summaryrefslogtreecommitdiffstats
path: root/plugins/check_curl.c
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/check_curl.c')
-rw-r--r--plugins/check_curl.c63
1 files changed, 43 insertions, 20 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index bd3f7dce..95e45282 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -92,16 +92,16 @@ typedef struct {
92static check_curl_config_wrapper process_arguments(int /*argc*/, char ** /*argv*/); 92static check_curl_config_wrapper process_arguments(int /*argc*/, char ** /*argv*/);
93 93
94static mp_subcheck check_http(check_curl_config /*config*/, check_curl_working_state workingState, 94static mp_subcheck check_http(check_curl_config /*config*/, check_curl_working_state workingState,
95 int redir_depth); 95 long redir_depth);
96 96
97typedef struct { 97typedef struct {
98 int redir_depth; 98 long redir_depth;
99 check_curl_working_state working_state; 99 check_curl_working_state working_state;
100 int error_code; 100 int error_code;
101 check_curl_global_state curl_state; 101 check_curl_global_state curl_state;
102} redir_wrapper; 102} redir_wrapper;
103static redir_wrapper redir(curlhelp_write_curlbuf * /*header_buf*/, check_curl_config /*config*/, 103static redir_wrapper redir(curlhelp_write_curlbuf * /*header_buf*/, check_curl_config /*config*/,
104 int redir_depth, check_curl_working_state working_state); 104 long redir_depth, check_curl_working_state working_state);
105 105
106static void print_help(void); 106static void print_help(void);
107void print_usage(void); 107void print_usage(void);
@@ -120,6 +120,14 @@ mp_state_enum np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_
120#endif /* defined(HAVE_SSL) && defined(USE_OPENSSL) */ 120#endif /* defined(HAVE_SSL) && defined(USE_OPENSSL) */
121 121
122int main(int argc, char **argv) { 122int main(int argc, char **argv) {
123#ifdef __OpenBSD__
124 /* - rpath is required to read --extra-opts, CA and/or client certs
125 * - wpath is required to write --cookie-jar (possibly given up later)
126 * - inet is required for sockets
127 * - dns is required for name lookups */
128 pledge("stdio rpath wpath inet dns", NULL);
129#endif // __OpenBSD__
130
123 setlocale(LC_ALL, ""); 131 setlocale(LC_ALL, "");
124 bindtextdomain(PACKAGE, LOCALEDIR); 132 bindtextdomain(PACKAGE, LOCALEDIR);
125 textdomain(PACKAGE); 133 textdomain(PACKAGE);
@@ -135,6 +143,15 @@ int main(int argc, char **argv) {
135 143
136 const check_curl_config config = tmp_config.config; 144 const check_curl_config config = tmp_config.config;
137 145
146#ifdef __OpenBSD__
147 if (!config.curl_config.cookie_jar_file) {
148 if (verbose >= 2) {
149 printf(_("* No \"--cookie-jar\" is used, giving up \"wpath\" pledge(2)\n"));
150 }
151 pledge("stdio rpath inet dns", NULL);
152 }
153#endif // __OpenBSD__
154
138 if (config.output_format_is_set) { 155 if (config.output_format_is_set) {
139 mp_set_format(config.output_format); 156 mp_set_format(config.output_format);
140 } 157 }
@@ -198,7 +215,7 @@ CURLcode sslctxfun(CURL *curl, SSL_CTX *sslctx, void *parm) {
198#endif /* HAVE_SSL */ 215#endif /* HAVE_SSL */
199 216
200mp_subcheck check_http(const check_curl_config config, check_curl_working_state workingState, 217mp_subcheck check_http(const check_curl_config config, check_curl_working_state workingState,
201 int redir_depth) { 218 long redir_depth) {
202 219
203 // ======================= 220 // =======================
204 // Initialisation for curl 221 // Initialisation for curl
@@ -441,19 +458,19 @@ mp_subcheck check_http(const check_curl_config config, check_curl_working_state
441 "CURLINFO_REDIRECT_COUNT"); 458 "CURLINFO_REDIRECT_COUNT");
442 459
443 if (verbose >= 2) { 460 if (verbose >= 2) {
444 printf(_("* curl LIBINFO_REDIRECT_COUNT is %d\n"), redir_depth); 461 printf(_("* curl LIBINFO_REDIRECT_COUNT is %ld\n"), redir_depth);
445 } 462 }
446 463
447 mp_subcheck sc_redir_depth = mp_subcheck_init(); 464 mp_subcheck sc_redir_depth = mp_subcheck_init();
448 if (redir_depth > config.max_depth) { 465 if (redir_depth > config.max_depth) {
449 xasprintf(&sc_redir_depth.output, 466 xasprintf(&sc_redir_depth.output,
450 "maximum redirection depth %d exceeded in libcurl", 467 "maximum redirection depth %ld exceeded in libcurl",
451 config.max_depth); 468 config.max_depth);
452 sc_redir_depth = mp_set_subcheck_state(sc_redir_depth, STATE_CRITICAL); 469 sc_redir_depth = mp_set_subcheck_state(sc_redir_depth, STATE_CRITICAL);
453 mp_add_subcheck_to_subcheck(&sc_result, sc_redir_depth); 470 mp_add_subcheck_to_subcheck(&sc_result, sc_redir_depth);
454 return sc_result; 471 return sc_result;
455 } 472 }
456 xasprintf(&sc_redir_depth.output, "redirection depth %d (of a maximum %d)", 473 xasprintf(&sc_redir_depth.output, "redirection depth %ld (of a maximum %ld)",
457 redir_depth, config.max_depth); 474 redir_depth, config.max_depth);
458 mp_add_subcheck_to_subcheck(&sc_result, sc_redir_depth); 475 mp_add_subcheck_to_subcheck(&sc_result, sc_redir_depth);
459 476
@@ -653,7 +670,7 @@ char *uri_string(const UriTextRangeA range, char *buf, size_t buflen) {
653} 670}
654 671
655redir_wrapper redir(curlhelp_write_curlbuf *header_buf, const check_curl_config config, 672redir_wrapper redir(curlhelp_write_curlbuf *header_buf, const check_curl_config config,
656 int redir_depth, check_curl_working_state working_state) { 673 long redir_depth, check_curl_working_state working_state) {
657 curlhelp_statusline status_line; 674 curlhelp_statusline status_line;
658 struct phr_header headers[255]; 675 struct phr_header headers[255];
659 size_t msglen; 676 size_t msglen;
@@ -678,7 +695,7 @@ redir_wrapper redir(curlhelp_write_curlbuf *header_buf, const check_curl_config
678 } 695 }
679 696
680 if (++redir_depth > config.max_depth) { 697 if (++redir_depth > config.max_depth) {
681 die(STATE_WARNING, _("HTTP WARNING - maximum redirection depth %d exceeded - %s\n"), 698 die(STATE_WARNING, _("HTTP WARNING - maximum redirection depth %ld exceeded - %s\n"),
682 config.max_depth, location); 699 config.max_depth, location);
683 } 700 }
684 701
@@ -775,19 +792,23 @@ redir_wrapper redir(curlhelp_write_curlbuf *header_buf, const check_curl_config
775 /* missing components have null,null in their UriTextRangeA 792 /* missing components have null,null in their UriTextRangeA
776 * add query parameters if they exist. 793 * add query parameters if they exist.
777 */ 794 */
778 if (uri.query.first && uri.query.afterLast){ 795 if (uri.query.first && uri.query.afterLast) {
779 // Ensure we have space for '?' + query_str + '\0' ahead of time, instead of calling strncat twice 796 // Ensure we have space for '?' + query_str + '\0' ahead of time, instead of calling strncat
797 // twice
780 size_t current_len = strlen(new_url); 798 size_t current_len = strlen(new_url);
781 size_t remaining_space = DEFAULT_BUFFER_SIZE - current_len - 1; 799 size_t remaining_space = DEFAULT_BUFFER_SIZE - current_len - 1;
782 800
783 const char* query_str = uri_string(uri.query, buf, DEFAULT_BUFFER_SIZE); 801 const char *query_str = uri_string(uri.query, buf, DEFAULT_BUFFER_SIZE);
784 size_t query_str_len = strlen(query_str); 802 size_t query_str_len = strlen(query_str);
785 803
786 if (remaining_space >= query_str_len + 1) { 804 if (remaining_space >= query_str_len + 1) {
787 strcat(new_url, "?"); 805 strcat(new_url, "?");
788 strcat(new_url, query_str); 806 strcat(new_url, query_str);
789 }else{ 807 } else {
790 die(STATE_UNKNOWN, _("HTTP UNKNOWN - No space to add query part of size %d to the buffer, buffer has remaining size %d"), query_str_len , current_len ); 808 die(STATE_UNKNOWN,
809 _("HTTP UNKNOWN - No space to add query part of size %zu to the buffer, buffer has "
810 "remaining size %zu"),
811 query_str_len, current_len);
791 } 812 }
792 } 813 }
793 814
@@ -1244,7 +1265,7 @@ check_curl_config_wrapper process_arguments(int argc, char **argv) {
1244 result.config.curl_config.sin_family = AF_INET; 1265 result.config.curl_config.sin_family = AF_INET;
1245 break; 1266 break;
1246 case '6': 1267 case '6':
1247#if defined(USE_IPV6) && defined(LIBCURL_FEATURE_IPV6) 1268#if defined(LIBCURL_FEATURE_IPV6)
1248 result.config.curl_config.sin_family = AF_INET6; 1269 result.config.curl_config.sin_family = AF_INET6;
1249#else 1270#else
1250 usage4(_("IPv6 support not available")); 1271 usage4(_("IPv6 support not available"));
@@ -1419,7 +1440,7 @@ check_curl_config_wrapper process_arguments(int argc, char **argv) {
1419 } 1440 }
1420#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) */ 1441#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) */
1421 if (verbose >= 2) { 1442 if (verbose >= 2) {
1422 printf(_("* Set SSL/TLS version to %d\n"), result.config.curl_config.ssl_version); 1443 printf(_("* Set SSL/TLS version to %ld\n"), result.config.curl_config.ssl_version);
1423 } 1444 }
1424 if (!specify_port) { 1445 if (!specify_port) {
1425 result.config.initial_config.serverPort = HTTPS_PORT; 1446 result.config.initial_config.serverPort = HTTPS_PORT;
@@ -1501,8 +1522,8 @@ void print_help(void) {
1501 printf(" %s\n", "-I, --IP-address=ADDRESS"); 1522 printf(" %s\n", "-I, --IP-address=ADDRESS");
1502 printf(" %s\n", 1523 printf(" %s\n",
1503 "IP address or name (use numeric address if possible to bypass DNS lookup)."); 1524 "IP address or name (use numeric address if possible to bypass DNS lookup).");
1504 printf(" %s\n", 1525 printf(" %s\n", "This overwrites the network address of the target while leaving everything "
1505 "This overwrites the network address of the target while leaving everything else (HTTP headers) as they are"); 1526 "else (HTTP headers) as they are");
1506 printf(" %s\n", "-p, --port=INTEGER"); 1527 printf(" %s\n", "-p, --port=INTEGER");
1507 printf(" %s", _("Port number (default: ")); 1528 printf(" %s", _("Port number (default: "));
1508 printf("%d)\n", HTTP_PORT); 1529 printf("%d)\n", HTTP_PORT);
@@ -1566,7 +1587,8 @@ void print_help(void) {
1566 printf(" %s\n", _("String to expect in the content")); 1587 printf(" %s\n", _("String to expect in the content"));
1567 printf(" %s\n", "-u, --url=PATH"); 1588 printf(" %s\n", "-u, --url=PATH");
1568 printf(" %s\n", _("URL to GET or POST (default: /)")); 1589 printf(" %s\n", _("URL to GET or POST (default: /)"));
1569 printf(" %s\n", _("This is the part after the address in a URL, so for \"https://example.com/index.html\" it would be '-u /index.html'")); 1590 printf(" %s\n", _("This is the part after the address in a URL, so for "
1591 "\"https://example.com/index.html\" it would be '-u /index.html'"));
1570 printf(" %s\n", "-P, --post=STRING"); 1592 printf(" %s\n", "-P, --post=STRING");
1571 printf(" %s\n", _("URL decoded http POST data")); 1593 printf(" %s\n", _("URL decoded http POST data"));
1572 printf(" %s\n", 1594 printf(" %s\n",
@@ -1712,7 +1734,8 @@ void print_help(void) {
1712 printf(" %s\n", _("It is recommended to use an environment proxy like:")); 1734 printf(" %s\n", _("It is recommended to use an environment proxy like:"));
1713 printf(" %s\n", 1735 printf(" %s\n",
1714 _("https_proxy=http://192.168.100.35:3128 ./check_curl -H www.verisign.com -S")); 1736 _("https_proxy=http://192.168.100.35:3128 ./check_curl -H www.verisign.com -S"));
1715 printf(" %s\n", _("legacy proxy requests in check_http style might still work, but are frowned upon, so DONT:")); 1737 printf(" %s\n", _("legacy proxy requests in check_http style might still work, but are frowned "
1738 "upon, so DONT:"));
1716 printf(" %s\n", _("check_curl -I 192.168.100.35 -p 3128 -u https://www.verisign.com/ -S -j " 1739 printf(" %s\n", _("check_curl -I 192.168.100.35 -p 3128 -u https://www.verisign.com/ -S -j "
1717 "CONNECT -H www.verisign.com ")); 1740 "CONNECT -H www.verisign.com "));
1718 printf(" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> " 1741 printf(" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> "