1 files changed, 272 insertions, 0 deletions
diff --git a/web/attachments/104058-check_tcp.c.patch b/web/attachments/104058-check_tcp.c.patch
new file mode 100644
index 0000000..d9c435e
--- /dev/null
+++ b/web/attachments/104058-check_tcp.c.patch
@@ -0,0 +1,272 @@
+*** check_tcp.c Tue Jun 10 00:56:47 2003
+--- /usr/local/projects/nagios-plugins-1.3.1/plugins//check_tcp.c       Wed Sep 29 15:14:33 2004
+***************
+*** 50,62 ****
+--- 50,67 ----
+  #include <openssl/ssl.h>
+  #include <openssl/err.h>
+  #endif
+  
+  #ifdef HAVE_SSL
+ int check_cert = FALSE;
+ int days_till_exp;
+ char *randbuff = "";
+  SSL_CTX *ctx;
+  SSL *ssl;
+ X509 *server_cert;
+  int connect_SSL (void);
+ int check_certificate (X509 **);
+  #endif
+  
+  enum {
+        TCP_PROTOCOL = 1,
+        UDP_PROTOCOL = 2,
+***************
+*** 74,83 ****
+--- 79,89 ----
+  char *EXPECT = NULL;
+  char *QUIT = NULL;
+  int PROTOCOL = 0;
+  int PORT = 0;
+  
+ char timestamp[17] = "";
+  int server_port = 0;
+  char *server_address = NULL;
+  char *server_send = NULL;
+  char *server_quit = NULL;
+  char **server_expect = NULL;
+***************
+*** 193,202 ****
+--- 199,224 ----
+                asprintf (&server_expect[server_expect_count - 1], "201");
+                asprintf (&QUIT, "QUIT\r\n");
+                PROTOCOL = TCP_PROTOCOL;
+                PORT = 119;
+        }
+ #ifdef HAVE_SSL
+       else if (strstr (argv[0], "check_nntps")) {
+               asprintf (&progname, "check_nntps");
+               asprintf (&SERVICE, "NNTPS");
+               SEND = NULL;
+               EXPECT = NULL;
+               server_expect = realloc (server_expect, ++server_expect_count);
+               asprintf (&server_expect[server_expect_count - 1], "200");
+               server_expect = realloc (server_expect, ++server_expect_count);
+               asprintf (&server_expect[server_expect_count - 1], "201");
+               asprintf (&QUIT, "QUIT\r\n");
+               PROTOCOL = TCP_PROTOCOL;
+               use_ssl=TRUE;
+               PORT = 563;
+       }
+ #endif        
+        else {
+                usage ("ERROR: Generic check_tcp called with unknown service\n");
+        }
+  
+        asprintf (&server_address, "127.0.0.1");
+***************
+*** 220,230 ****
+        alarm (socket_timeout);
+  
+        /* try to connect to the host at the given port number */
+        gettimeofday (&tv, NULL);
+  #ifdef HAVE_SSL
+!       if (use_ssl)
+                result = connect_SSL ();
+        else
+  #endif
+                {
+                        if (PROTOCOL == UDP_PROTOCOL)
+--- 242,270 ----
+        alarm (socket_timeout);
+  
+        /* try to connect to the host at the given port number */
+        gettimeofday (&tv, NULL);
+  #ifdef HAVE_SSL
+!       if (use_ssl && check_cert == TRUE) {
+!         if (connect_SSL () != OK)
+!           terminate (STATE_CRITICAL,
+!                      "TCP CRITICAL - Could not make SSL connection\n");
+!         if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
+!           result = check_certificate (&server_cert);
+!           X509_free(server_cert);
+!         }
+!         else {
+!           printf("ERROR: Cannot retrieve server certificate.\n");
+!           result = STATE_CRITICAL;
+!         }
+!         SSL_shutdown (ssl);
+!         SSL_free (ssl);
+!         SSL_CTX_free (ctx);
+!         close (sd);
+!         return result;
+!       }
+!       else if (use_ssl)
+                result = connect_SSL ();
+        else
+  #endif
+                {
+                        if (PROTOCOL == UDP_PROTOCOL)
+***************
+*** 354,363 ****
+--- 394,404 ----
+                {"quit", required_argument, 0, 'q'},
+                {"delay", required_argument, 0, 'd'},
+                {"verbose", no_argument, 0, 'v'},
+                {"version", no_argument, 0, 'V'},
+                {"help", no_argument, 0, 'h'},
+               {"certificate", required_argument, 0, 'C'},
+                {0, 0, 0, 0}
+        };
+  #endif
+  
+        if (argc < 2)
+***************
+*** 421,434 ****
+--- 462,477 ----
+                        if (!is_intnonneg (optarg))
+                                usage ("Warning threshold must be a nonnegative integer\n");
+                        warning_time = strtod (optarg, NULL);
+                        check_warning_time = TRUE;
+                        break;
+                       /*
+                case 'C':
+                        crit_codes = realloc (crit_codes, ++crit_codes_count);
+                        crit_codes[crit_codes_count - 1] = optarg;
+                        break;
+                       */
+                case 'W':
+                        warn_codes = realloc (warn_codes, ++warn_codes_count);
+                        warn_codes[warn_codes_count - 1] = optarg;
+                        break;
+                case 't':                 /* timeout */
+***************
+*** 470,479 ****
+--- 513,533 ----
+                        terminate (STATE_UNKNOWN,
+                                "SSL support not available. Install OpenSSL and recompile.");
+  #endif
+                        use_ssl = TRUE;
+                        break;
+                 case 'C': /* Check SSL cert validity */
+ #ifdef HAVE_SSL
+                 if (!is_intnonneg (optarg))
+                   usage2 ("invalid certificate expiration period", optarg);
+                 days_till_exp = atoi (optarg);
+                 check_cert = TRUE;
+ #else
+                 terminate (STATE_UNKNOWN,
+                            "SSL support not available.  Install OpenSSL and recompile.");
+ #endif
+                 break;
+                }
+        }
+  
+        if (server_address == NULL)
+                usage ("You must provide a server address\n");
+***************
+*** 532,541 ****
+--- 586,600 ----
+                 "    Seconds before connection times out (default: %d)\n"
+                 " -v, --verbose"
+                 "    Show details for command-line debugging (do not use with nagios server)\n"
+                 " -h, --help\n"
+                 "    Print detailed help screen\n"
+ #ifdef HAVE_SSL
+                " -C, --certificate=INTEGER\n"
+                "Minimum number of days a certificate has to be valid.\n"
+                "(when this option is used the banner is not checked.)\n"
+ #endif
+                 " -V, --version\n"
+                 "    Print version information\n", DEFAULT_SOCKET_TIMEOUT);
+  }
+  
+  /*
+***************
+*** 593,603 ****
+--- 652,736 ----
+  
+    return STATE_CRITICAL;
+  }
+  #endif
+  
+ #ifdef HAVE_SSL
+ int
+ check_certificate (X509 ** certificate)
+ {
+   ASN1_STRING *tm;
+   int offset;
+   struct tm stamp;
+   int days_left;
+  
+ 
+   /* Retrieve timestamp of certificate */
+   tm = X509_get_notAfter (*certificate);
+ 
+   /* Generate tm structure to process timestamp */
+   if (tm->type == V_ASN1_UTCTIME) {
+     if (tm->length < 10) {
+       printf ("ERROR: Wrong time format in certificate.\n");
+       return STATE_CRITICAL;
+     }
+     else {
+       stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0');
+       if (stamp.tm_year < 50)
+       stamp.tm_year += 100;
+       offset = 0;
+     }
+   }
+   else {
+     if (tm->length < 12) {
+       printf ("ERROR: Wrong time format in certificate.\n");
+       return STATE_CRITICAL;
+     }
+     else {
+                         stamp.tm_year =
+                         (tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 +
+                         (tm->data[2] - '0') * 10 + (tm->data[3] - '0');
+                         stamp.tm_year -= 1900;
+                         offset = 2;
+     }
+   }
+         stamp.tm_mon =
+         (tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1;
+         stamp.tm_mday =
+         (tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0');
+         stamp.tm_hour =
+         (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0');
+         stamp.tm_min =
+         (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0');
+         stamp.tm_sec = 0;
+         stamp.tm_isdst = -1;
+ 
+         days_left = (mktime (&stamp) - time (NULL)) / 86400;
+         snprintf
+         (timestamp, 16, "%02d/%02d/%04d %02d:%02d",
+          stamp.tm_mon + 1,
+          stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
+ 
+         if (days_left > 0 && days_left <= days_till_exp) {
+         printf ("Certificate expires in %d day(s) (%s).\n", days_left, timestamp);
+         return STATE_WARNING;
+         }
+         if (days_left < 0) {
+         printf ("Certificate expired on %s.\n", timestamp);
+         return STATE_CRITICAL;
+         }
+ 
+         if (days_left == 0) {
+         printf ("Certificate expires today (%s).\n", timestamp);
+         return STATE_WARNING;
+         }
+ 
+         printf ("Certificate will expire on %s.\n", timestamp);
+ 
+         return STATE_OK;
+ }
+ #endif
+  
+  int
+  my_recv (void)
+  {
+        int i;

diff --git a/web/attachments/104058-check_tcp.c.patch b/web/attachments/104058-check_tcp.c.patch new file mode 100644 index 0000000..d9c435e --- /dev/null +++ b/web/attachments/104058-check_tcp.c.patch
@@ -0,0 +1,272 @@
	1	*** check_tcp.c Tue Jun 10 00:56:47 2003
	2	--- /usr/local/projects/nagios-plugins-1.3.1/plugins//check_tcp.c Wed Sep 29 15:14:33 2004
	3	***************
	4	* 50,62 **
	5	--- 50,67 ----
	6	#include <openssl/ssl.h>
	7	#include <openssl/err.h>
	8	#endif
	9
	10	#ifdef HAVE_SSL
	11	+ int check_cert = FALSE;
	12	+ int days_till_exp;
	13	+ char *randbuff = "";
	14	SSL_CTX *ctx;
	15	SSL *ssl;
	16	+ X509 *server_cert;
	17	int connect_SSL (void);
	18	+ int check_certificate (X509 **);
	19	#endif
	20
	21	enum {
	22	TCP_PROTOCOL = 1,
	23	UDP_PROTOCOL = 2,
	24	***************
	25	* 74,83 **
	26	--- 79,89 ----
	27	char *EXPECT = NULL;
	28	char *QUIT = NULL;
	29	int PROTOCOL = 0;
	30	int PORT = 0;
	31
	32	+ char timestamp[17] = "";
	33	int server_port = 0;
	34	char *server_address = NULL;
	35	char *server_send = NULL;
	36	char *server_quit = NULL;
	37	char **server_expect = NULL;
	38	***************
	39	* 193,202 **
	40	--- 199,224 ----
	41	asprintf (&server_expect[server_expect_count - 1], "201");
	42	asprintf (&QUIT, "QUIT\r\n");
	43	PROTOCOL = TCP_PROTOCOL;
	44	PORT = 119;
	45	}
	46	+ #ifdef HAVE_SSL
	47	+ else if (strstr (argv[0], "check_nntps")) {
	48	+ asprintf (&progname, "check_nntps");
	49	+ asprintf (&SERVICE, "NNTPS");
	50	+ SEND = NULL;
	51	+ EXPECT = NULL;
	52	+ server_expect = realloc (server_expect, ++server_expect_count);
	53	+ asprintf (&server_expect[server_expect_count - 1], "200");
	54	+ server_expect = realloc (server_expect, ++server_expect_count);
	55	+ asprintf (&server_expect[server_expect_count - 1], "201");
	56	+ asprintf (&QUIT, "QUIT\r\n");
	57	+ PROTOCOL = TCP_PROTOCOL;
	58	+ use_ssl=TRUE;
	59	+ PORT = 563;
	60	+ }
	61	+ #endif
	62	else {
	63	usage ("ERROR: Generic check_tcp called with unknown service\n");
	64	}
	65
	66	asprintf (&server_address, "127.0.0.1");
	67	***************
	68	* 220,230 **
	69	alarm (socket_timeout);
	70
	71	/* try to connect to the host at the given port number */
	72	gettimeofday (&tv, NULL);
	73	#ifdef HAVE_SSL
	74	! if (use_ssl)
	75	result = connect_SSL ();
	76	else
	77	#endif
	78	{
	79	if (PROTOCOL == UDP_PROTOCOL)
	80	--- 242,270 ----
	81	alarm (socket_timeout);
	82
	83	/* try to connect to the host at the given port number */
	84	gettimeofday (&tv, NULL);
	85	#ifdef HAVE_SSL
	86	! if (use_ssl && check_cert == TRUE) {
	87	! if (connect_SSL () != OK)
	88	! terminate (STATE_CRITICAL,
	89	! "TCP CRITICAL - Could not make SSL connection\n");
	90	! if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
	91	! result = check_certificate (&server_cert);
	92	! X509_free(server_cert);
	93	! }
	94	! else {
	95	! printf("ERROR: Cannot retrieve server certificate.\n");
	96	! result = STATE_CRITICAL;
	97	! }
	98	! SSL_shutdown (ssl);
	99	! SSL_free (ssl);
	100	! SSL_CTX_free (ctx);
	101	! close (sd);
	102	! return result;
	103	! }
	104	! else if (use_ssl)
	105	result = connect_SSL ();
	106	else
	107	#endif
	108	{
	109	if (PROTOCOL == UDP_PROTOCOL)
	110	***************
	111	* 354,363 **
	112	--- 394,404 ----
	113	{"quit", required_argument, 0, 'q'},
	114	{"delay", required_argument, 0, 'd'},
	115	{"verbose", no_argument, 0, 'v'},
	116	{"version", no_argument, 0, 'V'},
	117	{"help", no_argument, 0, 'h'},
	118	+ {"certificate", required_argument, 0, 'C'},
	119	{0, 0, 0, 0}
	120	};
	121	#endif
	122
	123	if (argc < 2)
	124	***************
	125	* 421,434 **
	126	--- 462,477 ----
	127	if (!is_intnonneg (optarg))
	128	usage ("Warning threshold must be a nonnegative integer\n");
	129	warning_time = strtod (optarg, NULL);
	130	check_warning_time = TRUE;
	131	break;
	132	+ /*
	133	case 'C':
	134	crit_codes = realloc (crit_codes, ++crit_codes_count);
	135	crit_codes[crit_codes_count - 1] = optarg;
	136	break;
	137	+ */
	138	case 'W':
	139	warn_codes = realloc (warn_codes, ++warn_codes_count);
	140	warn_codes[warn_codes_count - 1] = optarg;
	141	break;
	142	case 't': /* timeout */
	143	***************
	144	* 470,479 **
	145	--- 513,533 ----
	146	terminate (STATE_UNKNOWN,
	147	"SSL support not available. Install OpenSSL and recompile.");
	148	#endif
	149	use_ssl = TRUE;
	150	break;
	151	+ case 'C': /* Check SSL cert validity */
	152	+ #ifdef HAVE_SSL
	153	+ if (!is_intnonneg (optarg))
	154	+ usage2 ("invalid certificate expiration period", optarg);
	155	+ days_till_exp = atoi (optarg);
	156	+ check_cert = TRUE;
	157	+ #else
	158	+ terminate (STATE_UNKNOWN,
	159	+ "SSL support not available. Install OpenSSL and recompile.");
	160	+ #endif
	161	+ break;
	162	}
	163	}
	164
	165	if (server_address == NULL)
	166	usage ("You must provide a server address\n");
	167	***************
	168	* 532,541 **
	169	--- 586,600 ----
	170	" Seconds before connection times out (default: %d)\n"
	171	" -v, --verbose"
	172	" Show details for command-line debugging (do not use with nagios server)\n"
	173	" -h, --help\n"
	174	" Print detailed help screen\n"
	175	+ #ifdef HAVE_SSL
	176	+ " -C, --certificate=INTEGER\n"
	177	+ "Minimum number of days a certificate has to be valid.\n"
	178	+ "(when this option is used the banner is not checked.)\n"
	179	+ #endif
	180	" -V, --version\n"
	181	" Print version information\n", DEFAULT_SOCKET_TIMEOUT);
	182	}
	183
	184	/*
	185	***************
	186	* 593,603 **
	187	--- 652,736 ----
	188
	189	return STATE_CRITICAL;
	190	}
	191	#endif
	192
	193	+ #ifdef HAVE_SSL
	194	+ int
	195	+ check_certificate (X509 ** certificate)
	196	+ {
	197	+ ASN1_STRING *tm;
	198	+ int offset;
	199	+ struct tm stamp;
	200	+ int days_left;
	201
	202	+
	203	+ /* Retrieve timestamp of certificate */
	204	+ tm = X509_get_notAfter (*certificate);
	205	+
	206	+ /* Generate tm structure to process timestamp */
	207	+ if (tm->type == V_ASN1_UTCTIME) {
	208	+ if (tm->length < 10) {
	209	+ printf ("ERROR: Wrong time format in certificate.\n");
	210	+ return STATE_CRITICAL;
	211	+ }
	212	+ else {
	213	+ stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0');
	214	+ if (stamp.tm_year < 50)
	215	+ stamp.tm_year += 100;
	216	+ offset = 0;
	217	+ }
	218	+ }
	219	+ else {
	220	+ if (tm->length < 12) {
	221	+ printf ("ERROR: Wrong time format in certificate.\n");
	222	+ return STATE_CRITICAL;
	223	+ }
	224	+ else {
	225	+ stamp.tm_year =
	226	+ (tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 +
	227	+ (tm->data[2] - '0') * 10 + (tm->data[3] - '0');
	228	+ stamp.tm_year -= 1900;
	229	+ offset = 2;
	230	+ }
	231	+ }
	232	+ stamp.tm_mon =
	233	+ (tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1;
	234	+ stamp.tm_mday =
	235	+ (tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0');
	236	+ stamp.tm_hour =
	237	+ (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0');
	238	+ stamp.tm_min =
	239	+ (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0');
	240	+ stamp.tm_sec = 0;
	241	+ stamp.tm_isdst = -1;
	242	+
	243	+ days_left = (mktime (&stamp) - time (NULL)) / 86400;
	244	+ snprintf
	245	+ (timestamp, 16, "%02d/%02d/%04d %02d:%02d",
	246	+ stamp.tm_mon + 1,
	247	+ stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
	248	+
	249	+ if (days_left > 0 && days_left <= days_till_exp) {
	250	+ printf ("Certificate expires in %d day(s) (%s).\n", days_left, timestamp);
	251	+ return STATE_WARNING;
	252	+ }
	253	+ if (days_left < 0) {
	254	+ printf ("Certificate expired on %s.\n", timestamp);
	255	+ return STATE_CRITICAL;
	256	+ }
	257	+
	258	+ if (days_left == 0) {
	259	+ printf ("Certificate expires today (%s).\n", timestamp);
	260	+ return STATE_WARNING;
	261	+ }
	262	+
	263	+ printf ("Certificate will expire on %s.\n", timestamp);
	264	+
	265	+ return STATE_OK;
	266	+ }
	267	+ #endif
	268
	269	int
	270	my_recv (void)
	271	{
	272	int i;