diff options
Diffstat (limited to 'web/attachments/104058-check_tcp.c.patch')
-rw-r--r-- | web/attachments/104058-check_tcp.c.patch | 272 |
1 files changed, 272 insertions, 0 deletions
diff --git a/web/attachments/104058-check_tcp.c.patch b/web/attachments/104058-check_tcp.c.patch new file mode 100644 index 0000000..d9c435e --- /dev/null +++ b/web/attachments/104058-check_tcp.c.patch | |||
@@ -0,0 +1,272 @@ | |||
1 | *** check_tcp.c Tue Jun 10 00:56:47 2003 | ||
2 | --- /usr/local/projects/nagios-plugins-1.3.1/plugins//check_tcp.c Wed Sep 29 15:14:33 2004 | ||
3 | *************** | ||
4 | *** 50,62 **** | ||
5 | --- 50,67 ---- | ||
6 | #include <openssl/ssl.h> | ||
7 | #include <openssl/err.h> | ||
8 | #endif | ||
9 | |||
10 | #ifdef HAVE_SSL | ||
11 | + int check_cert = FALSE; | ||
12 | + int days_till_exp; | ||
13 | + char *randbuff = ""; | ||
14 | SSL_CTX *ctx; | ||
15 | SSL *ssl; | ||
16 | + X509 *server_cert; | ||
17 | int connect_SSL (void); | ||
18 | + int check_certificate (X509 **); | ||
19 | #endif | ||
20 | |||
21 | enum { | ||
22 | TCP_PROTOCOL = 1, | ||
23 | UDP_PROTOCOL = 2, | ||
24 | *************** | ||
25 | *** 74,83 **** | ||
26 | --- 79,89 ---- | ||
27 | char *EXPECT = NULL; | ||
28 | char *QUIT = NULL; | ||
29 | int PROTOCOL = 0; | ||
30 | int PORT = 0; | ||
31 | |||
32 | + char timestamp[17] = ""; | ||
33 | int server_port = 0; | ||
34 | char *server_address = NULL; | ||
35 | char *server_send = NULL; | ||
36 | char *server_quit = NULL; | ||
37 | char **server_expect = NULL; | ||
38 | *************** | ||
39 | *** 193,202 **** | ||
40 | --- 199,224 ---- | ||
41 | asprintf (&server_expect[server_expect_count - 1], "201"); | ||
42 | asprintf (&QUIT, "QUIT\r\n"); | ||
43 | PROTOCOL = TCP_PROTOCOL; | ||
44 | PORT = 119; | ||
45 | } | ||
46 | + #ifdef HAVE_SSL | ||
47 | + else if (strstr (argv[0], "check_nntps")) { | ||
48 | + asprintf (&progname, "check_nntps"); | ||
49 | + asprintf (&SERVICE, "NNTPS"); | ||
50 | + SEND = NULL; | ||
51 | + EXPECT = NULL; | ||
52 | + server_expect = realloc (server_expect, ++server_expect_count); | ||
53 | + asprintf (&server_expect[server_expect_count - 1], "200"); | ||
54 | + server_expect = realloc (server_expect, ++server_expect_count); | ||
55 | + asprintf (&server_expect[server_expect_count - 1], "201"); | ||
56 | + asprintf (&QUIT, "QUIT\r\n"); | ||
57 | + PROTOCOL = TCP_PROTOCOL; | ||
58 | + use_ssl=TRUE; | ||
59 | + PORT = 563; | ||
60 | + } | ||
61 | + #endif | ||
62 | else { | ||
63 | usage ("ERROR: Generic check_tcp called with unknown service\n"); | ||
64 | } | ||
65 | |||
66 | asprintf (&server_address, "127.0.0.1"); | ||
67 | *************** | ||
68 | *** 220,230 **** | ||
69 | alarm (socket_timeout); | ||
70 | |||
71 | /* try to connect to the host at the given port number */ | ||
72 | gettimeofday (&tv, NULL); | ||
73 | #ifdef HAVE_SSL | ||
74 | ! if (use_ssl) | ||
75 | result = connect_SSL (); | ||
76 | else | ||
77 | #endif | ||
78 | { | ||
79 | if (PROTOCOL == UDP_PROTOCOL) | ||
80 | --- 242,270 ---- | ||
81 | alarm (socket_timeout); | ||
82 | |||
83 | /* try to connect to the host at the given port number */ | ||
84 | gettimeofday (&tv, NULL); | ||
85 | #ifdef HAVE_SSL | ||
86 | ! if (use_ssl && check_cert == TRUE) { | ||
87 | ! if (connect_SSL () != OK) | ||
88 | ! terminate (STATE_CRITICAL, | ||
89 | ! "TCP CRITICAL - Could not make SSL connection\n"); | ||
90 | ! if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { | ||
91 | ! result = check_certificate (&server_cert); | ||
92 | ! X509_free(server_cert); | ||
93 | ! } | ||
94 | ! else { | ||
95 | ! printf("ERROR: Cannot retrieve server certificate.\n"); | ||
96 | ! result = STATE_CRITICAL; | ||
97 | ! } | ||
98 | ! SSL_shutdown (ssl); | ||
99 | ! SSL_free (ssl); | ||
100 | ! SSL_CTX_free (ctx); | ||
101 | ! close (sd); | ||
102 | ! return result; | ||
103 | ! } | ||
104 | ! else if (use_ssl) | ||
105 | result = connect_SSL (); | ||
106 | else | ||
107 | #endif | ||
108 | { | ||
109 | if (PROTOCOL == UDP_PROTOCOL) | ||
110 | *************** | ||
111 | *** 354,363 **** | ||
112 | --- 394,404 ---- | ||
113 | {"quit", required_argument, 0, 'q'}, | ||
114 | {"delay", required_argument, 0, 'd'}, | ||
115 | {"verbose", no_argument, 0, 'v'}, | ||
116 | {"version", no_argument, 0, 'V'}, | ||
117 | {"help", no_argument, 0, 'h'}, | ||
118 | + {"certificate", required_argument, 0, 'C'}, | ||
119 | {0, 0, 0, 0} | ||
120 | }; | ||
121 | #endif | ||
122 | |||
123 | if (argc < 2) | ||
124 | *************** | ||
125 | *** 421,434 **** | ||
126 | --- 462,477 ---- | ||
127 | if (!is_intnonneg (optarg)) | ||
128 | usage ("Warning threshold must be a nonnegative integer\n"); | ||
129 | warning_time = strtod (optarg, NULL); | ||
130 | check_warning_time = TRUE; | ||
131 | break; | ||
132 | + /* | ||
133 | case 'C': | ||
134 | crit_codes = realloc (crit_codes, ++crit_codes_count); | ||
135 | crit_codes[crit_codes_count - 1] = optarg; | ||
136 | break; | ||
137 | + */ | ||
138 | case 'W': | ||
139 | warn_codes = realloc (warn_codes, ++warn_codes_count); | ||
140 | warn_codes[warn_codes_count - 1] = optarg; | ||
141 | break; | ||
142 | case 't': /* timeout */ | ||
143 | *************** | ||
144 | *** 470,479 **** | ||
145 | --- 513,533 ---- | ||
146 | terminate (STATE_UNKNOWN, | ||
147 | "SSL support not available. Install OpenSSL and recompile."); | ||
148 | #endif | ||
149 | use_ssl = TRUE; | ||
150 | break; | ||
151 | + case 'C': /* Check SSL cert validity */ | ||
152 | + #ifdef HAVE_SSL | ||
153 | + if (!is_intnonneg (optarg)) | ||
154 | + usage2 ("invalid certificate expiration period", optarg); | ||
155 | + days_till_exp = atoi (optarg); | ||
156 | + check_cert = TRUE; | ||
157 | + #else | ||
158 | + terminate (STATE_UNKNOWN, | ||
159 | + "SSL support not available. Install OpenSSL and recompile."); | ||
160 | + #endif | ||
161 | + break; | ||
162 | } | ||
163 | } | ||
164 | |||
165 | if (server_address == NULL) | ||
166 | usage ("You must provide a server address\n"); | ||
167 | *************** | ||
168 | *** 532,541 **** | ||
169 | --- 586,600 ---- | ||
170 | " Seconds before connection times out (default: %d)\n" | ||
171 | " -v, --verbose" | ||
172 | " Show details for command-line debugging (do not use with nagios server)\n" | ||
173 | " -h, --help\n" | ||
174 | " Print detailed help screen\n" | ||
175 | + #ifdef HAVE_SSL | ||
176 | + " -C, --certificate=INTEGER\n" | ||
177 | + "Minimum number of days a certificate has to be valid.\n" | ||
178 | + "(when this option is used the banner is not checked.)\n" | ||
179 | + #endif | ||
180 | " -V, --version\n" | ||
181 | " Print version information\n", DEFAULT_SOCKET_TIMEOUT); | ||
182 | } | ||
183 | |||
184 | /* | ||
185 | *************** | ||
186 | *** 593,603 **** | ||
187 | --- 652,736 ---- | ||
188 | |||
189 | return STATE_CRITICAL; | ||
190 | } | ||
191 | #endif | ||
192 | |||
193 | + #ifdef HAVE_SSL | ||
194 | + int | ||
195 | + check_certificate (X509 ** certificate) | ||
196 | + { | ||
197 | + ASN1_STRING *tm; | ||
198 | + int offset; | ||
199 | + struct tm stamp; | ||
200 | + int days_left; | ||
201 | |||
202 | + | ||
203 | + /* Retrieve timestamp of certificate */ | ||
204 | + tm = X509_get_notAfter (*certificate); | ||
205 | + | ||
206 | + /* Generate tm structure to process timestamp */ | ||
207 | + if (tm->type == V_ASN1_UTCTIME) { | ||
208 | + if (tm->length < 10) { | ||
209 | + printf ("ERROR: Wrong time format in certificate.\n"); | ||
210 | + return STATE_CRITICAL; | ||
211 | + } | ||
212 | + else { | ||
213 | + stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0'); | ||
214 | + if (stamp.tm_year < 50) | ||
215 | + stamp.tm_year += 100; | ||
216 | + offset = 0; | ||
217 | + } | ||
218 | + } | ||
219 | + else { | ||
220 | + if (tm->length < 12) { | ||
221 | + printf ("ERROR: Wrong time format in certificate.\n"); | ||
222 | + return STATE_CRITICAL; | ||
223 | + } | ||
224 | + else { | ||
225 | + stamp.tm_year = | ||
226 | + (tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 + | ||
227 | + (tm->data[2] - '0') * 10 + (tm->data[3] - '0'); | ||
228 | + stamp.tm_year -= 1900; | ||
229 | + offset = 2; | ||
230 | + } | ||
231 | + } | ||
232 | + stamp.tm_mon = | ||
233 | + (tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1; | ||
234 | + stamp.tm_mday = | ||
235 | + (tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0'); | ||
236 | + stamp.tm_hour = | ||
237 | + (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0'); | ||
238 | + stamp.tm_min = | ||
239 | + (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0'); | ||
240 | + stamp.tm_sec = 0; | ||
241 | + stamp.tm_isdst = -1; | ||
242 | + | ||
243 | + days_left = (mktime (&stamp) - time (NULL)) / 86400; | ||
244 | + snprintf | ||
245 | + (timestamp, 16, "%02d/%02d/%04d %02d:%02d", | ||
246 | + stamp.tm_mon + 1, | ||
247 | + stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); | ||
248 | + | ||
249 | + if (days_left > 0 && days_left <= days_till_exp) { | ||
250 | + printf ("Certificate expires in %d day(s) (%s).\n", days_left, timestamp); | ||
251 | + return STATE_WARNING; | ||
252 | + } | ||
253 | + if (days_left < 0) { | ||
254 | + printf ("Certificate expired on %s.\n", timestamp); | ||
255 | + return STATE_CRITICAL; | ||
256 | + } | ||
257 | + | ||
258 | + if (days_left == 0) { | ||
259 | + printf ("Certificate expires today (%s).\n", timestamp); | ||
260 | + return STATE_WARNING; | ||
261 | + } | ||
262 | + | ||
263 | + printf ("Certificate will expire on %s.\n", timestamp); | ||
264 | + | ||
265 | + return STATE_OK; | ||
266 | + } | ||
267 | + #endif | ||
268 | |||
269 | int | ||
270 | my_recv (void) | ||
271 | { | ||
272 | int i; | ||