summaryrefslogtreecommitdiffstats
path: root/plugins/check_curl.c
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/check_curl.c')
-rw-r--r--plugins/check_curl.c65
1 files changed, 47 insertions, 18 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index e3e514ff..1dec8a2a 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -92,16 +92,16 @@ typedef struct {
92static check_curl_config_wrapper process_arguments(int /*argc*/, char ** /*argv*/); 92static check_curl_config_wrapper process_arguments(int /*argc*/, char ** /*argv*/);
93 93
94static mp_subcheck check_http(check_curl_config /*config*/, check_curl_working_state workingState, 94static mp_subcheck check_http(check_curl_config /*config*/, check_curl_working_state workingState,
95 int redir_depth); 95 long redir_depth);
96 96
97typedef struct { 97typedef struct {
98 int redir_depth; 98 long redir_depth;
99 check_curl_working_state working_state; 99 check_curl_working_state working_state;
100 int error_code; 100 int error_code;
101 check_curl_global_state curl_state; 101 check_curl_global_state curl_state;
102} redir_wrapper; 102} redir_wrapper;
103static redir_wrapper redir(curlhelp_write_curlbuf * /*header_buf*/, check_curl_config /*config*/, 103static redir_wrapper redir(curlhelp_write_curlbuf * /*header_buf*/, check_curl_config /*config*/,
104 int redir_depth, check_curl_working_state working_state); 104 long redir_depth, check_curl_working_state working_state);
105 105
106static void print_help(void); 106static void print_help(void);
107void print_usage(void); 107void print_usage(void);
@@ -198,7 +198,7 @@ CURLcode sslctxfun(CURL *curl, SSL_CTX *sslctx, void *parm) {
198#endif /* HAVE_SSL */ 198#endif /* HAVE_SSL */
199 199
200mp_subcheck check_http(const check_curl_config config, check_curl_working_state workingState, 200mp_subcheck check_http(const check_curl_config config, check_curl_working_state workingState,
201 int redir_depth) { 201 long redir_depth) {
202 202
203 // ======================= 203 // =======================
204 // Initialisation for curl 204 // Initialisation for curl
@@ -441,19 +441,19 @@ mp_subcheck check_http(const check_curl_config config, check_curl_working_state
441 "CURLINFO_REDIRECT_COUNT"); 441 "CURLINFO_REDIRECT_COUNT");
442 442
443 if (verbose >= 2) { 443 if (verbose >= 2) {
444 printf(_("* curl LIBINFO_REDIRECT_COUNT is %d\n"), redir_depth); 444 printf(_("* curl LIBINFO_REDIRECT_COUNT is %ld\n"), redir_depth);
445 } 445 }
446 446
447 mp_subcheck sc_redir_depth = mp_subcheck_init(); 447 mp_subcheck sc_redir_depth = mp_subcheck_init();
448 if (redir_depth > config.max_depth) { 448 if (redir_depth > config.max_depth) {
449 xasprintf(&sc_redir_depth.output, 449 xasprintf(&sc_redir_depth.output,
450 "maximum redirection depth %d exceeded in libcurl", 450 "maximum redirection depth %ld exceeded in libcurl",
451 config.max_depth); 451 config.max_depth);
452 sc_redir_depth = mp_set_subcheck_state(sc_redir_depth, STATE_CRITICAL); 452 sc_redir_depth = mp_set_subcheck_state(sc_redir_depth, STATE_CRITICAL);
453 mp_add_subcheck_to_subcheck(&sc_result, sc_redir_depth); 453 mp_add_subcheck_to_subcheck(&sc_result, sc_redir_depth);
454 return sc_result; 454 return sc_result;
455 } 455 }
456 xasprintf(&sc_redir_depth.output, "redirection depth %d (of a maximum %d)", 456 xasprintf(&sc_redir_depth.output, "redirection depth %ld (of a maximum %ld)",
457 redir_depth, config.max_depth); 457 redir_depth, config.max_depth);
458 mp_add_subcheck_to_subcheck(&sc_result, sc_redir_depth); 458 mp_add_subcheck_to_subcheck(&sc_result, sc_redir_depth);
459 459
@@ -653,7 +653,7 @@ char *uri_string(const UriTextRangeA range, char *buf, size_t buflen) {
653} 653}
654 654
655redir_wrapper redir(curlhelp_write_curlbuf *header_buf, const check_curl_config config, 655redir_wrapper redir(curlhelp_write_curlbuf *header_buf, const check_curl_config config,
656 int redir_depth, check_curl_working_state working_state) { 656 long redir_depth, check_curl_working_state working_state) {
657 curlhelp_statusline status_line; 657 curlhelp_statusline status_line;
658 struct phr_header headers[255]; 658 struct phr_header headers[255];
659 size_t msglen; 659 size_t msglen;
@@ -678,7 +678,7 @@ redir_wrapper redir(curlhelp_write_curlbuf *header_buf, const check_curl_config
678 } 678 }
679 679
680 if (++redir_depth > config.max_depth) { 680 if (++redir_depth > config.max_depth) {
681 die(STATE_WARNING, _("HTTP WARNING - maximum redirection depth %d exceeded - %s\n"), 681 die(STATE_WARNING, _("HTTP WARNING - maximum redirection depth %ld exceeded - %s\n"),
682 config.max_depth, location); 682 config.max_depth, location);
683 } 683 }
684 684
@@ -761,7 +761,7 @@ redir_wrapper redir(curlhelp_write_curlbuf *header_buf, const check_curl_config
761 } 761 }
762 762
763 /* compose new path */ 763 /* compose new path */
764 /* TODO: handle fragments and query part of URL */ 764 /* TODO: handle fragments of URL */
765 char *new_url = (char *)calloc(1, DEFAULT_BUFFER_SIZE); 765 char *new_url = (char *)calloc(1, DEFAULT_BUFFER_SIZE);
766 if (uri.pathHead) { 766 if (uri.pathHead) {
767 for (UriPathSegmentA *pathSegment = uri.pathHead; pathSegment; 767 for (UriPathSegmentA *pathSegment = uri.pathHead; pathSegment;
@@ -772,6 +772,29 @@ redir_wrapper redir(curlhelp_write_curlbuf *header_buf, const check_curl_config
772 } 772 }
773 } 773 }
774 774
775 /* missing components have null,null in their UriTextRangeA
776 * add query parameters if they exist.
777 */
778 if (uri.query.first && uri.query.afterLast) {
779 // Ensure we have space for '?' + query_str + '\0' ahead of time, instead of calling strncat
780 // twice
781 size_t current_len = strlen(new_url);
782 size_t remaining_space = DEFAULT_BUFFER_SIZE - current_len - 1;
783
784 const char *query_str = uri_string(uri.query, buf, DEFAULT_BUFFER_SIZE);
785 size_t query_str_len = strlen(query_str);
786
787 if (remaining_space >= query_str_len + 1) {
788 strcat(new_url, "?");
789 strcat(new_url, query_str);
790 } else {
791 die(STATE_UNKNOWN,
792 _("HTTP UNKNOWN - No space to add query part of size %zu to the buffer, buffer has "
793 "remaining size %zu"),
794 query_str_len, current_len);
795 }
796 }
797
775 if (working_state.serverPort == new_port && 798 if (working_state.serverPort == new_port &&
776 !strncmp(working_state.server_address, new_host, MAX_IPV4_HOSTLENGTH) && 799 !strncmp(working_state.server_address, new_host, MAX_IPV4_HOSTLENGTH) &&
777 (working_state.host_name && 800 (working_state.host_name &&
@@ -1400,7 +1423,7 @@ check_curl_config_wrapper process_arguments(int argc, char **argv) {
1400 } 1423 }
1401#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) */ 1424#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) */
1402 if (verbose >= 2) { 1425 if (verbose >= 2) {
1403 printf(_("* Set SSL/TLS version to %d\n"), result.config.curl_config.ssl_version); 1426 printf(_("* Set SSL/TLS version to %ld\n"), result.config.curl_config.ssl_version);
1404 } 1427 }
1405 if (!specify_port) { 1428 if (!specify_port) {
1406 result.config.initial_config.serverPort = HTTPS_PORT; 1429 result.config.initial_config.serverPort = HTTPS_PORT;
@@ -1482,8 +1505,8 @@ void print_help(void) {
1482 printf(" %s\n", "-I, --IP-address=ADDRESS"); 1505 printf(" %s\n", "-I, --IP-address=ADDRESS");
1483 printf(" %s\n", 1506 printf(" %s\n",
1484 "IP address or name (use numeric address if possible to bypass DNS lookup)."); 1507 "IP address or name (use numeric address if possible to bypass DNS lookup).");
1485 printf(" %s\n", 1508 printf(" %s\n", "This overwrites the network address of the target while leaving everything "
1486 "This overwrites the network address of the target while leaving everything else (HTTP headers) as they are"); 1509 "else (HTTP headers) as they are");
1487 printf(" %s\n", "-p, --port=INTEGER"); 1510 printf(" %s\n", "-p, --port=INTEGER");
1488 printf(" %s", _("Port number (default: ")); 1511 printf(" %s", _("Port number (default: "));
1489 printf("%d)\n", HTTP_PORT); 1512 printf("%d)\n", HTTP_PORT);
@@ -1547,7 +1570,8 @@ void print_help(void) {
1547 printf(" %s\n", _("String to expect in the content")); 1570 printf(" %s\n", _("String to expect in the content"));
1548 printf(" %s\n", "-u, --url=PATH"); 1571 printf(" %s\n", "-u, --url=PATH");
1549 printf(" %s\n", _("URL to GET or POST (default: /)")); 1572 printf(" %s\n", _("URL to GET or POST (default: /)"));
1550 printf(" %s\n", _("This is the part after the address in a URL, so for \"https://example.com/index.html\" it would be '-u /index.html'")); 1573 printf(" %s\n", _("This is the part after the address in a URL, so for "
1574 "\"https://example.com/index.html\" it would be '-u /index.html'"));
1551 printf(" %s\n", "-P, --post=STRING"); 1575 printf(" %s\n", "-P, --post=STRING");
1552 printf(" %s\n", _("URL decoded http POST data")); 1576 printf(" %s\n", _("URL decoded http POST data"));
1553 printf(" %s\n", 1577 printf(" %s\n",
@@ -1648,6 +1672,8 @@ void print_help(void) {
1648 printf(" %s\n", _("certificate matches the hostname of the server, or if the certificate")); 1672 printf(" %s\n", _("certificate matches the hostname of the server, or if the certificate"));
1649 printf(" %s\n", _("has a valid chain of trust to one of the locally installed CAs.")); 1673 printf(" %s\n", _("has a valid chain of trust to one of the locally installed CAs."));
1650 printf("\n"); 1674 printf("\n");
1675 printf(" %s\n", _("To also verify certificates, please set --verify-cert."));
1676 printf("\n");
1651 printf("%s\n", _("Examples:")); 1677 printf("%s\n", _("Examples:"));
1652 printf(" %s\n\n", "CHECK CONTENT: check_curl -w 5 -c 10 --ssl -H www.verisign.com"); 1678 printf(" %s\n\n", "CHECK CONTENT: check_curl -w 5 -c 10 --ssl -H www.verisign.com");
1653 printf(" %s\n", _("When the 'www.verisign.com' server returns its content within 5 seconds,")); 1679 printf(" %s\n", _("When the 'www.verisign.com' server returns its content within 5 seconds,"));
@@ -1657,16 +1683,18 @@ void print_help(void) {
1657 _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,")); 1683 _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,"));
1658 printf(" %s\n", _("a STATE_CRITICAL will be returned.")); 1684 printf(" %s\n", _("a STATE_CRITICAL will be returned."));
1659 printf("\n"); 1685 printf("\n");
1660 printf(" %s\n\n", "CHECK CERTIFICATE: check_curl -H www.verisign.com -C 14"); 1686 printf(" %s\n\n", "CHECK CERTIFICATE: check_curl -H www.verisign.com -C 14 -D");
1661 printf(" %s\n", 1687 printf(" %s\n",
1662 _("When the certificate of 'www.verisign.com' is valid for more than 14 days,")); 1688 _("When the certificate of 'www.verisign.com' is valid for more than 14 days,"));
1663 printf(" %s\n", 1689 printf(" %s\n",
1664 _("a STATE_OK is returned. When the certificate is still valid, but for less than")); 1690 _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
1665 printf(" %s\n", 1691 printf(" %s\n",
1666 _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when")); 1692 _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when"));
1667 printf(" %s\n\n", _("the certificate is expired.")); 1693 printf(" %s\n", _("the certificate is expired."));
1694 printf("\n");
1695 printf(" %s\n", _("The -D flag enforces a certificate validation beyond expiration time."));
1668 printf("\n"); 1696 printf("\n");
1669 printf(" %s\n\n", "CHECK CERTIFICATE: check_curl -H www.verisign.com -C 30,14"); 1697 printf(" %s\n\n", "CHECK CERTIFICATE: check_curl -H www.verisign.com -C 30,14 -D");
1670 printf(" %s\n", 1698 printf(" %s\n",
1671 _("When the certificate of 'www.verisign.com' is valid for more than 30 days,")); 1699 _("When the certificate of 'www.verisign.com' is valid for more than 30 days,"));
1672 printf(" %s\n", 1700 printf(" %s\n",
@@ -1689,7 +1717,8 @@ void print_help(void) {
1689 printf(" %s\n", _("It is recommended to use an environment proxy like:")); 1717 printf(" %s\n", _("It is recommended to use an environment proxy like:"));
1690 printf(" %s\n", 1718 printf(" %s\n",
1691 _("https_proxy=http://192.168.100.35:3128 ./check_curl -H www.verisign.com -S")); 1719 _("https_proxy=http://192.168.100.35:3128 ./check_curl -H www.verisign.com -S"));
1692 printf(" %s\n", _("legacy proxy requests in check_http style might still work, but are frowned upon, so DONT:")); 1720 printf(" %s\n", _("legacy proxy requests in check_http style might still work, but are frowned "
1721 "upon, so DONT:"));
1693 printf(" %s\n", _("check_curl -I 192.168.100.35 -p 3128 -u https://www.verisign.com/ -S -j " 1722 printf(" %s\n", _("check_curl -I 192.168.100.35 -p 3128 -u https://www.verisign.com/ -S -j "
1694 "CONNECT -H www.verisign.com ")); 1723 "CONNECT -H www.verisign.com "));
1695 printf(" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> " 1724 printf(" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> "