summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAnton Lofgren <alofgren@op5.com>2014-03-07 10:35:21 (GMT)
committerHolger Weiss <holger@zedat.fu-berlin.de>2014-04-24 06:49:54 (GMT)
commit4e0da0216d3ca96c930eca053c9a229e86cc7402 (patch)
tree29317e50ffe1eebbb86843b8c86b87e82e4d2224
parentc887890e9f9698f01eb62451a04579c9c4be325f (diff)
downloadmonitoring-plugins-4e0da02.tar.gz
check_snmp: Handle SNMPv3 noAuthNoPriv properly
The SNMPv3 noAuthNoPriv security level, somewhat unintuitively, requires a security name to be passed along together with the request. Check_snmp previously did not do this, causing snmpget to throw an error: "External command error: No log handling enabled - turning on stderr logging snmpget: No securityName specified" This patch fixes the issue by always providing the security name when noAuthNoPriv is specified. See also: https:://bugs.op5.com/view.php?id=8385. Signed-off-by: Anton Lofgren <alofgren@op5.com>
Diffstat
-rw-r--r--plugins/check_snmp.c10
-rw-r--r--plugins/t/check_snmp.t11
2 files changed, 15 insertions, 6 deletions
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c
index d516fbc..2c62a23 100644
--- a/plugins/check_snmp.c
+++ b/plugins/check_snmp.c
@@ -963,11 +963,16 @@ validate_arguments ()
963 if (seclevel == NULL) 963 if (seclevel == NULL)
964 xasprintf(&seclevel, "noAuthNoPriv"); 964 xasprintf(&seclevel, "noAuthNoPriv");
965 965
966 if (secname == NULL)
967 die(STATE_UNKNOWN, _("Required parameter: %s\n"), "secname");
968
966 if (strcmp(seclevel, "noAuthNoPriv") == 0) { 969 if (strcmp(seclevel, "noAuthNoPriv") == 0) {
967 numauthpriv = 2; 970 numauthpriv = 4;
968 authpriv = calloc (numauthpriv, sizeof (char *)); 971 authpriv = calloc (numauthpriv, sizeof (char *));
969 authpriv[0] = strdup ("-l"); 972 authpriv[0] = strdup ("-l");
970 authpriv[1] = strdup ("noAuthNoPriv"); 973 authpriv[1] = strdup ("noAuthNoPriv");
974 authpriv[2] = strdup ("-u");
975 authpriv[3] = strdup (secname);
971 } else { 976 } else {
972 if (! ( (strcmp(seclevel, "authNoPriv")==0) || (strcmp(seclevel, "authPriv")==0) ) ) { 977 if (! ( (strcmp(seclevel, "authNoPriv")==0) || (strcmp(seclevel, "authPriv")==0) ) ) {
973 usage2 (_("Invalid seclevel"), seclevel); 978 usage2 (_("Invalid seclevel"), seclevel);
@@ -976,9 +981,6 @@ validate_arguments ()
976 if (authproto == NULL ) 981 if (authproto == NULL )
977 xasprintf(&authproto, DEFAULT_AUTH_PROTOCOL); 982 xasprintf(&authproto, DEFAULT_AUTH_PROTOCOL);
978 983
979 if (secname == NULL)
980 die(STATE_UNKNOWN, _("Required parameter: %s\n"), "secname");
981
982 if (authpasswd == NULL) 984 if (authpasswd == NULL)
983 die(STATE_UNKNOWN, _("Required parameter: %s\n"), "authpasswd"); 985 die(STATE_UNKNOWN, _("Required parameter: %s\n"), "authpasswd");
984 986
diff --git a/plugins/t/check_snmp.t b/plugins/t/check_snmp.t
index 6de5f29..c35d782 100644
--- a/plugins/t/check_snmp.t
+++ b/plugins/t/check_snmp.t
@@ -10,7 +10,7 @@ use NPTest;
10 10
11BEGIN { 11BEGIN {
12 plan skip_all => 'check_snmp is not compiled' unless -x "./check_snmp"; 12 plan skip_all => 'check_snmp is not compiled' unless -x "./check_snmp";
13 plan tests => 60; 13 plan tests => 61;
14} 14}
15 15
16my $res; 16my $res;
@@ -26,6 +26,7 @@ my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRES
26 26
27my $hostname_invalid = getTestParameter( "hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost", 27my $hostname_invalid = getTestParameter( "hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost",
28 "An invalid (not known to DNS) hostname" ); 28 "An invalid (not known to DNS) hostname" );
29my $user_snmp = getTestParameter( "user_snmp", "NP_SNMP_USER", "auth_md5", "An SNMP user");
29 30
30$res = NPTest->testCmd( "./check_snmp -t 1" ); 31$res = NPTest->testCmd( "./check_snmp -t 1" );
31is( $res->return_code, 3, "No host name" ); 32is( $res->return_code, 3, "No host name" );
@@ -35,7 +36,7 @@ $res = NPTest->testCmd( "./check_snmp -H fakehostname" );
35is( $res->return_code, 3, "No OIDs specified" ); 36is( $res->return_code, 3, "No OIDs specified" );
36is( $res->output, "No OIDs specified" ); 37is( $res->output, "No OIDs specified" );
37 38
38$res = NPTest->testCmd( "./check_snmp -H fakehost -o oids -P 3 --seclevel=rubbish" ); 39$res = NPTest->testCmd( "./check_snmp -H fakehost -o oids -P 3 -U not_a_user --seclevel=rubbish" );
39is( $res->return_code, 3, "Invalid seclevel" ); 40is( $res->return_code, 3, "Invalid seclevel" );
40like( $res->output, "/check_snmp: Invalid seclevel - rubbish/" ); 41like( $res->output, "/check_snmp: Invalid seclevel - rubbish/" );
41 42
@@ -154,6 +155,12 @@ SKIP: {
154 like($res->output, '/^SNMP OK - Timeticks:\s\(\d+\)\s+(?:\d+ days?,\s+)?\d+:\d+:\d+\.\d+\s.*$/', "Timetick used as a string, result printed rather than parsed"); 155 like($res->output, '/^SNMP OK - Timeticks:\s\(\d+\)\s+(?:\d+ days?,\s+)?\d+:\d+:\d+\.\d+\s.*$/', "Timetick used as a string, result printed rather than parsed");
155} 156}
156 157
158SKIP: {
159 skip "no SNMP user defined", 1 if ( ! $user_snmp );
160 $res = NPTest->testCmd( "./check_snmp -H $host_snmp -o HOST-RESOURCES-MIB::hrSystemUptime.0 -P 3 -U $user_snmp -L noAuthNoPriv");
161 like( $res->output, '/^SNMP OK - Timeticks:\s\(\d+\)\s+(?:\d+ days?,\s+)?\d+:\d+:\d+\.\d+\s.*$/', "noAuthNoPriv security level works properly" );
162}
163
157# These checks need a complete command line. An invalid community is used so 164# These checks need a complete command line. An invalid community is used so
158# the tests can run on hosts w/o snmp host/community in NPTest.cache. Execution will fail anyway 165# the tests can run on hosts w/o snmp host/community in NPTest.cache. Execution will fail anyway
159SKIP: { 166SKIP: {