From fd42290d4a0aafd0d3c154cdd8fad53bfcc79046 Mon Sep 17 00:00:00 2001 From: Dennis <13968467+Decstasy@users.noreply.github.com> Date: Sat, 29 Nov 2025 15:24:52 +0100 Subject: check_dig: add -E/--require-flags and -X/--forbid-flags (#2165) * check_dig: Add feature to require or forbid dig DNS flags -E, -X. Introduced helper functions for flag parsing. -E, --require-flags=LIST Comma-separated dig flags that must be present (e.g. 'aa,qr') -X, --forbid-flags=LIST Comma-separated dig flags that must NOT be present --- plugins/check_dig.c | 268 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 264 insertions(+), 4 deletions(-) (limited to 'plugins/check_dig.c') diff --git a/plugins/check_dig.c b/plugins/check_dig.c index c27e5f13..9ea19e6a 100644 --- a/plugins/check_dig.c +++ b/plugins/check_dig.c @@ -3,7 +3,7 @@ * Monitoring check_dig plugin * * License: GPL - * Copyright (c) 2002-2024 Monitoring Plugins Development Team + * Copyright (c) 2002-2025 Monitoring Plugins Development Team * * Description: * @@ -33,9 +33,10 @@ * because on some architectures those strings are in non-writable memory */ const char *progname = "check_dig"; -const char *copyright = "2002-2024"; +const char *copyright = "2002-2025"; const char *email = "devel@monitoring-plugins.org"; +#include #include "common.h" #include "netutils.h" #include "utils.h" @@ -56,6 +57,12 @@ void print_usage(void); static int verbose = 0; +/* helpers for flag parsing */ +static flag_list parse_flags_line(const char *line); +static flag_list split_csv_trim(const char *csv); +static bool flag_list_contains(const flag_list *list, const char *needle); +static void free_flag_list(flag_list *list); + int main(int argc, char **argv) { setlocale(LC_ALL, ""); bindtextdomain(PACKAGE, LOCALEDIR); @@ -101,13 +108,35 @@ int main(int argc, char **argv) { output chld_out; output chld_err; char *msg = NULL; + flag_list dig_flags = {.items = NULL, .count = 0}; mp_state_enum result = STATE_UNKNOWN; + /* run the command */ if (np_runcmd(command_line, &chld_out, &chld_err, 0) != 0) { result = STATE_WARNING; msg = (char *)_("dig returned an error status"); } + /* extract ';; flags: ...' from stdout (first occurrence) */ + for (size_t i = 0; i < chld_out.lines; i++) { + if (strstr(chld_out.line[i], "flags:")) { + if (verbose) { + printf("Raw flags line: %s\n", chld_out.line[i]); + } + + dig_flags = parse_flags_line(chld_out.line[i]); + + if (verbose && dig_flags.count > 0) { + printf(_("Parsed flags:")); + for (size_t k = 0; k < dig_flags.count; k++) { + printf(" %s", dig_flags.items[k]); + } + printf("\n"); + } + break; + } + } + for (size_t i = 0; i < chld_out.lines; i++) { /* the server is responding, we just got the host name... */ if (strstr(chld_out.line[i], ";; ANSWER SECTION:")) { @@ -174,6 +203,44 @@ int main(int argc, char **argv) { result = STATE_WARNING; } + /* Optional: evaluate dig flags only if -E/-X were provided */ + if ((config.require_flags.count > 0) || (config.forbid_flags.count > 0)) { + if (dig_flags.count > 0) { + for (size_t r = 0; r < config.require_flags.count; r++) { + if (!flag_list_contains(&dig_flags, config.require_flags.items[r])) { + result = STATE_CRITICAL; + if (!msg) { + xasprintf(&msg, _("Missing required DNS flag: %s"), + config.require_flags.items[r]); + } else { + char *newmsg = NULL; + xasprintf(&newmsg, _("%s; missing required DNS flag: %s"), msg, + config.require_flags.items[r]); + msg = newmsg; + } + } + } + + for (size_t r = 0; r < config.forbid_flags.count; r++) { + if (flag_list_contains(&dig_flags, config.forbid_flags.items[r])) { + result = STATE_CRITICAL; + if (!msg) { + xasprintf(&msg, _("Forbidden DNS flag present: %s"), + config.forbid_flags.items[r]); + } else { + char *newmsg = NULL; + xasprintf(&newmsg, _("%s; forbidden DNS flag present: %s"), msg, + config.forbid_flags.items[r]); + msg = newmsg; + } + } + } + } + } + + /* cleanup flags buffer */ + free_flag_list(&dig_flags); + printf("DNS %s - %.3f seconds response time (%s)|%s\n", state_text(result), elapsed_time, msg ? msg : _("Probably a non-existent host/domain"), fperfdata("time", elapsed_time, "s", (config.warning_interval > UNDEFINED), @@ -190,6 +257,8 @@ check_dig_config_wrapper process_arguments(int argc, char **argv) { {"critical", required_argument, 0, 'c'}, {"timeout", required_argument, 0, 't'}, {"dig-arguments", required_argument, 0, 'A'}, + {"require-flags", required_argument, 0, 'E'}, + {"forbid-flags", required_argument, 0, 'X'}, {"verbose", no_argument, 0, 'v'}, {"version", no_argument, 0, 'V'}, {"help", no_argument, 0, 'h'}, @@ -212,7 +281,8 @@ check_dig_config_wrapper process_arguments(int argc, char **argv) { int option = 0; while (true) { - int option_index = getopt_long(argc, argv, "hVvt:l:H:w:c:T:p:a:A:46", longopts, &option); + int option_index = + getopt_long(argc, argv, "hVvt:l:H:w:c:T:p:a:A:E:X:46", longopts, &option); if (option_index == -1 || option_index == EOF) { break; @@ -263,6 +333,12 @@ check_dig_config_wrapper process_arguments(int argc, char **argv) { case 'A': /* dig arguments */ result.config.dig_args = strdup(optarg); break; + case 'E': /* require flags */ + result.config.require_flags = split_csv_trim(optarg); + break; + case 'X': /* forbid flags */ + result.config.forbid_flags = split_csv_trim(optarg); + break; case 'v': /* verbose */ verbose++; break; @@ -343,6 +419,10 @@ void print_help(void) { printf(" %s\n", _("was in -l")); printf(" %s\n", "-A, --dig-arguments=STRING"); printf(" %s\n", _("Pass STRING as argument(s) to dig")); + printf(" %s\n", "-E, --require-flags=LIST"); + printf(" %s\n", _("Comma-separated dig flags that must be present (e.g. 'aa,qr')")); + printf(" %s\n", "-X, --forbid-flags=LIST"); + printf(" %s\n", _("Comma-separated dig flags that must NOT be present")); printf(UT_WARN_CRIT); printf(UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); printf(UT_VERBOSE); @@ -359,5 +439,185 @@ void print_usage(void) { printf("%s\n", _("Usage:")); printf("%s -l [-H ] [-p ]\n", progname); printf(" [-T ] [-w ] [-c ]\n"); - printf(" [-t ] [-a ] [-v]\n"); + printf(" [-t ] [-a ] [-E ] [-X ] [-v]\n"); +} + +/* helpers */ + +/** + * parse_flags_line - Parse a dig output line and extract DNS header flags. + * + * Input: + * line - NUL terminated dig output line, e.g. ";; flags: qr rd ra; ..." + * + * Returns: + * flag_list where: + * - items: array of NUL terminated flag strings (heap allocated) + * - count: number of entries in items + * On parse failure or if no flags were found, count is 0 and items is NULL. + */ +static flag_list parse_flags_line(const char *line) { + flag_list result = {.items = NULL, .count = 0}; + + if (!line) { + return result; + } + + /* Locate start of DNS header flags in dig output */ + const char *p = strstr(line, "flags:"); + if (!p) { + return result; + } + p += 6; /* skip literal "flags:" */ + + /* Skip whitespace after "flags:" */ + while (*p && isspace((unsigned char)*p)) { + p++; + } + + /* Flags are terminated by the next semicolon e.g. "qr rd ra;" */ + const char *q = strchr(p, ';'); + if (!q) { + return result; + } + + /* Extract substring containing the flag block */ + size_t len = (size_t)(q - p); + if (len == 0) { + return result; + } + + char *buf = (char *)malloc(len + 1); + if (!buf) { + return result; + } + memcpy(buf, p, len); + buf[len] = '\0'; + + /* Tokenize flags separated by whitespace */ + char **arr = NULL; + size_t cnt = 0; + char *saveptr = NULL; + char *tok = strtok_r(buf, " \t", &saveptr); + + while (tok) { + /* Expand array for the next flag token */ + char **tmp = (char **)realloc(arr, (cnt + 1) * sizeof(char *)); + if (!tmp) { + /* On allocation failure keep what we have and return it */ + break; + } + arr = tmp; + arr[cnt++] = strdup(tok); + tok = strtok_r(NULL, " \t", &saveptr); + } + + free(buf); + + result.items = arr; + result.count = cnt; + return result; +} + +/** + * split_csv_trim - Split a comma separated string into trimmed tokens. + * + * Input: + * csv - NUL terminated string, e.g. "aa, qr , rd" + * + * Returns: + * flag_list where: + * - items: array of NUL terminated tokens (heap allocated, whitespace trimmed) + * - count: number of tokens + * On empty input, count is 0 and items is NULL + */ +static flag_list split_csv_trim(const char *csv) { + flag_list result = {.items = NULL, .count = 0}; + + if (!csv || !*csv) { + return result; + } + + char *tmp = strdup(csv); + if (!tmp) { + return result; + } + + char *s = tmp; + char *token = NULL; + + /* Split CSV by commas, trimming whitespace on each token */ + while ((token = strsep(&s, ",")) != NULL) { + /* trim leading whitespace */ + while (*token && isspace((unsigned char)*token)) { + token++; + } + + /* trim trailing whitespace */ + char *end = token + strlen(token); + while (end > token && isspace((unsigned char)end[-1])) { + *--end = '\0'; + } + + if (*token) { + /* Expand the items array and append the token */ + char **arr = (char **)realloc(result.items, (result.count + 1) * sizeof(char *)); + if (!arr) { + /* Allocation failed, stop and return what we have */ + break; + } + result.items = arr; + result.items[result.count++] = strdup(token); + } + } + + free(tmp); + return result; +} + +/** + * flag_list_contains - Case-insensitive membership test in a flag_list. + * + * Input: + * list - pointer to a flag_list + * needle - NUL terminated string to search for + * + * Returns: + * true if needle is contained in list (strcasecmp) + * false otherwise + */ +static bool flag_list_contains(const flag_list *list, const char *needle) { + if (!list || !needle || !*needle) { + return false; + } + + for (size_t i = 0; i < list->count; i++) { + if (strcasecmp(list->items[i], needle) == 0) { + return true; + } + } + return false; +} + +/** + * free_flag_list - Release all heap allocations held by a flag_list. + * + * Input: + * list - pointer to a flag_list whose items were allocated by + * parse_flags_line() or split_csv_trim(). + * + * After this call list->items is NULL and list->count is 0. + */ +static void free_flag_list(flag_list *list) { + if (!list || !list->items) { + return; + } + + for (size_t i = 0; i < list->count; i++) { + free(list->items[i]); + } + free(list->items); + + list->items = NULL; + list->count = 0; } -- cgit v1.2.3-74-g34f1