int ssh_connect (char *haddr, int hport, char *remote_version) { int sd; int result; char *output = NULL; char *buffer = NULL; char *ssh_proto = NULL; char *ssh_server = NULL; static char *rev_no = VERSION; struct timeval tv; double elapsed_time; gettimeofday(&tv, NULL); result = my_tcp_connect (haddr, hport, &sd); if (result != STATE_OK) return result; output = (char *) malloc (BUFF_SZ + 1); memset (output, 0, BUFF_SZ + 1); recv (sd, output, BUFF_SZ, 0); if (strncmp (output, "SSH", 3)) { printf (_("Server answer: %s"), output); close(sd); exit (STATE_CRITICAL); } else { strip (output); if (verbose) printf ("%s\n", output); ssh_proto = output + 4; ssh_server = ssh_proto + strspn (ssh_proto, "-0123456789. "); ssh_proto[strspn (ssh_proto, "0123456789. ")] = 0; xasprintf (&buffer, "SSH-%s-check_ssh_%s\r\n", ssh_proto, rev_no); send (sd, buffer, strlen (buffer), MSG_DONTWAIT); if (verbose) printf ("%s\n", buffer); if (remote_version && strcmp(remote_version, ssh_server)) { printf (_("SSH WARNING - %s (protocol %s) version mismatch, expected '%s'\n"), ssh_server, ssh_proto, remote_version); close(sd); exit (STATE_WARNING); } elapsed_time = (double)deltime(tv) / 1.0e6; printf (_("SSH OK - %s (protocol %s) | %s\n"), ssh_server, ssh_proto, fperfdata("time", elapsed_time, "s", FALSE, 0, FALSE, 0, TRUE, 0, TRUE, (int)socket_timeout)); close(sd); exit (STATE_OK); } }
int main (int argc, char **argv) { char *command_line; output chld_out, chld_err; char *msg = NULL; size_t i; char *t; long microsec; double elapsed_time; int result = STATE_UNKNOWN; int timeout_interval_dig; setlocale (LC_ALL, ""); bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); /* Set signal handling and alarm */ if (signal (SIGALRM, runcmd_timeout_alarm_handler) == SIG_ERR) usage_va(_("Cannot catch SIGALRM")); /* Parse extra opts if any */ argv=np_extra_opts (&argc, argv, progname); if (process_arguments (argc, argv) == ERROR) usage_va(_("Could not parse arguments")); /* dig applies the timeout to each try, so we need to work around this */ timeout_interval_dig = timeout_interval / number_tries + number_tries; /* get the command to run */ xasprintf (&command_line, "%s %s %s -p %d @%s %s %s +tries=%d +time=%d", PATH_TO_DIG, dig_args, query_transport, server_port, dns_server, query_address, record_type, number_tries, timeout_interval_dig); alarm (timeout_interval); gettimeofday (&tv, NULL); if (verbose) { printf ("%s\n", command_line); if(expected_address != NULL) { printf (_("Looking for: '%s'\n"), expected_address); } else { printf (_("Looking for: '%s'\n"), query_address); } } /* run the command */ if(np_runcmd(command_line, &chld_out, &chld_err, 0) != 0) { result = STATE_WARNING; msg = (char *)_("dig returned an error status"); } for(i = 0; i < chld_out.lines; i++) { /* the server is responding, we just got the host name... */ if (strstr (chld_out.line[i], ";; ANSWER SECTION:")) { /* loop through the whole 'ANSWER SECTION' */ for(; i < chld_out.lines; i++) { /* get the host address */ if (verbose) printf ("%s\n", chld_out.line[i]); if (strstr (chld_out.line[i], (expected_address == NULL ? query_address : expected_address)) != NULL) { msg = chld_out.line[i]; result = STATE_OK; /* Translate output TAB -> SPACE */ t = msg; while ((t = strchr(t, '\t')) != NULL) *t = ' '; break; } } if (result == STATE_UNKNOWN) { msg = (char *)_("Server not found in ANSWER SECTION"); result = STATE_WARNING; } /* we found the answer section, so break out of the loop */ break; } } if (result == STATE_UNKNOWN) { msg = (char *)_("No ANSWER SECTION found"); result = STATE_CRITICAL; } /* If we get anything on STDERR, at least set warning */ if(chld_err.buflen > 0) { result = max_state(result, STATE_WARNING); if(!msg) for(i = 0; i < chld_err.lines; i++) { msg = strchr(chld_err.line[0], ':'); if(msg) { msg++; break; } } } microsec = deltime (tv); elapsed_time = (double)microsec / 1.0e6; if (critical_interval > UNDEFINED && elapsed_time > critical_interval) result = STATE_CRITICAL; else if (warning_interval > UNDEFINED && elapsed_time > warning_interval) result = STATE_WARNING; printf ("DNS %s - %.3f seconds response time (%s)|%s\n", state_text (result), elapsed_time, msg ? msg : _("Probably a non-existent host/domain"), fperfdata("time", elapsed_time, "s", (warning_interval>UNDEFINED?TRUE:FALSE), warning_interval, (critical_interval>UNDEFINED?TRUE:FALSE), critical_interval, TRUE, 0, FALSE, 0)); return result; }
int main (int argc, char **argv) { short supports_tls=FALSE; int n = 0; double elapsed_time; long microsec; int result = STATE_UNKNOWN; char *cmd_str = NULL; char *helocmd = NULL; char *error_msg = ""; struct timeval tv; /* Catch pipe errors in read/write - sometimes occurs when writing QUIT */ (void) signal (SIGPIPE, SIG_IGN); setlocale (LC_ALL, ""); bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); /* Parse extra opts if any */ argv=np_extra_opts (&argc, argv, progname); if (process_arguments (argc, argv) == ERROR) usage4 (_("Could not parse arguments")); /* If localhostname not set on command line, use gethostname to set */ if(! localhostname){ localhostname = malloc (HOST_MAX_BYTES); if(!localhostname){ printf(_("malloc() failed!\n")); return STATE_CRITICAL; } if(gethostname(localhostname, HOST_MAX_BYTES)){ printf(_("gethostname() failed!\n")); return STATE_CRITICAL; } } if(use_ehlo) xasprintf (&helocmd, "%s%s%s", SMTP_EHLO, localhostname, "\r\n"); else xasprintf (&helocmd, "%s%s%s", SMTP_HELO, localhostname, "\r\n"); if (verbose) printf("HELOCMD: %s", helocmd); /* initialize the MAIL command with optional FROM command */ xasprintf (&cmd_str, "%sFROM:<%s>%s", mail_command, from_arg, "\r\n"); if (verbose && send_mail_from) printf ("FROM CMD: %s", cmd_str); /* initialize alarm signal handling */ (void) signal (SIGALRM, socket_timeout_alarm_handler); /* set socket timeout */ (void) alarm (socket_timeout); /* start timer */ gettimeofday (&tv, NULL); /* try to connect to the host at the given port number */ result = my_tcp_connect (server_address, server_port, &sd); if (result == STATE_OK) { /* we connected */ /* watch for the SMTP connection string and */ /* return a WARNING status if we couldn't read any data */ if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) { printf (_("recv() failed\n")); return STATE_WARNING; } else { if (verbose) printf ("%s", buffer); /* strip the buffer of carriage returns */ strip (buffer); /* make sure we find the response we are looking for */ if (!strstr (buffer, server_expect)) { if (server_port == SMTP_PORT) printf (_("Invalid SMTP response received from host: %s\n"), buffer); else printf (_("Invalid SMTP response received from host on port %d: %s\n"), server_port, buffer); return STATE_WARNING; } } /* send the HELO/EHLO command */ send(sd, helocmd, strlen(helocmd), 0); /* allow for response to helo command to reach us */ if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) { printf (_("recv() failed\n")); return STATE_WARNING; } else if(use_ehlo){ if(strstr(buffer, "250 STARTTLS") != NULL || strstr(buffer, "250-STARTTLS") != NULL){ supports_tls=TRUE; } } if(use_ssl && ! supports_tls){ printf(_("WARNING - TLS not supported by server\n")); smtp_quit(); return STATE_WARNING; } #ifdef HAVE_SSL if(use_ssl) { /* send the STARTTLS command */ send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0); recvlines(buffer, MAX_INPUT_BUFFER); /* wait for it */ if (!strstr (buffer, server_expect)) { printf (_("Server does not support STARTTLS\n")); smtp_quit(); return STATE_UNKNOWN; } result = np_net_ssl_init(sd); if(result != STATE_OK) { printf (_("CRITICAL - Cannot create SSL context.\n")); np_net_ssl_cleanup(); close(sd); return STATE_CRITICAL; } else { ssl_established = 1; } /* * Resend the EHLO command. * * RFC 3207 (4.2) says: ``The client MUST discard any knowledge * obtained from the server, such as the list of SMTP service * extensions, which was not obtained from the TLS negotiation * itself. The client SHOULD send an EHLO command as the first * command after a successful TLS negotiation.'' For this * reason, some MTAs will not allow an AUTH LOGIN command before * we resent EHLO via TLS. */ if (my_send(helocmd, strlen(helocmd)) <= 0) { printf("%s\n", _("SMTP UNKNOWN - Cannot send EHLO command via TLS.")); my_close(); return STATE_UNKNOWN; } if (verbose) printf(_("sent %s"), helocmd); if ((n = recvlines(buffer, MAX_INPUT_BUFFER)) <= 0) { printf("%s\n", _("SMTP UNKNOWN - Cannot read EHLO response via TLS.")); my_close(); return STATE_UNKNOWN; } if (verbose) { printf("%s", buffer); } # ifdef USE_OPENSSL if ( check_cert ) { result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); my_close(); return result; } # endif /* USE_OPENSSL */ } #endif if (send_mail_from) { my_send(cmd_str, strlen(cmd_str)); if (recvlines(buffer, MAX_INPUT_BUFFER) >= 1 && verbose) printf("%s", buffer); } while (n < ncommands) { xasprintf (&cmd_str, "%s%s", commands[n], "\r\n"); my_send(cmd_str, strlen(cmd_str)); if (recvlines(buffer, MAX_INPUT_BUFFER) >= 1 && verbose) printf("%s", buffer); strip (buffer); if (n < nresponses) { cflags |= REG_EXTENDED | REG_NOSUB | REG_NEWLINE; errcode = regcomp (&preg, responses[n], cflags); if (errcode != 0) { regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER); printf (_("Could Not Compile Regular Expression")); return ERROR; } excode = regexec (&preg, buffer, 10, pmatch, eflags); if (excode == 0) { result = STATE_OK; } else if (excode == REG_NOMATCH) { result = STATE_WARNING; printf (_("SMTP %s - Invalid response '%s' to command '%s'\n"), state_text (result), buffer, commands[n]); } else { regerror (excode, &preg, errbuf, MAX_INPUT_BUFFER); printf (_("Execute Error: %s\n"), errbuf); result = STATE_UNKNOWN; } } n++; } if (authtype != NULL) { if (strcmp (authtype, "LOGIN") == 0) { char *abuf; int ret; do { if (authuser == NULL) { result = STATE_CRITICAL; xasprintf(&error_msg, _("no authuser specified, ")); break; } if (authpass == NULL) { result = STATE_CRITICAL; xasprintf(&error_msg, _("no authpass specified, ")); break; } /* send AUTH LOGIN */ my_send(SMTP_AUTH_LOGIN, strlen(SMTP_AUTH_LOGIN)); if (verbose) printf (_("sent %s\n"), "AUTH LOGIN"); if ((ret = recvlines(buffer, MAX_INPUT_BUFFER)) <= 0) { xasprintf(&error_msg, _("recv() failed after AUTH LOGIN, ")); result = STATE_WARNING; break; } if (verbose) printf (_("received %s\n"), buffer); if (strncmp (buffer, "334", 3) != 0) { result = STATE_CRITICAL; xasprintf(&error_msg, _("invalid response received after AUTH LOGIN, ")); break; } /* encode authuser with base64 */ base64_encode_alloc (authuser, strlen(authuser), &abuf); xasprintf(&abuf, "%s\r\n", abuf); my_send(abuf, strlen(abuf)); if (verbose) printf (_("sent %s\n"), abuf); if ((ret = recvlines(buffer, MAX_INPUT_BUFFER)) <= 0) { result = STATE_CRITICAL; xasprintf(&error_msg, _("recv() failed after sending authuser, ")); break; } if (verbose) { printf (_("received %s\n"), buffer); } if (strncmp (buffer, "334", 3) != 0) { result = STATE_CRITICAL; xasprintf(&error_msg, _("invalid response received after authuser, ")); break; } /* encode authpass with base64 */ base64_encode_alloc (authpass, strlen(authpass), &abuf); xasprintf(&abuf, "%s\r\n", abuf); my_send(abuf, strlen(abuf)); if (verbose) { printf (_("sent %s\n"), abuf); } if ((ret = recvlines(buffer, MAX_INPUT_BUFFER)) <= 0) { result = STATE_CRITICAL; xasprintf(&error_msg, _("recv() failed after sending authpass, ")); break; } if (verbose) { printf (_("received %s\n"), buffer); } if (strncmp (buffer, "235", 3) != 0) { result = STATE_CRITICAL; xasprintf(&error_msg, _("invalid response received after authpass, ")); break; } break; } while (0); } else { result = STATE_CRITICAL; xasprintf(&error_msg, _("only authtype LOGIN is supported, ")); } } /* tell the server we're done */ smtp_quit(); /* finally close the connection */ close (sd); } /* reset the alarm */ alarm (0); microsec = deltime (tv); elapsed_time = (double)microsec / 1.0e6; if (result == STATE_OK) { if (check_critical_time && elapsed_time > critical_time) result = STATE_CRITICAL; else if (check_warning_time && elapsed_time > warning_time) result = STATE_WARNING; } printf (_("SMTP %s - %s%.3f sec. response time%s%s|%s\n"), state_text (result), error_msg, elapsed_time, verbose?", ":"", verbose?buffer:"", fperfdata ("time", elapsed_time, "s", (int)check_warning_time, warning_time, (int)check_critical_time, critical_time, TRUE, 0, FALSE, 0)); return result; }
int main (int argc, char *argv[]) { LDAP *ld; LDAPMessage *result; /* should be int result = STATE_UNKNOWN; */ int status = STATE_UNKNOWN; long microsec; double elapsed_time; /* for ldap tls */ int tls; int version=3; /* for entry counting */ LDAPMessage *next_entry; int status_entries = STATE_OK; int num_entries = 0; setlocale (LC_ALL, ""); bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); if (strstr(argv[0],"check_ldaps")) { xasprintf (&progname, "check_ldaps"); } /* Parse extra opts if any */ argv=np_extra_opts (&argc, argv, progname); if (process_arguments (argc, argv) == ERROR) usage4 (_("Could not parse arguments")); if (strstr(argv[0],"check_ldaps") && ! starttls && ! ssl_on_connect) starttls = TRUE; /* initialize alarm signal handling */ signal (SIGALRM, socket_timeout_alarm_handler); /* set socket timeout */ alarm (timeout_interval); /* get the start time */ gettimeofday (&tv, NULL); /* initialize ldap */ if (ld_uri != NULL) { #ifdef HAVE_LDAP_INITIALIZE int result = ldap_initialize(&ld, ld_uri); if (result != LDAP_SUCCESS) { printf ("Failed to connect to LDAP server at %s: %s\n", ld_uri, ldap_err2string(result)); return STATE_CRITICAL; } #else printf ("Sorry, this version of %s was compiled without URI support!\n", argv[0]); return STATE_CRITICAL; #endif } #ifdef HAVE_LDAP_INIT else if (!(ld = ldap_init (ld_host, ld_port))) { printf ("Could not connect to the server at port %i\n", ld_port); return STATE_CRITICAL; } #else else if (!(ld = ldap_open (ld_host, ld_port))) { if (verbose) ldap_perror(ld, "ldap_open"); printf (_("Could not connect to the server at port %i\n"), ld_port); return STATE_CRITICAL; } #endif /* HAVE_LDAP_INIT */ #ifdef HAVE_LDAP_SET_OPTION /* set ldap options */ if (ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &ld_protocol) != LDAP_OPT_SUCCESS ) { printf(_("Could not set protocol version %d\n"), ld_protocol); return STATE_CRITICAL; } #endif if (ld_port == LDAPS_PORT || ssl_on_connect) { xasprintf (&SERVICE, "LDAPS"); #if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS) /* ldaps: set option tls */ tls = LDAP_OPT_X_TLS_HARD; if (ldap_set_option (ld, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS) { if (verbose) ldap_perror(ld, "ldaps_option"); printf (_("Could not init TLS at port %i!\n"), ld_port); return STATE_CRITICAL; } #else printf (_("TLS not supported by the libraries!\n")); return STATE_CRITICAL; #endif /* LDAP_OPT_X_TLS */ } else if (starttls) { xasprintf (&SERVICE, "LDAP-TLS"); #if defined(HAVE_LDAP_SET_OPTION) && defined(HAVE_LDAP_START_TLS_S) /* ldap with startTLS: set option version */ if (ldap_get_option(ld,LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS ) { if (version < LDAP_VERSION3) { version = LDAP_VERSION3; ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version); } } /* call start_tls */ if (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS) { if (verbose) ldap_perror(ld, "ldap_start_tls"); printf (_("Could not init startTLS at port %i!\n"), ld_port); return STATE_CRITICAL; } #else printf (_("startTLS not supported by the library, needs LDAPv3!\n")); return STATE_CRITICAL; #endif /* HAVE_LDAP_START_TLS_S */ } /* bind to the ldap server */ if (ldap_bind_s (ld, ld_binddn, ld_passwd, LDAP_AUTH_SIMPLE) != LDAP_SUCCESS) { if (verbose) ldap_perror(ld, "ldap_bind"); printf (_("Could not bind to the LDAP server\n")); return STATE_CRITICAL; } /* do a search of all objectclasses in the base dn */ if (ldap_search_s (ld, ld_base, (crit_entries!=NULL || warn_entries!=NULL) ? LDAP_SCOPE_SUBTREE : LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result) != LDAP_SUCCESS) { if (verbose) ldap_perror(ld, "ldap_search"); printf (_("Could not search/find objectclasses in %s\n"), ld_base); return STATE_CRITICAL; } else if (crit_entries!=NULL || warn_entries!=NULL) { num_entries = ldap_count_entries(ld, result); } /* unbind from the ldap server */ ldap_unbind (ld); /* reset the alarm handler */ alarm (0); /* calcutate the elapsed time and compare to thresholds */ microsec = deltime (tv); elapsed_time = (double)microsec / 1.0e6; if (crit_time!=UNDEFINED && elapsed_time>crit_time) status = STATE_CRITICAL; else if (warn_time!=UNDEFINED && elapsed_time>warn_time) status = STATE_WARNING; else status = STATE_OK; if(entries_thresholds != NULL) { if (verbose) { printf ("entries found: %d\n", num_entries); print_thresholds("entry threasholds", entries_thresholds); } status_entries = get_status(num_entries, entries_thresholds); if (status_entries == STATE_CRITICAL) { status = STATE_CRITICAL; } else if (status != STATE_CRITICAL) { status = status_entries; } } /* print out the result */ if (crit_entries!=NULL || warn_entries!=NULL) { printf (_("LDAP %s - found %d entries in %.3f seconds|%s %s\n"), state_text (status), num_entries, elapsed_time, fperfdata ("time", elapsed_time, "s", (int)warn_time, warn_time, (int)crit_time, crit_time, TRUE, 0, FALSE, 0), sperfdata ("entries", (double)num_entries, "", warn_entries, crit_entries, TRUE, 0.0, FALSE, 0.0)); } else { printf (_("LDAP %s - %.3f seconds response time|%s\n"), state_text (status), elapsed_time, fperfdata ("time", elapsed_time, "s", (int)warn_time, warn_time, (int)crit_time, crit_time, TRUE, 0, FALSE, 0)); } return status; }
int main (int argc, char **argv) { char *command_line = NULL; char input_buffer[MAX_INPUT_BUFFER]; char *address = NULL; /* comma seperated str with addrs/ptrs (sorted) */ char **addresses = NULL; int n_addresses = 0; char *msg = NULL; char *temp_buffer = NULL; int non_authoritative = FALSE; int result = STATE_UNKNOWN; double elapsed_time; long microsec; struct timeval tv; int multi_address; int parse_address = FALSE; /* This flag scans for Address: but only after Name: */ output chld_out, chld_err; size_t i; setlocale (LC_ALL, ""); bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); /* Set signal handling and alarm */ if (signal (SIGALRM, runcmd_timeout_alarm_handler) == SIG_ERR) { usage_va(_("Cannot catch SIGALRM")); } /* Parse extra opts if any */ argv=np_extra_opts (&argc, argv, progname); if (process_arguments (argc, argv) == ERROR) { usage_va(_("Could not parse arguments")); } /* get the command to run */ xasprintf (&command_line, "%s %s %s", NSLOOKUP_COMMAND, query_address, dns_server); alarm (timeout_interval); gettimeofday (&tv, NULL); if (verbose) printf ("%s\n", command_line); /* run the command */ if((np_runcmd(command_line, &chld_out, &chld_err, 0)) != 0) { msg = (char *)_("nslookup returned an error status"); result = STATE_WARNING; } /* scan stdout */ for(i = 0; i < chld_out.lines; i++) { if (addresses == NULL) addresses = malloc(sizeof(*addresses)*10); else if (!(n_addresses % 10)) addresses = realloc(addresses,sizeof(*addresses) * (n_addresses + 10)); if (verbose) puts(chld_out.line[i]); if (strstr (chld_out.line[i], ".in-addr.arpa")) { if ((temp_buffer = strstr (chld_out.line[i], "name = "))) addresses[n_addresses++] = strdup (temp_buffer + 7); else { msg = (char *)_("Warning plugin error"); result = STATE_WARNING; } } /* the server is responding, we just got the host name... */ if (strstr (chld_out.line[i], "Name:")) parse_address = TRUE; else if (parse_address == TRUE && (strstr (chld_out.line[i], "Address:") || strstr (chld_out.line[i], "Addresses:"))) { temp_buffer = index (chld_out.line[i], ':'); temp_buffer++; /* Strip leading spaces */ for (; *temp_buffer != '\0' && *temp_buffer == ' '; temp_buffer++) /* NOOP */; strip(temp_buffer); if (temp_buffer==NULL || strlen(temp_buffer)==0) { die (STATE_CRITICAL, _("DNS CRITICAL - '%s' returned empty host name string\n"), NSLOOKUP_COMMAND); } addresses[n_addresses++] = strdup(temp_buffer); } else if (strstr (chld_out.line[i], _("Non-authoritative answer:"))) { non_authoritative = TRUE; } result = error_scan (chld_out.line[i]); if (result != STATE_OK) { msg = strchr (chld_out.line[i], ':'); if(msg) msg++; break; } } /* scan stderr */ for(i = 0; i < chld_err.lines; i++) { if (verbose) puts(chld_err.line[i]); if (error_scan (chld_err.line[i]) != STATE_OK) { result = max_state (result, error_scan (chld_err.line[i])); msg = strchr(input_buffer, ':'); if(msg) msg++; } } if (addresses) { int i,slen; char *adrp; qsort(addresses, n_addresses, sizeof(*addresses), qstrcmp); for(i=0, slen=1; i < n_addresses; i++) { slen += strlen(addresses[i])+1; } adrp = address = malloc(slen); for(i=0; i < n_addresses; i++) { if (i) *adrp++ = ','; strcpy(adrp, addresses[i]); adrp += strlen(addresses[i]); } *adrp = 0; } else die (STATE_CRITICAL, _("DNS CRITICAL - '%s' msg parsing exited with no address\n"), NSLOOKUP_COMMAND); /* compare to expected address */ if (result == STATE_OK && expected_address_cnt > 0) { result = STATE_CRITICAL; temp_buffer = ""; for (i=0; i<expected_address_cnt; i++) { /* check if we get a match and prepare an error string */ if (strcmp(address, expected_address[i]) == 0) result = STATE_OK; xasprintf(&temp_buffer, "%s%s; ", temp_buffer, expected_address[i]); } if (result == STATE_CRITICAL) { /* Strip off last semicolon... */ temp_buffer[strlen(temp_buffer)-2] = '\0'; xasprintf(&msg, _("expected '%s' but got '%s'"), temp_buffer, address); } } /* check if authoritative */ if (result == STATE_OK && expect_authority && non_authoritative) { result = STATE_CRITICAL; xasprintf(&msg, _("server %s is not authoritative for %s"), dns_server, query_address); } microsec = deltime (tv); elapsed_time = (double)microsec / 1.0e6; if (result == STATE_OK) { if (strchr (address, ',') == NULL) multi_address = FALSE; else multi_address = TRUE; result = get_status(elapsed_time, time_thresholds); if (result == STATE_OK) { printf ("DNS %s: ", _("OK")); } else if (result == STATE_WARNING) { printf ("DNS %s: ", _("WARNING")); } else if (result == STATE_CRITICAL) { printf ("DNS %s: ", _("CRITICAL")); } printf (ngettext("%.3f second response time", "%.3f seconds response time", elapsed_time), elapsed_time); printf (_(". %s returns %s"), query_address, address); printf ("|%s\n", fperfdata ("time", elapsed_time, "s", FALSE, 0, FALSE, 0, TRUE, 0, FALSE, 0)); } else if (result == STATE_WARNING) printf (_("DNS WARNING - %s\n"), !strcmp (msg, "") ? _(" Probably a non-existent host/domain") : msg); else if (result == STATE_CRITICAL) printf (_("DNS CRITICAL - %s\n"), !strcmp (msg, "") ? _(" Probably a non-existent host/domain") : msg); else printf (_("DNS UNKNOWN - %s\n"), !strcmp (msg, "") ? _(" Probably a non-existent host/domain") : msg); return result; }
int main (int argc, char **argv) { int result = STATE_UNKNOWN; int i; char *status = NULL; struct timeval tv; size_t len; int match = -1; setlocale (LC_ALL, ""); bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); /* determine program- and service-name quickly */ progname = strrchr(argv[0], '/'); if(progname != NULL) progname++; else progname = argv[0]; len = strlen(progname); if(len > 6 && !memcmp(progname, "check_", 6)) { SERVICE = strdup(progname + 6); for(i = 0; i < len - 6; i++) SERVICE[i] = toupper(SERVICE[i]); } /* set up a resonable buffer at first (will be realloc()'ed if * user specifies other options) */ server_expect = calloc(sizeof(char *), 2); /* determine defaults for this service's protocol */ if (!strncmp(SERVICE, "UDP", 3)) { PROTOCOL = IPPROTO_UDP; } else if (!strncmp(SERVICE, "FTP", 3)) { EXPECT = "220"; QUIT = "QUIT\r\n"; PORT = 21; } else if (!strncmp(SERVICE, "POP", 3) || !strncmp(SERVICE, "POP3", 4)) { EXPECT = "+OK"; QUIT = "QUIT\r\n"; PORT = 110; } else if (!strncmp(SERVICE, "SMTP", 4)) { EXPECT = "220"; QUIT = "QUIT\r\n"; PORT = 25; } else if (!strncmp(SERVICE, "IMAP", 4)) { EXPECT = "* OK"; QUIT = "a1 LOGOUT\r\n"; PORT = 143; } #ifdef HAVE_SSL else if (!strncmp(SERVICE, "SIMAP", 5)) { EXPECT = "* OK"; QUIT = "a1 LOGOUT\r\n"; flags |= FLAG_SSL; PORT = 993; } else if (!strncmp(SERVICE, "SPOP", 4)) { EXPECT = "+OK"; QUIT = "QUIT\r\n"; flags |= FLAG_SSL; PORT = 995; } else if (!strncmp(SERVICE, "SSMTP", 5)) { EXPECT = "220"; QUIT = "QUIT\r\n"; flags |= FLAG_SSL; PORT = 465; } else if (!strncmp(SERVICE, "JABBER", 6)) { SEND = "<stream:stream to=\'host\' xmlns=\'jabber:client\' xmlns:stream=\'http://etherx.jabber.org/streams\'>\n"; EXPECT = "<?xml version=\'1.0\'?><stream:stream xmlns=\'jabber:client\' xmlns:stream=\'http://etherx.jabber.org/streams\'"; QUIT = "</stream:stream>\n"; flags |= FLAG_HIDE_OUTPUT; PORT = 5222; } else if (!strncmp (SERVICE, "NNTPS", 5)) { server_expect_count = 2; server_expect[0] = "200"; server_expect[1] = "201"; QUIT = "QUIT\r\n"; flags |= FLAG_SSL; PORT = 563; } #endif else if (!strncmp (SERVICE, "NNTP", 4)) { server_expect_count = 2; server_expect = malloc(sizeof(char *) * server_expect_count); server_expect[0] = strdup("200"); server_expect[1] = strdup("201"); QUIT = "QUIT\r\n"; PORT = 119; } else if (!strncmp(SERVICE, "CLAMD", 5)) { SEND = "PING"; EXPECT = "PONG"; QUIT = NULL; PORT = 3310; } /* fallthrough check, so it's supposed to use reverse matching */ else if (strcmp (SERVICE, "TCP")) usage (_("CRITICAL - Generic check_tcp called with unknown service\n")); server_address = "127.0.0.1"; server_port = PORT; server_send = SEND; server_quit = QUIT; status = NULL; /* Parse extra opts if any */ argv=np_extra_opts (&argc, argv, progname); if (process_arguments (argc, argv) == ERROR) usage4 (_("Could not parse arguments")); if(flags & FLAG_VERBOSE) { printf("Using service %s\n", SERVICE); printf("Port: %d\n", server_port); printf("flags: 0x%x\n", (int)flags); } if(EXPECT && !server_expect_count) server_expect_count++; if(PROTOCOL==IPPROTO_UDP && !(server_expect_count && server_send)){ usage(_("With UDP checks, a send/expect string must be specified.")); } /* set up the timer */ signal (SIGALRM, socket_timeout_alarm_handler); alarm (socket_timeout); /* try to connect to the host at the given port number */ gettimeofday (&tv, NULL); result = np_net_connect (server_address, server_port, &sd, PROTOCOL); if (result == STATE_CRITICAL) return STATE_CRITICAL; #ifdef HAVE_SSL if (flags & FLAG_SSL){ result = np_net_ssl_init(sd); if (result == STATE_OK && check_cert == TRUE) { result = np_net_ssl_check_cert(days_till_exp); } } if(result != STATE_OK || check_cert == TRUE){ np_net_ssl_cleanup(); if(sd) close(sd); return result; } #endif /* HAVE_SSL */ if (server_send != NULL) { /* Something to send? */ my_send(server_send, strlen(server_send)); } if (delay > 0) { tv.tv_sec += delay; sleep (delay); } if(flags & FLAG_VERBOSE) { if (server_send) { printf("Send string: %s\n", server_send); } if (server_quit) { printf("Quit string: %s\n", server_quit); } printf("server_expect_count: %d\n", (int)server_expect_count); for(i = 0; i < server_expect_count; i++) printf("\t%d: %s\n", i, server_expect[i]); } /* if(len) later on, we know we have a non-NULL response */ len = 0; if (server_expect_count) { /* watch for the expect string */ while ((i = my_recv(buffer, sizeof(buffer))) > 0) { status = realloc(status, len + i + 1); memcpy(&status[len], buffer, i); len += i; /* stop reading if user-forced or data-starved */ if(i < sizeof(buffer) || (maxbytes && len >= maxbytes)) break; if (maxbytes && len >= maxbytes) break; } /* no data when expected, so return critical */ if (len == 0) die (STATE_CRITICAL, _("No data received from host\n")); /* force null-termination and strip whitespace from end of output */ status[len--] = '\0'; /* print raw output if we're debugging */ if(flags & FLAG_VERBOSE) printf("received %d bytes from host\n#-raw-recv-------#\n%s\n#-raw-recv-------#\n", (int)len + 1, status); while(isspace(status[len])) status[len--] = '\0'; match = np_expect_match(status, server_expect, server_expect_count, (flags & FLAG_MATCH_ALL ? TRUE : FALSE), (flags & FLAG_EXACT_MATCH ? TRUE : FALSE), (flags & FLAG_VERBOSE ? TRUE : FALSE)); } if (server_quit != NULL) { my_send(server_quit, strlen(server_quit)); } #ifdef HAVE_SSL np_net_ssl_cleanup(); #endif if (sd) close (sd); microsec = deltime (tv); elapsed_time = (double)microsec / 1.0e6; if (flags & FLAG_TIME_CRIT && elapsed_time > critical_time) result = STATE_CRITICAL; else if (flags & FLAG_TIME_WARN && elapsed_time > warning_time) result = STATE_WARNING; /* did we get the response we hoped? */ if(match == FALSE && result != STATE_CRITICAL) result = expect_mismatch_state; /* reset the alarm */ alarm (0); /* this is a bit stupid, because we don't want to print the * response time (which can look ok to the user) if we didn't get * the response we were looking for. if-else */ printf("%s %s - ", SERVICE, state_text(result)); if(match == FALSE && len && !(flags & FLAG_HIDE_OUTPUT)) printf("Unexpected response from host/socket: %s", status); else { if(match == FALSE) printf("Unexpected response from host/socket on "); else printf("%.3f second response time on ", elapsed_time); if(server_address[0] != '/') printf("port %d", server_port); else printf("socket %s", server_address); } if (match != FALSE && !(flags & FLAG_HIDE_OUTPUT) && len) printf (" [%s]", status); /* perf-data doesn't apply when server doesn't talk properly, * so print all zeroes on warn and crit. Use fperfdata since * localisation settings can make different outputs */ if(match == FALSE) printf ("|%s", fperfdata ("time", elapsed_time, "s", (flags & FLAG_TIME_WARN ? TRUE : FALSE), 0, (flags & FLAG_TIME_CRIT ? TRUE : FALSE), 0, TRUE, 0, TRUE, socket_timeout) ); else printf("|%s", fperfdata ("time", elapsed_time, "s", (flags & FLAG_TIME_WARN ? TRUE : FALSE), warning_time, (flags & FLAG_TIME_CRIT ? TRUE : FALSE), critical_time, TRUE, 0, TRUE, socket_timeout) ); putchar('\n'); return result; }
int main(int argc, char ** argv) { struct memcached_st *mc; memcached_return_t rc; char key[32]; u_int32_t keylen; char *val; size_t value_len; uint32_t flags; struct timeval tv; long microsec; double elapsed_time; setlocale (LC_ALL, ""); bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); /* Parse extra opts if any */ argv = np_extra_opts (&argc, argv, progname); if (process_arguments (argc, argv) == ERROR) usage4 (_("Could not parse arguments")); TRACE("%s",">>main"); // initialize gettimeofday(&tv, NULL); mc = memcached_create(NULL); if (mc == NULL) { printf("MEMCACHED %s: failed to memcached_create\n", _("CRITICAL")); exit(EXIT_CRITICAL); } TRACE("[server]%s:%d", mc_host, (int)mc_port); rc = memcached_server_add(mc, mc_host, (in_port_t)mc_port); TRACE("[mc_server_add rv]%d", rc); if (rc != MEMCACHED_SUCCESS) { printf("MEMCACHED %s: failed to memcached_server_add (%d)\n", _("CRITICAL"), rc); exit(EXIT_CRITICAL); } memcached_behavior_set(mc, MEMCACHED_BEHAVIOR_TCP_NODELAY, 1); srand(time(NULL) & getpid()); sprintf(key, "%d_%s", rand(), mc_host); keylen = strlen(key); TRACE("[key]%s[keylen]%d", key, keylen); val = (char *)calloc(1, strlen(TEST_VAL)+1); sprintf(val, "%s", TEST_VAL); TRACE("[val]%s", val); // set TRACE("[expire]%d", mc_expire); rc = memcached_set(mc, key, keylen, val, strlen(val), mc_expire, 0); TRACE("[set rv]%d", rc); if (rc != MEMCACHED_SUCCESS) { printf("MEMCACHED %s: failed to set (%d)\n", _("CRITICAL"), rc); exit(EXIT_CRITICAL); } free(val); // get val = (char *)memcached_get(mc, key, keylen, &value_len, &flags, &rc); TRACE("[val]%s", val); if (rc != MEMCACHED_SUCCESS) { printf("MEMCACHED %s: failed to get after set\n", _("CRITICAL")); exit(EXIT_CRITICAL); } free(val); // delete rc = memcached_delete(mc, key, keylen, 0); TRACE("[delete rv]%d", rc); if (rc != MEMCACHED_SUCCESS) { printf("MEMCACHED %s: failed to delete (%d)\n", _("CRITICAL"), rc); exit(EXIT_CRITICAL); } // get val = (char *)memcached_get(mc, key, keylen, &value_len, &flags, &rc); TRACE("[val]%s", val); if (rc != MEMCACHED_NOTFOUND) { printf("MEMCACHED %s: failed to get after delete\n", _("CRITICAL")); exit(EXIT_CRITICAL); } free(val); memcached_free(mc); microsec = deltime(tv); elapsed_time = (double)microsec / 1.0e6; printf("MEMCACHED %s: %.3f seconds\n", _("OK"), elapsed_time); return 0; }
int main(int argc, char ** argv) { struct memcached_st *mc; struct memcached_stat_st *stats; memcached_return_t rc; long cur_conn = -1; int status; char* status_msg; struct timeval tv; long microsec; double elapsed_time; setlocale (LC_ALL, ""); bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); /* Parse extra opts if any */ argv = np_extra_opts (&argc, argv, progname); if (process_arguments (argc, argv) == ERROR) usage4 (_("Could not parse arguments")); TRACE("%s",">>main"); // initialize gettimeofday(&tv, NULL); mc = memcached_create(NULL); if (mc == NULL) { printf("MEMCACHED %s: failed to memcached_create\n", _("CRITICAL")); exit(EXIT_CRITICAL); } TRACE("[server]%s:%s", mc_host, mc_port); rc = memcached_server_add(mc, mc_host, (in_port_t)mc_port); TRACE("[mc_server_add rv]%d", rc); if (rc != MEMCACHED_SUCCESS) { printf("MEMCACHED %s: failed to memcached_server_add (%d)\n", _("CRITICAL"), rc); exit(EXIT_CRITICAL); } memcached_behavior_set(mc, MEMCACHED_BEHAVIOR_TCP_NODELAY, 1); stats = memcached_stat(mc, NULL, &rc); if (! stats) { printf("MEMCACHED %s: failed to memcached_stats\n", _("CRITICAL")); exit(EXIT_CRITICAL); } cur_conn = stats->curr_connections; memcached_stat_free(mc, stats); memcached_free(mc); status = get_status(cur_conn, my_thresholds); status_msg = _("CRITICAL"); if (status == STATE_OK) { status_msg = _("OK"); } else if (status == STATE_WARNING) { status_msg = _("WARNING"); } else if (status == STATE_CRITICAL) { status_msg = _("CRITICAL"); } microsec = deltime(tv); elapsed_time = (double)microsec / 1.0e6; printf("MEMCACHED %s: conn %ld, %.3f seconds\n", status_msg, cur_conn, elapsed_time); return status; }
int main (int argc, char **argv) { char *command_line = NULL; char input_buffer[MAX_INPUT_BUFFER]; char *address = NULL; /* comma seperated str with addrs/ptrs (sorted) */ char **addresses = NULL; int n_addresses = 0; char *msg = NULL; char query_found[16] = ""; char *temp_buffer = NULL; int non_authoritative = TRUE; int result = STATE_UNKNOWN; double elapsed_time; long microsec; struct timeval tv; int multi_address; int parse_address = FALSE; /* This flag scans for Address: but only after Name: */ output chld_out, chld_err; size_t i; setlocale (LC_ALL, ""); bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); /* Set signal handling and alarm */ if (signal (SIGALRM, runcmd_timeout_alarm_handler) == SIG_ERR) { usage_va(_("Cannot catch SIGALRM")); } /* Parse extra opts if any */ argv=np_extra_opts (&argc, argv, progname); if (process_arguments (argc, argv) == ERROR) { usage_va(_("Could not parse arguments")); } /* get the command to run */ xasprintf (&command_line, "%s %s %s %s", NSLOOKUP_COMMAND, query_type, query_address, dns_server); alarm (timeout_interval); gettimeofday (&tv, NULL); if (verbose) printf ("%s\n", command_line); /* run the command */ if((np_runcmd(command_line, &chld_out, &chld_err, 0)) != 0) { msg = (char *)_("nslookup returned an error status"); result = STATE_WARNING; } /* scan stdout */ for(i = 0; i < chld_out.lines; i++) { if (addresses == NULL) addresses = malloc(sizeof(*addresses)*10); else if (!(n_addresses % 10)) addresses = realloc(addresses,sizeof(*addresses) * (n_addresses + 10)); if (verbose) puts(chld_out.line[i]); if (strstr (chld_out.line[i], "Authoritative answers can be found from:")) { non_authoritative = FALSE; break; } /* the server is responding, we just got the host name... */ if (strstr (chld_out.line[i], "Name:")) parse_address = TRUE; /* begin handling types of records */ if (strstr (chld_out.line[i], "AAAA address")) { if (verbose) printf("Found AAAA record\n"); temp_buffer = rindex (chld_out.line[i], ' '); addresses[n_addresses++] = check_new_address(temp_buffer); strncpy(query_found, "-querytype=AAAA", sizeof(query_found)); } else if (strstr (chld_out.line[i], "exchanger =")) { if (verbose) printf("Found MX record\n"); temp_buffer = index (chld_out.line[i], '='); addresses[n_addresses++] = check_new_address(temp_buffer); strncpy(query_found, "-querytype=MX", sizeof(query_found)); } else if (strstr (chld_out.line[i], "service =")) { if (verbose) printf("Found SRV record\n"); temp_buffer = index (chld_out.line[i], '='); addresses[n_addresses++] = check_new_address(temp_buffer); strncpy(query_found, "-querytype=SRV", sizeof(query_found)); } else if (accept_cname && strstr (chld_out.line[i], "canonical name =")) { if (verbose) printf("Found CNAME record\n"); temp_buffer = index (chld_out.line[i], '='); addresses[n_addresses++] = check_new_address(temp_buffer); strncpy(query_found, "-querytype=CNAME", sizeof(query_found)); } else if (parse_address == TRUE && (strstr (chld_out.line[i], "Address:") || strstr (chld_out.line[i], "Addresses:"))) { if (verbose) printf("Found A record\n"); temp_buffer = index (chld_out.line[i], ':'); addresses[n_addresses++] = check_new_address(temp_buffer); strncpy(query_found, "-querytype=A", sizeof(query_found)); } else if (strstr (chld_out.line[i], "nameserver =")) { if (verbose) printf("Found NS record\n"); temp_buffer = index (chld_out.line[i], '='); addresses[n_addresses++] = check_new_address(temp_buffer); strncpy(query_found, "-querytype=NS", sizeof(query_found)); } else if (strstr (chld_out.line[i], "dname =")) { if (verbose) printf("Found DNAME record\n"); temp_buffer = index (chld_out.line[i], '='); addresses[n_addresses++] = check_new_address(temp_buffer); strncpy(query_found, "-querytype=DNAME", sizeof(query_found)); } /* must be after other records with "name" as an identifier, as ptr does not spefify */ else if (strstr (chld_out.line[i], "name =")) { if (verbose) printf("Found PTR record\n"); temp_buffer = index (chld_out.line[i], '='); addresses[n_addresses++] = check_new_address(temp_buffer); strncpy(query_found, "-querytype=PTR", sizeof(query_found)); } else if (strstr (chld_out.line[i], "protocol =")) { if (verbose) printf("Found WKS record\n"); temp_buffer = index (chld_out.line[i], '='); addresses[n_addresses++] = check_new_address(temp_buffer); strncpy(query_found, "-querytype=WKS", sizeof(query_found)); } /* TODO: needs to be changed to handle txt output and max size of txt recrods */ else if (strstr (chld_out.line[i], "text =")) { if (verbose) printf("Found TXT record\n"); temp_buffer = index (chld_out.line[i], '='); addresses[n_addresses++] = check_new_address(temp_buffer); strncpy(query_found, "-querytype=TXT", sizeof(query_found)); } /* only matching for origin records, if requested other fields could be included at a later date */ else if (strstr (chld_out.line[i], "origin =")) { if (verbose) printf("Found SOA record\n"); temp_buffer = index(chld_out.line[i], '='); addresses[n_addresses++] = check_new_address(temp_buffer); strncpy(query_found, "-querytype=SOA", sizeof(query_found)); } if (strstr (chld_out.line[i], _("Non-authoritative answer:"))) { non_authoritative = TRUE; } result = error_scan (chld_out.line[i]); if (result != STATE_OK) { msg = strchr (chld_out.line[i], ':'); if(msg) msg++; break; } } /* scan stderr */ for(i = 0; i < chld_err.lines; i++) { if (verbose) puts(chld_err.line[i]); if (error_scan (chld_err.line[i]) != STATE_OK) { result = max_state (result, error_scan (chld_err.line[i])); msg = strchr(input_buffer, ':'); if(msg) msg++; } } if (addresses) { int i,slen; char *adrp; qsort(addresses, n_addresses, sizeof(*addresses), qstrcmp); for(i=0, slen=1; i < n_addresses; i++) { slen += strlen(addresses[i])+1; } adrp = address = malloc(slen); for(i=0; i < n_addresses; i++) { if (i) *adrp++ = ','; strcpy(adrp, addresses[i]); adrp += strlen(addresses[i]); } *adrp = 0; } else die (STATE_CRITICAL, _("DNS CRITICAL - '%s' msg parsing exited with no address\n"), NSLOOKUP_COMMAND); /* compare to expected address */ if (result == STATE_OK && expected_address_cnt > 0) { result = STATE_CRITICAL; temp_buffer = ""; for (i=0; i<expected_address_cnt; i++) { /* check if we get a match and prepare an error string */ if (strcmp(address, expected_address[i]) == 0) result = STATE_OK; xasprintf(&temp_buffer, "%s%s; ", temp_buffer, expected_address[i]); } if (result == STATE_CRITICAL) { /* Strip off last semicolon... */ temp_buffer[strlen(temp_buffer)-2] = '\0'; xasprintf(&msg, _("expected '%s' but got '%s'"), temp_buffer, address); } } /* check if authoritative */ if (result == STATE_OK && expect_authority && !non_authoritative) { result = STATE_CRITICAL; if (strncmp(dns_server, "", 1)) xasprintf(&msg, _("server %s is not authoritative for %s"), dns_server, query_address); else xasprintf(&msg, _("there is no authoritative server for %s"), query_address); } /* compare query type to query found, if query type is ANY we can skip as any record is accepted*/ if (result == STATE_OK && strncmp(query_type, "", 1) && (strncmp(query_type, "-querytype=ANY", 15) != 0)) { if (strncmp(query_type, query_found, 16) != 0) { if (verbose) printf( "Failed query for %s only found %s, or nothing\n", query_type, query_found); result = STATE_CRITICAL; xasprintf(&msg, _("query type of %s was not found for %s"), query_type, query_address); } } microsec = deltime (tv); elapsed_time = (double)microsec / 1.0e6; if (result == STATE_OK) { if (strchr (address, ',') == NULL) multi_address = FALSE; else multi_address = TRUE; result = get_status(elapsed_time, time_thresholds); if (result == STATE_OK) { printf ("DNS %s: ", _("OK")); } else if (result == STATE_WARNING) { printf ("DNS %s: ", _("WARNING")); } else if (result == STATE_CRITICAL) { printf ("DNS %s: ", _("CRITICAL")); } printf (ngettext("%.3f second response time", "%.3f seconds response time", elapsed_time), elapsed_time); printf (_(". %s returns %s"), query_address, address); if ((time_thresholds->warning != NULL) && (time_thresholds->critical != NULL)) { printf ("|%s\n", fperfdata ("time", elapsed_time, "s", TRUE, time_thresholds->warning->end, TRUE, time_thresholds->critical->end, TRUE, 0, FALSE, 0)); } else if ((time_thresholds->warning == NULL) && (time_thresholds->critical != NULL)) { printf ("|%s\n", fperfdata ("time", elapsed_time, "s", FALSE, 0, TRUE, time_thresholds->critical->end, TRUE, 0, FALSE, 0)); } else if ((time_thresholds->warning != NULL) && (time_thresholds->critical == NULL)) { printf ("|%s\n", fperfdata ("time", elapsed_time, "s", TRUE, time_thresholds->warning->end, FALSE, 0, TRUE, 0, FALSE, 0)); } else printf ("|%s\n", fperfdata ("time", elapsed_time, "s", FALSE, 0, FALSE, 0, TRUE, 0, FALSE, 0)); } else if (result == STATE_WARNING) printf (_("DNS WARNING - %s\n"), !strcmp (msg, "") ? _(" Probably a non-existent host/domain") : msg); else if (result == STATE_CRITICAL) printf (_("DNS CRITICAL - %s\n"), !strcmp (msg, "") ? _(" Probably a non-existent host/domain") : msg); else printf (_("DNS UNKNOWN - %s\n"), !strcmp (msg, "") ? _(" Probably a non-existent host/domain") : msg); return result; }
int ssh_connect_p (char *haddr, int hport, char *remote_version, char * remote_fingerprint) { struct timeval tv; double elapsed_time; ssh_session my_ssh_session; int version; int myversion; int hlen; int rc; int state; int i; unsigned char *hash = NULL; char * fingerprint; int in_known_host; int sshv1,sshv2,sshv3; gettimeofday(&tv, NULL); my_ssh_session = ssh_new(); if (my_ssh_session == NULL) return STATE_CRITICAL; ssh_options_set(my_ssh_session, SSH_OPTIONS_HOST, haddr); ssh_options_set(my_ssh_session, SSH_OPTIONS_PORT, &hport); rc = ssh_connect(my_ssh_session); if (rc != SSH_OK) { printf ("Connect to Server failed\n"); exit (STATE_CRITICAL); } in_known_host=-1; state = ssh_is_server_known(my_ssh_session); hlen = ssh_get_pubkey_hash(my_ssh_session, &hash); /* Get the finger print as a string */ fingerprint = ssh_get_hexa(hash, hlen); if(remote_fingerprint && strcmp(remote_fingerprint, "known_host") == NULL) { if(state != SSH_SERVER_KNOWN_OK) { printf ("SSH CRITICAL - Fingerprint (%s) checked in known_hosts failed\n", remote_fingerprint,fingerprint); exit(STATE_CRITICAL); } else { in_known_host=1; } } /* FIXME: This alwats eval to false... */ if(remote_fingerprint && strcmp(remote_fingerprint, "known_host") && strcmp(remote_fingerprint, fingerprint)) { printf ("SSH CRITICAL - Fingerprint (%s) mismatched %s\n", remote_fingerprint,fingerprint); free(fingerprint); exit(STATE_CRITICAL); } version = ssh_get_openssh_version(my_ssh_session); if(remote_version && sscanf(remote_version, "%d.%d.%d", &sshv1, &sshv2, &sshv3)) { myversion = SSH_VERSION_INT(sshv1, sshv2, sshv3); if(version < myversion) { printf ("SSH WARNING version on server is below %s\n", remote_version); exit(STATE_CRITICAL); } } elapsed_time = (double)deltime(tv) / 1.0e6; printf (_("SSH OK - fingerprint: %s (Version %d) known_host_check:%d | %s\n"), fingerprint, version,in_known_host, fperfdata("time", elapsed_time, "s", FALSE, 0, FALSE, 0, TRUE, 0, TRUE, (int)socket_timeout)); free(fingerprint); ssh_disconnect(my_ssh_session); ssh_free(my_ssh_session); exit(STATE_OK); }