/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */ #include "icinga-version.h" /* include VERSION */ // ensure to include base first #include "base/i2-base.hpp" #include "base/application.hpp" #include "base/json.hpp" #include "base/string.hpp" #include "base/logger.hpp" #include "base/exception.hpp" #include "base/utility.hpp" #include "base/defer.hpp" #include "base/io-engine.hpp" #include "base/stream.hpp" #include "base/tcpsocket.hpp" /* include global icinga::Connect */ #include "base/tlsstream.hpp" #include "base/base64.hpp" #include "remote/url.hpp" #include #include #include #include #include #include #include #include #include #include using namespace icinga; namespace po = boost::program_options; static bool l_Debug; /** * Prints an Icinga plugin API compliant output, including error handling. * * @param result * * @return Status code for exit() */ static int FormatOutput(const Dictionary::Ptr& result) { if (!result) { std::cerr << "UNKNOWN: No data received.\n"; return 3; } if (l_Debug) std::cout << "\tJSON Body:\n" << result->ToString() << '\n'; Array::Ptr payloads = result->Get("payload"); if (!payloads) { std::cerr << "UNKNOWN: Answer format error: Answer is missing 'payload'.\n"; return 3; } if (payloads->GetLength() == 0) { std::cerr << "UNKNOWN: Answer format error: 'payload' was empty.\n"; return 3; } if (payloads->GetLength() > 1) { std::cerr << "UNKNOWN: Answer format error: Multiple payloads are not supported."; return 3; } Dictionary::Ptr payload; try { payload = payloads->Get(0); } catch (const std::exception&) { std::cerr << "UNKNOWN: Answer format error: 'payload' was not a Dictionary.\n"; return 3; } Array::Ptr lines; try { lines = payload->Get("lines"); } catch (const std::exception&) { std::cerr << "UNKNOWN: Answer format error: 'payload' is missing 'lines'.\n"; return 3; } if (!lines) { std::cerr << "UNKNOWN: Answer format error: 'lines' is Null.\n"; return 3; } std::stringstream ssout; ObjectLock olock(lines); for (const Value& vline : lines) { Dictionary::Ptr line; try { line = vline; } catch (const std::exception&) { std::cerr << "UNKNOWN: Answer format error: 'lines' entry was not a Dictionary.\n"; return 3; } if (!line) { std::cerr << "UNKNOWN: Answer format error: 'lines' entry was Null.\n"; return 3; } ssout << payload->Get("command") << ' ' << line->Get("message") << " | "; if (!line->Contains("perf")) { ssout << '\n'; break; } Array::Ptr perfs = line->Get("perf"); ObjectLock olock(perfs); for (const Dictionary::Ptr& perf : perfs) { ssout << "'" << perf->Get("alias") << "'="; Dictionary::Ptr values = perf->Get("float_value"); if (perf->Contains("int_value")) values = perf->Get("int_value"); ssout << values->Get("value") << values->Get("unit") << ';' << values->Get("warning") << ';' << values->Get("critical"); if (values->Contains("minimum") || values->Contains("maximum")) { ssout << ';'; if (values->Contains("minimum")) ssout << values->Get("minimum"); if (values->Contains("maximum")) ssout << ';' << values->Get("maximum"); } ssout << ' '; } ssout << '\n'; } std::map stateMap = { { "OK", 0 }, { "WARNING", 1}, { "CRITICAL", 2}, { "UNKNOWN", 3} }; String state = static_cast(payload->Get("result")).ToUpper(); auto it = stateMap.find(state); if (it == stateMap.end()) { std::cerr << "UNKNOWN Answer format error: 'result' was not a known state.\n"; return 3; } std::cout << ssout.rdbuf(); return it->second; } /** * Connects to host:port and performs a TLS shandshake * * @param host To connect to. * @param port To connect to. * * @returns AsioTlsStream pointer for future HTTP connections. */ static Shared::Ptr Connect(const String& host, const String& port) { Shared::Ptr sslContext; try { sslContext = MakeAsioSslContext(Empty, Empty, Empty); //TODO: Add support for cert, key, ca parameters } catch(const std::exception& ex) { Log(LogCritical, "DebugConsole") << "Cannot make SSL context: " << ex.what(); throw; } Shared::Ptr stream = Shared::Make(IoEngine::Get().GetIoContext(), *sslContext, host); try { icinga::Connect(stream->lowest_layer(), host, port); } catch (const std::exception& ex) { Log(LogWarning, "DebugConsole") << "Cannot connect to REST API on host '" << host << "' port '" << port << "': " << ex.what(); throw; } auto& tlsStream (stream->next_layer()); try { tlsStream.handshake(tlsStream.client); } catch (const std::exception& ex) { Log(LogWarning, "DebugConsole") << "TLS handshake with host '" << host << "' failed: " << ex.what(); throw; } return stream; } static const char l_ReasonToInject[2] = {' ', 'X'}; template static inline boost::asio::mutable_buffer GetFirstNonZeroBuffer(const MutableBufferSequence& mbs) { namespace asio = boost::asio; auto end (asio::buffer_sequence_end(mbs)); for (auto current (asio::buffer_sequence_begin(mbs)); current != end; ++current) { asio::mutable_buffer buf (*current); if (buf.size() > 0u) { return buf; } } return {}; } /** * Workaround for . */ template class HttpResponseReasonInjector { public: inline HttpResponseReasonInjector(SyncReadStream& stream) : m_Stream(stream), m_ReasonHasBeenInjected(false), m_StashedData(nullptr) { } HttpResponseReasonInjector(const HttpResponseReasonInjector&) = delete; HttpResponseReasonInjector(HttpResponseReasonInjector&&) = delete; HttpResponseReasonInjector& operator=(const HttpResponseReasonInjector&) = delete; HttpResponseReasonInjector& operator=(HttpResponseReasonInjector&&) = delete; template size_t read_some(const MutableBufferSequence& mbs) { boost::system::error_code ec; size_t amount = read_some(mbs, ec); if (ec) { throw boost::system::system_error(ec); } return amount; } template size_t read_some(const MutableBufferSequence& mbs, boost::system::error_code& ec) { auto mb (GetFirstNonZeroBuffer(mbs)); if (m_StashedData) { size_t amount = 0; auto end ((char*)mb.data() + mb.size()); for (auto current ((char*)mb.data()); current < end; ++current) { *current = *m_StashedData; ++m_StashedData; ++amount; if (m_StashedData == (char*)m_StashedDataBuf + (sizeof(m_StashedDataBuf) / sizeof(m_StashedDataBuf[0]))) { m_StashedData = nullptr; break; } } return amount; } size_t amount = m_Stream.read_some(mb, ec); if (!ec && !m_ReasonHasBeenInjected) { auto end ((char*)mb.data() + amount); for (auto current ((char*)mb.data()); current < end; ++current) { if (*current == '\r') { auto last (end - 1); for (size_t i = sizeof(l_ReasonToInject) / sizeof(l_ReasonToInject[0]); i;) { m_StashedDataBuf[--i] = *last; if (last > current) { memmove(current + 1, current, last - current); } *current = l_ReasonToInject[i]; } m_ReasonHasBeenInjected = true; m_StashedData = m_StashedDataBuf; break; } } } return amount; } private: SyncReadStream& m_Stream; bool m_ReasonHasBeenInjected; char m_StashedDataBuf[sizeof(l_ReasonToInject) / sizeof(l_ReasonToInject[0])]; char* m_StashedData; }; /** * Queries the given endpoint and host:port and retrieves data. * * @param host To connect to. * @param port To connect to. * @param password For auth header (required). * @param endpoint Caller must construct the full endpoint including the command query. * * @return Dictionary de-serialized from JSON data. */ static Dictionary::Ptr FetchData(const String& host, const String& port, const String& password, const String& endpoint) { namespace beast = boost::beast; namespace http = beast::http; Shared::Ptr tlsStream; try { tlsStream = Connect(host, port); } catch (const std::exception& ex) { std::cerr << "Connection error: " << ex.what(); throw ex; } Url::Ptr url; try { url = new Url(endpoint); } catch (const std::exception& ex) { std::cerr << "URL error: " << ex.what(); throw ex; } url->SetScheme("https"); url->SetHost(host); url->SetPort(port); // NSClient++ uses `time=1m&time=5m` instead of `time[]=1m&time[]=5m` url->SetArrayFormatUseBrackets(false); http::request request (http::verb::get, std::string(url->Format(true)), 10); request.set(http::field::user_agent, "Icinga/check_nscp_api/" + String(VERSION)); request.set(http::field::host, host + ":" + port); request.set(http::field::accept, "application/json"); request.set("password", password); if (l_Debug) { std::cout << "Sending request to " << url->Format(false, false) << "'.\n"; } try { http::write(*tlsStream, request); tlsStream->flush(); } catch (const std::exception& ex) { std::cerr << "Cannot write HTTP request to REST API at URL '" << url->Format(false, false) << "': " << ex.what(); throw ex; } beast::flat_buffer buffer; http::parser p; try { HttpResponseReasonInjector reasonInjector (*tlsStream); http::read(reasonInjector, buffer, p); } catch (const std::exception &ex) { BOOST_THROW_EXCEPTION(ScriptError(String("Error reading HTTP response data: ") + ex.what())); } String body (std::move(p.get().body())); if (l_Debug) std::cout << "Received body from NSCP: '" << body << "'." << std::endl; // Add some rudimentary error handling. if (body.IsEmpty()) { String message = "No body received. Ensure that connection parameters are good and check the NSCP logs."; BOOST_THROW_EXCEPTION(ScriptError(message)); } Dictionary::Ptr jsonResponse; try { jsonResponse = JsonDecode(body); } catch (const std::exception& ex) { String message = "Cannot parse JSON response body '" + body + "', error: " + ex.what(); BOOST_THROW_EXCEPTION(ScriptError(message)); } return jsonResponse; } /** * Main function * * @param argc * @param argv * @return exit code */ int main(int argc, char **argv) { po::variables_map vm; po::options_description desc("Options"); desc.add_options() ("help,h", "Print usage message and exit") ("version,V", "Print version and exit") ("debug,d", "Verbose/Debug output") ("host,H", po::value()->required(), "REQUIRED: NSCP API Host") ("port,P", po::value()->default_value("8443"), "NSCP API Port (Default: 8443)") ("password", po::value()->required(), "REQUIRED: NSCP API Password") ("query,q", po::value()->required(), "REQUIRED: NSCP API Query endpoint") ("arguments,a", po::value>()->multitoken(), "NSCP API Query arguments for the endpoint"); po::command_line_parser parser(argc, argv); try { po::store( parser .options(desc) .style( po::command_line_style::unix_style | po::command_line_style::allow_long_disguise) .run(), vm); if (vm.count("version")) { std::cout << "Version: " << VERSION << '\n'; Application::Exit(0); } if (vm.count("help")) { std::cout << argv[0] << " Help\n\tVersion: " << VERSION << '\n'; std::cout << "check_nscp_api is a program used to query the NSClient++ API.\n"; std::cout << desc; std::cout << "For detailed information on possible queries and their arguments refer to the NSClient++ documentation.\n"; Application::Exit(0); } vm.notify(); } catch (const std::exception& e) { std::cout << e.what() << '\n' << desc << '\n'; Application::Exit(3); } l_Debug = vm.count("debug") > 0; // Initialize logger if (l_Debug) Logger::SetConsoleLogSeverity(LogDebug); else Logger::SetConsoleLogSeverity(LogWarning); // Create the URL string and escape certain characters since Url() follows RFC 3986 String endpoint = "/query/" + vm["query"].as(); if (!vm.count("arguments")) endpoint += '/'; else { endpoint += '?'; for (const String& argument : vm["arguments"].as>()) { String::SizeType pos = argument.FindFirstOf("="); if (pos == String::NPos) endpoint += Utility::EscapeString(argument, ACQUERY_ENCODE, false); else { String key = argument.SubStr(0, pos); String val = argument.SubStr(pos + 1); endpoint += Utility::EscapeString(key, ACQUERY_ENCODE, false) + "=" + Utility::EscapeString(val, ACQUERY_ENCODE, false); } endpoint += '&'; } } Dictionary::Ptr result; try { result = FetchData(vm["host"].as(), vm["port"].as(), vm["password"].as(), endpoint); } catch (const std::exception& ex) { std::cerr << "UNKNOWN - " << ex.what(); exit(3); } // Application::Exit() is the clean way to exit after calling InitializeBase() Application::Exit(FormatOutput(result)); return 255; }