diff options
Diffstat (limited to 'plugins/check_curl.c')
| -rw-r--r-- | plugins/check_curl.c | 48 |
1 files changed, 39 insertions, 9 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 14cc846..a69854a 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c | |||
| @@ -66,13 +66,13 @@ const char *email = "devel@monitoring-plugins.org"; | |||
| 66 | #define DEFAULT_BUFFER_SIZE 2048 | 66 | #define DEFAULT_BUFFER_SIZE 2048 |
| 67 | #define DEFAULT_SERVER_URL "/" | 67 | #define DEFAULT_SERVER_URL "/" |
| 68 | #define HTTP_EXPECT "HTTP/" | 68 | #define HTTP_EXPECT "HTTP/" |
| 69 | #define DEFAULT_MAX_REDIRS 15 | ||
| 70 | #define INET_ADDR_MAX_SIZE INET6_ADDRSTRLEN | 69 | #define INET_ADDR_MAX_SIZE INET6_ADDRSTRLEN |
| 71 | enum { | 70 | enum { |
| 72 | MAX_IPV4_HOSTLENGTH = 255, | 71 | MAX_IPV4_HOSTLENGTH = 255, |
| 73 | HTTP_PORT = 80, | 72 | HTTP_PORT = 80, |
| 74 | HTTPS_PORT = 443, | 73 | HTTPS_PORT = 443, |
| 75 | MAX_PORT = 65535 | 74 | MAX_PORT = 65535, |
| 75 | DEFAULT_MAX_REDIRS = 15 | ||
| 76 | }; | 76 | }; |
| 77 | 77 | ||
| 78 | enum { | 78 | enum { |
| @@ -193,6 +193,7 @@ int followsticky = STICKY_NONE; | |||
| 193 | int use_ssl = FALSE; | 193 | int use_ssl = FALSE; |
| 194 | int use_sni = TRUE; | 194 | int use_sni = TRUE; |
| 195 | int check_cert = FALSE; | 195 | int check_cert = FALSE; |
| 196 | int continue_after_check_cert = FALSE; | ||
| 196 | typedef union { | 197 | typedef union { |
| 197 | struct curl_slist* to_info; | 198 | struct curl_slist* to_info; |
| 198 | struct curl_certinfo* to_certinfo; | 199 | struct curl_certinfo* to_certinfo; |
| @@ -754,7 +755,9 @@ check_http (void) | |||
| 754 | * and we actually have OpenSSL in the monitoring tools | 755 | * and we actually have OpenSSL in the monitoring tools |
| 755 | */ | 756 | */ |
| 756 | result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); | 757 | result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); |
| 757 | return result; | 758 | if (continue_after_check_cert == FALSE) { |
| 759 | return result; | ||
| 760 | } | ||
| 758 | #else /* USE_OPENSSL */ | 761 | #else /* USE_OPENSSL */ |
| 759 | die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n"); | 762 | die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n"); |
| 760 | #endif /* USE_OPENSSL */ | 763 | #endif /* USE_OPENSSL */ |
| @@ -794,13 +797,17 @@ GOT_FIRST_CERT: | |||
| 794 | } | 797 | } |
| 795 | BIO_free (cert_BIO); | 798 | BIO_free (cert_BIO); |
| 796 | result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); | 799 | result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit); |
| 797 | return result; | 800 | if (continue_after_check_cert == FALSE) { |
| 801 | return result; | ||
| 802 | } | ||
| 798 | #else /* USE_OPENSSL */ | 803 | #else /* USE_OPENSSL */ |
| 799 | /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal, | 804 | /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal, |
| 800 | * so we use the libcurl CURLINFO data | 805 | * so we use the libcurl CURLINFO data |
| 801 | */ | 806 | */ |
| 802 | result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit); | 807 | result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit); |
| 803 | return result; | 808 | if (continue_after_check_cert == FALSE) { |
| 809 | return result; | ||
| 810 | } | ||
| 804 | #endif /* USE_OPENSSL */ | 811 | #endif /* USE_OPENSSL */ |
| 805 | } else { | 812 | } else { |
| 806 | snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates - cURL returned %d - %s"), | 813 | snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates - cURL returned %d - %s"), |
| @@ -1054,7 +1061,7 @@ redir (curlhelp_write_curlbuf* header_buf) | |||
| 1054 | char *new_url; | 1061 | char *new_url; |
| 1055 | 1062 | ||
| 1056 | int res = phr_parse_response (header_buf->buf, header_buf->buflen, | 1063 | int res = phr_parse_response (header_buf->buf, header_buf->buflen, |
| 1057 | &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, | 1064 | &status_line.http_major, &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, |
| 1058 | headers, &nof_headers, 0); | 1065 | headers, &nof_headers, 0); |
| 1059 | 1066 | ||
| 1060 | location = get_header_value (headers, nof_headers, "location"); | 1067 | location = get_header_value (headers, nof_headers, "location"); |
| @@ -1210,6 +1217,8 @@ process_arguments (int argc, char **argv) | |||
| 1210 | enum { | 1217 | enum { |
| 1211 | INVERT_REGEX = CHAR_MAX + 1, | 1218 | INVERT_REGEX = CHAR_MAX + 1, |
| 1212 | SNI_OPTION, | 1219 | SNI_OPTION, |
| 1220 | MAX_REDIRS_OPTION, | ||
| 1221 | CONTINUE_AFTER_CHECK_CERT, | ||
| 1213 | CA_CERT_OPTION, | 1222 | CA_CERT_OPTION, |
| 1214 | HTTP_VERSION_OPTION, | 1223 | HTTP_VERSION_OPTION, |
| 1215 | AUTOMATIC_DECOMPRESSION | 1224 | AUTOMATIC_DECOMPRESSION |
| @@ -1243,6 +1252,7 @@ process_arguments (int argc, char **argv) | |||
| 1243 | {"private-key", required_argument, 0, 'K'}, | 1252 | {"private-key", required_argument, 0, 'K'}, |
| 1244 | {"ca-cert", required_argument, 0, CA_CERT_OPTION}, | 1253 | {"ca-cert", required_argument, 0, CA_CERT_OPTION}, |
| 1245 | {"verify-cert", no_argument, 0, 'D'}, | 1254 | {"verify-cert", no_argument, 0, 'D'}, |
| 1255 | {"continue-after-certificate", no_argument, 0, CONTINUE_AFTER_CHECK_CERT}, | ||
| 1246 | {"useragent", required_argument, 0, 'A'}, | 1256 | {"useragent", required_argument, 0, 'A'}, |
| 1247 | {"header", required_argument, 0, 'k'}, | 1257 | {"header", required_argument, 0, 'k'}, |
| 1248 | {"no-body", no_argument, 0, 'N'}, | 1258 | {"no-body", no_argument, 0, 'N'}, |
| @@ -1254,6 +1264,7 @@ process_arguments (int argc, char **argv) | |||
| 1254 | {"use-ipv6", no_argument, 0, '6'}, | 1264 | {"use-ipv6", no_argument, 0, '6'}, |
| 1255 | {"extended-perfdata", no_argument, 0, 'E'}, | 1265 | {"extended-perfdata", no_argument, 0, 'E'}, |
| 1256 | {"show-body", no_argument, 0, 'B'}, | 1266 | {"show-body", no_argument, 0, 'B'}, |
| 1267 | {"max-redirs", required_argument, 0, MAX_REDIRS_OPTION}, | ||
| 1257 | {"http-version", required_argument, 0, HTTP_VERSION_OPTION}, | 1268 | {"http-version", required_argument, 0, HTTP_VERSION_OPTION}, |
| 1258 | {"enable-automatic-decompression", no_argument, 0, AUTOMATIC_DECOMPRESSION}, | 1269 | {"enable-automatic-decompression", no_argument, 0, AUTOMATIC_DECOMPRESSION}, |
| 1259 | {0, 0, 0, 0} | 1270 | {0, 0, 0, 0} |
| @@ -1401,6 +1412,11 @@ process_arguments (int argc, char **argv) | |||
| 1401 | check_cert = TRUE; | 1412 | check_cert = TRUE; |
| 1402 | goto enable_ssl; | 1413 | goto enable_ssl; |
| 1403 | #endif | 1414 | #endif |
| 1415 | case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */ | ||
| 1416 | #ifdef HAVE_SSL | ||
| 1417 | continue_after_check_cert = TRUE; | ||
| 1418 | break; | ||
| 1419 | #endif | ||
| 1404 | case 'J': /* use client certificate */ | 1420 | case 'J': /* use client certificate */ |
| 1405 | #ifdef LIBCURL_FEATURE_SSL | 1421 | #ifdef LIBCURL_FEATURE_SSL |
| 1406 | test_file(optarg); | 1422 | test_file(optarg); |
| @@ -1512,6 +1528,13 @@ process_arguments (int argc, char **argv) | |||
| 1512 | use_sni = TRUE; | 1528 | use_sni = TRUE; |
| 1513 | break; | 1529 | break; |
| 1514 | #endif /* LIBCURL_FEATURE_SSL */ | 1530 | #endif /* LIBCURL_FEATURE_SSL */ |
| 1531 | case MAX_REDIRS_OPTION: | ||
| 1532 | if (!is_intnonneg (optarg)) | ||
| 1533 | usage2 (_("Invalid max_redirs count"), optarg); | ||
| 1534 | else { | ||
| 1535 | max_depth = atoi (optarg); | ||
| 1536 | } | ||
| 1537 | break; | ||
| 1515 | case 'f': /* onredirect */ | 1538 | case 'f': /* onredirect */ |
| 1516 | if (!strcmp (optarg, "ok")) | 1539 | if (!strcmp (optarg, "ok")) |
| 1517 | onredirect = STATE_OK; | 1540 | onredirect = STATE_OK; |
| @@ -1791,7 +1814,11 @@ print_help (void) | |||
| 1791 | #endif | 1814 | #endif |
| 1792 | printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); | 1815 | printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]"); |
| 1793 | printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); | 1816 | printf (" %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443")); |
| 1794 | printf (" %s\n", _("(when this option is used the URL is not checked.)")); | 1817 | printf (" %s\n", _("(when this option is used the URL is not checked by default. You can use")); |
| 1818 | printf (" %s\n", _(" --continue-after-certificate to override this behavior)")); | ||
| 1819 | printf (" %s\n", "--continue-after-certificate"); | ||
| 1820 | printf (" %s\n", _("Allows the HTTP check to continue after performing the certificate check.")); | ||
| 1821 | printf (" %s\n", _("Does nothing unless -C is used.")); | ||
| 1795 | printf (" %s\n", "-J, --client-cert=FILE"); | 1822 | printf (" %s\n", "-J, --client-cert=FILE"); |
| 1796 | printf (" %s\n", _("Name of file that contains the client certificate (PEM format)")); | 1823 | printf (" %s\n", _("Name of file that contains the client certificate (PEM format)")); |
| 1797 | printf (" %s\n", _("to be used in establishing the SSL session")); | 1824 | printf (" %s\n", _("to be used in establishing the SSL session")); |
| @@ -1854,6 +1881,9 @@ print_help (void) | |||
| 1854 | printf (" %s\n", _("specified IP address. stickyport also ensures port stays the same.")); | 1881 | printf (" %s\n", _("specified IP address. stickyport also ensures port stays the same.")); |
| 1855 | printf (" %s\n", _("follow uses the old redirection algorithm of check_http.")); | 1882 | printf (" %s\n", _("follow uses the old redirection algorithm of check_http.")); |
| 1856 | printf (" %s\n", _("curl uses CURL_FOLLOWLOCATION built into libcurl.")); | 1883 | printf (" %s\n", _("curl uses CURL_FOLLOWLOCATION built into libcurl.")); |
| 1884 | printf (" %s\n", "--max-redirs=INTEGER"); | ||
| 1885 | printf (" %s", _("Maximal number of redirects (default: ")); | ||
| 1886 | printf ("%d)\n", DEFAULT_MAX_REDIRS); | ||
| 1857 | printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>"); | 1887 | printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>"); |
| 1858 | printf (" %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)")); | 1888 | printf (" %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)")); |
| 1859 | printf ("\n"); | 1889 | printf ("\n"); |
| @@ -2188,7 +2218,7 @@ check_document_dates (const curlhelp_write_curlbuf *header_buf, char (*msg)[DEFA | |||
| 2188 | size_t msglen; | 2218 | size_t msglen; |
| 2189 | 2219 | ||
| 2190 | int res = phr_parse_response (header_buf->buf, header_buf->buflen, | 2220 | int res = phr_parse_response (header_buf->buf, header_buf->buflen, |
| 2191 | &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, | 2221 | &status_line.http_major, &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, |
| 2192 | headers, &nof_headers, 0); | 2222 | headers, &nof_headers, 0); |
| 2193 | 2223 | ||
| 2194 | server_date = get_header_value (headers, nof_headers, "date"); | 2224 | server_date = get_header_value (headers, nof_headers, "date"); |
| @@ -2246,7 +2276,7 @@ get_content_length (const curlhelp_write_curlbuf* header_buf, const curlhelp_wri | |||
| 2246 | curlhelp_statusline status_line; | 2276 | curlhelp_statusline status_line; |
| 2247 | 2277 | ||
| 2248 | int res = phr_parse_response (header_buf->buf, header_buf->buflen, | 2278 | int res = phr_parse_response (header_buf->buf, header_buf->buflen, |
| 2249 | &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, | 2279 | &status_line.http_major, &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen, |
| 2250 | headers, &nof_headers, 0); | 2280 | headers, &nof_headers, 0); |
| 2251 | 2281 | ||
| 2252 | content_length_s = get_header_value (headers, nof_headers, "content-length"); | 2282 | content_length_s = get_header_value (headers, nof_headers, "content-length"); |