Add socket support to check_mysql*

Also clears the password from check_mysql command-line options


git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1988 f882894a-f735-0410-b71e-b25c423dba1c

NEWS

@@ -18,6 +18,8 @@ This file documents the major additions and syntax changes between releases.
 	check_dig can now pass arguments dig by using -A/--dig-arguments (#1874041/#1889453)
 	check_ntp and check_ntp_peer now show proper jitter/stratum thresholds longopts in --help
 	check_dns now allow to repeat -a to match multiple possibly returned address (common with load balancers)
+	check_mysql now try clearing password in processlist just like check_mysql_query
+	check_mysql and check_mysql_query now support sockets explicitely (-s, --socket)
 
 1.4.11 13th December 2007
 	Fixed check_http regression in 1.4.10 where following redirects to

plugins/check_mysql.c

@@ -50,6 +50,7 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net";
 
 char *db_user = NULL;
 char *db_host = NULL;
+char *db_socket = NULL;
 char *db_pass = NULL;
 char *db = NULL;
 unsigned int db_port = MYSQL_PORT;
@@ -90,7 +91,7 @@ main (int argc, char **argv)
 	mysql_options(&mysql,MYSQL_READ_DEFAULT_GROUP,"client");
 
 	/* establish a connection to the server and error checking */
-	if (!mysql_real_connect(&mysql,db_host,db_user,db_pass,db,db_port,NULL,0)) {
+	if (!mysql_real_connect(&mysql,db_host,db_user,db_pass,db,db_port,db_socket,0)) {
 		if (mysql_errno (&mysql) == CR_UNKNOWN_HOST)
 			die (STATE_WARNING, "%s\n", mysql_error (&mysql));
 		else if (mysql_errno (&mysql) == CR_VERSION_ERROR)
@@ -243,6 +244,7 @@ process_arguments (int argc, char **argv)
 	int option = 0;
 	static struct option longopts[] = {
 		{"hostname", required_argument, 0, 'H'},
+		{"socket", required_argument, 0, 's'},
 		{"database", required_argument, 0, 'd'},
 		{"username", required_argument, 0, 'u'},
 		{"password", required_argument, 0, 'p'},
@@ -260,7 +262,7 @@ process_arguments (int argc, char **argv)
 		return ERROR;
 
 	while (1) {
-		c = getopt_long (argc, argv, "hvVSP:p:u:d:H:c:w:", longopts, &option);
+		c = getopt_long (argc, argv, "hvVSP:p:u:d:H:s:c:w:", longopts, &option);
 
 		if (c == -1 || c == EOF)
 			break;
@@ -274,14 +276,23 @@ process_arguments (int argc, char **argv)
 				usage2 (_("Invalid hostname/address"), optarg);
 			}
 			break;
-		case 'd':									/* hostname */
+		case 's':									/* socket */
+			db_socket = optarg;
+			break;
+		case 'd':									/* database */
 			db = optarg;
 			break;
 		case 'u':									/* username */
 			db_user = optarg;
 			break;
 		case 'p':									/* authentication information: password */
-			db_pass = optarg;
+			db_pass = strdup(optarg);
+
+			/* Delete the password from process list */
+			while (*optarg != '\0') {
+				*optarg = 'X';
+				optarg++;
+			}
 			break;
 		case 'P':									/* critical time threshold */
 			db_port = atoi (optarg);
@@ -373,28 +384,33 @@ print_help (void)
 
 	print_usage ();
 
-	printf (_(UT_HELP_VRSN));
+  printf (_(UT_HELP_VRSN));
 
-	printf (_(UT_HOST_PORT), 'P', myport);
+  printf (_(UT_HOST_PORT), 'P', myport);
+  printf (" %s\n", "-s, --socket=STRING");
+  printf ("    %s\n", _("Use the specified socket (has no effect if -H is used)"));
 
-	printf (" %s\n", "-d, --database=STRING");
+  printf (" %s\n", "-d, --database=STRING");
   printf ("    %s\n", _("Check database with indicated name"));
   printf (" %s\n", "-u, --username=STRING");
   printf ("    %s\n", _("Connect using the indicated username"));
   printf (" %s\n", "-p, --password=STRING");
   printf ("    %s\n", _("Use the indicated password to authenticate the connection"));
-  printf ("    %s\n", _("==> IMPORTANT: THIS FORM OF AUTHENTICATION IS NOT SECURE!!! <=="));
-  printf ("    %s\n", _("Your clear-text password will be visible as a process table entry"));
+  printf ("    ==> %s <==\n", _("IMPORTANT: THIS FORM OF AUTHENTICATION IS NOT SECURE!!!"));
+  printf ("    %s\n", _("Your clear-text password could be visible as a process table entry"));
   printf (" %s\n", "-S, --check-slave");
   printf ("    %s\n", _("Check if the slave thread is running properly."));
   printf (" %s\n", "-w, --warning");
-  printf ("    %s\n", _("Exit with WARNING status if slave server is more than INTEGER seconds behind master"));
+  printf ("    %s\n", _("Exit with WARNING status if slave server is more than INTEGER seconds"));
+  printf ("    %s\n", _("behind master"));
   printf (" %s\n", "-c, --critical");
-  printf ("    %s\n", _("Exit with CRITICAL status if slave server is more then INTEGER seconds behind master"));
+  printf ("    %s\n", _("Exit with CRITICAL status if slave server is more then INTEGER seconds"));
+  printf ("    %s\n", _("behind master"));
 
-	printf ("\n");
-  printf (" %s\n", _("There are no required arguments. By default, the local database with"));
-  printf (_(" a server listening on MySQL standard port %d will be checked\n"), MYSQL_PORT);
+  printf ("\n");
+  printf (" %s\n", _("There are no required arguments. By default, the local database is checked"));
+  printf (" %s\n", _("using the default unix socket. You can force TCP on localhost by using an"));
+  printf (" %s\n", _("IP address or FQDN ('localhost' will use the socket as well)."));
 
 	printf (_(UT_SUPPORT));
 }
@@ -404,5 +420,6 @@ void
 print_usage (void)
 {
 	printf (_("Usage:"));
-  printf ("%s [-d database] [-H host] [-P port] [-u user] [-p password] [-S]\n",progname);
+  printf (" %s [-d database] [-H host] [-P port] [-s socket]\n",progname);
+  printf ("       [-u user] [-p password] [-S]\n");
 }

plugins/check_mysql_query.c

@@ -47,6 +47,7 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net";
 
 char *db_user = NULL;
 char *db_host = NULL;
+char *db_socket = NULL;
 char *db_pass = NULL;
 char *db = NULL;
 unsigned int db_port = MYSQL_PORT;
@@ -86,7 +87,7 @@ main (int argc, char **argv)
 	mysql_options(&mysql,MYSQL_READ_DEFAULT_GROUP,"client");
 
 	/* establish a connection to the server and error checking */
-	if (!mysql_real_connect(&mysql,db_host,db_user,db_pass,db,db_port,NULL,0)) {
+	if (!mysql_real_connect(&mysql,db_host,db_user,db_pass,db,db_port,db_socket,0)) {
 		if (mysql_errno (&mysql) == CR_UNKNOWN_HOST)
 			die (STATE_WARNING, "QUERY %s: %s\n", _("WARNING"), mysql_error (&mysql));
 		else if (mysql_errno (&mysql) == CR_VERSION_ERROR)
@@ -170,6 +171,7 @@ process_arguments (int argc, char **argv)
 	int option = 0;
 	static struct option longopts[] = {
 		{"hostname", required_argument, 0, 'H'},
+		{"socket", required_argument, 0, 's'},
 		{"database", required_argument, 0, 'd'},
 		{"username", required_argument, 0, 'u'},
 		{"password", required_argument, 0, 'p'},
@@ -187,7 +189,7 @@ process_arguments (int argc, char **argv)
 		return ERROR;
 
 	while (1) {
-		c = getopt_long (argc, argv, "hvVSP:p:u:d:H:q:w:c:", longopts, &option);
+		c = getopt_long (argc, argv, "hvVSP:p:u:d:H:s:q:w:c:", longopts, &option);
 
 		if (c == -1 || c == EOF)
 			break;
@@ -201,14 +203,17 @@ process_arguments (int argc, char **argv)
 				usage2 (_("Invalid hostname/address"), optarg);
 			}
 			break;
-		case 'd':									/* hostname */
+		case 's':									/* socket */
+			db_socket = optarg;
+			break;
+		case 'd':									/* database */
 			db = optarg;
 			break;
 		case 'u':									/* username */
 			db_user = optarg;
 			break;
 		case 'p':									/* authentication information: password */
-			asprintf(&db_pass, "%s", optarg);
+			db_pass = strdup(optarg);
 
 			/* Delete the password from process list */
 			while (*optarg != '\0') {
@@ -293,6 +298,8 @@ print_help (void)
 	printf ("    %s\n", _("SQL query to run. Only first column in first row will be read"));
 	printf (_(UT_WARN_CRIT_RANGE));
 	printf (_(UT_HOST_PORT), 'P', myport);
+	printf (" %s\n", "-s, --socket=STRING");
+	printf ("    %s\n", _("Use the specified socket (has no effect if -H is used)"));
 	printf (" -d, --database=STRING\n");
 	printf ("    %s\n", _("Database to check"));
 	printf (" -u, --username=STRING\n");
@@ -300,6 +307,7 @@ print_help (void)
 	printf (" -p, --password=STRING\n");
 	printf ("    %s\n", _("Password to login with"));
 	printf ("    ==> %s <==\n", _("IMPORTANT: THIS FORM OF AUTHENTICATION IS NOT SECURE!!!"));
+	printf ("    %s\n", _("Your clear-text password could be visible as a process table entry"));
 
 	printf ("\n");
 	printf (" %s\n", _("A query is required. The result from the query should be numeric."));
@@ -313,6 +321,6 @@ void
 print_usage (void)
 {
   printf (_("Usage:"));
-	printf ("%s -q SQL_query [-w warn] [-c crit]\n",progname);
-  printf ("[-d database] [-H host] [-P port] [-u user] [-p password]\n");
+  printf (" %s -q SQL_query [-w warn] [-c crit] [-H host] [-P port] [-s socket]\n",progname);
+  printf ("       [-d database] [-u user] [-p password]\n");
 }

plugins/t/check_mysql.t

@@ -19,12 +19,16 @@ use vars qw($tests);
 
 plan skip_all => "check_mysql not compiled" unless (-x "check_mysql");
 
-plan tests => 10;
+plan tests => 15;
 
 my $bad_login_output = '/Access denied for user /';
 my $mysqlserver = getTestParameter( 
 		"NP_MYSQL_SERVER", 
-		"A MySQL Server with no slaves setup"
+		"A MySQL Server hostname or IP with no slaves setup"
+		);
+my $mysqlsocket = getTestParameter( 
+		"NP_MYSQL_SOCKET", 
+		"A MySQL Server socket with no slaves setup"
 		);
 my $mysql_login_details = getTestParameter( 
 		"MYSQL_LOGIN_DETAILS", 
@@ -57,6 +61,20 @@ SKIP: {
 	like( $result->output, "/No slaves defined/", "Correct error message");
 }
 
+SKIP: {
+	skip "No mysql socket defined", 5 unless $mysqlsocket;
+	$result = NPTest->testCmd("./check_mysql -s $mysqlsocket $mysql_login_details");
+	cmp_ok( $result->return_code, '==', 0, "Login okay");
+
+	$result = NPTest->testCmd("./check_mysql -s $mysqlsocket -u dummy -pdummy");
+	cmp_ok( $result->return_code, '==', 2, "Login failure");
+	like( $result->output, $bad_login_output, "Expected login failure message");
+
+	$result = NPTest->testCmd("./check_mysql -S -s $mysqlsocket $mysql_login_details");
+	cmp_ok( $result->return_code, "==", 1, "No slaves defined" );
+	like( $result->output, "/No slaves defined/", "Correct error message");
+}
+
 SKIP: {
 	skip "No mysql server with slaves defined", 5 unless $with_slave;
 	$result = NPTest->testCmd("./check_mysql -H $with_slave $with_slave_login");