diff -r -p nagios-plugins-1.3.1/configure.in nagios-plugins-1.3.1-patchTLS/configure.in *** nagios-plugins-1.3.1/configure.in Fri Jul 11 08:12:23 2003 --- nagios-plugins-1.3.1-patchTLS/configure.in Tue Sep 14 15:07:12 2004 *************** if test "$ac_cv_lib_ldap_main" = "yes"; *** 165,170 **** --- 165,171 ---- AC_SUBST(LDAPLIBS) AC_SUBST(LDAPINCLUDE) EXTRAS="$EXTRAS check_ldap" + AC_CHECK_FUNCS(ldap_init ldap_set_option ldap_get_option ldap_start_tls_s) else AC_MSG_WARN([Skipping LDAP plugin]) AC_MSG_WARN([install LDAP libs to compile this plugin (see REQUIREMENTS).]) diff -r -p nagios-plugins-1.3.1/plugins/Makefile.am nagios-plugins-1.3.1-patchTLS/plugins/Makefile.am *** nagios-plugins-1.3.1/plugins/Makefile.am Fri Jul 11 08:11:06 2003 --- nagios-plugins-1.3.1-patchTLS/plugins/Makefile.am Sat Sep 11 01:59:42 2004 *************** $(check_tcp_programs): check_tcp *** 132,138 **** install-exec-hook: cd $(DESTDIR)$(libexecdir) && \ ! for i in $(check_tcp_programs) ; do rm -f $$i; ln -s -f check_tcp $$i ; done clean-local: rm -f $(check_tcp_programs) --- 132,139 ---- install-exec-hook: cd $(DESTDIR)$(libexecdir) && \ ! for i in $(check_tcp_programs) ; do rm -f $$i; ln -s -f check_tcp $$i ; done ;\ ! rm -f check_ldaps ; ln -s -f check_ldap check_ldaps clean-local: rm -f $(check_tcp_programs) diff -r -p nagios-plugins-1.3.1/plugins/check_ldap.c nagios-plugins-1.3.1-patchTLS/plugins/check_ldap.c *** nagios-plugins-1.3.1/plugins/check_ldap.c Wed Jan 29 07:16:15 2003 --- nagios-plugins-1.3.1-patchTLS/plugins/check_ldap.c Tue Sep 14 15:16:05 2004 *************** *** 20,26 **** * *****************************************************************************/ ! const char *progname = "check_ldap"; const char *revision = "$Revision: 1.4 $"; #include "config.h" --- 20,26 ---- * *****************************************************************************/ ! char *progname = "check_ldap"; const char *revision = "$Revision: 1.4 $"; #include "config.h" *************** char *ld_binddn = NULL; *** 50,55 **** --- 50,56 ---- unsigned int ld_port = DEFAULT_PORT; int warn_time = UNDEFINED; int crit_time = UNDEFINED; + char *SERVICE = "LDAP"; int main (int argc, char *argv[]) *************** main (int argc, char *argv[]) *** 60,65 **** --- 61,73 ---- int t_diff; time_t time0, time1; + int tls; + + int version=3; + + if (strstr(argv[0],"check_ldaps")) { + asprintf (&progname, "check_ldaps"); + } if (process_arguments (argc, argv) == ERROR) usage ("check_ldap: could not parse arguments\n"); *************** main (int argc, char *argv[]) *** 74,84 **** time (&time0); /* initialize ldap */ if (!(ld = ldap_open (ld_host, ld_port))) { - /*ldap_perror(ld, "ldap_open"); */ printf ("Could not connect to the server at port %i\n", ld_port); return STATE_CRITICAL; } /* bind to the ldap server */ if (ldap_bind_s (ld, ld_binddn, ld_passwd, LDAP_AUTH_SIMPLE) != --- 82,145 ---- time (&time0); /* initialize ldap */ + #ifdef HAVE_LDAP_INIT + if (!(ld = ldap_init (ld_host, ld_port))) { + printf ("Could not connect to the server at port %i\n", ld_port); + return STATE_CRITICAL; + } + #else if (!(ld = ldap_open (ld_host, ld_port))) { printf ("Could not connect to the server at port %i\n", ld_port); return STATE_CRITICAL; } + #endif /* HAVE_LDAP_INIT */ + + #if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_PROTOCOL_VERSION) + ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version); + #endif /* LDAP_OPT_PROTOCOL_VERSION */ + + if (strstr(argv[0],"check_ldaps")) { + /* with TLS */ + if ( ld_port == LDAPS_PORT ) { + asprintf (&SERVICE, "LDAPS"); + #if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS) + /* ldaps: set option tls */ + tls = LDAP_OPT_X_TLS_HARD; + if (ldap_set_option (ld, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS) + { + /*ldap_perror(ld, "ldaps_option"); */ + printf ("Could not init TLS at port %i!\n", ld_port); + return STATE_CRITICAL; + } + #else + printf ("TLS not supported by the libraries!\n", ld_port); + return STATE_CRITICAL; + #endif /* LDAP_OPT_X_TLS */ + } else { + asprintf (&SERVICE, "LDAP-TLS"); + #if defined(HAVE_LDAP_SET_OPTION) && defined(HAVE_LDAP_START_TLS_S) + /* ldap with startTLS: set option version */ + if (ldap_get_option(ld,LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS ) + { + if (version < LDAP_VERSION3) + { + version = LDAP_VERSION3; + ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version); + } + } + /* call start_tls */ + if (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS) + { + /*ldap_perror(ld, "ldap_start_tls"); */ + printf ("Could not init startTLS at port %i!\n", ld_port); + return STATE_CRITICAL; + } + #else + printf ("startTLS not supported by the library, needs LDAPv3!\n"); + return STATE_CRITICAL; + #endif /* HAVE_LDAP_START_TLS_S */ + } + } /* bind to the ldap server */ if (ldap_bind_s (ld, ld_binddn, ld_passwd, LDAP_AUTH_SIMPLE) != *************** main (int argc, char *argv[]) *** 109,125 **** t_diff = time1 - time0; if (crit_time!=UNDEFINED && t_diff>=crit_time) { ! printf ("LDAP critical - %i seconds response time\n", t_diff); return STATE_CRITICAL; } if (warn_time!=UNDEFINED && t_diff>=warn_time) { ! printf ("LDAP warning - %i seconds response time\n", t_diff); return STATE_WARNING; } /* print out the result */ ! printf ("LDAP ok - %i seconds response time\n", t_diff); return STATE_OK; } --- 170,186 ---- t_diff = time1 - time0; if (crit_time!=UNDEFINED && t_diff>=crit_time) { ! printf ("%s critical - %i seconds response time\n", SERVICE, t_diff); return STATE_CRITICAL; } if (warn_time!=UNDEFINED && t_diff>=warn_time) { ! printf ("%s warning - %i seconds response time\n", SERVICE, t_diff); return STATE_WARNING; } /* print out the result */ ! printf ("%s ok - %i seconds response time\n", SERVICE, t_diff); return STATE_OK; }