From 0b6423f9c99d9edf8c96fefd0f6c453859395aa1 Mon Sep 17 00:00:00 2001
From: Holger Weiss <holger@zedat.fu-berlin.de>
Date: Mon, 30 Sep 2013 00:03:24 +0200
Subject: Import Nagios Plugins site

Import the Nagios Plugins web site, Cronjobs, infrastructure scripts,
and configuration files.
---
 ...4694-nagiosplug_check_http_connect_method.patch | 88 ++++++++++++++++++++++
 1 file changed, 88 insertions(+)
 create mode 100644 web/attachments/424694-nagiosplug_check_http_connect_method.patch

(limited to 'web/attachments/424694-nagiosplug_check_http_connect_method.patch')

diff --git a/web/attachments/424694-nagiosplug_check_http_connect_method.patch b/web/attachments/424694-nagiosplug_check_http_connect_method.patch
new file mode 100644
index 0000000..cbf0870
--- /dev/null
+++ b/web/attachments/424694-nagiosplug_check_http_connect_method.patch
@@ -0,0 +1,88 @@
+diff -ur nagios-plugins-1.4.15.orig/plugins/check_http.c nagios-plugins-1.4.15/plugins/check_http.c
+--- nagios-plugins-1.4.15.orig/plugins/check_http.c	2010-07-27 20:47:16.000000000 +0000
++++ nagios-plugins-1.4.15/plugins/check_http.c	2011-09-09 14:03:49.000000000 +0000
+@@ -805,9 +805,34 @@
+   /* try to connect to the host at the given port number */
+   if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK)
+     die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
++
++  /* if we are called with the -I option, the -j method is CONNECT and */
++  /* we received -S for SSL, then we tunnel the request through a proxy*/
++  /* @20100414, public[at]frank4dd.com, http://www.frank4dd.com/howto  */
++
++  if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
++    && host_name != NULL && use_ssl == TRUE) {
++
++    if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT);
++    asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent);
++    asprintf (&buf, "%sProxy-Connection: keep-alive\r\n", buf);
++    asprintf (&buf, "%sHost: %s\r\n", buf, host_name);
++    /* we finished our request, send empty line with CRLF */
++    asprintf (&buf, "%s%s", buf, CRLF);
++    if (verbose) printf ("%s\n", buf);
++    send(sd, buf, strlen (buf), 0);
++    buf[0]='\0';
++
++    if (verbose) printf ("Receive response from proxy\n");
++    read (sd, buffer, MAX_INPUT_BUFFER-1);
++    if (verbose) printf ("%s", buffer);
++    /* Here we should check if we got HTTP/1.1 200 Connection established */
++  }
++    
+ #ifdef HAVE_SSL
+   if (use_ssl == TRUE) {
+     np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL));
++    if (verbose) printf ("SSL initialized\n");
+     if (check_cert == TRUE) {
+       result = np_net_ssl_check_cert(days_till_exp);
+       np_net_ssl_cleanup();
+@@ -817,7 +842,11 @@
+   }
+ #endif /* HAVE_SSL */
+ 
+-  asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
++  if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
++      && host_name != NULL && use_ssl == TRUE)
++    asprintf (&buf, "%s %s %s\r\n%s\r\n", "GET", server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
++  else
++    asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
+ 
+   /* tell HTTP/1.1 servers not to keep the connection alive */
+   asprintf (&buf, "%sConnection: close\r\n", buf);
+@@ -830,7 +859,9 @@
+      * (default) port is explicitly specified in the "Host:" header line.
+      */
+     if ((use_ssl == FALSE && server_port == HTTP_PORT) ||
+-        (use_ssl == TRUE && server_port == HTTPS_PORT))
++        (use_ssl == TRUE && server_port == HTTPS_PORT) ||
++        ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
++          && host_name != NULL && use_ssl == TRUE))
+       asprintf (&buf, "%sHost: %s\r\n", buf, host_name);
+     else
+       asprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, server_port);
+@@ -1355,7 +1386,7 @@
+   printf ("    %s\n", _("URL to GET or POST (default: /)"));
+   printf (" %s\n", "-P, --post=STRING");
+   printf ("    %s\n", _("URL encoded http POST data"));
+-  printf (" %s\n", "-j, --method=STRING  (for example: HEAD, OPTIONS, TRACE, PUT, DELETE)");
++  printf (" %s\n", "-j, --method=STRING  (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT)");
+   printf ("    %s\n", _("Set HTTP method."));
+   printf (" %s\n", "-N, --no-body");
+   printf ("    %s\n", _("Don't wait for document body: stop reading after headers."));
+@@ -1423,7 +1454,15 @@
+   printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 14 days,"));
+   printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
+   printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when"));
+-  printf (" %s\n", _("the certificate is expired."));
++  printf (" %s\n\n", _("the certificate is expired."));
++
++  printf (" %s\n\n", "CHECK SSL WEBSERVER CONTENT VIA PROXY USING HTTP 1.1 CONNECT: ");
++  printf (" %s\n\n", _("check_http -I 192.168.100.35 -p 80 -u https://www.verisign.com/ -S -j CONNECT -H www.verisign.com "));
++  printf (" %s\n", _("All these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>"));
++  printf (" %s\n", _("A STATE_OK will be returned. When the server returns its content but exceeds"));
++  printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,"));
++  printf (" %s\n", _("a STATE_CRITICAL will be returned."));
++
+ #endif
+ 
+   printf (UT_SUPPORT);
-- 
cgit v1.2.3-74-g34f1