summaryrefslogtreecommitdiffstats
path: root/plugins/check_dns.c
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/check_dns.c')
-rw-r--r--plugins/check_dns.c464
1 files changed, 282 insertions, 182 deletions
diff --git a/plugins/check_dns.c b/plugins/check_dns.c
index e1e7c00e..56f91dae 100644
--- a/plugins/check_dns.c
+++ b/plugins/check_dns.c
@@ -39,26 +39,23 @@ const char *email = "devel@monitoring-plugins.org";
39#include "netutils.h" 39#include "netutils.h"
40#include "runcmd.h" 40#include "runcmd.h"
41 41
42static int process_arguments(int /*argc*/, char ** /*argv*/); 42#include "states.h"
43static int validate_arguments(void); 43#include "check_dns.d/config.h"
44static int error_scan(char * /*input_buffer*/, bool *); 44
45typedef struct {
46 int errorcode;
47 check_dns_config config;
48} check_dns_config_wrapper;
49static check_dns_config_wrapper process_arguments(int /*argc*/, char ** /*argv*/);
50static check_dns_config_wrapper validate_arguments(check_dns_config_wrapper /*config_wrapper*/);
51static mp_state_enum error_scan(char * /*input_buffer*/, bool * /*is_nxdomain*/,
52 const char /*dns_server*/[ADDRESS_LENGTH]);
45static bool ip_match_cidr(const char * /*addr*/, const char * /*cidr_ro*/); 53static bool ip_match_cidr(const char * /*addr*/, const char * /*cidr_ro*/);
46static unsigned long ip2long(const char * /*src*/); 54static unsigned long ip2long(const char * /*src*/);
47static void print_help(void); 55static void print_help(void);
48void print_usage(void); 56void print_usage(void);
49 57
50#define ADDRESS_LENGTH 256
51static char query_address[ADDRESS_LENGTH] = "";
52static char dns_server[ADDRESS_LENGTH] = "";
53static char ptr_server[ADDRESS_LENGTH] = "";
54static bool verbose = false; 58static bool verbose = false;
55static char **expected_address = NULL;
56static int expected_address_cnt = 0;
57static bool expect_nxdomain = false;
58
59static bool expect_authority = false;
60static bool all_match = false;
61static thresholds *time_thresholds = NULL;
62 59
63static int qstrcmp(const void *p1, const void *p2) { 60static int qstrcmp(const void *p1, const void *p2) {
64 /* The actual arguments to this function are "pointers to 61 /* The actual arguments to this function are "pointers to
@@ -68,23 +65,6 @@ static int qstrcmp(const void *p1, const void *p2) {
68} 65}
69 66
70int main(int argc, char **argv) { 67int main(int argc, char **argv) {
71 char *command_line = NULL;
72 char input_buffer[MAX_INPUT_BUFFER];
73 char *address = NULL; /* comma separated str with addrs/ptrs (sorted) */
74 char **addresses = NULL;
75 int n_addresses = 0;
76 char *msg = NULL;
77 char *temp_buffer = NULL;
78 bool non_authoritative = false;
79 int result = STATE_UNKNOWN;
80 double elapsed_time;
81 long microsec;
82 struct timeval tv;
83 bool parse_address = false; /* This flag scans for Address: but only after Name: */
84 output chld_out;
85 output chld_err;
86 bool is_nxdomain = false;
87
88 setlocale(LC_ALL, ""); 68 setlocale(LC_ALL, "");
89 bindtextdomain(PACKAGE, LOCALEDIR); 69 bindtextdomain(PACKAGE, LOCALEDIR);
90 textdomain(PACKAGE); 70 textdomain(PACKAGE);
@@ -97,39 +77,66 @@ int main(int argc, char **argv) {
97 /* Parse extra opts if any */ 77 /* Parse extra opts if any */
98 argv = np_extra_opts(&argc, argv, progname); 78 argv = np_extra_opts(&argc, argv, progname);
99 79
100 if (process_arguments(argc, argv) == ERROR) { 80 check_dns_config_wrapper tmp = process_arguments(argc, argv);
81
82 if (tmp.errorcode == ERROR) {
101 usage_va(_("Could not parse arguments")); 83 usage_va(_("Could not parse arguments"));
102 } 84 }
103 85
86 const check_dns_config config = tmp.config;
87
88 char *command_line = NULL;
104 /* get the command to run */ 89 /* get the command to run */
105 xasprintf(&command_line, "%s %s %s", NSLOOKUP_COMMAND, query_address, dns_server); 90 xasprintf(&command_line, "%s %s %s", NSLOOKUP_COMMAND, config.query_address, config.dns_server);
106 91
92 struct timeval tv;
107 alarm(timeout_interval); 93 alarm(timeout_interval);
108 gettimeofday(&tv, NULL); 94 gettimeofday(&tv, NULL);
109 95
110 if (verbose) 96 if (verbose) {
111 printf("%s\n", command_line); 97 printf("%s\n", command_line);
98 }
112 99
100 output chld_out;
101 output chld_err;
102 char *msg = NULL;
103 mp_state_enum result = STATE_UNKNOWN;
113 /* run the command */ 104 /* run the command */
114 if ((np_runcmd(command_line, &chld_out, &chld_err, 0)) != 0) { 105 if ((np_runcmd(command_line, &chld_out, &chld_err, 0)) != 0) {
115 msg = (char *)_("nslookup returned an error status"); 106 msg = (char *)_("nslookup returned an error status");
116 result = STATE_WARNING; 107 result = STATE_WARNING;
117 } 108 }
118 109
119 /* scan stdout */ 110 /* =====
111 * scan stdout, main results get retrieved here
112 * =====
113 */
114 char *address = NULL; /* comma separated str with addrs/ptrs (sorted) */
115 char **addresses = NULL; // All addresses parsed from stdout
116 size_t n_addresses = 0; // counter for retrieved addresses
117 bool non_authoritative = false;
118 bool is_nxdomain = false;
119 bool parse_address = false; /* This flag scans for Address: but only after Name: */
120 for (size_t i = 0; i < chld_out.lines; i++) { 120 for (size_t i = 0; i < chld_out.lines; i++) {
121 if (addresses == NULL) 121 if (addresses == NULL) {
122 addresses = malloc(sizeof(*addresses) * 10); 122 addresses = malloc(sizeof(*addresses) * 10);
123 else if (!(n_addresses % 10)) 123 } else if (!(n_addresses % 10)) {
124 addresses = realloc(addresses, sizeof(*addresses) * (n_addresses + 10)); 124 addresses = realloc(addresses, sizeof(*addresses) * (n_addresses + 10));
125 }
125 126
126 if (verbose) 127 if (verbose) {
127 puts(chld_out.line[i]); 128 puts(chld_out.line[i]);
129 }
128 130
129 if (strcasestr(chld_out.line[i], ".in-addr.arpa") || strcasestr(chld_out.line[i], ".ip6.arpa")) { 131 if (strcasestr(chld_out.line[i], ".in-addr.arpa") ||
130 if ((temp_buffer = strstr(chld_out.line[i], "name = "))) 132 strcasestr(chld_out.line[i], ".ip6.arpa")) {
133 if ((strstr(chld_out.line[i], "canonical name = ") != NULL)) {
134 continue;
135 }
136 char *temp_buffer = NULL;
137 if ((temp_buffer = strstr(chld_out.line[i], "name = "))) {
131 addresses[n_addresses++] = strdup(temp_buffer + 7); 138 addresses[n_addresses++] = strdup(temp_buffer + 7);
132 else { 139 } else {
133 msg = (char *)_("Warning plugin error"); 140 msg = (char *)_("Warning plugin error");
134 result = STATE_WARNING; 141 result = STATE_WARNING;
135 } 142 }
@@ -137,38 +144,54 @@ int main(int argc, char **argv) {
137 144
138 /* bug ID: 2946553 - Older versions of bind will use all available dns 145 /* bug ID: 2946553 - Older versions of bind will use all available dns
139 servers, we have to match the one specified */ 146 servers, we have to match the one specified */
140 if (strstr(chld_out.line[i], "Server:") && strlen(dns_server) > 0) { 147 if (strstr(chld_out.line[i], "Server:") && strlen(config.dns_server) > 0) {
141 temp_buffer = strchr(chld_out.line[i], ':'); 148 char *temp_buffer = strchr(chld_out.line[i], ':');
149 if (temp_buffer == NULL) {
150 die(STATE_UNKNOWN, _("'%s' returned a weirdly formatted Server line\n"),
151 NSLOOKUP_COMMAND);
152 }
153
142 temp_buffer++; 154 temp_buffer++;
143 155
144 /* Strip leading tabs */ 156 /* Strip leading tabs */
145 for (; *temp_buffer != '\0' && *temp_buffer == '\t'; temp_buffer++) 157 for (; *temp_buffer != '\0' && *temp_buffer == '\t'; temp_buffer++) {
146 /* NOOP */; 158 /* NOOP */;
159 }
147 160
148 strip(temp_buffer); 161 strip(temp_buffer);
149 if (temp_buffer == NULL || strlen(temp_buffer) == 0) { 162 if (strlen(temp_buffer) == 0) {
150 die(STATE_CRITICAL, _("DNS CRITICAL - '%s' returned empty server string\n"), NSLOOKUP_COMMAND); 163 die(STATE_CRITICAL, _("DNS CRITICAL - '%s' returned empty server string\n"),
164 NSLOOKUP_COMMAND);
151 } 165 }
152 166
153 if (strcmp(temp_buffer, dns_server) != 0) { 167 if (strcmp(temp_buffer, config.dns_server) != 0) {
154 die(STATE_CRITICAL, _("DNS CRITICAL - No response from DNS %s\n"), dns_server); 168 die(STATE_CRITICAL, _("DNS CRITICAL - No response from DNS %s\n"),
169 config.dns_server);
155 } 170 }
156 } 171 }
157 172
158 /* the server is responding, we just got the host name... */ 173 /* the server is responding, we just got the host name... */
159 if (strstr(chld_out.line[i], "Name:")) 174 if (strstr(chld_out.line[i], "Name:")) {
160 parse_address = true; 175 parse_address = true;
161 else if (parse_address && (strstr(chld_out.line[i], "Address:") || strstr(chld_out.line[i], "Addresses:"))) { 176 } else if (parse_address && (strstr(chld_out.line[i], "Address:") ||
162 temp_buffer = index(chld_out.line[i], ':'); 177 strstr(chld_out.line[i], "Addresses:"))) {
178 char *temp_buffer = strchr(chld_out.line[i], ':');
179 if (temp_buffer == NULL) {
180 die(STATE_UNKNOWN, _("'%s' returned a weirdly formatted Address line\n"),
181 NSLOOKUP_COMMAND);
182 }
183
163 temp_buffer++; 184 temp_buffer++;
164 185
165 /* Strip leading spaces */ 186 /* Strip leading spaces */
166 while (*temp_buffer == ' ') 187 while (*temp_buffer == ' ') {
167 temp_buffer++; 188 temp_buffer++;
189 }
168 190
169 strip(temp_buffer); 191 strip(temp_buffer);
170 if (temp_buffer == NULL || strlen(temp_buffer) == 0) { 192 if (strlen(temp_buffer) == 0) {
171 die(STATE_CRITICAL, _("DNS CRITICAL - '%s' returned empty host name string\n"), NSLOOKUP_COMMAND); 193 die(STATE_CRITICAL, _("DNS CRITICAL - '%s' returned empty host name string\n"),
194 NSLOOKUP_COMMAND);
172 } 195 }
173 196
174 addresses[n_addresses++] = strdup(temp_buffer); 197 addresses[n_addresses++] = strdup(temp_buffer);
@@ -176,65 +199,74 @@ int main(int argc, char **argv) {
176 non_authoritative = true; 199 non_authoritative = true;
177 } 200 }
178 201
179 result = error_scan(chld_out.line[i], &is_nxdomain); 202 result = error_scan(chld_out.line[i], &is_nxdomain, config.dns_server);
180 if (result != STATE_OK) { 203 if (result != STATE_OK) {
181 msg = strchr(chld_out.line[i], ':'); 204 msg = strchr(chld_out.line[i], ':');
182 if (msg) 205 if (msg) {
183 msg++; 206 msg++;
207 }
184 break; 208 break;
185 } 209 }
186 } 210 }
187 211
212 char input_buffer[MAX_INPUT_BUFFER];
188 /* scan stderr */ 213 /* scan stderr */
189 for (size_t i = 0; i < chld_err.lines; i++) { 214 for (size_t i = 0; i < chld_err.lines; i++) {
190 if (verbose) 215 if (verbose) {
191 puts(chld_err.line[i]); 216 puts(chld_err.line[i]);
217 }
192 218
193 if (error_scan(chld_err.line[i], &is_nxdomain) != STATE_OK) { 219 if (error_scan(chld_err.line[i], &is_nxdomain, config.dns_server) != STATE_OK) {
194 result = max_state(result, error_scan(chld_err.line[i], &is_nxdomain)); 220 result =
221 max_state(result, error_scan(chld_err.line[i], &is_nxdomain, config.dns_server));
195 msg = strchr(input_buffer, ':'); 222 msg = strchr(input_buffer, ':');
196 if (msg) 223 if (msg) {
197 msg++; 224 msg++;
198 else 225 } else {
199 msg = input_buffer; 226 msg = input_buffer;
227 }
200 } 228 }
201 } 229 }
202 230
203 if (is_nxdomain && !expect_nxdomain) { 231 if (is_nxdomain && !config.expect_nxdomain) {
204 die(STATE_CRITICAL, _("Domain '%s' was not found by the server\n"), query_address); 232 die(STATE_CRITICAL, _("Domain '%s' was not found by the server\n"), config.query_address);
205 } 233 }
206 234
207 if (addresses) { 235 if (addresses) {
208 int i; 236 size_t slen = 1;
209 int slen; 237 char *adrp = NULL;
210 char *adrp;
211 qsort(addresses, n_addresses, sizeof(*addresses), qstrcmp); 238 qsort(addresses, n_addresses, sizeof(*addresses), qstrcmp);
212 for (i = 0, slen = 1; i < n_addresses; i++) { 239 for (size_t i = 0; i < n_addresses; i++) {
213 slen += strlen(addresses[i]) + 1; 240 slen += strlen(addresses[i]) + 1;
214 } 241 }
242
243 // Temporary pointer adrp gets moved, address stays on the beginning
215 adrp = address = malloc(slen); 244 adrp = address = malloc(slen);
216 for (i = 0; i < n_addresses; i++) { 245 for (size_t i = 0; i < n_addresses; i++) {
217 if (i) 246 if (i) {
218 *adrp++ = ','; 247 *adrp++ = ',';
248 }
219 strcpy(adrp, addresses[i]); 249 strcpy(adrp, addresses[i]);
220 adrp += strlen(addresses[i]); 250 adrp += strlen(addresses[i]);
221 } 251 }
222 *adrp = 0; 252 *adrp = 0;
223 } else 253 } else {
224 die(STATE_CRITICAL, _("DNS CRITICAL - '%s' msg parsing exited with no address\n"), NSLOOKUP_COMMAND); 254 die(STATE_CRITICAL, _("DNS CRITICAL - '%s' msg parsing exited with no address\n"),
255 NSLOOKUP_COMMAND);
256 }
225 257
226 /* compare to expected address */ 258 /* compare to expected address */
227 if (result == STATE_OK && expected_address_cnt > 0) { 259 if (result == STATE_OK && config.expected_address_cnt > 0) {
228 result = STATE_CRITICAL; 260 result = STATE_CRITICAL;
229 temp_buffer = ""; 261 char *temp_buffer = "";
230 unsigned long expect_match = (1 << expected_address_cnt) - 1; 262 unsigned long expect_match = (1 << config.expected_address_cnt) - 1;
231 unsigned long addr_match = (1 << n_addresses) - 1; 263 unsigned long addr_match = (1 << n_addresses) - 1;
232 264
233 for (int i = 0; i < expected_address_cnt; i++) { 265 for (size_t i = 0; i < config.expected_address_cnt; i++) {
234 int j;
235 /* check if we get a match on 'raw' ip or cidr */ 266 /* check if we get a match on 'raw' ip or cidr */
236 for (j = 0; j < n_addresses; j++) { 267 for (size_t j = 0; j < n_addresses; j++) {
237 if (strcmp(addresses[j], expected_address[i]) == 0 || ip_match_cidr(addresses[j], expected_address[i])) { 268 if (strcmp(addresses[j], config.expected_address[i]) == 0 ||
269 ip_match_cidr(addresses[j], config.expected_address[i])) {
238 result = STATE_OK; 270 result = STATE_OK;
239 addr_match &= ~(1 << j); 271 addr_match &= ~(1 << j);
240 expect_match &= ~(1 << i); 272 expect_match &= ~(1 << i);
@@ -242,11 +274,12 @@ int main(int argc, char **argv) {
242 } 274 }
243 275
244 /* prepare an error string */ 276 /* prepare an error string */
245 xasprintf(&temp_buffer, "%s%s; ", temp_buffer, expected_address[i]); 277 xasprintf(&temp_buffer, "%s%s; ", temp_buffer, config.expected_address[i]);
246 } 278 }
247 /* check if expected_address must cover all in addresses and none may be missing */ 279 /* check if expected_address must cover all in addresses and none may be missing */
248 if (all_match && (expect_match != 0 || addr_match != 0)) 280 if (config.all_match && (expect_match != 0 || addr_match != 0)) {
249 result = STATE_CRITICAL; 281 result = STATE_CRITICAL;
282 }
250 if (result == STATE_CRITICAL) { 283 if (result == STATE_CRITICAL) {
251 /* Strip off last semicolon... */ 284 /* Strip off last semicolon... */
252 temp_buffer[strlen(temp_buffer) - 2] = '\0'; 285 temp_buffer[strlen(temp_buffer) - 2] = '\0';
@@ -254,28 +287,31 @@ int main(int argc, char **argv) {
254 } 287 }
255 } 288 }
256 289
257 if (expect_nxdomain) { 290 if (config.expect_nxdomain) {
258 if (!is_nxdomain) { 291 if (!is_nxdomain) {
259 result = STATE_CRITICAL; 292 result = STATE_CRITICAL;
260 xasprintf(&msg, _("Domain '%s' was found by the server: '%s'\n"), query_address, address); 293 xasprintf(&msg, _("Domain '%s' was found by the server: '%s'\n"), config.query_address,
294 address);
261 } else { 295 } else {
262 if (address != NULL) 296 if (address != NULL) {
263 free(address); 297 free(address);
298 }
264 address = "NXDOMAIN"; 299 address = "NXDOMAIN";
265 } 300 }
266 } 301 }
267 302
268 /* check if authoritative */ 303 /* check if authoritative */
269 if (result == STATE_OK && expect_authority && non_authoritative) { 304 if (result == STATE_OK && config.expect_authority && non_authoritative) {
270 result = STATE_CRITICAL; 305 result = STATE_CRITICAL;
271 xasprintf(&msg, _("server %s is not authoritative for %s"), dns_server, query_address); 306 xasprintf(&msg, _("server %s is not authoritative for %s"), config.dns_server,
307 config.query_address);
272 } 308 }
273 309
274 microsec = deltime(tv); 310 long microsec = deltime(tv);
275 elapsed_time = (double)microsec / 1.0e6; 311 double elapsed_time = (double)microsec / 1.0e6;
276 312
277 if (result == STATE_OK) { 313 if (result == STATE_OK) {
278 result = get_status(elapsed_time, time_thresholds); 314 result = get_status(elapsed_time, config.time_thresholds);
279 if (result == STATE_OK) { 315 if (result == STATE_OK) {
280 printf("DNS %s: ", _("OK")); 316 printf("DNS %s: ", _("OK"));
281 } else if (result == STATE_WARNING) { 317 } else if (result == STATE_WARNING) {
@@ -283,25 +319,39 @@ int main(int argc, char **argv) {
283 } else if (result == STATE_CRITICAL) { 319 } else if (result == STATE_CRITICAL) {
284 printf("DNS %s: ", _("CRITICAL")); 320 printf("DNS %s: ", _("CRITICAL"));
285 } 321 }
286 printf(ngettext("%.3f second response time", "%.3f seconds response time", elapsed_time), elapsed_time); 322 printf(ngettext("%.3f second response time", "%.3f seconds response time", elapsed_time),
287 printf(_(". %s returns %s"), query_address, address); 323 elapsed_time);
288 if ((time_thresholds->warning != NULL) && (time_thresholds->critical != NULL)) { 324 printf(_(". %s returns %s"), config.query_address, address);
289 printf("|%s\n", fperfdata("time", elapsed_time, "s", true, time_thresholds->warning->end, true, time_thresholds->critical->end, 325 if ((config.time_thresholds->warning != NULL) &&
290 true, 0, false, 0)); 326 (config.time_thresholds->critical != NULL)) {
291 } else if ((time_thresholds->warning == NULL) && (time_thresholds->critical != NULL)) { 327 printf("|%s\n",
292 printf("|%s\n", fperfdata("time", elapsed_time, "s", false, 0, true, time_thresholds->critical->end, true, 0, false, 0)); 328 fperfdata("time", elapsed_time, "s", true, config.time_thresholds->warning->end,
293 } else if ((time_thresholds->warning != NULL) && (time_thresholds->critical == NULL)) { 329 true, config.time_thresholds->critical->end, true, 0, false, 0));
294 printf("|%s\n", fperfdata("time", elapsed_time, "s", true, time_thresholds->warning->end, false, 0, true, 0, false, 0)); 330 } else if ((config.time_thresholds->warning == NULL) &&
295 } else 331 (config.time_thresholds->critical != NULL)) {
296 printf("|%s\n", fperfdata("time", elapsed_time, "s", false, 0, false, 0, true, 0, false, 0)); 332 printf("|%s\n", fperfdata("time", elapsed_time, "s", false, 0, true,
297 } else if (result == STATE_WARNING) 333 config.time_thresholds->critical->end, true, 0, false, 0));
298 printf(_("DNS WARNING - %s\n"), !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg); 334 } else if ((config.time_thresholds->warning != NULL) &&
299 else if (result == STATE_CRITICAL) 335 (config.time_thresholds->critical == NULL)) {
300 printf(_("DNS CRITICAL - %s\n"), !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg); 336 printf("|%s\n",
301 else 337 fperfdata("time", elapsed_time, "s", true, config.time_thresholds->warning->end,
302 printf(_("DNS UNKNOWN - %s\n"), !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg); 338 false, 0, true, 0, false, 0));
303 339 } else {
304 return result; 340 printf("|%s\n",
341 fperfdata("time", elapsed_time, "s", false, 0, false, 0, true, 0, false, 0));
342 }
343 } else if (result == STATE_WARNING) {
344 printf(_("DNS WARNING - %s\n"),
345 !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg);
346 } else if (result == STATE_CRITICAL) {
347 printf(_("DNS CRITICAL - %s\n"),
348 !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg);
349 } else {
350 printf(_("DNS UNKNOWN - %s\n"),
351 !strcmp(msg, "") ? _(" Probably a non-existent host/domain") : msg);
352 }
353
354 exit(result);
305} 355}
306 356
307bool ip_match_cidr(const char *addr, const char *cidr_ro) { 357bool ip_match_cidr(const char *addr, const char *cidr_ro) {
@@ -317,76 +367,87 @@ bool ip_match_cidr(const char *addr, const char *cidr_ro) {
317 mask = atoi(mask_c); 367 mask = atoi(mask_c);
318 368
319 /* https://www.cryptobells.com/verifying-ips-in-a-subnet-in-php/ */ 369 /* https://www.cryptobells.com/verifying-ips-in-a-subnet-in-php/ */
320 return (ip2long(addr) & ~((1 << (32 - mask)) - 1)) == (ip2long(subnet) >> (32 - mask)) << (32 - mask); 370 return (ip2long(addr) & ~((1 << (32 - mask)) - 1)) == (ip2long(subnet) >> (32 - mask))
371 << (32 - mask);
321} 372}
322 373
323unsigned long ip2long(const char *src) { 374unsigned long ip2long(const char *src) {
324 unsigned long ip[4]; 375 unsigned long ip[4];
325 /* http://computer-programming-forum.com/47-c-language/1376ffb92a12c471.htm */ 376 /* http://computer-programming-forum.com/47-c-language/1376ffb92a12c471.htm */
326 return (sscanf(src, "%3lu.%3lu.%3lu.%3lu", &ip[0], &ip[1], &ip[2], &ip[3]) == 4 && ip[0] < 256 && ip[1] < 256 && ip[2] < 256 && 377 return (sscanf(src, "%3lu.%3lu.%3lu.%3lu", &ip[0], &ip[1], &ip[2], &ip[3]) == 4 &&
327 ip[3] < 256) 378 ip[0] < 256 && ip[1] < 256 && ip[2] < 256 && ip[3] < 256)
328 ? ip[0] << 24 | ip[1] << 16 | ip[2] << 8 | ip[3] 379 ? ip[0] << 24 | ip[1] << 16 | ip[2] << 8 | ip[3]
329 : 0; 380 : 0;
330} 381}
331 382
332int error_scan(char *input_buffer, bool *is_nxdomain) { 383mp_state_enum error_scan(char *input_buffer, bool *is_nxdomain,
384 const char dns_server[ADDRESS_LENGTH]) {
333 385
334 const int nxdomain = strstr(input_buffer, "Non-existent") || strstr(input_buffer, "** server can't find") || 386 const int nxdomain = strstr(input_buffer, "Non-existent") ||
387 strstr(input_buffer, "** server can't find") ||
335 strstr(input_buffer, "** Can't find") || strstr(input_buffer, "NXDOMAIN"); 388 strstr(input_buffer, "** Can't find") || strstr(input_buffer, "NXDOMAIN");
336 if (nxdomain) 389 if (nxdomain) {
337 *is_nxdomain = true; 390 *is_nxdomain = true;
391 }
338 392
339 /* the DNS lookup timed out */ 393 /* the DNS lookup timed out */
340 if (strstr(input_buffer, _("Note: nslookup is deprecated and may be removed from future releases.")) || 394 if (strstr(input_buffer,
341 strstr(input_buffer, _("Consider using the `dig' or `host' programs instead. Run nslookup with")) || 395 _("Note: nslookup is deprecated and may be removed from future releases.")) ||
342 strstr(input_buffer, _("the `-sil[ent]' option to prevent this message from appearing."))) 396 strstr(input_buffer,
397 _("Consider using the `dig' or `host' programs instead. Run nslookup with")) ||
398 strstr(input_buffer, _("the `-sil[ent]' option to prevent this message from appearing."))) {
343 return STATE_OK; 399 return STATE_OK;
400 }
344 401
345 /* DNS server is not running... */ 402 /* DNS server is not running... */
346 else if (strstr(input_buffer, "No response from server")) 403 else if (strstr(input_buffer, "No response from server")) {
347 die(STATE_CRITICAL, _("No response from DNS %s\n"), dns_server); 404 die(STATE_CRITICAL, _("No response from DNS %s\n"), dns_server);
348 else if (strstr(input_buffer, "no servers could be reached")) 405 } else if (strstr(input_buffer, "no servers could be reached")) {
349 die(STATE_CRITICAL, _("No response from DNS %s\n"), dns_server); 406 die(STATE_CRITICAL, _("No response from DNS %s\n"), dns_server);
407 }
350 408
351 /* Host name is valid, but server doesn't have records... */ 409 /* Host name is valid, but server doesn't have records... */
352 else if (strstr(input_buffer, "No records")) 410 else if (strstr(input_buffer, "No records")) {
353 die(STATE_CRITICAL, _("DNS %s has no records\n"), dns_server); 411 die(STATE_CRITICAL, _("DNS %s has no records\n"), dns_server);
412 }
354 413
355 /* Connection was refused */ 414 /* Connection was refused */
356 else if (strstr(input_buffer, "Connection refused") || strstr(input_buffer, "Couldn't find server") || 415 else if (strstr(input_buffer, "Connection refused") ||
357 strstr(input_buffer, "Refused") || (strstr(input_buffer, "** server can't find") && strstr(input_buffer, ": REFUSED"))) 416 strstr(input_buffer, "Couldn't find server") || strstr(input_buffer, "Refused") ||
417 (strstr(input_buffer, "** server can't find") && strstr(input_buffer, ": REFUSED"))) {
358 die(STATE_CRITICAL, _("Connection to DNS %s was refused\n"), dns_server); 418 die(STATE_CRITICAL, _("Connection to DNS %s was refused\n"), dns_server);
419 }
359 420
360 /* Query refused (usually by an ACL in the namserver) */ 421 /* Query refused (usually by an ACL in the namserver) */
361 else if (strstr(input_buffer, "Query refused")) 422 else if (strstr(input_buffer, "Query refused")) {
362 die(STATE_CRITICAL, _("Query was refused by DNS server at %s\n"), dns_server); 423 die(STATE_CRITICAL, _("Query was refused by DNS server at %s\n"), dns_server);
424 }
363 425
364 /* No information (e.g. nameserver IP has two PTR records) */ 426 /* No information (e.g. nameserver IP has two PTR records) */
365 else if (strstr(input_buffer, "No information")) 427 else if (strstr(input_buffer, "No information")) {
366 die(STATE_CRITICAL, _("No information returned by DNS server at %s\n"), dns_server); 428 die(STATE_CRITICAL, _("No information returned by DNS server at %s\n"), dns_server);
429 }
367 430
368 /* Network is unreachable */ 431 /* Network is unreachable */
369 else if (strstr(input_buffer, "Network is unreachable")) 432 else if (strstr(input_buffer, "Network is unreachable")) {
370 die(STATE_CRITICAL, _("Network is unreachable\n")); 433 die(STATE_CRITICAL, _("Network is unreachable\n"));
434 }
371 435
372 /* Internal server failure */ 436 /* Internal server failure */
373 else if (strstr(input_buffer, "Server failure")) 437 else if (strstr(input_buffer, "Server failure")) {
374 die(STATE_CRITICAL, _("DNS failure for %s\n"), dns_server); 438 die(STATE_CRITICAL, _("DNS failure for %s\n"), dns_server);
439 }
375 440
376 /* Request error or the DNS lookup timed out */ 441 /* Request error or the DNS lookup timed out */
377 else if (strstr(input_buffer, "Format error") || strstr(input_buffer, "Timed out")) 442 else if (strstr(input_buffer, "Format error") || strstr(input_buffer, "Timed out")) {
378 return STATE_WARNING; 443 return STATE_WARNING;
444 }
379 445
380 return STATE_OK; 446 return STATE_OK;
381} 447}
382 448
383/* process command-line arguments */ 449/* process command-line arguments */
384int process_arguments(int argc, char **argv) { 450check_dns_config_wrapper process_arguments(int argc, char **argv) {
385 int c;
386 char *warning = NULL;
387 char *critical = NULL;
388
389 int opt_index = 0;
390 static struct option long_opts[] = {{"help", no_argument, 0, 'h'}, 451 static struct option long_opts[] = {{"help", no_argument, 0, 'h'},
391 {"version", no_argument, 0, 'V'}, 452 {"version", no_argument, 0, 'V'},
392 {"verbose", no_argument, 0, 'v'}, 453 {"verbose", no_argument, 0, 'v'},
@@ -402,20 +463,34 @@ int process_arguments(int argc, char **argv) {
402 {"critical", required_argument, 0, 'c'}, 463 {"critical", required_argument, 0, 'c'},
403 {0, 0, 0, 0}}; 464 {0, 0, 0, 0}};
404 465
405 if (argc < 2) 466 check_dns_config_wrapper result = {
406 return ERROR; 467 .config = check_dns_config_init(),
468 .errorcode = OK,
469 };
407 470
408 for (c = 1; c < argc; c++) 471 if (argc < 2) {
409 if (strcmp("-to", argv[c]) == 0) 472 result.errorcode = ERROR;
410 strcpy(argv[c], "-t"); 473 return result;
474 }
411 475
412 while (1) { 476 for (int index = 1; index < argc; index++) {
413 c = getopt_long(argc, argv, "hVvALnt:H:s:r:a:w:c:", long_opts, &opt_index); 477 if (strcmp("-to", argv[index]) == 0) {
478 strcpy(argv[index], "-t");
479 }
480 }
481
482 char *warning = NULL;
483 char *critical = NULL;
484 int opt_index = 0;
485 int index = 0;
486 while (true) {
487 index = getopt_long(argc, argv, "hVvALnt:H:s:r:a:w:c:", long_opts, &opt_index);
414 488
415 if (c == -1 || c == EOF) 489 if (index == -1 || index == EOF) {
416 break; 490 break;
491 }
417 492
418 switch (c) { 493 switch (index) {
419 case 'h': /* help */ 494 case 'h': /* help */
420 print_help(); 495 print_help();
421 exit(STATE_UNKNOWN); 496 exit(STATE_UNKNOWN);
@@ -429,54 +504,67 @@ int process_arguments(int argc, char **argv) {
429 timeout_interval = atoi(optarg); 504 timeout_interval = atoi(optarg);
430 break; 505 break;
431 case 'H': /* hostname */ 506 case 'H': /* hostname */
432 if (strlen(optarg) >= ADDRESS_LENGTH) 507 if (strlen(optarg) >= ADDRESS_LENGTH) {
433 die(STATE_UNKNOWN, _("Input buffer overflow\n")); 508 die(STATE_UNKNOWN, _("Input buffer overflow\n"));
434 strcpy(query_address, optarg); 509 }
510 strcpy(result.config.query_address, optarg);
435 break; 511 break;
436 case 's': /* server name */ 512 case 's': /* server name */
437 /* TODO: this host_or_die check is probably unnecessary. 513 /* TODO: this host_or_die check is probably unnecessary.
438 * Better to confirm nslookup response matches */ 514 * Better to confirm nslookup response matches */
439 host_or_die(optarg); 515 host_or_die(optarg);
440 if (strlen(optarg) >= ADDRESS_LENGTH) 516 if (strlen(optarg) >= ADDRESS_LENGTH) {
441 die(STATE_UNKNOWN, _("Input buffer overflow\n")); 517 die(STATE_UNKNOWN, _("Input buffer overflow\n"));
442 strcpy(dns_server, optarg); 518 }
519 strcpy(result.config.dns_server, optarg);
443 break; 520 break;
444 case 'r': /* reverse server name */ 521 case 'r': /* reverse server name */
445 /* TODO: Is this host_or_die necessary? */ 522 /* TODO: Is this host_or_die necessary? */
523 // TODO This does not do anything!!! 2025-03-08 rincewind
446 host_or_die(optarg); 524 host_or_die(optarg);
447 if (strlen(optarg) >= ADDRESS_LENGTH) 525 if (strlen(optarg) >= ADDRESS_LENGTH) {
448 die(STATE_UNKNOWN, _("Input buffer overflow\n")); 526 die(STATE_UNKNOWN, _("Input buffer overflow\n"));
527 }
528 static char ptr_server[ADDRESS_LENGTH] = "";
449 strcpy(ptr_server, optarg); 529 strcpy(ptr_server, optarg);
450 break; 530 break;
451 case 'a': /* expected address */ 531 case 'a': /* expected address */
452 if (strlen(optarg) >= ADDRESS_LENGTH) 532 if (strlen(optarg) >= ADDRESS_LENGTH) {
453 die(STATE_UNKNOWN, _("Input buffer overflow\n")); 533 die(STATE_UNKNOWN, _("Input buffer overflow\n"));
534 }
454 if (strchr(optarg, ',') != NULL) { 535 if (strchr(optarg, ',') != NULL) {
455 char *comma = strchr(optarg, ','); 536 char *comma = strchr(optarg, ',');
456 while (comma != NULL) { 537 while (comma != NULL) {
457 expected_address = (char **)realloc(expected_address, (expected_address_cnt + 1) * sizeof(char **)); 538 result.config.expected_address = (char **)realloc(
458 expected_address[expected_address_cnt] = strndup(optarg, comma - optarg); 539 result.config.expected_address,
459 expected_address_cnt++; 540 (result.config.expected_address_cnt + 1) * sizeof(char **));
541 result.config.expected_address[result.config.expected_address_cnt] =
542 strndup(optarg, comma - optarg);
543 result.config.expected_address_cnt++;
460 optarg = comma + 1; 544 optarg = comma + 1;
461 comma = strchr(optarg, ','); 545 comma = strchr(optarg, ',');
462 } 546 }
463 expected_address = (char **)realloc(expected_address, (expected_address_cnt + 1) * sizeof(char **)); 547 result.config.expected_address =
464 expected_address[expected_address_cnt] = strdup(optarg); 548 (char **)realloc(result.config.expected_address,
465 expected_address_cnt++; 549 (result.config.expected_address_cnt + 1) * sizeof(char **));
550 result.config.expected_address[result.config.expected_address_cnt] = strdup(optarg);
551 result.config.expected_address_cnt++;
466 } else { 552 } else {
467 expected_address = (char **)realloc(expected_address, (expected_address_cnt + 1) * sizeof(char **)); 553 result.config.expected_address =
468 expected_address[expected_address_cnt] = strdup(optarg); 554 (char **)realloc(result.config.expected_address,
469 expected_address_cnt++; 555 (result.config.expected_address_cnt + 1) * sizeof(char **));
556 result.config.expected_address[result.config.expected_address_cnt] = strdup(optarg);
557 result.config.expected_address_cnt++;
470 } 558 }
471 break; 559 break;
472 case 'n': /* expect NXDOMAIN */ 560 case 'n': /* expect NXDOMAIN */
473 expect_nxdomain = true; 561 result.config.expect_nxdomain = true;
474 break; 562 break;
475 case 'A': /* expect authority */ 563 case 'A': /* expect authority */
476 expect_authority = true; 564 result.config.expect_authority = true;
477 break; 565 break;
478 case 'L': /* all must match */ 566 case 'L': /* all must match */
479 all_match = true; 567 result.config.all_match = true;
480 break; 568 break;
481 case 'w': 569 case 'w':
482 warning = optarg; 570 warning = optarg;
@@ -489,38 +577,42 @@ int process_arguments(int argc, char **argv) {
489 } 577 }
490 } 578 }
491 579
492 c = optind; 580 index = optind;
493 if (strlen(query_address) == 0 && c < argc) { 581 if (strlen(result.config.query_address) == 0 && index < argc) {
494 if (strlen(argv[c]) >= ADDRESS_LENGTH) 582 if (strlen(argv[index]) >= ADDRESS_LENGTH) {
495 die(STATE_UNKNOWN, _("Input buffer overflow\n")); 583 die(STATE_UNKNOWN, _("Input buffer overflow\n"));
496 strcpy(query_address, argv[c++]); 584 }
585 strcpy(result.config.query_address, argv[index++]);
497 } 586 }
498 587
499 if (strlen(dns_server) == 0 && c < argc) { 588 if (strlen(result.config.dns_server) == 0 && index < argc) {
500 /* TODO: See -s option */ 589 /* TODO: See -s option */
501 host_or_die(argv[c]); 590 host_or_die(argv[index]);
502 if (strlen(argv[c]) >= ADDRESS_LENGTH) 591 if (strlen(argv[index]) >= ADDRESS_LENGTH) {
503 die(STATE_UNKNOWN, _("Input buffer overflow\n")); 592 die(STATE_UNKNOWN, _("Input buffer overflow\n"));
504 strcpy(dns_server, argv[c++]); 593 }
594 strcpy(result.config.dns_server, argv[index++]);
505 } 595 }
506 596
507 set_thresholds(&time_thresholds, warning, critical); 597 set_thresholds(&result.config.time_thresholds, warning, critical);
508 598
509 return validate_arguments(); 599 return validate_arguments(result);
510} 600}
511 601
512int validate_arguments(void) { 602check_dns_config_wrapper validate_arguments(check_dns_config_wrapper config_wrapper) {
513 if (query_address[0] == 0) { 603 if (config_wrapper.config.query_address[0] == 0) {
514 printf("missing --host argument\n"); 604 printf("missing --host argument\n");
515 return ERROR; 605 config_wrapper.errorcode = ERROR;
606 return config_wrapper;
516 } 607 }
517 608
518 if (expected_address_cnt > 0 && expect_nxdomain) { 609 if (config_wrapper.config.expected_address_cnt > 0 && config_wrapper.config.expect_nxdomain) {
519 printf("--expected-address and --expect-nxdomain cannot be combined\n"); 610 printf("--expected-address and --expect-nxdomain cannot be combined\n");
520 return ERROR; 611 config_wrapper.errorcode = ERROR;
612 return config_wrapper;
521 } 613 }
522 614
523 return OK; 615 return config_wrapper;
524} 616}
525 617
526void print_help(void) { 618void print_help(void) {
@@ -529,9 +621,11 @@ void print_help(void) {
529 printf("Copyright (c) 1999 Ethan Galstad <nagios@nagios.org>\n"); 621 printf("Copyright (c) 1999 Ethan Galstad <nagios@nagios.org>\n");
530 printf(COPYRIGHT, copyright, email); 622 printf(COPYRIGHT, copyright, email);
531 623
532 printf("%s\n", _("This plugin uses the nslookup program to obtain the IP address for the given host/domain query.")); 624 printf("%s\n", _("This plugin uses the nslookup program to obtain the IP address for the given "
625 "host/domain query."));
533 printf("%s\n", _("An optional DNS server to use may be specified.")); 626 printf("%s\n", _("An optional DNS server to use may be specified."));
534 printf("%s\n", _("If no DNS server is specified, the default server(s) specified in /etc/resolv.conf will be used.")); 627 printf("%s\n", _("If no DNS server is specified, the default server(s) specified in "
628 "/etc/resolv.conf will be used."));
535 629
536 printf("\n\n"); 630 printf("\n\n");
537 631
@@ -545,11 +639,14 @@ void print_help(void) {
545 printf(" -s, --server=HOST\n"); 639 printf(" -s, --server=HOST\n");
546 printf(" %s\n", _("Optional DNS server you want to use for the lookup")); 640 printf(" %s\n", _("Optional DNS server you want to use for the lookup"));
547 printf(" -a, --expected-address=IP-ADDRESS|CIDR|HOST\n"); 641 printf(" -a, --expected-address=IP-ADDRESS|CIDR|HOST\n");
548 printf(" %s\n", _("Optional IP-ADDRESS/CIDR you expect the DNS server to return. HOST must end")); 642 printf(" %s\n",
549 printf(" %s\n", _("with a dot (.). This option can be repeated multiple times (Returns OK if any")); 643 _("Optional IP-ADDRESS/CIDR you expect the DNS server to return. HOST must end"));
644 printf(" %s\n",
645 _("with a dot (.). This option can be repeated multiple times (Returns OK if any"));
550 printf(" %s\n", _("value matches).")); 646 printf(" %s\n", _("value matches)."));
551 printf(" -n, --expect-nxdomain\n"); 647 printf(" -n, --expect-nxdomain\n");
552 printf(" %s\n", _("Expect the DNS server to return NXDOMAIN (i.e. the domain was not found)")); 648 printf(" %s\n",
649 _("Expect the DNS server to return NXDOMAIN (i.e. the domain was not found)"));
553 printf(" %s\n", _("Cannot be used together with -a")); 650 printf(" %s\n", _("Cannot be used together with -a"));
554 printf(" -A, --expect-authority\n"); 651 printf(" -A, --expect-authority\n");
555 printf(" %s\n", _("Optionally expect the DNS server to be authoritative for the lookup")); 652 printf(" %s\n", _("Optionally expect the DNS server to be authoritative for the lookup"));
@@ -558,7 +655,8 @@ void print_help(void) {
558 printf(" -c, --critical=seconds\n"); 655 printf(" -c, --critical=seconds\n");
559 printf(" %s\n", _("Return critical if elapsed time exceeds value. Default off")); 656 printf(" %s\n", _("Return critical if elapsed time exceeds value. Default off"));
560 printf(" -L, --all\n"); 657 printf(" -L, --all\n");
561 printf(" %s\n", _("Return critical if the list of expected addresses does not match all addresses")); 658 printf(" %s\n",
659 _("Return critical if the list of expected addresses does not match all addresses"));
562 printf(" %s\n", _("returned. Default off")); 660 printf(" %s\n", _("returned. Default off"));
563 661
564 printf(UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); 662 printf(UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
@@ -568,5 +666,7 @@ void print_help(void) {
568 666
569void print_usage(void) { 667void print_usage(void) {
570 printf("%s\n", _("Usage:")); 668 printf("%s\n", _("Usage:"));
571 printf("%s -H host [-s server] [-a expected-address] [-n] [-A] [-t timeout] [-w warn] [-c crit] [-L]\n", progname); 669 printf("%s -H host [-s server] [-a expected-address] [-n] [-A] [-t timeout] [-w warn] [-c "
670 "crit] [-L]\n",
671 progname);
572} 672}