From 0b6423f9c99d9edf8c96fefd0f6c453859395aa1 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Mon, 30 Sep 2013 00:03:24 +0200 Subject: Import Nagios Plugins site Import the Nagios Plugins web site, Cronjobs, infrastructure scripts, and configuration files. --- ...ios-plugins-1.4.16-check_ldap_certificate.patch | 188 +++++++++++++++++++++ 1 file changed, 188 insertions(+) create mode 100644 web/attachments/448048-nagios-plugins-1.4.16-check_ldap_certificate.patch (limited to 'web/attachments/448048-nagios-plugins-1.4.16-check_ldap_certificate.patch') diff --git a/web/attachments/448048-nagios-plugins-1.4.16-check_ldap_certificate.patch b/web/attachments/448048-nagios-plugins-1.4.16-check_ldap_certificate.patch new file mode 100644 index 0000000..6eb2b0c --- /dev/null +++ b/web/attachments/448048-nagios-plugins-1.4.16-check_ldap_certificate.patch @@ -0,0 +1,188 @@ +diff -Naur -x '*~' -x '*.orig' -x '*.rej' nagios-plugins-1.4.16/plugins/check_ldap.c nagios-plugins-1.4.16-check_ldap_certificate/plugins/check_ldap.c +--- nagios-plugins-1.4.16/plugins/check_ldap.c 2012-06-27 19:32:47.000000000 +0200 ++++ nagios-plugins-1.4.16-check_ldap_certificate/plugins/check_ldap.c 2012-07-06 12:57:15.562316155 +0200 +@@ -72,6 +72,9 @@ + int ssl_on_connect = FALSE; + int verbose = 0; + ++int check_cert = FALSE; ++int days_till_exp_warn, days_till_exp_crit; ++ + /* for ldap tls */ + + char *SERVICE = "LDAP"; +@@ -157,6 +160,9 @@ + printf (_("Could not init TLS at port %i!\n"), ld_port); + return STATE_CRITICAL; + } ++ ++ if (check_cert == TRUE) ++ return ldap_check_cert(ld); + #else + printf (_("TLS not supported by the libraries!\n")); + return STATE_CRITICAL; +@@ -181,6 +187,9 @@ + printf (_("Could not init startTLS at port %i!\n"), ld_port); + return STATE_CRITICAL; + } ++ ++ if (check_cert == TRUE) ++ return ldap_check_cert(ld); + #else + printf (_("startTLS not supported by the library, needs LDAPv3!\n")); + return STATE_CRITICAL; +@@ -240,6 +249,7 @@ + process_arguments (int argc, char **argv) + { + int c; ++ char *temp; + + int option = 0; + /* initialize the long option struct */ +@@ -258,6 +268,7 @@ + #endif + {"starttls", no_argument, 0, 'T'}, + {"ssl", no_argument, 0, 'S'}, ++ {"certificate", required_argument, 0, 'C'}, + {"use-ipv4", no_argument, 0, '4'}, + {"use-ipv6", no_argument, 0, '6'}, + {"port", required_argument, 0, 'p'}, +@@ -276,7 +287,7 @@ + } + + while (1) { +- c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:", longopts, &option); ++ c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:", longopts, &option); + + if (c == -1 || c == EOF) + break; +@@ -338,6 +349,33 @@ + else + usage_va(_("%s cannot be combined with %s"), "-T/--starttls", "-S/--ssl"); + break; ++ case 'C': /* Check SSL cert validity */ ++#ifndef HAVE_SSL ++ usage4 (_("Invalid option - SSL is not available")); ++#else ++ if (starttls || ssl_on_connect || strstr(argv[0],"check_ldaps")) { ++ if ((temp=strchr(optarg,','))!=NULL) { ++ *temp = '\0'; ++ if (!is_intnonneg (temp)) ++ usage2 (_("Invalid certificate expiration period"), optarg); ++ days_till_exp_warn = atoi(optarg); ++ *temp = ','; ++ temp++; ++ if (!is_intnonneg (temp)) ++ usage2 (_("Invalid certificate expiration period"), temp); ++ days_till_exp_crit = atoi (temp); ++ } else { ++ days_till_exp_crit = 0; ++ if (!is_intnonneg (optarg)) ++ usage2 (_("Invalid certificate expiration period"), optarg); ++ days_till_exp_warn = atoi (optarg); ++ } ++ check_cert = TRUE; ++ } else { ++ usage_va(_("%s requires either %s or %s"), "-C/--certificate", "-S/--ssl", "-T/--starttls"); ++ } ++ break; ++#endif + case 'S': + if (! starttls) { + ssl_on_connect = TRUE; +@@ -420,6 +458,9 @@ + printf (" %s\n", "-S [--ssl]"); + printf (" %s %i\n", _("use ldaps (ldap v2 ssl method). this also sets the default port to"), LDAPS_PORT); + ++ printf (" %s\n", "-C [--certificate]"); ++ printf (" %s\n", _("Minimum number of days a certificate has to be valid")); ++ + #ifdef HAVE_LDAP_SET_OPTION + printf (" %s\n", "-2 [--ver2]"); + printf (" %s\n", _("use ldap protocol version 2")); +@@ -455,7 +496,7 @@ + { + printf ("%s\n", _("Usage:")); + printf (" %s -H -b [-p ] [-a ] [-D ]",progname); +- printf ("\n [-P ] [-w ] [-c ] [-t timeout]%s\n", ++ printf ("\n [-P ] [-w ] [-c ] [-t timeout] [-C ]%s\n", + #ifdef HAVE_LDAP_SET_OPTION + "\n [-2|-3] [-4|-6]" + #else +@@ -463,3 +504,16 @@ + #endif + ); + } ++ ++int ldap_check_cert (LDAP *ld) ++{ ++ SSL *ssl; ++ int rc; ++ ++ rc = ldap_get_option(ld, LDAP_OPT_X_TLS_SSL_CTX, &ssl); ++ if (rc == LDAP_OPT_ERROR || ssl == NULL) { ++ printf ("%s\n",_("CRITICAL - Cannot retrieve ssl session from connection.")); ++ return STATE_CRITICAL; ++ } ++ return np_net_ssl_check_cert_real(ssl, days_till_exp_warn, days_till_exp_crit); ++} +diff -Naur -x '*~' -x '*.orig' -x '*.rej' nagios-plugins-1.4.16/plugins/Makefile.am nagios-plugins-1.4.16-check_ldap_certificate/plugins/Makefile.am +--- nagios-plugins-1.4.16/plugins/Makefile.am 2012-06-27 19:32:47.000000000 +0200 ++++ nagios-plugins-1.4.16-check_ldap_certificate/plugins/Makefile.am 2012-07-04 11:03:00.888343446 +0200 +@@ -72,7 +72,7 @@ + check_game_LDADD = $(BASEOBJS) runcmd.o + check_http_LDADD = $(SSLOBJS) $(NETLIBS) $(SSLLIBS) + check_hpjd_LDADD = $(NETLIBS) popen.o +-check_ldap_LDADD = $(NETLIBS) $(LDAPLIBS) ++check_ldap_LDADD = $(SSLOBJS) $(NETLIBS) $(LDAPLIBS) $(SSLLIBS) + check_load_LDADD = $(BASEOBJS) popen.o + check_mrtg_LDADD = $(BASEOBJS) + check_mrtgtraf_LDADD = $(BASEOBJS) +@@ -118,7 +118,7 @@ + check_http_DEPENDENCIES = check_http.c $(SSLOBJS) $(NETOBJS) $(DEPLIBS) + check_hpjd_DEPENDENCIES = check_hpjd.c $(NETOBJS) popen.o $(DEPLIBS) + check_ide_smart_DEPENDENCIES = check_ide_smart.c $(BASEOBJS) $(DEPLIBS) +-check_ldap_DEPENDENCIES = check_ldap.c $(NETOBJS) $(DEPLIBS) ++check_ldap_DEPENDENCIES = check_ldap.c $(SSLOBJS) $(NETOBJS) $(DEPLIBS) + check_load_DEPENDENCIES = check_load.c $(BASEOBJS) popen.o $(DEPLIBS) + check_mrtg_DEPENDENCIES = check_mrtg.c $(DEPLIBS) + check_mrtgtraf_DEPENDENCIES = check_mrtgtraf.c $(DEPLIBS) +diff -Naur -x '*~' -x '*.orig' -x '*.rej' nagios-plugins-1.4.16/plugins/netutils.h nagios-plugins-1.4.16-check_ldap_certificate/plugins/netutils.h +--- nagios-plugins-1.4.16/plugins/netutils.h 2012-06-27 19:32:47.000000000 +0200 ++++ nagios-plugins-1.4.16-check_ldap_certificate/plugins/netutils.h 2012-07-04 11:03:56.291891100 +0200 +@@ -104,6 +104,7 @@ + int np_net_ssl_write(const void *buf, int num); + int np_net_ssl_read(void *buf, int num); + int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit); ++int np_net_ssl_check_cert_real(SSL *ssl, int days_till_exp_warn, int days_till_exp_crit); + #endif /* HAVE_SSL */ + + #endif /* _NETUTILS_H_ */ +diff -Naur -x '*~' -x '*.orig' -x '*.rej' nagios-plugins-1.4.16/plugins/sslutils.c nagios-plugins-1.4.16-check_ldap_certificate/plugins/sslutils.c +--- nagios-plugins-1.4.16/plugins/sslutils.c 2012-06-27 19:32:47.000000000 +0200 ++++ nagios-plugins-1.4.16-check_ldap_certificate/plugins/sslutils.c 2012-07-06 13:11:37.469453627 +0200 +@@ -128,6 +128,15 @@ + + int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){ + # ifdef USE_OPENSSL ++ return np_net_ssl_check_cert_real(s, days_till_exp_warn, days_till_exp_crit); ++# else /* ifndef USE_OPENSSL */ ++ printf ("%s\n", _("WARNING - Plugin does not support checking certificates.")); ++ return STATE_WARNING; ++# endif /* USE_OPENSSL */ ++} ++ ++int np_net_ssl_check_cert_real(SSL *ssl, int days_till_exp_warn, int days_till_exp_crit){ ++# ifdef USE_OPENSSL + X509 *certificate=NULL; + X509_NAME *subj=NULL; + char cn[MAX_CN_LENGTH]= ""; +@@ -141,7 +150,7 @@ + int days_left; + char timestamp[17] = ""; + +- certificate=SSL_get_peer_certificate(s); ++ certificate=SSL_get_peer_certificate(ssl); + if (!certificate) { + printf("%s\n",_("CRITICAL - Cannot retrieve server certificate.")); + return STATE_CRITICAL; -- cgit v1.2.3-74-g34f1