summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--plugins/check_curl.c70
1 files changed, 54 insertions, 16 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index 1b9064eb..209b4495 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -96,6 +96,7 @@ char *critical_thresholds = NULL;
96thresholds *thlds; 96thresholds *thlds;
97char user_agent[DEFAULT_BUFFER_SIZE]; 97char user_agent[DEFAULT_BUFFER_SIZE];
98int verbose = 0; 98int verbose = 0;
99char *http_method = NULL;
99CURL *curl; 100CURL *curl;
100struct curl_slist *header_list = NULL; 101struct curl_slist *header_list = NULL;
101curlhelp_curlbuf body_buf; 102curlhelp_curlbuf body_buf;
@@ -122,6 +123,7 @@ char *client_privkey = NULL;
122char *ca_cert = NULL; 123char *ca_cert = NULL;
123 124
124int process_arguments (int, char**); 125int process_arguments (int, char**);
126int check_http (void);
125void print_help (void); 127void print_help (void);
126void print_usage (void); 128void print_usage (void);
127void print_curl_version (void); 129void print_curl_version (void);
@@ -138,7 +140,7 @@ void test_file (char *);
138int 140int
139main (int argc, char **argv) 141main (int argc, char **argv)
140{ 142{
141 int result = STATE_OK; 143 int result = STATE_UNKNOWN;
142 144
143 setlocale (LC_ALL, ""); 145 setlocale (LC_ALL, "");
144 bindtextdomain (PACKAGE, LOCALEDIR); 146 bindtextdomain (PACKAGE, LOCALEDIR);
@@ -155,6 +157,15 @@ main (int argc, char **argv)
155 if (process_arguments (argc, argv) == ERROR) 157 if (process_arguments (argc, argv) == ERROR)
156 usage4 (_("Could not parse arguments")); 158 usage4 (_("Could not parse arguments"));
157 159
160 result = check_http ();
161 return result;
162}
163
164int
165check_http (void)
166{
167 int result = STATE_OK;
168
158 /* initialize curl */ 169 /* initialize curl */
159 if (curl_global_init (CURL_GLOBAL_DEFAULT) != CURLE_OK) 170 if (curl_global_init (CURL_GLOBAL_DEFAULT) != CURLE_OK)
160 die (STATE_UNKNOWN, "HTTP UNKNOWN - curl_global_init failed\n"); 171 die (STATE_UNKNOWN, "HTTP UNKNOWN - curl_global_init failed\n");
@@ -192,11 +203,26 @@ main (int argc, char **argv)
192 /* set port */ 203 /* set port */
193 curl_easy_setopt (curl, CURLOPT_PORT, server_port); 204 curl_easy_setopt (curl, CURLOPT_PORT, server_port);
194 205
195 /* compose HTTP headers */ 206 /* set HTTP method */
207 if (http_method) {
208 if (!strcmp(http_method, "POST"))
209 curl_easy_setopt (curl, CURLOPT_POST, 1);
210 else if (!strcmp(http_method, "PUT"))
211 curl_easy_setopt (curl, CURLOPT_PUT, 1);
212 curl_easy_setopt (curl, CURLOPT_CUSTOMREQUEST, http_method);
213 }
214
215 /* set hostname (virtual hosts) */
196 snprintf (http_header, DEFAULT_BUFFER_SIZE, "Host: %s", host_name); 216 snprintf (http_header, DEFAULT_BUFFER_SIZE, "Host: %s", host_name);
197 header_list = curl_slist_append (header_list, http_header); 217 header_list = curl_slist_append (header_list, http_header);
198 curl_easy_setopt( curl, CURLOPT_HTTPHEADER, header_list );
199 218
219 /* always close connection, be nice to servers */
220 snprintf (http_header, DEFAULT_BUFFER_SIZE, "Connection: close");
221 header_list = curl_slist_append (header_list, http_header);
222
223 /* set HTTP headers */
224 curl_easy_setopt( curl, CURLOPT_HTTPHEADER, header_list );
225
200 /* set SSL version, warn about unsecure or unsupported versions */ 226 /* set SSL version, warn about unsecure or unsupported versions */
201 if (use_ssl) { 227 if (use_ssl) {
202 curl_easy_setopt (curl, CURLOPT_SSLVERSION, ssl_version); 228 curl_easy_setopt (curl, CURLOPT_SSLVERSION, ssl_version);
@@ -407,7 +433,7 @@ test_file (char *path)
407int 433int
408process_arguments (int argc, char **argv) 434process_arguments (int argc, char **argv)
409{ 435{
410 int c; 436 int c = 1;
411 437
412 enum { 438 enum {
413 INVERT_REGEX = CHAR_MAX + 1, 439 INVERT_REGEX = CHAR_MAX + 1,
@@ -415,10 +441,12 @@ process_arguments (int argc, char **argv)
415 CA_CERT_OPTION 441 CA_CERT_OPTION
416 }; 442 };
417 443
418 int option=0; 444 int option = 0;
419 static struct option longopts[] = { 445 static struct option longopts[] = {
446 STD_LONG_OPTS,
420 {"ssl", optional_argument, 0, 'S'}, 447 {"ssl", optional_argument, 0, 'S'},
421 {"sni", no_argument, 0, SNI_OPTION}, 448 {"sni", no_argument, 0, SNI_OPTION},
449 {"method", required_argument, 0, 'j'},
422 {"IP-address", required_argument, 0, 'I'}, 450 {"IP-address", required_argument, 0, 'I'},
423 {"url", required_argument, 0, 'u'}, 451 {"url", required_argument, 0, 'u'},
424 {"port", required_argument, 0, 'p'}, 452 {"port", required_argument, 0, 'p'},
@@ -426,20 +454,20 @@ process_arguments (int argc, char **argv)
426 {"string", required_argument, 0, 's'}, 454 {"string", required_argument, 0, 's'},
427 {"regex", required_argument, 0, 'r'}, 455 {"regex", required_argument, 0, 'r'},
428 {"onredirect", required_argument, 0, 'f'}, 456 {"onredirect", required_argument, 0, 'f'},
457 {"certificate", required_argument, 0, 'C'},
429 {"client-cert", required_argument, 0, 'J'}, 458 {"client-cert", required_argument, 0, 'J'},
430 {"private-key", required_argument, 0, 'K'}, 459 {"private-key", required_argument, 0, 'K'},
431 {"ca-cert", required_argument, 0, CA_CERT_OPTION}, 460 {"ca-cert", required_argument, 0, CA_CERT_OPTION},
432 {"useragent", required_argument, 0, 'A'}, 461 {"useragent", required_argument, 0, 'A'},
433 {"invert-regex", no_argument, NULL, INVERT_REGEX}, 462 {"invert-regex", no_argument, NULL, INVERT_REGEX},
434 {"certificate", required_argument, 0, 'C'},
435 {0, 0, 0, 0} 463 {0, 0, 0, 0}
436 }; 464 };
437 465
438 if (argc < 2) 466 if (argc < 2)
439 usage ("\n"); 467 return ERROR;
440 468
441 while (1) { 469 while (1) {
442 c = getopt_long (argc, argv, "Vvht:c:w:A:H:I:a:p:s:r:u:f:C:J:K:S::", longopts, &option); 470 c = getopt_long (argc, argv, "Vvht:c:w:A:H:j:I:a:p:s:r:u:f:C:J:K:S::", longopts, &option);
443 if (c == -1 || c == EOF || c == 1) 471 if (c == -1 || c == EOF || c == 1)
444 break; 472 break;
445 473
@@ -490,6 +518,11 @@ process_arguments (int argc, char **argv)
490 strncpy (user_auth, optarg, MAX_INPUT_BUFFER - 1); 518 strncpy (user_auth, optarg, MAX_INPUT_BUFFER - 1);
491 user_auth[MAX_INPUT_BUFFER - 1] = 0; 519 user_auth[MAX_INPUT_BUFFER - 1] = 0;
492 break; 520 break;
521 case 'j': /* Set HTTP method */
522 if (http_method)
523 free(http_method);
524 http_method = strdup (optarg);
525 break;
493 case 'A': /* useragent */ 526 case 'A': /* useragent */
494 snprintf (user_agent, DEFAULT_BUFFER_SIZE, optarg); 527 snprintf (user_agent, DEFAULT_BUFFER_SIZE, optarg);
495 break; 528 break;
@@ -612,8 +645,8 @@ process_arguments (int argc, char **argv)
612 if (verbose >= 2) 645 if (verbose >= 2)
613 printf ("* Socket timeout set to %d seconds\n", socket_timeout); 646 printf ("* Socket timeout set to %d seconds\n", socket_timeout);
614 647
615 //~ if (http_method == NULL) 648 if (http_method == NULL)
616 //~ http_method = strdup ("GET"); 649 http_method = strdup ("GET");
617 650
618 if (client_cert && !client_privkey) 651 if (client_cert && !client_privkey)
619 usage4 (_("If you use a client certificate you must also specify a private key file")); 652 usage4 (_("If you use a client certificate you must also specify a private key file"));
@@ -627,7 +660,7 @@ process_arguments (int argc, char **argv)
627void 660void
628print_help (void) 661print_help (void)
629{ 662{
630 print_revision(progname, NP_VERSION); 663 print_revision (progname, NP_VERSION);
631 664
632 printf ("Copyright (c) 1999 Ethan Galstad <nagios@nagios.org>\n"); 665 printf ("Copyright (c) 1999 Ethan Galstad <nagios@nagios.org>\n");
633 printf ("Copyright (c) 2017 Andreas Baumann <abaumann@yahoo.com>\n"); 666 printf ("Copyright (c) 2017 Andreas Baumann <abaumann@yahoo.com>\n");
@@ -643,7 +676,7 @@ print_help (void)
643 676
644 printf ("\n\n"); 677 printf ("\n\n");
645 678
646 print_usage(); 679 print_usage ();
647 680
648 printf (_("NOTE: One or both of -H and -I must be specified")); 681 printf (_("NOTE: One or both of -H and -I must be specified"));
649 682
@@ -691,6 +724,8 @@ print_help (void)
691 printf (" %s\n", _("String to expect in the content")); 724 printf (" %s\n", _("String to expect in the content"));
692 printf (" %s\n", "-u, --url=PATH"); 725 printf (" %s\n", "-u, --url=PATH");
693 printf (" %s\n", _("URL to GET or POST (default: /)")); 726 printf (" %s\n", _("URL to GET or POST (default: /)"));
727 printf (" %s\n", "-j, --method=STRING (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT)");
728 printf (" %s\n", _("Set HTTP method."));
694 printf (" %s\n", "-r, --regex, --ereg=STRING"); 729 printf (" %s\n", "-r, --regex, --ereg=STRING");
695 printf (" %s\n", _("Search page for regex STRING")); 730 printf (" %s\n", _("Search page for regex STRING"));
696 printf (" %s\n", "-a, --authorization=AUTH_PAIR"); 731 printf (" %s\n", "-a, --authorization=AUTH_PAIR");
@@ -726,26 +761,26 @@ print_help (void)
726 printf (" %s\n", _("has a valid chain of trust to one of the locally installed CAs.")); 761 printf (" %s\n", _("has a valid chain of trust to one of the locally installed CAs."));
727 printf ("\n"); 762 printf ("\n");
728 printf ("%s\n", _("Examples:")); 763 printf ("%s\n", _("Examples:"));
729 printf (" %s\n\n", "CHECK CONTENT: check_http -w 5 -c 10 --ssl -H www.verisign.com"); 764 printf (" %s\n\n", "CHECK CONTENT: check_curl -w 5 -c 10 --ssl -H www.verisign.com");
730 printf (" %s\n", _("When the 'www.verisign.com' server returns its content within 5 seconds,")); 765 printf (" %s\n", _("When the 'www.verisign.com' server returns its content within 5 seconds,"));
731 printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds")); 766 printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds"));
732 printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,")); 767 printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,"));
733 printf (" %s\n", _("a STATE_CRITICAL will be returned.")); 768 printf (" %s\n", _("a STATE_CRITICAL will be returned."));
734 printf ("\n"); 769 printf ("\n");
735 printf (" %s\n\n", "CHECK CERTIFICATE: check_http -H www.verisign.com -C 14"); 770 printf (" %s\n\n", "CHECK CERTIFICATE: check_curl -H www.verisign.com -C 14");
736 printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 14 days,")); 771 printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 14 days,"));
737 printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); 772 printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
738 printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when")); 773 printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when"));
739 printf (" %s\n\n", _("the certificate is expired.")); 774 printf (" %s\n\n", _("the certificate is expired."));
740 printf ("\n"); 775 printf ("\n");
741 printf (" %s\n\n", "CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14"); 776 printf (" %s\n\n", "CHECK CERTIFICATE: check_curl -H www.verisign.com -C 30,14");
742 printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,")); 777 printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,"));
743 printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); 778 printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
744 printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned.")); 779 printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned."));
745 printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days")); 780 printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days"));
746 781
747 printf (" %s\n\n", "CHECK SSL WEBSERVER CONTENT VIA PROXY USING HTTP 1.1 CONNECT: "); 782 printf (" %s\n\n", "CHECK SSL WEBSERVER CONTENT VIA PROXY USING HTTP 1.1 CONNECT: ");
748 printf (" %s\n", _("check_http -I 192.168.100.35 -p 80 -u https://www.verisign.com/ -S -j CONNECT -H www.verisign.com ")); 783 printf (" %s\n", _("check_curl -I 192.168.100.35 -p 80 -u https://www.verisign.com/ -S -j CONNECT -H www.verisign.com "));
749 printf (" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>")); 784 printf (" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>"));
750 printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds")); 785 printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds"));
751 printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,")); 786 printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,"));
@@ -754,8 +789,11 @@ print_help (void)
754#endif 789#endif
755 790
756 printf (UT_SUPPORT); 791 printf (UT_SUPPORT);
792
757} 793}
758 794
795
796
759void 797void
760print_usage (void) 798print_usage (void)
761{ 799{