1 files changed, 188 insertions, 0 deletions
diff --git a/web/attachments/448048-nagios-plugins-1.4.16-check_ldap_certificate.patch b/web/attachments/448048-nagios-plugins-1.4.16-check_ldap_certificate.patch
new file mode 100644
index 0000000..6eb2b0c
--- /dev/null
+++ b/web/attachments/448048-nagios-plugins-1.4.16-check_ldap_certificate.patch
@@ -0,0 +1,188 @@
+diff -Naur -x '*~' -x '*.orig' -x '*.rej' nagios-plugins-1.4.16/plugins/check_ldap.c nagios-plugins-1.4.16-check_ldap_certificate/plugins/check_ldap.c
+--- nagios-plugins-1.4.16/plugins/check_ldap.c  2012-06-27 19:32:47.000000000 +0200
+++ nagios-plugins-1.4.16-check_ldap_certificate/plugins/check_ldap.c   2012-07-06 12:57:15.562316155 +0200
+@@ -72,6 +72,9 @@
+ int ssl_on_connect = FALSE;
+ int verbose = 0;
+ 
+int check_cert = FALSE;
+int days_till_exp_warn, days_till_exp_crit;
+
+ /* for ldap tls */
+ 
+ char *SERVICE = "LDAP";
+@@ -157,6 +160,9 @@
+                        printf (_("Could not init TLS at port %i!\n"), ld_port);
+                        return STATE_CRITICAL;
+                }
+
+               if (check_cert == TRUE)
+                       return ldap_check_cert(ld);
+ #else
+                printf (_("TLS not supported by the libraries!\n"));
+                return STATE_CRITICAL;
+@@ -181,6 +187,9 @@
+                        printf (_("Could not init startTLS at port %i!\n"), ld_port);
+                        return STATE_CRITICAL;
+                }
+
+               if (check_cert == TRUE)
+                       return ldap_check_cert(ld);
+ #else
+                printf (_("startTLS not supported by the library, needs LDAPv3!\n"));
+                return STATE_CRITICAL;
+@@ -240,6 +249,7 @@
+ process_arguments (int argc, char **argv)
+ {
+        int c;
+        char *temp;
+ 
+        int option = 0;
+        /* initialize the long option struct */
+@@ -258,6 +268,7 @@
+ #endif
+                {"starttls", no_argument, 0, 'T'},
+                {"ssl", no_argument, 0, 'S'},
+               {"certificate", required_argument, 0, 'C'},
+                {"use-ipv4", no_argument, 0, '4'},
+                {"use-ipv6", no_argument, 0, '6'},
+                {"port", required_argument, 0, 'p'},
+@@ -276,7 +287,7 @@
+        }
+ 
+        while (1) {
+-               c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:", longopts, &option);
+               c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:", longopts, &option);
+ 
+                if (c == -1 || c == EOF)
+                        break;
+@@ -338,6 +349,33 @@
+                        else
+                                usage_va(_("%s cannot be combined with %s"), "-T/--starttls", "-S/--ssl");
+                        break;
+               case 'C': /* Check SSL cert validity */
+#ifndef HAVE_SSL
+                       usage4 (_("Invalid option - SSL is not available"));
+#else
+                       if (starttls || ssl_on_connect || strstr(argv[0],"check_ldaps")) {
+                               if ((temp=strchr(optarg,','))!=NULL) {
+                                       *temp = '\0';
+                                       if (!is_intnonneg (temp))
+                                               usage2 (_("Invalid certificate expiration period"), optarg);
+                                       days_till_exp_warn = atoi(optarg);
+                                       *temp = ',';
+                                       temp++;
+                                       if (!is_intnonneg (temp))
+                                               usage2 (_("Invalid certificate expiration period"), temp);
+                                               days_till_exp_crit = atoi (temp);
+                               } else {
+                                       days_till_exp_crit = 0;
+                                       if (!is_intnonneg (optarg))
+                                               usage2 (_("Invalid certificate expiration period"), optarg);
+                                       days_till_exp_warn = atoi (optarg);
+                               }
+                               check_cert = TRUE;
+                       } else {
+                               usage_va(_("%s requires either %s or %s"), "-C/--certificate", "-S/--ssl", "-T/--starttls");
+                       }
+                       break;
+#endif
+                case 'S':
+                        if (! starttls) {
+                                ssl_on_connect = TRUE;
+@@ -420,6 +458,9 @@
+   printf (" %s\n", "-S [--ssl]");
+   printf ("    %s %i\n", _("use ldaps (ldap v2 ssl method). this also sets the default port to"), LDAPS_PORT);
+ 
+  printf (" %s\n", "-C [--certificate]");
+  printf ("    %s\n", _("Minimum number of days a certificate has to be valid"));
+
+ #ifdef HAVE_LDAP_SET_OPTION
+        printf (" %s\n", "-2 [--ver2]");
+   printf ("    %s\n", _("use ldap protocol version 2"));
+@@ -455,7 +496,7 @@
+ {
+   printf ("%s\n", _("Usage:"));
+        printf (" %s -H <host> -b <base_dn> [-p <port>] [-a <attr>] [-D <binddn>]",progname);
+-  printf ("\n       [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout]%s\n",
+  printf ("\n       [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout] [-C <age>]%s\n",
+ #ifdef HAVE_LDAP_SET_OPTION
+                        "\n       [-2|-3] [-4|-6]"
+ #else
+@@ -463,3 +504,16 @@
+ #endif
+                        );
+ }
+
+int ldap_check_cert (LDAP *ld)
+{
+       SSL *ssl;
+       int rc;
+
+       rc = ldap_get_option(ld, LDAP_OPT_X_TLS_SSL_CTX, &ssl);
+       if (rc == LDAP_OPT_ERROR || ssl == NULL) {
+               printf ("%s\n",_("CRITICAL - Cannot retrieve ssl session from connection."));
+               return STATE_CRITICAL;
+       }
+       return np_net_ssl_check_cert_real(ssl, days_till_exp_warn, days_till_exp_crit);
+}
+diff -Naur -x '*~' -x '*.orig' -x '*.rej' nagios-plugins-1.4.16/plugins/Makefile.am nagios-plugins-1.4.16-check_ldap_certificate/plugins/Makefile.am
+--- nagios-plugins-1.4.16/plugins/Makefile.am   2012-06-27 19:32:47.000000000 +0200
+++ nagios-plugins-1.4.16-check_ldap_certificate/plugins/Makefile.am    2012-07-04 11:03:00.888343446 +0200
+@@ -72,7 +72,7 @@
+ check_game_LDADD = $(BASEOBJS) runcmd.o
+ check_http_LDADD = $(SSLOBJS) $(NETLIBS) $(SSLLIBS)
+ check_hpjd_LDADD = $(NETLIBS) popen.o
+-check_ldap_LDADD = $(NETLIBS) $(LDAPLIBS)
+check_ldap_LDADD = $(SSLOBJS) $(NETLIBS) $(LDAPLIBS) $(SSLLIBS)
+ check_load_LDADD = $(BASEOBJS) popen.o
+ check_mrtg_LDADD = $(BASEOBJS)
+ check_mrtgtraf_LDADD = $(BASEOBJS)
+@@ -118,7 +118,7 @@
+ check_http_DEPENDENCIES = check_http.c $(SSLOBJS) $(NETOBJS) $(DEPLIBS)
+ check_hpjd_DEPENDENCIES = check_hpjd.c $(NETOBJS) popen.o $(DEPLIBS)
+ check_ide_smart_DEPENDENCIES = check_ide_smart.c $(BASEOBJS) $(DEPLIBS)
+-check_ldap_DEPENDENCIES = check_ldap.c $(NETOBJS) $(DEPLIBS)
+check_ldap_DEPENDENCIES = check_ldap.c $(SSLOBJS) $(NETOBJS) $(DEPLIBS)
+ check_load_DEPENDENCIES = check_load.c $(BASEOBJS) popen.o $(DEPLIBS)
+ check_mrtg_DEPENDENCIES = check_mrtg.c $(DEPLIBS)
+ check_mrtgtraf_DEPENDENCIES = check_mrtgtraf.c $(DEPLIBS)
+diff -Naur -x '*~' -x '*.orig' -x '*.rej' nagios-plugins-1.4.16/plugins/netutils.h nagios-plugins-1.4.16-check_ldap_certificate/plugins/netutils.h
+--- nagios-plugins-1.4.16/plugins/netutils.h    2012-06-27 19:32:47.000000000 +0200
+++ nagios-plugins-1.4.16-check_ldap_certificate/plugins/netutils.h     2012-07-04 11:03:56.291891100 +0200
+@@ -104,6 +104,7 @@
+ int np_net_ssl_write(const void *buf, int num);
+ int np_net_ssl_read(void *buf, int num);
+ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit);
+int np_net_ssl_check_cert_real(SSL *ssl, int days_till_exp_warn, int days_till_exp_crit);
+ #endif /* HAVE_SSL */
+ 
+ #endif /* _NETUTILS_H_ */
+diff -Naur -x '*~' -x '*.orig' -x '*.rej' nagios-plugins-1.4.16/plugins/sslutils.c nagios-plugins-1.4.16-check_ldap_certificate/plugins/sslutils.c
+--- nagios-plugins-1.4.16/plugins/sslutils.c    2012-06-27 19:32:47.000000000 +0200
+++ nagios-plugins-1.4.16-check_ldap_certificate/plugins/sslutils.c     2012-07-06 13:11:37.469453627 +0200
+@@ -128,6 +128,15 @@
+ 
+ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
+ #  ifdef USE_OPENSSL
+       return np_net_ssl_check_cert_real(s, days_till_exp_warn, days_till_exp_crit);
+#  else /* ifndef USE_OPENSSL */
+       printf ("%s\n", _("WARNING - Plugin does not support checking certificates."));
+       return STATE_WARNING;
+#  endif /* USE_OPENSSL */
+}
+
+int np_net_ssl_check_cert_real(SSL *ssl, int days_till_exp_warn, int days_till_exp_crit){
+#  ifdef USE_OPENSSL
+        X509 *certificate=NULL;
+        X509_NAME *subj=NULL;
+        char cn[MAX_CN_LENGTH]= "";
+@@ -141,7 +150,7 @@
+        int days_left;
+        char timestamp[17] = "";
+ 
+-       certificate=SSL_get_peer_certificate(s);
+       certificate=SSL_get_peer_certificate(ssl);
+        if (!certificate) {
+                printf("%s\n",_("CRITICAL - Cannot retrieve server certificate."));
+                return STATE_CRITICAL;

diff --git a/web/attachments/448048-nagios-plugins-1.4.16-check_ldap_certificate.patch b/web/attachments/448048-nagios-plugins-1.4.16-check_ldap_certificate.patch new file mode 100644 index 0000000..6eb2b0c --- /dev/null +++ b/web/attachments/448048-nagios-plugins-1.4.16-check_ldap_certificate.patch
@@ -0,0 +1,188 @@
	1	diff -Naur -x '~' -x '.orig' -x '*.rej' nagios-plugins-1.4.16/plugins/check_ldap.c nagios-plugins-1.4.16-check_ldap_certificate/plugins/check_ldap.c
	2	--- nagios-plugins-1.4.16/plugins/check_ldap.c 2012-06-27 19:32:47.000000000 +0200
	3	+++ nagios-plugins-1.4.16-check_ldap_certificate/plugins/check_ldap.c 2012-07-06 12:57:15.562316155 +0200
	4	@@ -72,6 +72,9 @@
	5	int ssl_on_connect = FALSE;
	6	int verbose = 0;
	7
	8	+int check_cert = FALSE;
	9	+int days_till_exp_warn, days_till_exp_crit;
	10	+
	11	/* for ldap tls */
	12
	13	char *SERVICE = "LDAP";
	14	@@ -157,6 +160,9 @@
	15	printf (_("Could not init TLS at port %i!\n"), ld_port);
	16	return STATE_CRITICAL;
	17	}
	18	+
	19	+ if (check_cert == TRUE)
	20	+ return ldap_check_cert(ld);
	21	#else
	22	printf (_("TLS not supported by the libraries!\n"));
	23	return STATE_CRITICAL;
	24	@@ -181,6 +187,9 @@
	25	printf (_("Could not init startTLS at port %i!\n"), ld_port);
	26	return STATE_CRITICAL;
	27	}
	28	+
	29	+ if (check_cert == TRUE)
	30	+ return ldap_check_cert(ld);
	31	#else
	32	printf (_("startTLS not supported by the library, needs LDAPv3!\n"));
	33	return STATE_CRITICAL;
	34	@@ -240,6 +249,7 @@
	35	process_arguments (int argc, char **argv)
	36	{
	37	int c;
	38	+ char *temp;
	39
	40	int option = 0;
	41	/* initialize the long option struct */
	42	@@ -258,6 +268,7 @@
	43	#endif
	44	{"starttls", no_argument, 0, 'T'},
	45	{"ssl", no_argument, 0, 'S'},
	46	+ {"certificate", required_argument, 0, 'C'},
	47	{"use-ipv4", no_argument, 0, '4'},
	48	{"use-ipv6", no_argument, 0, '6'},
	49	{"port", required_argument, 0, 'p'},
	50	@@ -276,7 +287,7 @@
	51	}
	52
	53	while (1) {
	54	- c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:", longopts, &option);
	55	+ c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:", longopts, &option);
	56
	57	if (c == -1 \|\| c == EOF)
	58	break;
	59	@@ -338,6 +349,33 @@
	60	else
	61	usage_va(_("%s cannot be combined with %s"), "-T/--starttls", "-S/--ssl");
	62	break;
	63	+ case 'C': /* Check SSL cert validity */
	64	+#ifndef HAVE_SSL
	65	+ usage4 (_("Invalid option - SSL is not available"));
	66	+#else
	67	+ if (starttls \|\| ssl_on_connect \|\| strstr(argv[0],"check_ldaps")) {
	68	+ if ((temp=strchr(optarg,','))!=NULL) {
	69	+ *temp = '\0';
	70	+ if (!is_intnonneg (temp))
	71	+ usage2 (_("Invalid certificate expiration period"), optarg);
	72	+ days_till_exp_warn = atoi(optarg);
	73	+ *temp = ',';
	74	+ temp++;
	75	+ if (!is_intnonneg (temp))
	76	+ usage2 (_("Invalid certificate expiration period"), temp);
	77	+ days_till_exp_crit = atoi (temp);
	78	+ } else {
	79	+ days_till_exp_crit = 0;
	80	+ if (!is_intnonneg (optarg))
	81	+ usage2 (_("Invalid certificate expiration period"), optarg);
	82	+ days_till_exp_warn = atoi (optarg);
	83	+ }
	84	+ check_cert = TRUE;
	85	+ } else {
	86	+ usage_va(_("%s requires either %s or %s"), "-C/--certificate", "-S/--ssl", "-T/--starttls");
	87	+ }
	88	+ break;
	89	+#endif
	90	case 'S':
	91	if (! starttls) {
	92	ssl_on_connect = TRUE;
	93	@@ -420,6 +458,9 @@
	94	printf (" %s\n", "-S [--ssl]");
	95	printf (" %s %i\n", _("use ldaps (ldap v2 ssl method). this also sets the default port to"), LDAPS_PORT);
	96
	97	+ printf (" %s\n", "-C [--certificate]");
	98	+ printf (" %s\n", _("Minimum number of days a certificate has to be valid"));
	99	+
	100	#ifdef HAVE_LDAP_SET_OPTION
	101	printf (" %s\n", "-2 [--ver2]");
	102	printf (" %s\n", _("use ldap protocol version 2"));
	103	@@ -455,7 +496,7 @@
	104	{
	105	printf ("%s\n", _("Usage:"));
	106	printf (" %s -H <host> -b <base_dn> [-p <port>] [-a <attr>] [-D <binddn>]",progname);
	107	- printf ("\n [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout]%s\n",
	108	+ printf ("\n [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout] [-C <age>]%s\n",
	109	#ifdef HAVE_LDAP_SET_OPTION
	110	"\n [-2\|-3] [-4\|-6]"
	111	#else
	112	@@ -463,3 +504,16 @@
	113	#endif
	114	);
	115	}
	116	+
	117	+int ldap_check_cert (LDAP *ld)
	118	+{
	119	+ SSL *ssl;
	120	+ int rc;
	121	+
	122	+ rc = ldap_get_option(ld, LDAP_OPT_X_TLS_SSL_CTX, &ssl);
	123	+ if (rc == LDAP_OPT_ERROR \|\| ssl == NULL) {
	124	+ printf ("%s\n",_("CRITICAL - Cannot retrieve ssl session from connection."));
	125	+ return STATE_CRITICAL;
	126	+ }
	127	+ return np_net_ssl_check_cert_real(ssl, days_till_exp_warn, days_till_exp_crit);
	128	+}
	129	diff -Naur -x '~' -x '.orig' -x '*.rej' nagios-plugins-1.4.16/plugins/Makefile.am nagios-plugins-1.4.16-check_ldap_certificate/plugins/Makefile.am
	130	--- nagios-plugins-1.4.16/plugins/Makefile.am 2012-06-27 19:32:47.000000000 +0200
	131	+++ nagios-plugins-1.4.16-check_ldap_certificate/plugins/Makefile.am 2012-07-04 11:03:00.888343446 +0200
	132	@@ -72,7 +72,7 @@
	133	check_game_LDADD = $(BASEOBJS) runcmd.o
	134	check_http_LDADD = $(SSLOBJS) $(NETLIBS) $(SSLLIBS)
	135	check_hpjd_LDADD = $(NETLIBS) popen.o
	136	-check_ldap_LDADD = $(NETLIBS) $(LDAPLIBS)
	137	+check_ldap_LDADD = $(SSLOBJS) $(NETLIBS) $(LDAPLIBS) $(SSLLIBS)
	138	check_load_LDADD = $(BASEOBJS) popen.o
	139	check_mrtg_LDADD = $(BASEOBJS)
	140	check_mrtgtraf_LDADD = $(BASEOBJS)
	141	@@ -118,7 +118,7 @@
	142	check_http_DEPENDENCIES = check_http.c $(SSLOBJS) $(NETOBJS) $(DEPLIBS)
	143	check_hpjd_DEPENDENCIES = check_hpjd.c $(NETOBJS) popen.o $(DEPLIBS)
	144	check_ide_smart_DEPENDENCIES = check_ide_smart.c $(BASEOBJS) $(DEPLIBS)
	145	-check_ldap_DEPENDENCIES = check_ldap.c $(NETOBJS) $(DEPLIBS)
	146	+check_ldap_DEPENDENCIES = check_ldap.c $(SSLOBJS) $(NETOBJS) $(DEPLIBS)
	147	check_load_DEPENDENCIES = check_load.c $(BASEOBJS) popen.o $(DEPLIBS)
	148	check_mrtg_DEPENDENCIES = check_mrtg.c $(DEPLIBS)
	149	check_mrtgtraf_DEPENDENCIES = check_mrtgtraf.c $(DEPLIBS)
	150	diff -Naur -x '~' -x '.orig' -x '*.rej' nagios-plugins-1.4.16/plugins/netutils.h nagios-plugins-1.4.16-check_ldap_certificate/plugins/netutils.h
	151	--- nagios-plugins-1.4.16/plugins/netutils.h 2012-06-27 19:32:47.000000000 +0200
	152	+++ nagios-plugins-1.4.16-check_ldap_certificate/plugins/netutils.h 2012-07-04 11:03:56.291891100 +0200
	153	@@ -104,6 +104,7 @@
	154	int np_net_ssl_write(const void *buf, int num);
	155	int np_net_ssl_read(void *buf, int num);
	156	int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit);
	157	+int np_net_ssl_check_cert_real(SSL *ssl, int days_till_exp_warn, int days_till_exp_crit);
	158	#endif /* HAVE_SSL */
	159
	160	#endif /* _NETUTILS_H_ */
	161	diff -Naur -x '~' -x '.orig' -x '*.rej' nagios-plugins-1.4.16/plugins/sslutils.c nagios-plugins-1.4.16-check_ldap_certificate/plugins/sslutils.c
	162	--- nagios-plugins-1.4.16/plugins/sslutils.c 2012-06-27 19:32:47.000000000 +0200
	163	+++ nagios-plugins-1.4.16-check_ldap_certificate/plugins/sslutils.c 2012-07-06 13:11:37.469453627 +0200
	164	@@ -128,6 +128,15 @@
	165
	166	int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
	167	# ifdef USE_OPENSSL
	168	+ return np_net_ssl_check_cert_real(s, days_till_exp_warn, days_till_exp_crit);
	169	+# else /* ifndef USE_OPENSSL */
	170	+ printf ("%s\n", _("WARNING - Plugin does not support checking certificates."));
	171	+ return STATE_WARNING;
	172	+# endif /* USE_OPENSSL */
	173	+}
	174	+
	175	+int np_net_ssl_check_cert_real(SSL *ssl, int days_till_exp_warn, int days_till_exp_crit){
	176	+# ifdef USE_OPENSSL
	177	X509 *certificate=NULL;
	178	X509_NAME *subj=NULL;
	179	char cn[MAX_CN_LENGTH]= "";
	180	@@ -141,7 +150,7 @@
	181	int days_left;
	182	char timestamp[17] = "";
	183
	184	- certificate=SSL_get_peer_certificate(s);
	185	+ certificate=SSL_get_peer_certificate(ssl);
	186	if (!certificate) {
	187	printf("%s\n",_("CRITICAL - Cannot retrieve server certificate."));
	188	return STATE_CRITICAL;