Merge branch 'master' into fix/check-curl-append-query-string-on-redirect

configure.ac

@@ -205,32 +205,46 @@ fi
 dnl Check for PostgreSQL libraries
 _SAVEDLIBS="$LIBS"
 _SAVEDCPPFLAGS="$CPPFLAGS"
+case $host in
+	*openbsd*)
+		_CRYPTLIB="crypto"
+		;;
+	*)
+		_CRYPTLIB="crypt"
+esac
+
 AC_ARG_WITH(pgsql,
 	ACX_HELP_STRING([--with-pgsql=DIR],
 		[sets path to pgsql installation]),
 	PGSQL=$withval,)
 AC_CHECK_LIB(crypt,main)
-if test "$ac_cv_lib_crypt_main" = "yes" -a "x$PGSQL" != "xno"; then
+AC_CHECK_LIB(crypto,main)
+if test \( "$ac_cv_lib_crypt_main" = "yes" -o "$ac_cv_lib_crypto_main" = "yes" \) -a "x$PGSQL" != "xno"; then
   if test -n "$PGSQL"; then
     LDFLAGS="$LDFLAGS -L$PGSQL/lib"
     CPPFLAGS="$CPPFLAGS -I$PGSQL/include"
   fi
-  AC_CHECK_LIB(pq,PQsetdbLogin,,,-lcrypt)
+  AC_CHECK_LIB(pq,PQsetdbLogin,,,"-l$_CRYPTLIB")
   if test "$ac_cv_lib_pq_PQsetdbLogin" = "yes"; then
     AC_CHECK_HEADERS(pgsql/libpq-fe.h)
     AC_CHECK_HEADERS(postgresql/libpq-fe.h)
     AC_CHECK_HEADERS(libpq-fe.h)
     if [[ -n "$PGSQL" -a "$ac_cv_header_libpq_fe_h" = "yes" ]]; then
-      PGLIBS="-L$PGSQL/lib -lpq -lcrypt"
+      PGLIBS="-L$PGSQL/lib -lpq -l$_CRYPTLIB"
       PGINCLUDE="-I$PGSQL/include"
     elif test  "$ac_cv_header_pgsql_libpq_fe_h" = "yes"; then
-      PGLIBS="-lpq -lcrypt"
+      PGLIBS="-lpq -l$_CRYPTLIB"
       PGINCLUDE="-I/usr/include/pgsql"
     elif test  "$ac_cv_header_postgresql_libpq_fe_h" = "yes"; then
-      PGLIBS="-L$PGSQL/lib -lpq -lcrypt"
-      PGINCLUDE="-I/usr/include/postgresql"
+      PGLIBS="-L$PGSQL/lib -lpq -l$_CRYPTLIB"
+      case $host in
+        *openbsd*)
+          PGINCLUDE="-I$PGSQL/include/postgresql" ;;
+        *)
+          PGINCLUDE="-I/usr/include/postgresql"
+      esac
     elif test  "$ac_cv_header_libpq_fe_h" = "yes"; then
-      PGLIBS="-L$PGSQL/lib -lpq -lcrypt"
+      PGLIBS="-L$PGSQL/lib -lpq -l$_CRYPTLIB"
       PGINCLUDE="-I$PGSQL/include"
     fi
     if test -z "$PGINCLUDE"; then

lib/utils_cmd.c

@@ -489,14 +489,14 @@ cmd_run_result cmd_run2(const char *cmd_string, int flags) {
 	cmd_run_result result = {
 		.cmd_error_code = 0,
 		.error_code = 0,
-		.stderr =
+		.err =
 			{
 				.buf = NULL,
 				.buflen = 0,
 				.line = NULL,
 				.lines = 0,
 			},
-		.stdout =
+		.out =
 			{
 				.buf = NULL,
 				.buflen = 0,
@@ -581,14 +581,14 @@ cmd_run_result cmd_run_array2(char *const *cmd, int flags) {
 	cmd_run_result result = {
 		.cmd_error_code = 0,
 		.error_code = 0,
-		.stderr =
+		.err =
 			{
 				.buf = NULL,
 				.buflen = 0,
 				.line = NULL,
 				.lines = 0,
 			},
-		.stdout =
+		.out =
 			{
 				.buf = NULL,
 				.buflen = 0,
@@ -610,9 +610,9 @@ cmd_run_result cmd_run_array2(char *const *cmd, int flags) {
 	int pfd_err[2] = {cmd_open_result.stderr_pipe_fd[0], cmd_open_result.stderr_pipe_fd[1]};
 
 	int_cmd_fetch_output2 tmp_stdout = _cmd_fetch_output2(pfd_out[0], flags);
-	result.stdout = tmp_stdout.output_container;
+	result.out = tmp_stdout.output_container;
 	int_cmd_fetch_output2 tmp_stderr = _cmd_fetch_output2(pfd_err[0], flags);
-	result.stderr = tmp_stderr.output_container;
+	result.err = tmp_stderr.output_container;
 
 	result.cmd_error_code = _cmd_close(file_descriptor);
 	return result;

lib/utils_cmd.h

@@ -24,8 +24,8 @@ int cmd_file_read(const char *, output *, int);
 typedef struct {
  int error_code;
  int cmd_error_code;
- output stdout;
- output stderr;
+ output out;
+ output err;
 } cmd_run_result;
 cmd_run_result cmd_run2(const char *cmd, int flags);
 cmd_run_result cmd_run_array2(char * const *cmd, int flags);

plugins-root/check_icmp.c

@@ -54,6 +54,9 @@ const char *email = "devel@monitoring-plugins.org";
 #endif
 
 #include <sys/time.h>
+#if defined(SIOCGIFADDR)
+#include <sys/ioctl.h>
+#endif /* SIOCGIFADDR */
 #include <errno.h>
 #include <signal.h>
 #include <ctype.h>
@@ -146,7 +149,7 @@ static get_timevar_wrapper get_timevar(const char *str);
 static time_t get_timevaldiff(struct timeval earlier, struct timeval later);
 static time_t get_timevaldiff_to_now(struct timeval earlier);
 
-static in_addr_t get_ip_address(const char *ifname);
+static in_addr_t get_ip_address(const char *ifname, const int icmp_sock);
 static void set_source_ip(char *arg, int icmp_sock, sa_family_t addr_family);
 
 /* Receiving data */
@@ -1769,7 +1772,7 @@ static void set_source_ip(char *arg, const int icmp_sock, sa_family_t addr_famil
 	memset(&src, 0, sizeof(src));
 	src.sin_family = addr_family;
 	if ((src.sin_addr.s_addr = inet_addr(arg)) == INADDR_NONE) {
-		src.sin_addr.s_addr = get_ip_address(arg);
+		src.sin_addr.s_addr = get_ip_address(arg, icmp_sock);
 	}
 	if (bind(icmp_sock, (struct sockaddr *)&src, sizeof(src)) == -1) {
 		crash("Cannot bind to IP address %s", arg);
@@ -1777,7 +1780,7 @@ static void set_source_ip(char *arg, const int icmp_sock, sa_family_t addr_famil
 }
 
 /* TODO: Move this to netutils.c and also change check_dhcp to use that. */
-static in_addr_t get_ip_address(const char *ifname) {
+static in_addr_t get_ip_address(const char *ifname, const int icmp_sock) {
 	// TODO: Rewrite this so the function return an error and we exit somewhere else
 	struct sockaddr_in ip_address;
 	ip_address.sin_addr.s_addr = 0; // Fake initialization to make compiler happy
@@ -1792,7 +1795,7 @@ static in_addr_t get_ip_address(const char *ifname) {
 		crash("Cannot determine IP address of interface %s", ifname);
 	}
 
-	memcpy(&ip, &ifr.ifr_addr, sizeof(ip));
+	memcpy(&ip_address, &ifr.ifr_addr, sizeof(ip_address));
 #else
 	(void)ifname;
 	errno = 0;

plugins/check_by_ssh.c

@@ -98,7 +98,7 @@ int main(int argc, char **argv) {
 	if (child_result.cmd_error_code == 255 && config.unknown_timeout) {
 		mp_subcheck sc_ssh_execution = mp_subcheck_init();
 		xasprintf(&sc_ssh_execution.output, "SSH connection failed: %s",
-				  child_result.stderr.lines > 0 ? child_result.stderr.line[0]
+				  child_result.err.lines > 0 ? child_result.err.line[0]
 												: "(no error output)");
 
 		sc_ssh_execution = mp_set_subcheck_state(sc_ssh_execution, STATE_UNKNOWN);
@@ -107,34 +107,34 @@ int main(int argc, char **argv) {
 	}
 
 	if (verbose) {
-		for (size_t i = 0; i < child_result.stdout.lines; i++) {
-			printf("stdout: %s\n", child_result.stdout.line[i]);
+		for (size_t i = 0; i < child_result.out.lines; i++) {
+			printf("stdout: %s\n", child_result.out.line[i]);
 		}
-		for (size_t i = 0; i < child_result.stderr.lines; i++) {
-			printf("stderr: %s\n", child_result.stderr.line[i]);
+		for (size_t i = 0; i < child_result.err.lines; i++) {
+			printf("stderr: %s\n", child_result.err.line[i]);
 		}
 	}
 
 	size_t skip_stdout = 0;
 	if (config.skip_stdout) { /* --skip-stdout specified without argument */
-		skip_stdout = child_result.stdout.lines;
+		skip_stdout = child_result.out.lines;
 	} else {
 		skip_stdout = config.stdout_lines_to_ignore;
 	}
 
 	size_t skip_stderr = 0;
 	if (config.skip_stderr) { /* --skip-stderr specified without argument */
-		skip_stderr = child_result.stderr.lines;
+		skip_stderr = child_result.err.lines;
 	} else {
 		skip_stderr = config.sterr_lines_to_ignore;
 	}
 
 	/* Allow UNKNOWN or WARNING state for (non-skipped) output found on stderr */
-	if (child_result.stderr.lines > skip_stderr &&
+	if (child_result.err.lines > skip_stderr &&
 		(config.unknown_on_stderr || config.warn_on_stderr)) {
 		mp_subcheck sc_stderr = mp_subcheck_init();
 		xasprintf(&sc_stderr.output, "remote command execution failed: %s",
-				  child_result.stderr.line[skip_stderr]);
+				  child_result.err.line[skip_stderr]);
 
 		if (config.unknown_on_stderr) {
 			sc_stderr = mp_set_subcheck_state(sc_stderr, STATE_UNKNOWN);
@@ -154,10 +154,10 @@ int main(int argc, char **argv) {
 		mp_subcheck sc_active_check = mp_subcheck_init();
 		xasprintf(&sc_active_check.output, "command stdout:");
 
-		if (child_result.stdout.lines > skip_stdout) {
-			for (size_t i = skip_stdout; i < child_result.stdout.lines; i++) {
+		if (child_result.out.lines > skip_stdout) {
+			for (size_t i = skip_stdout; i < child_result.out.lines; i++) {
 				xasprintf(&sc_active_check.output, "%s\n%s", sc_active_check.output,
-						  child_result.stdout.line[i]);
+						  child_result.out.line[i]);
 			}
 		} else {
 			xasprintf(&sc_active_check.output, "remote command '%s' returned status %d",
@@ -209,10 +209,10 @@ int main(int argc, char **argv) {
 	char *status_text;
 	int cresult;
 	mp_subcheck sc_parse_passive = mp_subcheck_init();
-	for (size_t i = skip_stdout; i < child_result.stdout.lines; i++) {
-		status_text = child_result.stdout.line[i++];
-		if (i == child_result.stdout.lines ||
-			strstr(child_result.stdout.line[i], "STATUS CODE: ") == NULL) {
+	for (size_t i = skip_stdout; i < child_result.out.lines; i++) {
+		status_text = child_result.out.line[i++];
+		if (i == child_result.out.lines ||
+			strstr(child_result.out.line[i], "STATUS CODE: ") == NULL) {
 
 			sc_parse_passive = mp_set_subcheck_state(sc_parse_passive, STATE_UNKNOWN);
 			xasprintf(&sc_parse_passive.output, "failed to parse output");
@@ -221,7 +221,7 @@ int main(int argc, char **argv) {
 		}
 
 		if (config.service[commands] && status_text &&
-			sscanf(child_result.stdout.line[i], "STATUS CODE: %d", &cresult) == 1) {
+			sscanf(child_result.out.line[i], "STATUS CODE: %d", &cresult) == 1) {
 			fprintf(output_file, "[%d] PROCESS_SERVICE_CHECK_RESULT;%s;%s;%d;%s\n", (int)local_time,
 					config.host_shortname, config.service[commands++], cresult, status_text);
 		}

plugins/check_curl.c

@@ -1667,6 +1667,8 @@ void print_help(void) {
 	printf(" %s\n", _("certificate matches the hostname of the server, or if the certificate"));
 	printf(" %s\n", _("has a valid chain of trust to one of the locally installed CAs."));
 	printf("\n");
+	printf(" %s\n", _("To also verify certificates, please set --verify-cert."));
+	printf("\n");
 	printf("%s\n", _("Examples:"));
 	printf(" %s\n\n", "CHECK CONTENT: check_curl -w 5 -c 10 --ssl -H www.verisign.com");
 	printf(" %s\n", _("When the 'www.verisign.com' server returns its content within 5 seconds,"));
@@ -1676,16 +1678,18 @@ void print_help(void) {
 		   _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,"));
 	printf(" %s\n", _("a STATE_CRITICAL will be returned."));
 	printf("\n");
-	printf(" %s\n\n", "CHECK CERTIFICATE: check_curl -H www.verisign.com -C 14");
+	printf(" %s\n\n", "CHECK CERTIFICATE: check_curl -H www.verisign.com -C 14 -D");
 	printf(" %s\n",
 		   _("When the certificate of 'www.verisign.com' is valid for more than 14 days,"));
 	printf(" %s\n",
 		   _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
 	printf(" %s\n",
 		   _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when"));
-	printf(" %s\n\n", _("the certificate is expired."));
+	printf(" %s\n", _("the certificate is expired."));
 	printf("\n");
-	printf(" %s\n\n", "CHECK CERTIFICATE: check_curl -H www.verisign.com -C 30,14");
+	printf(" %s\n", _("The -D flag enforces a certificate validation beyond expiration time."));
+	printf("\n");
+	printf(" %s\n\n", "CHECK CERTIFICATE: check_curl -H www.verisign.com -C 30,14 -D");
 	printf(" %s\n",
 		   _("When the certificate of 'www.verisign.com' is valid for more than 30 days,"));
 	printf(" %s\n",

plugins/check_http.c

@@ -1036,7 +1036,7 @@ int check_http(void) {
 			printf("SSL initialized\n");
 		}
 		if (result != STATE_OK) {
-			die(STATE_CRITICAL, NULL);
+			die(STATE_CRITICAL,  _("HTTP CRITICAL - SSL error\n"));
 		}
 		microsec_ssl = deltime(tv_temp);
 		elapsed_time_ssl = (double)microsec_ssl / 1.0e6;

plugins/check_smtp.c

@@ -37,7 +37,6 @@
 #include "base64.h"
 #include "regex.h"
 
-#include <bits/getopt_ext.h>
 #include <ctype.h>
 #include <string.h>
 #include "check_smtp.d/config.h"