summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--plugins/check_curl.c43
-rw-r--r--plugins/check_mysql_query.c12
-rw-r--r--plugins/t/check_curl.t4
-rwxr-xr-xplugins/tests/check_curl.t16
4 files changed, 54 insertions, 21 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index 2d69b31..ee9c8b1 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -296,6 +296,28 @@ CURLcode sslctxfun(CURL *curl, SSL_CTX *sslctx, void *parm)
296#endif /* USE_OPENSSL */ 296#endif /* USE_OPENSSL */
297#endif /* HAVE_SSL */ 297#endif /* HAVE_SSL */
298 298
299/* returns a string "HTTP/1.x" or "HTTP/2" */
300static char *string_statuscode (int major, int minor)
301{
302 static char buf[10];
303
304 switch (major) {
305 case 1:
306 snprintf (buf, sizeof (buf), "HTTP/%d.%d", major, minor);
307 break;
308 case 2:
309 case 3:
310 snprintf (buf, sizeof (buf), "HTTP/%d", major);
311 break;
312 default:
313 /* assuming here HTTP/N with N>=4 */
314 snprintf (buf, sizeof (buf), "HTTP/%d", major);
315 break;
316 }
317
318 return buf;
319}
320
299/* Checks if the server 'reply' is one of the expected 'statuscodes' */ 321/* Checks if the server 'reply' is one of the expected 'statuscodes' */
300static int 322static int
301expected_statuscode (const char *reply, const char *statuscodes) 323expected_statuscode (const char *reply, const char *statuscodes)
@@ -640,7 +662,7 @@ check_http (void)
640 /* Curl errors, result in critical Nagios state */ 662 /* Curl errors, result in critical Nagios state */
641 if (res != CURLE_OK) { 663 if (res != CURLE_OK) {
642 snprintf (msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host on port %d: cURL returned %d - %s"), 664 snprintf (msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host on port %d: cURL returned %d - %s"),
643 server_port, res, curl_easy_strerror(res)); 665 server_port, res, errbuf[0] ? errbuf : curl_easy_strerror(res));
644 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg); 666 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
645 } 667 }
646 668
@@ -746,7 +768,8 @@ GOT_FIRST_CERT:
746 if (curlhelp_parse_statusline (header_buf.buf, &status_line) < 0) { 768 if (curlhelp_parse_statusline (header_buf.buf, &status_line) < 0) {
747 snprintf (msg, DEFAULT_BUFFER_SIZE, "Unparsable status line in %.3g seconds response time|%s\n", 769 snprintf (msg, DEFAULT_BUFFER_SIZE, "Unparsable status line in %.3g seconds response time|%s\n",
748 total_time, perfstring); 770 total_time, perfstring);
749 die (STATE_CRITICAL, "HTTP CRITICAL HTTP/1.x %ld unknown - %s", code, msg); 771 /* we cannot know the major/minor version here for sure as we cannot parse the first line */
772 die (STATE_CRITICAL, "HTTP CRITICAL HTTP/x.x %ld unknown - %s", code, msg);
750 } 773 }
751 774
752 /* get result code from cURL */ 775 /* get result code from cURL */
@@ -823,8 +846,8 @@ GOT_FIRST_CERT:
823 846
824 /* check status codes, set exit status accordingly */ 847 /* check status codes, set exit status accordingly */
825 if( status_line.http_code != code ) { 848 if( status_line.http_code != code ) {
826 die (STATE_CRITICAL, _("HTTP CRITICAL HTTP/%d.%d %d %s - different HTTP codes (cUrl has %ld)\n"), 849 die (STATE_CRITICAL, _("HTTP CRITICAL %s %d %s - different HTTP codes (cUrl has %ld)\n"),
827 status_line.http_major, status_line.http_minor, 850 string_statuscode (status_line.http_major, status_line.http_minor),
828 status_line.http_code, status_line.msg, code); 851 status_line.http_code, status_line.msg, code);
829 } 852 }
830 853
@@ -895,8 +918,8 @@ GOT_FIRST_CERT:
895 msg[strlen(msg)-3] = '\0'; 918 msg[strlen(msg)-3] = '\0';
896 919
897 /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */ 920 /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */
898 die (result, "HTTP %s: HTTP/%d.%d %d %s%s%s - %d bytes in %.3f second response time %s|%s\n", 921 die (result, "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n",
899 state_text(result), status_line.http_major, status_line.http_minor, 922 state_text(result), string_statuscode (status_line.http_major, status_line.http_minor),
900 status_line.http_code, status_line.msg, 923 status_line.http_code, status_line.msg,
901 strlen(msg) > 0 ? " - " : "", 924 strlen(msg) > 0 ? " - " : "",
902 msg, page_len, total_time, 925 msg, page_len, total_time,
@@ -1041,7 +1064,7 @@ redir (curlhelp_write_curlbuf* header_buf)
1041 const UriPathSegmentA* p = uri.pathHead; 1064 const UriPathSegmentA* p = uri.pathHead;
1042 for (; p; p = p->next) { 1065 for (; p; p = p->next) {
1043 strncat (new_url, "/", DEFAULT_BUFFER_SIZE); 1066 strncat (new_url, "/", DEFAULT_BUFFER_SIZE);
1044 strncat (new_url, uri_string (p->text, buf, DEFAULT_BUFFER_SIZE), DEFAULT_BUFFER_SIZE); 1067 strncat (new_url, uri_string (p->text, buf, DEFAULT_BUFFER_SIZE), DEFAULT_BUFFER_SIZE-1);
1045 } 1068 }
1046 } 1069 }
1047 1070
@@ -1354,7 +1377,7 @@ process_arguments (int argc, char **argv)
1354 ssl_version = CURL_SSLVERSION_DEFAULT; 1377 ssl_version = CURL_SSLVERSION_DEFAULT;
1355#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0) */ 1378#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0) */
1356 else 1379 else
1357 usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)")); 1380 usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2, 1.3 (with optional '+' suffix)"));
1358 } 1381 }
1359#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) 1382#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0)
1360 if (got_plus) { 1383 if (got_plus) {
@@ -1659,7 +1682,7 @@ print_help (void)
1659 printf (" %s\n", "-S, --ssl=VERSION[+]"); 1682 printf (" %s\n", "-S, --ssl=VERSION[+]");
1660 printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents")); 1683 printf (" %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents"));
1661 printf (" %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,")); 1684 printf (" %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,"));
1662 printf (" %s\n", _("1.2 = TLSv1.2). With a '+' suffix, newer versions are also accepted.")); 1685 printf (" %s\n", _("1.2 = TLSv1.2, 1.3 = TLSv1.3). With a '+' suffix, newer versions are also accepted."));
1663 printf (" %s\n", _("Note: SSLv2 and SSLv3 are deprecated and are usually disabled in libcurl")); 1686 printf (" %s\n", _("Note: SSLv2 and SSLv3 are deprecated and are usually disabled in libcurl"));
1664 printf (" %s\n", "--sni"); 1687 printf (" %s\n", "--sni");
1665 printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); 1688 printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
@@ -2037,7 +2060,7 @@ get_header_value (const struct phr_header* headers, const size_t nof_headers, co
2037{ 2060{
2038 int i; 2061 int i;
2039 for( i = 0; i < nof_headers; i++ ) { 2062 for( i = 0; i < nof_headers; i++ ) {
2040 if( strncasecmp( header, headers[i].name, max( headers[i].name_len, 4 ) ) == 0 ) { 2063 if(headers[i].name != NULL && strncasecmp( header, headers[i].name, max( headers[i].name_len, 4 ) ) == 0 ) {
2041 return strndup( headers[i].value, headers[i].value_len ); 2064 return strndup( headers[i].value, headers[i].value_len );
2042 } 2065 }
2043 } 2066 }
diff --git a/plugins/check_mysql_query.c b/plugins/check_mysql_query.c
index 49a14dd..ac2fb15 100644
--- a/plugins/check_mysql_query.c
+++ b/plugins/check_mysql_query.c
@@ -136,18 +136,18 @@ main (int argc, char **argv)
136 die (STATE_CRITICAL, "QUERY %s: Fetch row error - %s\n", _("CRITICAL"), error); 136 die (STATE_CRITICAL, "QUERY %s: Fetch row error - %s\n", _("CRITICAL"), error);
137 } 137 }
138 138
139 /* free the result */
140 mysql_free_result (res);
141
142 /* close the connection */
143 mysql_close (&mysql);
144
145 if (! is_numeric(row[0])) { 139 if (! is_numeric(row[0])) {
146 die (STATE_CRITICAL, "QUERY %s: %s - '%s'\n", _("CRITICAL"), _("Is not a numeric"), row[0]); 140 die (STATE_CRITICAL, "QUERY %s: %s - '%s'\n", _("CRITICAL"), _("Is not a numeric"), row[0]);
147 } 141 }
148 142
149 value = strtod(row[0], NULL); 143 value = strtod(row[0], NULL);
150 144
145 /* free the result */
146 mysql_free_result (res);
147
148 /* close the connection */
149 mysql_close (&mysql);
150
151 if (verbose >= 3) 151 if (verbose >= 3)
152 printf("mysql result: %f\n", value); 152 printf("mysql result: %f\n", value);
153 153
diff --git a/plugins/t/check_curl.t b/plugins/t/check_curl.t
index 4bff538..cc65f03 100644
--- a/plugins/t/check_curl.t
+++ b/plugins/t/check_curl.t
@@ -46,7 +46,7 @@ $res = NPTest->testCmd(
46 ); 46 );
47cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" ); 47cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" );
48# was CRITICAL only, but both check_curl and check_http print HTTP CRITICAL (puzzle?!) 48# was CRITICAL only, but both check_curl and check_http print HTTP CRITICAL (puzzle?!)
49cmp_ok( $res->output, 'eq', "HTTP CRITICAL - Invalid HTTP response received from host on port 80: cURL returned 28 - Timeout was reached", "Output OK"); 49like( $res->output, "/HTTP CRITICAL - Invalid HTTP response received from host on port 80: cURL returned 28 - Connection timed out after/", "Output OK");
50 50
51$res = NPTest->testCmd( 51$res = NPTest->testCmd(
52 "./$plugin $hostname_invalid -wt 1 -ct 2" 52 "./$plugin $hostname_invalid -wt 1 -ct 2"
@@ -56,7 +56,7 @@ cmp_ok( $res->return_code, '==', 2, "Webserver $hostname_invalid not valid" );
56# On Debian, it is Name or service not known, on Darwin, it is No address associated with nodename 56# On Debian, it is Name or service not known, on Darwin, it is No address associated with nodename
57# Is also possible to get a socket timeout if DNS is not responding fast enough 57# Is also possible to get a socket timeout if DNS is not responding fast enough
58# cURL gives us consistent strings from it's own 'lib/strerror.c' 58# cURL gives us consistent strings from it's own 'lib/strerror.c'
59like( $res->output, "/cURL returned 6 - Couldn't resolve host name/", "Output OK"); 59like( $res->output, "/cURL returned 6 - Could not resolve host:/", "Output OK");
60 60
61# host header checks 61# host header checks
62$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http"); 62$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http");
diff --git a/plugins/tests/check_curl.t b/plugins/tests/check_curl.t
index 1afbe4b..0caad23 100755
--- a/plugins/tests/check_curl.t
+++ b/plugins/tests/check_curl.t
@@ -21,7 +21,7 @@ use FindBin qw($Bin);
21 21
22$ENV{'LC_TIME'} = "C"; 22$ENV{'LC_TIME'} = "C";
23 23
24my $common_tests = 70; 24my $common_tests = 72;
25my $ssl_only_tests = 8; 25my $ssl_only_tests = 8;
26# Check that all dependent modules are available 26# Check that all dependent modules are available
27eval "use HTTP::Daemon 6.01;"; 27eval "use HTTP::Daemon 6.01;";
@@ -188,6 +188,12 @@ sub run_server {
188 $c->send_basic_header; 188 $c->send_basic_header;
189 $c->send_header('foo'); 189 $c->send_header('foo');
190 $c->send_crlf; 190 $c->send_crlf;
191 } elsif ($r->url->path eq "/header_broken_check") {
192 $c->send_basic_header;
193 $c->send_header('foo');
194 print $c "Test1:: broken\n";
195 print $c " Test2: leading whitespace\n";
196 $c->send_crlf;
191 } elsif ($r->url->path eq "/virtual_port") { 197 } elsif ($r->url->path eq "/virtual_port") {
192 # return sent Host header 198 # return sent Host header
193 $c->send_basic_header; 199 $c->send_basic_header;
@@ -247,7 +253,7 @@ my $cmd;
247# advanced checks with virtual hostname and virtual port 253# advanced checks with virtual hostname and virtual port
248SKIP: { 254SKIP: {
249 skip "libcurl version is smaller than $required_version", 6 unless $use_advanced_checks; 255 skip "libcurl version is smaller than $required_version", 6 unless $use_advanced_checks;
250 256
251 # http without virtual port 257 # http without virtual port
252 $cmd = "./$plugin -H $virtual_host -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host:$port_http\$"; 258 $cmd = "./$plugin -H $virtual_host -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host:$port_http\$";
253 $result = NPTest->testCmd( $cmd ); 259 $result = NPTest->testCmd( $cmd );
@@ -259,7 +265,7 @@ SKIP: {
259 $result = NPTest->testCmd( $cmd ); 265 $result = NPTest->testCmd( $cmd );
260 is( $result->return_code, 0, $cmd); 266 is( $result->return_code, 0, $cmd);
261 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output ); 267 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
262 268
263 # http with virtual port (80) 269 # http with virtual port (80)
264 $cmd = "./$plugin -H $virtual_host:80 -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host\$"; 270 $cmd = "./$plugin -H $virtual_host:80 -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host\$";
265 $result = NPTest->testCmd( $cmd ); 271 $result = NPTest->testCmd( $cmd );
@@ -321,6 +327,10 @@ sub run_common_tests {
321 is( $result->return_code, 2, "Missing header string check"); 327 is( $result->return_code, 2, "Missing header string check");
322 like( $result->output, qr%^HTTP CRITICAL: HTTP/1\.1 200 OK - header 'bar' not found on 'https?://127\.0\.0\.1:\d+/header_check'%, "Shows search string and location"); 328 like( $result->output, qr%^HTTP CRITICAL: HTTP/1\.1 200 OK - header 'bar' not found on 'https?://127\.0\.0\.1:\d+/header_check'%, "Shows search string and location");
323 329
330 $result = NPTest->testCmd( "$command -u /header_broken_check" );
331 is( $result->return_code, 0, "header_check search for string");
332 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 138 bytes in [\d\.]+ second/', "Output correct" );
333
324 my $cmd; 334 my $cmd;
325 $cmd = "$command -u /slow"; 335 $cmd = "$command -u /slow";
326 $result = NPTest->testCmd( $cmd ); 336 $result = NPTest->testCmd( $cmd );