1 files changed, 30 insertions, 115 deletions
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c
index 157588fd..3ffa4cd6 100644
--- a/plugins/check_tcp.c
+++ b/plugins/check_tcp.c
@@ -28,42 +28,19 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net";
 #include "netutils.h"
 #include "utils.h"
-#ifdef HAVE_GNUTLS_OPENSSL_H
-#  include <gnutls/openssl.h>
-#else
-#  ifdef HAVE_SSL_H
-#    include <rsa.h>
-#    include <crypto.h>
-#    include <x509.h>
-#    include <pem.h>
-#    include <ssl.h>
-#    include <err.h>
-#  else
-#    ifdef HAVE_OPENSSL_SSL_H
-#      include <openssl/rsa.h>
-#      include <openssl/crypto.h>
-#      include <openssl/x509.h>
-#      include <openssl/pem.h>
-#      include <openssl/ssl.h>
-#      include <openssl/err.h>
-#    endif
-#  endif
-#endif
 #ifdef HAVE_SSL
 static int check_cert = FALSE;
 static int days_till_exp;
 static char *randbuff = "";
-static SSL_CTX *ctx;
-static SSL *ssl;
 static X509 *server_cert;
-static int connect_SSL (void);
 # ifdef USE_OPENSSL
 static int check_certificate (X509 **);
 # endif /* USE_OPENSSL */
-# define my_recv(buf, len) ((flags & FLAG_SSL) ? SSL_read(ssl, buf, len) : read(sd, buf, len))
+# define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
+# define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
 #else
 # define my_recv(buf, len) read(sd, buf, len)
+# define my_send(buf, len) send(sd, buf, len, 0)
 #endif
@@ -233,11 +210,21 @@ main (int argc, char **argv)
        /* try to connect to the host at the given port number */
        gettimeofday (&tv, NULL);
+        result = np_net_connect (server_address, server_port, &sd, PROTOCOL);
+        if (result == STATE_CRITICAL) return STATE_CRITICAL;
 #ifdef HAVE_SSL
-        if (flags & FLAG_SSL && check_cert == TRUE) {
+        if (flags & FLAG_SSL){
-                if (connect_SSL () != OK)
+                result = np_net_ssl_init(sd);
+                if(result != STATE_OK) return result;
+                /* XXX does np_net_ssl take care of printing an error?
                        die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n"));
+                */
+        }
 #  ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */
+        /*
+        if (flags & FLAG_SSL && check_cert == TRUE) {
                if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
                        result = check_certificate (&server_cert);
                        X509_free(server_cert);
@@ -246,30 +233,21 @@ main (int argc, char **argv)
                        printf(_("CRITICAL - Cannot retrieve server certificate.\n"));
                        result = STATE_CRITICAL;
                }
+        }
+        */
 #  endif /* USE_OPENSSL */
+#endif
-                SSL_shutdown (ssl);
+        if(result != STATE_OK){
-                SSL_free (ssl);
+#ifdef HAVE_SSL
-                SSL_CTX_free (ctx);
+                np_net_ssl_cleanup();
-                close (sd);
+#endif
+                if(sd) close(sd);
                return result;
        }
-        else if (flags & FLAG_SSL)
-                result = connect_SSL ();
-        else
-#endif
-                result = np_net_connect (server_address, server_port, &sd, PROTOCOL);
-        if (result == STATE_CRITICAL)
-                return STATE_CRITICAL;
        if (server_send != NULL) {              /* Something to send? */
-#ifdef HAVE_SSL
+                my_send(server_send, strlen(server_send));
-                if (flags & FLAG_SSL)
-                        SSL_write(ssl, server_send, (int)strlen(server_send));
-                else
-#endif
-                        send (sd, server_send, strlen(server_send), 0);
        }
        if (delay > 0) {
@@ -332,21 +310,12 @@ main (int argc, char **argv)
        }
        if (server_quit != NULL) {
-#ifdef HAVE_SSL
+                my_send(server_quit, strlen(server_quit));
-                if (flags & FLAG_SSL) {
-                        SSL_write (ssl, server_quit, (int)strlen(server_quit));
-                        SSL_shutdown (ssl);
-                        SSL_free (ssl);
-                        SSL_CTX_free (ctx);
-                }
-                else
-#endif
-                        send (sd, server_quit, strlen (server_quit), 0);
        }
+#ifdef HAVE_SSL
-        /* close the connection */
+        np_net_ssl_cleanup();
-        if (sd)
+#endif 
-                close (sd);
+        if (sd) close (sd);
        microsec = deltime (tv);
        elapsed_time = (double)microsec / 1.0e6;
@@ -600,61 +569,7 @@ process_arguments (int argc, char **argv)
 /* SSL-specific functions */
 #ifdef HAVE_SSL
-static int
+#  ifdef USE_OPENSSL /* XXX */
-connect_SSL (void)
-{
-  SSL_METHOD *meth;
-  /* Initialize SSL context */
-  SSLeay_add_ssl_algorithms ();
-  meth = SSLv23_client_method ();
-  SSL_load_error_strings ();
-  OpenSSL_add_all_algorithms();
-  if ((ctx = SSL_CTX_new (meth)) == NULL)
-    {
-      printf (_("CRITICAL - Cannot create SSL context.\n"));
-      return STATE_CRITICAL;
-    }
-  /* Initialize alarm signal handling */
-  signal (SIGALRM, socket_timeout_alarm_handler);
-  /* Set socket timeout */
-  alarm (socket_timeout);
-  /* Save start time */
-  time (&start_time);
-  /* Make TCP connection */
-  if (my_tcp_connect (server_address, server_port, &sd) == STATE_OK && was_refused == FALSE)
-    {
-    /* Do the SSL handshake */
-      if ((ssl = SSL_new (ctx)) != NULL)
-      {
-        SSL_set_fd (ssl, sd);
-        if (SSL_connect(ssl) == 1)
-          return OK;
-        /* ERR_print_errors_fp (stderr); */
-        printf (_("CRITICAL - Cannot make  SSL connection "));
-#ifdef USE_OPENSSL /* XXX */
-        ERR_print_errors_fp (stdout);
-#endif /* USE_OPENSSL */
-        /* printf("\n"); */
-      }
-      else
-      {
-        printf (_("CRITICAL - Cannot initiate SSL handshake.\n"));
-      }
-      SSL_free (ssl);
-    }
-  SSL_CTX_free (ctx);
-  close (sd);
-  return STATE_CRITICAL;
-}
-#ifdef USE_OPENSSL /* XXX */
 static int
 check_certificate (X509 ** certificate)
 {

diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c index 157588fd..3ffa4cd6 100644 --- a/plugins/check_tcp.c +++ b/plugins/check_tcp.c
@@ -28,42 +28,19 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net";
28	#include "netutils.h"	28	#include "netutils.h"
29	#include "utils.h"	29	#include "utils.h"
30		30
31	#ifdef HAVE_GNUTLS_OPENSSL_H
32	# include <gnutls/openssl.h>
33	#else
34	# ifdef HAVE_SSL_H
35	# include <rsa.h>
36	# include <crypto.h>
37	# include <x509.h>
38	# include <pem.h>
39	# include <ssl.h>
40	# include <err.h>
41	# else
42	# ifdef HAVE_OPENSSL_SSL_H
43	# include <openssl/rsa.h>
44	# include <openssl/crypto.h>
45	# include <openssl/x509.h>
46	# include <openssl/pem.h>
47	# include <openssl/ssl.h>
48	# include <openssl/err.h>
49	# endif
50	# endif
51	#endif
52
53	#ifdef HAVE_SSL	31	#ifdef HAVE_SSL
54	static int check_cert = FALSE;	32	static int check_cert = FALSE;
55	static int days_till_exp;	33	static int days_till_exp;
56	static char *randbuff = "";	34	static char *randbuff = "";
57	static SSL_CTX *ctx;
58	static SSL *ssl;
59	static X509 *server_cert;	35	static X509 *server_cert;
60	static int connect_SSL (void);
61	# ifdef USE_OPENSSL	36	# ifdef USE_OPENSSL
62	static int check_certificate (X509 **);	37	static int check_certificate (X509 **);
63	# endif /* USE_OPENSSL */	38	# endif /* USE_OPENSSL */
64	# define my_recv(buf, len) ((flags & FLAG_SSL) ? SSL_read(ssl, buf, len) : read(sd, buf, len))	39	# define my_recv(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
		40	# define my_send(buf, len) ((flags & FLAG_SSL) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
65	#else	41	#else
66	# define my_recv(buf, len) read(sd, buf, len)	42	# define my_recv(buf, len) read(sd, buf, len)
		43	# define my_send(buf, len) send(sd, buf, len, 0)
67	#endif	44	#endif
68		45
69		46
@@ -233,11 +210,21 @@ main (int argc, char **argv)
233		210
234	/* try to connect to the host at the given port number */	211	/* try to connect to the host at the given port number */
235	gettimeofday (&tv, NULL);	212	gettimeofday (&tv, NULL);
		213
		214	result = np_net_connect (server_address, server_port, &sd, PROTOCOL);
		215	if (result == STATE_CRITICAL) return STATE_CRITICAL;
		216
236	#ifdef HAVE_SSL	217	#ifdef HAVE_SSL
237	if (flags & FLAG_SSL && check_cert == TRUE) {	218	if (flags & FLAG_SSL){
238	if (connect_SSL () != OK)	219	result = np_net_ssl_init(sd);
		220	if(result != STATE_OK) return result;
		221	/* XXX does np_net_ssl take care of printing an error?
239	die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n"));	222	die (STATE_CRITICAL,_("CRITICAL - Could not make SSL connection\n"));
		223	*/
		224	}
240	# ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */	225	# ifdef USE_OPENSSL /* XXX gnutls does cert checking differently */
		226	/*
		227	if (flags & FLAG_SSL && check_cert == TRUE) {
241	if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {	228	if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
242	result = check_certificate (&server_cert);	229	result = check_certificate (&server_cert);
243	X509_free(server_cert);	230	X509_free(server_cert);
@@ -246,30 +233,21 @@ main (int argc, char **argv)
246	printf(_("CRITICAL - Cannot retrieve server certificate.\n"));	233	printf(_("CRITICAL - Cannot retrieve server certificate.\n"));
247	result = STATE_CRITICAL;	234	result = STATE_CRITICAL;
248	}	235	}
		236	}
		237	*/
249	# endif /* USE_OPENSSL */	238	# endif /* USE_OPENSSL */
		239	#endif
250		240
251	SSL_shutdown (ssl);	241	if(result != STATE_OK){
252	SSL_free (ssl);	242	#ifdef HAVE_SSL
253	SSL_CTX_free (ctx);	243	np_net_ssl_cleanup();
254	close (sd);	244	#endif
		245	if(sd) close(sd);
255	return result;	246	return result;
256	}	247	}
257	else if (flags & FLAG_SSL)
258	result = connect_SSL ();
259	else
260	#endif
261	result = np_net_connect (server_address, server_port, &sd, PROTOCOL);
262
263	if (result == STATE_CRITICAL)
264	return STATE_CRITICAL;
265		248
266	if (server_send != NULL) { /* Something to send? */	249	if (server_send != NULL) { /* Something to send? */
267	#ifdef HAVE_SSL	250	my_send(server_send, strlen(server_send));
268	if (flags & FLAG_SSL)
269	SSL_write(ssl, server_send, (int)strlen(server_send));
270	else
271	#endif
272	send (sd, server_send, strlen(server_send), 0);
273	}	251	}
274		252
275	if (delay > 0) {	253	if (delay > 0) {
@@ -332,21 +310,12 @@ main (int argc, char **argv)
332	}	310	}
333		311
334	if (server_quit != NULL) {	312	if (server_quit != NULL) {
335	#ifdef HAVE_SSL	313	my_send(server_quit, strlen(server_quit));
336	if (flags & FLAG_SSL) {
337	SSL_write (ssl, server_quit, (int)strlen(server_quit));
338	SSL_shutdown (ssl);
339	SSL_free (ssl);
340	SSL_CTX_free (ctx);
341	}
342	else
343	#endif
344	send (sd, server_quit, strlen (server_quit), 0);
345	}	314	}
346		315	#ifdef HAVE_SSL
347	/* close the connection */	316	np_net_ssl_cleanup();
348	if (sd)	317	#endif
349	close (sd);	318	if (sd) close (sd);
350		319
351	microsec = deltime (tv);	320	microsec = deltime (tv);
352	elapsed_time = (double)microsec / 1.0e6;	321	elapsed_time = (double)microsec / 1.0e6;
@@ -600,61 +569,7 @@ process_arguments (int argc, char **argv)
600		569
601	/* SSL-specific functions */	570	/* SSL-specific functions */
602	#ifdef HAVE_SSL	571	#ifdef HAVE_SSL
603	static int	572	# ifdef USE_OPENSSL /* XXX */
604	connect_SSL (void)
605	{
606	SSL_METHOD *meth;
607
608	/* Initialize SSL context */
609	SSLeay_add_ssl_algorithms ();
610	meth = SSLv23_client_method ();
611	SSL_load_error_strings ();
612	OpenSSL_add_all_algorithms();
613	if ((ctx = SSL_CTX_new (meth)) == NULL)
614	{
615	printf (_("CRITICAL - Cannot create SSL context.\n"));
616	return STATE_CRITICAL;
617	}
618
619	/* Initialize alarm signal handling */
620	signal (SIGALRM, socket_timeout_alarm_handler);
621
622	/* Set socket timeout */
623	alarm (socket_timeout);
624
625	/* Save start time */
626	time (&start_time);
627
628	/* Make TCP connection */
629	if (my_tcp_connect (server_address, server_port, &sd) == STATE_OK && was_refused == FALSE)
630	{
631	/* Do the SSL handshake */
632	if ((ssl = SSL_new (ctx)) != NULL)
633	{
634	SSL_set_fd (ssl, sd);
635	if (SSL_connect(ssl) == 1)
636	return OK;
637	/* ERR_print_errors_fp (stderr); */
638	printf (_("CRITICAL - Cannot make SSL connection "));
639	#ifdef USE_OPENSSL /* XXX */
640	ERR_print_errors_fp (stdout);
641	#endif /* USE_OPENSSL */
642	/* printf("\n"); */
643	}
644	else
645	{
646	printf (_("CRITICAL - Cannot initiate SSL handshake.\n"));
647	}
648	SSL_free (ssl);
649	}
650
651	SSL_CTX_free (ctx);
652	close (sd);
653
654	return STATE_CRITICAL;
655	}
656
657	#ifdef USE_OPENSSL /* XXX */
658	static int	573	static int
659	check_certificate (X509 ** certificate)	574	check_certificate (X509 ** certificate)
660	{	575	{