the server: '%s'\n"), query_address, address); 279 xasprintf(&msg, _("Domain '%s' was found by the server: '%s'\n"), config.query_address, address);
261 } else { 280 } else {
262 if (address != NULL) 281 if (address != NULL) {
263 free(address); 282 free(address);
283 }
264 address = "NXDOMAIN"; 284 address = "NXDOMAIN";
265 } 285 }
266 } 286 }
267 287
268 /* check if authoritative */ 288 /* check if authoritative */
269 if (result == STATE_OK && expect_authority && non_authoritative) { 289 if (result == STATE_OK && config.expect_authority && non_authoritative) {
270 result = STATE_CRITICAL; 290 result = STATE_CRITICAL;
271 xasprintf(&msg, _("server %s is not authoritative for %s"), dns_server, query_address); 291 xasprintf(&msg, _("server %s is not authoritative for %s"), config.dns_server, config.query_address);
272 } 292 }
273 293
274 microsec = deltime(tv); 294 long microsec = deltime(tv);
275 elapsed_time = (double)microsec / 1.0e6; 295 double elapsed_time = (double)microsec / 1.0e6;
276 296
277 if (result == STATE_OK) { 297 if (result == STATE_OK) {
278 result = get_status(elapsed_time, time_thresholds); 298 result = get_status(elapsed_time, config.time_thresholds);
279 if (result == STATE_OK) { 299 if (result == STATE_OK) {
280 printf("DNS %s: ", _("OK")); 300 printf("DNS %s: ", _("OK"));
281 } else if (result == STATE_WARNING) { 301 } else if (result == STATE_WARNING) {
@@ -284,24 +304,26 @@ int main(int argc, char **argv) {
284 printf("DNS %s: ", _("CRITICAL")); 304 printf("DNS %s: ", _("CRITICAL"));
285 } 305 }
286 printf(ngettext("%.3f second response time", "%.3f seconds response time", elapsed_time), elapsed_time); 306 printf(ngettext("%.3f second response time", "%.3f seconds response time", elapsed_time), elapsed_time);
287 printf(_(". %s returns %s"), query_address, address); 307 printf(_(". %s returns %s"), config.query_address, address);
288 if ((time_thresholds->warning != NULL) && (time_thresholds->critical != NULL)) { 308 if ((config.time_thresholds->warning != NULL) && (config.time_thresholds->critical != NULL)) {
289 printf("|%s\n", fperfdata("time", elapsed_time, "s", true, time_thresholds->warning->end, true, time_thresholds->critical->end, 309 printf("|%s\n", fperfdata("time", elapsed_time, "s", true, config.time_thresholds->warning->end, true,
290 true, 0, false, 0)); 310 config.time_thresholds->critical->end, true, 0, false, 0));
291 } else if ((time_thresholds->warning == NULL) && (time_thresholds->critical != NULL)) { 311 } else if ((config.time_thresholds->warning == NULL) && (config.time_thresholds->critical != NULL)) {
292 printf("|%s\n", fperfdata("time", elapsed_time, "s", false, 0, true, time_thresholds->critical->end, true, 0, false, 0)); 312 printf("|%s\n", fperfdata("time", elapsed_time, "s", false, 0, true, config.time_thresholds->critical->end, true, 0, false, 0));
293 } else if ((time_thresholds->warning != NULL) && (time_thresholds->critical == NULL)) { 313 } else if ((config.time_thresholds->warning != NULL) && (config.time_thresholds->critical == NULL)) {
294 printf("|%s\n", fperfdata("time", elapsed_time, "s", true, time_thresholds->warning->end, false, 0, true, 0, false, 0)); 314 printf("|%s\n", fperfdata("time", elapsed_time, "s", true, config.time_thresholds->warning->end, false, 0, true, 0, false, 0));
295 } else 315 } else {
296 printf("|%s\n", fperfdata("time", elapsed_time, "s", false, 0, false, 0, true, 0, false, 0)); 316 printf("|%s\n", fperfdata("time", elapsed_time, "s", false, 0, false, 0, true, 0, false, 0));
297 } else if (result == STATE_WARNING) 317 }
318 } else if (result == STATE_WARNING) {
298 printf(_("DNS WARNING - %s\n"), !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg); 319 printf(_("DNS WARNING - %s\n"), !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg);
299 else if (result == STATE_CRITICAL) 320 } else if (result == STATE_CRITICAL) {
300 printf(_("DNS CRITICAL - %s\n"), !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg); 321 printf(_("DNS CRITICAL - %s\n"), !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg);
301 else 322 } else {
302 printf(_("DNS UNKNOWN - %s\n"), !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg); 323 printf(_("DNS UNKNOWN - %s\n"), !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg);
324 }
303 325
304 return result; 326 exit(result);
305} 327}
306 328
307bool ip_match_cidr(const char *addr, const char *cidr_ro) { 329bool ip_match_cidr(const char *addr, const char *cidr_ro) {
@@ -329,64 +351,69 @@ unsigned long ip2long(const char *src) {
329 : 0; 351 : 0;
330} 352}
331 353
332int error_scan(char *input_buffer, bool *is_nxdomain) { 354mp_state_enum error_scan(char *input_buffer, bool *is_nxdomain, const char dns_server[ADDRESS_LENGTH]) {
333 355
334 const int nxdomain = strstr(input_buffer, "Non-existent") || strstr(input_buffer, "** server can't find") || 356 const int nxdomain = strstr(input_buffer, "Non-existent") || strstr(input_buffer, "** server can't find") ||
335 strstr(input_buffer, "** Can't find") || strstr(input_buffer, "NXDOMAIN"); 357 strstr(input_buffer, "** Can't find") || strstr(input_buffer, "NXDOMAIN");
336 if (nxdomain) 358 if (nxdomain) {
337 *is_nxdomain = true; 359 *is_nxdomain = true;
360 }
338 361
339 /* the DNS lookup timed out */ 362 /* the DNS lookup timed out */
340 if (strstr(input_buffer, _("Note: nslookup is deprecated and may be removed from future releases.")) || 363 if (strstr(input_buffer, _("Note: nslookup is deprecated and may be removed from future releases.")) ||
341 strstr(input_buffer, _("Consider using the `dig' or `host' programs instead. Run nslookup with")) || 364 strstr(input_buffer, _("Consider using the `dig' or `host' programs instead. Run nslookup with")) ||
342 strstr(input_buffer, _("the `-sil[ent]' option to prevent this message from appearing."))) 365 strstr(input_buffer, _("the `-sil[ent]' option to prevent this message from appearing."))) {
343 return STATE_OK; 366 return STATE_OK;
367 }
344 368
345 /* DNS server is not running... */ 369 /* DNS server is not running... */
346 else if (strstr(input_buffer, "No response from server")) 370 else if (strstr(input_buffer, "No response from server")) {
347 die(STATE_CRITICAL, _("No response from DNS %s\n"), dns_server); 371 die(STATE_CRITICAL, _("No response from DNS %s\n"), dns_server);
348 else if (strstr(input_buffer, "no servers could be reached")) 372 } else if (strstr(input_buffer, "no servers could be reached")) {
349 die(STATE_CRITICAL, _("No response from DNS %s\n"), dns_server); 373 die(STATE_CRITICAL, _("No response from DNS %s\n"), dns_server);
374 }
350 375
351 /* Host name is valid, but server doesn't have records... */ 376 /* Host name is valid, but server doesn't have records... */
352 else if (strstr(input_buffer, "No records")) 377 else if (strstr(input_buffer, "No records")) {
353 die(STATE_CRITICAL, _("DNS %s has no records\n"), dns_server); 378 die(STATE_CRITICAL, _("DNS %s has no records\n"), dns_server);
379 }
354 380
355 /* Connection was refused */ 381 /* Connection was refused */
356 else if (strstr(input_buffer, "Connection refused") || strstr(input_buffer, "Couldn't find server") || 382 else if (strstr(input_buffer, "Connection refused") || strstr(input_buffer, "Couldn't find server") ||
357 strstr(input_buffer, "Refused") || (strstr(input_buffer, "** server can't find") && strstr(input_buffer, ": REFUSED"))) 383 strstr(input_buffer, "Refused") || (strstr(input_buffer, "** server can't find") && strstr(input_buffer, ": REFUSED"))) {
358 die(STATE_CRITICAL, _("Connection to DNS %s was refused\n"), dns_server); 384 die(STATE_CRITICAL, _("Connection to DNS %s was refused\n"), dns_server);
385 }
359 386
360 /* Query refused (usually by an ACL in the namserver) */ 387 /* Query refused (usually by an ACL in the namserver) */
361 else if (strstr(input_buffer, "Query refused")) 388 else if (strstr(input_buffer, "Query refused")) {
362 die(STATE_CRITICAL, _("Query was refused by DNS server at %s\n"), dns_server); 389 die(STATE_CRITICAL, _("Query was refused by DNS server at %s\n"), dns_server);
390 }
363 391
364 /* No information (e.g. nameserver IP has two PTR records) */ 392 /* No information (e.g. nameserver IP has two PTR records) */
365 else if (strstr(input_buffer, "No information")) 393 else if (strstr(input_buffer, "No information")) {
366 die(STATE_CRITICAL, _("No information returned by DNS server at %s\n"), dns_server); 394 die(STATE_CRITICAL, _("No information returned by DNS server at %s\n"), dns_server);
395 }
367 396
368 /* Network is unreachable */ 397 /* Network is unreachable */
369 else if (strstr(input_buffer, "Network is unreachable")) 398 else if (strstr(input_buffer, "Network is unreachable")) {
370 die(STATE_CRITICAL, _("Network is unreachable\n")); 399 die(STATE_CRITICAL, _("Network is unreachable\n"));
400 }
371 401
372 /* Internal server failure */ 402 /* Internal server failure */
373 else if (strstr(input_buffer, "Server failure")) 403 else if (strstr(input_buffer, "Server failure")) {
374 die(STATE_CRITICAL, _("DNS failure for %s\n"), dns_server); 404 die(STATE_CRITICAL, _("DNS failure for %s\n"), dns_server);
405 }
375 406
376 /* Request error or the DNS lookup timed out */ 407 /* Request error or the DNS lookup timed out */
377 else if (strstr(input_buffer, "Format error") || strstr(input_buffer, "Timed out")) 408 else if (strstr(input_buffer, "Format error") || strstr(input_buffer, "Timed out")) {
378 return STATE_WARNING; 409 return STATE_WARNING;
410 }
379 411
380 return STATE_OK; 412 return STATE_OK;
381} 413}
382 414
383/* process command-line arguments */ 415/* process command-line arguments */
384int process_arguments(int argc, char **argv) { 416check_dns_config_wrapper process_arguments(int argc, char **argv) {
385 int c;
386 char *warning = NULL;
387 char *critical = NULL;
388
389 int opt_index = 0;
390 static struct option long_opts[] = {{"help", no_argument, 0, 'h'}, 417 static struct option long_opts[] = {{"help", no_argument, 0, 'h'},
391 {"version", no_argument, 0, 'V'}, 418 {"version", no_argument, 0, 'V'},
392 {"verbose", no_argument, 0, 'v'}, 419 {"verbose", no_argument, 0, 'v'},
@@ -402,20 +429,34 @@ int process_arguments(int argc, char **argv) {
402 {"critical", required_argument, 0, 'c'}, 429 {"critical", required_argument, 0, 'c'},
403 {0, 0, 0, 0}}; 430 {0, 0, 0, 0}};
404 431
405 if (argc < 2) 432 check_dns_config_wrapper result = {
406 return ERROR; 433 .config = check_dns_config_init(),
434 .errorcode = OK,
435 };
407 436
408 for (c = 1; c < argc; c++) 437 if (argc < 2) {
409 if (strcmp("-to", argv[c]) == 0) 438 result.errorcode = ERROR;
410 strcpy(argv[c], "-t"); 439 return result;
440 }
411 441
412 while (1) { 442 for (int index = 1; index < argc; index++) {
413 c = getopt_long(argc, argv, "hVvALnt:H:s:r:a:w:c:", long_opts, &opt_index); 443 if (strcmp("-to", argv[index]) == 0) {
444 strcpy(argv[index], "-t");
445 }
446 }
447
448 char *warning = NULL;
449 char *critical = NULL;
450 int opt_index = 0;
451 int index = 0;
452 while (true) {
453 index = getopt_long(argc, argv, "hVvALnt:H:s:r:a:w:c:", long_opts, &opt_index);
414 454
415 if (c == -1 || c == EOF) 455 if (index == -1 || index == EOF) {
416 break; 456 break;
457 }
417 458
418 switch (c) { 459 switch (index) {
419 case 'h': /* help */ 460 case 'h': /* help */
420 print_help(); 461 print_help();
421 exit(STATE_UNKNOWN); 462 exit(STATE_UNKNOWN);
@@ -429,54 +470,63 @@ int process_arguments(int argc, char **argv) {
429 timeout_interval = atoi(optarg); 470 timeout_interval = atoi(optarg);
430 break; 471 break;
431 case 'H': /* hostname */ 472 case 'H': /* hostname */
432 if (strlen(optarg) >= ADDRESS_LENGTH) 473 if (strlen(optarg) >= ADDRESS_LENGTH) {
433 die(STATE_UNKNOWN, _("Input buffer overflow\n")); 474 die(STATE_UNKNOWN, _("Input buffer overflow\n"));
434 strcpy(query_address, optarg); 475 }
476 strcpy(result.config.query_address, optarg);
435 break; 477 break;
436 case 's': /* server name */ 478 case 's': /* server name */
437 /* TODO: this host_or_die check is probably unnecessary. 479 /* TODO: this host_or_die check is probably unnecessary.
438 * Better to confirm nslookup response matches */ 480 * Better to confirm nslookup response matches */
439 host_or_die(optarg); 481 host_or_die(optarg);
440 if (strlen(optarg) >= ADDRESS_LENGTH) 482 if (strlen(optarg) >= ADDRESS_LENGTH) {
441 die(STATE_UNKNOWN, _("Input buffer overflow\n")); 483 die(STATE_UNKNOWN, _("Input buffer overflow\n"));
442 strcpy(dns_server, optarg); 484 }
485 strcpy(result.config.dns_server, optarg);
443 break; 486 break;
444 case 'r': /* reverse server name */ 487 case 'r': /* reverse server name */
445 /* TODO: Is this host_or_die necessary? */ 488 /* TODO: Is this host_or_die necessary? */
489 // TODO This does not do anything!!! 2025-03-08 rincewind
446 host_or_die(optarg); 490 host_or_die(optarg);
447 if (strlen(optarg) >= ADDRESS_LENGTH) 491 if (strlen(optarg) >= ADDRESS_LENGTH) {
448 die(STATE_UNKNOWN, _("Input buffer overflow\n")); 492 die(STATE_UNKNOWN, _("Input buffer overflow\n"));
493 }
494 static char ptr_server[ADDRESS_LENGTH] = "";
449 strcpy(ptr_server, optarg); 495 strcpy(ptr_server, optarg);
450 break; 496 break;
451 case 'a': /* expected address */ 497 case 'a': /* expected address */
452 if (strlen(optarg) >= ADDRESS_LENGTH) 498 if (strlen(optarg) >= ADDRESS_LENGTH) {
453 die(STATE_UNKNOWN, _("Input buffer overflow\n")); 499 die(STATE_UNKNOWN, _("Input buffer overflow\n"));
500 }
454 if (strchr(optarg, ',') != NULL) { 501 if (strchr(optarg, ',') != NULL) {
455 char *comma = strchr(optarg, ','); 502 char *comma = strchr(optarg, ',');
456 while (comma != NULL) { 503 while (comma != NULL) {
457 expected_address = (char **)realloc(expected_address, (expected_address_cnt + 1) * sizeof(char **)); 504 result.config.expected_address =
458 expected_address[expected_address_cnt] = strndup(optarg, comma - optarg); 505 (char **)realloc(result.config.expected_address, (result.config.expected_address_cnt + 1) * sizeof(char **));
459 expected_address_cnt++; 506 result.config.expected_address[result.config.expected_address_cnt] = strndup(optarg, comma - optarg);
507 result.config.expected_address_cnt++;
460 optarg = comma + 1; 508 optarg = comma + 1;
461 comma = strchr(optarg, ','); 509 comma = strchr(optarg, ',');
462 } 510 }
463 expected_address = (char **)realloc(expected_address, (expected_address_cnt + 1) * sizeof(char **)); 511 result.config.expected_address =
464 expected_address[expected_address_cnt] = strdup(optarg); 512 (char **)realloc(result.config.expected_address, (result.config.expected_address_cnt + 1) * sizeof(char **));
465 expected_address_cnt++; 513 result.config.expected_address[result.config.expected_address_cnt] = strdup(optarg);
514 result.config.expected_address_cnt++;
466 } else { 515 } else {
467 expected_address = (char **)realloc(expected_address, (expected_address_cnt + 1) * sizeof(char **)); 516 result.config.expected_address =
468 expected_address[expected_address_cnt] = strdup(optarg); 517 (char **)realloc(result.config.expected_address, (result.config.expected_address_cnt + 1) * sizeof(char **));
469 expected_address_cnt++; 518 result.config.expected_address[result.config.expected_address_cnt] = strdup(optarg);
519 result.config.expected_address_cnt++;
470 } 520 }
471 break; 521 break;
472 case 'n': /* expect NXDOMAIN */ 522 case 'n': /* expect NXDOMAIN */
473 expect_nxdomain = true; 523 result.config.expect_nxdomain = true;
474 break; 524 break;
475 case 'A': /* expect authority */ 525 case 'A': /* expect authority */
476 expect_authority = true; 526 result.config.expect_authority = true;
477 break; 527 break;
478 case 'L': /* all must match */ 528 case 'L': /* all must match */
479 all_match = true; 529 result.config.all_match = true;
480 break; 530 break;
481 case 'w': 531 case 'w':
482 warning = optarg; 532 warning = optarg;
@@ -489,38 +539,42 @@ int process_arguments(int argc, char **argv) {
489 } 539 }
490 } 540 }
491 541
492 c = optind; 542 index = optind;
493 if (strlen(query_address) == 0 && c < argc) { 543 if (strlen(result.config.query_address) == 0 && index < argc) {
494 if (strlen(argv[c]) >= ADDRESS_LENGTH) 544 if (strlen(argv[index]) >= ADDRESS_LENGTH) {
495 die(STATE_UNKNOWN, _("Input buffer overflow\n")); 545 die(STATE_UNKNOWN, _("Input buffer overflow\n"));
496 strcpy(query_address, argv[c++]); 546 }
547 strcpy(result.config.query_address, argv[index++]);
497 } 548 }
498 549
499 if (strlen(dns_server) == 0 && c < argc) { 550 if (strlen(result.config.dns_server) == 0 && index < argc) {
500 /* TODO: See -s option */ 551 /* TODO: See -s option */
501 host_or_die(argv[c]); 552 host_or_die(argv[index]);
502 if (strlen(argv[c]) >= ADDRESS_LENGTH) 553 if (strlen(argv[index]) >= ADDRESS_LENGTH) {
503 die(STATE_UNKNOWN, _("Input buffer overflow\n")); 554 die(STATE_UNKNOWN, _("Input buffer overflow\n"));
504 strcpy(dns_server, argv[c++]); 555 }
556 strcpy(result.config.dns_server, argv[index++]);
505 } 557 }
506 558
507 set_thresholds(&time_thresholds, warning, critical); 559 set_thresholds(&result.config.time_thresholds, warning, critical);
508 560
509 return validate_arguments(); 561 return validate_arguments(result);
510} 562}
511 563
512int validate_arguments(void) { 564check_dns_config_wrapper validate_arguments(check_dns_config_wrapper config_wrapper) {
513 if (query_address[0] == 0) { 565 if (config_wrapper.config.query_address[0] == 0) {
514 printf("missing --host argument\n"); 566 printf("missing --host argument\n");
515 return ERROR; 567 config_wrapper.errorcode = ERROR;
568 return config_wrapper;
516 } 569 }
517 570
518 if (expected_address_cnt > 0 && expect_nxdomain) { 571 if (config_wrapper.config.expected_address_cnt > 0 && config_wrapper.config.expect_nxdomain) {
519 printf("--expected-address and --expect-nxdomain cannot be combined\n"); 572 printf("--expected-address and --expect-nxdomain cannot be combined\n");
520 return ERROR; 573 config_wrapper.errorcode = ERROR;
574 return config_wrapper;
521 } 575 }
522 576
523 return OK; 577 return config_wrapper;
524} 578}
525 579
526void print_help(void) { 580void print_help(void) {
diff --git a/plugins/check_dns.d/config.h b/plugins/check_dns.d/config.h
new file mode 100644
index 00000000..9ec4eb82
--- /dev/null
+++ b/plugins/check_dns.d/config.h
@@ -0,0 +1,34 @@
1#pragma once
2
3#include "../../config.h"
4#include "thresholds.h"
5#include <stddef.h>
6
7#define ADDRESS_LENGTH 256
8
9typedef struct {
10 bool all_match;
11 char dns_server[ADDRESS_LENGTH];
12 char query_address[ADDRESS_LENGTH];
13 bool expect_nxdomain;
14 bool expect_authority;
15 char **expected_address;
16 size_t expected_address_cnt;
17
18 thresholds *time_thresholds;
19} check_dns_config;
20
21check_dns_config check_dns_config_init() {
22 check_dns_config tmp = {
23 .all_match = false,
24 .dns_server = "",
25 .query_address = "",
26 .expect_nxdomain = false,
27 .expect_authority = false,
28 .expected_address = NULL,
29 .expected_address_cnt = 0,
30
31 .time_thresholds = NULL,
32 };
33 return tmp;
34}