diff options
Diffstat (limited to 'web/attachments/35463-check_ldap.c.patch')
-rw-r--r-- | web/attachments/35463-check_ldap.c.patch | 302 |
1 files changed, 302 insertions, 0 deletions
diff --git a/web/attachments/35463-check_ldap.c.patch b/web/attachments/35463-check_ldap.c.patch new file mode 100644 index 0000000..aca1f34 --- /dev/null +++ b/web/attachments/35463-check_ldap.c.patch | |||
@@ -0,0 +1,302 @@ | |||
1 | --- check_ldap.c.orig Thu Nov 14 18:47:22 2002 | ||
2 | +++ check_ldap.c Fri Nov 15 13:54:00 2002 | ||
3 | @@ -7,7 +7,10 @@ | ||
4 | * | ||
5 | * Last Modified: $Date: 2002/02/28 06:42:57 $ | ||
6 | * | ||
7 | - * Command line: check_ldap -h <host> -b <base_dn> -p <port> -w <warn_time> -w <crit_time> | ||
8 | + * Command line: check_ldap -H <host> -b <base_dn> -p <port> [-f <attr>] | ||
9 | + * [-a <attr>] [-e <expect>] [-W <Warn_attr>] [-C <Crit_attr>] [-r] | ||
10 | + * [-D <binddn>] [-P <password>] | ||
11 | + * [-w <warn_time>] [-c <crit_time>] [-t timeout] [-v] | ||
12 | * | ||
13 | * Description: | ||
14 | * | ||
15 | @@ -17,6 +20,8 @@ | ||
16 | * | ||
17 | * 08-25-1999 Ethan Galstad (nagios@nagios.org) | ||
18 | * Modified to use common plugin include file | ||
19 | + * 11-15-2002 Gyula Szabo (gyufi@sztaki.hu) | ||
20 | + * Modified check_ldap.c | ||
21 | * | ||
22 | *****************************************************************************/ | ||
23 | |||
24 | @@ -41,6 +46,12 @@ | ||
25 | |||
26 | char ld_defattr[] = "(objectclass=*)"; | ||
27 | char *ld_attr = ld_defattr; | ||
28 | +char *attr = ""; | ||
29 | +char *expect = ""; | ||
30 | +int verbose = 0; | ||
31 | +int reverse = 0; | ||
32 | +char *attr_warn = "", *attr_crit = ""; | ||
33 | +long attr_warn_long, attr_crit_long; | ||
34 | char *ld_host = NULL, *ld_base = NULL, *ld_passwd = NULL, *ld_binddn = NULL; | ||
35 | unsigned int ld_port = 389; | ||
36 | int warn_time = UNKNOWN, crit_time = UNKNOWN; | ||
37 | @@ -50,14 +61,26 @@ | ||
38 | { | ||
39 | |||
40 | LDAP *ld; | ||
41 | - LDAPMessage *result; | ||
42 | + LDAPMessage *result, *e; | ||
43 | |||
44 | - int t_diff; | ||
45 | + int t_diff, i; | ||
46 | time_t time0, time1; | ||
47 | + BerElement *ber; | ||
48 | + char *a, *dn; | ||
49 | + char **vals; | ||
50 | + char * pEnd; | ||
51 | + char res[50] = ""; | ||
52 | |||
53 | if (process_arguments (argc, argv) == ERROR) | ||
54 | usage ("check_ldap: could not parse arguments\n"); | ||
55 | |||
56 | + if (validate_arguments () == ERROR) | ||
57 | + usage ("check_ldap: not valid arguments\n"); | ||
58 | + | ||
59 | + /* convert strings to long integers */ | ||
60 | + attr_warn_long = strtol (attr_warn,&pEnd,0); | ||
61 | + attr_crit_long = strtol (attr_crit,&pEnd,0); | ||
62 | + | ||
63 | /* initialize alarm signal handling */ | ||
64 | signal (SIGALRM, socket_timeout_alarm_handler); | ||
65 | |||
66 | @@ -70,7 +93,7 @@ | ||
67 | /* initialize ldap */ | ||
68 | if (!(ld = ldap_open (ld_host, ld_port))) { | ||
69 | /*ldap_perror(ld, "ldap_open"); */ | ||
70 | - printf ("Could not connect to the server at port %i\n", ld_port); | ||
71 | + printf ("LDAP critical - Could not connect to the server at port %i\n", ld_port); | ||
72 | return STATE_CRITICAL; | ||
73 | } | ||
74 | |||
75 | @@ -78,7 +101,7 @@ | ||
76 | if (ldap_bind_s (ld, ld_binddn, ld_passwd, LDAP_AUTH_SIMPLE) != | ||
77 | LDAP_SUCCESS) { | ||
78 | /*ldap_perror(ld, "ldap_bind"); */ | ||
79 | - printf ("Could not bind to the ldap-server\n"); | ||
80 | + printf ("LDAP critical - Could not bind to the ldap-server\n"); | ||
81 | return STATE_CRITICAL; | ||
82 | } | ||
83 | |||
84 | @@ -86,10 +109,68 @@ | ||
85 | if (ldap_search_s (ld, ld_base, LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result) | ||
86 | != LDAP_SUCCESS) { | ||
87 | /*ldap_perror(ld, "ldap_search"); */ | ||
88 | - printf ("Could not search/find objectclasses in %s\n", ld_base); | ||
89 | + printf ("LDAP critical - Could not search/find objectclasses in %s\n", ld_base); | ||
90 | return STATE_CRITICAL; | ||
91 | } | ||
92 | |||
93 | + | ||
94 | + /* For each matching entry, print the entry name and its attributes. */ | ||
95 | + for ( e = ldap_first_entry( ld, result ); e != NULL; | ||
96 | + e = ldap_next_entry( ld, e ) ) { | ||
97 | + if ( ( dn = ldap_get_dn( ld, e ) ) != NULL ) { | ||
98 | + if (verbose) {printf( "dn: %s\n", dn );} | ||
99 | + ldap_memfree( dn ); | ||
100 | + } | ||
101 | + for ( a = ldap_first_attribute( ld, e, &ber ); a != NULL; | ||
102 | + a = ldap_next_attribute( ld, e, ber ) ) { | ||
103 | + if ( ( vals = ldap_get_values( ld, e, a ) ) != NULL ) { | ||
104 | + for ( i = 0; vals[i] != NULL; i++ ) { | ||
105 | + if (verbose) {printf( "%s: %s\n", a, vals[i] );} | ||
106 | + if ( strcmp (a,attr) == 0 ) { | ||
107 | + strcpy(res,a); | ||
108 | + strcat(res,": "); | ||
109 | + strncat(res,vals[i],30); | ||
110 | + | ||
111 | + if (strcmp(vals[i],expect) != 0 && strcmp("",expect) != 0 ) { | ||
112 | + printf ("LDAP critical - %s: %s \n", a, vals[i]); | ||
113 | + return STATE_CRITICAL; | ||
114 | + } | ||
115 | + if(reverse){ | ||
116 | + if (attr_crit_long && strtol(vals[i],&pEnd,0)<=attr_crit_long) { | ||
117 | + printf ("LDAP critical - %s: %s\n", a, vals[i]); | ||
118 | + return STATE_CRITICAL; | ||
119 | + } | ||
120 | + if (attr_warn_long && strtol(vals[i],&pEnd,0)<=attr_warn_long) { | ||
121 | + printf ("LDAP warning - %s: %s\n", a, vals[i]); | ||
122 | + return STATE_WARNING; | ||
123 | + } | ||
124 | + } | ||
125 | + else { | ||
126 | + if (attr_crit_long && strtol(vals[i],&pEnd,0)>=attr_crit_long) { | ||
127 | + printf ("LDAP critical - %s: %s\n", a, vals[i]); | ||
128 | + return STATE_CRITICAL; | ||
129 | + } | ||
130 | + if (attr_warn_long && strtol(vals[i],&pEnd,0)>=attr_warn_long) { | ||
131 | + printf ("LDAP warning - %s: %s\n", a, vals[i]); | ||
132 | + return STATE_WARNING; | ||
133 | + } | ||
134 | + } | ||
135 | + } | ||
136 | + | ||
137 | + } | ||
138 | + ldap_value_free( vals ); | ||
139 | + } | ||
140 | + ldap_memfree( a ); | ||
141 | + } | ||
142 | + if ( ber != NULL ) { | ||
143 | + ber_free( ber, 0 ); | ||
144 | + } | ||
145 | + printf( "\n" ); | ||
146 | + } | ||
147 | + ldap_msgfree( result ); | ||
148 | + | ||
149 | + | ||
150 | + | ||
151 | /* unbind from the ldap server */ | ||
152 | ldap_unbind (ld); | ||
153 | |||
154 | @@ -113,7 +194,8 @@ | ||
155 | } | ||
156 | |||
157 | /* print out the result */ | ||
158 | - printf ("LDAP ok - %i seconds response time\n", t_diff); | ||
159 | + if (strcmp(res,"") != 0) {printf ("LDAP ok - %i seconds response time, %s\n", t_diff, res);} | ||
160 | + else {printf ("LDAP ok - %i seconds response time\n", t_diff);} | ||
161 | |||
162 | return STATE_OK; | ||
163 | } | ||
164 | @@ -158,12 +240,15 @@ | ||
165 | {"timeout", required_argument, 0, 't'}, | ||
166 | {"host", required_argument, 0, 'H'}, | ||
167 | {"base", required_argument, 0, 'b'}, | ||
168 | + {"filter", required_argument, 0, 'f'}, | ||
169 | {"attr", required_argument, 0, 'a'}, | ||
170 | + {"expect", required_argument, 0, 'e'}, | ||
171 | {"bind", required_argument, 0, 'D'}, | ||
172 | {"pass", required_argument, 0, 'P'}, | ||
173 | {"port", required_argument, 0, 'p'}, | ||
174 | {"warn", required_argument, 0, 'w'}, | ||
175 | {"crit", required_argument, 0, 'c'}, | ||
176 | + {"verbose", required_argument, 0, 'v'}, | ||
177 | {0, 0, 0, 0} | ||
178 | }; | ||
179 | #endif | ||
180 | @@ -175,10 +260,10 @@ | ||
181 | while (1) { | ||
182 | #ifdef HAVE_GETOPT_H | ||
183 | c = | ||
184 | - getopt_long (argc, argv, "+hVt:c:w:H:b:p:a:D:P:", long_options, | ||
185 | + getopt_long (argc, argv, "+hVt:c:w:H:b:p:f:a:e:W:C:D:P:vr", long_options, | ||
186 | &option_index); | ||
187 | #else | ||
188 | - c = getopt (argc, argv, "+?hVt:c:w:H:b:p:a:D:P:"); | ||
189 | + c = getopt (argc, argv, "+?hVt:c:w:H:b:p:f:a:e:W:C:D:P:vr"); | ||
190 | #endif | ||
191 | |||
192 | if (c == -1 || c == EOF) | ||
193 | @@ -192,9 +277,14 @@ | ||
194 | case 'H': | ||
195 | case 'b': | ||
196 | case 'p': | ||
197 | + case 'f': | ||
198 | case 'a': | ||
199 | + case 'e': | ||
200 | + case 'W': | ||
201 | + case 'C': | ||
202 | case 'D': | ||
203 | case 'P': | ||
204 | + case 'v': | ||
205 | i++; | ||
206 | } | ||
207 | |||
208 | @@ -219,9 +309,28 @@ | ||
209 | case 'p': | ||
210 | ld_port = atoi (optarg); | ||
211 | break; | ||
212 | - case 'a': | ||
213 | + case 'f': | ||
214 | ld_attr = optarg; | ||
215 | break; | ||
216 | + case 'a': | ||
217 | + attr = optarg; | ||
218 | + break; | ||
219 | + case 'e': | ||
220 | + expect = optarg; | ||
221 | + break; | ||
222 | + case 'W': | ||
223 | + if (!is_intnonneg (optarg)) | ||
224 | + usage2 ("Warning value must be an integer", optarg); | ||
225 | + attr_warn = optarg; | ||
226 | + break; | ||
227 | + case 'C': | ||
228 | + if (!is_intnonneg (optarg)) | ||
229 | + usage2 ("Critical value must be an integer", optarg); | ||
230 | + attr_crit = optarg; | ||
231 | + break; | ||
232 | + case 'r': | ||
233 | + reverse = 1; | ||
234 | + break; | ||
235 | case 'D': | ||
236 | ld_binddn = optarg; | ||
237 | break; | ||
238 | @@ -234,6 +343,9 @@ | ||
239 | case 'c': | ||
240 | crit_time = atoi (optarg); | ||
241 | break; | ||
242 | + case 'v': | ||
243 | + verbose = 1; | ||
244 | + break; | ||
245 | default: | ||
246 | usage ("check_ldap: could not parse arguments\n"); | ||
247 | break; | ||
248 | @@ -247,7 +359,18 @@ | ||
249 | { | ||
250 | if (ld_host[0] == 0 || | ||
251 | ld_base[0] == 0 || | ||
252 | - ld_port == UNKNOWN || warn_time == UNKNOWN || crit_time == UNKNOWN) { | ||
253 | + ld_port == UNKNOWN || warn_time == UNKNOWN || crit_time == UNKNOWN || | ||
254 | + ( | ||
255 | + (attr != "" && expect == "") && | ||
256 | + (attr != "" && (attr_warn == "" || attr_crit == "")) | ||
257 | + ) || | ||
258 | + ( | ||
259 | + (attr_warn != "" || attr_crit != "" || expect != "") && (attr == "") | ||
260 | + ) || | ||
261 | + ( | ||
262 | + ((attr_warn != "" || attr_crit != "") && expect != "") | ||
263 | + ) | ||
264 | + ) { | ||
265 | return ERROR; | ||
266 | } | ||
267 | else { | ||
268 | @@ -270,13 +393,19 @@ | ||
269 | ("\n" | ||
270 | "Options:\n" | ||
271 | "\t-H [--host] ... host\n" | ||
272 | - "\t-a [--attr] ... ldap attribute to search (default: \"(objectclass=*)\"\n" | ||
273 | + "\t-f [--filter] ... ldap attribute to search (default: \"(objectclass=*)\"\n" | ||
274 | + "\t-a [--attr] ... ldap attribute to compare \n" | ||
275 | + "\t-e [--expect] ... expect string to match attribute - if not equal the STATE_CRITICAL will be returned\n" | ||
276 | + "\t-W [--Warn] ... Attribute value. - if the exceeds <Warn> the STATE_WARNING will be returned\n" | ||
277 | + "\t-C [--Crit] ... Attribute value. - if the exceeds <Crit> the STATE_CRITICAL will be returned\n" | ||
278 | + "\t-r [--reverse] ... Comparing attribute value is reverse (lower attribute value is abnormal)\n" | ||
279 | "\t-b [--base] ... ldap base (eg. ou=my unit, o=my org, c=at)\n" | ||
280 | "\t-D [--bind] ... ldap bind DN (if required)\n" | ||
281 | "\t-P [--pass] ... ldap password (if required)\n" | ||
282 | "\t-p [--port] ... ldap port (normaly 389)\n" | ||
283 | "\t-w [--warn] ... time in secs. - if the exceeds <warn> the STATE_WARNING will be returned\n" | ||
284 | "\t-c [--crit] ... time in secs. - if the exceeds <crit> the STATE_CRITICAL will be returned\n" | ||
285 | + "\t-v [--verbose] ... Verbose output, print all attributes\n" | ||
286 | "\n"); | ||
287 | } | ||
288 | |||
289 | @@ -285,7 +414,10 @@ | ||
290 | print_usage () | ||
291 | { | ||
292 | printf | ||
293 | - ("Usage: %s -H <host> -b <base_dn> -p <port> [-a <attr>] [-D <binddn>]\n" | ||
294 | - " [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout]\n" | ||
295 | - "(Note: all times are in seconds.)\n", PROGNAME); | ||
296 | + ("Usage: %s -H <host> -b <base_dn> -p <port> [-f <attr>] \n" | ||
297 | + " [-a <attr>] [-e <expect>] [-W <Warn_attr>] [-C <Crit_attr>] [-r]\n" | ||
298 | + " [-D <binddn>] [-P <password>]\n" | ||
299 | + " [-w <warn_time>] [-c <crit_time>] [-t timeout] [-v]\n" | ||
300 | + "(Note: all times are in seconds,\n" | ||
301 | + " if you use -a then you\'ve to use -W and -C or -e alone.)\n", PROGNAME); | ||
302 | } | ||