upstream/monitoring-plugins
1
0
Fork 0
mirror of https://github.com/monitoring-plugins/monitoring-plugins.git synced 2026-05-21 09:55:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'master' into fix/additional_tests

Browse source
This commit is contained in:
Lorenz Kästle 2026-04-09 11:05:03 +02:00 committed by GitHub
commit 58bbf9f5af
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
28 changed files with 399 additions and 282 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
configure.ac
View file

@ -578,7 +578,7 @@ if test "$FOUNDOPENSSL" = "yes" || test "$FOUNDGNUTLS" = "yes"; then
AC_SUBST(SSLLIBS)
AC_DEFINE(HAVE_SSL,1,[Define if SSL libraries are found])
if test "$FOUNDOPENSSL" = "yes"; then
AC_DEFINE(USE_OPENSSL,1,[Define if using OpenSSL libraries])
AC_DEFINE(MOPL_USE_OPENSSL,1,[Define if using OpenSSL libraries])
with_openssl="yes"
with_gnutls="no"
else

2
lib/utils_base.h
View file

@ -9,7 +9,7 @@
#include "./thresholds.h"
#include "states.h"
#ifndef USE_OPENSSL
#ifndef MOPL_USE_OPENSSL
# include "sha256.h"
#endif

2
plugins/Makefile.am
View file

@ -165,7 +165,7 @@ check_real_LDADD = $(NETLIBS)
check_snmp_SOURCES = check_snmp.c check_snmp.d/check_snmp_helpers.c
check_snmp_LDADD = $(BASEOBJS)
check_snmp_LDFLAGS = $(AM_LDFLAGS) -lm `net-snmp-config --libs`
check_snmp_CFLAGS = $(AM_CFLAGS) `net-snmp-config --cflags`
check_snmp_CFLAGS = $(AM_CFLAGS) `net-snmp-config --cflags | sed 's/-Werror=declaration-after-statement//'`
check_smtp_LDADD = $(SSLOBJS)
check_ssh_LDADD = $(NETLIBS)
check_swap_SOURCES = check_swap.c check_swap.d/swap.c

2
plugins/check_cluster.c
View file

@ -175,7 +175,7 @@ check_cluster_config_wrapper process_arguments(int argc, char **argv) {
while (true) {
int option_index = getopt_long(argc, argv, "hHsvVw:c:d:l:", longopts, &option);
if (option_index == -1 || option_index == EOF || option_index == 1) {
if (CHECK_EOF(option_index) || option_index == 1) {
break;
}

116
plugins/check_curl.c
View file

@ -62,7 +62,7 @@ const char *email = "devel@monitoring-plugins.org";
#include <arpa/inet.h>
#include <netinet/in.h>
#if defined(HAVE_SSL) && defined(USE_OPENSSL)
#if defined(HAVE_SSL) && defined(MOPL_USE_OPENSSL)
# include <openssl/opensslv.h>
#endif
@ -81,9 +81,9 @@ extern char errbuf[MAX_INPUT_BUFFER];
extern bool is_openssl_callback;
extern bool add_sslctx_verify_fun;
#if defined(HAVE_SSL) && defined(USE_OPENSSL)
#if defined(HAVE_SSL) && defined(MOPL_USE_OPENSSL)
static X509 *cert = NULL;
#endif /* defined(HAVE_SSL) && defined(USE_OPENSSL) */
#endif /* defined(HAVE_SSL) && defined(MOPL_USE_OPENSSL) */
typedef struct {
int errorcode;
@ -114,10 +114,10 @@ static void print_curl_version(void);
// check_curl_evaluation_wrapper check_curl_evaluate(check_curl_config config,
// mp_check overall[static 1]) {}
#if defined(HAVE_SSL) && defined(USE_OPENSSL)
#if defined(HAVE_SSL) && defined(MOPL_USE_OPENSSL)
mp_state_enum np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn,
int days_till_exp_crit);
#endif /* defined(HAVE_SSL) && defined(USE_OPENSSL) */
#endif /* defined(HAVE_SSL) && defined(MOPL_USE_OPENSSL) */
int main(int argc, char **argv) {
#ifdef __OpenBSD__
@ -167,7 +167,7 @@ int main(int argc, char **argv) {
}
#ifdef HAVE_SSL
# ifdef USE_OPENSSL
# ifdef MOPL_USE_OPENSSL
int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) {
(void)preverify_ok;
/* TODO: we get all certificates of the chain, so which ones
@ -190,11 +190,11 @@ int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) {
}
return 1;
}
# endif /* USE_OPENSSL */
# endif /* MOPL_USE_OPENSSL */
#endif /* HAVE_SSL */
#ifdef HAVE_SSL
# ifdef USE_OPENSSL
# ifdef MOPL_USE_OPENSSL
CURLcode sslctxfun(CURL *curl, SSL_CTX *sslctx, void *parm) {
(void)curl; // ignore unused parameter
(void)parm; // ignore unused parameter
@ -211,7 +211,7 @@ CURLcode sslctxfun(CURL *curl, SSL_CTX *sslctx, void *parm) {
return CURLE_OK;
}
# endif /* USE_OPENSSL */
# endif /* MOPL_USE_OPENSSL */
#endif /* HAVE_SSL */
mp_subcheck check_http(const check_curl_config config, check_curl_working_state workingState,
@ -247,8 +247,9 @@ mp_subcheck check_http(const check_curl_config config, check_curl_working_state
printf("**** REQUEST CONTENT ****\n%s\n", workingState.http_post_data);
}
// curl_state is updated after curl_easy_perform, and with updated curl_state certificate checks can be done
// Check_http tries to check certs as early as possible, and exits with certificate check result by default. Behave similarly.
// curl_state is updated after curl_easy_perform, and with updated curl_state certificate checks
// can be done Check_http tries to check certs as early as possible, and exits with certificate
// check result by default. Behave similarly.
#ifdef LIBCURL_FEATURE_SSL
if (workingState.use_ssl && config.check_cert) {
if (verbose > 1) {
@ -979,7 +980,7 @@ check_curl_config_wrapper process_arguments(int argc, char **argv) {
int option_index = getopt_long(
argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:x:b:d:e:p:s:R:r:u:f:C:J:K:DnlLS::m:M:NEB",
longopts, &option);
if (option_index == -1 || option_index == EOF || option_index == 1) {
if (CHECK_EOF(option_index) || option_index == 1) {
break;
}
@ -1546,8 +1547,8 @@ void print_help(void) {
printf(" %s\n", "-I, --IP-address=ADDRESS");
printf(" %s\n",
"IP address or name (use numeric address if possible to bypass DNS lookup).");
printf(" %s\n",
"This overwrites the network address of the target while leaving everything else (HTTP headers) as they are");
printf(" %s\n", "This overwrites the network address of the target while leaving everything "
"else (HTTP headers) as they are");
printf(" %s\n", "-p, --port=INTEGER");
printf(" %s", _("Port number (default: "));
printf("%d)\n", HTTP_PORT);
@ -1611,7 +1612,8 @@ void print_help(void) {
printf(" %s\n", _("String to expect in the content"));
printf(" %s\n", "-u, --url=PATH");
printf(" %s\n", _("URL to GET or POST (default: /)"));
printf(" %s\n", _("This is the part after the address in a URL, so for \"https://example.com/index.html\" it would be '-u /index.html'"));
printf(" %s\n", _("This is the part after the address in a URL, so for "
"\"https://example.com/index.html\" it would be '-u /index.html'"));
printf(" %s\n", "-P, --post=STRING");
printf(" %s\n", _("URL decoded http POST data"));
printf(" %s\n",
@ -1643,11 +1645,12 @@ void print_help(void) {
printf(" %s\n", _("If port is not specified, libcurl defaults to 1080"));
printf(" %s\n", _("This value will be set as CURLOPT_PROXY"));
printf(" %s\n", "--noproxy=COMMA_SEPARATED_LIST");
printf(" %s\n", _("Specify hostnames, addresses and subnets where proxy should not be used"));
printf(" %s\n",
_("Specify hostnames, addresses and subnets where proxy should not be used"));
printf(" %s\n", _("Example usage: \"example.com,::1,1.1.1.1,localhost,192.168.0.0/16\""));
printf(" %s\n", _("Do not use brackets when specifying IPv6 addresses"));
printf(" %s\n", _("Special case when an item is '*' : matches all hosts/addresses "
"and effectively disables proxy."));
"and effectively disables proxy."));
printf(" %s\n", _("This value will be set as CURLOPT_NOPROXY"));
printf(" %s\n", "-a, --authorization=AUTH_PAIR");
printf(" %s\n", _("Username:password on sites with basic authentication"));
@ -1757,38 +1760,59 @@ void print_help(void) {
#endif
printf("\n %s\n", "CHECK WEBSERVER CONTENT VIA PROXY:");
printf(" %s\n", _("Proxies are specified or disabled for certain hosts/addresses using environment variables"
" or -x/--proxy and --noproxy arguments:"));
printf(" %s\n", _("Checked environment variables: all_proxy, http_proxy, https_proxy, no_proxy"));
printf(" %s\n", _("Environment variables can also be given in uppercase, but the lowercase ones will "
"take predence if both are defined."));
printf(" %s\n", _("The environment variables are overwritten by -x/--proxy and --noproxy arguments:"));
printf(" %s\n", _("Proxies are specified or disabled for certain hosts/addresses using "
"environment variables"
" or -x/--proxy and --noproxy arguments:"));
printf(" %s\n",
_("Checked environment variables: all_proxy, http_proxy, https_proxy, no_proxy"));
printf(" %s\n",
_("Environment variables can also be given in uppercase, but the lowercase ones will "
"take predence if both are defined."));
printf(" %s\n",
_("The environment variables are overwritten by -x/--proxy and --noproxy arguments:"));
printf(" %s\n", _("all_proxy/ALL_PROXY environment variables are read first, but protocol "
"specific environment variables override them."));
printf(" %s\n", _("If SSL is enabled and used, https_proxy/HTTPS_PROXY will be checked and overwrite "
"http_proxy/HTTPS_PROXY."));
printf(" %s\n", _("Curl accepts proxies using http, https, socks4, socks4a, socks5 and socks5h schemes."));
printf(" %s\n", _("http_proxy=http://192.168.100.35:3128 ./check_curl -H www.monitoring-plugins.org"));
printf(" %s\n", _("http_proxy=http://used.proxy.com HTTP_PROXY=http://ignored.proxy.com ./check_curl -H www.monitoring-plugins.org"));
"specific environment variables override them."));
printf(" %s\n",
_("If SSL is enabled and used, https_proxy/HTTPS_PROXY will be checked and overwrite "
"http_proxy/HTTPS_PROXY."));
printf(
" %s\n",
_("Curl accepts proxies using http, https, socks4, socks4a, socks5 and socks5h schemes."));
printf(" %s\n",
_("http_proxy=http://192.168.100.35:3128 ./check_curl -H www.monitoring-plugins.org"));
printf(" %s\n", _("http_proxy=http://used.proxy.com HTTP_PROXY=http://ignored.proxy.com "
"./check_curl -H www.monitoring-plugins.org"));
printf(" %s\n", _(" Lowercase http_proxy takes predence over uppercase HTTP_PROXY"));
printf(" %s\n", _("./check_curl -H www.monitoring-plugins.org -x http://192.168.100.35:3128"));
printf(" %s\n", _("http_proxy=http://unused.proxy1.com HTTP_PROXY=http://unused.proxy2.com ./check_curl "
"-H www.monitoring-plugins.org --proxy http://used.proxy"));
printf(" %s\n", _(" Proxy specified by --proxy overrides any proxy specified by environment variable."));
printf(" %s\n",
_("http_proxy=http://unused.proxy1.com HTTP_PROXY=http://unused.proxy2.com ./check_curl "
"-H www.monitoring-plugins.org --proxy http://used.proxy"));
printf(
" %s\n",
_(" Proxy specified by --proxy overrides any proxy specified by environment variable."));
printf(" %s\n", _(" Curl uses port 1080 by default as port is not specified"));
printf(" %s\n", _("HTTPS_PROXY=http://192.168.100.35:3128 ./check_curl -H www.monitoring-plugins.org --ssl"));
printf(" %s\n", _("HTTPS_PROXY=http://192.168.100.35:3128 ./check_curl -H "
"www.monitoring-plugins.org --ssl"));
printf(" %s\n", _(" HTTPS_PROXY is read as --ssl is toggled"));
printf(" %s\n", _("./check_curl -H www.monitoring-plugins.org --proxy socks5h://192.168.122.21"));
printf(" %s\n", _("./check_curl -H www.monitoring-plugins.org -x http://unused.proxy.com --noproxy '*'"));
printf(" %s\n",
_("./check_curl -H www.monitoring-plugins.org --proxy socks5h://192.168.122.21"));
printf(
" %s\n",
_("./check_curl -H www.monitoring-plugins.org -x http://unused.proxy.com --noproxy '*'"));
printf(" %s\n", _(" Disabled proxy for all hosts by using '*' in no_proxy ."));
printf(" %s\n", _("NO_PROXY=www.monitoring-plugins.org ./check_curl -H www.monitoring-plugins.org -x http://unused.proxy.com"));
printf(" %s\n", _("NO_PROXY=www.monitoring-plugins.org ./check_curl -H "
"www.monitoring-plugins.org -x http://unused.proxy.com"));
printf(" %s\n", _(" Exact matches with the hostname/address work."));
printf(" %s\n", _("no_proxy=192.168.178.0/24 ./check_curl -I 192.168.178.10 -x http://proxy.acme.org"));
printf(" %s\n", _("no_proxy=acme.org ./check_curl -H nonpublic.internalwebapp.acme.org -x http://proxy.acme.org"));
printf(" %s\n", _(" Do not use proxy when accessing internal domains/addresses, but use a default proxy when accessing public web."));
printf(" %s\n", _(" IMPORTANT: Check_curl can not always determine whether itself or the proxy will "
"resolve a hostname before sending a request and getting an answer."
"This can lead to DNS resolvation issues if hostname is only resolvable over proxy."));
printf(" %s\n",
_("no_proxy=192.168.178.0/24 ./check_curl -I 192.168.178.10 -x http://proxy.acme.org"));
printf(" %s\n", _("no_proxy=acme.org ./check_curl -H nonpublic.internalwebapp.acme.org -x "
"http://proxy.acme.org"));
printf(" %s\n", _(" Do not use proxy when accessing internal domains/addresses, but use a "
"default proxy when accessing public web."));
printf(" %s\n",
_(" IMPORTANT: Check_curl can not always determine whether itself or the proxy will "
"resolve a hostname before sending a request and getting an answer."
"This can lead to DNS resolvation issues if hostname is only resolvable over proxy."));
printf(" %s\n", _("Legacy proxy requests in check_http style still work:"));
printf(" %s\n", _("check_curl -I 192.168.100.35 -p 3128 -u http://www.monitoring-plugins.org/ "
"-H www.monitoring-plugins.org"));
@ -1843,7 +1867,7 @@ void print_usage(void) {
void print_curl_version(void) { printf("%s\n", curl_version()); }
#ifdef LIBCURL_FEATURE_SSL
# ifndef USE_OPENSSL
# ifndef MOPL_USE_OPENSSL
time_t parse_cert_date(const char *s) {
if (!s) {
return -1;
@ -1860,11 +1884,11 @@ time_t parse_cert_date(const char *s) {
return date;
}
# endif /* USE_OPENSSL */
# endif /* MOPL_USE_OPENSSL */
#endif /* LIBCURL_FEATURE_SSL */
#ifdef LIBCURL_FEATURE_SSL
# ifndef USE_OPENSSL
# ifndef MOPL_USE_OPENSSL
/* TODO: this needs cleanup in the sslutils.c, maybe we the #else case to
* OpenSSL could be this function
*/
@ -2001,5 +2025,5 @@ int net_noopenssl_check_certificate(cert_ptr_union *cert_ptr, int days_till_exp_
}
return status;
}
# endif /* USE_OPENSSL */
# endif /* MOPL_USE_OPENSSL */
#endif /* LIBCURL_FEATURE_SSL */

388
plugins/check_curl.d/check_curl_helpers.c
View file

@ -60,8 +60,8 @@ check_curl_configure_curl(const check_curl_static_curl_config config,
result.curl_state.curl_easy_initialized = true;
if (verbose >= 1) {
handle_curl_option_return_code(curl_easy_setopt(result.curl_state.curl, CURLOPT_VERBOSE, 1L),
"CURLOPT_VERBOSE");
handle_curl_option_return_code(
curl_easy_setopt(result.curl_state.curl, CURLOPT_VERBOSE, 1L), "CURLOPT_VERBOSE");
}
/* print everything on stdout like check_http would do */
@ -120,21 +120,23 @@ check_curl_configure_curl(const check_curl_static_curl_config config,
"CURLOPT_TIMEOUT");
/* set proxy */
/* http(s) proxy can either be given from the command line, or taken from environment variables */
/* http(s) proxy can either be given from the command line, or taken from environment variables
*/
/* socks4(a) / socks5(h) proxy should be given using the command line */
/* first source to check is the environment variables */
/* lower case proxy environment variables are almost always accepted, while some programs also checking
uppercase ones. discover both, but take the lowercase one if both are present */
/* lower case proxy environment variables are almost always accepted, while some programs also
checking uppercase ones. discover both, but take the lowercase one if both are present */
/* extra information: libcurl does not discover the uppercase version HTTP_PROXY due to security reasons */
/* extra information: libcurl does not discover the uppercase version HTTP_PROXY due to security
* reasons */
/* https://github.com/curl/curl/blob/d445f2d930ae701039518d695481ee53b8490521/lib/url.c#L1987 */
/* first environment variable to read is all_proxy. it can be overridden by protocol specific environment variables */
char *all_proxy_env, *all_proxy_uppercase_env;
all_proxy_env = getenv("all_proxy");
all_proxy_uppercase_env = getenv("ALL_PROXY");
if (all_proxy_env != NULL && strlen(all_proxy_env)){
/* first environment variable to read is all_proxy. it can be overridden by protocol specific
* environment variables */
char *all_proxy_env = getenv("all_proxy");
char *all_proxy_uppercase_env = getenv("ALL_PROXY");
if (all_proxy_env != NULL && strlen(all_proxy_env)) {
working_state.curlopt_proxy = strdup(all_proxy_env);
if (all_proxy_uppercase_env != NULL && verbose >= 1) {
printf("* cURL ignoring environment variable 'ALL_PROXY' as 'all_proxy' is set\n");
@ -143,15 +145,16 @@ check_curl_configure_curl(const check_curl_static_curl_config config,
working_state.curlopt_proxy = strdup(all_proxy_uppercase_env);
}
/* second environment variable to read is http_proxy. only set curlopt_proxy if ssl is not toggled */
char *http_proxy_env, *http_proxy_uppercase_env;
http_proxy_env = getenv("http_proxy");
http_proxy_uppercase_env = getenv("HTTP_PROXY");
if (!working_state.use_ssl){
/* second environment variable to read is http_proxy. only set curlopt_proxy if ssl is not
* toggled */
char *http_proxy_env = getenv("http_proxy");
char *http_proxy_uppercase_env = getenv("HTTP_PROXY");
if (!working_state.use_ssl) {
if (http_proxy_env != NULL && strlen(http_proxy_env) > 0) {
working_state.curlopt_proxy = strdup(http_proxy_env);
if (http_proxy_uppercase_env != NULL && verbose >= 1) {
printf("* cURL ignoring environment variable 'HTTP_PROXY' as 'http_proxy' is set\n");
printf(
"* cURL ignoring environment variable 'HTTP_PROXY' as 'http_proxy' is set\n");
}
} else if (http_proxy_uppercase_env != NULL && strlen(http_proxy_uppercase_env) > 0) {
working_state.curlopt_proxy = strdup(http_proxy_uppercase_env);
@ -159,30 +162,31 @@ check_curl_configure_curl(const check_curl_static_curl_config config,
}
#ifdef LIBCURL_FEATURE_SSL
/* optionally read https_proxy environment variable and set curlopt_proxy if ssl is toggled */
char *https_proxy_env, *https_proxy_uppercase_env;
https_proxy_env = getenv("https_proxy");
https_proxy_uppercase_env = getenv("HTTPS_PROXY");
char *https_proxy_env = getenv("https_proxy");
char *https_proxy_uppercase_env = getenv("HTTPS_PROXY");
if (working_state.use_ssl) {
if (https_proxy_env != NULL && strlen(https_proxy_env) > 0) {
working_state.curlopt_proxy = strdup(https_proxy_env);
if (https_proxy_uppercase_env != NULL && verbose >= 1) {
printf("* cURL ignoring environment variable 'HTTPS_PROXY' as 'https_proxy' is set\n");
printf(
"* cURL ignoring environment variable 'HTTPS_PROXY' as 'https_proxy' is set\n");
}
}
else if (https_proxy_uppercase_env != NULL && strlen(https_proxy_uppercase_env) >= 0) {
} else if (https_proxy_uppercase_env != NULL) {
working_state.curlopt_proxy = strdup(https_proxy_uppercase_env);
}
}
#endif /* LIBCURL_FEATURE_SSL */
/* second source to check for proxies is command line argument, overwriting the environment variables */
/* second source to check for proxies is command line argument, overwriting the environment
* variables */
if (strlen(config.proxy) > 0) {
working_state.curlopt_proxy = strdup(config.proxy);
}
if (working_state.curlopt_proxy != NULL && strlen(working_state.curlopt_proxy)){
if (working_state.curlopt_proxy != NULL && strlen(working_state.curlopt_proxy)) {
handle_curl_option_return_code(
curl_easy_setopt(result.curl_state.curl, CURLOPT_PROXY, working_state.curlopt_proxy), "CURLOPT_PROXY");
curl_easy_setopt(result.curl_state.curl, CURLOPT_PROXY, working_state.curlopt_proxy),
"CURLOPT_PROXY");
if (verbose >= 1) {
printf("* curl CURLOPT_PROXY: %s\n", working_state.curlopt_proxy);
}
@ -190,34 +194,35 @@ check_curl_configure_curl(const check_curl_static_curl_config config,
/* set no_proxy */
/* first source to check is environment variables */
char *no_proxy_env, *no_proxy_uppercase_env;
no_proxy_env = getenv("no_proxy");
no_proxy_uppercase_env = getenv("NO_PROXY");
if (no_proxy_env != NULL && strlen(no_proxy_env)){
char *no_proxy_env = getenv("no_proxy");
char *no_proxy_uppercase_env = getenv("NO_PROXY");
if (no_proxy_env != NULL && strlen(no_proxy_env)) {
working_state.curlopt_noproxy = strdup(no_proxy_env);
if (no_proxy_uppercase_env != NULL && verbose >= 1){
if (no_proxy_uppercase_env != NULL && verbose >= 1) {
printf("* cURL ignoring environment variable 'NO_PROXY' as 'no_proxy' is set\n");
}
}else if (no_proxy_uppercase_env != NULL && strlen(no_proxy_uppercase_env) > 0){
} else if (no_proxy_uppercase_env != NULL && strlen(no_proxy_uppercase_env) > 0) {
working_state.curlopt_noproxy = strdup(no_proxy_uppercase_env);
}
/* second source to check for no_proxy is command line argument, overwriting the environment variables */
/* second source to check for no_proxy is command line argument, overwriting the environment
* variables */
if (strlen(config.no_proxy) > 0) {
working_state.curlopt_noproxy = strdup(config.no_proxy);
}
if ( working_state.curlopt_noproxy != NULL && strlen(working_state.curlopt_noproxy)){
handle_curl_option_return_code(
curl_easy_setopt(result.curl_state.curl, CURLOPT_NOPROXY, working_state.curlopt_noproxy), "CURLOPT_NOPROXY");
if (working_state.curlopt_noproxy != NULL && strlen(working_state.curlopt_noproxy)) {
handle_curl_option_return_code(curl_easy_setopt(result.curl_state.curl, CURLOPT_NOPROXY,
working_state.curlopt_noproxy),
"CURLOPT_NOPROXY");
if (verbose >= 1) {
printf("* curl CURLOPT_NOPROXY: %s\n", working_state.curlopt_noproxy);
}
}
int proxy_resolves_hostname = determine_hostname_resolver(working_state, config);
bool have_local_resolution = hostname_gets_resolved_locally(working_state);
if (verbose >= 1) {
printf("* proxy_resolves_hostname: %d\n", proxy_resolves_hostname);
printf("* have local name resolution: %s\n", (have_local_resolution ? "true": "false"));
}
/* enable haproxy protocol */
@ -231,7 +236,7 @@ check_curl_configure_curl(const check_curl_static_curl_config config,
/* host_name, only required for ssl, because we use the host_name later on to make SNI happy */
char dnscache[DEFAULT_BUFFER_SIZE];
char addrstr[DEFAULT_BUFFER_SIZE / 2];
if (working_state.use_ssl && working_state.host_name != NULL && !proxy_resolves_hostname ) {
if (working_state.use_ssl && working_state.host_name != NULL && !have_local_resolution) {
char *tmp_mod_address;
/* lookup_host() requires an IPv6 address without the brackets. */
@ -434,11 +439,11 @@ check_curl_configure_curl(const check_curl_static_curl_config config,
case CURLHELP_SSL_LIBRARY_LIBRESSL:
/* set callback to extract certificate with OpenSSL context function (works with
* OpenSSL-style libraries only!) */
# ifdef USE_OPENSSL
# ifdef MOPL_USE_OPENSSL
/* libcurl and monitoring plugins built with OpenSSL, good */
add_sslctx_verify_fun = true;
is_openssl_callback = true;
# endif /* USE_OPENSSL */
# endif /* MOPL_USE_OPENSSL */
/* libcurl is built with OpenSSL, monitoring plugins, so falling
* back to manually extracting certificate information */
handle_curl_option_return_code(
@ -682,7 +687,7 @@ char *get_header_value(const struct phr_header *headers, const size_t nof_header
return NULL;
}
check_curl_working_state check_curl_working_state_init() {
check_curl_working_state check_curl_working_state_init(void) {
check_curl_working_state result = {
.server_address = NULL,
.server_url = DEFAULT_SERVER_URL,
@ -699,7 +704,7 @@ check_curl_working_state check_curl_working_state_init() {
return result;
}
check_curl_config check_curl_config_init() {
check_curl_config check_curl_config_init(void) {
check_curl_config tmp = {
.initial_config = check_curl_working_state_init(),
@ -1307,16 +1312,16 @@ mp_subcheck check_curl_certificate_checks(CURL *curl, X509 *cert, int warn_days_
#ifdef LIBCURL_FEATURE_SSL
if (is_openssl_callback) {
# ifdef USE_OPENSSL
# ifdef MOPL_USE_OPENSSL
/* check certificate with OpenSSL functions, curl has been built against OpenSSL
* and we actually have OpenSSL in the monitoring tools
*/
return mp_net_ssl_check_certificate(cert, warn_days_till_exp, crit_days_till_exp);
# else /* USE_OPENSSL */
# else /* MOPL_USE_OPENSSL */
xasprintf(&result.output, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL "
"callback used and not linked against OpenSSL\n");
mp_set_subcheck_state(result, STATE_CRITICAL);
# endif /* USE_OPENSSL */
# endif /* MOPL_USE_OPENSSL */
} else {
struct curl_slist *slist;
@ -1324,7 +1329,7 @@ mp_subcheck check_curl_certificate_checks(CURL *curl, X509 *cert, int warn_days_
cert_ptr.to_info = NULL;
CURLcode res = curl_easy_getinfo(curl, CURLINFO_CERTINFO, &cert_ptr.to_certinfo);
if (!res && cert_ptr.to_info) {
# ifdef USE_OPENSSL
# ifdef MOPL_USE_OPENSSL
/* We have no OpenSSL in libcurl, but we can use OpenSSL for X509 cert
* parsing We only check the first certificate and assume it's the one of
* the server
@ -1370,13 +1375,13 @@ mp_subcheck check_curl_certificate_checks(CURL *curl, X509 *cert, int warn_days_
BIO_free(cert_BIO);
return mp_net_ssl_check_certificate(cert, warn_days_till_exp, crit_days_till_exp);
# else /* USE_OPENSSL */
# else /* MOPL_USE_OPENSSL */
/* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our
* disposal, so we use the libcurl CURLINFO data
*/
return net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn,
days_till_exp_crit);
# endif /* USE_OPENSSL */
# endif /* MOPL_USE_OPENSSL */
} else {
xasprintf(&sc_cert_result.output,
_("Cannot retrieve certificates - cURL returned %d - %s"), res,
@ -1404,10 +1409,10 @@ char *fmt_url(check_curl_working_state workingState) {
return url;
}
int determine_hostname_resolver(const check_curl_working_state working_state, const check_curl_static_curl_config config){
bool hostname_gets_resolved_locally(const check_curl_working_state working_state) {
char *host_name_display = "NULL";
unsigned long host_name_len = 0;
if( working_state.host_name){
if (working_state.host_name) {
host_name_len = strlen(working_state.host_name);
host_name_display = working_state.host_name;
}
@ -1415,8 +1420,11 @@ int determine_hostname_resolver(const check_curl_working_state working_state, co
/* IPv4 or IPv6 version of the address */
char *server_address_clean = strdup(working_state.server_address);
/* server address might be a full length ipv6 address encapsulated in square brackets */
if ((strnlen(working_state.server_address, MAX_IPV4_HOSTLENGTH) > 2) && (working_state.server_address[0] == '[') && (working_state.server_address[strlen(working_state.server_address)-1] == ']') ) {
server_address_clean = strndup( working_state.server_address + 1, strlen(working_state.server_address) - 2);
if ((strnlen(working_state.server_address, MAX_IPV4_HOSTLENGTH) > 2) &&
(working_state.server_address[0] == '[') &&
(working_state.server_address[strlen(working_state.server_address) - 1] == ']')) {
server_address_clean =
strndup(working_state.server_address + 1, strlen(working_state.server_address) - 2);
}
/* check curlopt_noproxy option first */
@ -1427,79 +1435,90 @@ int determine_hostname_resolver(const check_curl_working_state working_state, co
IPv4 or IPv6 CIDR regions e.g 10.241.0.0/16 , abcd:ef01:2345::/48 ,
direct hostnames e.g example.com, google.de */
if (working_state.curlopt_noproxy != NULL){
char* curlopt_noproxy_copy = strdup( working_state.curlopt_noproxy);
char* noproxy_item = strtok(curlopt_noproxy_copy, ",");
while(noproxy_item != NULL){
if (working_state.curlopt_noproxy != NULL) {
char *curlopt_noproxy_copy = strdup(working_state.curlopt_noproxy);
char *noproxy_item = strtok(curlopt_noproxy_copy, ",");
while (noproxy_item != NULL) {
unsigned long noproxy_item_len = strlen(noproxy_item);
/* According to the CURLOPT_NOPROXY documentation: */
/* https://curl.se/libcurl/c/CURLOPT_NOPROXY.html */
/* The only wildcard available is a single * character, which matches all hosts, and effectively disables the proxy. */
if ( strlen(noproxy_item) == 1 && noproxy_item[0] == '*'){
if (verbose >= 1){
printf("* noproxy includes '*' which disables proxy for all host name incl. : %s / server address incl. : %s\n", host_name_display , server_address_clean);
/* The only wildcard available is a single * character, which matches all hosts, and
* effectively disables the proxy. */
if (strlen(noproxy_item) == 1 && noproxy_item[0] == '*') {
if (verbose >= 1) {
printf("* noproxy includes '*' which disables proxy for all host name incl. : "
"%s / server address incl. : %s\n",
host_name_display, server_address_clean);
}
free(curlopt_noproxy_copy);
free(server_address_clean);
return 0;
return true;
}
/* direct comparison with the server_address */
if( server_address_clean != NULL && strlen(server_address_clean) == strlen(noproxy_item) && strcmp(server_address_clean, noproxy_item) == 0){
if (verbose >= 1){
if (server_address_clean != NULL &&
strlen(server_address_clean) == strlen(noproxy_item) &&
strcmp(server_address_clean, noproxy_item) == 0) {
if (verbose >= 1) {
printf("* server_address is in the no_proxy list: %s\n", noproxy_item);
}
free(curlopt_noproxy_copy);
free(server_address_clean);
return 0;
return true;
}
/* direct comparison with the host_name */
if( working_state.host_name != NULL && host_name_len == noproxy_item_len && strcmp(working_state.host_name, noproxy_item) == 0){
if (verbose >= 1){
if (working_state.host_name != NULL && host_name_len == noproxy_item_len &&
strcmp(working_state.host_name, noproxy_item) == 0) {
if (verbose >= 1) {
printf("* host_name is in the no_proxy list: %s\n", noproxy_item);
}
free(curlopt_noproxy_copy);
free(server_address_clean);
return 0;
return true;
}
/* check if hostname is a subdomain of the item, e.g www.example.com when token is example.com */
/* subdomain1.acme.com will not will use a proxy if you only specify 'acme' in the noproxy */
/* check if hostname is a subdomain of the item, e.g www.example.com when token is
* example.com */
/* subdomain1.acme.com will not will use a proxy if you only specify 'acme' in the
* noproxy */
/* check if noproxy_item is a suffix */
/* check if the character just before the suffix is '.' */
if( working_state.host_name != NULL && host_name_len > noproxy_item_len){
if (working_state.host_name != NULL && host_name_len > noproxy_item_len) {
unsigned long suffix_start_idx = host_name_len - noproxy_item_len;
if (strcmp(working_state.host_name + suffix_start_idx, noproxy_item ) == 0 && working_state.host_name[suffix_start_idx-1] == '.' ){
if (verbose >= 1){
printf("* host_name: %s is a subdomain of the no_proxy list item: %s\n", working_state.host_name , noproxy_item);
if (strcmp(working_state.host_name + suffix_start_idx, noproxy_item) == 0 &&
working_state.host_name[suffix_start_idx - 1] == '.') {
if (verbose >= 1) {
printf("* host_name: %s is a subdomain of the no_proxy list item: %s\n",
working_state.host_name, noproxy_item);
}
free(curlopt_noproxy_copy);
free(server_address_clean);
return 0;
return true;
}
}
// noproxy_item could be a CIDR IP range
if( server_address_clean != NULL && strlen(server_address_clean)){
if (server_address_clean != NULL && strlen(server_address_clean)) {
ip_addr_inside ip_addr_inside_cidr_ret =
ip_addr_inside_cidr(noproxy_item, server_address_clean);
int ip_addr_inside_cidr_ret = ip_addr_inside_cidr(noproxy_item, server_address_clean);
switch(ip_addr_inside_cidr_ret){
case 1:
return 0;
break;
case 0:
if(verbose >= 1){
printf("server address: %s is not inside IP cidr: %s\n", server_address_clean, noproxy_item);
if (ip_addr_inside_cidr_ret.error == NO_ERROR) {
if (ip_addr_inside_cidr_ret.inside) {
return true;
} else {
if (verbose >= 1) {
printf("server address: %s is not inside IP cidr: %s\n",
server_address_clean, noproxy_item);
}
}
break;
case -1:
if(verbose >= 1){
printf("could not fully determine if server address: %s is inside the IP cidr: %s\n", server_address_clean, noproxy_item);
} else {
if (verbose >= 1) {
printf("could not fully determine if server address: %s is inside the IP "
"cidr: %s\n",
server_address_clean, noproxy_item);
}
break;
}
}
@ -1509,82 +1528,97 @@ int determine_hostname_resolver(const check_curl_working_state working_state, co
free(curlopt_noproxy_copy);
}
if (working_state.curlopt_proxy != NULL){
if (working_state.curlopt_proxy != NULL) {
// Libcurl documentation
// Setting the proxy string to "" (an empty string) explicitly disables the use of a proxy, even if there is an environment variable set for it.
if ( strlen(working_state.curlopt_proxy) == 0){
return 0;
// Setting the proxy string to "" (an empty string) explicitly disables the use of a proxy,
// even if there is an environment variable set for it.
if (strlen(working_state.curlopt_proxy) == 0) {
return true;
}
if ( strncmp( working_state.curlopt_proxy, "http://", 7) == 0){
if (verbose >= 1){
printf("* proxy scheme is http, proxy: %s resolves host: %s or server_address: %s\n", working_state.curlopt_proxy, host_name_display, server_address_clean);
if (strncmp(working_state.curlopt_proxy, "http://", 7) == 0) {
if (verbose >= 1) {
printf(
"* proxy scheme is http, proxy: %s resolves host: %s or server_address: %s\n",
working_state.curlopt_proxy, host_name_display, server_address_clean);
}
free(server_address_clean);
return 1;
return false;
}
if ( strncmp( working_state.curlopt_proxy, "https://", 8) == 0){
if (verbose >= 1){
printf("* proxy scheme is https, proxy: %s resolves host: %s or server_address: %s\n", working_state.curlopt_proxy, host_name_display, server_address_clean);
if (strncmp(working_state.curlopt_proxy, "https://", 8) == 0) {
if (verbose >= 1) {
printf(
"* proxy scheme is https, proxy: %s resolves host: %s or server_address: %s\n",
working_state.curlopt_proxy, host_name_display, server_address_clean);
}
free(server_address_clean);
return 1;
return false;
}
if ( strncmp( working_state.curlopt_proxy, "socks4://", 9) == 0){
if (verbose >= 1){
printf("* proxy scheme is socks, proxy: %s does not resolve host: %s or server_address: %s\n", working_state.curlopt_proxy, host_name_display, server_address_clean);
if (strncmp(working_state.curlopt_proxy, "socks4://", 9) == 0) {
if (verbose >= 1) {
printf("* proxy scheme is socks, proxy: %s does not resolve host: %s or "
"server_address: %s\n",
working_state.curlopt_proxy, host_name_display, server_address_clean);
}
free(server_address_clean);
return 0;
return true;
}
if ( strncmp( working_state.curlopt_proxy, "socks4a://", 10) == 0){
if (verbose >= 1){
printf("* proxy scheme is socks4a, proxy: %s resolves host: %s or server_address: %s\n", working_state.curlopt_proxy, host_name_display, server_address_clean);
if (strncmp(working_state.curlopt_proxy, "socks4a://", 10) == 0) {
if (verbose >= 1) {
printf("* proxy scheme is socks4a, proxy: %s resolves host: %s or server_address: "
"%s\n",
working_state.curlopt_proxy, host_name_display, server_address_clean);
}
free(server_address_clean);
return 1;
return false;
}
if ( strncmp( working_state.curlopt_proxy, "socks5://", 9) == 0){
if (verbose >= 1){
printf("* proxy scheme is socks5, proxy: %s does not resolve host: %s or server_address: %s\n", working_state.curlopt_proxy, host_name_display, server_address_clean);
if (strncmp(working_state.curlopt_proxy, "socks5://", 9) == 0) {
if (verbose >= 1) {
printf("* proxy scheme is socks5, proxy: %s does not resolve host: %s or "
"server_address: %s\n",
working_state.curlopt_proxy, host_name_display, server_address_clean);
}
free(server_address_clean);
return 0;
return true;
}
if ( strncmp( working_state.curlopt_proxy, "socks5h://", 10) == 0){
if (verbose >= 1){
printf("* proxy scheme is socks5h, proxy: %s resolves host: %s or server_address: %s\n", working_state.curlopt_proxy, host_name_display, server_address_clean);
if (strncmp(working_state.curlopt_proxy, "socks5h://", 10) == 0) {
if (verbose >= 1) {
printf("* proxy scheme is socks5h, proxy: %s resolves host: %s or server_address: "
"%s\n",
working_state.curlopt_proxy, host_name_display, server_address_clean);
}
free(server_address_clean);
return 1;
return false;
}
// Libcurl documentation:
// Without a scheme prefix, CURLOPT_PROXYTYPE can be used to specify which kind of proxy the string identifies.
// We do not set this value
// Without a scheme, it is treated as an http proxy
// Without a scheme prefix, CURLOPT_PROXYTYPE can be used to specify which kind of proxy the
// string identifies. We do not set this value Without a scheme, it is treated as an http
// proxy
return 1;
return false;
}
if (verbose >= 1){
printf("* proxy scheme is unknown/unavailable, no proxy is assumed for host: %s or server_address: %s\n", host_name_display, server_address_clean);
if (verbose >= 1) {
printf("* proxy scheme is unknown/unavailable, no proxy is assumed for host: %s or "
"server_address: %s\n",
host_name_display, server_address_clean);
}
free(server_address_clean);
return 0;
}
int ip_addr_inside_cidr(const char* cidr_region_or_ip_addr, const char* target_ip){
ip_addr_inside ip_addr_inside_cidr(const char *cidr_region_or_ip_addr, const char *target_ip) {
unsigned int slash_count = 0;
unsigned int last_slash_idx = 0;
for(size_t i = 0; i < strlen(cidr_region_or_ip_addr); i++){
if(cidr_region_or_ip_addr[i] == '/'){
for (size_t i = 0; i < strlen(cidr_region_or_ip_addr); i++) {
if (cidr_region_or_ip_addr[i] == '/') {
slash_count++;
last_slash_idx = (unsigned int)i;
}
@ -1592,48 +1626,67 @@ int ip_addr_inside_cidr(const char* cidr_region_or_ip_addr, const char* target_i
char *cidr_ip_part = NULL;
int prefix_length = 0;
ip_addr_inside result = {
.inside = false,
.error = NO_ERROR,
};
if (slash_count == 0) {
cidr_ip_part = strdup(cidr_region_or_ip_addr);
if (!cidr_ip_part) return -1;
if (!cidr_ip_part) {
result.error = FAILED_STRDUP;
return result;
}
} else if (slash_count == 1) {
cidr_ip_part = strndup(cidr_region_or_ip_addr, last_slash_idx);
if (!cidr_ip_part) return -1;
if (!cidr_ip_part) {
result.error = FAILED_STRDUP;
return result;
}
errno = 0;
long long tmp = strtoll(cidr_region_or_ip_addr + last_slash_idx + 1, NULL, 10);
if (errno == ERANGE) {
if (verbose >= 1) {
printf("cidr_region_or_ip: %s , could not parse subnet length\n", cidr_region_or_ip_addr);
printf("cidr_region_or_ip: %s , could not parse subnet length\n",
cidr_region_or_ip_addr);
}
free(cidr_ip_part);
return -1;
result.error = COULD_NOT_PARSE_SUBNET_LENGTH;
return result;
}
prefix_length = (int)tmp;
} else {
printf("cidr_region_or_ip: %s , has %d number of '/' characters, is not a valid cidr_region or IP\n", cidr_region_or_ip_addr, slash_count);
return -1;
if (verbose >= 1) {
printf("cidr_region_or_ip: %s , has %d number of '/' characters, is not a valid "
"cidr_region or IP\n",
cidr_region_or_ip_addr, slash_count);
}
result.error = CIDR_REGION_INVALID;
return result;
}
int cidr_addr_family, target_addr_family;
if (strchr(cidr_ip_part, ':')){
if (strchr(cidr_ip_part, ':')) {
cidr_addr_family = AF_INET6;
} else {
cidr_addr_family = AF_INET;
}
if (strchr(target_ip, ':')){
if (strchr(target_ip, ':')) {
target_addr_family = AF_INET6;
} else {
target_addr_family = AF_INET;
}
if (cidr_addr_family != target_addr_family){
if (verbose >= 1){
printf("cidr address: %s and target ip address: %s have different address families\n", cidr_ip_part, target_ip);
if (cidr_addr_family != target_addr_family) {
if (verbose >= 1) {
printf("cidr address: %s and target ip address: %s have different address families\n",
cidr_ip_part, target_ip);
}
free(cidr_ip_part);
return 0;
result.inside = false;
return result;
}
// If no prefix is given, treat the cidr as a single address (full-length prefix)
@ -1644,14 +1697,17 @@ int ip_addr_inside_cidr(const char* cidr_region_or_ip_addr, const char* target_i
int max_bits = (cidr_addr_family == AF_INET) ? 32u : 128u;
if (prefix_length < 0 || prefix_length > max_bits) {
if (verbose >= 1) {
printf("cidr_region_or_ip: %s has invalid prefix length: %u\n", cidr_region_or_ip_addr, prefix_length);
printf("cidr_region_or_ip: %s has invalid prefix length: %u\n", cidr_region_or_ip_addr,
prefix_length);
}
free(cidr_ip_part);
return -1;
result.error = CIDR_REGION_INVALID_PREFIX;
return result;
}
if (verbose >= 1){
printf("cidr_region_or_ip: %s , has prefix length: %u\n", cidr_region_or_ip_addr, prefix_length);
if (verbose >= 1) {
printf("cidr_region_or_ip: %s , has prefix length: %u\n", cidr_region_or_ip_addr,
prefix_length);
}
int inet_pton_rc;
@ -1659,7 +1715,6 @@ int ip_addr_inside_cidr(const char* cidr_region_or_ip_addr, const char* target_i
uint8_t *target_bytes = NULL;
uint8_t cidr_buf[16];
uint8_t target_buf[16];
size_t total_bytes = 0;
if (cidr_addr_family == AF_INET) {
struct in_addr cidr_ipv4;
@ -1667,49 +1722,55 @@ int ip_addr_inside_cidr(const char* cidr_region_or_ip_addr, const char* target_i
inet_pton_rc = inet_pton(AF_INET, cidr_ip_part, &cidr_ipv4);
if (inet_pton_rc != 1) {
if (verbose >= 1) {
printf("ip string: %s contains characters not valid for its address family: IPv4\n", cidr_ip_part);
printf("ip string: %s contains characters not valid for its address family: IPv4\n",
cidr_ip_part);
}
free(cidr_ip_part);
return -1;
result.error = IP_CONTAINS_INVALID_CHARACTERS;
return result;
}
inet_pton_rc = inet_pton(AF_INET, target_ip, &target_ipv4);
if (inet_pton_rc != 1) {
if (verbose >= 1) {
printf("ip string: %s contains characters not valid for its address family: IPv4\n", target_ip);
printf("ip string: %s contains characters not valid for its address family: IPv4\n",
target_ip);
}
free(cidr_ip_part);
return -1;
result.error = IP_CONTAINS_INVALID_CHARACTERS;
return result;
}
// copy the addresses in network byte order to a buffer for comparison
memcpy(cidr_buf, &cidr_ipv4.s_addr, 4);
memcpy(target_buf, &target_ipv4.s_addr, 4);
cidr_bytes = cidr_buf;
target_bytes = target_buf;
total_bytes = 4;
} else {
struct in6_addr cidr_ipv6;
struct in6_addr target_ipv6;
inet_pton_rc = inet_pton(AF_INET6, cidr_ip_part, &cidr_ipv6);
if (inet_pton_rc != 1) {
if (verbose >= 1) {
printf("ip string: %s contains characters not valid for its address family: IPv6\n", cidr_ip_part);
printf("ip string: %s contains characters not valid for its address family: IPv6\n",
cidr_ip_part);
}
free(cidr_ip_part);
return -1;
result.error = IP_CONTAINS_INVALID_CHARACTERS;
return result;
}
inet_pton_rc = inet_pton(AF_INET6, target_ip, &target_ipv6);
if (inet_pton_rc != 1) {
if (verbose >= 1) {
printf("ip string: %s contains characters not valid for its address family: IPv6\n", target_ip);
printf("ip string: %s contains characters not valid for its address family: IPv6\n",
target_ip);
}
free(cidr_ip_part);
return -1;
result.error = IP_CONTAINS_INVALID_CHARACTERS;
return result;
}
memcpy(cidr_buf, &cidr_ipv6, 16);
memcpy(target_buf, &target_ipv6, 16);
cidr_bytes = cidr_buf;
target_bytes = target_buf;
total_bytes = 16;
}
int prefix_bytes = prefix_length / 8;
@ -1718,10 +1779,13 @@ int ip_addr_inside_cidr(const char* cidr_region_or_ip_addr, const char* target_i
if (prefix_bytes > 0) {
if (memcmp(cidr_bytes, target_bytes, (size_t)prefix_bytes) != 0) {
if (verbose >= 1) {
printf("the first %d bytes of the cidr_region_or_ip: %s and target_ip: %s are different\n", prefix_bytes, cidr_ip_part, target_ip);
printf("the first %d bytes of the cidr_region_or_ip: %s and target_ip: %s are "
"different\n",
prefix_bytes, cidr_ip_part, target_ip);
}
free(cidr_ip_part);
return 0;
result.inside = false;
return result;
}
}
@ -1732,13 +1796,19 @@ int ip_addr_inside_cidr(const char* cidr_region_or_ip_addr, const char* target_i
uint8_t mask = (uint8_t)(0xFFu << (8 - prefix_bits));
if ((cidr_oct & mask) != (target_oct & mask)) {
if (verbose >= 1) {
printf("looking at the last %d bits of the prefix, cidr_region_or_ip(%s) byte is: %u and target_ip byte(%s) is: %u, applying bitmask: %02X returns different results\n", prefix_bits, cidr_ip_part, (unsigned)cidr_oct, target_ip, (unsigned)target_oct, mask);
printf("looking at the last %d bits of the prefix, cidr_region_or_ip(%s) byte is: "
"%u and target_ip byte(%s) is: %u, applying bitmask: %02X returns different "
"results\n",
prefix_bits, cidr_ip_part, (unsigned)cidr_oct, target_ip,
(unsigned)target_oct, mask);
}
free(cidr_ip_part);
return 0;
result.inside = false;
return result;
}
}
free(cidr_ip_part);
return 1;
result.inside = true;
return result;
}

28
plugins/check_curl.d/check_curl_helpers.h
View file

@ -127,11 +127,25 @@ mp_subcheck check_curl_certificate_checks(CURL *curl, X509 *cert, int warn_days_
int crit_days_till_exp);
char *fmt_url(check_curl_working_state workingState);
/* determine_hostname_resolver determines if the host or the proxy resolves the target hostname
returns RESOLVE_LOCALLY if requester resolves the hostname locally, RESOLVE_REMOTELY if proxy
resolves the hostname */
bool hostname_gets_resolved_locally(const check_curl_working_state working_state);
/* function that will determine if the host or the proxy resolves the target hostname
returns 0 if requester resolves the hostname locally, 1 if proxy resolves the hostname */
int determine_hostname_resolver(const check_curl_working_state working_state, const check_curl_static_curl_config config);
/* Checks if an IP is inside given CIDR region. Using /protocol_size or not specifying the prefix length performs an equality check. Supports both IPv4 and IPv6
returns 1 if the target_ip address is inside the given cidr_region_or_ip_addr, 0 if its out. return codes < 0 mean an error has occurred. */
int ip_addr_inside_cidr(const char* cidr_region_or_ip_addr, const char* target_ip);
/* Checks if an IP is inside given CIDR region. Using /protocol_size or not specifying the prefix
length performs an equality check. Supports both IPv4 and IPv6 returns 1 if the target_ip address is
inside the given cidr_region_or_ip_addr, 0 if its out. return codes < 0 mean an error has occurred.
*/
typedef enum {
NO_ERROR,
FAILED_STRDUP,
COULD_NOT_PARSE_SUBNET_LENGTH,
CIDR_REGION_INVALID,
CIDR_REGION_INVALID_PREFIX,
IP_CONTAINS_INVALID_CHARACTERS,
} ip_addr_inside_error_code;
typedef struct {
bool inside;
ip_addr_inside_error_code error;
} ip_addr_inside;
ip_addr_inside ip_addr_inside_cidr(const char *cidr_region_or_ip_addr, const char *target_ip);

2
plugins/check_dig.c
View file

@ -284,7 +284,7 @@ check_dig_config_wrapper process_arguments(int argc, char **argv) {
int option_index =
getopt_long(argc, argv, "hVvt:l:H:w:c:T:p:a:A:E:X:46", longopts, &option);
if (option_index == -1 || option_index == EOF) {
if (CHECK_EOF(option_index)) {
break;
}

2
plugins/check_disk.c
View file

@ -448,7 +448,7 @@ check_disk_config_wrapper process_arguments(int argc, char **argv) {
int option_index = getopt_long(
argc, argv, "+?VqhvefCt:c:w:K:W:u:p:x:X:N:mklLPg:R:r:i:I:MEAn", longopts, &option);
if (option_index == -1 || option_index == EOF) {
if (CHECK_EOF(option_index)) {
break;
}

2
plugins/check_fping.c
View file

@ -361,7 +361,7 @@ check_fping_config_wrapper process_arguments(int argc, char **argv) {
int option_index =
getopt_long(argc, argv, "+hVvaH:S:c:w:b:n:T:i:I:M:R:46", longopts, &option);
if (option_index == -1 || option_index == EOF || option_index == 1) {
if (CHECK_EOF(option_index) || option_index == 1) {
break;
}

2
plugins/check_game.c
View file

@ -186,7 +186,7 @@ check_game_config_wrapper process_arguments(int argc, char **argv) {
while (true) {
int option_index = getopt_long(argc, argv, "hVvt:H:P:G:g:p:m:", long_opts, &opt_index);
if (option_index == -1 || option_index == EOF) {
if (CHECK_EOF(option_index)) {
break;
}

2
plugins/check_hpjd.c
View file

@ -299,7 +299,7 @@ check_hpjd_config_wrapper process_arguments(int argc, char **argv) {
while (true) {
int option_index = getopt_long(argc, argv, "+hVH:C:p:D", longopts, &option);
if (option_index == -1 || option_index == EOF || option_index == 1) {
if (CHECK_EOF(option_index) || option_index == 1) {
break;
}

2
plugins/check_ide_smart.c
View file

@ -169,7 +169,7 @@ static check_ide_smart_config_wrapper process_arguments(int argc, char **argv) {
int longindex = 0;
int option_index = getopt_long(argc, argv, "+d:iq10nhVv", longopts, &longindex);
if (option_index == -1 || option_index == EOF || option_index == 1) {
if (CHECK_EOF(option_index) || option_index == 1) {
break;
}

2
plugins/check_ldap.c
View file

@ -362,7 +362,7 @@ check_ldap_config_wrapper process_arguments(int argc, char **argv) {
int option_index =
getopt_long(argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:W:", longopts, &option);
if (option_index == -1 || option_index == EOF) {
if (CHECK_EOF(option_index)) {
break;
}

2
plugins/check_load.c
View file

@ -295,7 +295,7 @@ static check_load_config_wrapper process_arguments(int argc, char **argv) {
int option = 0;
int option_index = getopt_long(argc, argv, "Vhrc:w:n:", longopts, &option);
if (option_index == -1 || option_index == EOF) {
if (CHECK_EOF(option_index)) {
break;
}

2
plugins/check_mysql.c
View file

@ -504,7 +504,7 @@ check_mysql_config_wrapper process_arguments(int argc, char **argv) {
int option_index =
getopt_long(argc, argv, "hlvVnSP:p:u:d:H:s:c:w:a:k:C:D:L:f:g:", longopts, &option);
if (option_index == -1 || option_index == EOF) {
if (CHECK_EOF(option_index)) {
break;
}

2
plugins/check_nagios.c
View file

@ -227,7 +227,7 @@ check_nagios_config_wrapper process_arguments(int argc, char **argv) {
while (true) {
int option_index = getopt_long(argc, argv, "+hVvF:C:e:t:", longopts, &option);
if (option_index == -1 || option_index == EOF || option_index == 1) {
if (CHECK_EOF(option_index) || option_index == 1) {
break;
}

2
plugins/check_ping.c
View file

@ -221,7 +221,7 @@ check_ping_config_wrapper process_arguments(int argc, char **argv) {
while (true) {
int option_index = getopt_long(argc, argv, "VvhnL46t:c:w:H:p:", longopts, &option);
if (option_index == -1 || option_index == EOF) {
if (CHECK_EOF(option_index)) {
break;
}

2
plugins/check_procs.c
View file

@ -432,7 +432,7 @@ check_procs_config_wrapper process_arguments(int argc, char **argv) {
int option_index =
getopt_long(argc, argv, "Vvhkt:c:w:p:s:u:C:a:z:r:m:P:TX:", longopts, &option);
if (option_index == -1 || option_index == EOF) {
if (CHECK_EOF(option_index)) {
break;
}

2
plugins/check_radius.c
View file

@ -334,7 +334,7 @@ check_radius_config_wrapper process_arguments(int argc, char **argv) {
int option = 0;
int option_index = getopt_long(argc, argv, "+hVvH:P:F:u:p:n:N:t:r:e:", longopts, &option);
if (option_index == -1 || option_index == EOF || option_index == 1) {
if (CHECK_EOF(option_index) || option_index == 1) {
break;
}

6
plugins/check_smtp.c
View file

@ -350,7 +350,7 @@ int main(int argc, char **argv) {
}
}
# ifdef USE_OPENSSL
# ifdef MOPL_USE_OPENSSL
if (ssl_established) {
net_ssl_check_cert_result cert_check_result =
np_net_ssl_check_cert2(config.days_till_exp_warn, config.days_till_exp_crit);
@ -389,7 +389,7 @@ int main(int argc, char **argv) {
mp_add_subcheck_to_check(&overall, sc_cert_check);
}
# endif /* USE_OPENSSL */
# endif /* MOPL_USE_OPENSSL */
#endif
@ -764,7 +764,7 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) {
break;
case 'D': {
/* Check SSL cert validity */
#ifdef USE_OPENSSL
#ifdef MOPL_USE_OPENSSL
char *temp;
if ((temp = strchr(optarg, ',')) != NULL) {
*temp = '\0';

6
plugins/check_snmp.c
View file

@ -116,6 +116,7 @@ gen_state_string_type gen_state_string(check_snmp_state_entry *entries, size_t n
break;
case ASN_FLOAT:
printf("Type FLOAT\n");
break;
case ASN_DOUBLE:
printf("Type DOUBLE\n");
break;
@ -217,6 +218,7 @@ recover_state_data_type recover_state_data(char *state_string, idx_t state_strin
break;
case ASN_FLOAT:
printf("Type FLOAT\n");
break;
case ASN_DOUBLE:
printf("Type DOUBLE\n");
break;
@ -446,7 +448,7 @@ static process_arguments_wrapper process_arguments(int argc, char **argv) {
argc, argv,
"nhvVO46t:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:M:f:z:", longopts, &option);
if (option_char == -1 || option_char == EOF) {
if (CHECK_EOF(option_char)) {
break;
}
@ -516,7 +518,7 @@ static process_arguments_wrapper process_arguments(int argc, char **argv) {
argc, argv,
"nhvVO46t:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:M:f:z:", longopts, &option);
if (option_char == -1 || option_char == EOF) {
if (CHECK_EOF(option_char)) {
break;
}

6
plugins/check_tcp.c
View file

@ -562,7 +562,7 @@ static check_tcp_config_wrapper process_arguments(int argc, char **argv, check_t
int option_index =
getopt_long(argc, argv, "+hVv46EAH:s:e:q:m:c:w:t:p:C:W:d:Sr:jD:M:", longopts, &option);
if (option_index == -1 || option_index == EOF || option_index == 1) {
if (CHECK_EOF(option_index) || option_index == 1) {
break;
}
@ -683,7 +683,7 @@ static check_tcp_config_wrapper process_arguments(int argc, char **argv, check_t
break;
case 'D': /* Check SSL cert validity - days 'til certificate expiration */
#ifdef HAVE_SSL
# ifdef USE_OPENSSL /* XXX */
# ifdef MOPL_USE_OPENSSL /* XXX */
{
char *temp;
if ((temp = strchr(optarg, ',')) != NULL) {
@ -708,7 +708,7 @@ static check_tcp_config_wrapper process_arguments(int argc, char **argv, check_t
config.check_cert = true;
config.use_tls = true;
} break;
# endif /* USE_OPENSSL */
# endif /* MOPL_USE_OPENSSL */
#endif
/* fallthrough if we don't have ssl */
case 'S':

2
plugins/check_time.c
View file

@ -213,7 +213,7 @@ check_time_config_wrapper process_arguments(int argc, char **argv) {
int option = 0;
option_char = getopt_long(argc, argv, "hVH:w:c:W:C:p:t:u", longopts, &option);
if (option_char == -1 || option_char == EOF) {
if (CHECK_EOF(option_char)) {
break;
}

9
plugins/common.h
View file

@ -193,7 +193,7 @@ enum {
*/
#include "../gl/gettext.h"
#define _(String) gettext(String)
#if !ENABLE_NLS
#if !defined(ENABLE_NLS) || !ENABLE_NLS
# undef textdomain
# define textdomain(Domainname) /* empty */
# undef bindtextdomain
@ -205,4 +205,11 @@ enum {
# define __attribute__(x) /* do nothing */
#endif
/* for checking the result of getopt_long */
#if EOF == -1
#define CHECK_EOF(c) ((c) == EOF)
#else
#define CHECK_EOF(c) ((c) == -1 || (c) == EOF)
#endif
#endif /* _COMMON_H_ */

38
plugins/sslutils.c
View file

@ -127,7 +127,7 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
}
if (cert && privkey) {
# ifdef USE_OPENSSL
# ifdef MOPL_USE_OPENSSL
if (!SSL_CTX_use_certificate_chain_file(ctx, cert)) {
# elif USE_GNUTLS
if (!SSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_PEM)) {
@ -138,7 +138,7 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
return STATE_CRITICAL;
}
SSL_CTX_use_PrivateKey_file(ctx, privkey, SSL_FILETYPE_PEM);
# ifdef USE_OPENSSL
# ifdef MOPL_USE_OPENSSL
if (!SSL_CTX_check_private_key(ctx)) {
printf("%s\n", _("CRITICAL - Private key does not seem to match certificate!\n"));
return STATE_CRITICAL;
@ -161,9 +161,9 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
return OK;
} else {
printf("%s\n", _("CRITICAL - Cannot make SSL connection."));
# ifdef USE_OPENSSL /* XXX look into ERR_error_string */
# ifdef MOPL_USE_OPENSSL /* XXX look into ERR_error_string */
ERR_print_errors_fp(stdout);
# endif /* USE_OPENSSL */
# endif /* MOPL_USE_OPENSSL */
}
} else {
printf("%s\n", _("CRITICAL - Cannot initiate SSL handshake."));
@ -192,7 +192,7 @@ int np_net_ssl_read(void *buf, int num) { return SSL_read(s, buf, num); }
mp_state_enum np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn,
int days_till_exp_crit) {
# ifdef USE_OPENSSL
# ifdef MOPL_USE_OPENSSL
if (!certificate) {
printf("%s\n", _("CRITICAL - No server certificate present to inspect."));
return STATE_CRITICAL;
@ -306,14 +306,14 @@ mp_state_enum np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_
}
X509_free(certificate);
return status;
# else /* ifndef USE_OPENSSL */
# else /* ifndef MOPL_USE_OPENSSL */
printf("%s\n", _("WARNING - Plugin does not support checking certificates."));
return STATE_WARNING;
# endif /* USE_OPENSSL */
# endif /* MOPL_USE_OPENSSL */
}
retrieve_expiration_time_result np_net_ssl_get_cert_expiration(X509 *certificate) {
# ifdef USE_OPENSSL
# ifdef MOPL_USE_OPENSSL
retrieve_expiration_time_result result = {
.errors = ALL_OK,
.remaining_seconds = 0,
@ -404,14 +404,14 @@ retrieve_expiration_time_result np_net_ssl_get_cert_expiration(X509 *certificate
X509_free(certificate);
return result;
# else /* ifndef USE_OPENSSL */
# else /* ifndef MOPL_USE_OPENSSL */
printf("%s\n", _("WARNING - Plugin does not support checking certificates."));
return STATE_WARNING;
# endif /* USE_OPENSSL */
# endif /* MOPL_USE_OPENSSL */
}
net_ssl_check_cert_result np_net_ssl_check_cert2(int days_till_exp_warn, int days_till_exp_crit) {
# ifdef USE_OPENSSL
# ifdef MOPL_USE_OPENSSL
X509 *certificate = NULL;
certificate = SSL_get_peer_certificate(s);
@ -438,27 +438,27 @@ net_ssl_check_cert_result np_net_ssl_check_cert2(int days_till_exp_warn, int day
return result;
# else /* ifndef USE_OPENSSL */
# else /* ifndef MOPL_USE_OPENSSL */
printf("%s\n", _("WARNING - Plugin does not support checking certificates."));
return STATE_WARNING;
# endif /* USE_OPENSSL */
# endif /* MOPL_USE_OPENSSL */
}
mp_state_enum np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit) {
# ifdef USE_OPENSSL
# ifdef MOPL_USE_OPENSSL
X509 *certificate = NULL;
certificate = SSL_get_peer_certificate(s);
return (np_net_ssl_check_certificate(certificate, days_till_exp_warn, days_till_exp_crit));
# else /* ifndef USE_OPENSSL */
# else /* ifndef MOPL_USE_OPENSSL */
printf("%s\n", _("WARNING - Plugin does not support checking certificates."));
return STATE_WARNING;
# endif /* USE_OPENSSL */
# endif /* MOPL_USE_OPENSSL */
}
mp_subcheck mp_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn,
int days_till_exp_crit) {
mp_subcheck sc_cert = mp_subcheck_init();
# ifdef USE_OPENSSL
# ifdef MOPL_USE_OPENSSL
if (!certificate) {
xasprintf(&sc_cert.output, _("No server certificate present to inspect"));
sc_cert = mp_set_subcheck_state(sc_cert, STATE_CRITICAL);
@ -581,10 +581,10 @@ mp_subcheck mp_net_ssl_check_certificate(X509 *certificate, int days_till_exp_wa
}
X509_free(certificate);
return sc_cert;
# else /* ifndef USE_OPENSSL */
# else /* ifndef MOPL_USE_OPENSSL */
xasprintf(&sc_cert.output, _("Plugin does not support checking certificates"));
sc_cert = mp_set_subcheck_state(sc_cert, STATE_WARNING);
return sc_cert;
# endif /* USE_OPENSSL */
# endif /* MOPL_USE_OPENSSL */
}
#endif /* HAVE_SSL */

44
plugins/t/check_curl.t
View file

@ -238,100 +238,100 @@ SKIP: {
# Test if proxy works
$res = NPTest->testCmd( "./$plugin -H $host_tcp_http --proxy http://$host_tcp_proxy:$port_tcp_proxy -v" );
like($res->output, qr/^\* proxy_resolves_hostname: 1/m, "proxy is used, there are no preventative measures ");
like($res->output, qr/^\* have local name resolution: false/m, "proxy is used, there are no preventative measures ");
is( $res->return_code, 0, "Using proxy http://$host_tcp_proxy:$port_tcp_proxy to connect to $host_tcp_http works" );
$res = NPTest->testCmd( "./$plugin -I $host_tcp_http_ipv4 --proxy http://$host_tcp_proxy:$port_tcp_proxy -v" );
like($res->output, qr/^\* proxy_resolves_hostname: 1/m, "proxy is used, there are no preventative measures ");
like($res->output, qr/^\* have local name resolution: false/m, "proxy is used, there are no preventative measures ");
is( $res->return_code, 0, "Using proxy http://$host_tcp_proxy:$port_tcp_proxy to connect to $host_tcp_http_ipv4 works" );
$res = NPTest->testCmd( "./$plugin -I $host_tcp_http_ipv6 --proxy http://$host_tcp_proxy:$port_tcp_proxy -v" );
like($res->output, qr/^\* proxy_resolves_hostname: 1/m, "proxy is used, there are no preventative measures ");
like($res->output, qr/^\* have local name resolution: false/m, "proxy is used, there are no preventative measures ");
is( $res->return_code, 0, "Using proxy http://$host_tcp_proxy:$port_tcp_proxy to connect to $host_tcp_http_ipv6 works" );
$res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 --proxy http://$host_tcp_proxy:$port_tcp_proxy -v" );
like($res->output, qr/^\* proxy_resolves_hostname: 1/m, "proxy is used, there are no preventative measures ");
like($res->output, qr/^\* have local name resolution: false/m, "proxy is used, there are no preventative measures ");
is( $res->return_code, 0, "Using proxy http://$host_tcp_proxy:$port_tcp_proxy to connect to $host_tcp_http2 works" );
$res = NPTest->testCmd( "./$plugin -H $host_tcp_http_subdomain --proxy http://$host_tcp_proxy:$port_tcp_proxy -v" );
like($res->output, qr/^\* proxy_resolves_hostname: 1/m, "proxy is used, there are no preventative measures ");
like($res->output, qr/^\* have local name resolution: false/m, "proxy is used, there are no preventative measures ");
is( $res->return_code, 0, "Using proxy http://$host_tcp_proxy:$port_tcp_proxy to connect to $host_tcp_http_subdomain works" );
$res = NPTest->testCmd( "./$plugin -H $host_tls_http --proxy http://$host_tcp_proxy:$port_tcp_proxy -v" );
like($res->output, qr/^\* proxy_resolves_hostname: 1/m, "proxy is used, there are no preventative measures ");
like($res->output, qr/^\* have local name resolution: false/m, "proxy is used, there are no preventative measures ");
is( $res->return_code, 0, "Using proxy http://$host_tcp_proxy:$port_tcp_proxy to connect to $host_tls_http works" );
# Noproxy '*' should prevent using proxy in any setting, even if its specified
$res = NPTest->testCmd( "./$plugin -H $host_tcp_http_subdomain --proxy http://$host_tcp_proxy:$port_tcp_proxy --noproxy \"\*\" -v" );
like($res->output, qr/^\* proxy_resolves_hostname: 0/m, "proxy is not used since noproxy has \"\*\" ");
like($res->output, qr/^\* have local name resolution: true/m, "proxy is not used since noproxy has \"\*\" ");
is( $res->return_code, 0, "Should reach $host_tcp_http_subdomain with or without proxy." );
$res = NPTest->testCmd( "./$plugin -I $host_tcp_http_ipv4 --proxy http://$host_tcp_proxy:$port_tcp_proxy --noproxy \"\*\" -v" );
like($res->output, qr/^\* proxy_resolves_hostname: 0/m, "proxy is not used since noproxy has \"\*\" ");
like($res->output, qr/^\* have local name resolution: true/m, "proxy is not used since noproxy has \"\*\" ");
is( $res->return_code, 0, "Should reach $host_tcp_http_ipv4 with or without proxy." );
$res = NPTest->testCmd( "./$plugin -I $host_tcp_http_ipv6 --proxy http://$host_tcp_proxy:$port_tcp_proxy --noproxy \"\*\" -v" );
like($res->output, qr/^\* proxy_resolves_hostname: 0/m, "proxy is not used since noproxy has \"\*\" ");
like($res->output, qr/^\* have local name resolution: true/m, "proxy is not used since noproxy has \"\*\" ");
is( $res->return_code, 0, "Should reach $host_tcp_http_ipv6 with or without proxy." );
# Noproxy domain should prevent using proxy for subdomains of that domain
$res = NPTest->testCmd( "./$plugin -H $host_tcp_http_subdomain --proxy http://$host_tcp_proxy:$port_tcp_proxy --noproxy $host_tcp_http -v" );
like($res->output, qr/^\* proxy_resolves_hostname: 0/m, "proxy is not used since subdomain: $host_tcp_http_subdomain is under a noproxy domain: $host_tcp_http");
like($res->output, qr/^\* have local name resolution: true/m, "proxy is not used since subdomain: $host_tcp_http_subdomain is under a noproxy domain: $host_tcp_http");
is( $res->return_code, 0, "Should reach $host_tcp_http_subdomain with or without proxy." );
# Noproxy should prevent using IP matches if an IP is found directly
$res = NPTest->testCmd( "./$plugin -I $host_tcp_http_ipv4 --proxy http://$host_tcp_proxy:$port_tcp_proxy --noproxy $host_tcp_http_ipv4 -v" );
like($res->output, qr/^\* proxy_resolves_hostname: 0/m, "proxy is not used since IP address: $host_tcp_http_ipv4 is added into noproxy: $host_tcp_http_ipv4");
like($res->output, qr/^\* have local name resolution: true/m, "proxy is not used since IP address: $host_tcp_http_ipv4 is added into noproxy: $host_tcp_http_ipv4");
is( $res->return_code, 0, "Should reach $host_tcp_http_ipv4 with or without proxy." );
$res = NPTest->testCmd( "./$plugin -I $host_tcp_http_ipv6 --proxy http://$host_tcp_proxy:$port_tcp_proxy --noproxy $host_tcp_http_ipv6 -v" );
like($res->output, qr/^\* proxy_resolves_hostname: 0/m, "proxy is not used since IP address: $host_tcp_http_ipv6 is added into noproxy: $host_tcp_http_ipv6");
like($res->output, qr/^\* have local name resolution: true/m, "proxy is not used since IP address: $host_tcp_http_ipv6 is added into noproxy: $host_tcp_http_ipv6");
is( $res->return_code, 0, "Should reach $host_tcp_http_ipv6 with or without proxy." );
# Noproxy should prevent using IP matches if a CIDR region that contains that Ip is used directly.
$res = NPTest->testCmd( "./$plugin -I $host_tcp_http_ipv4 --proxy http://$host_tcp_proxy:$port_tcp_proxy --noproxy $host_tcp_http_ipv4_cidr_1 -v" );
like($res->output, qr/^\* proxy_resolves_hostname: 0/m, "proxy is not used since IP address: $host_tcp_http_ipv4 is inside CIDR range: $host_tcp_http_ipv4_cidr_1");
like($res->output, qr/^\* have local name resolution: true/m, "proxy is not used since IP address: $host_tcp_http_ipv4 is inside CIDR range: $host_tcp_http_ipv4_cidr_1");
is( $res->return_code, 0, "Should reach $host_tcp_http_ipv4 with or without proxy." );
$res = NPTest->testCmd( "./$plugin -I $host_tcp_http_ipv4 --proxy http://$host_tcp_proxy:$port_tcp_proxy --noproxy $host_tcp_http_ipv4_cidr_2 -v" );
like($res->output, qr/^\* proxy_resolves_hostname: 0/m, "proxy is not used since IP address: $host_tcp_http_ipv4 is inside CIDR range: $host_tcp_http_ipv4_cidr_2");
like($res->output, qr/^\* have local name resolution: true/m, "proxy is not used since IP address: $host_tcp_http_ipv4 is inside CIDR range: $host_tcp_http_ipv4_cidr_2");
is( $res->return_code, 0, "Should reach $host_tcp_http_ipv4 with or without proxy." );
$res = NPTest->testCmd( "./$plugin -I $host_tcp_http_ipv6 --proxy http://$host_tcp_proxy:$port_tcp_proxy --noproxy $host_tcp_http_ipv6_cidr_1 -v " );
like($res->output, qr/^\* proxy_resolves_hostname: 0/m, "proxy is not used since IP address: $host_tcp_http_ipv6 is inside CIDR range: $host_tcp_http_ipv6_cidr_1");
like($res->output, qr/^\* have local name resolution: true/m, "proxy is not used since IP address: $host_tcp_http_ipv6 is inside CIDR range: $host_tcp_http_ipv6_cidr_1");
is( $res->return_code, 0, "Should reach $host_tcp_http_ipv6 with or without proxy." );
$res = NPTest->testCmd( "./$plugin -I $host_tcp_http_ipv6 --proxy http://$host_tcp_proxy:$port_tcp_proxy --noproxy $host_tcp_http_ipv6_cidr_2 -v" );
like($res->output, qr/^\* proxy_resolves_hostname: 0/m, "proxy is not used since IP address: $host_tcp_http_ipv6 is inside CIDR range: $host_tcp_http_ipv6_cidr_2");
like($res->output, qr/^\* have local name resolution: true/m, "proxy is not used since IP address: $host_tcp_http_ipv6 is inside CIDR range: $host_tcp_http_ipv6_cidr_2");
is( $res->return_code, 0, "Should reach $host_tcp_http_ipv6 with or without proxy." );
# Noproxy should discern over different types of proxy schemes
$res = NPTest->testCmd( "./$plugin -H $host_tcp_http --proxy http://$host_tcp_proxy:$port_tcp_proxy -v" );
like($res->output, qr/^\* proxy_resolves_hostname: 1/m, "proxy is used for resolving hostname, and is using scheme http ");
like($res->output, qr/^\* have local name resolution: false/m, "proxy is used for resolving hostname, and is using scheme http ");
is( $res->return_code, 0, "Using proxy http:$host_tcp_proxy:$port_tcp_proxy to connect to $host_tcp_http works" );
$res = NPTest->testCmd( "./$plugin -H $host_tcp_http --proxy https://$host_tcp_proxy:$port_tcp_proxy -v" );
like($res->output, qr/^\* proxy_resolves_hostname: 1/m, "proxy is used for resolving hostname, and is using scheme https");
like($res->output, qr/^\* have local name resolution: false/m, "proxy is used for resolving hostname, and is using scheme https");
# Squid is not configured for https
# is( $res->return_code, 0, "Using proxy https:$host_tcp_proxy:$port_tcp_proxy to connect to $host_tcp_http works" );
$res = NPTest->testCmd( "./$plugin -H $host_tcp_http --proxy socks4://$host_tcp_proxy:$port_tcp_proxy -v" );
like($res->output, qr/^\* proxy_resolves_hostname: 0/m, "proxy is not used for resolving hostname, and is using scheme socks4");
like($res->output, qr/^\* have local name resolution: true/m, "proxy is not used for resolving hostname, and is using scheme socks4");
# Squid is not configured for socks4
# is( $res->return_code, 0, "Using proxy socks4:$host_tcp_proxy:$port_tcp_proxy to connect to $host_tcp_http works" );
$res = NPTest->testCmd( "./$plugin -H $host_tcp_http --proxy socks4a://$host_tcp_proxy:$port_tcp_proxy -v" );
like($res->output, qr/^\* proxy_resolves_hostname: 1/m, "proxy is used for resolving hostname, and is using scheme socks4a");
like($res->output, qr/^\* have local name resolution: false/m, "proxy is used for resolving hostname, and is using scheme socks4a");
# Squid is not configured for socks4a
# is( $res->return_code, 0, "Using proxy socks4a:$host_tcp_proxy:$port_tcp_proxy to connect to $host_tcp_http works" );
$res = NPTest->testCmd( "./$plugin -H $host_tcp_http --proxy socks5://$host_tcp_proxy:$port_tcp_proxy -v" );
like($res->output, qr/^\* proxy_resolves_hostname: 0/m, "proxy is not used for resolving hostname, and is using scheme socks5");
like($res->output, qr/^\* have local name resolution: true/m, "proxy is not used for resolving hostname, and is using scheme socks5");
# Squid is not configured for socks5
# is( $res->return_code, 0, "Using proxy socks5:$host_tcp_proxy:$port_tcp_proxy to connect to $host_tcp_http works" );
$res = NPTest->testCmd( "./$plugin -H $host_tcp_http --proxy socks5h://$host_tcp_proxy:$port_tcp_proxy -v" );
like($res->output, qr/^\* proxy_resolves_hostname: 1/m, "proxy is used for resolving hostname, and is using scheme socks5h");
like($res->output, qr/^\* have local name resolution: false/m, "proxy is used for resolving hostname, and is using scheme socks5h");
# Squid is not configured for socks5h
# is( $res->return_code, 0, "Using proxy socks5h:$host_tcp_proxy:$port_tcp_proxy to connect to $host_tcp_http works" );
}

4
plugins/tests/check_curl.t
View file

@ -833,12 +833,12 @@ sub run_common_tests {
$cmd = "$command -u /statuscode/200 --proxy http://proxy.example.com:8080 --noproxy '*' -v";
$result = NPTest->testCmd( $cmd );
is( $result->return_code, 0, $cmd);
like( $result->output, '/.*proxy_resolves_hostname: 0.*/', "Proxy will not be used due to '*' in noproxy: ".$result->output );
like( $result->output, '/.*have local name resolution: true.*/', "Proxy will not be used due to '*' in noproxy: ".$result->output );
$cmd = "$command -u /statuscode/200 --proxy http://proxy.example.com:8080 --noproxy '127.0.0.1' -v";
$result = NPTest->testCmd( $cmd );
is( $result->return_code, 0, $cmd);
like( $result->output, '/.*proxy_resolves_hostname: 0.*/', "Proxy will not be used due to '127.0.0.1' in noproxy: ".$result->output );
like( $result->output, '/.*have local name resolution: true.*/', "Proxy will not be used due to '127.0.0.1' in noproxy: ".$result->output );
}
}