rpm/monitoring-plugins
SHA256
1
0
Fork 0
forked from pool/monitoring-plugins
Code Pull Requests Activity
2eaa000d0e
monitoring-plugins/monitoring-plugins-2.3.5-check_http-proxy.patch
Lars Vogdt c26a8b5fed Accepting request 1144413 from home:adaugherity:branches:server:monitoring 
- enable check_curl by BuildRequiring its dependencies 
- restore patches not yet applied upstream (and rename to 2.3.5):
  + monitoring-plugins-2.3.3-check_log_-_quoting.patch
  + monitoring-plugins-2.3.3-check_http-proxy.patch
- drop upstreamed patches:
  + monitoring-plugins-2.3.3-check_by_ssh.patch (GitHub #1774)
  + monitoring-plugins-2.3.3-check_disk_on_btrfs.patch (GH #1388)
  - GitHub issues for patches upstreamed on 2023-12-05:
    + monitoring-plugins-2.3.3-check_snmp.arrayaddress.patch (GH #1870)
    + monitoring-plugins-2.3.3-mariadb_102_build_fix.patch (GH #1522)
    + monitoring-plugins-2.3.3-check_dhcp_-_detect_rogue_dhcp_servers.patch (GH #1906)
    + monitoring-plugins-2.3.3-check_icmp.patch (GH #1807)
    + systemd-not-utmp.patch (GH #1888)
- Repair the "no chown" patch to actually avoid calling chown; avoid
  automake build deps by patching Makefile.in rather than Makefile.am.
  + After upstream updated the gl subdir, it complains that the automake
    in SLE 12 SP5 is too old.
- Fix build on SLE 12 SP5 (link failure due to mixing OpenSSL 1.0 & 1.1)
  by using only OpenSSL 1.1, and excluding curl subpackage (needs uriparser).
- Rename patch files to match version number.
- sync check_mssql package description with plugin's help output
  + Note that not all distros contain perl-DBD-Sybase and/or freetds
- remove obsolete configure options
  + --with-ntp{q,dc,date}-command dropped upstream in 1.4.4 (e667553)
  + --with-proc-loadavg dropped in 1.4.6 (fe856aa)
- remove unnecessary chmod commands during build
- disable gettextize as upstream has (temporarily?) removed translations (GH #1947)

OBS-URL: https://build.opensuse.org/request/show/1144413
OBS-URL: https://build.opensuse.org/package/show/server:monitoring/monitoring-plugins?expand=0&rev=119
2024-02-09 14:04:24 +00:00

170 lines
6.9 KiB
Diff
Raw Blame History

diff --git a/plugins/check_http.c b/plugins/check_http.c
index 8dda046f..2ab6a7a3 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -126,6 +126,9 @@ int sd;
int min_page_len = 0;
int max_page_len = 0;
int redir_depth = 0;
+bool ssl_proxy = false;
+char *proxy_server_address;
+int proxy_server_port;
int max_depth = DEFAULT_MAX_REDIRS;
char *http_method;
char *http_method_proxy;
@@ -139,6 +142,7 @@ char *client_privkey = NULL;
bool process_arguments (int, char **);
int check_http (void);
void redir (char *pos, char *status_line);
+const char *find_uri_path (const char *url);
bool server_type_check(const char *type);
int server_port_check(int ssl_flag);
char *perfd_time (double microsec);
@@ -609,6 +613,17 @@ bool process_arguments (int argc, char **argv)
if (virtual_port == 0)
virtual_port = server_port;
+ /* if we are called with the -I option, the -j method is CONNECT and */
+ /* we received -S for SSL, then we tunnel the request through a proxy*/
+ /* @20100414, public[at]frank4dd.com, http://www.frank4dd.com/howto */
+
+ ssl_proxy = server_address != NULL && strcmp(http_method, "CONNECT") == 0
+ && host_name != NULL && use_ssl == true;
+ if (ssl_proxy) {
+ proxy_server_address = strdup(server_address);
+ proxy_server_port = server_port;
+ }
+
return true;
}
@@ -940,18 +955,18 @@ check_http (void)
/* try to connect to the host at the given port number */
gettimeofday (&tv_temp, NULL);
- if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK)
+ result = ssl_proxy ?
+ my_tcp_connect (proxy_server_address, proxy_server_port, &sd) :
+ my_tcp_connect (server_address, server_port, &sd);
+ if (result != STATE_OK)
die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
microsec_connect = deltime (tv_temp);
- /* if we are called with the -I option, the -j method is CONNECT and */
- /* we received -S for SSL, then we tunnel the request through a proxy*/
- /* @20100414, public[at]frank4dd.com, http://www.frank4dd.com/howto */
+ /* handle connection via SSL proxy */
+ if (ssl_proxy) {
- if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
- && host_name != NULL && use_ssl == true) {
-
- if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT);
+ if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n",
+ proxy_server_address, proxy_server_port, host_name, HTTPS_PORT);
asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent);
if (strlen(proxy_auth)) {
base64_encode_alloc (proxy_auth, strlen (proxy_auth), &auth);
@@ -986,7 +1001,7 @@ check_http (void)
if (use_ssl == true) {
gettimeofday (&tv_temp, NULL);
result = np_net_ssl_init_with_hostname_version_and_cert(sd, (use_sni ? host_name : NULL), ssl_version, client_cert, client_privkey);
- if (verbose) printf ("SSL initialized\n");
+ if (verbose) printf ("SSL initialization %s\n", result == STATE_OK ? "successful" : "failed");
if (result != STATE_OK)
die (STATE_CRITICAL, NULL);
microsec_ssl = deltime (tv_temp);
@@ -1002,9 +1017,8 @@ check_http (void)
}
#endif /* HAVE_SSL */
- if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
- && host_name != NULL && use_ssl == true)
- asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method_proxy, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
+ if (ssl_proxy)
+ asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method_proxy, find_uri_path(server_url), host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
else
asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
@@ -1033,8 +1047,7 @@ check_http (void)
*/
if ((use_ssl == false && virtual_port == HTTP_PORT) ||
(use_ssl == true && virtual_port == HTTPS_PORT) ||
- (server_address != NULL && strcmp(http_method, "CONNECT") == 0
- && host_name != NULL && use_ssl == true))
+ ssl_proxy)
xasprintf (&buf, "%sHost: %s\r\n", buf, host_name);
else
xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, virtual_port);
@@ -1138,10 +1151,17 @@ check_http (void)
/* leave full_page untouched so we can free it later */
page = full_page;
- if (verbose)
- printf ("%s://%s:%d%s is %d characters\n",
- use_ssl ? "https" : "http", server_address,
- server_port, server_url, (int)pagesize);
+ if (verbose) {
+ if (ssl_proxy) {
+ printf ("[via proxy %s://%s:%d] %s returned %d bytes\n",
+ use_ssl ? "https" : "http", proxy_server_address, proxy_server_port,
+ server_url, (int)pagesize);
+ } else {
+ printf ("%s://%s:%d%s returned %d bytes\n",
+ use_ssl ? "https" : "http", server_address,
+ server_port, server_url, (int)pagesize);
+ }
+ }
/* find status line and null-terminate it */
status_line = page;
@@ -1301,7 +1321,12 @@ check_http (void)
bcopy("...", &output_string_search[sizeof(output_string_search) - 4],
4);
}
- xasprintf (&msg, _("%sstring '%s' not found on '%s://%s:%d%s', "), msg, output_string_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
+ if (ssl_proxy) {
+ xasprintf (&msg, _("%sstring '%s' not found on '%s', "), msg, output_string_search, server_url);
+ } else {
+ xasprintf (&msg, _("%sstring '%s' not found on '%s://%s:%d%s', "), msg, output_string_search,
+ use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
+ }
result = STATE_CRITICAL;
}
}
@@ -1642,6 +1667,25 @@ redir (char *pos, char *status_line)
check_http ();
}
+// Locate the URI path inside a complete URL. If we fail, just return the original URL.
+const char *
+find_uri_path (const char *url)
+{
+ const char *s = url;
+
+ if (strncmp(s, "http://", 7) == 0)
+ s += 7;
+ else if (strncmp(s, "https://", 8) == 0)
+ s += 8;
+ else
+ return url;
+ while (*s != '\0') {
+ if (strchr("/?#", *s) != NULL)
+ return s;
+ s++;
+ }
+ return url;
+}
bool
server_type_check (const char *type)
@@ -1861,7 +1905,7 @@ print_help (void)
printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned."));
printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days"));
-
+ printf ("\n");
printf (" %s\n\n", "CHECK SSL WEBSERVER CONTENT VIA PROXY USING HTTP 1.1 CONNECT: ");
printf (" %s\n", _("check_http -I 192.168.100.35 -p 80 -u https://www.verisign.com/ -S -j CONNECT -H www.verisign.com "));
printf (" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>"));
View Git Blame Copy Permalink