summaryrefslogtreecommitdiffstats
path: root/plugins/check_ldap.c
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/check_ldap.c')
-rw-r--r--plugins/check_ldap.c616
1 files changed, 299 insertions, 317 deletions
diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c
index 87818da6..77a33304 100644
--- a/plugins/check_ldap.c
+++ b/plugins/check_ldap.c
@@ -1,30 +1,30 @@
1/***************************************************************************** 1/*****************************************************************************
2* 2 *
3* Monitoring check_ldap plugin 3 * Monitoring check_ldap plugin
4* 4 *
5* License: GPL 5 * License: GPL
6* Copyright (c) 2000-2024 Monitoring Plugins Development Team 6 * Copyright (c) 2000-2024 Monitoring Plugins Development Team
7* 7 *
8* Description: 8 * Description:
9* 9 *
10* This file contains the check_ldap plugin 10 * This file contains the check_ldap plugin
11* 11 *
12* 12 *
13* This program is free software: you can redistribute it and/or modify 13 * This program is free software: you can redistribute it and/or modify
14* it under the terms of the GNU General Public License as published by 14 * it under the terms of the GNU General Public License as published by
15* the Free Software Foundation, either version 3 of the License, or 15 * the Free Software Foundation, either version 3 of the License, or
16* (at your option) any later version. 16 * (at your option) any later version.
17* 17 *
18* This program is distributed in the hope that it will be useful, 18 * This program is distributed in the hope that it will be useful,
19* but WITHOUT ANY WARRANTY; without even the implied warranty of 19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21* GNU General Public License for more details. 21 * GNU General Public License for more details.
22* 22 *
23* You should have received a copy of the GNU General Public License 23 * You should have received a copy of the GNU General Public License
24* along with this program. If not, see <http://www.gnu.org/licenses/>. 24 * along with this program. If not, see <http://www.gnu.org/licenses/>.
25* 25 *
26* 26 *
27*****************************************************************************/ 27 *****************************************************************************/
28 28
29/* progname may be check_ldaps */ 29/* progname may be check_ldaps */
30char *progname = "check_ldap"; 30char *progname = "check_ldap";
@@ -34,209 +34,183 @@ const char *email = "devel@monitoring-plugins.org";
34#include "common.h" 34#include "common.h"
35#include "netutils.h" 35#include "netutils.h"
36#include "utils.h" 36#include "utils.h"
37#include "check_ldap.d/config.h"
37 38
39#include "states.h"
38#include <lber.h> 40#include <lber.h>
39#define LDAP_DEPRECATED 1 41#define LDAP_DEPRECATED 1
40#include <ldap.h> 42#include <ldap.h>
41 43
42enum { 44enum {
43 UNDEFINED = 0,
44#ifdef HAVE_LDAP_SET_OPTION
45 DEFAULT_PROTOCOL = 2,
46#endif
47 DEFAULT_PORT = 389 45 DEFAULT_PORT = 389
48}; 46};
49 47
50static int process_arguments (int, char **); 48typedef struct {
51static int validate_arguments (void); 49 int errorcode;
52static void print_help (void); 50 check_ldap_config config;
53void print_usage (void); 51} check_ldap_config_wrapper;
54 52static check_ldap_config_wrapper process_arguments(int /*argc*/, char ** /*argv*/);
55static char ld_defattr[] = "(objectclass=*)"; 53static check_ldap_config_wrapper validate_arguments(check_ldap_config_wrapper /*config_wrapper*/);
56static char *ld_attr = ld_defattr;
57static char *ld_host = NULL;
58static char *ld_base = NULL;
59static char *ld_passwd = NULL;
60static char *ld_binddn = NULL;
61static int ld_port = -1;
62#ifdef HAVE_LDAP_SET_OPTION
63static int ld_protocol = DEFAULT_PROTOCOL;
64#endif
65#ifndef LDAP_OPT_SUCCESS
66# define LDAP_OPT_SUCCESS LDAP_SUCCESS
67#endif
68static double warn_time = UNDEFINED;
69static double crit_time = UNDEFINED;
70static thresholds *entries_thresholds = NULL;
71static struct timeval tv;
72static char* warn_entries = NULL;
73static char* crit_entries = NULL;
74static bool starttls = false;
75static bool ssl_on_connect = false;
76static bool verbose = false;
77
78/* for ldap tls */
79
80static char *SERVICE = "LDAP";
81
82int
83main (int argc, char *argv[])
84{
85
86 LDAP *ld;
87 LDAPMessage *result;
88
89 /* should be int result = STATE_UNKNOWN; */
90
91 int status = STATE_UNKNOWN;
92 long microsec;
93 double elapsed_time;
94
95 /* for ldap tls */
96 54
97 int tls; 55static void print_help(void);
98 int version=3; 56void print_usage(void);
99 57
100 int status_entries = STATE_OK; 58#ifndef LDAP_OPT_SUCCESS
101 int num_entries = 0; 59# define LDAP_OPT_SUCCESS LDAP_SUCCESS
60#endif
61static int verbose = 0;
102 62
103 setlocale (LC_ALL, ""); 63int main(int argc, char *argv[]) {
104 bindtextdomain (PACKAGE, LOCALEDIR); 64 setlocale(LC_ALL, "");
105 textdomain (PACKAGE); 65 bindtextdomain(PACKAGE, LOCALEDIR);
66 textdomain(PACKAGE);
106 67
107 if (strstr(argv[0],"check_ldaps")) { 68 if (strstr(argv[0], "check_ldaps")) {
108 xasprintf (&progname, "check_ldaps"); 69 xasprintf(&progname, "check_ldaps");
109 } 70 }
110 71
111 /* Parse extra opts if any */ 72 /* Parse extra opts if any */
112 argv=np_extra_opts (&argc, argv, progname); 73 argv = np_extra_opts(&argc, argv, progname);
113 74
114 if (process_arguments (argc, argv) == ERROR) 75 check_ldap_config_wrapper tmp_config = process_arguments(argc, argv);
115 usage4 (_("Could not parse arguments")); 76 if (tmp_config.errorcode == ERROR) {
77 usage4(_("Could not parse arguments"));
78 }
116 79
117 if (strstr(argv[0],"check_ldaps") && ! starttls && ! ssl_on_connect) 80 const check_ldap_config config = tmp_config.config;
118 starttls = true;
119 81
120 /* initialize alarm signal handling */ 82 /* initialize alarm signal handling */
121 signal (SIGALRM, socket_timeout_alarm_handler); 83 signal(SIGALRM, socket_timeout_alarm_handler);
122 84
123 /* set socket timeout */ 85 /* set socket timeout */
124 alarm (socket_timeout); 86 alarm(socket_timeout);
125 87
126 /* get the start time */ 88 /* get the start time */
127 gettimeofday (&tv, NULL); 89 struct timeval start_time;
90 gettimeofday(&start_time, NULL);
128 91
92 LDAP *ldap_connection;
129 /* initialize ldap */ 93 /* initialize ldap */
130#ifdef HAVE_LDAP_INIT 94#ifdef HAVE_LDAP_INIT
131 if (!(ld = ldap_init (ld_host, ld_port))) { 95 if (!(ldap_connection = ldap_init(config.ld_host, config.ld_port))) {
132 printf ("Could not connect to the server at port %i\n", ld_port); 96 printf("Could not connect to the server at port %i\n", config.ld_port);
133 return STATE_CRITICAL; 97 return STATE_CRITICAL;
134 } 98 }
135#else 99#else
136 if (!(ld = ldap_open (ld_host, ld_port))) { 100 if (!(ld = ldap_open(config.ld_host, config.ld_port))) {
137 if (verbose) 101 if (verbose) {
138 ldap_perror(ld, "ldap_open"); 102 ldap_perror(ldap_connection, "ldap_open");
139 printf (_("Could not connect to the server at port %i\n"), ld_port); 103 }
104 printf(_("Could not connect to the server at port %i\n"), config.ld_port);
140 return STATE_CRITICAL; 105 return STATE_CRITICAL;
141 } 106 }
142#endif /* HAVE_LDAP_INIT */ 107#endif /* HAVE_LDAP_INIT */
143 108
144#ifdef HAVE_LDAP_SET_OPTION 109#ifdef HAVE_LDAP_SET_OPTION
145 /* set ldap options */ 110 /* set ldap options */
146 if (ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &ld_protocol) != 111 if (ldap_set_option(ldap_connection, LDAP_OPT_PROTOCOL_VERSION, &config.ld_protocol) !=
147 LDAP_OPT_SUCCESS ) { 112 LDAP_OPT_SUCCESS) {
148 printf(_("Could not set protocol version %d\n"), ld_protocol); 113 printf(_("Could not set protocol version %d\n"), config.ld_protocol);
149 return STATE_CRITICAL; 114 return STATE_CRITICAL;
150 } 115 }
151#endif 116#endif
152 117
153 if (ld_port == LDAPS_PORT || ssl_on_connect) { 118 int version = 3;
154 xasprintf (&SERVICE, "LDAPS"); 119 int tls;
120 if (config.ld_port == LDAPS_PORT || config.ssl_on_connect) {
155#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS) 121#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS)
156 /* ldaps: set option tls */ 122 /* ldaps: set option tls */
157 tls = LDAP_OPT_X_TLS_HARD; 123 tls = LDAP_OPT_X_TLS_HARD;
158 124
159 if (ldap_set_option (ld, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS) 125 if (ldap_set_option(ldap_connection, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS) {
160 { 126 if (verbose) {
161 if (verbose) 127 ldap_perror(ldap_connection, "ldaps_option");
162 ldap_perror(ld, "ldaps_option"); 128 }
163 printf (_("Could not init TLS at port %i!\n"), ld_port); 129 printf(_("Could not init TLS at port %i!\n"), config.ld_port);
164 return STATE_CRITICAL; 130 return STATE_CRITICAL;
165 } 131 }
166#else 132#else
167 printf (_("TLS not supported by the libraries!\n")); 133 printf(_("TLS not supported by the libraries!\n"));
168 return STATE_CRITICAL; 134 return STATE_CRITICAL;
169#endif /* LDAP_OPT_X_TLS */ 135#endif /* LDAP_OPT_X_TLS */
170 } else if (starttls) { 136 } else if (config.starttls) {
171 xasprintf (&SERVICE, "LDAP-TLS");
172#if defined(HAVE_LDAP_SET_OPTION) && defined(HAVE_LDAP_START_TLS_S) 137#if defined(HAVE_LDAP_SET_OPTION) && defined(HAVE_LDAP_START_TLS_S)
173 /* ldap with startTLS: set option version */ 138 /* ldap with startTLS: set option version */
174 if (ldap_get_option(ld,LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS ) 139 if (ldap_get_option(ldap_connection, LDAP_OPT_PROTOCOL_VERSION, &version) ==
175 { 140 LDAP_OPT_SUCCESS) {
176 if (version < LDAP_VERSION3) 141 if (version < LDAP_VERSION3) {
177 {
178 version = LDAP_VERSION3; 142 version = LDAP_VERSION3;
179 ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version); 143 ldap_set_option(ldap_connection, LDAP_OPT_PROTOCOL_VERSION, &version);
180 } 144 }
181 } 145 }
182 /* call start_tls */ 146 /* call start_tls */
183 if (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS) 147 if (ldap_start_tls_s(ldap_connection, NULL, NULL) != LDAP_SUCCESS) {
184 { 148 if (verbose) {
185 if (verbose) 149 ldap_perror(ldap_connection, "ldap_start_tls");
186 ldap_perror(ld, "ldap_start_tls"); 150 }
187 printf (_("Could not init startTLS at port %i!\n"), ld_port); 151 printf(_("Could not init startTLS at port %i!\n"), config.ld_port);
188 return STATE_CRITICAL; 152 return STATE_CRITICAL;
189 } 153 }
190#else 154#else
191 printf (_("startTLS not supported by the library, needs LDAPv3!\n")); 155 printf(_("startTLS not supported by the library, needs LDAPv3!\n"));
192 return STATE_CRITICAL; 156 return STATE_CRITICAL;
193#endif /* HAVE_LDAP_START_TLS_S */ 157#endif /* HAVE_LDAP_START_TLS_S */
194 } 158 }
195 159
196 /* bind to the ldap server */ 160 /* bind to the ldap server */
197 if (ldap_bind_s (ld, ld_binddn, ld_passwd, LDAP_AUTH_SIMPLE) != 161 if (ldap_bind_s(ldap_connection, config.ld_binddn, config.ld_passwd, LDAP_AUTH_SIMPLE) !=
198 LDAP_SUCCESS) { 162 LDAP_SUCCESS) {
199 if (verbose) 163 if (verbose) {
200 ldap_perror(ld, "ldap_bind"); 164 ldap_perror(ldap_connection, "ldap_bind");
201 printf (_("Could not bind to the LDAP server\n")); 165 }
166 printf(_("Could not bind to the LDAP server\n"));
202 return STATE_CRITICAL; 167 return STATE_CRITICAL;
203 } 168 }
204 169
170 LDAPMessage *result;
171 int num_entries = 0;
205 /* do a search of all objectclasses in the base dn */ 172 /* do a search of all objectclasses in the base dn */
206 if (ldap_search_s (ld, ld_base, (crit_entries!=NULL || warn_entries!=NULL) ? LDAP_SCOPE_SUBTREE : LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result) 173 if (ldap_search_s(ldap_connection, config.ld_base,
207 != LDAP_SUCCESS) { 174 (config.crit_entries != NULL || config.warn_entries != NULL)
208 if (verbose) 175 ? LDAP_SCOPE_SUBTREE
209 ldap_perror(ld, "ldap_search"); 176 : LDAP_SCOPE_BASE,
210 printf (_("Could not search/find objectclasses in %s\n"), ld_base); 177 config.ld_attr, NULL, 0, &result) != LDAP_SUCCESS) {
178 if (verbose) {
179 ldap_perror(ldap_connection, "ldap_search");
180 }
181 printf(_("Could not search/find objectclasses in %s\n"), config.ld_base);
211 return STATE_CRITICAL; 182 return STATE_CRITICAL;
212 } else if (crit_entries!=NULL || warn_entries!=NULL) { 183 }
213 num_entries = ldap_count_entries(ld, result); 184
185 if (config.crit_entries != NULL || config.warn_entries != NULL) {
186 num_entries = ldap_count_entries(ldap_connection, result);
214 } 187 }
215 188
216 /* unbind from the ldap server */ 189 /* unbind from the ldap server */
217 ldap_unbind (ld); 190 ldap_unbind(ldap_connection);
218 191
219 /* reset the alarm handler */ 192 /* reset the alarm handler */
220 alarm (0); 193 alarm(0);
221 194
222 /* calculate the elapsed time and compare to thresholds */ 195 /* calculate the elapsed time and compare to thresholds */
223 196
224 microsec = deltime (tv); 197 long microsec = deltime(start_time);
225 elapsed_time = (double)microsec / 1.0e6; 198 double elapsed_time = (double)microsec / 1.0e6;
226 199 mp_state_enum status = STATE_UNKNOWN;
227 if (crit_time!=UNDEFINED && elapsed_time>crit_time) 200 if (config.crit_time_set && elapsed_time > config.crit_time) {
228 status = STATE_CRITICAL; 201 status = STATE_CRITICAL;
229 else if (warn_time!=UNDEFINED && elapsed_time>warn_time) 202 } else if (config.warn_time_set && elapsed_time > config.warn_time) {
230 status = STATE_WARNING; 203 status = STATE_WARNING;
231 else 204 } else {
232 status = STATE_OK; 205 status = STATE_OK;
206 }
233 207
234 if(entries_thresholds != NULL) { 208 if (config.entries_thresholds != NULL) {
235 if (verbose) { 209 if (verbose) {
236 printf ("entries found: %d\n", num_entries); 210 printf("entries found: %d\n", num_entries);
237 print_thresholds("entry thresholds", entries_thresholds); 211 print_thresholds("entry thresholds", config.entries_thresholds);
238 } 212 }
239 status_entries = get_status(num_entries, entries_thresholds); 213 mp_state_enum status_entries = get_status(num_entries, config.entries_thresholds);
240 if (status_entries == STATE_CRITICAL) { 214 if (status_entries == STATE_CRITICAL) {
241 status = STATE_CRITICAL; 215 status = STATE_CRITICAL;
242 } else if (status != STATE_CRITICAL) { 216 } else if (status != STATE_CRITICAL) {
@@ -245,273 +219,281 @@ main (int argc, char *argv[])
245 } 219 }
246 220
247 /* print out the result */ 221 /* print out the result */
248 if (crit_entries!=NULL || warn_entries!=NULL) { 222 if (config.crit_entries != NULL || config.warn_entries != NULL) {
249 printf (_("LDAP %s - found %d entries in %.3f seconds|%s %s\n"), 223 printf(_("LDAP %s - found %d entries in %.3f seconds|%s %s\n"), state_text(status),
250 state_text (status), 224 num_entries, elapsed_time,
251 num_entries, 225 fperfdata("time", elapsed_time, "s", config.warn_time_set, config.warn_time,
252 elapsed_time, 226 config.crit_time_set, config.crit_time, true, 0, false, 0),
253 fperfdata ("time", elapsed_time, "s", 227 sperfdata("entries", (double)num_entries, "", config.warn_entries,
254 (int)warn_time, warn_time, 228 config.crit_entries, true, 0.0, false, 0.0));
255 (int)crit_time, crit_time,
256 true, 0, false, 0),
257 sperfdata ("entries", (double)num_entries, "",
258 warn_entries,
259 crit_entries,
260 true, 0.0, false, 0.0));
261 } else { 229 } else {
262 printf (_("LDAP %s - %.3f seconds response time|%s\n"), 230 printf(_("LDAP %s - %.3f seconds response time|%s\n"), state_text(status), elapsed_time,
263 state_text (status), 231 fperfdata("time", elapsed_time, "s", config.warn_time_set, config.warn_time,
264 elapsed_time, 232 config.crit_time_set, config.crit_time, true, 0, false, 0));
265 fperfdata ("time", elapsed_time, "s",
266 (int)warn_time, warn_time,
267 (int)crit_time, crit_time,
268 true, 0, false, 0));
269 } 233 }
270 234
271 return status; 235 exit(status);
272} 236}
273 237
274/* process command-line arguments */ 238/* process command-line arguments */
275int 239check_ldap_config_wrapper process_arguments(int argc, char **argv) {
276process_arguments (int argc, char **argv)
277{
278 int c;
279
280 int option = 0;
281 /* initialize the long option struct */ 240 /* initialize the long option struct */
282 static struct option longopts[] = { 241 static struct option longopts[] = {{"help", no_argument, 0, 'h'},
283 {"help", no_argument, 0, 'h'}, 242 {"version", no_argument, 0, 'V'},
284 {"version", no_argument, 0, 'V'}, 243 {"timeout", required_argument, 0, 't'},
285 {"timeout", required_argument, 0, 't'}, 244 {"hostname", required_argument, 0, 'H'},
286 {"hostname", required_argument, 0, 'H'}, 245 {"base", required_argument, 0, 'b'},
287 {"base", required_argument, 0, 'b'}, 246 {"attr", required_argument, 0, 'a'},
288 {"attr", required_argument, 0, 'a'}, 247 {"bind", required_argument, 0, 'D'},
289 {"bind", required_argument, 0, 'D'}, 248 {"pass", required_argument, 0, 'P'},
290 {"pass", required_argument, 0, 'P'},
291#ifdef HAVE_LDAP_SET_OPTION 249#ifdef HAVE_LDAP_SET_OPTION
292 {"ver2", no_argument, 0, '2'}, 250 {"ver2", no_argument, 0, '2'},
293 {"ver3", no_argument, 0, '3'}, 251 {"ver3", no_argument, 0, '3'},
294#endif 252#endif
295 {"starttls", no_argument, 0, 'T'}, 253 {"starttls", no_argument, 0, 'T'},
296 {"ssl", no_argument, 0, 'S'}, 254 {"ssl", no_argument, 0, 'S'},
297 {"use-ipv4", no_argument, 0, '4'}, 255 {"use-ipv4", no_argument, 0, '4'},
298 {"use-ipv6", no_argument, 0, '6'}, 256 {"use-ipv6", no_argument, 0, '6'},
299 {"port", required_argument, 0, 'p'}, 257 {"port", required_argument, 0, 'p'},
300 {"warn", required_argument, 0, 'w'}, 258 {"warn", required_argument, 0, 'w'},
301 {"crit", required_argument, 0, 'c'}, 259 {"crit", required_argument, 0, 'c'},
302 {"warn-entries", required_argument, 0, 'W'}, 260 {"warn-entries", required_argument, 0, 'W'},
303 {"crit-entries", required_argument, 0, 'C'}, 261 {"crit-entries", required_argument, 0, 'C'},
304 {"verbose", no_argument, 0, 'v'}, 262 {"verbose", no_argument, 0, 'v'},
305 {0, 0, 0, 0} 263 {0, 0, 0, 0}};
264
265 check_ldap_config_wrapper result = {
266 .errorcode = OK,
267 .config = check_ldap_config_init(),
306 }; 268 };
307 269
308 if (argc < 2) 270 if (argc < 2) {
309 return ERROR; 271 result.errorcode = ERROR;
272 return result;
273 }
310 274
311 for (c = 1; c < argc; c++) { 275 for (int index = 1; index < argc; index++) {
312 if (strcmp ("-to", argv[c]) == 0) 276 if (strcmp("-to", argv[index]) == 0) {
313 strcpy (argv[c], "-t"); 277 strcpy(argv[index], "-t");
278 }
314 } 279 }
315 280
281 int option = 0;
316 while (true) { 282 while (true) {
317 c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:W:", longopts, &option); 283 int option_index =
284 getopt_long(argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:W:", longopts, &option);
318 285
319 if (c == -1 || c == EOF) 286 if (option_index == -1 || option_index == EOF) {
320 break; 287 break;
288 }
321 289
322 switch (c) { 290 switch (option_index) {
323 case 'h': /* help */ 291 case 'h': /* help */
324 print_help (); 292 print_help();
325 exit (STATE_UNKNOWN); 293 exit(STATE_UNKNOWN);
326 case 'V': /* version */ 294 case 'V': /* version */
327 print_revision (progname, NP_VERSION); 295 print_revision(progname, NP_VERSION);
328 exit (STATE_UNKNOWN); 296 exit(STATE_UNKNOWN);
329 case 't': /* timeout period */ 297 case 't': /* timeout period */
330 if (!is_intnonneg (optarg)) 298 if (!is_intnonneg(optarg)) {
331 usage2 (_("Timeout interval must be a positive integer"), optarg); 299 usage2(_("Timeout interval must be a positive integer"), optarg);
332 else 300 } else {
333 socket_timeout = atoi (optarg); 301 socket_timeout = atoi(optarg);
302 }
334 break; 303 break;
335 case 'H': 304 case 'H':
336 ld_host = optarg; 305 result.config.ld_host = optarg;
337 break; 306 break;
338 case 'b': 307 case 'b':
339 ld_base = optarg; 308 result.config.ld_base = optarg;
340 break; 309 break;
341 case 'p': 310 case 'p':
342 ld_port = atoi (optarg); 311 result.config.ld_port = atoi(optarg);
343 break; 312 break;
344 case 'a': 313 case 'a':
345 ld_attr = optarg; 314 result.config.ld_attr = optarg;
346 break; 315 break;
347 case 'D': 316 case 'D':
348 ld_binddn = optarg; 317 result.config.ld_binddn = optarg;
349 break; 318 break;
350 case 'P': 319 case 'P':
351 ld_passwd = optarg; 320 result.config.ld_passwd = optarg;
352 break; 321 break;
353 case 'w': 322 case 'w':
354 warn_time = strtod (optarg, NULL); 323 result.config.warn_time_set = true;
324 result.config.warn_time = strtod(optarg, NULL);
355 break; 325 break;
356 case 'c': 326 case 'c':
357 crit_time = strtod (optarg, NULL); 327 result.config.crit_time_set = true;
328 result.config.crit_time = strtod(optarg, NULL);
358 break; 329 break;
359 case 'W': 330 case 'W':
360 warn_entries = optarg; 331 result.config.warn_entries = optarg;
361 break; 332 break;
362 case 'C': 333 case 'C':
363 crit_entries = optarg; 334 result.config.crit_entries = optarg;
364 break; 335 break;
365#ifdef HAVE_LDAP_SET_OPTION 336#ifdef HAVE_LDAP_SET_OPTION
366 case '2': 337 case '2':
367 ld_protocol = 2; 338 result.config.ld_protocol = 2;
368 break; 339 break;
369 case '3': 340 case '3':
370 ld_protocol = 3; 341 result.config.ld_protocol = 3;
371 break; 342 break;
372#endif 343#endif // HAVE_LDAP_SET_OPTION
373 case '4': 344 case '4':
374 address_family = AF_INET; 345 address_family = AF_INET;
375 break; 346 break;
376 case 'v': 347 case 'v':
377 verbose = true; 348 verbose++;
378 break; 349 break;
379 case 'T': 350 case 'T':
380 if (! ssl_on_connect) 351 if (!result.config.ssl_on_connect) {
381 starttls = true; 352 result.config.starttls = true;
382 else 353 } else {
383 usage_va(_("%s cannot be combined with %s"), "-T/--starttls", "-S/--ssl"); 354 usage_va(_("%s cannot be combined with %s"), "-T/--starttls", "-S/--ssl");
355 }
384 break; 356 break;
385 case 'S': 357 case 'S':
386 if (! starttls) { 358 if (!result.config.starttls) {
387 ssl_on_connect = true; 359 result.config.ssl_on_connect = true;
388 if (ld_port == -1) 360 if (result.config.ld_port == -1) {
389 ld_port = LDAPS_PORT; 361 result.config.ld_port = LDAPS_PORT;
390 } else 362 }
363 } else {
391 usage_va(_("%s cannot be combined with %s"), "-S/--ssl", "-T/--starttls"); 364 usage_va(_("%s cannot be combined with %s"), "-S/--ssl", "-T/--starttls");
365 }
392 break; 366 break;
393 case '6': 367 case '6':
394#ifdef USE_IPV6 368#ifdef USE_IPV6
395 address_family = AF_INET6; 369 address_family = AF_INET6;
396#else 370#else
397 usage (_("IPv6 support not available\n")); 371 usage(_("IPv6 support not available\n"));
398#endif 372#endif
399 break; 373 break;
400 default: 374 default:
401 usage5 (); 375 usage5();
402 } 376 }
403 } 377 }
404 378
405 c = optind; 379 int index = optind;
406 if (ld_host == NULL && is_host(argv[c])) 380 if ((result.config.ld_host == NULL) && is_host(argv[index])) {
407 ld_host = strdup (argv[c++]); 381 result.config.ld_host = strdup(argv[index++]);
382 }
408 383
409 if (ld_base == NULL && argv[c]) 384 if ((result.config.ld_base == NULL) && argv[index]) {
410 ld_base = strdup (argv[c++]); 385 result.config.ld_base = strdup(argv[index++]);
386 }
411 387
412 if (ld_port == -1) 388 if (result.config.ld_port == -1) {
413 ld_port = DEFAULT_PORT; 389 result.config.ld_port = DEFAULT_PORT;
390 }
414 391
415 return validate_arguments (); 392 if (strstr(argv[0], "check_ldaps") && !result.config.starttls &&
393 !result.config.ssl_on_connect) {
394 result.config.starttls = true;
395 }
396
397 return validate_arguments(result);
416} 398}
417 399
400check_ldap_config_wrapper validate_arguments(check_ldap_config_wrapper config_wrapper) {
401 if (config_wrapper.config.ld_host == NULL || strlen(config_wrapper.config.ld_host) == 0) {
402 usage4(_("Please specify the host name\n"));
403 }
418 404
419int 405 if (config_wrapper.config.ld_base == NULL) {
420validate_arguments () 406 usage4(_("Please specify the LDAP base\n"));
421{ 407 }
422 if (ld_host==NULL || strlen(ld_host)==0)
423 usage4 (_("Please specify the host name\n"));
424 408
425 if (ld_base==NULL) 409 if (config_wrapper.config.crit_entries != NULL || config_wrapper.config.warn_entries != NULL) {
426 usage4 (_("Please specify the LDAP base\n")); 410 set_thresholds(&config_wrapper.config.entries_thresholds,
411 config_wrapper.config.warn_entries, config_wrapper.config.crit_entries);
412 }
427 413
428 if (crit_entries!=NULL || warn_entries!=NULL) { 414 if (config_wrapper.config.ld_passwd == NULL) {
429 set_thresholds(&entries_thresholds, 415 config_wrapper.config.ld_passwd = getenv("LDAP_PASSWORD");
430 warn_entries, crit_entries);
431 } 416 }
432 if (ld_passwd==NULL)
433 ld_passwd = getenv("LDAP_PASSWORD");
434 417
435 return OK; 418 return config_wrapper;
436} 419}
437 420
438 421void print_help(void) {
439void
440print_help (void)
441{
442 char *myport; 422 char *myport;
443 xasprintf (&myport, "%d", DEFAULT_PORT); 423 xasprintf(&myport, "%d", DEFAULT_PORT);
444 424
445 print_revision (progname, NP_VERSION); 425 print_revision(progname, NP_VERSION);
446 426
447 printf ("Copyright (c) 1999 Didi Rieder (adrieder@sbox.tu-graz.ac.at)\n"); 427 printf("Copyright (c) 1999 Didi Rieder (adrieder@sbox.tu-graz.ac.at)\n");
448 printf (COPYRIGHT, copyright, email); 428 printf(COPYRIGHT, copyright, email);
449 429
450 printf ("\n\n"); 430 printf("\n\n");
451 431
452 print_usage (); 432 print_usage();
453 433
454 printf (UT_HELP_VRSN); 434 printf(UT_HELP_VRSN);
455 printf (UT_EXTRA_OPTS); 435 printf(UT_EXTRA_OPTS);
456 436
457 printf (UT_HOST_PORT, 'p', myport); 437 printf(UT_HOST_PORT, 'p', myport);
458 438
459 printf (UT_IPv46); 439 printf(UT_IPv46);
460 440
461 printf (" %s\n", "-a [--attr]"); 441 printf(" %s\n", "-a [--attr]");
462 printf (" %s\n", _("ldap attribute to search (default: \"(objectclass=*)\"")); 442 printf(" %s\n", _("ldap attribute to search (default: \"(objectclass=*)\""));
463 printf (" %s\n", "-b [--base]"); 443 printf(" %s\n", "-b [--base]");
464 printf (" %s\n", _("ldap base (eg. ou=my unit, o=my org, c=at")); 444 printf(" %s\n", _("ldap base (eg. ou=my unit, o=my org, c=at"));
465 printf (" %s\n", "-D [--bind]"); 445 printf(" %s\n", "-D [--bind]");
466 printf (" %s\n", _("ldap bind DN (if required)")); 446 printf(" %s\n", _("ldap bind DN (if required)"));
467 printf (" %s\n", "-P [--pass]"); 447 printf(" %s\n", "-P [--pass]");
468 printf (" %s\n", _("ldap password (if required, or set the password through environment variable 'LDAP_PASSWORD')")); 448 printf(" %s\n", _("ldap password (if required, or set the password through environment "
469 printf (" %s\n", "-T [--starttls]"); 449 "variable 'LDAP_PASSWORD')"));
470 printf (" %s\n", _("use starttls mechanism introduced in protocol version 3")); 450 printf(" %s\n", "-T [--starttls]");
471 printf (" %s\n", "-S [--ssl]"); 451 printf(" %s\n", _("use starttls mechanism introduced in protocol version 3"));
472 printf (" %s %i\n", _("use ldaps (ldap v2 ssl method). this also sets the default port to"), LDAPS_PORT); 452 printf(" %s\n", "-S [--ssl]");
453 printf(" %s %i\n", _("use ldaps (ldap v2 ssl method). this also sets the default port to"),
454 LDAPS_PORT);
473 455
474#ifdef HAVE_LDAP_SET_OPTION 456#ifdef HAVE_LDAP_SET_OPTION
475 printf (" %s\n", "-2 [--ver2]"); 457 printf(" %s\n", "-2 [--ver2]");
476 printf (" %s\n", _("use ldap protocol version 2")); 458 printf(" %s\n", _("use ldap protocol version 2"));
477 printf (" %s\n", "-3 [--ver3]"); 459 printf(" %s\n", "-3 [--ver3]");
478 printf (" %s\n", _("use ldap protocol version 3")); 460 printf(" %s\n", _("use ldap protocol version 3"));
479 printf (" (%s %d)\n", _("default protocol version:"), DEFAULT_PROTOCOL); 461 printf(" (%s %d)\n", _("default protocol version:"), DEFAULT_PROTOCOL);
480#endif 462#endif
481 463
482 printf (UT_WARN_CRIT); 464 printf(UT_WARN_CRIT);
483 465
484 printf (" %s\n", "-W [--warn-entries]"); 466 printf(" %s\n", "-W [--warn-entries]");
485 printf (" %s\n", _("Number of found entries to result in warning status")); 467 printf(" %s\n", _("Number of found entries to result in warning status"));
486 printf (" %s\n", "-C [--crit-entries]"); 468 printf(" %s\n", "-C [--crit-entries]");
487 printf (" %s\n", _("Number of found entries to result in critical status")); 469 printf(" %s\n", _("Number of found entries to result in critical status"));
488 470
489 printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); 471 printf(UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
490 472
491 printf (UT_VERBOSE); 473 printf(UT_VERBOSE);
492 474
493 printf ("\n"); 475 printf("\n");
494 printf ("%s\n", _("Notes:")); 476 printf("%s\n", _("Notes:"));
495 printf (" %s\n", _("If this plugin is called via 'check_ldaps', method 'STARTTLS' will be")); 477 printf(" %s\n", _("If this plugin is called via 'check_ldaps', method 'STARTTLS' will be"));
496 printf (_(" implied (using default port %i) unless --port=636 is specified. In that case\n"), DEFAULT_PORT); 478 printf(_(" implied (using default port %i) unless --port=636 is specified. In that case\n"),
497 printf (" %s\n", _("'SSL on connect' will be used no matter how the plugin was called.")); 479 DEFAULT_PORT);
498 printf (" %s\n", _("This detection is deprecated, please use 'check_ldap' with the '--starttls' or '--ssl' flags")); 480 printf(" %s\n", _("'SSL on connect' will be used no matter how the plugin was called."));
499 printf (" %s\n", _("to define the behaviour explicitly instead.")); 481 printf(" %s\n", _("This detection is deprecated, please use 'check_ldap' with the '--starttls' "
500 printf (" %s\n", _("The parameters --warn-entries and --crit-entries are optional.")); 482 "or '--ssl' flags"));
483 printf(" %s\n", _("to define the behaviour explicitly instead."));
484 printf(" %s\n", _("The parameters --warn-entries and --crit-entries are optional."));
501 485
502 printf (UT_SUPPORT); 486 printf(UT_SUPPORT);
503} 487}
504 488
505void 489void print_usage(void) {
506print_usage (void) 490 printf("%s\n", _("Usage:"));
507{ 491 printf(" %s -H <host> -b <base_dn> [-p <port>] [-a <attr>] [-D <binddn>]", progname);
508 printf ("%s\n", _("Usage:")); 492 printf("\n [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout]%s\n",
509 printf (" %s -H <host> -b <base_dn> [-p <port>] [-a <attr>] [-D <binddn>]",progname);
510 printf ("\n [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout]%s\n",
511#ifdef HAVE_LDAP_SET_OPTION 493#ifdef HAVE_LDAP_SET_OPTION
512 "\n [-2|-3] [-4|-6]" 494 "\n [-2|-3] [-4|-6]"
513#else 495#else
514 "" 496 ""
515#endif 497#endif
516 ); 498 );
517} 499}