search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Adjust check_swap tests
[monitoring-plugins.git] / plugins / check_ssh.c
blob34ef37b78f32c75661b6076f53efb2a856c768b8
1 /*****************************************************************************
2 *
3 * Monitoring check_ssh plugin
4 *
5 * License: GPL
6 * Copyright (c) 2000-2007 Monitoring Plugins Development Team
7 *
8 * Description:
9 *
10 * This file contains the check_ssh plugin
11 *
12 * Try to connect to an SSH server at specified server and port
13 *
14 *
15 * This program is free software: you can redistribute it and/or modify
16 * it under the terms of the GNU General Public License as published by
17 * the Free Software Foundation, either version 3 of the License, or
18 * (at your option) any later version.
19 *
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * You should have received a copy of the GNU General Public License
26 * along with this program. If not, see <http://www.gnu.org/licenses/>.
27 *
28 *
29 *****************************************************************************/
30
31 const char *progname = "check_ssh";
32 const char *copyright = "2000-2007";
33 const char *email = "devel@monitoring-plugins.org";
34
35 #include "./common.h"
36 #include "./netutils.h"
37 #include "utils.h"
38
39 #ifndef MSG_DONTWAIT
40 #define MSG_DONTWAIT 0
41 #endif
42
43 #define SSH_DFL_PORT 22
44 #define BUFF_SZ 256
45
46 int port = -1;
47 char *server_name = NULL;
48 char *remote_version = NULL;
49 char *remote_protocol = NULL;
50 bool verbose = false;
51
52 int process_arguments (int, char **);
53 int validate_arguments (void);
54 void print_help (void);
55 void print_usage (void);
56
57 int ssh_connect (char *haddr, int hport, char *remote_version, char *remote_protocol);
58
59
60 int
61 main (int argc, char **argv)
62 {
63 int result = STATE_UNKNOWN;
64
65 setlocale (LC_ALL, "");
66 bindtextdomain (PACKAGE, LOCALEDIR);
67 textdomain (PACKAGE);
68
69 /* Parse extra opts if any */
70 argv=np_extra_opts (&argc, argv, progname);
71
72 if (process_arguments (argc, argv) == ERROR)
73 usage4 (_("Could not parse arguments"));
74
75 /* initialize alarm signal handling */
76 signal (SIGALRM, socket_timeout_alarm_handler);
77
78 alarm (socket_timeout);
79
80 /* ssh_connect exits if error is found */
81 result = ssh_connect (server_name, port, remote_version, remote_protocol);
82
83 alarm (0);
84
85 return (result);
86 }
87
88
89
90 /* process command-line arguments */
91 int
92 process_arguments (int argc, char **argv)
93 {
94 int c;
95
96 int option = 0;
97 static struct option longopts[] = {
98 {"help", no_argument, 0, 'h'},
99 {"version", no_argument, 0, 'V'},
100 {"host", required_argument, 0, 'H'}, /* backward compatibility */
101 {"hostname", required_argument, 0, 'H'},
102 {"port", required_argument, 0, 'p'},
103 {"use-ipv4", no_argument, 0, '4'},
104 {"use-ipv6", no_argument, 0, '6'},
105 {"timeout", required_argument, 0, 't'},
106 {"verbose", no_argument, 0, 'v'},
107 {"remote-version", required_argument, 0, 'r'},
108 {"remote-protocol", required_argument, 0, 'P'},
109 {0, 0, 0, 0}
110 };
111
112 if (argc < 2)
113 return ERROR;
114
115 for (c = 1; c < argc; c++)
116 if (strcmp ("-to", argv[c]) == 0)
117 strcpy (argv[c], "-t");
118
119 while (1) {
120 c = getopt_long (argc, argv, "+Vhv46t:r:H:p:P:", longopts, &option);
121
122 if (c == -1 || c == EOF)
123 break;
124
125 switch (c) {
126 case '?': /* help */
127 usage5 ();
128 case 'V': /* version */
129 print_revision (progname, NP_VERSION);
130 exit (STATE_UNKNOWN);
131 case 'h': /* help */
132 print_help ();
133 exit (STATE_UNKNOWN);
134 case 'v': /* verbose */
135 verbose = true;
136 break;
137 case 't': /* timeout period */
138 if (!is_integer (optarg))
139 usage2 (_("Timeout interval must be a positive integer"), optarg);
140 else
141 socket_timeout = atoi (optarg);
142 break;
143 case '4':
144 address_family = AF_INET;
145 break;
146 case '6':
147 #ifdef USE_IPV6
148 address_family = AF_INET6;
149 #else
150 usage4 (_("IPv6 support not available"));
151 #endif
152 break;
153 case 'r': /* remote version */
154 remote_version = optarg;
155 break;
156 case 'P': /* remote version */
157 remote_protocol = optarg;
158 break;
159 case 'H': /* host */
160 if (!is_host (optarg))
161 usage2 (_("Invalid hostname/address"), optarg);
162 server_name = optarg;
163 break;
164 case 'p': /* port */
165 if (is_intpos (optarg)) {
166 port = atoi (optarg);
167 }
168 else {
169 usage2 (_("Port number must be a positive integer"), optarg);
170 }
171 }
172 }
173
174 c = optind;
175 if (server_name == NULL && c < argc) {
176 if (is_host (argv[c])) {
177 server_name = argv[c++];
178 }
179 }
180
181 if (port == -1 && c < argc) {
182 if (is_intpos (argv[c])) {
183 port = atoi (argv[c++]);
184 }
185 else {
186 print_usage ();
187 exit (STATE_UNKNOWN);
188 }
189 }
190
191 return validate_arguments ();
192 }
193
194 int
195 validate_arguments (void)
196 {
197 if (server_name == NULL)
198 return ERROR;
199 if (port == -1) /* funky, but allows -p to override stray integer in args */
200 port = SSH_DFL_PORT;
201 return OK;
202 }
203
204
205 /************************************************************************
206 *
207 * Try to connect to SSH server at specified server and port
208 *
209 *-----------------------------------------------------------------------*/
210
211
212 int
213 ssh_connect (char *haddr, int hport, char *remote_version, char *remote_protocol)
214 {
215 int sd;
216 int result;
217 int len = 0;
218 ssize_t recv_ret = 0;
219 char *version_control_string = NULL;
220 char *buffer = NULL;
221 char *ssh_proto = NULL;
222 char *ssh_server = NULL;
223 static char *rev_no = VERSION;
224 struct timeval tv;
225 double elapsed_time;
226
227 gettimeofday(&tv, NULL);
228
229 result = my_tcp_connect (haddr, hport, &sd);
230
231 if (result != STATE_OK)
232 return result;
233
234 char *output = (char *) calloc (BUFF_SZ + 1, sizeof(char));
235
236 unsigned int iteration = 0;
237 ssize_t byte_offset = 0;
238
239 while ((version_control_string == NULL) && (recv_ret = recv(sd, output+byte_offset, BUFF_SZ - byte_offset, 0) > 0)) {
240
241 if (strchr(output, '\n')) { /* we've got at least one full line, start parsing*/
242 byte_offset = 0;
243
244 char *index = NULL;
245 while ((index = strchr(output+byte_offset, '\n')) != NULL) {
246 /*Partition the buffer so that this line is a separate string,
247 * by replacing the newline with NUL*/
248 output[(index - output)] = '\0';
249 len = strlen(output + byte_offset);
250
251 if ((len >= 4) && (strncmp (output+byte_offset, "SSH-", 4) == 0)) {
252 /*if the string starts with SSH-, this _should_ be a valid version control string*/
253 version_control_string = output+byte_offset;
254 break;
255 }
256
257 /*the start of the next line (if one exists) will be after the current one (+ NUL)*/
258 byte_offset += (len + 1);
259 }
260
261 if(version_control_string == NULL) {
262 /* move unconsumed data to beginning of buffer, null rest */
263 memmove((void *)output, (void *)output+byte_offset+1, BUFF_SZ - len+1);
264 memset(output+byte_offset+1, 0, BUFF_SZ-byte_offset+1);
265
266 /*start reading from end of current line chunk on next recv*/
267 byte_offset = strlen(output);
268 }
269 } else {
270 byte_offset += recv_ret;
271 }
272 }
273
274 if (recv_ret < 0) {
275 printf("SSH CRITICAL - %s", strerror(errno));
276 exit(STATE_CRITICAL);
277 }
278
279 if (version_control_string == NULL) {
280 printf("SSH CRITICAL - No version control string received");
281 exit(STATE_CRITICAL);
282 }
283 /*
284 * "When the connection has been established, both sides MUST send an
285 * identification string. This identification string MUST be
286 *
287 * SSH-protoversion-softwareversion SP comments CR LF"
288 * - RFC 4253:4.2
289 */
290 strip (version_control_string);
291 if (verbose)
292 printf ("%s\n", version_control_string);
293 ssh_proto = version_control_string + 4;
294
295 /*
296 * We assume the protoversion is of the form Major.Minor, although
297 * this is not _strictly_ required. See
298 *
299 * "Both the 'protoversion' and 'softwareversion' strings MUST consist of
300 * printable US-ASCII characters, with the exception of whitespace
301 * characters and the minus sign (-)"
302 * - RFC 4253:4.2
303 * and,
304 *
305 * "As stated earlier, the 'protoversion' specified for this protocol is
306 * "2.0". Earlier versions of this protocol have not been formally
307 * documented, but it is widely known that they use 'protoversion' of
308 * "1.x" (e.g., "1.5" or "1.3")."
309 * - RFC 4253:5
310 */
311 ssh_server = ssh_proto + strspn (ssh_proto, "0123456789.") + 1; /* (+1 for the '-' separating protoversion from softwareversion) */
312
313 /* If there's a space in the version string, whatever's after the space is a comment
314 * (which is NOT part of the server name/version)*/
315 char *tmp = strchr(ssh_server, ' ');
316 if (tmp) {
317 ssh_server[tmp - ssh_server] = '\0';
318 }
319 if (strlen(ssh_proto) == 0 || strlen(ssh_server) == 0) {
320 printf(_("SSH CRITICAL - Invalid protocol version control string %s\n"), version_control_string);
321 exit (STATE_CRITICAL);
322 }
323 ssh_proto[strspn (ssh_proto, "0123456789. ")] = 0;
324
325 xasprintf (&buffer, "SSH-%s-check_ssh_%s\r\n", ssh_proto, rev_no);
326 send (sd, buffer, strlen (buffer), MSG_DONTWAIT);
327 if (verbose)
328 printf ("%s\n", buffer);
329
330 if (remote_version && strcmp(remote_version, ssh_server)) {
331 printf
332 (_("SSH CRITICAL - %s (protocol %s) version mismatch, expected '%s'\n"),
333 ssh_server, ssh_proto, remote_version);
334 close(sd);
335 exit (STATE_CRITICAL);
336 }
337
338 if (remote_protocol && strcmp(remote_protocol, ssh_proto)) {
339 printf
340 (_("SSH CRITICAL - %s (protocol %s) protocol version mismatch, expected '%s' | %s\n"),
341 ssh_server, ssh_proto, remote_protocol, fperfdata("time", elapsed_time, "s",
342 false, 0, false, 0, true, 0, true, (int)socket_timeout));
343 close(sd);
344 exit (STATE_CRITICAL);
345 }
346 elapsed_time = (double)deltime(tv) / 1.0e6;
347
348 printf
349 (_("SSH OK - %s (protocol %s) | %s\n"),
350 ssh_server, ssh_proto, fperfdata("time", elapsed_time, "s",
351 false, 0, false, 0, true, 0, true, (int)socket_timeout));
352 close(sd);
353 exit (STATE_OK);
354 }
355
356
357
358 void
359 print_help (void)
360 {
361 char *myport;
362 xasprintf (&myport, "%d", SSH_DFL_PORT);
363
364 print_revision (progname, NP_VERSION);
365
366 printf ("Copyright (c) 1999 Remi Paulmier <remi@sinfomic.fr>\n");
367 printf (COPYRIGHT, copyright, email);
368
369 printf ("%s\n", _("Try to connect to an SSH server at specified server and port"));
370
371 printf ("\n\n");
372
373 print_usage ();
374
375 printf (UT_HELP_VRSN);
376 printf (UT_EXTRA_OPTS);
377
378 printf (UT_HOST_PORT, 'p', myport);
379
380 printf (UT_IPv46);
381
382 printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
383
384 printf (" %s\n", "-r, --remote-version=STRING");
385 printf (" %s\n", _("Alert if string doesn't match expected server version (ex: OpenSSH_3.9p1)"));
386
387 printf (" %s\n", "-P, --remote-protocol=STRING");
388 printf (" %s\n", _("Alert if protocol doesn't match expected protocol version (ex: 2.0)"));
389
390 printf (UT_VERBOSE);
391
392 printf (UT_SUPPORT);
393 }
394
395
396
397 void
398 print_usage (void)
399 {
400 printf ("%s\n", _("Usage:"));
401 printf ("%s [-4|-6] [-t <timeout>] [-r <remote version>] [-p <port>] <host>\n", progname);
402 }
403
Monitoring Plugins