--- check_ldap.c.orig Thu Nov 14 18:47:22 2002 +++ check_ldap.c Fri Nov 15 13:54:00 2002 @@ -7,7 +7,10 @@ * * Last Modified: $Date: 2002/02/28 06:42:57 $ * - * Command line: check_ldap -h -b -p -w -w + * Command line: check_ldap -H -b -p [-f ] + * [-a ] [-e ] [-W ] [-C ] [-r] + * [-D ] [-P ] + * [-w ] [-c ] [-t timeout] [-v] * * Description: * @@ -17,6 +20,8 @@ * * 08-25-1999 Ethan Galstad (nagios@nagios.org) * Modified to use common plugin include file + * 11-15-2002 Gyula Szabo (gyufi@sztaki.hu) + * Modified check_ldap.c * *****************************************************************************/ @@ -41,6 +46,12 @@ char ld_defattr[] = "(objectclass=*)"; char *ld_attr = ld_defattr; +char *attr = ""; +char *expect = ""; +int verbose = 0; +int reverse = 0; +char *attr_warn = "", *attr_crit = ""; +long attr_warn_long, attr_crit_long; char *ld_host = NULL, *ld_base = NULL, *ld_passwd = NULL, *ld_binddn = NULL; unsigned int ld_port = 389; int warn_time = UNKNOWN, crit_time = UNKNOWN; @@ -50,14 +61,26 @@ { LDAP *ld; - LDAPMessage *result; + LDAPMessage *result, *e; - int t_diff; + int t_diff, i; time_t time0, time1; + BerElement *ber; + char *a, *dn; + char **vals; + char * pEnd; + char res[50] = ""; if (process_arguments (argc, argv) == ERROR) usage ("check_ldap: could not parse arguments\n"); + if (validate_arguments () == ERROR) + usage ("check_ldap: not valid arguments\n"); + + /* convert strings to long integers */ + attr_warn_long = strtol (attr_warn,&pEnd,0); + attr_crit_long = strtol (attr_crit,&pEnd,0); + /* initialize alarm signal handling */ signal (SIGALRM, socket_timeout_alarm_handler); @@ -70,7 +93,7 @@ /* initialize ldap */ if (!(ld = ldap_open (ld_host, ld_port))) { /*ldap_perror(ld, "ldap_open"); */ - printf ("Could not connect to the server at port %i\n", ld_port); + printf ("LDAP critical - Could not connect to the server at port %i\n", ld_port); return STATE_CRITICAL; } @@ -78,7 +101,7 @@ if (ldap_bind_s (ld, ld_binddn, ld_passwd, LDAP_AUTH_SIMPLE) != LDAP_SUCCESS) { /*ldap_perror(ld, "ldap_bind"); */ - printf ("Could not bind to the ldap-server\n"); + printf ("LDAP critical - Could not bind to the ldap-server\n"); return STATE_CRITICAL; } @@ -86,10 +109,68 @@ if (ldap_search_s (ld, ld_base, LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result) != LDAP_SUCCESS) { /*ldap_perror(ld, "ldap_search"); */ - printf ("Could not search/find objectclasses in %s\n", ld_base); + printf ("LDAP critical - Could not search/find objectclasses in %s\n", ld_base); return STATE_CRITICAL; } + + /* For each matching entry, print the entry name and its attributes. */ + for ( e = ldap_first_entry( ld, result ); e != NULL; + e = ldap_next_entry( ld, e ) ) { + if ( ( dn = ldap_get_dn( ld, e ) ) != NULL ) { + if (verbose) {printf( "dn: %s\n", dn );} + ldap_memfree( dn ); + } + for ( a = ldap_first_attribute( ld, e, &ber ); a != NULL; + a = ldap_next_attribute( ld, e, ber ) ) { + if ( ( vals = ldap_get_values( ld, e, a ) ) != NULL ) { + for ( i = 0; vals[i] != NULL; i++ ) { + if (verbose) {printf( "%s: %s\n", a, vals[i] );} + if ( strcmp (a,attr) == 0 ) { + strcpy(res,a); + strcat(res,": "); + strncat(res,vals[i],30); + + if (strcmp(vals[i],expect) != 0 && strcmp("",expect) != 0 ) { + printf ("LDAP critical - %s: %s \n", a, vals[i]); + return STATE_CRITICAL; + } + if(reverse){ + if (attr_crit_long && strtol(vals[i],&pEnd,0)<=attr_crit_long) { + printf ("LDAP critical - %s: %s\n", a, vals[i]); + return STATE_CRITICAL; + } + if (attr_warn_long && strtol(vals[i],&pEnd,0)<=attr_warn_long) { + printf ("LDAP warning - %s: %s\n", a, vals[i]); + return STATE_WARNING; + } + } + else { + if (attr_crit_long && strtol(vals[i],&pEnd,0)>=attr_crit_long) { + printf ("LDAP critical - %s: %s\n", a, vals[i]); + return STATE_CRITICAL; + } + if (attr_warn_long && strtol(vals[i],&pEnd,0)>=attr_warn_long) { + printf ("LDAP warning - %s: %s\n", a, vals[i]); + return STATE_WARNING; + } + } + } + + } + ldap_value_free( vals ); + } + ldap_memfree( a ); + } + if ( ber != NULL ) { + ber_free( ber, 0 ); + } + printf( "\n" ); + } + ldap_msgfree( result ); + + + /* unbind from the ldap server */ ldap_unbind (ld); @@ -113,7 +194,8 @@ } /* print out the result */ - printf ("LDAP ok - %i seconds response time\n", t_diff); + if (strcmp(res,"") != 0) {printf ("LDAP ok - %i seconds response time, %s\n", t_diff, res);} + else {printf ("LDAP ok - %i seconds response time\n", t_diff);} return STATE_OK; } @@ -158,12 +240,15 @@ {"timeout", required_argument, 0, 't'}, {"host", required_argument, 0, 'H'}, {"base", required_argument, 0, 'b'}, + {"filter", required_argument, 0, 'f'}, {"attr", required_argument, 0, 'a'}, + {"expect", required_argument, 0, 'e'}, {"bind", required_argument, 0, 'D'}, {"pass", required_argument, 0, 'P'}, {"port", required_argument, 0, 'p'}, {"warn", required_argument, 0, 'w'}, {"crit", required_argument, 0, 'c'}, + {"verbose", required_argument, 0, 'v'}, {0, 0, 0, 0} }; #endif @@ -175,10 +260,10 @@ while (1) { #ifdef HAVE_GETOPT_H c = - getopt_long (argc, argv, "+hVt:c:w:H:b:p:a:D:P:", long_options, + getopt_long (argc, argv, "+hVt:c:w:H:b:p:f:a:e:W:C:D:P:vr", long_options, &option_index); #else - c = getopt (argc, argv, "+?hVt:c:w:H:b:p:a:D:P:"); + c = getopt (argc, argv, "+?hVt:c:w:H:b:p:f:a:e:W:C:D:P:vr"); #endif if (c == -1 || c == EOF) @@ -192,9 +277,14 @@ case 'H': case 'b': case 'p': + case 'f': case 'a': + case 'e': + case 'W': + case 'C': case 'D': case 'P': + case 'v': i++; } @@ -219,9 +309,28 @@ case 'p': ld_port = atoi (optarg); break; - case 'a': + case 'f': ld_attr = optarg; break; + case 'a': + attr = optarg; + break; + case 'e': + expect = optarg; + break; + case 'W': + if (!is_intnonneg (optarg)) + usage2 ("Warning value must be an integer", optarg); + attr_warn = optarg; + break; + case 'C': + if (!is_intnonneg (optarg)) + usage2 ("Critical value must be an integer", optarg); + attr_crit = optarg; + break; + case 'r': + reverse = 1; + break; case 'D': ld_binddn = optarg; break; @@ -234,6 +343,9 @@ case 'c': crit_time = atoi (optarg); break; + case 'v': + verbose = 1; + break; default: usage ("check_ldap: could not parse arguments\n"); break; @@ -247,7 +359,18 @@ { if (ld_host[0] == 0 || ld_base[0] == 0 || - ld_port == UNKNOWN || warn_time == UNKNOWN || crit_time == UNKNOWN) { + ld_port == UNKNOWN || warn_time == UNKNOWN || crit_time == UNKNOWN || + ( + (attr != "" && expect == "") && + (attr != "" && (attr_warn == "" || attr_crit == "")) + ) || + ( + (attr_warn != "" || attr_crit != "" || expect != "") && (attr == "") + ) || + ( + ((attr_warn != "" || attr_crit != "") && expect != "") + ) + ) { return ERROR; } else { @@ -270,13 +393,19 @@ ("\n" "Options:\n" "\t-H [--host] ... host\n" - "\t-a [--attr] ... ldap attribute to search (default: \"(objectclass=*)\"\n" + "\t-f [--filter] ... ldap attribute to search (default: \"(objectclass=*)\"\n" + "\t-a [--attr] ... ldap attribute to compare \n" + "\t-e [--expect] ... expect string to match attribute - if not equal the STATE_CRITICAL will be returned\n" + "\t-W [--Warn] ... Attribute value. - if the exceeds the STATE_WARNING will be returned\n" + "\t-C [--Crit] ... Attribute value. - if the exceeds the STATE_CRITICAL will be returned\n" + "\t-r [--reverse] ... Comparing attribute value is reverse (lower attribute value is abnormal)\n" "\t-b [--base] ... ldap base (eg. ou=my unit, o=my org, c=at)\n" "\t-D [--bind] ... ldap bind DN (if required)\n" "\t-P [--pass] ... ldap password (if required)\n" "\t-p [--port] ... ldap port (normaly 389)\n" "\t-w [--warn] ... time in secs. - if the exceeds the STATE_WARNING will be returned\n" "\t-c [--crit] ... time in secs. - if the exceeds the STATE_CRITICAL will be returned\n" + "\t-v [--verbose] ... Verbose output, print all attributes\n" "\n"); } @@ -285,7 +414,10 @@ print_usage () { printf - ("Usage: %s -H -b -p [-a ] [-D ]\n" - " [-P ] [-w ] [-c ] [-t timeout]\n" - "(Note: all times are in seconds.)\n", PROGNAME); + ("Usage: %s -H -b -p [-f ] \n" + " [-a ] [-e ] [-W ] [-C ] [-r]\n" + " [-D ] [-P ]\n" + " [-w ] [-c ] [-t timeout] [-v]\n" + "(Note: all times are in seconds,\n" + " if you use -a then you\'ve to use -W and -C or -e alone.)\n", PROGNAME); }