From 97349ae13d65ea91abbe6fd93c34aba28817493e Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Tue, 1 Oct 2013 14:50:04 +0200 Subject: check_ssh: check protocol It would be useful to be able to detect the protocols supported by the remote ssh server to locate any using the insecure ssh v1 protocol. This patch attempts to match against the protocol string in the ssh response. Example: check_ssh -H my.host.com -P 2.0 -- Just turning attached patch of github issue #780 into a push request. (Closes #780) diff --git a/plugins/check_ssh.c b/plugins/check_ssh.c index 6e8a5fc..6842c4c 100644 --- a/plugins/check_ssh.c +++ b/plugins/check_ssh.c @@ -46,6 +46,7 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net"; int port = -1; char *server_name = NULL; char *remote_version = NULL; +char *remote_protocol = NULL; int verbose = FALSE; int process_arguments (int, char **); @@ -53,7 +54,7 @@ int validate_arguments (void); void print_help (void); void print_usage (void); -int ssh_connect (char *haddr, int hport, char *remote_version); +int ssh_connect (char *haddr, int hport, char *remote_version, char *remote_protocol); @@ -78,7 +79,7 @@ main (int argc, char **argv) alarm (socket_timeout); /* ssh_connect exits if error is found */ - result = ssh_connect (server_name, port, remote_version); + result = ssh_connect (server_name, port, remote_version, remote_protocol); alarm (0); @@ -105,6 +106,7 @@ process_arguments (int argc, char **argv) {"timeout", required_argument, 0, 't'}, {"verbose", no_argument, 0, 'v'}, {"remote-version", required_argument, 0, 'r'}, + {"remote-protcol", required_argument, 0, 'P'}, {0, 0, 0, 0} }; @@ -116,7 +118,7 @@ process_arguments (int argc, char **argv) strcpy (argv[c], "-t"); while (1) { - c = getopt_long (argc, argv, "+Vhv46t:r:H:p:", longopts, &option); + c = getopt_long (argc, argv, "+Vhv46t:r:H:p:P:", longopts, &option); if (c == -1 || c == EOF) break; @@ -152,6 +154,9 @@ process_arguments (int argc, char **argv) case 'r': /* remote version */ remote_version = optarg; break; + case 'P': /* remote version */ + remote_protocol = optarg; + break; case 'H': /* host */ if (is_host (optarg) == FALSE) usage2 (_("Invalid hostname/address"), optarg); @@ -206,7 +211,7 @@ validate_arguments (void) int -ssh_connect (char *haddr, int hport, char *remote_version) +ssh_connect (char *haddr, int hport, char *remote_version, char *remote_protocol) { int sd; int result; @@ -254,6 +259,14 @@ ssh_connect (char *haddr, int hport, char *remote_version) exit (STATE_WARNING); } + if (remote_protocol && strcmp(remote_protocol, ssh_proto)) { + printf + (_("SSH WARNING - %s (protocol %s) protocol version mismatch, expected '%s'\n"), + ssh_server, ssh_proto, remote_protocol); + close(sd); + exit (STATE_WARNING); + } + elapsed_time = (double)deltime(tv) / 1.0e6; printf @@ -296,6 +309,9 @@ print_help (void) printf (" %s\n", "-r, --remote-version=STRING"); printf (" %s\n", _("Warn if string doesn't match expected server version (ex: OpenSSH_3.9p1)")); + printf (" %s\n", "-P, --remote-protocol=STRING"); + printf (" %s\n", _("Warn if protocol doesn't match expected protocol version (ex: 2.0)")); + printf (UT_VERBOSE); printf (UT_SUPPORT); -- cgit v0.10-9-g596f From 083952c426a250eaf6810b3b22e7555e4aeb3f2d Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Thu, 12 Jun 2014 00:02:26 +0200 Subject: Fix compilation with GnuTLS GnuTLS doesn't provide a SSL_CTX_check_private_key() function. Closes #1254. diff --git a/plugins/sslutils.c b/plugins/sslutils.c index 2732125..687bffb 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c @@ -86,10 +86,12 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int if (cert && privkey) { SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM); SSL_CTX_use_PrivateKey_file(c, privkey, SSL_FILETYPE_PEM); +#ifdef USE_OPENSSL if (!SSL_CTX_check_private_key(c)) { printf ("%s\n", _("CRITICAL - Private key does not seem to match certificate!\n")); return STATE_CRITICAL; } +#endif } #ifdef SSL_OP_NO_TICKET SSL_CTX_set_options(c, SSL_OP_NO_TICKET); -- cgit v0.10-9-g596f From a10b93eef27ece065e72a28ebffad9969ebc50d0 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Thu, 12 Jun 2014 00:10:07 +0200 Subject: configure.ac: Remove unused code We no longer set LIBGNUTLS_CONFIG, as GnuTLS no longer ships a "libgnutls-config" tool. diff --git a/configure.ac b/configure.ac index 244df42..a7501ab 100644 --- a/configure.ac +++ b/configure.ac @@ -509,8 +509,6 @@ dnl check for gnutls if openssl isn't found (or is disabled) if test ! "$FOUNDOPENSSL" = "yes" && test ! "$with_gnutls" = "no"; then if test ! "$with_gnutls" = ""; then CPPFLAGS="$CPPFLAGS -I${with_gnutls}/include" - elif test ! "$LIBGNUTLS_CONFIG" = ""; then - CPPFLAGS="$CPPFLAGS -I`$LIBGNUTLS_CONFIG --prefix`" fi AC_CHECK_HEADERS([gnutls/openssl.h],FOUNDGNUTLS="yes",) if test "$FOUNDGNUTLS" = "yes"; then -- cgit v0.10-9-g596f From 3529d7465d31234ec634939ed1a6bdc915b73ccd Mon Sep 17 00:00:00 2001 From: Sven Nierlein Date: Thu, 12 Jun 2014 11:45:49 +0200 Subject: tests: parts of the check_procs test only work when uid -2 exists skip those tests if the uid does not exist Signed-off-by: Sven Nierlein diff --git a/plugins/tests/check_procs.t b/plugins/tests/check_procs.t index 1ad2c2f..b153d5d 100755 --- a/plugins/tests/check_procs.t +++ b/plugins/tests/check_procs.t @@ -48,21 +48,25 @@ SKIP: { like( $result->output, '/^PROCS OK: 1 process with command name \'launchd\', UID = 501 (.*)$/', "Output correct" ); } -$result = NPTest->testCmd( "$command -u -2 -w 2:2" ); -is( $result->return_code, 1, "Checking processes with userid=-2" ); -like( $result->output, '/^PROCS WARNING: 3 processes with UID = -2 \(nobody\)$/', "Output correct" ); +SKIP: { + skip 'user with uid -2 required', 8 unless getpwuid(-2); + + $result = NPTest->testCmd( "$command -u -2 -w 2:2" ); + is( $result->return_code, 1, "Checking processes with userid=-2" ); + like( $result->output, '/^PROCS WARNING: 3 processes with UID = -2 \(nobody\)$/', "Output correct" ); -$result = NPTest->testCmd( "$command -u -2 -w 3:3" ); -is( $result->return_code, 0, "Checking processes with userid=-2 past threshold" ); -like( $result->output, '/^PROCS OK: 3 processes with UID = -2 \(nobody\)$/', "Output correct" ); + $result = NPTest->testCmd( "$command -u -2 -w 3:3" ); + is( $result->return_code, 0, "Checking processes with userid=-2 past threshold" ); + like( $result->output, '/^PROCS OK: 3 processes with UID = -2 \(nobody\)$/', "Output correct" ); -$result = NPTest->testCmd( "$command -u -2 -a usb" ); -is( $result->return_code, 0, "Checking processes with userid=-2 and usb in arguments" ); -like( $result->output, '/^PROCS OK: 1 process with UID = -2 \(nobody\), args \'usb\'/', "Output correct" ); + $result = NPTest->testCmd( "$command -u -2 -a usb" ); + is( $result->return_code, 0, "Checking processes with userid=-2 and usb in arguments" ); + like( $result->output, '/^PROCS OK: 1 process with UID = -2 \(nobody\), args \'usb\'/', "Output correct" ); -$result = NPTest->testCmd( "$command -u -2 -a UsB" ); -is( $result->return_code, 0, "Checking case sensitivity of args" ); -like( $result->output, '/^PROCS OK: 0 processes with UID = -2 \(nobody\), args \'UsB\'/', "Output correct" ); + $result = NPTest->testCmd( "$command -u -2 -a UsB" ); + is( $result->return_code, 0, "Checking case sensitivity of args" ); + like( $result->output, '/^PROCS OK: 0 processes with UID = -2 \(nobody\), args \'UsB\'/', "Output correct" ); +}; $result = NPTest->testCmd( "$command --ereg-argument-array='mdworker.*501'" ); is( $result->return_code, 0, "Checking regexp search of arguments" ); -- cgit v0.10-9-g596f From c5a6c5136a2a7e629907b04a63dff059603bdb09 Mon Sep 17 00:00:00 2001 From: Sven Nierlein Date: Thu, 12 Jun 2014 13:56:48 +0200 Subject: tests: testCmd has own timeout which overwrites local one so add configurable/optional timeout to testCmd. Signed-off-by: Sven Nierlein diff --git a/NPTest.pm b/NPTest.pm index 2baed0b..e04ebba 100644 --- a/NPTest.pm +++ b/NPTest.pm @@ -627,12 +627,13 @@ sub only_output { } sub testCmd { - my $class = shift; + my $class = shift; my $command = shift or die "No command passed to testCmd"; + my $timeout = shift || 120; my $object = $class->new; local $SIG{'ALRM'} = sub { die("timeout in command: $command"); }; - alarm(120); # no test should take longer than 120 seconds + alarm($timeout); # no test should take longer than 120 seconds my $output = `$command`; $object->return_code($? >> 8); diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t index 2c89beb..c40bb07 100755 --- a/plugins/tests/check_http.t +++ b/plugins/tests/check_http.t @@ -392,27 +392,21 @@ sub run_common_tests { skip "This doesn't seems to work all the time", 1 unless ($ENV{HTTP_EXTERNAL}); $cmd = "$command -f follow -u /redir_external -t 5"; eval { - local $SIG{ALRM} = sub { die "alarm\n" }; - alarm(2); - $result = NPTest->testCmd( $cmd ); - alarm(0); }; - is( $@, "alarm\n", $cmd ); + $result = NPTest->testCmd( $cmd, 2 ); + }; + like( $@, "/timeout in command: $cmd/", $cmd ); } $cmd = "$command -u /timeout -t 5"; eval { - local $SIG{ALRM} = sub { die "alarm\n" }; - alarm(2); - $result = NPTest->testCmd( $cmd ); - alarm(0); }; - is( $@, "alarm\n", $cmd ); + $result = NPTest->testCmd( $cmd, 2 ); + }; + like( $@, "/timeout in command: $cmd/", $cmd ); $cmd = "$command -f follow -u /redir_timeout -t 2"; eval { - local $SIG{ALRM} = sub { die "alarm\n" }; - alarm(5); - $result = NPTest->testCmd( $cmd ); - alarm(0); }; - isnt( $@, "alarm\n", $cmd ); + $result = NPTest->testCmd( $cmd, 5 ); + }; + is( $@, "", $cmd ); } -- cgit v0.10-9-g596f From fb89accaaa831def2f948192a04eae84c4777531 Mon Sep 17 00:00:00 2001 From: Sven Nierlein Date: Fri, 13 Jun 2014 14:01:12 +0200 Subject: require at least HTTP::Daemon 6.01 since the test uses send_header from HTTP::Daemon::ClientConn which has been introduced in HTTP::Daemon 6.01 diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t index c40bb07..225b449 100755 --- a/plugins/tests/check_http.t +++ b/plugins/tests/check_http.t @@ -20,8 +20,9 @@ use FindBin qw($Bin); my $common_tests = 70; my $ssl_only_tests = 8; # Check that all dependent modules are available +eval "use HTTP::Daemon 6.01;"; +plan skip_all => 'HTTP::Daemon >= 6.01 required' if $@; eval { - require HTTP::Daemon; require HTTP::Status; require HTTP::Response; }; -- cgit v0.10-9-g596f From 93901d5ff10cd7fd915cc09d7c496cec49f82ce5 Mon Sep 17 00:00:00 2001 From: Sven Nierlein Date: Fri, 13 Jun 2014 14:20:14 +0200 Subject: tests: fping checks require being root or setuid root on the fping binary. Check this before running the test. Signed-off-by: Sven Nierlein diff --git a/NPTest.pm b/NPTest.pm index e04ebba..f72ed2d 100644 --- a/NPTest.pm +++ b/NPTest.pm @@ -6,7 +6,7 @@ package NPTest; require Exporter; @ISA = qw(Exporter); -@EXPORT = qw(getTestParameter checkCmd skipMissingCmd); +@EXPORT = qw(getTestParameter checkCmd skipMissingCmd skipMsg); @EXPORT_OK = qw(DetermineTestHarnessDirectory TestsFrom SetCacheFilename); use strict; @@ -38,8 +38,8 @@ testing. =head1 FUNCTIONS -This module defines three public functions, C, -C and C. These are exported by +This module defines four public functions, C, +C, C and C. These are exported by default via the C statement. =over @@ -185,6 +185,15 @@ of times. =back +=item C + +If for any reason the test harness must C some +or all of the tests in a given test harness this function provides a +simple iterator to issue an appropriate message the requested number +of times. + +=back + =head1 SEE ALSO L @@ -304,6 +313,20 @@ sub skipMissingCmd return $testStatus; } +sub skipMsg +{ + my( $msg, $count ) = @_; + + my $testStatus; + + for ( 1 .. $count ) + { + $testStatus += skip( $msg, 1 ); + } + + return $testStatus; +} + sub getTestParameter { my( $param, $envvar, $default, $brief, $scoped ); diff --git a/plugins/t/check_fping.t b/plugins/t/check_fping.t index 45a9be8..08692e4 100644 --- a/plugins/t/check_fping.t +++ b/plugins/t/check_fping.t @@ -27,16 +27,18 @@ my $hostname_invalid = getTestParameter( "hostname_invalid", "NP_HOSTNAME_IN my $t; -if ( -x "./check_fping" ) -{ +my $fping = qx(which fping 2> /dev/null); +chomp($fping); +if( ! -x "./check_fping") { + $t += skipMissingCmd( "./check_fping", $tests ); +} +elsif ( $> != 0 && (!$fping || ! -u $fping)) { + $t += skipMsg( "./check_fping", $tests ); +} else { $t += checkCmd( "./check_fping $host_responsive", 0, $successOutput ); $t += checkCmd( "./check_fping $host_nonresponsive", [ 1, 2 ] ); $t += checkCmd( "./check_fping $hostname_invalid", [ 1, 2 ] ); } -else -{ - $t += skipMissingCmd( "./check_fping", $tests ); -} exit(0) if defined($Test::Harness::VERSION); exit($tests - $t); -- cgit v0.10-9-g596f From 4102eaae0e50d514eb277e12c9ab382aed3a888c Mon Sep 17 00:00:00 2001 From: Sven Nierlein Date: Fri, 13 Jun 2014 15:57:21 +0200 Subject: tests: check_proc tests fail if uid -2 does not map to nobody so make sure our tests only run if -2 maps to nobody Signed-off-by: Sven Nierlein diff --git a/plugins/tests/check_procs.t b/plugins/tests/check_procs.t index b153d5d..54d43d9 100755 --- a/plugins/tests/check_procs.t +++ b/plugins/tests/check_procs.t @@ -50,6 +50,7 @@ SKIP: { SKIP: { skip 'user with uid -2 required', 8 unless getpwuid(-2); + skip 'uid -2 must have name "nobody"', 8 unless getpwuid(-2) eq 'nobody'; $result = NPTest->testCmd( "$command -u -2 -w 2:2" ); is( $result->return_code, 1, "Checking processes with userid=-2" ); -- cgit v0.10-9-g596f From b2fed383b1a04e64731333957fb098d77627cfdb Mon Sep 17 00:00:00 2001 From: Sven Nierlein Date: Fri, 13 Jun 2014 16:34:03 +0200 Subject: tests: freebsds snmpd does not use quotes when returning syscontact. So make them optional since we want to test check_snmp and not the snmpd. Signed-off-by: Sven Nierlein diff --git a/plugins/tests/check_snmp.t b/plugins/tests/check_snmp.t index d865e19..aace9bc 100755 --- a/plugins/tests/check_snmp.t +++ b/plugins/tests/check_snmp.t @@ -79,7 +79,7 @@ Copyright (c) 1986-2004 by cisco Systems, Inc. $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.0 -o sysContact.0 -o .1.3.6.1.4.1.8072.3.2.67.1"); cmp_ok( $res->return_code, '==', 0, "Exit OK when querying multi-line OIDs" ); like($res->output, '/^SNMP OK - /', "String contains SNMP OK"); -like($res->output, '/'.quotemeta('SNMP OK - Cisco Internetwork Operating System Software "Alice" Kisco Outernetwork Oserating Gystem Totware | +like($res->output, '/'.quotemeta('SNMP OK - Cisco Internetwork Operating System Software ').'"?Alice"?'.quotemeta(' Kisco Outernetwork Oserating Gystem Totware | .1.3.6.1.4.1.8072.3.2.67.0: "Cisco Internetwork Operating System Software IOS (tm) Catalyst 4000 \"L3\" Switch Software (cat4000-I9K91S-M), Version -- cgit v0.10-9-g596f From f02b3f6b2866e2ccb8cdfc2257c1f9a540ddc3e9 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Wed, 18 Jun 2014 00:37:45 +0200 Subject: lib/parse_ini.[ch]: Simplify code Rewrite the code that looks up the INI configuration file path (used by the Extra-Opts feature) in order to improve readability. The behaviour should not have changed. diff --git a/lib/parse_ini.c b/lib/parse_ini.c index 76953e9..b6d8056 100644 --- a/lib/parse_ini.c +++ b/lib/parse_ini.c @@ -40,6 +40,23 @@ typedef struct { char *stanza; } np_ini_info; +static char *default_ini_file_names[] = { + "plugins.ini", + "nagios-plugins.ini", + NULL +}; + +static char *default_ini_path_names[] = { + "/etc/nagios/plugins.ini", + "/usr/local/nagios/etc/plugins.ini", + "/usr/local/etc/nagios/plugins.ini", + "/etc/opt/nagios/plugins.ini", + "/etc/nagios-plugins.ini", + "/usr/local/etc/nagios-plugins.ini", + "/etc/opt/nagios-plugins.ini", + NULL +}; + /* eat all characters from a FILE pointer until n is encountered */ #define GOBBLE_TO(f, c, n) do { (c)=fgetc((f)); } while((c)!=EOF && (c)!=(n)) @@ -49,8 +66,6 @@ static int read_defaults(FILE *f, const char *stanza, np_arg_list **opts); static int add_option(FILE *f, np_arg_list **optlst); /* internal function to find default file */ static char* default_file(void); -/* internal function to test files access */ -static int test_file(const char* env, int len, const char* file, char* temp_file); /* parse_locator decomposes a string of the form * [stanza][@filename] @@ -72,18 +87,17 @@ static void parse_locator(const char *locator, const char *def_stanza, np_ini_in } else { /* otherwise we use the default stanza */ i->stanza=strdup(def_stanza); } + if(i->stanza==NULL){ + die(STATE_UNKNOWN, _("malloc() failed!\n")); + } /* if there is no @file part */ if(stanza_len==locator_len){ i->file=default_file(); - if(strcmp(i->file, "") == 0){ - die(STATE_UNKNOWN, _("Cannot find '%s' or '%s' in any standard location.\n"), NP_DEFAULT_INI_FILENAME1, NP_DEFAULT_INI_FILENAME2); - } } else { i->file=strdup(&(locator[stanza_len+1])); } - - if(i->file==NULL || i->stanza==NULL){ - die(STATE_UNKNOWN, _("malloc() failed!\n")); + if(i->file==NULL || i->file[0]=='\0'){ + die(STATE_UNKNOWN, _("Cannot find config file in any standard location.\n")); } } @@ -295,71 +309,36 @@ static int add_option(FILE *f, np_arg_list **optlst){ return 0; } -static char* default_file(void){ - struct stat sb; - char *np_env=NULL, *default_file=NULL; - char temp_file[MAX_INPUT_BUFFER]; - size_t len; - - if((np_env=getenv("NAGIOS_CONFIG_PATH"))!=NULL) { - /* skip any starting colon... */ - while(*np_env==':') np_env++; - /* Look for NP_DEFAULT_INI_FILENAME1 and NP_DEFAULT_INI_FILENAME2 in - * every PATHs defined (colon-separated). - */ - while((len=strcspn(np_env,":"))>0){ - /* Test NP_DEFAULT_INI_FILENAME[1-2] in current np_env token */ - if(test_file(np_env,len,NP_DEFAULT_INI_FILENAME1,temp_file)==1 || - test_file(np_env,len,NP_DEFAULT_INI_FILENAME2,temp_file)==1){ - default_file=strdup(temp_file); - break; +static char *default_file_in_path(void){ + char *config_path, **file; + char *dir, *ini_file, *tokens; + + if((config_path=getenv("NAGIOS_CONFIG_PATH"))==NULL) + return NULL; + + if((tokens=strdup(config_path))==NULL) + die(STATE_UNKNOWN, _("Insufficient Memory")); + for(dir=strtok(tokens, ":"); dir!=NULL; dir=strtok(NULL, ":")){ + for(file=default_ini_file_names; *file!=NULL; file++){ + if((asprintf(&ini_file, "%s/%s", dir, *file))<0) + die(STATE_UNKNOWN, _("Insufficient Memory")); + if(access(ini_file, F_OK)==0){ + free(tokens); + return ini_file; } - - /* Move on to the next token */ - np_env+=len; - while(*np_env==':') np_env++; - } /* while(...) */ - } /* if(getenv("NAGIOS_CONFIG_PATH")) */ - - /* Look for NP_DEFAULT_INI_FILENAME1 in NP_DEFAULT_INI_NAGIOS_PATH[1-4] */ - if(!default_file){ - if(test_file(NP_DEFAULT_INI_NAGIOS_PATH1,strlen(NP_DEFAULT_INI_NAGIOS_PATH1),NP_DEFAULT_INI_FILENAME1,temp_file)==1 || - test_file(NP_DEFAULT_INI_NAGIOS_PATH2,strlen(NP_DEFAULT_INI_NAGIOS_PATH2),NP_DEFAULT_INI_FILENAME1,temp_file)==1 || - test_file(NP_DEFAULT_INI_NAGIOS_PATH3,strlen(NP_DEFAULT_INI_NAGIOS_PATH3),NP_DEFAULT_INI_FILENAME1,temp_file)==1 || - test_file(NP_DEFAULT_INI_NAGIOS_PATH4,strlen(NP_DEFAULT_INI_NAGIOS_PATH4),NP_DEFAULT_INI_FILENAME1,temp_file)==1) - default_file=strdup(temp_file); - } - - /* Look for NP_DEFAULT_INI_FILENAME2 in NP_DEFAULT_INI_PATH[1-3] */ - if(!default_file){ - if(test_file(NP_DEFAULT_INI_PATH1,strlen(NP_DEFAULT_INI_PATH1),NP_DEFAULT_INI_FILENAME2,temp_file)==1 || - test_file(NP_DEFAULT_INI_PATH2,strlen(NP_DEFAULT_INI_PATH2),NP_DEFAULT_INI_FILENAME2,temp_file)==1 || - test_file(NP_DEFAULT_INI_PATH3,strlen(NP_DEFAULT_INI_PATH3),NP_DEFAULT_INI_FILENAME2,temp_file)==1) - default_file=strdup(temp_file); + } } - - /* Return default_file or empty string (should return NULL if we want plugins - * to die there)... - */ - if(default_file) - return default_file; - return ""; + free(tokens); + return NULL; } -/* put together len bytes from env and the filename and test for its - * existence. Returns 1 if found, 0 if not and -1 if test wasn't performed. - */ -static int test_file(const char* env, int len, const char* file, char* temp_file){ - - /* test if len + filelen + '/' + '\0' fits in temp_file */ - if((len+strlen(file)+2)>MAX_INPUT_BUFFER) return -1; - - strncpy(temp_file,env,len); - temp_file[len]='\0'; - strncat(temp_file,"/",len+1); - strncat(temp_file,file,len+strlen(file)+1); +static char *default_file(void){ + char **p, *ini_file; - if(access(temp_file, F_OK) == 0) return 1; - return 0; + if((ini_file=default_file_in_path())!=NULL) + return ini_file; + for(p=default_ini_path_names; *p!=NULL; p++) + if (access(*p, F_OK)==0) + return *p; + return NULL; } - diff --git a/lib/parse_ini.h b/lib/parse_ini.h index a3a494e..8b67ea3 100644 --- a/lib/parse_ini.h +++ b/lib/parse_ini.h @@ -13,46 +13,6 @@ typedef struct np_arg_el { struct np_arg_el *next; } np_arg_list; -/* FIXME: This is in plugins/common.c. Should be eventually moved to lib/ - * (although for this particular one a configure settings should be ideal) - */ -#ifndef MAX_INPUT_BUFFER -# define MAX_INPUT_BUFFER 8192 -#endif /* MAX_INPUT_BUFFER */ - -/* Filenames (see below) */ -#ifndef NP_DEFAULT_INI_FILENAME1 -# define NP_DEFAULT_INI_FILENAME1 "plugins.ini" -#endif /* NP_DEFAULT_INI_FILENAME1 */ -#ifndef NP_DEFAULT_INI_FILENAME2 -# define NP_DEFAULT_INI_FILENAME2 "nagios-plugins.ini" -#endif /* NP_DEFAULT_INI_FILENAME2 */ - -/* Config paths ending in nagios (search for NP_DEFAULT_INI_FILENAME1) */ -#ifndef NP_DEFAULT_INI_NAGIOS_PATH1 -# define NP_DEFAULT_INI_NAGIOS_PATH1 "/etc/nagios" -#endif /* NP_DEFAULT_INI_NAGIOS_PATH1 */ -#ifndef NP_DEFAULT_INI_NAGIOS_PATH2 -# define NP_DEFAULT_INI_NAGIOS_PATH2 "/usr/local/nagios/etc" -#endif /* NP_DEFAULT_INI_NAGIOS_PATH2 */ -#ifndef NP_DEFAULT_INI_NAGIOS_PATH3 -# define NP_DEFAULT_INI_NAGIOS_PATH3 "/usr/local/etc/nagios" -#endif /* NP_DEFAULT_INI_NAGIOS_PATH3 */ -#ifndef NP_DEFAULT_INI_NAGIOS_PATH4 -# define NP_DEFAULT_INI_NAGIOS_PATH4 "/etc/opt/nagios" -#endif /* NP_DEFAULT_INI_NAGIOS_PATH4 */ - -/* Config paths not ending in nagios (search for NP_DEFAULT_INI_FILENAME2) */ -#ifndef NP_DEFAULT_INI_PATH1 -# define NP_DEFAULT_INI_PATH1 "/etc" -#endif /* NP_DEFAULT_INI_PATH1 */ -#ifndef NP_DEFAULT_INI_PATH2 -# define NP_DEFAULT_INI_PATH2 "/usr/local/etc" -#endif /* NP_DEFAULT_INI_PATH2 */ -#ifndef NP_DEFAULT_INI_PATH3 -# define NP_DEFAULT_INI_PATH3 "/etc/opt" -#endif /* NP_DEFAULT_INI_PATH3 */ - /* np_load_defaults: load the default configuration (if present) for * a plugin from the ini file */ -- cgit v0.10-9-g596f From f94e95785cb15a0028be40019848ec05a8e208a8 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Wed, 18 Jun 2014 00:39:38 +0200 Subject: lib/parse_ini.c: Read "monitoring-plugins.ini" Read "monitoring-plugins.ini" if that file exists, but fall back to reading "plugins.ini" or "nagios-plugins.ini" for backward compatibility. diff --git a/lib/parse_ini.c b/lib/parse_ini.c index b6d8056..e19af1b 100644 --- a/lib/parse_ini.c +++ b/lib/parse_ini.c @@ -41,12 +41,16 @@ typedef struct { } np_ini_info; static char *default_ini_file_names[] = { + "monitoring-plugins.ini", "plugins.ini", "nagios-plugins.ini", NULL }; static char *default_ini_path_names[] = { + "/usr/local/etc/monitoring-plugins.ini", + "/etc/monitoring-plugins.ini", + /* Deprecated path names (for backward compatibility): */ "/etc/nagios/plugins.ini", "/usr/local/nagios/etc/plugins.ini", "/usr/local/etc/nagios/plugins.ini", -- cgit v0.10-9-g596f From fbe13d8f32dc0e3bb76e32ee690e6f15bcafb0f5 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Wed, 18 Jun 2014 00:47:35 +0200 Subject: lib/parse_ini.c: Read $MP_CONFIG_FILE Read $MP_CONFIG_FILE if that variable is set in the environment. diff --git a/lib/parse_ini.c b/lib/parse_ini.c index e19af1b..f352d78 100644 --- a/lib/parse_ini.c +++ b/lib/parse_ini.c @@ -339,7 +339,8 @@ static char *default_file_in_path(void){ static char *default_file(void){ char **p, *ini_file; - if((ini_file=default_file_in_path())!=NULL) + if((ini_file=getenv("MP_CONFIG_FILE"))!=NULL || + (ini_file=default_file_in_path())!=NULL) return ini_file; for(p=default_ini_path_names; *p!=NULL; p++) if (access(*p, F_OK)==0) -- cgit v0.10-9-g596f From 95ed0a996c84d8df0485b2ffbadf6e92d3fef80f Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Wed, 18 Jun 2014 00:50:48 +0200 Subject: lib/parse_ini.c: Remove outdated comment and code The lib/parse_ini.c:np_get_defaults() function now dies if no configuration file is found. diff --git a/lib/parse_ini.c b/lib/parse_ini.c index f352d78..2e42df7 100644 --- a/lib/parse_ini.c +++ b/lib/parse_ini.c @@ -30,8 +30,6 @@ #include #include -/* TODO: die like N::P if config file is not found */ - /* np_ini_info contains the result of parsing a "locator" in the format * [stanza_name][@config_filename] (check_foo@/etc/foo.ini, for example) */ @@ -112,20 +110,17 @@ np_arg_list* np_get_defaults(const char *locator, const char *default_section){ np_ini_info i; parse_locator(locator, default_section, &i); - /* if a file was specified or if we're using the default file */ - if(i.file != NULL && strlen(i.file) > 0){ - if(strcmp(i.file, "-")==0){ - inifile=stdin; - } else { - inifile=fopen(i.file, "r"); - } - if(inifile==NULL) die(STATE_UNKNOWN, "%s\n", _("Can't read config file")); - if(read_defaults(inifile, i.stanza, &defaults)==FALSE) - die(STATE_UNKNOWN, _("Invalid section '%s' in config file '%s'\n"), i.stanza, i.file); - - free(i.file); - if(inifile!=stdin) fclose(inifile); + if(strcmp(i.file, "-")==0){ + inifile=stdin; + } else { + inifile=fopen(i.file, "r"); } + if(inifile==NULL) die(STATE_UNKNOWN, "%s\n", _("Can't read config file")); + if(read_defaults(inifile, i.stanza, &defaults)==FALSE) + die(STATE_UNKNOWN, _("Invalid section '%s' in config file '%s'\n"), i.stanza, i.file); + + free(i.file); + if(inifile!=stdin) fclose(inifile); free(i.stanza); return defaults; } -- cgit v0.10-9-g596f From e2b816986926e91227fc151af99bcf6dd5f68e74 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Wed, 18 Jun 2014 01:21:31 +0200 Subject: lib/parse_ini.c: Don't cast malloc(3) result There's no need to cast malloc(3)'s return value. diff --git a/lib/parse_ini.c b/lib/parse_ini.c index 2e42df7..51ad2c1 100644 --- a/lib/parse_ini.c +++ b/lib/parse_ini.c @@ -274,11 +274,11 @@ static int add_option(FILE *f, np_arg_list **optlst){ /* okay, now we have all the info we need, so we create a new np_arg_list * element and set the argument... */ - optnew=(np_arg_list *)malloc(sizeof(np_arg_list)); + optnew=malloc(sizeof(np_arg_list)); optnew->next=NULL; read_pos=0; - optnew->arg=(char *)malloc(cfg_len+1); + optnew->arg=malloc(cfg_len+1); /* 1-character params needs only one dash */ if(opt_len==1) { strncpy(&optnew->arg[read_pos], "-", 1); -- cgit v0.10-9-g596f From 11bfb0def2e216eece4b680eeb91a671099a46e5 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Wed, 18 Jun 2014 10:37:10 +0200 Subject: lib/parse_ini.[ch]: Change code formatting Change the indentation and formatting of the code in lib/parse_ini.c. This breaks patches against that file and makes it harder to track its history, but it (hopefully) improves readability a lot. diff --git a/lib/parse_ini.c b/lib/parse_ini.c index 51ad2c1..a5b3d30 100644 --- a/lib/parse_ini.c +++ b/lib/parse_ini.c @@ -24,8 +24,8 @@ #include "common.h" #include "utils_base.h" #include "parse_ini.h" -#include +#include #include #include #include @@ -64,63 +64,71 @@ static char *default_ini_path_names[] = { /* internal function that returns the constructed defaults options */ static int read_defaults(FILE *f, const char *stanza, np_arg_list **opts); + /* internal function that converts a single line into options format */ static int add_option(FILE *f, np_arg_list **optlst); + /* internal function to find default file */ -static char* default_file(void); +static char *default_file(void); /* parse_locator decomposes a string of the form * [stanza][@filename] * into its seperate parts */ -static void parse_locator(const char *locator, const char *def_stanza, np_ini_info *i){ - size_t locator_len=0, stanza_len=0; +static void +parse_locator(const char *locator, const char *def_stanza, np_ini_info *i) +{ + size_t locator_len = 0, stanza_len = 0; /* if locator is NULL we'll use default values */ - if(locator){ - locator_len=strlen(locator); - stanza_len=strcspn(locator, "@"); + if (locator != NULL) { + locator_len = strlen(locator); + stanza_len = strcspn(locator, "@"); } /* if a non-default stanza is provided */ - if(stanza_len>0){ - i->stanza=(char*)malloc(sizeof(char)*(stanza_len+1)); + if (stanza_len > 0) { + i->stanza = malloc(sizeof(char) * (stanza_len + 1)); strncpy(i->stanza, locator, stanza_len); - i->stanza[stanza_len]='\0'; - } else { /* otherwise we use the default stanza */ - i->stanza=strdup(def_stanza); - } - if(i->stanza==NULL){ + i->stanza[stanza_len] = '\0'; + } else /* otherwise we use the default stanza */ + i->stanza = strdup(def_stanza); + + if (i->stanza == NULL) die(STATE_UNKNOWN, _("malloc() failed!\n")); - } - /* if there is no @file part */ - if(stanza_len==locator_len){ - i->file=default_file(); - } else { - i->file=strdup(&(locator[stanza_len+1])); - } - if(i->file==NULL || i->file[0]=='\0'){ - die(STATE_UNKNOWN, _("Cannot find config file in any standard location.\n")); - } + + /* check whether there's an @file part */ + i->file = stanza_len == locator_len + ? default_file() + : strdup(&(locator[stanza_len + 1])); + if (i->file == NULL || i->file[0] == '\0') + die(STATE_UNKNOWN, + _("Cannot find config file in any standard location.\n")); } /* this is the externally visible function used by extra_opts */ -np_arg_list* np_get_defaults(const char *locator, const char *default_section){ - FILE *inifile=NULL; - np_arg_list *defaults=NULL; +np_arg_list * +np_get_defaults(const char *locator, const char *default_section) +{ + FILE *inifile = NULL; + np_arg_list *defaults = NULL; np_ini_info i; parse_locator(locator, default_section, &i); - if(strcmp(i.file, "-")==0){ - inifile=stdin; - } else { - inifile=fopen(i.file, "r"); - } - if(inifile==NULL) die(STATE_UNKNOWN, "%s\n", _("Can't read config file")); - if(read_defaults(inifile, i.stanza, &defaults)==FALSE) - die(STATE_UNKNOWN, _("Invalid section '%s' in config file '%s'\n"), i.stanza, i.file); + if (strcmp(i.file, "-") == 0) + inifile = stdin; + else + inifile = fopen(i.file, "r"); + + if (inifile == NULL) + die(STATE_UNKNOWN, "%s\n", _("Can't read config file")); + if (read_defaults(inifile, i.stanza, &defaults) == FALSE) + die(STATE_UNKNOWN, + _("Invalid section '%s' in config file '%s'\n"), i.stanza, + i.file); free(i.file); - if(inifile!=stdin) fclose(inifile); + if (inifile != stdin) + fclose(inifile); free(i.stanza); return defaults; } @@ -131,67 +139,76 @@ np_arg_list* np_get_defaults(const char *locator, const char *default_section){ * be extra careful about user-supplied input (i.e. avoiding possible * format string vulnerabilities, etc) */ -static int read_defaults(FILE *f, const char *stanza, np_arg_list **opts){ - int c, status=FALSE; +static int +read_defaults(FILE *f, const char *stanza, np_arg_list **opts) +{ + int c, status = FALSE; size_t i, stanza_len; - enum { NOSTANZA, WRONGSTANZA, RIGHTSTANZA } stanzastate=NOSTANZA; + enum { NOSTANZA, WRONGSTANZA, RIGHTSTANZA } stanzastate = NOSTANZA; - stanza_len=strlen(stanza); + stanza_len = strlen(stanza); /* our little stanza-parsing state machine. */ - while((c=fgetc(f))!=EOF){ + while ((c = fgetc(f)) != EOF) { /* gobble up leading whitespace */ - if(isspace(c)) continue; - switch(c){ + if (isspace(c)) + continue; + switch (c) { /* globble up coment lines */ - case ';': - case '#': - GOBBLE_TO(f, c, '\n'); - break; + case ';': + case '#': + GOBBLE_TO(f, c, '\n'); + break; /* start of a stanza. check to see if it matches */ - case '[': - stanzastate=WRONGSTANZA; - for(i=0; i= linebuf_sz){ - linebuf_sz=(linebuf_sz>0)?linebuf_sz<<1:read_sz; - linebuf=realloc(linebuf, linebuf_sz); - if(linebuf==NULL) die(STATE_UNKNOWN, _("malloc() failed!\n")); + if (linebuf == NULL || read_pos + read_sz >= linebuf_sz) { + linebuf_sz = linebuf_sz > 0 ? linebuf_sz << 1 : read_sz; + linebuf = realloc(linebuf, linebuf_sz); + if (linebuf == NULL) + die(STATE_UNKNOWN, _("malloc() failed!\n")); } - if(fgets(&linebuf[read_pos], read_sz, f)==NULL) done_reading=1; + if (fgets(&linebuf[read_pos], read_sz, f) == NULL) + done_reading = 1; else { - read_pos=strlen(linebuf); - if(linebuf[read_pos-1]=='\n') { - linebuf[--read_pos]='\0'; - done_reading=1; + read_pos = strlen(linebuf); + if (linebuf[read_pos - 1] == '\n') { + linebuf[--read_pos] = '\0'; + done_reading = 1; } } } - lineend=&linebuf[read_pos]; + lineend = &linebuf[read_pos]; /* all that to read one line. isn't C fun? :) now comes the parsing :/ */ /* skip leading whitespace */ - for(optptr=linebuf; optptrnext=NULL; + optnew = malloc(sizeof(np_arg_list)); + optnew->next = NULL; - read_pos=0; - optnew->arg=malloc(cfg_len+1); + read_pos = 0; + optnew->arg = malloc(cfg_len + 1); /* 1-character params needs only one dash */ - if(opt_len==1) { + if (opt_len == 1) { strncpy(&optnew->arg[read_pos], "-", 1); - read_pos+=1; + read_pos += 1; } else { strncpy(&optnew->arg[read_pos], "--", 2); - read_pos+=2; + read_pos += 2; } - strncpy(&optnew->arg[read_pos], optptr, opt_len); read_pos+=opt_len; - if(value) { - optnew->arg[read_pos++]='='; - strncpy(&optnew->arg[read_pos], valptr, val_len); read_pos+=val_len; + strncpy(&optnew->arg[read_pos], optptr, opt_len); + read_pos += opt_len; + if (value) { + optnew->arg[read_pos++] = '='; + strncpy(&optnew->arg[read_pos], valptr, val_len); + read_pos += val_len; } - optnew->arg[read_pos]='\0'; + optnew->arg[read_pos] = '\0'; /* ...and put that to the end of the list */ - if(*optlst==NULL) { - *optlst=optnew; - } else { - while(opttmp->next!=NULL) { - opttmp=opttmp->next; - } + if (*optlst == NULL) + *optlst = optnew; + else { + while (opttmp->next != NULL) + opttmp = opttmp->next; opttmp->next = optnew; } @@ -308,20 +340,22 @@ static int add_option(FILE *f, np_arg_list **optlst){ return 0; } -static char *default_file_in_path(void){ +static char * +default_file_in_path(void) +{ char *config_path, **file; char *dir, *ini_file, *tokens; - if((config_path=getenv("NAGIOS_CONFIG_PATH"))==NULL) + if ((config_path = getenv("NAGIOS_CONFIG_PATH")) == NULL) return NULL; - if((tokens=strdup(config_path))==NULL) + if ((tokens = strdup(config_path)) == NULL) die(STATE_UNKNOWN, _("Insufficient Memory")); - for(dir=strtok(tokens, ":"); dir!=NULL; dir=strtok(NULL, ":")){ - for(file=default_ini_file_names; *file!=NULL; file++){ - if((asprintf(&ini_file, "%s/%s", dir, *file))<0) + for (dir = strtok(tokens, ":"); dir != NULL; dir = strtok(NULL, ":")) { + for (file = default_ini_file_names; *file != NULL; file++) { + if ((asprintf(&ini_file, "%s/%s", dir, *file)) < 0) die(STATE_UNKNOWN, _("Insufficient Memory")); - if(access(ini_file, F_OK)==0){ + if (access(ini_file, F_OK) == 0) { free(tokens); return ini_file; } @@ -331,14 +365,16 @@ static char *default_file_in_path(void){ return NULL; } -static char *default_file(void){ +static char * +default_file(void) +{ char **p, *ini_file; - if((ini_file=getenv("MP_CONFIG_FILE"))!=NULL || - (ini_file=default_file_in_path())!=NULL) + if ((ini_file = getenv("MP_CONFIG_FILE")) != NULL || + (ini_file = default_file_in_path()) != NULL) return ini_file; - for(p=default_ini_path_names; *p!=NULL; p++) - if (access(*p, F_OK)==0) + for (p = default_ini_path_names; *p != NULL; p++) + if (access(*p, F_OK) == 0) return *p; return NULL; } diff --git a/lib/parse_ini.h b/lib/parse_ini.h index 8b67ea3..e37601b 100644 --- a/lib/parse_ini.h +++ b/lib/parse_ini.h @@ -16,7 +16,7 @@ typedef struct np_arg_el { /* np_load_defaults: load the default configuration (if present) for * a plugin from the ini file */ -np_arg_list* np_get_defaults(const char *locator, const char *default_section); +np_arg_list *np_get_defaults(const char *locator, const char *default_section); #endif /* _PARSE_INI_H_ */ -- cgit v0.10-9-g596f From f627b3f33bc16f7d5a3d4d56bc6d5c935fecb8d9 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Wed, 18 Jun 2014 10:45:14 +0200 Subject: lib/parse_ini.c: Fix Clang warnings diff --git a/lib/parse_ini.c b/lib/parse_ini.c index a5b3d30..b33ce08 100644 --- a/lib/parse_ini.c +++ b/lib/parse_ini.c @@ -166,7 +166,7 @@ read_defaults(FILE *f, const char *stanza, np_arg_list **opts) c = fgetc(f); /* Strip leading whitespace */ if (i == 0) - for (c; isspace(c); c = fgetc(f)) + for (; isspace(c); c = fgetc(f)) continue; /* nope, read to the end of the line */ if (c != stanza[i]) { @@ -178,7 +178,7 @@ read_defaults(FILE *f, const char *stanza, np_arg_list **opts) if (i == stanza_len) { c = fgetc(f); /* Strip trailing whitespace */ - for (c; isspace(c); c = fgetc(f)) + for (; isspace(c); c = fgetc(f)) continue; if (c == ']') stanzastate = RIGHTSTANZA; @@ -193,7 +193,6 @@ read_defaults(FILE *f, const char *stanza, np_arg_list **opts) case NOSTANZA: die(STATE_UNKNOWN, "%s\n", _("Config file error")); - break; /* we're in a stanza, but for a different plugin */ case WRONGSTANZA: GOBBLE_TO(f, c, '\n'); @@ -226,7 +225,7 @@ add_option(FILE *f, np_arg_list **optlst) { np_arg_list *opttmp = *optlst, *optnew; char *linebuf = NULL, *lineend = NULL, *optptr = NULL, *optend = NULL; - char *eqptr = NULL, *valptr = NULL, *spaceptr = NULL, *valend = NULL; + char *eqptr = NULL, *valptr = NULL, *valend = NULL; short done_reading = 0, equals = 0, value = 0; size_t cfg_len = 0, read_sz = 8, linebuf_sz = 0, read_pos = 0; size_t opt_len = 0, val_len = 0; @@ -240,7 +239,7 @@ add_option(FILE *f, np_arg_list **optlst) if (linebuf == NULL) die(STATE_UNKNOWN, _("malloc() failed!\n")); } - if (fgets(&linebuf[read_pos], read_sz, f) == NULL) + if (fgets(&linebuf[read_pos], (int)read_sz, f) == NULL) done_reading = 1; else { read_pos = strlen(linebuf); @@ -278,10 +277,10 @@ add_option(FILE *f, np_arg_list **optlst) continue; --valend; /* Finally trim off trailing spaces */ - for (valend; isspace(*valend); valend--) + for (; isspace(*valend); valend--) continue; /* calculate the length of "--foo" */ - opt_len = 1 + optend - optptr; + opt_len = (size_t)(1 + optend - optptr); /* 1-character params needs only one dash */ if (opt_len == 1) cfg_len = 1 + (opt_len); @@ -290,7 +289,7 @@ add_option(FILE *f, np_arg_list **optlst) /* if valptr Date: Wed, 18 Jun 2014 10:52:09 +0200 Subject: lib/parse_ini.c: Cosmetic changes to comments diff --git a/lib/parse_ini.c b/lib/parse_ini.c index b33ce08..2e47e06 100644 --- a/lib/parse_ini.c +++ b/lib/parse_ini.c @@ -48,7 +48,7 @@ static char *default_ini_file_names[] = { static char *default_ini_path_names[] = { "/usr/local/etc/monitoring-plugins.ini", "/etc/monitoring-plugins.ini", - /* Deprecated path names (for backward compatibility): */ + /* deprecated path names (for backward compatibility): */ "/etc/nagios/plugins.ini", "/usr/local/nagios/etc/plugins.ini", "/usr/local/etc/nagios/plugins.ini", @@ -71,9 +71,10 @@ static int add_option(FILE *f, np_arg_list **optlst); /* internal function to find default file */ static char *default_file(void); -/* parse_locator decomposes a string of the form +/* + * Parse_locator decomposes a string of the form * [stanza][@filename] - * into its seperate parts + * into its seperate parts. */ static void parse_locator(const char *locator, const char *def_stanza, np_ini_info *i) @@ -105,7 +106,9 @@ parse_locator(const char *locator, const char *def_stanza, np_ini_info *i) _("Cannot find config file in any standard location.\n")); } -/* this is the externally visible function used by extra_opts */ +/* + * This is the externally visible function used by extra_opts. + */ np_arg_list * np_get_defaults(const char *locator, const char *default_section) { @@ -133,11 +136,12 @@ np_get_defaults(const char *locator, const char *default_section) return defaults; } -/* read_defaults is where the meat of the parsing takes place. +/* + * The read_defaults() function is where the meat of the parsing takes place. * - * note that this may be called by a setuid binary, so we need to + * Note that this may be called by a setuid binary, so we need to * be extra careful about user-supplied input (i.e. avoiding possible - * format string vulnerabilities, etc) + * format string vulnerabilities, etc). */ static int read_defaults(FILE *f, const char *stanza, np_arg_list **opts) @@ -148,7 +152,7 @@ read_defaults(FILE *f, const char *stanza, np_arg_list **opts) stanza_len = strlen(stanza); - /* our little stanza-parsing state machine. */ + /* our little stanza-parsing state machine */ while ((c = fgetc(f)) != EOF) { /* gobble up leading whitespace */ if (isspace(c)) @@ -159,12 +163,12 @@ read_defaults(FILE *f, const char *stanza, np_arg_list **opts) case '#': GOBBLE_TO(f, c, '\n'); break; - /* start of a stanza. check to see if it matches */ + /* start of a stanza, check to see if it matches */ case '[': stanzastate = WRONGSTANZA; for (i = 0; i < stanza_len; i++) { c = fgetc(f); - /* Strip leading whitespace */ + /* strip leading whitespace */ if (i == 0) for (; isspace(c); c = fgetc(f)) continue; @@ -177,7 +181,7 @@ read_defaults(FILE *f, const char *stanza, np_arg_list **opts) /* if it matched up to here and the next char is ']'... */ if (i == stanza_len) { c = fgetc(f); - /* Strip trailing whitespace */ + /* strip trailing whitespace */ for (; isspace(c); c = fgetc(f)) continue; if (c == ']') @@ -214,9 +218,9 @@ read_defaults(FILE *f, const char *stanza, np_arg_list **opts) } /* - * read one line of input in the format + * Read one line of input in the format * ^option[[:space:]]*(=[[:space:]]*value)? - * and creates it as a cmdline argument + * and create it as a cmdline argument * --option[=value] * appending it to the linked list optbuf. */ @@ -250,7 +254,7 @@ add_option(FILE *f, np_arg_list **optlst) } } lineend = &linebuf[read_pos]; - /* all that to read one line. isn't C fun? :) now comes the parsing :/ */ + /* all that to read one line, isn't C fun? :) now comes the parsing :/ */ /* skip leading whitespace */ for (optptr = linebuf; optptr < lineend && isspace(*optptr); optptr++) @@ -276,7 +280,7 @@ add_option(FILE *f, np_arg_list **optlst) for (valend = valptr; valend < lineend; valend++) continue; --valend; - /* Finally trim off trailing spaces */ + /* finally trim off trailing spaces */ for (; isspace(*valend); valend--) continue; /* calculate the length of "--foo" */ @@ -297,7 +301,7 @@ add_option(FILE *f, np_arg_list **optlst) equals = 1; cfg_len += 1; } - /* A line with no equal sign isn't valid */ + /* a line with no equal sign isn't valid */ if (equals == 0) die(STATE_UNKNOWN, "%s\n", _("Config file error")); -- cgit v0.10-9-g596f From 6da7dba782f37eafdec595acfc3445a56d445915 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Wed, 18 Jun 2014 10:53:44 +0200 Subject: lib/parse_ini.c: Add comment on NAGIOS_CONFIG_PATH We might want to spit out a warning when NAGIOS_CONFIG_PATH is used. While at it, move the function that handles this environment variable to the bottom. diff --git a/lib/parse_ini.c b/lib/parse_ini.c index 2e47e06..ede0e5f 100644 --- a/lib/parse_ini.c +++ b/lib/parse_ini.c @@ -68,8 +68,9 @@ static int read_defaults(FILE *f, const char *stanza, np_arg_list **opts); /* internal function that converts a single line into options format */ static int add_option(FILE *f, np_arg_list **optlst); -/* internal function to find default file */ +/* internal functions to find default file */ static char *default_file(void); +static char *default_file_in_path(void); /* * Parse_locator decomposes a string of the form @@ -344,6 +345,20 @@ add_option(FILE *f, np_arg_list **optlst) } static char * +default_file(void) +{ + char **p, *ini_file; + + if ((ini_file = getenv("MP_CONFIG_FILE")) != NULL || + (ini_file = default_file_in_path()) != NULL) + return ini_file; + for (p = default_ini_path_names; *p != NULL; p++) + if (access(*p, F_OK) == 0) + return *p; + return NULL; +} + +static char * default_file_in_path(void) { char *config_path, **file; @@ -351,6 +366,7 @@ default_file_in_path(void) if ((config_path = getenv("NAGIOS_CONFIG_PATH")) == NULL) return NULL; + /* shall we spit out a warning that NAGIOS_CONFIG_PATH is deprecated? */ if ((tokens = strdup(config_path)) == NULL) die(STATE_UNKNOWN, _("Insufficient Memory")); @@ -367,17 +383,3 @@ default_file_in_path(void) free(tokens); return NULL; } - -static char * -default_file(void) -{ - char **p, *ini_file; - - if ((ini_file = getenv("MP_CONFIG_FILE")) != NULL || - (ini_file = default_file_in_path()) != NULL) - return ini_file; - for (p = default_ini_path_names; *p != NULL; p++) - if (access(*p, F_OK) == 0) - return *p; - return NULL; -} -- cgit v0.10-9-g596f From f0b22b37f9554fa230a355fe2a1e45e5b59630f2 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Wed, 18 Jun 2014 18:39:32 +0200 Subject: lib/parse_ini.c: Search for INI file in subdirs Add two path names to the list of default INI file locations, as some users/distributions prefer to put configuration files into subdirectories. diff --git a/lib/parse_ini.c b/lib/parse_ini.c index ede0e5f..cd3d827 100644 --- a/lib/parse_ini.c +++ b/lib/parse_ini.c @@ -46,7 +46,9 @@ static char *default_ini_file_names[] = { }; static char *default_ini_path_names[] = { + "/usr/local/etc/monitoring-plugins/monitoring-plugins.ini", "/usr/local/etc/monitoring-plugins.ini", + "/etc/monitoring-plugins/monitoring-plugins.ini", "/etc/monitoring-plugins.ini", /* deprecated path names (for backward compatibility): */ "/etc/nagios/plugins.ini", -- cgit v0.10-9-g596f From b63974c2cb39705eacc4733ca7a376fde7d0921d Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Wed, 18 Jun 2014 18:40:23 +0200 Subject: plugins/runcmd.c: Remove superfluous newline The puts(3) function already appends a newline character to the string. diff --git a/plugins/runcmd.c b/plugins/runcmd.c index 4352e60..1a7c904 100644 --- a/plugins/runcmd.c +++ b/plugins/runcmd.c @@ -261,7 +261,7 @@ runcmd_timeout_alarm_handler (int signo) size_t i; if (signo == SIGALRM) - puts(_("CRITICAL - Plugin timed out while executing system call\n")); + puts(_("CRITICAL - Plugin timed out while executing system call")); if(np_pids) for(i = 0; i < maxfd; i++) { if(np_pids[i] != 0) kill(np_pids[i], SIGKILL); -- cgit v0.10-9-g596f From ae24aaeefba290d910a8d8f945716ecc84ca02ca Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Wed, 18 Jun 2014 18:45:10 +0200 Subject: Use FindBin consistently across Perl plugins Use Perl's FindBin module to locate the path to utils.pm in check_file_age.pl and check_mssql.pl, just as we do in other Perl plugins. diff --git a/plugins-scripts/check_file_age.pl b/plugins-scripts/check_file_age.pl index 5e062de..ae25201 100755 --- a/plugins-scripts/check_file_age.pl +++ b/plugins-scripts/check_file_age.pl @@ -25,7 +25,8 @@ use English; use Getopt::Long; use File::stat; use vars qw($PROGNAME); -use lib "."; +use FindBin; +use lib "$FindBin::Bin"; use utils qw (%ERRORS &print_revision &support); sub print_help (); diff --git a/plugins-scripts/check_mssql.pl b/plugins-scripts/check_mssql.pl index a3f497c..a436a8f 100755 --- a/plugins-scripts/check_mssql.pl +++ b/plugins-scripts/check_mssql.pl @@ -29,7 +29,8 @@ use DBI; use DBD::Sybase; use Getopt::Long; -use lib "."; +use FindBin; +use lib "$FindBin::Bin"; use utils qw($TIMEOUT %ERRORS &print_revision &support); use strict; -- cgit v0.10-9-g596f From 91d04ad62d5272dd0e0e76af80e86ef912a3f643 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Wed, 18 Jun 2014 21:47:10 +0200 Subject: Add Gnulib module "idpriv-droptemp" diff --git a/gl/Makefile.am b/gl/Makefile.am index 4339b2c..54abb4c 100644 --- a/gl/Makefile.am +++ b/gl/Makefile.am @@ -21,7 +21,7 @@ # the same distribution terms as the rest of that program. # # Generated by gnulib-tool. -# Reproduce by: gnulib-tool --import --dir=. --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=tests --aux-dir=build-aux --no-conditional-dependencies --no-libtool --macro-prefix=gl --no-vc-files base64 crypto/sha1 dirname environ floorf fsusage getaddrinfo gethostname getloadavg getopt-gnu gettext mountlist regex setenv strcase strsep timegm unsetenv vasprintf vsnprintf +# Reproduce by: gnulib-tool --import --dir=. --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=tests --aux-dir=build-aux --no-conditional-dependencies --no-libtool --macro-prefix=gl --no-vc-files base64 crypto/sha1 dirname environ floorf fsusage getaddrinfo gethostname getloadavg getopt-gnu gettext idpriv-droptemp mountlist regex setenv strcase strsep timegm unsetenv vasprintf vsnprintf AUTOMAKE_OPTIONS = 1.9.6 gnits subdir-objects @@ -402,6 +402,14 @@ EXTRA_DIST += $(top_srcdir)/build-aux/config.rpath ## end gnulib module havelib +## begin gnulib module idpriv-droptemp + +libgnu_a_SOURCES += idpriv-droptemp.c + +EXTRA_DIST += idpriv.h + +## end gnulib module idpriv-droptemp + ## begin gnulib module inet_ntop diff --git a/gl/idpriv-droptemp.c b/gl/idpriv-droptemp.c new file mode 100644 index 0000000..13d1064 --- /dev/null +++ b/gl/idpriv-droptemp.c @@ -0,0 +1,204 @@ +/* Dropping uid/gid privileges of the current process temporarily. + Copyright (C) 2009-2013 Free Software Foundation, Inc. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#include + +#include "idpriv.h" + +#include +#include +#include +#include + +/* The privileged uid and gid that the process had earlier. */ +#if HAVE_GETUID +static int saved_uid = -1; +#endif +#if HAVE_GETGID +static int saved_gid = -1; +#endif + +int +idpriv_temp_drop (void) +{ +#if HAVE_GETEUID && HAVE_GETEGID && (HAVE_SETRESUID || HAVE_SETREUID) && (HAVE_SETRESGID || HAVE_SETREGID) + int uid = getuid (); + int gid = getgid (); + + /* Find out about the privileged uid and gid at the first call. */ + if (saved_uid == -1) + saved_uid = geteuid (); + if (saved_gid == -1) + saved_gid = getegid (); + + /* Drop the gid privilege first, because in some cases the gid privilege + cannot be dropped after the uid privilege has been dropped. */ + + /* This is for executables that have the setgid bit set. */ +# if HAVE_SETRESGID /* glibc, FreeBSD, OpenBSD, HP-UX */ + if (setresgid (-1, gid, saved_gid) < 0) + return -1; +# else /* Mac OS X, NetBSD, AIX, IRIX, Solaris >= 2.5, OSF/1, Cygwin */ + if (setregid (-1, gid) < 0) + return -1; +# endif + + /* This is for executables that have the setuid bit set. */ +# if HAVE_SETRESUID /* glibc, FreeBSD, OpenBSD, HP-UX */ + /* See + figure 14. */ + if (setresuid (-1, uid, saved_uid) < 0) + return -1; +# else /* Mac OS X, NetBSD, AIX, IRIX, Solaris >= 2.5, OSF/1, Cygwin */ + if (setreuid (-1, uid) < 0) + return -1; +# endif + + /* Verify that the privileges have really been dropped. + This verification is here for security reasons. Doesn't matter if it + takes a couple of system calls. + When the verification fails, it indicates that we need to use different + API in the code above. Therefore 'abort ()', not 'return -1'. */ +# if HAVE_GETRESUID /* glibc, FreeBSD, OpenBSD, HP-UX */ + { + uid_t real; + uid_t effective; + uid_t saved; + if (getresuid (&real, &effective, &saved) < 0 + || real != uid + || effective != uid + || saved != saved_uid) + abort (); + } +# else +# if HAVE_GETEUID + if (geteuid () != uid) + abort (); +# endif + if (getuid () != uid) + abort (); +# endif +# if HAVE_GETRESGID /* glibc, FreeBSD, OpenBSD, HP-UX */ + { + uid_t real; + uid_t effective; + uid_t saved; + if (getresgid (&real, &effective, &saved) < 0 + || real != gid + || effective != gid + || saved != saved_gid) + abort (); + } +# else +# if HAVE_GETEGID + if (getegid () != gid) + abort (); +# endif + if (getgid () != gid) + abort (); +# endif + + return 0; +#else + errno = ENOSYS; + return -1; +#endif +} + +int +idpriv_temp_restore (void) +{ +#if HAVE_GETEUID && HAVE_GETEGID && (HAVE_SETRESUID || HAVE_SETREUID) && (HAVE_SETRESGID || HAVE_SETREGID) + int uid = getuid (); + int gid = getgid (); + + if (saved_uid == -1 || saved_gid == -1) + /* Caller error: idpriv_temp_drop was never invoked. */ + abort (); + + /* Acquire the gid privilege last, because in some cases the gid privilege + cannot be acquired before the uid privilege has been acquired. */ + + /* This is for executables that have the setuid bit set. */ +# if HAVE_SETRESUID /* glibc, FreeBSD, OpenBSD, HP-UX */ + /* See + figure 14. */ + if (setresuid (-1, saved_uid, -1) < 0) + return -1; +# else /* Mac OS X, NetBSD, AIX, IRIX, Solaris >= 2.5, OSF/1, Cygwin */ + if (setreuid (-1, saved_uid) < 0) + return -1; +# endif + + /* This is for executables that have the setgid bit set. */ +# if HAVE_SETRESGID /* glibc, FreeBSD, OpenBSD, HP-UX */ + if (setresgid (-1, saved_gid, -1) < 0) + return -1; +# else /* Mac OS X, NetBSD, AIX, IRIX, Solaris >= 2.5, OSF/1, Cygwin */ + if (setregid (-1, saved_gid) < 0) + return -1; +# endif + + /* Verify that the privileges have really been acquired. + This verification is here for security reasons. Doesn't matter if it + takes a couple of system calls. + When the verification fails, it indicates that we need to use different + API in the code above. Therefore 'abort ()', not 'return -1'. */ +# if HAVE_GETRESUID /* glibc, FreeBSD, OpenBSD, HP-UX */ + { + uid_t real; + uid_t effective; + uid_t saved; + if (getresuid (&real, &effective, &saved) < 0 + || real != uid + || effective != saved_uid + || saved != saved_uid) + abort (); + } +# else +# if HAVE_GETEUID + if (geteuid () != saved_uid) + abort (); +# endif + if (getuid () != uid) + abort (); +# endif +# if HAVE_GETRESGID /* glibc, FreeBSD, OpenBSD, HP-UX */ + { + uid_t real; + uid_t effective; + uid_t saved; + if (getresgid (&real, &effective, &saved) < 0 + || real != gid + || effective != saved_gid + || saved != saved_gid) + abort (); + } +# else +# if HAVE_GETEGID + if (getegid () != saved_gid) + abort (); +# endif + if (getgid () != gid) + abort (); +# endif + + return 0; +#else + errno = ENOSYS; + return -1; +#endif +} diff --git a/gl/idpriv.h b/gl/idpriv.h new file mode 100644 index 0000000..f454a2c --- /dev/null +++ b/gl/idpriv.h @@ -0,0 +1,116 @@ +/* Dropping uid/gid privileges of the current process. + Copyright (C) 2009-2013 Free Software Foundation, Inc. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#ifndef _IDPRIV_H +#define _IDPRIV_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* This module allows programs which are installed with setuid or setgid bit + (and which therefore initially run with an effective user id or group id + different from the one of the current user) to drop their uid or gid + privilege, either permanently or temporarily. + + It is absolutely necessary to minimize the amount of code that is running + with escalated privileges (e.g. with effective uid = root). The reason is + that any bug or exploit in a part of a program that is running with + escalated privileges is a security vulnerability that - upon discovery - + puts the users in danger and requires immediate fixing. Then consider that + there's a bug every 10 or 20 lines of code on average... + + For programs that temporarily drop privileges but have the ability to + restore them later, there are additionally the dangers that + - Any bug in the non-privileged part of the program may be used to + create invalid data structures that will trigger security + vulnerabilities in the privileged part of the program. + - Code execution exploits in the non-privileged part of the program may + be used to invoke the function that restores high privileges and then + execute additional arbitrary code. + + 1) The usual, and reasonably safe, way to minimize the amount of code + running with privileges is to create a separate executable, with setuid + or setgid bit, that contains only code for the tasks that require + privileges (and,of course, strict checking of the arguments, so that the + program cannot be abused). The main program is installed without setuid + or setgid bit. + + 2) A less safe way is to do some privileged tasks at the beginning of the + program's run, and drop privileges permanently as soon as possible. + + Note: There may still be security issues if the privileged task puts + sensitive data into the process memory or opens communication channels + to restricted facilities. + + 3) The most unsafe way is to drop privileges temporarily for most of the + main program but to re-enable them for the duration of privileged tasks. + + As explained above, this approach has uncontrollable dangers for + security. + + This approach is normally not usable in multithreaded programs, because + you cannot know what kind of system calls the other threads could be + doing during the time the privileges are enabled. + + With approach 1, you don't need gnulib modules. + With approach 2, you need the gnulib module 'idpriv-drop'. + With approach 3, you need the gnulib module 'idpriv-droptemp'. But really, + you should better stay away from this approach. + */ + +/* For more in-depth discussion of these topics, see the papers/articles + * Hao Chen, David Wagner, Drew Dean: Setuid Demystified + + * Dan Tsafrir, Dilma da Silva, David Wagner: The Murky Issue of Changing + Process Identity: Revising "Setuid Demystified" + + + * Dhruv Mohindra: Observe correct revocation order while relinquishing + privileges + + */ + + +/* For approach 2. */ + +/* Drop the uid and gid privileges of the current process. + Return 0 if successful, or -1 with errno set upon failure. The recommended + handling of failure is to terminate the process. */ +extern int idpriv_drop (void); + + +/* For approach 3. */ + +/* Drop the uid and gid privileges of the current process in a way that allows + them to be restored later. + Return 0 if successful, or -1 with errno set upon failure. The recommended + handling of failure is to terminate the process. */ +extern int idpriv_temp_drop (void); + +/* Restore the uid and gid privileges of the current process. + Return 0 if successful, or -1 with errno set upon failure. The recommended + handling of failure is to not perform the actions that require the escalated + privileges. */ +extern int idpriv_temp_restore (void); + + +#ifdef __cplusplus +} +#endif + + +#endif /* _IDPRIV_H */ diff --git a/gl/m4/gnulib-cache.m4 b/gl/m4/gnulib-cache.m4 index e61a536..d6fca2a 100644 --- a/gl/m4/gnulib-cache.m4 +++ b/gl/m4/gnulib-cache.m4 @@ -27,7 +27,7 @@ # Specification in the form of a command-line invocation: -# gnulib-tool --import --dir=. --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=tests --aux-dir=build-aux --no-conditional-dependencies --no-libtool --macro-prefix=gl --no-vc-files base64 crypto/sha1 dirname environ floorf fsusage getaddrinfo gethostname getloadavg getopt-gnu gettext mountlist regex setenv strcase strsep timegm unsetenv vasprintf vsnprintf +# gnulib-tool --import --dir=. --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=tests --aux-dir=build-aux --no-conditional-dependencies --no-libtool --macro-prefix=gl --no-vc-files base64 crypto/sha1 dirname environ floorf fsusage getaddrinfo gethostname getloadavg getopt-gnu gettext idpriv-droptemp mountlist regex setenv strcase strsep timegm unsetenv vasprintf vsnprintf # Specification in the form of a few gnulib-tool.m4 macro invocations: gl_LOCAL_DIR([]) @@ -43,6 +43,7 @@ gl_MODULES([ getloadavg getopt-gnu gettext + idpriv-droptemp mountlist regex setenv diff --git a/gl/m4/gnulib-comp.m4 b/gl/m4/gnulib-comp.m4 index b3cb4c1..67a8156 100644 --- a/gl/m4/gnulib-comp.m4 +++ b/gl/m4/gnulib-comp.m4 @@ -28,7 +28,7 @@ # other built files. -# This macro should be invoked from ./configure.in, in the section +# This macro should be invoked from ./configure.ac, in the section # "Checks for programs", right after AC_PROG_CC, and certainly before # any checks for libraries, header files, types and library functions. AC_DEFUN([gl_EARLY], @@ -70,6 +70,7 @@ AC_DEFUN([gl_EARLY], # Code from module gettext-h: # Code from module havelib: # Code from module hostent: + # Code from module idpriv-droptemp: # Code from module include_next: # Code from module inet_ntop: # Code from module intprops: @@ -153,7 +154,7 @@ AC_DEFUN([gl_EARLY], # Code from module xstrndup: ]) -# This macro should be invoked from ./configure.in, in the section +# This macro should be invoked from ./configure.ac, in the section # "Check for header files, types and library functions". AC_DEFUN([gl_INIT], [ @@ -258,6 +259,7 @@ AC_DEFUN([gl_INIT], AC_SUBST([LIBINTL]) AC_SUBST([LTLIBINTL]) gl_HOSTENT + gl_IDPRIV gl_FUNC_INET_NTOP if test $HAVE_INET_NTOP = 0 || test $REPLACE_INET_NTOP = 1; then AC_LIBOBJ([inet_ntop]) @@ -658,6 +660,8 @@ AC_DEFUN([gl_FILE_LIST], [ lib/glthread/lock.c lib/glthread/lock.h lib/glthread/threadlib.c + lib/idpriv-droptemp.c + lib/idpriv.h lib/inet_ntop.c lib/intprops.h lib/itold.c @@ -790,6 +794,7 @@ AC_DEFUN([gl_FILE_LIST], [ m4/gnulib-common.m4 m4/hostent.m4 m4/iconv.m4 + m4/idpriv.m4 m4/include_next.m4 m4/inet_ntop.m4 m4/intdiv0.m4 diff --git a/gl/m4/idpriv.m4 b/gl/m4/idpriv.m4 new file mode 100644 index 0000000..167f523 --- /dev/null +++ b/gl/m4/idpriv.m4 @@ -0,0 +1,14 @@ +# idpriv.m4 serial 1 +dnl Copyright (C) 2009-2013 Free Software Foundation, Inc. +dnl This file is free software; the Free Software Foundation +dnl gives unlimited permission to copy and/or distribute it, +dnl with or without modifications, as long as this notice is preserved. + +AC_DEFUN([gl_IDPRIV], +[ + dnl Persuade glibc to declare {get,set}res{uid,gid}. + AC_REQUIRE([gl_USE_SYSTEM_EXTENSIONS]) + + AC_CHECK_FUNCS_ONCE([getuid geteuid getresuid getgid getegid getresgid]) + AC_CHECK_FUNCS_ONCE([setresuid setreuid seteuid setresgid setregid setegid]) +]) -- cgit v0.10-9-g596f From b81c10e00cc71bf1be90510114e410ed691dc266 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Wed, 18 Jun 2014 23:09:02 +0200 Subject: lib/parse_ini.c: Cosmetic change Replace an "if" with the ternary operator. diff --git a/lib/parse_ini.c b/lib/parse_ini.c index cd3d827..30b79d7 100644 --- a/lib/parse_ini.c +++ b/lib/parse_ini.c @@ -120,10 +120,7 @@ np_get_defaults(const char *locator, const char *default_section) np_ini_info i; parse_locator(locator, default_section, &i); - if (strcmp(i.file, "-") == 0) - inifile = stdin; - else - inifile = fopen(i.file, "r"); + inifile = strcmp(i.file, "-") == 0 ? stdin : fopen(i.file, "r"); if (inifile == NULL) die(STATE_UNKNOWN, "%s\n", _("Can't read config file")); -- cgit v0.10-9-g596f From 2bf7647be60cd53d9e54fdcf970a90fe08797819 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Wed, 18 Jun 2014 23:15:21 +0200 Subject: lib/parse_ini.c: Add newline to die() calls Our die() function doesn't append a newline character to the message. diff --git a/lib/parse_ini.c b/lib/parse_ini.c index 30b79d7..447bd45 100644 --- a/lib/parse_ini.c +++ b/lib/parse_ini.c @@ -368,11 +368,11 @@ default_file_in_path(void) /* shall we spit out a warning that NAGIOS_CONFIG_PATH is deprecated? */ if ((tokens = strdup(config_path)) == NULL) - die(STATE_UNKNOWN, _("Insufficient Memory")); + die(STATE_UNKNOWN, "%s\n", _("Insufficient Memory")); for (dir = strtok(tokens, ":"); dir != NULL; dir = strtok(NULL, ":")) { for (file = default_ini_file_names; *file != NULL; file++) { if ((asprintf(&ini_file, "%s/%s", dir, *file)) < 0) - die(STATE_UNKNOWN, _("Insufficient Memory")); + die(STATE_UNKNOWN, "%s\n", _("Insufficient Memory")); if (access(ini_file, F_OK) == 0) { free(tokens); return ini_file; -- cgit v0.10-9-g596f From 48025ff39c3a78b7805bf803ac96730cef53e15c Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Wed, 18 Jun 2014 23:22:12 +0200 Subject: lib/parse_ini.c: Drop privileges for reading file Read the configuration file with privileges temporarily dropped if the code is used by a setuid plugin. diff --git a/lib/parse_ini.c b/lib/parse_ini.c index 447bd45..86b94e7 100644 --- a/lib/parse_ini.c +++ b/lib/parse_ini.c @@ -22,6 +22,7 @@ *****************************************************************************/ #include "common.h" +#include "idpriv.h" #include "utils_base.h" #include "parse_ini.h" @@ -118,6 +119,11 @@ np_get_defaults(const char *locator, const char *default_section) FILE *inifile = NULL; np_arg_list *defaults = NULL; np_ini_info i; + int is_suid_plugin = mp_suid(); + + if (is_suid_plugin && idpriv_temp_drop() == -1) + die(STATE_UNKNOWN, _("Cannot drop privileges: %s\n"), + strerror(errno)); parse_locator(locator, default_section, &i); inifile = strcmp(i.file, "-") == 0 ? stdin : fopen(i.file, "r"); @@ -133,6 +139,10 @@ np_get_defaults(const char *locator, const char *default_section) if (inifile != stdin) fclose(inifile); free(i.stanza); + if (is_suid_plugin && idpriv_temp_restore() == -1) + die(STATE_UNKNOWN, _("Cannot restore privileges: %s\n"), + strerror(errno)); + return defaults; } -- cgit v0.10-9-g596f From dc0f25cf76397b13f39a1d0fc50e9174114478ca Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Wed, 18 Jun 2014 23:42:57 +0200 Subject: lib/parse_ini.c: Print proper read error message Print a useful error message if opening the configuration file fails. diff --git a/lib/parse_ini.c b/lib/parse_ini.c index 86b94e7..25abc89 100644 --- a/lib/parse_ini.c +++ b/lib/parse_ini.c @@ -129,7 +129,8 @@ np_get_defaults(const char *locator, const char *default_section) inifile = strcmp(i.file, "-") == 0 ? stdin : fopen(i.file, "r"); if (inifile == NULL) - die(STATE_UNKNOWN, "%s\n", _("Can't read config file")); + die(STATE_UNKNOWN, _("Can't read config file: %s\n"), + strerror(errno)); if (read_defaults(inifile, i.stanza, &defaults) == FALSE) die(STATE_UNKNOWN, _("Invalid section '%s' in config file '%s'\n"), i.stanza, -- cgit v0.10-9-g596f From 8a932865eb6082a66d2ceb73354bd6bb5a2b90ab Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Fri, 20 Jun 2014 12:35:22 +0200 Subject: NEWS: s/MP_STATE_DIRECTORY/MP_STATE_PATH/ NAGIOS_PLUGIN_STATE_DIRECTORY was renamed to MP_STATE_PATH, not to MP_STATE_DIRECTORY. diff --git a/NEWS b/NEWS index c0c9d11..0a1ef95 100644 --- a/NEWS +++ b/NEWS @@ -22,7 +22,7 @@ This file documents the major additions and syntax changes between releases. check_ide_smart -0/--auto-off, -1/--auto-on and -i/--immediate: options have been disabled because they were broken State retention: the NAGIOS_PLUGIN_STATE_DIRECTORY environment variable has been - renamed MP_STATE_DIRECTORY. The old variable will continue to work in v1.6.x + renamed MP_STATE_PATH. The old variable will continue to work in v1.6.x check_swap used to allow returning OK on a system without swap when only percent thresholds were used. This is no longer the case and one must now use -n/--no-swap= The Perl and Shell plugins now use the PATH specified via ./configure's --trusted-path -- cgit v0.10-9-g596f From eb85a612a3321c57efbd672f8b11bfefbc659876 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Sat, 21 Jun 2014 15:15:44 +0200 Subject: Add UID to state retention file path Add the UID of the invoking user to the state retention file path. This helps solving permission issues when different users run the same plugin. diff --git a/NEWS b/NEWS index 0a1ef95..4c51179 100644 --- a/NEWS +++ b/NEWS @@ -23,6 +23,8 @@ This file documents the major additions and syntax changes between releases. been disabled because they were broken State retention: the NAGIOS_PLUGIN_STATE_DIRECTORY environment variable has been renamed MP_STATE_PATH. The old variable will continue to work in v1.6.x + Add the UID of the invoking user to the state retention file path. This helps solving + permission issues when different users run the same plugin check_swap used to allow returning OK on a system without swap when only percent thresholds were used. This is no longer the case and one must now use -n/--no-swap= The Perl and Shell plugins now use the PATH specified via ./configure's --trusted-path diff --git a/lib/tests/test_utils.c b/lib/tests/test_utils.c index 356887d..f35b7e2 100644 --- a/lib/tests/test_utils.c +++ b/lib/tests/test_utils.c @@ -21,6 +21,7 @@ #include "tap.h" +#include #include #include @@ -29,6 +30,7 @@ int main (int argc, char **argv) { + char state_path[1024]; range *range; double temp; thresholds *thresholds = NULL; @@ -345,9 +347,10 @@ main (int argc, char **argv) np_enable_state("allowedchars_in_keyname", 77); temp_state_key = this_monitoring_plugin->state; + sprintf(state_path, "/usr/local/nagios/var/%lu/check_test/allowedchars_in_keyname", (unsigned long)geteuid()); ok( !strcmp(temp_state_key->plugin_name, "check_test"), "Got plugin name" ); ok( !strcmp(temp_state_key->name, "allowedchars_in_keyname"), "Got key name with valid chars" ); - ok( !strcmp(temp_state_key->_filename, "/usr/local/nagios/var/check_test/allowedchars_in_keyname"), "Got internal filename" ); + ok( !strcmp(temp_state_key->_filename, state_path), "Got internal filename" ); /* Don't do this test just yet. Will die */ @@ -359,12 +362,13 @@ main (int argc, char **argv) np_enable_state("funnykeyname", 54); temp_state_key = this_monitoring_plugin->state; + sprintf(state_path, "/usr/local/nagios/var/%lu/check_test/funnykeyname", (unsigned long)geteuid()); ok( !strcmp(temp_state_key->plugin_name, "check_test"), "Got plugin name" ); ok( !strcmp(temp_state_key->name, "funnykeyname"), "Got key name" ); - ok( !strcmp(temp_state_key->_filename, "/usr/local/nagios/var/check_test/funnykeyname"), "Got internal filename" ); + ok( !strcmp(temp_state_key->_filename, state_path), "Got internal filename" ); ok( temp_state_key->data_version==54, "Version set" ); temp_state_data = np_state_read(); diff --git a/lib/utils_base.c b/lib/utils_base.c index 04c4b4f..55d35fd 100644 --- a/lib/utils_base.c +++ b/lib/utils_base.c @@ -489,7 +489,9 @@ void np_enable_state(char *keyname, int expected_data_version) { this_state->state_data=NULL; /* Calculate filename */ - asprintf(&temp_filename, "%s/%s/%s", _np_state_calculate_location_prefix(), this_monitoring_plugin->plugin_name, this_state->name); + asprintf(&temp_filename, "%s/%lu/%s/%s", + _np_state_calculate_location_prefix(), (unsigned long)geteuid(), + this_monitoring_plugin->plugin_name, this_state->name); this_state->_filename=temp_filename; this_monitoring_plugin->state = this_state; -- cgit v0.10-9-g596f From 22e7b78685747ded288642f25fefee7c57d3645a Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Sun, 22 Jun 2014 13:59:57 +0200 Subject: REQUIREMENTS: Update radiusclient-ng URL The project was moved to SourceForge.net. diff --git a/REQUIREMENTS b/REQUIREMENTS index b2bd467..994764c 100644 --- a/REQUIREMENTS +++ b/REQUIREMENTS @@ -51,7 +51,7 @@ check_dbi: check_radius: - Requires the radiusclient-ng library available from: - http://developer.berlios.de/projects/radiusclient-ng/ + http://sourceforge.net/projects/radiusclient-ng.berlios/ - This plugin also works with the original radiusclient library from ftp://ftp.cityline.net/pub/radiusclient/ RPM (rpmfind): radiusclient 0.3.2, radiusclient-devel-0.3.2 -- cgit v0.10-9-g596f From c0311d98481b783f1d24dd6c59fe25ce994a090d Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Sun, 22 Jun 2014 14:10:38 +0200 Subject: check_radius: Support FreeRADIUS Client library Allow for using the FreeRADIUS Client library instead of radiusclient or radiusclient-ng. The latter two projects are dead. Closes #1231. diff --git a/NEWS b/NEWS index 4c51179..796bb2d 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,7 @@ This file documents the major additions and syntax changes between releases. check_ide_smart now defaults to plugin output, original output appended with -v Extra-Opts are now enabled by default check_swap now supports a configurable state when there is no swap + check_radius now supports the FreeRADIUS Client library FIXES Don't let e.g. check_http's -C option reset SSL version if e.g. -S 1 -C 5 is specified diff --git a/REQUIREMENTS b/REQUIREMENTS index 994764c..303fd62 100644 --- a/REQUIREMENTS +++ b/REQUIREMENTS @@ -50,14 +50,16 @@ check_dbi: http://libdbi.sourceforge.net/ check_radius: - - Requires the radiusclient-ng library available from: + - Requires the FreeRADIUS Client library available from: + http://freeradius.org/freeradius-client/ + - As an alternative, the radiusclient-ng library may be used: http://sourceforge.net/projects/radiusclient-ng.berlios/ - This plugin also works with the original radiusclient library from ftp://ftp.cityline.net/pub/radiusclient/ RPM (rpmfind): radiusclient 0.3.2, radiusclient-devel-0.3.2 - Unless you're using a distro-maintained version of this library you - probably want to use radiusclient-ng. The original radiusclient library is - unmaintained and has many known issues, particularly with 64bit systems. + However, you probably want to use the FreeRADIUS Client library, as + both radiusclient and radiusclient-ng are unmaintained and have known + issues. check_snmp: - Requires the NET-SNMP package available from diff --git a/configure.ac b/configure.ac index a7501ab..9aaa515 100644 --- a/configure.ac +++ b/configure.ac @@ -286,8 +286,15 @@ AS_IF([test "x$with_radius" != "xno"], [ RADIUSLIBS="-lradiusclient-ng" AC_SUBST(RADIUSLIBS) else - AC_MSG_WARN([Skipping radius plugin]) - AC_MSG_WARN([install radius libs to compile this plugin (see REQUIREMENTS).]) + AC_CHECK_LIB(freeradius-client,rc_read_config) + if test "$ac_cv_lib_freeradius_client_rc_read_config" = "yes"; then + EXTRAS="$EXTRAS check_radius\$(EXEEXT)" + RADIUSLIBS="-lfreeradius-client" + AC_SUBST(RADIUSLIBS) + else + AC_MSG_WARN([Skipping radius plugin]) + AC_MSG_WARN([install radius libs to compile this plugin (see REQUIREMENTS).]) + fi fi fi LIBS="$_SAVEDLIBS" diff --git a/plugins/check_radius.c b/plugins/check_radius.c index 3481f0c..9394d26 100644 --- a/plugins/check_radius.c +++ b/plugins/check_radius.c @@ -36,9 +36,10 @@ const char *email = "devel@monitoring-plugins.org"; #include "utils.h" #include "netutils.h" -#ifdef HAVE_LIBRADIUSCLIENT_NG +#if defined(HAVE_LIBFREERADIUS_CLIENT) +#include +#elif defined(HAVE_LIBRADIUSCLIENT_NG) #include -rc_handle *rch = NULL; #else #include #endif @@ -47,11 +48,14 @@ int process_arguments (int, char **); void print_help (void); void print_usage (void); -/* libradiusclient(-ng) wrapper functions */ -#ifdef HAVE_LIBRADIUSCLIENT_NG +#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) #define my_rc_conf_str(a) rc_conf_str(rch,a) #define my_rc_send_server(a,b) rc_send_server(rch,a,b) +#ifdef HAVE_LIBFREERADIUS_CLIENT +#define my_rc_buildreq(a,b,c,d,e,f) rc_buildreq(rch,a,b,c,d,(a)->secret,e,f) +#else #define my_rc_buildreq(a,b,c,d,e,f) rc_buildreq(rch,a,b,c,d,e,f) +#endif #define my_rc_own_ipaddress() rc_own_ipaddress(rch) #define my_rc_avpair_add(a,b,c,d) rc_avpair_add(rch,a,b,c,-1,d) #define my_rc_read_dictionary(a) rc_read_dictionary(rch, a) @@ -72,6 +76,10 @@ void print_usage (void); int my_rc_read_config(char *); +#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) +rc_handle *rch = NULL; +#endif + char *server = NULL; char *username = NULL; char *password = NULL; @@ -142,11 +150,10 @@ Please note that all tags must be lowercase to use the DocBook XML DTD. int main (int argc, char **argv) { - UINT4 service; char msg[BUFFER_LEN]; SEND_DATA data; int result = STATE_UNKNOWN; - UINT4 client_id; + uint32_t client_id, service; char *str; setlocale (LC_ALL, ""); @@ -392,7 +399,7 @@ print_usage (void) int my_rc_read_config(char * a) { -#ifdef HAVE_LIBRADIUSCLIENT_NG +#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) rch = rc_read_config(a); return (rch == NULL) ? 1 : 0; #else -- cgit v0.10-9-g596f From 0170bc48d17dbda24f681a24844fc0bbedad8477 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Sun, 22 Jun 2014 14:12:55 +0200 Subject: configure.ac: Change RADIUS library preferences Prefer the FreeRADIUS Client library over radiusclient-ng, and prefer that one over the original radiusclient library. diff --git a/configure.ac b/configure.ac index 9aaa515..87d43fd 100644 --- a/configure.ac +++ b/configure.ac @@ -274,22 +274,22 @@ AC_ARG_WITH([radius], [AS_HELP_STRING([--without-radius], [Skips the radius plug dnl Check for radius libraries AS_IF([test "x$with_radius" != "xno"], [ _SAVEDLIBS="$LIBS" - AC_CHECK_LIB(radiusclient,rc_read_config) - if test "$ac_cv_lib_radiusclient_rc_read_config" = "yes"; then + AC_CHECK_LIB(freeradius-client,rc_read_config) + if test "$ac_cv_lib_freeradius_client_rc_read_config" = "yes"; then EXTRAS="$EXTRAS check_radius\$(EXEEXT)" - RADIUSLIBS="-lradiusclient" + RADIUSLIBS="-lfreeradius-client" AC_SUBST(RADIUSLIBS) else AC_CHECK_LIB(radiusclient-ng,rc_read_config) if test "$ac_cv_lib_radiusclient_ng_rc_read_config" = "yes"; then EXTRAS="$EXTRAS check_radius\$(EXEEXT)" - RADIUSLIBS="-lradiusclient-ng" + RADIUSLIBS="-lradiusclient-ng" AC_SUBST(RADIUSLIBS) else - AC_CHECK_LIB(freeradius-client,rc_read_config) - if test "$ac_cv_lib_freeradius_client_rc_read_config" = "yes"; then + AC_CHECK_LIB(radiusclient,rc_read_config) + if test "$ac_cv_lib_radiusclient_rc_read_config" = "yes"; then EXTRAS="$EXTRAS check_radius\$(EXEEXT)" - RADIUSLIBS="-lfreeradius-client" + RADIUSLIBS="-lradiusclient" AC_SUBST(RADIUSLIBS) else AC_MSG_WARN([Skipping radius plugin]) -- cgit v0.10-9-g596f From 7979837c0d337e11354935fbf5a82c329c18841f Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Sun, 22 Jun 2014 21:43:38 +0200 Subject: check_radius.c: Add newline to die() calls Our die() function doesn't append a newline character to the message. diff --git a/plugins/check_radius.c b/plugins/check_radius.c index 9394d26..b294347 100644 --- a/plugins/check_radius.c +++ b/plugins/check_radius.c @@ -169,7 +169,7 @@ main (int argc, char **argv) str = strdup ("dictionary"); if ((config_file && my_rc_read_config (config_file)) || my_rc_read_dictionary (my_rc_conf_str (str))) - die (STATE_UNKNOWN, _("Config file error")); + die (STATE_UNKNOWN, _("Config file error\n")); service = PW_AUTHENTICATE_ONLY; @@ -178,24 +178,24 @@ main (int argc, char **argv) my_rc_avpair_add (&data.send_pairs, PW_USER_NAME, username, 0) && my_rc_avpair_add (&data.send_pairs, PW_USER_PASSWORD, password, 0) )) - die (STATE_UNKNOWN, _("Out of Memory?")); + die (STATE_UNKNOWN, _("Out of Memory?\n")); if (nasid != NULL) { if (!(my_rc_avpair_add (&data.send_pairs, PW_NAS_IDENTIFIER, nasid, 0))) - die (STATE_UNKNOWN, _("Invalid NAS-Identifier")); + die (STATE_UNKNOWN, _("Invalid NAS-Identifier\n")); } if (nasipaddress != NULL) { if (rc_good_ipaddr (nasipaddress)) - die (STATE_UNKNOWN, _("Invalid NAS-IP-Address")); + die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n")); if ((client_id = rc_get_ipaddr(nasipaddress)) == 0) - die (STATE_UNKNOWN, _("Invalid NAS-IP-Address")); + die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n")); } else { if ((client_id = my_rc_own_ipaddress ()) == 0) - die (STATE_UNKNOWN, _("Can't find local IP for NAS-IP-Address")); + die (STATE_UNKNOWN, _("Can't find local IP for NAS-IP-Address\n")); } if (my_rc_avpair_add (&(data.send_pairs), PW_NAS_IP_ADDRESS, &client_id, 0) == NULL) - die (STATE_UNKNOWN, _("Invalid NAS-IP-Address")); + die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n")); my_rc_buildreq (&data, PW_ACCESS_REQUEST, server, port, (int)timeout_interval, retries); @@ -206,19 +206,19 @@ main (int argc, char **argv) rc_avpair_free (data.receive_pairs); if (result == TIMEOUT_RC) - die (STATE_CRITICAL, _("Timeout")); + die (STATE_CRITICAL, _("Timeout\n")); if (result == ERROR_RC) - die (STATE_CRITICAL, _("Auth Error")); + die (STATE_CRITICAL, _("Auth Error\n")); if (result == REJECT_RC) - die (STATE_WARNING, _("Auth Failed")); + die (STATE_WARNING, _("Auth Failed\n")); if (result == BADRESP_RC) - die (STATE_WARNING, _("Bad Response")); + die (STATE_WARNING, _("Bad Response\n")); if (expect && !strstr (msg, expect)) - die (STATE_WARNING, "%s", msg); + die (STATE_WARNING, "%s\n", msg); if (result == OK_RC) - die (STATE_OK, _("Auth OK")); + die (STATE_OK, _("Auth OK\n")); (void)snprintf(msg, sizeof(msg), _("Unexpected result code %d"), result); - die (STATE_UNKNOWN, "%s", msg); + die (STATE_UNKNOWN, "%s\n", msg); } -- cgit v0.10-9-g596f From f518395410b175484de6c2fdf288ab3b36788e7a Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Sun, 22 Jun 2014 21:58:25 +0200 Subject: NEWS: Add missing tab characters diff --git a/NEWS b/NEWS index 796bb2d..726376c 100644 --- a/NEWS +++ b/NEWS @@ -2,8 +2,8 @@ This file documents the major additions and syntax changes between releases. 1.6 ... ENHANCEMENTS - check_mailq now supports auto detection of qmail, postfix, exim and nullmailer with - fallback to sendmail + check_mailq now supports auto detection of qmail, postfix, exim and nullmailer with + fallback to sendmail check_ide_smart now defaults to plugin output, original output appended with -v Extra-Opts are now enabled by default check_swap now supports a configurable state when there is no swap -- cgit v0.10-9-g596f From d67a293db2d9894e76b5a523153c17082b165f71 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Sun, 22 Jun 2014 23:54:55 +0200 Subject: THANKS.in: Add new authors Add the new Git commit authors to the THANKS.in file. diff --git a/THANKS.in b/THANKS.in index 0600051..a8eb3e5 100644 --- a/THANKS.in +++ b/THANKS.in @@ -308,3 +308,14 @@ Luca Corti Jethro Carr Evgeni Golov Oskar Liljeblad +Andrew Widdersheim +Anton Lofgren +Damian Myerscough +Davide Madrisan +Gunnar Beutner +Joseph Gooch +Lars Vogdt +Ricardo Maraschini +Spenser Reinhardt +Stephane Lapie +Tilmann Bubeck -- cgit v0.10-9-g596f From f52efd00bfc747cca182f51d61fdd65b94c1d58a Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Mon, 23 Jun 2014 01:20:37 +0200 Subject: NEWS: Add missing entries for the upcoming release diff --git a/NEWS b/NEWS index 726376c..575cbda 100644 --- a/NEWS +++ b/NEWS @@ -1,21 +1,35 @@ This file documents the major additions and syntax changes between releases. -1.6 ... +2.0 ... ENHANCEMENTS check_mailq now supports auto detection of qmail, postfix, exim and nullmailer with fallback to sendmail check_ide_smart now defaults to plugin output, original output appended with -v - Extra-Opts are now enabled by default + Extra-Opts are now enabled by default, see: + https://www.monitoring-plugins.org/doc/extra-opts.html check_swap now supports a configurable state when there is no swap check_radius now supports the FreeRADIUS Client library + New check_mysql_query -f option to specify a client options file + New check_mysql_query -g option to specify a client options group + Add performance data to check_mysql_query + New check_file_age -i/--ignore-missing option to return OK on nonexistent files + Make check_ping, check_users, and check_disk work on Windows FIXES Don't let e.g. check_http's -C option reset SSL version if e.g. -S 1 -C 5 is specified + Don't have check_http's -N option expect an argument check_ide_smart could disable offline auto tests but could not re-enable them. For this reason all SMART command modes have been disabled. check_dig: fix wrong IPv6 arguments order (Stéphane Bortzmeyer) + check_dig: make sure not to give up too early when a timeout is specified with -t + check_log: don't stumble over log lines that include a "%" character + check_nt: add UPTIME to perfdata + Handle negative values properly with check_snmp + Handle SNMPv3 noAuthNoPriv properly with check_snmp + Fix compilation with GnuTLS WARNINGS + New default installation prefix: /usr/local instead of /usr/local/nagios check_procs now ignores its parent process to avoid unexpected results when invoked via certain shells utils.sh no longer defines ECH check_ide_smart -q/--quiet and -n/--nagios (Nagios-compatile output) are now deprecated -- cgit v0.10-9-g596f From be55da1d2301c002e0ae7b70c21e75cc6b1997a8 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Mon, 23 Jun 2014 22:20:03 +0200 Subject: check_ups/check_dbi: Fixing spelling bug diff --git a/plugins/check_dbi.c b/plugins/check_dbi.c index c6244fd..a3d033f 100644 --- a/plugins/check_dbi.c +++ b/plugins/check_dbi.c @@ -215,7 +215,7 @@ main (int argc, char **argv) } if (dbi_conn_connect (conn) < 0) { - np_dbi_print_error (conn, "UNKOWN - failed to connect to database"); + np_dbi_print_error (conn, "UNKNOWN - failed to connect to database"); return STATE_UNKNOWN; } @@ -241,7 +241,7 @@ main (int argc, char **argv) printf ("Selecting database '%s'\n", np_dbi_database); if (dbi_conn_select_db (conn, np_dbi_database)) { - np_dbi_print_error (conn, "UNKOWN - failed to select database '%s'", + np_dbi_print_error (conn, "UNKNOWN - failed to select database '%s'", np_dbi_database); return STATE_UNKNOWN; } @@ -456,7 +456,7 @@ process_arguments (int argc, char **argv) new = realloc (np_dbi_options, (np_dbi_options_num + 1) * sizeof (*new)); if (! new) { - printf ("UNKOWN - failed to reallocate memory\n"); + printf ("UNKNOWN - failed to reallocate memory\n"); exit (STATE_UNKNOWN); } diff --git a/plugins/check_ups.c b/plugins/check_ups.c index 7cced49..099881d 100644 --- a/plugins/check_ups.c +++ b/plugins/check_ups.c @@ -66,7 +66,7 @@ enum { #define UPSSTATUS_BOOST 512 #define UPSSTATUS_CHRG 1024 #define UPSSTATUS_DISCHRG 2048 -#define UPSSTATUS_UNKOWN 4096 +#define UPSSTATUS_UNKNOWN 4096 enum { NOSUCHVAR = ERROR-1 }; @@ -181,7 +181,7 @@ main (int argc, char **argv) if (status & UPSSTATUS_DISCHRG) { xasprintf (&ups_status, "%s%s", ups_status, _(", Discharging")); } - if (status & UPSSTATUS_UNKOWN) { + if (status & UPSSTATUS_UNKNOWN) { xasprintf (&ups_status, "%s%s", ups_status, _(", Unknown")); } } @@ -379,7 +379,7 @@ determine_status (void) else if (!strcmp (ptr, "DISCHRG")) status |= UPSSTATUS_DISCHRG; else - status |= UPSSTATUS_UNKOWN; + status |= UPSSTATUS_UNKNOWN; } return OK; -- cgit v0.10-9-g596f From 9ac3fe7d5036e7a3672e32e87db4c252209c862a Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Mon, 23 Jun 2014 22:28:28 +0200 Subject: check_mrtg: Fixing spelling bug diff --git a/plugins/check_mrtg.c b/plugins/check_mrtg.c index ed75f4c..cf3fe04 100644 --- a/plugins/check_mrtg.c +++ b/plugins/check_mrtg.c @@ -356,7 +356,7 @@ print_help (void) printf (" %s\n", _("This plugin is useful for monitoring MRTG data that does not correspond to")); printf (" %s\n", _("bandwidth usage. (Use the check_mrtgtraf plugin for monitoring bandwidth).")); printf (" %s\n", _("It can be used to monitor any kind of data that MRTG is monitoring - errors,")); - printf (" %s\n", _("packets/sec, etc. I use MRTG in conjuction with the Novell NLM that allows")); + printf (" %s\n", _("packets/sec, etc. I use MRTG in conjunction with the Novell NLM that allows")); printf (" %s\n", _("me to track processor utilization, user connections, drive space, etc and")); printf (" %s\n\n", _("this plugin works well for monitoring that kind of data as well.")); diff --git a/po/de.po b/po/de.po index b9dd8f2..1b72995 100644 --- a/po/de.po +++ b/po/de.po @@ -1998,7 +1998,7 @@ msgstr "" #: plugins/check_mrtg.c:359 msgid "" -"packets/sec, etc. I use MRTG in conjuction with the Novell NLM that allows" +"packets/sec, etc. I use MRTG in conjunction with the Novell NLM that allows" msgstr "" #: plugins/check_mrtg.c:360 diff --git a/po/fr.po b/po/fr.po index 0537949..4eaddf5 100644 --- a/po/fr.po +++ b/po/fr.po @@ -2050,7 +2050,7 @@ msgstr "" #: plugins/check_mrtg.c:359 msgid "" -"packets/sec, etc. I use MRTG in conjuction with the Novell NLM that allows" +"packets/sec, etc. I use MRTG in conjunction with the Novell NLM that allows" msgstr "" #: plugins/check_mrtg.c:360 diff --git a/po/monitoring-plugins.pot b/po/monitoring-plugins.pot index 07c1b98..b474359 100644 --- a/po/monitoring-plugins.pot +++ b/po/monitoring-plugins.pot @@ -1944,7 +1944,7 @@ msgstr "" #: plugins/check_mrtg.c:359 msgid "" -"packets/sec, etc. I use MRTG in conjuction with the Novell NLM that allows" +"packets/sec, etc. I use MRTG in conjunction with the Novell NLM that allows" msgstr "" #: plugins/check_mrtg.c:360 -- cgit v0.10-9-g596f From 580bdd286379f6d8b678b9a7472572cfa2684aaf Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Mon, 23 Jun 2014 22:33:29 +0200 Subject: check_ide_smart: Fixing spelling bug diff --git a/plugins/check_ide_smart.c b/plugins/check_ide_smart.c index 55faacc..47605e9 100644 --- a/plugins/check_ide_smart.c +++ b/plugins/check_ide_smart.c @@ -419,7 +419,7 @@ nagios (values_t * p, thresholds_t * t) status=STATE_OK; break; default: - printf (_("ERROR - Status '%d' unkown. %d/%d tests passed\n"), status, + printf (_("ERROR - Status '%d' unknown. %d/%d tests passed\n"), status, passed, total); status = STATE_UNKNOWN; break; diff --git a/po/de.po b/po/de.po index 1b72995..51551ae 100644 --- a/po/de.po +++ b/po/de.po @@ -5360,7 +5360,7 @@ msgstr "" #: plugins/check_ide_smart.c:441 #, c-format -msgid "ERROR - Status '%d' unkown. %d/%d tests passed\n" +msgid "ERROR - Status '%d' unknown. %d/%d tests passed\n" msgstr "" #: plugins/check_ide_smart.c:474 diff --git a/po/fr.po b/po/fr.po index 4eaddf5..d88dfe2 100644 --- a/po/fr.po +++ b/po/fr.po @@ -5448,7 +5448,7 @@ msgstr "OK - En fonctionnement (%d/%d les tests on été réussi)\n" #: plugins/check_ide_smart.c:441 #, c-format -msgid "ERROR - Status '%d' unkown. %d/%d tests passed\n" +msgid "ERROR - Status '%d' unknown. %d/%d tests passed\n" msgstr "ERREUR - État '%d' inconnu. %d/%d les tests on réussi\n" #: plugins/check_ide_smart.c:474 diff --git a/po/monitoring-plugins.pot b/po/monitoring-plugins.pot index b474359..8f220e9 100644 --- a/po/monitoring-plugins.pot +++ b/po/monitoring-plugins.pot @@ -5217,7 +5217,7 @@ msgstr "" #: plugins/check_ide_smart.c:441 #, c-format -msgid "ERROR - Status '%d' unkown. %d/%d tests passed\n" +msgid "ERROR - Status '%d' unknown. %d/%d tests passed\n" msgstr "" #: plugins/check_ide_smart.c:474 -- cgit v0.10-9-g596f From b35d12e931c6d330291f5c5f4847c33a122c63cb Mon Sep 17 00:00:00 2001 From: Sven Nierlein Date: Tue, 24 Jun 2014 15:07:44 +0200 Subject: tests: always build and test on travis also make test is now working on travis-ci Signed-off-by: Sven Nierlein diff --git a/.travis.yml b/.travis.yml index 7a4c3c6..02fa084 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,14 +6,24 @@ before_install: install: - sudo apt-get install -qq --no-install-recommends perl autotools-dev libdbi-dev libldap2-dev libpq-dev libmysqlclient-dev libradiusclient-ng-dev libkrb5-dev libnet-snmp-perl procps + - sudo apt-get install -qq --no-install-recommends libdbi0-dev libdbd-sqlite3 libssl-dev dnsutils snmp-mibs-downloader + - sudo apt-get install -qq --no-install-recommends fping snmp netcat smbclient fping pure-ftpd apache2 postfix - sudo apt-get install -qq --no-install-recommends autoconf automake before_script: - tools/setup - ./configure + - make + - export NPTEST_CACHE="$(pwd)/plugins/t/NPTest.cache.travis" + - ssh-keygen -t dsa -N "" -f ~/.ssh/id_dsa + - cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys + - ssh-keyscan localhost >> ~/.ssh/known_hosts + - touch ~/.ssh/config + - sudo rm -f /usr/share/mibs/ietf/SNMPv2-PDU /usr/share/mibs/ietf/IPSEC-SPD-MIB /usr/share/mibs/ietf/IPATM-IPMC-MIB /usr/share/mibs/iana/IANA-IPPM-METRICS-REGISTRY-MIB + - sudo mkdir -p /var/lib/snmp/mib_indexes script: - - if [ "$COVERITY_SCAN_BRANCH" != 1 ]; then make; fi + - if [ "$COVERITY_SCAN_BRANCH" != 1 ]; then make test; fi notifications: irc: diff --git a/plugins/t/NPTest.cache.travis b/plugins/t/NPTest.cache.travis new file mode 100644 index 0000000..c1007de --- /dev/null +++ b/plugins/t/NPTest.cache.travis @@ -0,0 +1,54 @@ +{ + 'MYSQL_LOGIN_DETAILS' => '-u root -d test', + 'NP_ALLOW_SUDO' => 'yes', + 'NP_DNS_SERVER' => '8.8.8.8', + 'NP_GOOD_NTP_SERVICE' => '', + 'NP_HOSTNAME_INVALID' => 'nosuchhost', + 'NP_HOSTNAME_VALID' => 'monitoringplugins.org', + 'NP_HOSTNAME_VALID_IP' => '130.133.8.40', + 'NP_HOSTNAME_VALID_REVERSE' => 'orwell.monitoring-plugins.org.', + 'NP_HOST_DHCP_RESPONSIVE' => '', + 'NP_HOST_NONRESPONSIVE' => '10.0.0.1', + 'NP_HOST_RESPONSIVE' => 'localhost', + 'NP_HOST_SMB' => '', + 'NP_HOST_SNMP' => '', + 'NP_HOST_TCP_FTP' => '', + 'NP_HOST_TCP_HPJD' => '', + 'NP_HOST_TCP_HTTP' => 'localhost', + 'NP_HOST_TCP_HTTP2' => 'labs.consol.de', + 'NP_HOST_TCP_IMAP' => 'imap.web.de', + 'NP_HOST_TCP_POP' => 'pop.web.de', + 'NP_HOST_TCP_SMTP' => 'localhost', + 'NP_HOST_TCP_SMTP_NOTLS' => '', + 'NP_HOST_TCP_SMTP_TLS' => '', + 'NP_INTERNET_ACCESS' => 'yes', + 'NP_MOUNTPOINT2_VALID' => '', + 'NP_MOUNTPOINT_VALID' => '/', + 'NP_MYSQL_SERVER' => 'localhost', + 'NP_HOST_UDP_TIME' => 'localhost', + 'NP_MYSQL_SOCKET' => '/var/run/mysqld/mysqld.sock', + 'NP_MYSQL_WITH_SLAVE' => '', + 'NP_MYSQL_WITH_SLAVE_LOGIN' => '', + 'NP_NO_NTP_SERVICE' => 'localhost', + 'NP_SMB_SHARE' => '', + 'NP_SMB_SHARE_DENY' => '', + 'NP_SMB_SHARE_SPC' => '', + 'NP_SMB_VALID_USER' => '', + 'NP_SMB_VALID_USER_PASS' => '', + 'NP_SNMP_COMMUNITY' => '', + 'NP_SSH_CONFIGFILE' => '~/.ssh/config', + 'NP_SSH_HOST' => 'localhost', + 'NP_SSH_IDENTITY' => '~/.ssh/id_dsa', + 'NP_HOST_TCP_JABBER' => 'jabber.org', + 'host_nonresponsive' => '10.0.0.1', + 'host_responsive' => 'localhost', + 'host_snmp' => '', + 'host_tcp_ftp' => '', + 'host_tcp_http' => 'localhost', + 'host_tcp_imap' => 'imap.nierlein.de', + 'host_tcp_smtp' => 'localhost', + 'hostname_invalid' => 'nosuchhost', + 'snmp_community' => '', + 'user_snmp' => '', + 'host_udp_time' => 'none', +} diff --git a/plugins/t/check_ntp.t b/plugins/t/check_ntp.t index 3eee6e1..74d890f 100644 --- a/plugins/t/check_ntp.t +++ b/plugins/t/check_ntp.t @@ -23,12 +23,12 @@ my $no_ntp_service = getTestParameter( "NP_NO_NTP_SERVICE", "A host NOT providing the NTP service", "localhost" ); -my $host_nonresponsive = getTestParameter( "NP_HOST_NONRESPONSIVE", +my $host_nonresponsive = getTestParameter( "NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1" ); -my $hostname_invalid = getTestParameter( "NP_HOSTNAME_INVALID", - "An invalid (not known to DNS) hostname", +my $hostname_invalid = getTestParameter( "NP_HOSTNAME_INVALID", + "An invalid (not known to DNS) hostname", "nosuchhost"); my $ntp_okmatch1 = '/^NTP\sOK:\sOffset\s-?[0-9]+(\.[0-9]+)?(e-[0-9]{2})?\ssecs/'; @@ -43,7 +43,7 @@ my $ntp_nosuchhost = '/^check_ntp.*: Invalid hostname/address - ' . $hostname_in foreach my $plugin (@PLUGINS1) { SKIP: { - skip "No NTP server defined", 1 unless $ntp_service; + skip "No NTP server defined", 6 unless $ntp_service; $res = NPTest->testCmd( "./$plugin -H $ntp_service -w 1000 -c 2000" ); @@ -88,7 +88,7 @@ foreach my $plugin (@PLUGINS1) { foreach my $plugin (@PLUGINS2) { SKIP: { - skip "No NTP server defined", 1 unless $ntp_service; + skip "No NTP server defined", 6 unless $ntp_service; $res = NPTest->testCmd( "./$plugin -H $ntp_service -w 1000 -c 2000 -W 20 -C 21 -j 100000 -k 200000 -m 1: -n 0:" ); diff --git a/plugins/t/check_snmp.t b/plugins/t/check_snmp.t index c35d782..2d6c44a 100644 --- a/plugins/t/check_snmp.t +++ b/plugins/t/check_snmp.t @@ -45,7 +45,7 @@ is( $res->return_code, 3, "Invalid protocol" ); like( $res->output, "/check_snmp: Invalid SNMP version - 3c/" ); SKIP: { - skip "no snmp host defined", 38 if ( ! $host_snmp ); + skip "no snmp host defined", 48 if ( ! $host_snmp ); $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0 -w 1: -c 1:"); cmp_ok( $res->return_code, '==', 0, "Exit OK when querying uptime" ); diff --git a/plugins/t/check_udp.t b/plugins/t/check_udp.t index 619cadf..1f6fee7 100644 --- a/plugins/t/check_udp.t +++ b/plugins/t/check_udp.t @@ -62,7 +62,7 @@ SKIP: { cmp_ok( $res->return_code, '==', '2', "Hung waiting for response"); like ( $res->output, '/Socket timeout after 5 seconds/', "Timeout message"); like ( $duration, '/^[56]$/', "Timeout after 5 (possibly 6) seconds"); - my $read_nc = ; + my $read_nc = || ''; close NC; cmp_ok( $read_nc, 'eq', "foofoo", "Data received correctly" ); } -- cgit v0.10-9-g596f From 6e246799b939d29fe80da03ee39a24ef68f78cb0 Mon Sep 17 00:00:00 2001 From: "Eric J. Mislivec" Date: Thu, 5 Jun 2014 16:05:46 -0500 Subject: Include common.h before any system headers. This should fix some problems building on AIX. diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c index 2714961..ebdccd1 100644 --- a/plugins/check_tcp.c +++ b/plugins/check_tcp.c @@ -32,13 +32,12 @@ char *progname; const char *copyright = "1999-2008"; const char *email = "devel@monitoring-plugins.org"; -#include - #include "common.h" #include "netutils.h" #include "utils.h" #include "utils_tcp.h" +#include #include #ifdef HAVE_SSL diff --git a/plugins/negate.c b/plugins/negate.c index 4bd09de..222d240 100644 --- a/plugins/negate.c +++ b/plugins/negate.c @@ -35,12 +35,12 @@ const char *email = "devel@monitoring-plugins.org"; #define DEFAULT_TIMEOUT 11 -#include - #include "common.h" #include "utils.h" #include "utils_cmd.h" +#include + /* char *command_line; */ static const char **process_arguments (int, char **); -- cgit v0.10-9-g596f From 9ce73696b0407b43bcd96269fb1fd6c343834475 Mon Sep 17 00:00:00 2001 From: Spenser Reinhardt Date: Thu, 5 Jun 2014 22:43:07 -0500 Subject: plugins/check_apt.c - Print uninitialized ereg Coverity 66531 - ereg.buffer can be printed without being initialized if do_include and do_exclude are null and critical is an invalid regex. While minor this may leak memory and cause undefined behavior. diff --git a/plugins/check_apt.c b/plugins/check_apt.c index 4c76a51..07622c2 100644 --- a/plugins/check_apt.c +++ b/plugins/check_apt.c @@ -223,6 +223,9 @@ int run_upgrade(int *pkgcount, int *secpkgcount){ regex_t ireg, ereg, sreg; char *cmdline=NULL, rerrbuf[64]; + /* initialize ereg as it is possible it is printed while uninitialized */ + memset(&ereg, "\0", sizeof(ereg.buffer)); + if(upgrade==NO_UPGRADE) return STATE_OK; /* compile the regexps */ -- cgit v0.10-9-g596f From b61f51ad0291cf7051b6ea15ec8f8486f02443f9 Mon Sep 17 00:00:00 2001 From: Spenser Reinhardt Date: Thu, 5 Jun 2014 23:01:35 -0500 Subject: plugins/check_real.c - recv string null terminate Recv into buffer is not properly null terminated prior to strstr and possible other string functions expecting a null termination. Simply take bytes received and use as an index to append \0 after. We are creating buffer[] with size of MAX_INPUT_BUFFER and recv with MAX_INPUT_BUFFER-1 so this should never overflow. diff --git a/plugins/check_real.c b/plugins/check_real.c index 47776c5..36f6413 100644 --- a/plugins/check_real.c +++ b/plugins/check_real.c @@ -178,6 +178,7 @@ main (int argc, char **argv) /* watch for the REAL connection string */ result = recv (sd, buffer, MAX_INPUT_BUFFER - 1, 0); + buffer[result] = "\0"; /* null terminate recieved buffer */ /* return a CRITICAL status if we couldn't read any data */ if (result == -1) { -- cgit v0.10-9-g596f From a04df3e1b67dc5eab3adc202cc89901f801cdeaa Mon Sep 17 00:00:00 2001 From: Spenser Reinhardt Date: Sun, 22 Jun 2014 14:49:25 -0500 Subject: plugins/check_ntp.c - Verify struct from response Coverity 66524 - req.data is not neccessarily null terminated but still feed to printf statements. This both does that, and verifies the struct more so than before. - SR diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c index 0a7640a..09a923e 100644 --- a/plugins/check_ntp.c +++ b/plugins/check_ntp.c @@ -517,13 +517,14 @@ setup_control_request(ntp_control_message *p, uint8_t opcode, uint16_t seq){ double jitter_request(const char *host, int *status){ int conn=-1, i, npeers=0, num_candidates=0, syncsource_found=0; int run=0, min_peer_sel=PEER_INCLUDED, num_selected=0, num_valid=0; - int peers_size=0, peer_offset=0; + int peers_size=0, peer_offset=0, bytes_read=0; ntp_assoc_status_pair *peers=NULL; ntp_control_message req; const char *getvar = "jitter"; double rval = 0.0, jitter = -1.0; char *startofvalue=NULL, *nptr=NULL; void *tmp; + int ntp_cm_ints = sizeof(uint16_t) * 5 + sizeof(uint8_t) * 2; /* Long-winded explanation: * Getting the jitter requires a number of steps: @@ -608,7 +609,15 @@ double jitter_request(const char *host, int *status){ req.count = htons(MAX_CM_SIZE); DBG(printf("recieving READVAR response...\n")); - read(conn, &req, SIZEOF_NTPCM(req)); + + /* cov-66524 - req.data not null terminated before usage. Also covers verifying struct was returned correctly*/ + if ((bytes_read = read(conn, &req, SIZEOF_NTPCM(req))) == -1) + die(STATE_UNKNOWN, _("Cannot read from socket: %s"), strerror(errno)); + if (bytes_read != ntp_cm_ints + req.count) + die(STATE_UNKNOWN, _("Invalid NTP response: %d bytes read does not equal %d plus %d data segment"), bytes_read, ntp_cm_ints, req.count); + /* else null terminate */ + strncpy(req.data[req.count], "\0", 1); + DBG(print_ntp_control_message(&req)); if(req.op&REM_ERROR && strstr(getvar, "jitter")) { -- cgit v0.10-9-g596f From 5866cb0a09876d6b2a84006bda8aa9de7ea467fd Mon Sep 17 00:00:00 2001 From: Spenser Reinhardt Date: Sun, 22 Jun 2014 15:34:25 -0500 Subject: plugins/check_http.c - leakage fix Coverity 66514 - Possible leakage and overflow with addr in redirect functionality. Not confirmed as null terminated, and externally gathered. Restrict string comparisons and duplications by size. - SR diff --git a/plugins/check_http.c b/plugins/check_http.c index 92861d9..5167997 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c @@ -1243,6 +1243,7 @@ redir (char *pos, char *status_line) if (addr == NULL) die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate addr\n")); + memset(addr, 0, MAX_IPV4_HOSTLENGTH); url = malloc (strcspn (pos, "\r\n")); if (url == NULL) die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate URL\n")); @@ -1333,8 +1334,8 @@ redir (char *pos, char *status_line) max_depth, type, addr, i, url, (display_html ? "" : "")); if (server_port==i && - !strcmp(server_address, addr) && - (host_name && !strcmp(host_name, addr)) && + !strncmp(server_address, addr, MAX_IPV4_HOSTLENGTH) && + (host_name && !strncmp(host_name, addr, MAX_IPV4_HOSTLENGTH)) && !strcmp(server_url, url)) die (STATE_WARNING, _("HTTP WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"), @@ -1343,11 +1344,11 @@ redir (char *pos, char *status_line) strcpy (server_type, type); free (host_name); - host_name = strdup (addr); + host_name = strndup (addr, MAX_IPV4_HOSTLENGTH); if (!(followsticky & STICKY_HOST)) { free (server_address); - server_address = strdup (addr); + server_address = strndup (addr, MAX_IPV4_HOSTLENGTH); } if (!(followsticky & STICKY_PORT)) { server_port = i; @@ -1366,6 +1367,7 @@ redir (char *pos, char *status_line) printf (_("Redirection to %s://%s:%d%s\n"), server_type, host_name ? host_name : server_address, server_port, server_url); + free(addr); check_http (); } -- cgit v0.10-9-g596f From e7e6edb2f8e43085d02cdda93fe16256ab3a35fe Mon Sep 17 00:00:00 2001 From: Spenser Reinhardt Date: Sun, 22 Jun 2014 16:02:19 -0500 Subject: plugins-root/check_dhcp.c - array out of bounds Coverity 66488 - offer_packet->options has a max size of 312. It was being used in a loop verifying less than 311, but increasing by 2 per loop, causing a possible array index out of bounds. Changed to checking less than max length - 1. - SR diff --git a/plugins-root/check_dhcp.c b/plugins-root/check_dhcp.c index 1ec5c39..b69a10d 100644 --- a/plugins-root/check_dhcp.c +++ b/plugins-root/check_dhcp.c @@ -837,7 +837,7 @@ int add_dhcp_offer(struct in_addr source,dhcp_packet *offer_packet){ return ERROR; /* process all DHCP options present in the packet */ - for(x=4;xoptions[x]==-1) break; -- cgit v0.10-9-g596f From 88472d1804d3cd42e0ea8717d75191dfb3e3bbeb Mon Sep 17 00:00:00 2001 From: Spenser Reinhardt Date: Sun, 22 Jun 2014 22:59:03 -0500 Subject: plugins/negate.c - Reorder if statement, aiob Coverity 66480 - Potential array index out of bounds, since result was not verified to be positive prior to using as an index for state[]. Simply reording the if statement should resolve the issue. - SR diff --git a/plugins/negate.c b/plugins/negate.c index 4bd09de..7787d01 100644 --- a/plugins/negate.c +++ b/plugins/negate.c @@ -98,8 +98,7 @@ main (int argc, char **argv) die (max_state_alt (result, STATE_UNKNOWN), _("No data returned from command\n")); for (i = 0; i < chld_out.lines; i++) { - if (subst_text && result != state[result] && - result >= 0 && result <= 4) { + if (subst_text && result >= 0 && result <= 4 && result != state[result]) { /* Loop over each match found */ while ((sub = strstr (chld_out.line[i], state_text (result)))) { /* Terminate the first part and skip over the string we'll substitute */ -- cgit v0.10-9-g596f From aa16beb9711c1a235259401e8883f5d807a0a11d Mon Sep 17 00:00:00 2001 From: Spenser Reinhardt Date: Sun, 22 Jun 2014 23:10:50 -0500 Subject: plugins/negate.c - Function should not return. Coverity 66479 - validate_arguments has no need to return anything, as it dies on error, yet was set to return an int. Set to void to resolve warning. diff --git a/plugins/negate.c b/plugins/negate.c index 7787d01..d512e34 100644 --- a/plugins/negate.c +++ b/plugins/negate.c @@ -44,7 +44,7 @@ const char *email = "devel@monitoring-plugins.org"; /* char *command_line; */ static const char **process_arguments (int, char **); -int validate_arguments (char **); +void validate_arguments (char **); void print_help (void); void print_usage (void); int subst_text = FALSE; @@ -205,7 +205,7 @@ process_arguments (int argc, char **argv) } -int +void validate_arguments (char **command_line) { if (command_line[0] == NULL) -- cgit v0.10-9-g596f From 9123f6146c5dd3285d8fb78cf3a8cd52bad17ec1 Mon Sep 17 00:00:00 2001 From: Spenser Reinhardt Date: Mon, 23 Jun 2014 13:54:39 -0500 Subject: lib/utils_cmd.c - Free file descriptor Coverity 66502 - File descriptor fd in cmd_file_read is never closed, and thus file is left open after usage throughout runtime. - SR diff --git a/lib/utils_cmd.c b/lib/utils_cmd.c index 4c6d0be..9e214bd 100644 --- a/lib/utils_cmd.c +++ b/lib/utils_cmd.c @@ -390,6 +390,9 @@ cmd_file_read ( char *filename, output *out, int flags) if(out) out->lines = _cmd_fetch_output (fd, out, flags); + + if (close(fd) == -1) + die( STATE_UNKNOWN, _("Error closing %s: %s"), filename, strerror(errno) ); return 0; } -- cgit v0.10-9-g596f From 6e12805fa4fab1ee6109527313e56a4756bb3363 Mon Sep 17 00:00:00 2001 From: abrist Date: Mon, 19 May 2014 15:47:35 -0400 Subject: check_nt.c - Changed 'Mb' to 'MB' in MEMUSE. diff --git a/plugins/check_nt.c b/plugins/check_nt.c index cacf665..fefbfb7 100644 --- a/plugins/check_nt.c +++ b/plugins/check_nt.c @@ -293,10 +293,10 @@ int main(int argc, char **argv){ /* Divisor should be 1048567, not 3044515, as we are measuring "Commit Charge" here, which equals RAM + Pagefiles. */ - xasprintf(&output_message,_("Memory usage: total:%.2f Mb - used: %.2f Mb (%.0f%%) - free: %.2f Mb (%.0f%%)"), + xasprintf(&output_message,_("Memory usage: total:%.2f MB - used: %.2f MB (%.0f%%) - free: %.2f MB (%.0f%%)"), mem_commitLimit / 1048567, mem_commitByte / 1048567, percent_used_space, (mem_commitLimit - mem_commitByte) / 1048567, (mem_commitLimit - mem_commitByte) / mem_commitLimit * 100); - xasprintf(&perfdata,_("'Memory usage'=%.2fMb;%.2f;%.2f;0.00;%.2f"), mem_commitByte / 1048567, + xasprintf(&perfdata,_("'Memory usage'=%.2fMB;%.2f;%.2f;0.00;%.2f"), mem_commitByte / 1048567, warning_used_space / 1048567, critical_used_space / 1048567, mem_commitLimit / 1048567); return_code=STATE_OK; -- cgit v0.10-9-g596f From 4231415878daedefd707a39e54f7b438238908d6 Mon Sep 17 00:00:00 2001 From: Davide Madrisan Date: Thu, 20 Feb 2014 13:12:26 +0100 Subject: check_tcp: also display the server addr when host_specified is set. This will help the admins when multiple checks are configured Signed-off-by: Davide Madrisan diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c index 2714961..0b87d68 100644 --- a/plugins/check_tcp.c +++ b/plugins/check_tcp.c @@ -354,8 +354,13 @@ main (int argc, char **argv) printf("Unexpected response from host/socket on "); else printf("%.3f second response time on ", elapsed_time); - if(server_address[0] != '/') - printf("port %d", server_port); + if(server_address[0] != '/') { + if (host_specified) + printf("host %s and port %d", + server_address, server_port); + else + printf("port %d", server_port); + } else printf("socket %s", server_address); } -- cgit v0.10-9-g596f From b5d78f9556f6da877afaa763f281e7495d572367 Mon Sep 17 00:00:00 2001 From: abrist Date: Thu, 20 Feb 2014 16:02:36 -0500 Subject: Cleaned up status output of check_tcp changes diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c index 0b87d68..b0459f2 100644 --- a/plugins/check_tcp.c +++ b/plugins/check_tcp.c @@ -356,7 +356,7 @@ main (int argc, char **argv) printf("%.3f second response time on ", elapsed_time); if(server_address[0] != '/') { if (host_specified) - printf("host %s and port %d", + printf("%s port %d", server_address, server_port); else printf("port %d", server_port); -- cgit v0.10-9-g596f From 79ba1f90dbb9f29871f09bfd6a95cba2ed86ee5d Mon Sep 17 00:00:00 2001 From: Jean-Claude Computing Date: Wed, 26 Feb 2014 17:33:40 +0100 Subject: check_dns: add warning and critical thresholds to perfdata diff --git a/plugins/check_dns.c b/plugins/check_dns.c index eebe72c..a2a92f4 100644 --- a/plugins/check_dns.c +++ b/plugins/check_dns.c @@ -242,7 +242,14 @@ main (int argc, char **argv) } printf (ngettext("%.3f second response time", "%.3f seconds response time", elapsed_time), elapsed_time); printf (_(". %s returns %s"), query_address, address); - printf ("|%s\n", fperfdata ("time", elapsed_time, "s", FALSE, 0, FALSE, 0, TRUE, 0, FALSE, 0)); + if ((time_thresholds->warning == NULL) || (time_thresholds->critical == NULL)) { + printf ("|%s\n", fperfdata ("time", elapsed_time, "s", FALSE, 0, FALSE, 0, TRUE, 0, FALSE, 0)); + } else { + printf ("|%s\n", fperfdata ("time", elapsed_time, "s", + TRUE, time_thresholds->warning->end, + TRUE, time_thresholds->critical->end, + TRUE, 0, FALSE, 0)); + } } else if (result == STATE_WARNING) printf (_("DNS WARNING - %s\n"), -- cgit v0.10-9-g596f From e49973493c4ede24f034dc8e54d988404795ae17 Mon Sep 17 00:00:00 2001 From: abrist Date: Wed, 26 Feb 2014 12:08:59 -0500 Subject: check_dns.c Added a bit more logic to thresholds Added two if elses to cover when only one threshold is set. diff --git a/plugins/check_dns.c b/plugins/check_dns.c index a2a92f4..31a953d 100644 --- a/plugins/check_dns.c +++ b/plugins/check_dns.c @@ -242,14 +242,23 @@ main (int argc, char **argv) } printf (ngettext("%.3f second response time", "%.3f seconds response time", elapsed_time), elapsed_time); printf (_(". %s returns %s"), query_address, address); - if ((time_thresholds->warning == NULL) || (time_thresholds->critical == NULL)) { - printf ("|%s\n", fperfdata ("time", elapsed_time, "s", FALSE, 0, FALSE, 0, TRUE, 0, FALSE, 0)); - } else { + if ((time_thresholds->warning != NULL) && (time_thresholds->critical != NULL)) { printf ("|%s\n", fperfdata ("time", elapsed_time, "s", TRUE, time_thresholds->warning->end, TRUE, time_thresholds->critical->end, TRUE, 0, FALSE, 0)); - } + } else if ((time_thresholds->warning == NULL) && (time_thresholds->critical != NULL)) { + printf ("|%s\n", fperfdata ("time", elapsed_time, "s", + FALSE, 0, + TRUE, time_thresholds->critical->end, + TRUE, 0, FALSE, 0)); + } else if ((time_thresholds->warning != NULL) && (time_thresholds->critical == NULL)) { + printf ("|%s\n", fperfdata ("time", elapsed_time, "s", + TRUE, time_thresholds->warning->end, + FALSE, 0, + TRUE, 0, FALSE, 0)); + } else + printf ("|%s\n", fperfdata ("time", elapsed_time, "s", FALSE, 0, FALSE, 0, TRUE, 0, FALSE, 0)); } else if (result == STATE_WARNING) printf (_("DNS WARNING - %s\n"), -- cgit v0.10-9-g596f From e566021a54c500aa2ee0f17bfe4f95d1fd1be243 Mon Sep 17 00:00:00 2001 From: Sven Nierlein Date: Sat, 28 Jun 2014 22:05:25 +0200 Subject: tests: added check_dns performance data test Signed-off-by: Sven Nierlein diff --git a/plugins/t/check_dns.t b/plugins/t/check_dns.t index 2c903db..4ff553f 100644 --- a/plugins/t/check_dns.t +++ b/plugins/t/check_dns.t @@ -10,7 +10,7 @@ use NPTest; plan skip_all => "check_dns not compiled" unless (-x "check_dns"); -plan tests => 13; +plan tests => 14; my $successOutput = '/DNS OK: [\.0-9]+ seconds? response time/'; @@ -54,6 +54,7 @@ cmp_ok( $res->return_code, '==', 2, "Critical threshold passed"); $res = NPTest->testCmd("./check_dns -H $hostname_valid -t 5 -w 0 -c 5"); cmp_ok( $res->return_code, '==', 1, "Warning threshold passed"); +like( $res->output, "/\|time=[\d\.]+s;0.0*;5\.0*;0\.0*/", "Output performance data OK" ); $res = NPTest->testCmd("./check_dns -H $hostname_invalid -t 1"); cmp_ok( $res->return_code, '==', 2, "Invalid $hostname_invalid"); -- cgit v0.10-9-g596f From 4277f47bffb65bafeb9b8e256dd7116ce747e850 Mon Sep 17 00:00:00 2001 From: abrist Date: Mon, 3 Mar 2014 12:42:33 -0500 Subject: check_jabber.t - fixed tests for new status output including hostname diff --git a/plugins/t/check_jabber.t b/plugins/t/check_jabber.t index 1aaf812..7a708d5 100644 --- a/plugins/t/check_jabber.t +++ b/plugins/t/check_jabber.t @@ -29,7 +29,7 @@ my $hostname_invalid = getTestParameter( ); -my $jabberOK = '/JABBER OK\s-\s\d+\.\d+\ssecond response time on port 5222/'; +my $jabberOK = '/JABBER OK\s-\s\d+\.\d+\ssecond response time on '.$host_tcp_jabber.' port 5222/'; my $jabberUnresponsive = '/CRITICAL\s-\sSocket timeout after\s\d+\sseconds/'; @@ -40,7 +40,7 @@ my $r; SKIP: { skip "No jabber server defined", 6 unless $host_tcp_jabber; - $r = NPTest->testCmd( "./check_jabber $host_tcp_jabber" ); + $r = NPTest->testCmd( "./check_jabber -H $host_tcp_jabber" ); is( $r->return_code, 0, "Connected okay"); like( $r->output, $jabberOK, "Output as expected" ); @@ -48,7 +48,7 @@ SKIP: { is( $r->return_code, 0, "Connected okay, within limits" ); like( $r->output, $jabberOK, "Output as expected" ); - $r = NPTest->testCmd( "./check_jabber $host_tcp_jabber -wt 9 -ct 9 -to 10" ); + $r = NPTest->testCmd( "./check_jabber -H $host_tcp_jabber -wt 9 -ct 9 -to 10" ); is( $r->return_code, 0, "Old syntax okay" ); like( $r->output, $jabberOK, "Output as expected" ); -- cgit v0.10-9-g596f From 9cb630692805b3f35e6a81f98e64f55f164506bd Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Sun, 6 Jul 2014 12:26:39 +0200 Subject: THANKS.in: Add new authors Update the THANKS.in file with the new Git commit authors. diff --git a/THANKS.in b/THANKS.in index a8eb3e5..9b458c3 100644 --- a/THANKS.in +++ b/THANKS.in @@ -319,3 +319,6 @@ Ricardo Maraschini Spenser Reinhardt Stephane Lapie Tilmann Bubeck +Eric J. Mislivec +Jean-Claude Computing +Andy Brist -- cgit v0.10-9-g596f From 1a0467f672ae7a3cb8ecf35e9cbedc0cb4c6124e Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Sun, 6 Jul 2014 12:42:36 +0200 Subject: NEWS: Add missing entries diff --git a/NEWS b/NEWS index 575cbda..171d5b8 100644 --- a/NEWS +++ b/NEWS @@ -14,6 +14,8 @@ This file documents the major additions and syntax changes between releases. Add performance data to check_mysql_query New check_file_age -i/--ignore-missing option to return OK on nonexistent files Make check_ping, check_users, and check_disk work on Windows + New check_ssh -P option to specify the expected SSH protocol version + check_dns now emits the warning and critical thresholds with the performance data FIXES Don't let e.g. check_http's -C option reset SSL version if e.g. -S 1 -C 5 is specified -- cgit v0.10-9-g596f From ba21e26443385dd283d08e0419ff6ff25fedd0e8 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sun, 6 Jul 2014 12:58:04 +0200 Subject: check_icmp/check_dhcp: disable check, if we are root As it is possible to use capabilities(7) on linux or solaris privileges for example, it is not necessary in all cases to have those binaries making use of setuid. diff --git a/lib/utils_base.c b/lib/utils_base.c index 55d35fd..addf26b 100644 --- a/lib/utils_base.c +++ b/lib/utils_base.c @@ -300,19 +300,6 @@ char *np_escaped_string (const char *string) { int np_check_if_root(void) { return (geteuid() == 0); } -int np_warn_if_not_root(void) { - int status = np_check_if_root(); - if(!status) { - printf(_("Warning: ")); - printf(_("This plugin must be either run as root or setuid root.\n")); - printf(_("To run as root, you can use a tool like sudo.\n")); - printf(_("To set the setuid permissions, use the command:\n")); - /* XXX could we use something like progname? */ - printf("\tchmod u+s yourpluginfile\n"); - } - return status; -} - /* * Extract the value from key/value pairs, or return NULL. The value returned * can be free()ed. diff --git a/lib/utils_base.h b/lib/utils_base.h index d69b0da..42ae0c0 100644 --- a/lib/utils_base.h +++ b/lib/utils_base.h @@ -75,9 +75,6 @@ void die (int, const char *, ...) __attribute__((noreturn,format(printf, 2, 3))) /* a simple check to see if we're running as root. * returns zero on failure, nonzero on success */ int np_check_if_root(void); -/* and a helpful wrapper around that. it returns the same status - * code from the above function, in case it's helpful for testing */ -int np_warn_if_not_root(void); /* mp_suid() returns true if the real and effective uids differs, such as when * running a suid plugin */ diff --git a/plugins-root/check_dhcp.c b/plugins-root/check_dhcp.c index b69a10d..b874c55 100644 --- a/plugins-root/check_dhcp.c +++ b/plugins-root/check_dhcp.c @@ -270,9 +270,6 @@ int main(int argc, char **argv){ usage4 (_("Could not parse arguments")); } - /* this plugin almost certainly needs root permissions. */ - np_warn_if_not_root(); - /* create socket for DHCP communications */ dhcp_socket=create_dhcp_socket(); diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c index 4b4197d..8b563e4 100644 --- a/plugins-root/check_icmp.c +++ b/plugins-root/check_icmp.c @@ -383,9 +383,6 @@ main(int argc, char **argv) bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); - /* print a helpful error message if geteuid != 0 */ - np_warn_if_not_root(); - /* we only need to be setsuid when we get the sockets, so do * that before pointer magic (esp. on network data) */ icmp_sockerrno = udp_sockerrno = tcp_sockerrno = sockets = 0; -- cgit v0.10-9-g596f From 1f4fd12845a2041df3f34f7a84d8012e747e327c Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Sun, 6 Jul 2014 19:55:03 +0200 Subject: Don't rely on FindBin module to locate utils.pm As the FindBin module doesn't work with ePN, set the path to utils.pm explicitly at build time. Keep using FindBin additionally, so that the plugins can also be executed from the build directory. Closes #1271. diff --git a/plugins-scripts/Makefile.am b/plugins-scripts/Makefile.am index 78a950c..794a34f 100644 --- a/plugins-scripts/Makefile.am +++ b/plugins-scripts/Makefile.am @@ -26,7 +26,8 @@ EXTRA_DIST=check_breeze.pl check_disk_smb.pl check_flexlm.pl check_ircd.pl \ EDIT = sed \ -e 's|[@]NP_VERSION[@]|$(NP_VERSION)|g' \ -e 's|[@]TRUSTED_PATH[@]|$(with_trusted_path)|g' \ - -e 's|[@]PERL[@]|$(PERL)|g' + -e 's|[@]PERL[@]|$(PERL)|g' \ + -e 's|[@]libexecdir[@]|$(libexecdir)|g' TESTS_ENVIRONMENT=perl -I $(top_builddir) -I $(top_srcdir) diff --git a/plugins-scripts/check_breeze.pl b/plugins-scripts/check_breeze.pl index 12a60ee..1a3aceb 100755 --- a/plugins-scripts/check_breeze.pl +++ b/plugins-scripts/check_breeze.pl @@ -6,6 +6,7 @@ use Getopt::Long; use vars qw($opt_V $opt_h $opt_w $opt_c $opt_H $opt_C $PROGNAME); use FindBin; use lib "$FindBin::Bin"; +use lib '@libexecdir@'; use utils qw(%ERRORS &print_revision &support &usage); $PROGNAME = "check_breeze"; diff --git a/plugins-scripts/check_disk_smb.pl b/plugins-scripts/check_disk_smb.pl index 99948a4..4805434 100755 --- a/plugins-scripts/check_disk_smb.pl +++ b/plugins-scripts/check_disk_smb.pl @@ -26,6 +26,7 @@ use vars qw($opt_P $opt_V $opt_h $opt_H $opt_s $opt_W $opt_u $opt_p $opt_w $opt_ use vars qw($PROGNAME); use FindBin; use lib "$FindBin::Bin"; +use lib '@libexecdir@'; use utils qw($TIMEOUT %ERRORS &print_revision &support &usage); sub print_help (); diff --git a/plugins-scripts/check_file_age.pl b/plugins-scripts/check_file_age.pl index ae25201..453e0f5 100755 --- a/plugins-scripts/check_file_age.pl +++ b/plugins-scripts/check_file_age.pl @@ -27,6 +27,7 @@ use File::stat; use vars qw($PROGNAME); use FindBin; use lib "$FindBin::Bin"; +use lib '@libexecdir@'; use utils qw (%ERRORS &print_revision &support); sub print_help (); diff --git a/plugins-scripts/check_flexlm.pl b/plugins-scripts/check_flexlm.pl index 49d674d..5f3ed59 100755 --- a/plugins-scripts/check_flexlm.pl +++ b/plugins-scripts/check_flexlm.pl @@ -37,6 +37,7 @@ use Getopt::Long; use vars qw($opt_V $opt_h $opt_F $opt_t $verbose $PROGNAME); use FindBin; use lib "$FindBin::Bin"; +use lib '@libexecdir@'; use utils qw(%ERRORS &print_revision &support &usage); $PROGNAME="check_flexlm"; diff --git a/plugins-scripts/check_ifoperstatus.pl b/plugins-scripts/check_ifoperstatus.pl index 1a7fbba..cf2c7b5 100755 --- a/plugins-scripts/check_ifoperstatus.pl +++ b/plugins-scripts/check_ifoperstatus.pl @@ -37,6 +37,7 @@ use POSIX; use strict; use FindBin; use lib "$FindBin::Bin"; +use lib '@libexecdir@'; use utils qw($TIMEOUT %ERRORS &print_revision &support); use Net::SNMP; diff --git a/plugins-scripts/check_ifstatus.pl b/plugins-scripts/check_ifstatus.pl index e9e6214..fb17d98 100755 --- a/plugins-scripts/check_ifstatus.pl +++ b/plugins-scripts/check_ifstatus.pl @@ -34,6 +34,7 @@ use POSIX; use strict; use FindBin; use lib "$FindBin::Bin"; +use lib '@libexecdir@'; use utils qw($TIMEOUT %ERRORS &print_revision &support); use Net::SNMP; diff --git a/plugins-scripts/check_ircd.pl b/plugins-scripts/check_ircd.pl index afedfb9..6d40cf5 100755 --- a/plugins-scripts/check_ircd.pl +++ b/plugins-scripts/check_ircd.pl @@ -51,6 +51,7 @@ use vars qw($opt_V $opt_h $opt_t $opt_p $opt_H $opt_w $opt_c $verbose); use vars qw($PROGNAME); use FindBin; use lib "$FindBin::Bin"; +use lib '@libexecdir@'; use utils qw($TIMEOUT %ERRORS &print_revision &support &usage); # ----------------------------------------------------[ Function Prototypes ]-- diff --git a/plugins-scripts/check_mailq.pl b/plugins-scripts/check_mailq.pl index df1385d..bd78981 100755 --- a/plugins-scripts/check_mailq.pl +++ b/plugins-scripts/check_mailq.pl @@ -33,6 +33,7 @@ use vars qw($opt_V $opt_h $opt_v $verbose $PROGNAME $opt_w $opt_c $opt_t %srcdomains %dstdomains); use FindBin; use lib "$FindBin::Bin"; +use lib '@libexecdir@'; use utils qw(%ERRORS &print_revision &support &usage ); diff --git a/plugins-scripts/check_mssql.pl b/plugins-scripts/check_mssql.pl index a436a8f..1f38788 100755 --- a/plugins-scripts/check_mssql.pl +++ b/plugins-scripts/check_mssql.pl @@ -31,6 +31,7 @@ use DBD::Sybase; use Getopt::Long; use FindBin; use lib "$FindBin::Bin"; +use lib '@libexecdir@'; use utils qw($TIMEOUT %ERRORS &print_revision &support); use strict; diff --git a/plugins-scripts/check_netdns.pl b/plugins-scripts/check_netdns.pl index 82939bf..59c81a9 100755 --- a/plugins-scripts/check_netdns.pl +++ b/plugins-scripts/check_netdns.pl @@ -29,6 +29,7 @@ use Getopt::Long; use Net::DNS; use FindBin; use lib "$FindBin::Bin"; +use lib '@libexecdir@'; use utils ; my $PROGNAME = "check_netdns"; diff --git a/plugins-scripts/check_rpc.pl b/plugins-scripts/check_rpc.pl index cbdeceb..b1c6147 100755 --- a/plugins-scripts/check_rpc.pl +++ b/plugins-scripts/check_rpc.pl @@ -22,6 +22,7 @@ use strict; use FindBin; use lib "$FindBin::Bin"; +use lib '@libexecdir@'; use utils qw($TIMEOUT %ERRORS &print_revision &support); use vars qw($PROGNAME); my ($verbose,@proto,%prognum,$host,$response,$prognum,$port,$cmd,$progver,$state); diff --git a/plugins-scripts/check_wave.pl b/plugins-scripts/check_wave.pl index 979416e..ee0fda4 100755 --- a/plugins-scripts/check_wave.pl +++ b/plugins-scripts/check_wave.pl @@ -5,6 +5,7 @@ use strict; use FindBin; use lib "$FindBin::Bin"; +use lib '@libexecdir@'; use utils qw($TIMEOUT %ERRORS &print_revision &support); use vars qw($PROGNAME); use Getopt::Long; -- cgit v0.10-9-g596f From a2505f049d48d8ff77159a382f46b3cf854c096d Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Mon, 7 Jul 2014 11:33:39 +0200 Subject: plugins/netutils.h: Adjust UNIX_PATH_MAX for BSD On at least FreeBSD, NetBSD, OpenBSD, DragonFly, and OS X, this is hard-coded at 104 bytes. Closes #1267. diff --git a/plugins/netutils.h b/plugins/netutils.h index c5aa18f..c6fce90 100644 --- a/plugins/netutils.h +++ b/plugins/netutils.h @@ -40,8 +40,8 @@ #ifdef HAVE_SYS_UN_H # include # ifndef UNIX_PATH_MAX - /* linux uses this, on sun it's hard-coded at 108 without a define */ -# define UNIX_PATH_MAX 108 + /* linux uses this, on sun it's hard-coded at 108 without a define, on BSD at 104 */ +# define UNIX_PATH_MAX 104 # endif /* UNIX_PATH_MAX */ #endif /* HAVE_SYS_UN_H */ -- cgit v0.10-9-g596f From 76d8a40cddef7a63507cb0d0ce224ec373e4c62c Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Mon, 7 Jul 2014 16:49:32 +0200 Subject: NEWS: Update version number We're going to release version 2.0, not 1.6. diff --git a/NEWS b/NEWS index 171d5b8..9e3c62f 100644 --- a/NEWS +++ b/NEWS @@ -39,7 +39,7 @@ This file documents the major additions and syntax changes between releases. check_ide_smart -0/--auto-off, -1/--auto-on and -i/--immediate: options have been disabled because they were broken State retention: the NAGIOS_PLUGIN_STATE_DIRECTORY environment variable has been - renamed MP_STATE_PATH. The old variable will continue to work in v1.6.x + renamed MP_STATE_PATH. The old variable will continue to work in v2.0.x Add the UID of the invoking user to the state retention file path. This helps solving permission issues when different users run the same plugin check_swap used to allow returning OK on a system without swap when only percent thresholds -- cgit v0.10-9-g596f From 43b66c06a921b878ba4de2a246a219cca94dd498 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Mon, 7 Jul 2014 21:02:52 +0200 Subject: NEWS: Add a warning regarding check_snmp Tell users that check_snmp might now return CRITICAL in cases where it used to return OK, and how to deal with that. diff --git a/NEWS b/NEWS index 9e3c62f..3634501 100644 --- a/NEWS +++ b/NEWS @@ -26,12 +26,14 @@ This file documents the major additions and syntax changes between releases. check_dig: make sure not to give up too early when a timeout is specified with -t check_log: don't stumble over log lines that include a "%" character check_nt: add UPTIME to perfdata - Handle negative values properly with check_snmp Handle SNMPv3 noAuthNoPriv properly with check_snmp Fix compilation with GnuTLS WARNINGS New default installation prefix: /usr/local instead of /usr/local/nagios + check_snmp now evaluates negative values properly, which means it might return CRITICAL + in cases where it used to return OK. If this is undesired, the warning/critical + threshold(s) must be fixed by specifying e.g. ~:100 instead of 100 check_procs now ignores its parent process to avoid unexpected results when invoked via certain shells utils.sh no longer defines ECH check_ide_smart -q/--quiet and -n/--nagios (Nagios-compatile output) are now deprecated -- cgit v0.10-9-g596f From f54d10fe9ba202415c2001b1ec7c6eb4697c3d10 Mon Sep 17 00:00:00 2001 From: Mikael Falkvidd Date: Thu, 10 Jul 2014 14:25:23 +0200 Subject: check_procs: Add delay after forking in test Forking raises a race condition, where the parent might run the test before the child has had time to fork. If that happens, an error similar to this is produced: Failed test 'Output correct' at ./t/check_procs.t line 32. 'PROCS OK: 0 processes with args 'sleep 7' | processes=0;;;0;' doesn't match '/^PROCS OK: 1 process?/' Sleeping a bit should avoid the problem. It might be enough to sleep less than a second, but perl's built-in sleep function only supports integer seconds. In our build environment, the build failed 3 of 4 times before this patch. After the patch it failed 0 of 7 times. Signed-off-by: Mikael Falkvidd diff --git a/plugins/t/check_procs.t b/plugins/t/check_procs.t index ca4acdd..abe7284 100644 --- a/plugins/t/check_procs.t +++ b/plugins/t/check_procs.t @@ -26,7 +26,7 @@ $result = NPTest->testCmd( "./check_procs -w 100000 -c 100000 -s Z" ); is( $result->return_code, 0, "Checking less than 100000 zombie processes" ); like( $result->output, '/^PROCS OK: [0-9]+ process(es)? with /', "Output correct" ); -if(fork() == 0) { exec("sleep 7"); } # fork a test process +if(fork() == 0) { exec("sleep 7"); } else { sleep(1) } # fork a test process in child and give child time to fork in parent $result = NPTest->testCmd( "./check_procs -a 'sleep 7'" ); is( $result->return_code, 0, "Parent process is ignored" ); like( $result->output, '/^PROCS OK: 1 process?/', "Output correct" ); -- cgit v0.10-9-g596f From 7e0661a0930370248a0cd13174a6488fb1345ea0 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Thu, 10 Jul 2014 21:31:17 +0200 Subject: Update THANKS.in file with latest author diff --git a/THANKS.in b/THANKS.in index 9b458c3..883387e 100644 --- a/THANKS.in +++ b/THANKS.in @@ -322,3 +322,4 @@ Tilmann Bubeck Eric J. Mislivec Jean-Claude Computing Andy Brist +Mikael Falkvidd -- cgit v0.10-9-g596f From e4e95c1d594aa11fcc040241738c675d64c5ba44 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Fri, 11 Jul 2014 09:49:59 +0200 Subject: NEWS: Wrap overly long line diff --git a/NEWS b/NEWS index 3634501..cf58cb4 100644 --- a/NEWS +++ b/NEWS @@ -34,7 +34,8 @@ This file documents the major additions and syntax changes between releases. check_snmp now evaluates negative values properly, which means it might return CRITICAL in cases where it used to return OK. If this is undesired, the warning/critical threshold(s) must be fixed by specifying e.g. ~:100 instead of 100 - check_procs now ignores its parent process to avoid unexpected results when invoked via certain shells + check_procs now ignores its parent process to avoid unexpected results when invoked via + certain shells utils.sh no longer defines ECH check_ide_smart -q/--quiet and -n/--nagios (Nagios-compatile output) are now deprecated but accepted for backward-compatibility -- cgit v0.10-9-g596f From 017b523fa4a8198d65e53b3ad414346f47ad0472 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Fri, 11 Jul 2014 11:15:36 +0200 Subject: Prepare for the 2.0 release diff --git a/NEWS b/NEWS index cf58cb4..f28f391 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,6 @@ This file documents the major additions and syntax changes between releases. -2.0 ... +2.0 11th July 2014 ENHANCEMENTS check_mailq now supports auto detection of qmail, postfix, exim and nullmailer with fallback to sendmail diff --git a/NP-VERSION-GEN b/NP-VERSION-GEN index ae507e4..26f94e7 100755 --- a/NP-VERSION-GEN +++ b/NP-VERSION-GEN @@ -6,7 +6,7 @@ SRC_ROOT=`dirname $0` NPVF=NP-VERSION-FILE -DEF_VER=1.5.git +DEF_VER=2.0.git LF=' ' diff --git a/configure.ac b/configure.ac index 87d43fd..f6ead58 100644 --- a/configure.ac +++ b/configure.ac @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. AC_PREREQ(2.59) -AC_INIT(monitoring-plugins,1.5) +AC_INIT(monitoring-plugins,2.0) AC_CONFIG_SRCDIR(NPTest.pm) AC_CONFIG_FILES([gl/Makefile monitoring-plugins.spec]) -- cgit v0.10-9-g596f From 50cad9ae5d958f045fcea927b41b52d24ff59b91 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Fri, 11 Jul 2014 16:46:12 +0200 Subject: NEWS: Fix typo diff --git a/NEWS b/NEWS index f28f391..f2898ab 100644 --- a/NEWS +++ b/NEWS @@ -37,7 +37,7 @@ This file documents the major additions and syntax changes between releases. check_procs now ignores its parent process to avoid unexpected results when invoked via certain shells utils.sh no longer defines ECH - check_ide_smart -q/--quiet and -n/--nagios (Nagios-compatile output) are now deprecated + check_ide_smart -q/--quiet and -n/--nagios (Nagios-compatible output) are now deprecated but accepted for backward-compatibility check_ide_smart -0/--auto-off, -1/--auto-on and -i/--immediate: options have been disabled because they were broken -- cgit v0.10-9-g596f From 495cf3b2f8047815cc7de4f8238660f4609e97ca Mon Sep 17 00:00:00 2001 From: abrist Date: Fri, 14 Feb 2014 15:04:37 -0500 Subject: check_ntp_peer - Added specific state output for each metric. It now should be easy to see which check caused the alert. diff --git a/plugins/check_ntp_peer.c b/plugins/check_ntp_peer.c index 8dc1978..d3ae599 100644 --- a/plugins/check_ntp_peer.c +++ b/plugins/check_ntp_peer.c @@ -560,7 +560,7 @@ char *perfd_truechimers (int num_truechimers) } int main(int argc, char *argv[]){ - int result, offset_result, stratum, num_truechimers; + int result, offset_result, stratum, num_truechimers, oresult, jresult, sresult, tresult; double offset=0, jitter=0; char *result_line, *perfdata_line; @@ -597,15 +597,19 @@ int main(int argc, char *argv[]){ result = STATE_UNKNOWN; result = max_state_alt(result, get_status(fabs(offset), offset_thresholds)); } - + oresult = result; + if(do_truechimers) - result = max_state_alt(result, get_status(num_truechimers, truechimer_thresholds)); + tresult = get_status(num_truechimers, truechimer_thresholds); + result = max_state_alt(result, tresult); if(do_stratum) - result = max_state_alt(result, get_status(stratum, stratum_thresholds)); + sresult = get_status(stratum, stratum_thresholds); + result = max_state_alt(result, sresult); if(do_jitter) - result = max_state_alt(result, get_status(jitter, jitter_thresholds)); + jresult = get_status(jitter, jitter_thresholds); + result = max_state_alt(result, jresult); switch (result) { case STATE_CRITICAL : @@ -629,20 +633,43 @@ int main(int argc, char *argv[]){ if(offset_result == STATE_UNKNOWN){ xasprintf(&result_line, "%s %s", result_line, _("Offset unknown")); xasprintf(&perfdata_line, ""); + } else if (oresult == STATE_WARNING) { + xasprintf(&result_line, "%s %s %.10g secs (WARNING)", result_line, _("Offset"), offset); + } else if (oresult == STATE_CRITICAL) { + xasprintf(&result_line, "%s %s %.10g secs (CRITICAL)", result_line, _("Offset"), offset); } else { xasprintf(&result_line, "%s %s %.10g secs", result_line, _("Offset"), offset); - xasprintf(&perfdata_line, "%s", perfd_offset(offset)); - } + } + xasprintf(&perfdata_line, "%s", perfd_offset(offset)); + if (do_jitter) { - xasprintf(&result_line, "%s, jitter=%f", result_line, jitter); + if (jresult == STATE_WARNING) { + xasprintf(&result_line, "%s, jitter=%f (WARNING)", result_line, jitter); + } else if (jresult == STATE_CRITICAL) { + xasprintf(&result_line, "%s, jitter=%f (CRITICAL)", result_line, jitter); + } else { + xasprintf(&result_line, "%s, jitter=%f", result_line, jitter); + } xasprintf(&perfdata_line, "%s %s", perfdata_line, perfd_jitter(jitter)); } if (do_stratum) { - xasprintf(&result_line, "%s, stratum=%i", result_line, stratum); + if (sresult == STATE_WARNING) { + xasprintf(&result_line, "%s, stratum=%i (WARNING)", result_line, stratum); + } else if (sresult == STATE_CRITICAL) { + xasprintf(&result_line, "%s, stratum=%i (CRITICAL)", result_line, stratum); + } else { + xasprintf(&result_line, "%s, stratum=%i", result_line, stratum); + } xasprintf(&perfdata_line, "%s %s", perfdata_line, perfd_stratum(stratum)); } if (do_truechimers) { - xasprintf(&result_line, "%s, truechimers=%i", result_line, num_truechimers); + if (tresult == STATE_WARNING) { + xasprintf(&result_line, "%s, truechimers=%i (WARNING)", result_line, num_truechimers); + } else if (tresult == STATE_CRITICAL) { + xasprintf(&result_line, "%s, truechimers=%i (CRITICAL)", result_line, num_truechimers); + } else { + xasprintf(&result_line, "%s, truechimers=%i", result_line, num_truechimers); + } xasprintf(&perfdata_line, "%s %s", perfdata_line, perfd_truechimers(num_truechimers)); } printf("%s|%s\n", result_line, perfdata_line); @@ -651,8 +678,6 @@ int main(int argc, char *argv[]){ return result; } - - void print_help(void){ print_revision(progname, NP_VERSION); -- cgit v0.10-9-g596f From 78d00d338a07ab0dd5ff052af96aab13a5ee93ae Mon Sep 17 00:00:00 2001 From: abrist Date: Mon, 3 Mar 2014 12:41:30 -0500 Subject: check_ntp.t - fixed tests for new status output closes #1236 and #1239 diff --git a/plugins/t/check_ntp.t b/plugins/t/check_ntp.t index 74d890f..b8fc8fd 100644 --- a/plugins/t/check_ntp.t +++ b/plugins/t/check_ntp.t @@ -35,8 +35,8 @@ my $ntp_okmatch1 = '/^NTP\sOK:\sOffset\s-?[0-9]+(\.[0-9]+)?(e-[0-9]{2})?\ssecs/' my $ntp_warnmatch1 = '/^NTP\sWARNING:\sOffset\s-?[0-9]+(\.[0-9]+)?(e-[0-9]{2})?\ssecs/'; my $ntp_critmatch1 = '/^NTP\sCRITICAL:\sOffset\s-?[0-9]+(\.[0-9]+)?(e-[0-9]{2})?\ssecs/'; my $ntp_okmatch2 = '/^NTP\sOK:\sOffset\s-?[0-9]+(\.[0-9]+)?(e-[0-9]{2})?\ssecs,\sjitter=[0-9]+\.[0-9]+,\sstratum=[0-9]{1,2},\struechimers=[0-9]+/'; -my $ntp_warnmatch2 = '/^NTP\sWARNING:\sOffset\s-?[0-9]+(\.[0-9]+)?(e-[0-9]{2})?\ssecs,\sjitter=[0-9]+\.[0-9]+,\sstratum=[0-9]{1,2},\struechimers=[0-9]+/'; -my $ntp_critmatch2 = '/^NTP\sCRITICAL:\sOffset\s-?[0-9]+(\.[0-9]+)?(e-[0-9]{2})?\ssecs,\sjitter=[0-9]+\.[0-9]+,\sstratum=[0-9]{1,2},\struechimers=[0-9]+/'; +my $ntp_warnmatch2 = '/^NTP\sWARNING:\sOffset\s-?[0-9]+(\.[0-9]+)?(e-[0-9]{2})?\ssecs,\sjitter=[0-9]+\.[0-9]+,\sstratum=[0-9]{1,2}\s\(WARNING\),\struechimers=[0-9]+/'; +my $ntp_critmatch2 = '/^NTP\sCRITICAL:\sOffset\s-?[0-9]+(\.[0-9]+)?(e-[0-9]{2})?\ssecs,\sjitter=[0-9]+\.[0-9]+\s\(CRITICAL\),\sstratum=[0-9]{1,2},\struechimers=[0-9]+/'; my $ntp_noresponse = '/^(CRITICAL - Socket timeout after 3 seconds)|(NTP CRITICAL: No response from NTP server)$/'; my $ntp_nosuchhost = '/^check_ntp.*: Invalid hostname/address - ' . $hostname_invalid . '/'; -- cgit v0.10-9-g596f From 3c7d24478c7e79f288d4e79278168c3fe5b73a45 Mon Sep 17 00:00:00 2001 From: abrist Date: Fri, 24 Jan 2014 13:52:08 -0500 Subject: check_hpjd - Added a switch for port specification. Defaults to 161. diff --git a/plugins/check_hpjd.c b/plugins/check_hpjd.c index 1e7605b..1ee4d13 100644 --- a/plugins/check_hpjd.c +++ b/plugins/check_hpjd.c @@ -39,7 +39,7 @@ const char *email = "devel@monitoring-plugins.org"; #include "netutils.h" #define DEFAULT_COMMUNITY "public" - +#define DEFAULT_PORT "161" const char *option_summary = "-H host [-C community]\n"; @@ -66,6 +66,7 @@ void print_usage (void); char *community = NULL; char *address = NULL; +char *port = NULL; int main (int argc, char **argv) @@ -119,8 +120,8 @@ main (int argc, char **argv) HPJD_GD_DOOR_OPEN, HPJD_GD_PAPER_OUTPUT, HPJD_GD_STATUS_DISPLAY); /* get the command to run */ - sprintf (command_line, "%s -OQa -m : -v 1 -c %s %s %s", PATH_TO_SNMPGET, community, - address, query_string); + sprintf (command_line, "%s -OQa -m : -v 1 -c %s %s:%hd %s", PATH_TO_SNMPGET, community, + address, port, query_string); /* run the command */ child_process = spopen (command_line); @@ -313,7 +314,7 @@ process_arguments (int argc, char **argv) {"community", required_argument, 0, 'C'}, /* {"critical", required_argument,0,'c'}, */ /* {"warning", required_argument,0,'w'}, */ -/* {"port", required_argument,0,'P'}, */ + {"port", required_argument,0,'p'}, {"version", no_argument, 0, 'V'}, {"help", no_argument, 0, 'h'}, {0, 0, 0, 0} @@ -324,7 +325,7 @@ process_arguments (int argc, char **argv) while (1) { - c = getopt_long (argc, argv, "+hVH:C:", longopts, &option); + c = getopt_long (argc, argv, "+hVH:C:p:", longopts, &option); if (c == -1 || c == EOF || c == 1) break; @@ -341,6 +342,12 @@ process_arguments (int argc, char **argv) case 'C': /* community */ community = strscpy (community, optarg); break; + case 'p': + if (!is_intpos(optarg)) + usage2 (_("Port must be a positive integer"), optarg); + else + port = atoi(optarg); + break; case 'V': /* version */ print_revision (progname, NP_VERSION); exit (STATE_OK); @@ -369,6 +376,13 @@ process_arguments (int argc, char **argv) community = strdup (DEFAULT_COMMUNITY); } + if (port == NULL) { + if (argv[c] != NULL ) + port = argv[c]; + else + port = atoi (DEFAULT_PORT); + } + return validate_arguments (); } @@ -402,6 +416,10 @@ print_help (void) printf (" %s", _("The SNMP community name ")); printf (_("(default=%s)"), DEFAULT_COMMUNITY); printf ("\n"); + printf (" %s\n", "-p, --port=STRING"); + printf (" %s", _("Specify the port to check ")); + printf (_("(default=%s)"), DEFAULT_PORT); + printf ("\n"); printf (UT_SUPPORT); } @@ -412,5 +430,5 @@ void print_usage (void) { printf ("%s\n", _("Usage:")); - printf ("%s -H host [-C community]\n", progname); + printf ("%s -H host [-C community] [-p port]\n", progname); } -- cgit v0.10-9-g596f From 8e187dfefef1397b1f87a1008e162e46a74f4782 Mon Sep 17 00:00:00 2001 From: abrist Date: Fri, 24 Jan 2014 14:04:37 -0500 Subject: Added check_hpjd port option to news and clarified the port usage error. diff --git a/NEWS b/NEWS index f2898ab..d48e1d8 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,9 @@ This file documents the major additions and syntax changes between releases. +2.1 + ENHANCEMENTS + New check_hpjd -p option for port specification (abrist) + 2.0 11th July 2014 ENHANCEMENTS check_mailq now supports auto detection of qmail, postfix, exim and nullmailer with diff --git a/plugins/check_hpjd.c b/plugins/check_hpjd.c index 1ee4d13..5fe0698 100644 --- a/plugins/check_hpjd.c +++ b/plugins/check_hpjd.c @@ -344,7 +344,7 @@ process_arguments (int argc, char **argv) break; case 'p': if (!is_intpos(optarg)) - usage2 (_("Port must be a positive integer"), optarg); + usage2 (_("Port must be a positive short integer"), optarg); else port = atoi(optarg); break; -- cgit v0.10-9-g596f From 479509ad59cdb05894ab39206157e6dd3f4e7faf Mon Sep 17 00:00:00 2001 From: abrist Date: Mon, 27 Jan 2014 19:06:46 -0500 Subject: added tests for check_hpjd port options --- Closes #1160 and #973 diff --git a/plugins/t/check_hpjd.t b/plugins/t/check_hpjd.t index 10ded54..4d64852 100644 --- a/plugins/t/check_hpjd.t +++ b/plugins/t/check_hpjd.t @@ -10,7 +10,6 @@ use NPTest; plan skip_all => "check_hpjd not compiled" unless (-x "check_hpjd"); -plan tests => 5; my $successOutput = '/^Printer ok - /'; my $failureOutput = '/Timeout: No [Rr]esponse from /'; @@ -20,31 +19,53 @@ my $host_tcp_hpjd = getTestParameter( "A host (usually a printer) providing the HP-JetDirect Services" ); +my $host_hpjd_port_invalid = getTestParameter( + "NP_HOST_HPJD_PORT_INVALID", + "A port that HP-JetDirect Services is not listening on", + "162" + ); + +my $host_hpjd_port_valid = getTestParameter( + "NP_HOST_HPJD_PORT_VALID", + "The port that HP-JetDirect Services is currently listening on", + "161" + ); + my $host_nonresponsive = getTestParameter( "NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", - "10.0.0.1", + "10.0.0.1" ); my $hostname_invalid = getTestParameter( "NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", - "nosuchhost", + "nosuchhost" ); +my $tests = $host_tcp_hpjd ? 9 : 5; +plan tests => $tests; my $res; SKIP: { skip "No HP JetDirect defined", 2 unless $host_tcp_hpjd; - $res = NPTest->testCmd("./check_hpjd $host_tcp_hpjd"); - cmp_ok( $res->return_code, '==', 0, "Jetdirect responding" ); + $res = NPTest->testCmd("./check_hpjd -H $host_tcp_hpjd"); + cmp_ok( $res->return_code, 'eq', 0, "Jetdirect responding" ); like ( $res->output, $successOutput, "Output correct" ); + + $res = NPTest->testCmd("./check_hpjd -H $host_tcp_hpjd -p $host_hpjd_port_valid"); + cmp_ok( $res->return_code, 'eq', 0, "Jetdirect responding on port $host_hpjd_port_valid" ); + like ( $res->output, $successOutput, "Output correct" ); + + $res = NPTest->testCmd("./check_hpjd -H $host_tcp_hpjd -p $host_hpjd_port_invalid"); + cmp_ok( $res->return_code, 'eq', 2, "Jetdirect not responding on port $host_hpjd_port_invalid" ); + like ( $res->output, $failureOutput, "Output correct" ); } -$res = NPTest->testCmd("./check_hpjd $host_nonresponsive"); +$res = NPTest->testCmd("./check_hpjd -H $host_nonresponsive"); cmp_ok( $res->return_code, 'eq', 2, "Host not responding"); like ( $res->output, $failureOutput, "Output OK" ); -$res = NPTest->testCmd("./check_hpjd $hostname_invalid"); +$res = NPTest->testCmd("./check_hpjd -H $hostname_invalid"); cmp_ok( $res->return_code, 'eq', 3, "Hostname invalid"); -- cgit v0.10-9-g596f From 71063655e558224d692950ac9abaa39e0b7c6585 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Sun, 20 Jul 2014 16:12:30 +0200 Subject: travis-ci: Adding ports for check_hpjd diff --git a/plugins/t/NPTest.cache.travis b/plugins/t/NPTest.cache.travis index c1007de..4ebfb90 100644 --- a/plugins/t/NPTest.cache.travis +++ b/plugins/t/NPTest.cache.travis @@ -14,6 +14,8 @@ 'NP_HOST_SNMP' => '', 'NP_HOST_TCP_FTP' => '', 'NP_HOST_TCP_HPJD' => '', + 'NP_HOST_HPJD_PORT_INVALID' => '161', + 'NP_HOST_HPJD_PORT_VALID' => '', 'NP_HOST_TCP_HTTP' => 'localhost', 'NP_HOST_TCP_HTTP2' => 'labs.consol.de', 'NP_HOST_TCP_IMAP' => 'imap.web.de', -- cgit v0.10-9-g596f From 69b719aa2e3bd8dfd643d7cbe60e6e165d5279ea Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Mon, 30 Sep 2013 17:55:22 +0200 Subject: check_ifstatus: perfdata bug The perfdata output violates the current Nagios Plugin Development Guidelines (http://nagiosplug.sourceforge.net/developer-guidelines.html#AEN202 : "space separated list of label/value pairs"). Thus the Addon PNP did not read the perdata correctly. The patch replaces the commas with spaces in the perfdata output. Many thanks to Patric Wust. --- Closes #1169 and #721. diff --git a/THANKS.in b/THANKS.in index 883387e..43ba182 100644 --- a/THANKS.in +++ b/THANKS.in @@ -323,3 +323,4 @@ Eric J. Mislivec Jean-Claude Computing Andy Brist Mikael Falkvidd +Patric Wust diff --git a/plugins-scripts/check_ifstatus.pl b/plugins-scripts/check_ifstatus.pl index fb17d98..709ad17 100755 --- a/plugins-scripts/check_ifstatus.pl +++ b/plugins-scripts/check_ifstatus.pl @@ -221,7 +221,7 @@ foreach $key (keys %ifStatus) { $ifexclude, $ifunused); } -my $perfdata = sprintf("up=%d,down=%d,dormant=%d,excluded=%d,unused=%d",$ifup,$ifdown,$ifdormant,$ifexclude,$ifunused); +my $perfdata = sprintf("up=%d down=%d dormant=%d excluded=%d unused=%d",$ifup,$ifdown,$ifdormant,$ifexclude,$ifunused); print ("$state: $answer |$perfdata\n"); exit $ERRORS{$state}; -- cgit v0.10-9-g596f From 3bf812beaee7035b1c08e49b55d7962056931d7b Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Tue, 1 Oct 2013 09:26:41 +0200 Subject: sslutils: expire time in local timezone format sshutils prints the expiry time of certificates in US format this patch uses the strftime %c, I don't know how portable that is Thanks to Neil Prockter. Closes #1188 Closes #1161 Closes #977 Closes #976 Closes #975 Closes #840 Closes #382 diff --git a/THANKS.in b/THANKS.in index 43ba182..6738ae7 100644 --- a/THANKS.in +++ b/THANKS.in @@ -324,3 +324,4 @@ Jean-Claude Computing Andy Brist Mikael Falkvidd Patric Wust +Neil Prockter diff --git a/plugins/sslutils.c b/plugins/sslutils.c index 687bffb..d0ae474 100644 --- a/plugins/sslutils.c +++ b/plugins/sslutils.c @@ -153,7 +153,8 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ struct tm stamp; float time_left; int days_left; - char timestamp[17] = ""; + char timestamp[50] = ""; + time_t tm_t; certificate=SSL_get_peer_certificate(s); if (!certificate) { @@ -211,10 +212,8 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ time_left = difftime(timegm(&stamp), time(NULL)); days_left = time_left / 86400; - snprintf - (timestamp, 17, "%02d/%02d/%04d %02d:%02d", - stamp.tm_mon + 1, - stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); + tm_t = mktime (&stamp); + strftime(timestamp, 50, "%c", localtime(&tm_t)); if (days_left > 0 && days_left <= days_till_exp_warn) { printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, days_left, timestamp); -- cgit v0.10-9-g596f From c5a64eeef8340ff39fafb21878d92139b4c1fb73 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Mon, 21 Jul 2014 13:59:22 +0200 Subject: plugins/t/check_dns.t: Fix Perl warning Perl said: "Unrecognized escape \d passed through at ./t/check_dns.t line 57." diff --git a/plugins/t/check_dns.t b/plugins/t/check_dns.t index 4ff553f..b885880 100644 --- a/plugins/t/check_dns.t +++ b/plugins/t/check_dns.t @@ -54,7 +54,7 @@ cmp_ok( $res->return_code, '==', 2, "Critical threshold passed"); $res = NPTest->testCmd("./check_dns -H $hostname_valid -t 5 -w 0 -c 5"); cmp_ok( $res->return_code, '==', 1, "Warning threshold passed"); -like( $res->output, "/\|time=[\d\.]+s;0.0*;5\.0*;0\.0*/", "Output performance data OK" ); +like( $res->output, '/\|time=[\d\.]+s;0.0*;5\.0*;0\.0*/', "Output performance data OK" ); $res = NPTest->testCmd("./check_dns -H $hostname_invalid -t 1"); cmp_ok( $res->return_code, '==', 2, "Invalid $hostname_invalid"); -- cgit v0.10-9-g596f From 8f7b5a71c99739d205558b36c8b8f5f622c1a0d9 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Mon, 21 Jul 2014 21:28:20 +0200 Subject: travis-ci: Using libfreeradius-client-dev as build-dep diff --git a/.travis.yml b/.travis.yml index 02fa084..f03ac9c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,11 +1,12 @@ language: c before_install: + - sudo add-apt-repository -y ppa:waja/precise-backports - sudo apt-get update -qq - sudo apt-get purge -qq gawk install: - - sudo apt-get install -qq --no-install-recommends perl autotools-dev libdbi-dev libldap2-dev libpq-dev libmysqlclient-dev libradiusclient-ng-dev libkrb5-dev libnet-snmp-perl procps + - sudo apt-get install -qq --no-install-recommends perl autotools-dev libdbi-dev libldap2-dev libpq-dev libmysqlclient-dev libfreeradius-client-dev libkrb5-dev libnet-snmp-perl procps - sudo apt-get install -qq --no-install-recommends libdbi0-dev libdbd-sqlite3 libssl-dev dnsutils snmp-mibs-downloader - sudo apt-get install -qq --no-install-recommends fping snmp netcat smbclient fping pure-ftpd apache2 postfix - sudo apt-get install -qq --no-install-recommends autoconf automake -- cgit v0.10-9-g596f From b785a770e4fbcdd6d11717eeb6eb00172eac4fb8 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Mon, 21 Jul 2014 21:52:33 +0200 Subject: plugins/tests/check_http.t: Adjust date strings Adjust the expected date strings to the now-localized output produced by plugins/sslutils.c. Closes #1275. diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t index 225b449..d93a0ec 100755 --- a/plugins/tests/check_http.t +++ b/plugins/tests/check_http.t @@ -186,21 +186,21 @@ SKIP: { $result = NPTest->testCmd( "$command -p $port_https -S -C 14" ); is( $result->return_code, 0, "$command -p $port_https -S -C 14" ); - is( $result->output, 'OK - Certificate \'Ton Voon\' will expire on 03/03/2019 21:41.', "output ok" ); + is( $result->output, 'OK - Certificate \'Ton Voon\' will expire on Sun Mar 3 21:41:00 2019.', "output ok" ); $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" ); is( $result->return_code, 1, "$command -p $port_https -S -C 14000" ); - like( $result->output, '/WARNING - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(03/03/2019 21:41\)./', "output ok" ); + like( $result->output, '/WARNING - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar 3 21:41:00 2019\)./', "output ok" ); # Expired cert tests $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" ); is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" ); - like( $result->output, '/CRITICAL - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(03/03/2019 21:41\)./', "output ok" ); + like( $result->output, '/CRITICAL - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar 3 21:41:00 2019\)./', "output ok" ); $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" ); is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" ); is( $result->output, - 'CRITICAL - Certificate \'Ton Voon\' expired on 03/05/2009 00:13.', + 'CRITICAL - Certificate \'Ton Voon\' expired on Thu Mar 5 00:13:00 2009.', "output ok" ); } -- cgit v0.10-9-g596f From b5611ea57167423481a73bebeadba0518cf3f1e9 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Mon, 21 Jul 2014 22:20:57 +0200 Subject: Use "C" locale when running test suite Some of our tests check locale-dependent plugin output, so let's make sure "make test" is always using the "C" locale. diff --git a/test.pl.in b/test.pl.in index 01a97ec..2f2c44f 100755 --- a/test.pl.in +++ b/test.pl.in @@ -9,6 +9,8 @@ use Getopt::Long; use NPTest qw(DetermineTestHarnessDirectory TestsFrom); +$ENV{LC_ALL} = 'C'; + my @tstdir; if ( ! GetOptions( "testdir:s" => \@tstdir ) ) -- cgit v0.10-9-g596f From 98a670bf773b28868ff2d1c41daee4e7d497db4b Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Mon, 21 Jul 2014 21:58:13 +0200 Subject: travis-ci: Installing libhttp-daemon-ssl-perl to make plugins/tests/check_http.t possible to run diff --git a/.travis.yml b/.travis.yml index f03ac9c..cec7878 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,7 +8,7 @@ before_install: install: - sudo apt-get install -qq --no-install-recommends perl autotools-dev libdbi-dev libldap2-dev libpq-dev libmysqlclient-dev libfreeradius-client-dev libkrb5-dev libnet-snmp-perl procps - sudo apt-get install -qq --no-install-recommends libdbi0-dev libdbd-sqlite3 libssl-dev dnsutils snmp-mibs-downloader - - sudo apt-get install -qq --no-install-recommends fping snmp netcat smbclient fping pure-ftpd apache2 postfix + - sudo apt-get install -qq --no-install-recommends fping snmp netcat smbclient fping pure-ftpd apache2 postfix libhttp-daemon-ssl-perl - sudo apt-get install -qq --no-install-recommends autoconf automake before_script: -- cgit v0.10-9-g596f From 2e8d440e73ac2b1875db5ecaf6df510fdcf6eb7a Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Tue, 1 Oct 2013 00:47:08 +0200 Subject: check_mysql: ignore authentication failure This patch allows checking if MySQL server is running without providing valid username and password. Similar to check_ssh plugin it returns MySQL server version string and protocol number. Example: check_mysql -n -H aaa.bbb.ccc.ddd MySQL OK - Version: 5.0.51a-24+lenny5 (protocol 10) This is useful for monitoring servers where one does not have administrator privileges or does not want to grant any privileges for the monitoring station. To enable this functionality new option --ignore-auth (-n) is added to check_mysql plugin. Thanks to Julius Kriukas Closes #1020 Closes #1178 diff --git a/THANKS.in b/THANKS.in index 6738ae7..b732e78 100644 --- a/THANKS.in +++ b/THANKS.in @@ -325,3 +325,4 @@ Andy Brist Mikael Falkvidd Patric Wust Neil Prockter +Julius Kriukas diff --git a/plugins/check_mysql.c b/plugins/check_mysql.c index 4f09e5f..216626b 100644 --- a/plugins/check_mysql.c +++ b/plugins/check_mysql.c @@ -42,6 +42,7 @@ const char *email = "devel@monitoring-plugins.org"; #include "netutils.h" #include +#include #include char *db_user = NULL; @@ -59,6 +60,7 @@ char *opt_file = NULL; char *opt_group = NULL; unsigned int db_port = MYSQL_PORT; int check_slave = 0, warn_sec = 0, crit_sec = 0; +int ignore_auth = 0; int verbose = 0; static double warning_time = 0; @@ -136,7 +138,16 @@ main (int argc, char **argv) mysql_ssl_set(&mysql,key,cert,ca_cert,ca_dir,ciphers); /* establish a connection to the server and error checking */ if (!mysql_real_connect(&mysql,db_host,db_user,db_pass,db,db_port,db_socket,0)) { - if (mysql_errno (&mysql) == CR_UNKNOWN_HOST) + if (ignore_auth && mysql_errno (&mysql) == ER_ACCESS_DENIED_ERROR) + { + printf("MySQL OK - Version: %s (protocol %d)\n", + mysql_get_server_info(&mysql), + mysql_get_proto_info(&mysql) + ); + mysql_close (&mysql); + return STATE_OK; + } + else if (mysql_errno (&mysql) == CR_UNKNOWN_HOST) die (STATE_WARNING, "%s\n", mysql_error (&mysql)); else if (mysql_errno (&mysql) == CR_VERSION_ERROR) die (STATE_WARNING, "%s\n", mysql_error (&mysql)); @@ -341,6 +352,7 @@ process_arguments (int argc, char **argv) {"critical", required_argument, 0, 'c'}, {"warning", required_argument, 0, 'w'}, {"check-slave", no_argument, 0, 'S'}, + {"ignore-auth", no_argument, 0, 'n'}, {"verbose", no_argument, 0, 'v'}, {"version", no_argument, 0, 'V'}, {"help", no_argument, 0, 'h'}, @@ -357,7 +369,7 @@ process_arguments (int argc, char **argv) return ERROR; while (1) { - c = getopt_long (argc, argv, "hlvVSP:p:u:d:H:s:c:w:a:k:C:D:L:f:g:", longopts, &option); + c = getopt_long (argc, argv, "hlvVnSP:p:u:d:H:s:c:w:a:k:C:D:L:f:g:", longopts, &option); if (c == -1 || c == EOF) break; @@ -419,6 +431,9 @@ process_arguments (int argc, char **argv) case 'S': check_slave = 1; /* check-slave */ break; + case 'n': + ignore_auth = 1; /* ignore-auth */ + break; case 'w': warning = optarg; warning_time = strtod (warning, NULL); @@ -506,6 +521,9 @@ print_help (void) printf (UT_EXTRA_OPTS); printf (UT_HOST_PORT, 'P', myport); + printf (" %s\n", "-n, --ignore-auth"); + printf (" %s\n", _("Ignore authentication failure and check for mysql connectivity only")); + printf (" %s\n", "-s, --socket=STRING"); printf (" %s\n", _("Use the specified socket (has no effect if -H is used)")); -- cgit v0.10-9-g596f From e85fcbd5711999af88ed887c0c17a26ab29f2b28 Mon Sep 17 00:00:00 2001 From: Davide Madrisan Date: Wed, 7 May 2014 22:14:45 +0200 Subject: This patch will add the IP and port, or socket name, to the error message and thus simplify the problem debugging: no need to check for this information in the Nagios configuration. This function is only used by 'check_tcp.c'. Without the patch: $ ./plugins/check_tcp -H 127.0.0.1 -p 21 Connection refused $ ./plugins/check_tcp -H /var/spool/nagios/cmd/nagios.cmd Permission denied With the patch: $ ./plugins/check_tcp -H 127.0.0.1 -p 21 connect to address 127.0.0.1 and port 21: Connection refused $ ./plugins/check_tcp -H /var/spool/nagios/cmd/nagios.cmd connect to socket /var/spool/nagios/cmd/nagios.cmd: Permission denied Thanks to Davide Madrisan. --- Closes #1277 diff --git a/plugins/netutils.c b/plugins/netutils.c index 0044046..4804218 100644 --- a/plugins/netutils.c +++ b/plugins/netutils.c @@ -167,11 +167,13 @@ np_net_connect (const char *host_name, int port, int *sd, int proto) char port_str[6], host[MAX_HOST_ADDRESS_LENGTH]; size_t len; int socktype, result; + bool is_socket; socktype = (proto == IPPROTO_UDP) ? SOCK_DGRAM : SOCK_STREAM; + bool is_socket = (host_name[0] == '/'); /* as long as it doesn't start with a '/', it's assumed a host or ip */ - if(host_name[0] != '/'){ + if (!is_socket){ memset (&hints, 0, sizeof (hints)); hints.ai_family = address_family; hints.ai_protocol = proto; @@ -253,7 +255,11 @@ np_net_connect (const char *host_name, int port, int *sd, int proto) return econn_refuse_state; break; case STATE_CRITICAL: /* user did not set econn_refuse_state */ - printf ("%s\n", strerror(errno)); + if (is_socket) + printf("connect to socket %s: %s\n", host_name, strerror(errno)); + else + printf("connect to address %s and port %d: %s\n", + host_name, port, strerror(errno)); return econn_refuse_state; break; default: /* it's a logic error if we do not end up in STATE_(OK|WARNING|CRITICAL) */ @@ -262,7 +268,11 @@ np_net_connect (const char *host_name, int port, int *sd, int proto) } } else { - printf ("%s\n", strerror(errno)); + if (is_socket) + printf("connect to socket %s: %s\n", host_name, strerror(errno)); + else + printf("connect to address %s and port %d: %s\n", + host_name, port, strerror(errno)); return STATE_CRITICAL; } } -- cgit v0.10-9-g596f From fc2c099d58eeb32350a6b147db067d179d8debb6 Mon Sep 17 00:00:00 2001 From: abrist Date: Mon, 19 May 2014 16:16:40 -0400 Subject: netutils.c - A few more changes Changed bool to short. Removed first instance of is_socket to avoid redeclaration error. Changed 'socket' to 'file socket' for verbosity. diff --git a/plugins/netutils.c b/plugins/netutils.c index 4804218..83f8942 100644 --- a/plugins/netutils.c +++ b/plugins/netutils.c @@ -167,10 +167,9 @@ np_net_connect (const char *host_name, int port, int *sd, int proto) char port_str[6], host[MAX_HOST_ADDRESS_LENGTH]; size_t len; int socktype, result; - bool is_socket; + short is_socket = (host_name[0] == '/'); socktype = (proto == IPPROTO_UDP) ? SOCK_DGRAM : SOCK_STREAM; - bool is_socket = (host_name[0] == '/'); /* as long as it doesn't start with a '/', it's assumed a host or ip */ if (!is_socket){ @@ -256,7 +255,7 @@ np_net_connect (const char *host_name, int port, int *sd, int proto) break; case STATE_CRITICAL: /* user did not set econn_refuse_state */ if (is_socket) - printf("connect to socket %s: %s\n", host_name, strerror(errno)); + printf("connect to file socket %s: %s\n", host_name, strerror(errno)); else printf("connect to address %s and port %d: %s\n", host_name, port, strerror(errno)); @@ -269,7 +268,7 @@ np_net_connect (const char *host_name, int port, int *sd, int proto) } else { if (is_socket) - printf("connect to socket %s: %s\n", host_name, strerror(errno)); + printf("connect to file socket %s: %s\n", host_name, strerror(errno)); else printf("connect to address %s and port %d: %s\n", host_name, port, strerror(errno)); -- cgit v0.10-9-g596f From a941219b41ba15abb393ae3a1cbdef3d28025c09 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Tue, 1 Oct 2013 08:17:54 +0200 Subject: check_ntp_time: adding offset option Not sure if this is of use or not - we have a strange requirement to run certain servers 5 minutes fast. I've added a switch to the check_ntp_time to allow for this offset. Thanks to Patrick McAndrew. diff --git a/plugins/check_ntp_time.c b/plugins/check_ntp_time.c index 72dffbd..d6cf419 100644 --- a/plugins/check_ntp_time.c +++ b/plugins/check_ntp_time.c @@ -48,6 +48,7 @@ static int verbose=0; static int quiet=0; static char *owarn="60"; static char *ocrit="120"; +static int time_offset=0; int process_arguments (int, char **); thresholds *offset_thresholds = NULL; @@ -400,7 +401,7 @@ double offset_request(const char *host, int *status){ gettimeofday(&recv_time, NULL); DBG(print_ntp_message(&req[i])); respnum=servers[i].num_responses++; - servers[i].offset[respnum]=calc_offset(&req[i], &recv_time); + servers[i].offset[respnum]=calc_offset(&req[i], &recv_time)+time_offset; if(verbose) { printf("offset %.10g\n", servers[i].offset[respnum]); } @@ -455,6 +456,7 @@ int process_arguments(int argc, char **argv){ {"use-ipv4", no_argument, 0, '4'}, {"use-ipv6", no_argument, 0, '6'}, {"quiet", no_argument, 0, 'q'}, + {"time-offset", optional_argument, 0, 'o'}, {"warning", required_argument, 0, 'w'}, {"critical", required_argument, 0, 'c'}, {"timeout", required_argument, 0, 't'}, @@ -468,7 +470,7 @@ int process_arguments(int argc, char **argv){ usage ("\n"); while (1) { - c = getopt_long (argc, argv, "Vhv46qw:c:t:H:p:", longopts, &option); + c = getopt_long (argc, argv, "Vhv46qw:c:t:H:p:o:", longopts, &option); if (c == -1 || c == EOF || c == 1) break; @@ -504,6 +506,9 @@ int process_arguments(int argc, char **argv){ case 't': socket_timeout=atoi(optarg); break; + case 'o': + time_offset=atoi(optarg); + break; case '4': address_family = AF_INET; break; @@ -616,6 +621,8 @@ void print_help(void){ printf (" %s\n", _("Offset to result in warning status (seconds)")); printf (" %s\n", "-c, --critical=THRESHOLD"); printf (" %s\n", _("Offset to result in critical status (seconds)")); + printf (" %s\n", "-o, --time_offset="); + printf (" %s\n", _("Expected offset of the ntp server relative to local server (seconds)")); printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); printf (UT_VERBOSE); @@ -642,6 +649,6 @@ void print_usage(void) { printf ("%s\n", _("Usage:")); - printf(" %s -H [-4|-6] [-w ] [-c ] [-v verbose]\n", progname); + printf(" %s -H [-4|-6] [-w ] [-c ] [-v verbose] [-o