[monitoring-plugins] check_snmp: Handle SNMPv3 noAuthNoPriv properly
Holger Weiss
git at monitoring-plugins.org
Thu Apr 24 09:00:09 CEST 2014
Module: monitoring-plugins
Branch: master
Commit: 4e0da0216d3ca96c930eca053c9a229e86cc7402
Author: Anton Lofgren <alofgren at op5.com>
Committer: Holger Weiss <holger at zedat.fu-berlin.de>
Date: Fri Mar 7 11:35:21 2014 +0100
URL: https://www.monitoring-plugins.org/repositories/monitoring-plugins/commit/?id=4e0da02
check_snmp: Handle SNMPv3 noAuthNoPriv properly
The SNMPv3 noAuthNoPriv security level, somewhat unintuitively, requires
a security name to be passed along together with the request. Check_snmp
previously did not do this, causing snmpget to throw an error:
"External command error: No log handling enabled - turning on stderr
logging
snmpget: No securityName specified"
This patch fixes the issue by always providing the security name when
noAuthNoPriv is specified.
See also:
https:://bugs.op5.com/view.php?id=8385.
Signed-off-by: Anton Lofgren <alofgren at op5.com>
---
plugins/check_snmp.c | 10 ++++++----
plugins/t/check_snmp.t | 11 +++++++++--
2 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c
index d516fbc..2c62a23 100644
--- a/plugins/check_snmp.c
+++ b/plugins/check_snmp.c
@@ -963,11 +963,16 @@ validate_arguments ()
if (seclevel == NULL)
xasprintf(&seclevel, "noAuthNoPriv");
+ if (secname == NULL)
+ die(STATE_UNKNOWN, _("Required parameter: %s\n"), "secname");
+
if (strcmp(seclevel, "noAuthNoPriv") == 0) {
- numauthpriv = 2;
+ numauthpriv = 4;
authpriv = calloc (numauthpriv, sizeof (char *));
authpriv[0] = strdup ("-l");
authpriv[1] = strdup ("noAuthNoPriv");
+ authpriv[2] = strdup ("-u");
+ authpriv[3] = strdup (secname);
} else {
if (! ( (strcmp(seclevel, "authNoPriv")==0) || (strcmp(seclevel, "authPriv")==0) ) ) {
usage2 (_("Invalid seclevel"), seclevel);
@@ -976,9 +981,6 @@ validate_arguments ()
if (authproto == NULL )
xasprintf(&authproto, DEFAULT_AUTH_PROTOCOL);
- if (secname == NULL)
- die(STATE_UNKNOWN, _("Required parameter: %s\n"), "secname");
-
if (authpasswd == NULL)
die(STATE_UNKNOWN, _("Required parameter: %s\n"), "authpasswd");
diff --git a/plugins/t/check_snmp.t b/plugins/t/check_snmp.t
index 6de5f29..c35d782 100644
--- a/plugins/t/check_snmp.t
+++ b/plugins/t/check_snmp.t
@@ -10,7 +10,7 @@ use NPTest;
BEGIN {
plan skip_all => 'check_snmp is not compiled' unless -x "./check_snmp";
- plan tests => 60;
+ plan tests => 61;
}
my $res;
@@ -26,6 +26,7 @@ my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRES
my $hostname_invalid = getTestParameter( "hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost",
"An invalid (not known to DNS) hostname" );
+my $user_snmp = getTestParameter( "user_snmp", "NP_SNMP_USER", "auth_md5", "An SNMP user");
$res = NPTest->testCmd( "./check_snmp -t 1" );
is( $res->return_code, 3, "No host name" );
@@ -35,7 +36,7 @@ $res = NPTest->testCmd( "./check_snmp -H fakehostname" );
is( $res->return_code, 3, "No OIDs specified" );
is( $res->output, "No OIDs specified" );
-$res = NPTest->testCmd( "./check_snmp -H fakehost -o oids -P 3 --seclevel=rubbish" );
+$res = NPTest->testCmd( "./check_snmp -H fakehost -o oids -P 3 -U not_a_user --seclevel=rubbish" );
is( $res->return_code, 3, "Invalid seclevel" );
like( $res->output, "/check_snmp: Invalid seclevel - rubbish/" );
@@ -154,6 +155,12 @@ SKIP: {
like($res->output, '/^SNMP OK - Timeticks:\s\(\d+\)\s+(?:\d+ days?,\s+)?\d+:\d+:\d+\.\d+\s.*$/', "Timetick used as a string, result printed rather than parsed");
}
+SKIP: {
+ skip "no SNMP user defined", 1 if ( ! $user_snmp );
+ $res = NPTest->testCmd( "./check_snmp -H $host_snmp -o HOST-RESOURCES-MIB::hrSystemUptime.0 -P 3 -U $user_snmp -L noAuthNoPriv");
+ like( $res->output, '/^SNMP OK - Timeticks:\s\(\d+\)\s+(?:\d+ days?,\s+)?\d+:\d+:\d+\.\d+\s.*$/', "noAuthNoPriv security level works properly" );
+}
+
# These checks need a complete command line. An invalid community is used so
# the tests can run on hosts w/o snmp host/community in NPTest.cache. Execution will fail anyway
SKIP: {
More information about the Commits
mailing list