diff options
Diffstat (limited to 'plugins/check_radius.c')
| -rw-r--r-- | plugins/check_radius.c | 152 |
1 files changed, 82 insertions, 70 deletions
diff --git a/plugins/check_radius.c b/plugins/check_radius.c index 714de58c..1e4fff7a 100644 --- a/plugins/check_radius.c +++ b/plugins/check_radius.c | |||
| @@ -21,79 +21,21 @@ const char *revision = "$Revision$"; | |||
| 21 | const char *copyright = "2000-2003"; | 21 | const char *copyright = "2000-2003"; |
| 22 | const char *email = "nagiosplug-devel@lists.sourceforge.net"; | 22 | const char *email = "nagiosplug-devel@lists.sourceforge.net"; |
| 23 | 23 | ||
| 24 | #include "config.h" | ||
| 25 | #include "common.h" | 24 | #include "common.h" |
| 26 | #include "utils.h" | 25 | #include "utils.h" |
| 26 | #include "netutils.h" | ||
| 27 | #include <radiusclient.h> | 27 | #include <radiusclient.h> |
| 28 | 28 | ||
| 29 | void | ||
| 30 | print_usage (void) | ||
| 31 | { | ||
| 32 | printf ("\ | ||
| 33 | Usage: %s -H host -F config_file -u username -p password [-P port]\n\ | ||
| 34 | [-t timeout] [-r retries] [-e expect]\n", progname); | ||
| 35 | printf (_(UT_HLP_VRS), progname, progname); | ||
| 36 | } | ||
| 37 | |||
| 38 | void | ||
| 39 | print_help (void) | ||
| 40 | { | ||
| 41 | char *myport; | ||
| 42 | asprintf (&myport, "%d", PW_AUTH_UDP_PORT); | ||
| 43 | |||
| 44 | print_revision (progname, revision); | ||
| 45 | |||
| 46 | printf (_("Copyright (c) 1999 Robert August Vincent II\n")); | ||
| 47 | printf (_(COPYRIGHT), copyright, email); | ||
| 48 | |||
| 49 | printf(_("Tests to see if a radius server is accepting connections.\n\n")); | ||
| 50 | |||
| 51 | print_usage (); | ||
| 52 | |||
| 53 | printf (_(UT_HELP_VRSN)); | ||
| 54 | |||
| 55 | printf (_(UT_HOST_PORT), 'P', myport); | ||
| 56 | |||
| 57 | printf (_("\ | ||
| 58 | -u, --username=STRING\n\ | ||
| 59 | The user to authenticate\n\ | ||
| 60 | -p, --password=STRING\n\ | ||
| 61 | Password for autentication (SECURITY RISK)\n\ | ||
| 62 | -F, --filename=STRING\n\ | ||
| 63 | Configuration file\n\ | ||
| 64 | -e, --expect=STRING\n\ | ||
| 65 | Response string to expect from the server\n\ | ||
| 66 | -r, --retries=INTEGER\n\ | ||
| 67 | Number of times to retry a failed connection\n")); | ||
| 68 | |||
| 69 | printf (_(UT_TIMEOUT), timeout_interval); | ||
| 70 | |||
| 71 | printf (_("\n\ | ||
| 72 | This plugin tests a radius server to see if it is accepting connections.\n\ | ||
| 73 | \n\ | ||
| 74 | The server to test must be specified in the invocation, as well as a user\n\ | ||
| 75 | name and password. A configuration file may also be present. The format of\n\ | ||
| 76 | the configuration file is described in the radiusclient library sources.\n\n")); | ||
| 77 | |||
| 78 | printf (_("\ | ||
| 79 | The password option presents a substantial security issue because the\n\ | ||
| 80 | password can be determined by careful watching of the command line in\n\ | ||
| 81 | a process listing. This risk is exacerbated because nagios will\n\ | ||
| 82 | run the plugin at regular prdictable intervals. Please be sure that\n\ | ||
| 83 | the password used does not allow access to sensitive system resources,\n\ | ||
| 84 | otherwise compormise could occur.\n")); | ||
| 85 | |||
| 86 | printf (_(UT_SUPPORT)); | ||
| 87 | } | ||
| 88 | |||
| 89 | int process_arguments (int, char **); | 29 | int process_arguments (int, char **); |
| 30 | void print_help (void); | ||
| 31 | void print_usage (void); | ||
| 90 | 32 | ||
| 91 | char *server = NULL; | 33 | char *server = NULL; |
| 92 | char *username = NULL; | 34 | char *username = NULL; |
| 93 | char *password = NULL; | 35 | char *password = NULL; |
| 94 | char *expect = NULL; | 36 | char *expect = NULL; |
| 95 | char *config_file = NULL; | 37 | char *config_file = NULL; |
| 96 | int port = PW_AUTH_UDP_PORT; | 38 | unsigned short port = PW_AUTH_UDP_PORT; |
| 97 | int retries = 1; | 39 | int retries = 1; |
| 98 | int verbose = FALSE; | 40 | int verbose = FALSE; |
| 99 | ENV *env = NULL; | 41 | ENV *env = NULL; |
| @@ -159,12 +101,14 @@ main (int argc, char **argv) | |||
| 159 | SEND_DATA data; | 101 | SEND_DATA data; |
| 160 | int result; | 102 | int result; |
| 161 | UINT4 client_id; | 103 | UINT4 client_id; |
| 104 | char *str; | ||
| 162 | 105 | ||
| 163 | if (process_arguments (argc, argv) == ERROR) | 106 | if (process_arguments (argc, argv) == ERROR) |
| 164 | usage (_("Could not parse arguments\n")); | 107 | usage (_("Could not parse arguments\n")); |
| 165 | 108 | ||
| 109 | str = strdup ("dictionary"); | ||
| 166 | if ((config_file && rc_read_config (config_file)) || | 110 | if ((config_file && rc_read_config (config_file)) || |
| 167 | rc_read_dictionary (rc_conf_str ("dictionary"))) | 111 | rc_read_dictionary (rc_conf_str (str))) |
| 168 | die (STATE_UNKNOWN, _("Config file error")); | 112 | die (STATE_UNKNOWN, _("Config file error")); |
| 169 | 113 | ||
| 170 | service = PW_AUTHENTICATE_ONLY; | 114 | service = PW_AUTHENTICATE_ONLY; |
| @@ -184,8 +128,8 @@ main (int argc, char **argv) | |||
| 184 | if (rc_avpair_add (&(data.send_pairs), PW_NAS_IP_ADDRESS, &client_id, 0) == | 128 | if (rc_avpair_add (&(data.send_pairs), PW_NAS_IP_ADDRESS, &client_id, 0) == |
| 185 | NULL) return (ERROR_RC); | 129 | NULL) return (ERROR_RC); |
| 186 | 130 | ||
| 187 | rc_buildreq (&data, PW_ACCESS_REQUEST, server, port, timeout_interval, | 131 | rc_buildreq (&data, PW_ACCESS_REQUEST, server, port, (int)timeout_interval, |
| 188 | retries); | 132 | retries); |
| 189 | 133 | ||
| 190 | result = rc_send_server (&data, msg); | 134 | result = rc_send_server (&data, msg); |
| 191 | rc_avpair_free (data.send_pairs); | 135 | rc_avpair_free (data.send_pairs); |
| @@ -199,7 +143,7 @@ main (int argc, char **argv) | |||
| 199 | if (result == BADRESP_RC) | 143 | if (result == BADRESP_RC) |
| 200 | die (STATE_WARNING, _("Auth Failed")); | 144 | die (STATE_WARNING, _("Auth Failed")); |
| 201 | if (expect && !strstr (msg, expect)) | 145 | if (expect && !strstr (msg, expect)) |
| 202 | die (STATE_WARNING, msg); | 146 | die (STATE_WARNING, "%s", msg); |
| 203 | if (result == OK_RC) | 147 | if (result == OK_RC) |
| 204 | die (STATE_OK, _("Auth OK")); | 148 | die (STATE_OK, _("Auth OK")); |
| 205 | return (0); | 149 | return (0); |
| @@ -213,8 +157,8 @@ process_arguments (int argc, char **argv) | |||
| 213 | { | 157 | { |
| 214 | int c; | 158 | int c; |
| 215 | 159 | ||
| 216 | int option_index = 0; | 160 | int option = 0; |
| 217 | static struct option long_options[] = { | 161 | static struct option longopts[] = { |
| 218 | {"hostname", required_argument, 0, 'H'}, | 162 | {"hostname", required_argument, 0, 'H'}, |
| 219 | {"port", required_argument, 0, 'P'}, | 163 | {"port", required_argument, 0, 'P'}, |
| 220 | {"username", required_argument, 0, 'u'}, | 164 | {"username", required_argument, 0, 'u'}, |
| @@ -254,8 +198,8 @@ process_arguments (int argc, char **argv) | |||
| 254 | } | 198 | } |
| 255 | 199 | ||
| 256 | while (1) { | 200 | while (1) { |
| 257 | c = getopt_long (argc, argv, "+hVvH:P:F:u:p:t:r:e:", long_options, | 201 | c = getopt_long (argc, argv, "+hVvH:P:F:u:p:t:r:e:", longopts, |
| 258 | &option_index); | 202 | &option); |
| 259 | 203 | ||
| 260 | if (c == -1 || c == EOF || c == 1) | 204 | if (c == -1 || c == EOF || c == 1) |
| 261 | break; | 205 | break; |
| @@ -316,3 +260,71 @@ process_arguments (int argc, char **argv) | |||
| 316 | } | 260 | } |
| 317 | return OK; | 261 | return OK; |
| 318 | } | 262 | } |
| 263 | |||
| 264 | |||
| 265 | |||
| 266 | |||
| 267 | |||
| 268 | |||
| 269 | void | ||
| 270 | print_help (void) | ||
| 271 | { | ||
| 272 | char *myport; | ||
| 273 | asprintf (&myport, "%d", PW_AUTH_UDP_PORT); | ||
| 274 | |||
| 275 | print_revision (progname, revision); | ||
| 276 | |||
| 277 | printf (_("Copyright (c) 1999 Robert August Vincent II\n")); | ||
| 278 | printf (_(COPYRIGHT), copyright, email); | ||
| 279 | |||
| 280 | printf(_("Tests to see if a radius server is accepting connections.\n\n")); | ||
| 281 | |||
| 282 | print_usage (); | ||
| 283 | |||
| 284 | printf (_(UT_HELP_VRSN)); | ||
| 285 | |||
| 286 | printf (_(UT_HOST_PORT), 'P', myport); | ||
| 287 | |||
| 288 | printf (_("\ | ||
| 289 | -u, --username=STRING\n\ | ||
| 290 | The user to authenticate\n\ | ||
| 291 | -p, --password=STRING\n\ | ||
| 292 | Password for autentication (SECURITY RISK)\n\ | ||
| 293 | -F, --filename=STRING\n\ | ||
| 294 | Configuration file\n\ | ||
| 295 | -e, --expect=STRING\n\ | ||
| 296 | Response string to expect from the server\n\ | ||
| 297 | -r, --retries=INTEGER\n\ | ||
| 298 | Number of times to retry a failed connection\n")); | ||
| 299 | |||
| 300 | printf (_(UT_TIMEOUT), timeout_interval); | ||
| 301 | |||
| 302 | printf (_("\n\ | ||
| 303 | This plugin tests a radius server to see if it is accepting connections.\n\ | ||
| 304 | \n\ | ||
| 305 | The server to test must be specified in the invocation, as well as a user\n\ | ||
| 306 | name and password. A configuration file may also be present. The format of\n\ | ||
| 307 | the configuration file is described in the radiusclient library sources.\n\n")); | ||
| 308 | |||
| 309 | printf (_("\ | ||
| 310 | The password option presents a substantial security issue because the\n\ | ||
| 311 | password can be determined by careful watching of the command line in\n\ | ||
| 312 | a process listing. This risk is exacerbated because nagios will\n\ | ||
| 313 | run the plugin at regular prdictable intervals. Please be sure that\n\ | ||
| 314 | the password used does not allow access to sensitive system resources,\n\ | ||
| 315 | otherwise compormise could occur.\n")); | ||
| 316 | |||
| 317 | printf (_(UT_SUPPORT)); | ||
| 318 | } | ||
| 319 | |||
| 320 | |||
| 321 | |||
| 322 | |||
| 323 | void | ||
| 324 | print_usage (void) | ||
| 325 | { | ||
| 326 | printf ("\ | ||
| 327 | Usage: %s -H host -F config_file -u username -p password [-P port]\n\ | ||
| 328 | [-t timeout] [-r retries] [-e expect]\n", progname); | ||
| 329 | printf (_(UT_HLP_VRS), progname, progname); | ||
| 330 | } | ||