291 lines
6.5 KiB
C
291 lines
6.5 KiB
C
/******************************************************************************
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software
|
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
|
|
$Id: check_ssh.c,v 1.27 2005/04/11 18:02:40 seanius Exp $
|
|
|
|
******************************************************************************/
|
|
|
|
const char *progname = "check_ssh";
|
|
const char *revision = "$Revision: 1.27 $";
|
|
const char *copyright = "2000-2004";
|
|
const char *email = "nagiosplug-devel@lists.sourceforge.net";
|
|
|
|
#include "common.h"
|
|
#include "netutils.h"
|
|
#include "utils.h"
|
|
|
|
#ifndef MSG_DONTWAIT
|
|
#define MSG_DONTWAIT 0
|
|
#endif
|
|
|
|
#define SSH_DFL_PORT 22
|
|
#define BUFF_SZ 256
|
|
|
|
int port = -1;
|
|
char *server_name = NULL;
|
|
char *remote_version = NULL;
|
|
int verbose = FALSE;
|
|
|
|
int process_arguments (int, char **);
|
|
int validate_arguments (void);
|
|
void print_help (void);
|
|
void print_usage (void);
|
|
|
|
int ssh_connect (char *haddr, int hport, char *remote_version);
|
|
|
|
|
|
|
|
int
|
|
main (int argc, char **argv)
|
|
{
|
|
int result = STATE_UNKNOWN;
|
|
|
|
setlocale (LC_ALL, "");
|
|
bindtextdomain (PACKAGE, LOCALEDIR);
|
|
textdomain (PACKAGE);
|
|
|
|
if (process_arguments (argc, argv) == ERROR)
|
|
usage4 (_("Could not parse arguments"));
|
|
|
|
/* initialize alarm signal handling */
|
|
signal (SIGALRM, socket_timeout_alarm_handler);
|
|
|
|
alarm (socket_timeout);
|
|
|
|
/* ssh_connect exits if error is found */
|
|
result = ssh_connect (server_name, port, remote_version);
|
|
|
|
alarm (0);
|
|
|
|
return (result);
|
|
}
|
|
|
|
|
|
|
|
/* process command-line arguments */
|
|
int
|
|
process_arguments (int argc, char **argv)
|
|
{
|
|
int c;
|
|
|
|
int option = 0;
|
|
static struct option longopts[] = {
|
|
{"help", no_argument, 0, 'h'},
|
|
{"version", no_argument, 0, 'V'},
|
|
{"host", required_argument, 0, 'H'},
|
|
{"port", required_argument, 0, 'p'},
|
|
{"use-ipv4", no_argument, 0, '4'},
|
|
{"use-ipv6", no_argument, 0, '6'},
|
|
{"timeout", required_argument, 0, 't'},
|
|
{"verbose", no_argument, 0, 'v'},
|
|
{"remote-version", required_argument, 0, 'r'},
|
|
{0, 0, 0, 0}
|
|
};
|
|
|
|
if (argc < 2)
|
|
return ERROR;
|
|
|
|
for (c = 1; c < argc; c++)
|
|
if (strcmp ("-to", argv[c]) == 0)
|
|
strcpy (argv[c], "-t");
|
|
|
|
while (1) {
|
|
c = getopt_long (argc, argv, "+Vhv46t:r:H:p:", longopts, &option);
|
|
|
|
if (c == -1 || c == EOF)
|
|
break;
|
|
|
|
switch (c) {
|
|
case '?': /* help */
|
|
usage2 (_("Unknown argument"), optarg);
|
|
case 'V': /* version */
|
|
print_revision (progname, revision);
|
|
exit (STATE_OK);
|
|
case 'h': /* help */
|
|
print_help ();
|
|
exit (STATE_OK);
|
|
case 'v': /* verbose */
|
|
verbose = TRUE;
|
|
break;
|
|
case 't': /* timeout period */
|
|
if (!is_integer (optarg))
|
|
usage2 (_("Timeout interval must be a positive integer"), optarg);
|
|
else
|
|
socket_timeout = atoi (optarg);
|
|
break;
|
|
case '4':
|
|
address_family = AF_INET;
|
|
break;
|
|
case '6':
|
|
#ifdef USE_IPV6
|
|
address_family = AF_INET6;
|
|
#else
|
|
usage4 (_("IPv6 support not available"));
|
|
#endif
|
|
break;
|
|
case 'r': /* remote version */
|
|
remote_version = optarg;
|
|
break;
|
|
case 'H': /* host */
|
|
if (is_host (optarg) == FALSE)
|
|
usage2 (_("Invalid hostname/address"), optarg);
|
|
server_name = optarg;
|
|
break;
|
|
case 'p': /* port */
|
|
if (is_intpos (optarg)) {
|
|
port = atoi (optarg);
|
|
}
|
|
else {
|
|
usage2 (_("Port number must be a positive integer"), optarg);
|
|
}
|
|
}
|
|
}
|
|
|
|
c = optind;
|
|
if (server_name == NULL && c < argc) {
|
|
if (is_host (argv[c])) {
|
|
server_name = argv[c++];
|
|
}
|
|
}
|
|
|
|
if (port == -1 && c < argc) {
|
|
if (is_intpos (argv[c])) {
|
|
port = atoi (argv[c++]);
|
|
}
|
|
else {
|
|
print_usage ();
|
|
exit (STATE_UNKNOWN);
|
|
}
|
|
}
|
|
|
|
return validate_arguments ();
|
|
}
|
|
|
|
int
|
|
validate_arguments (void)
|
|
{
|
|
if (server_name == NULL)
|
|
return ERROR;
|
|
if (port == -1) /* funky, but allows -p to override stray integer in args */
|
|
port = SSH_DFL_PORT;
|
|
return OK;
|
|
}
|
|
|
|
|
|
/************************************************************************
|
|
*
|
|
* Try to connect to SSH server at specified server and port
|
|
*
|
|
*-----------------------------------------------------------------------*/
|
|
|
|
|
|
int
|
|
ssh_connect (char *haddr, int hport, char *remote_version)
|
|
{
|
|
int sd;
|
|
int result;
|
|
char *output = NULL;
|
|
char *buffer = NULL;
|
|
char *ssh_proto = NULL;
|
|
char *ssh_server = NULL;
|
|
char rev_no[20];
|
|
|
|
sscanf ("$Revision: 1.27 $", "$Revision: %[0123456789.]", rev_no);
|
|
|
|
result = my_tcp_connect (haddr, hport, &sd);
|
|
|
|
if (result != STATE_OK)
|
|
return result;
|
|
|
|
output = (char *) malloc (BUFF_SZ + 1);
|
|
memset (output, 0, BUFF_SZ + 1);
|
|
recv (sd, output, BUFF_SZ, 0);
|
|
if (strncmp (output, "SSH", 3)) {
|
|
printf (_("Server answer: %s"), output);
|
|
exit (STATE_CRITICAL);
|
|
}
|
|
else {
|
|
strip (output);
|
|
if (verbose)
|
|
printf ("%s\n", output);
|
|
ssh_proto = output + 4;
|
|
ssh_server = ssh_proto + strspn (ssh_proto, "-0123456789. ");
|
|
ssh_proto[strspn (ssh_proto, "0123456789. ")] = 0;
|
|
|
|
asprintf (&buffer, "SSH-%s-check_ssh_%s\r\n", ssh_proto, rev_no);
|
|
send (sd, buffer, strlen (buffer), MSG_DONTWAIT);
|
|
if (verbose)
|
|
printf ("%s\n", buffer);
|
|
|
|
if (remote_version && strcmp(remote_version, ssh_server)) {
|
|
printf
|
|
(_("SSH WARNING - %s (protocol %s) version mismatch, expected '%s'\n"),
|
|
ssh_server, ssh_proto, remote_version);
|
|
exit (STATE_WARNING);
|
|
}
|
|
|
|
printf
|
|
(_("SSH OK - %s (protocol %s)\n"),
|
|
ssh_server, ssh_proto);
|
|
close(sd);
|
|
exit (STATE_OK);
|
|
}
|
|
}
|
|
|
|
|
|
|
|
void
|
|
print_help (void)
|
|
{
|
|
char *myport;
|
|
asprintf (&myport, "%d", SSH_DFL_PORT);
|
|
|
|
print_revision (progname, revision);
|
|
|
|
printf ("Copyright (c) 1999 Remi Paulmier <remi@sinfomic.fr>\n");
|
|
printf (COPYRIGHT, copyright, email);
|
|
|
|
printf (_("Try to connect to an SSH server at specified server and port\n\n"));
|
|
|
|
print_usage ();
|
|
|
|
printf (_(UT_HELP_VRSN));
|
|
|
|
printf (_(UT_HOST_PORT), 'p', myport);
|
|
|
|
printf (_(UT_IPv46));
|
|
|
|
printf (_(UT_TIMEOUT), DEFAULT_SOCKET_TIMEOUT);
|
|
|
|
printf (_("\
|
|
-r, --remote-version=STRING\n\
|
|
Warn if string doesn't match expected server version (ex: OpenSSH_3.9p1)\n"));
|
|
|
|
printf (_(UT_VERBOSE));
|
|
|
|
printf (_(UT_SUPPORT));
|
|
}
|
|
|
|
|
|
|
|
void
|
|
print_usage (void)
|
|
{
|
|
printf ("\
|
|
Usage: %s [-46] [-t <timeout>] [-r <remote version>] [-p <port>] <host>\n", progname);
|
|
}
|
|
|