[monitoring-plugins] Allows check_ldap to get password from env ...

[Linda Guo]

 Module: monitoring-plugins
 Branch: master
 Commit: f961b7f7bd5d10328bf152cbc015271180165f0f
 Author: Linda Guo <linda.guo at canonical.com>
   Date: Fri Nov 19 13:25:09 2021 +1100
    URL: https://www.monitoring-plugins.org/repositories/monitoring-plugins/commit/?id=f961b7f

Allows check_ldap to get password from env variable

It's not secure to provide LDAP password through command line option
because other users on the same host can see the password in
'ps' command output.

This change allows check_ldap to get password from environment variable.

---

 plugins/check_ldap.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c
index bc7bd44..845a4f5 100644
--- a/plugins/check_ldap.c
+++ b/plugins/check_ldap.c
@@ -432,6 +432,9 @@ validate_arguments ()
 		set_thresholds(&entries_thresholds,
 			warn_entries, crit_entries);
 	}
+	if (ld_passwd==NULL)
+		ld_passwd = getenv("LDAP_PASSWORD");
+
 	return OK;
 }
 
@@ -465,7 +468,7 @@ print_help (void)
   printf (" %s\n", "-D [--bind]");
   printf ("    %s\n", _("ldap bind DN (if required)"));
   printf (" %s\n", "-P [--pass]");
-  printf ("    %s\n", _("ldap password (if required)"));
+  printf ("    %s\n", _("ldap password (if required, or set the password through environment variable 'LDAP_PASSWORD')"));
   printf (" %s\n", "-T [--starttls]");
   printf ("    %s\n", _("use starttls mechanism introduced in protocol version 3"));
   printf (" %s\n", "-S [--ssl]");