diff options
author | Anton Lofgren <alofgren@op5.com> | 2014-03-07 11:35:21 +0100 |
---|---|---|
committer | Holger Weiss <holger@zedat.fu-berlin.de> | 2014-04-24 08:49:54 +0200 |
commit | 4e0da0216d3ca96c930eca053c9a229e86cc7402 (patch) | |
tree | 29317e50ffe1eebbb86843b8c86b87e82e4d2224 /plugins | |
parent | c887890e9f9698f01eb62451a04579c9c4be325f (diff) | |
download | monitoring-plugins-4e0da0216d3ca96c930eca053c9a229e86cc7402.tar.gz |
check_snmp: Handle SNMPv3 noAuthNoPriv properly
The SNMPv3 noAuthNoPriv security level, somewhat unintuitively, requires
a security name to be passed along together with the request. Check_snmp
previously did not do this, causing snmpget to throw an error:
"External command error: No log handling enabled - turning on stderr
logging
snmpget: No securityName specified"
This patch fixes the issue by always providing the security name when
noAuthNoPriv is specified.
See also:
https:://bugs.op5.com/view.php?id=8385.
Signed-off-by: Anton Lofgren <alofgren@op5.com>
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/check_snmp.c | 10 | ||||
-rw-r--r-- | plugins/t/check_snmp.t | 11 |
2 files changed, 15 insertions, 6 deletions
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c index d516fbc1..2c62a230 100644 --- a/plugins/check_snmp.c +++ b/plugins/check_snmp.c | |||
@@ -963,11 +963,16 @@ validate_arguments () | |||
963 | if (seclevel == NULL) | 963 | if (seclevel == NULL) |
964 | xasprintf(&seclevel, "noAuthNoPriv"); | 964 | xasprintf(&seclevel, "noAuthNoPriv"); |
965 | 965 | ||
966 | if (secname == NULL) | ||
967 | die(STATE_UNKNOWN, _("Required parameter: %s\n"), "secname"); | ||
968 | |||
966 | if (strcmp(seclevel, "noAuthNoPriv") == 0) { | 969 | if (strcmp(seclevel, "noAuthNoPriv") == 0) { |
967 | numauthpriv = 2; | 970 | numauthpriv = 4; |
968 | authpriv = calloc (numauthpriv, sizeof (char *)); | 971 | authpriv = calloc (numauthpriv, sizeof (char *)); |
969 | authpriv[0] = strdup ("-l"); | 972 | authpriv[0] = strdup ("-l"); |
970 | authpriv[1] = strdup ("noAuthNoPriv"); | 973 | authpriv[1] = strdup ("noAuthNoPriv"); |
974 | authpriv[2] = strdup ("-u"); | ||
975 | authpriv[3] = strdup (secname); | ||
971 | } else { | 976 | } else { |
972 | if (! ( (strcmp(seclevel, "authNoPriv")==0) || (strcmp(seclevel, "authPriv")==0) ) ) { | 977 | if (! ( (strcmp(seclevel, "authNoPriv")==0) || (strcmp(seclevel, "authPriv")==0) ) ) { |
973 | usage2 (_("Invalid seclevel"), seclevel); | 978 | usage2 (_("Invalid seclevel"), seclevel); |
@@ -976,9 +981,6 @@ validate_arguments () | |||
976 | if (authproto == NULL ) | 981 | if (authproto == NULL ) |
977 | xasprintf(&authproto, DEFAULT_AUTH_PROTOCOL); | 982 | xasprintf(&authproto, DEFAULT_AUTH_PROTOCOL); |
978 | 983 | ||
979 | if (secname == NULL) | ||
980 | die(STATE_UNKNOWN, _("Required parameter: %s\n"), "secname"); | ||
981 | |||
982 | if (authpasswd == NULL) | 984 | if (authpasswd == NULL) |
983 | die(STATE_UNKNOWN, _("Required parameter: %s\n"), "authpasswd"); | 985 | die(STATE_UNKNOWN, _("Required parameter: %s\n"), "authpasswd"); |
984 | 986 | ||
diff --git a/plugins/t/check_snmp.t b/plugins/t/check_snmp.t index 6de5f299..c35d7821 100644 --- a/plugins/t/check_snmp.t +++ b/plugins/t/check_snmp.t | |||
@@ -10,7 +10,7 @@ use NPTest; | |||
10 | 10 | ||
11 | BEGIN { | 11 | BEGIN { |
12 | plan skip_all => 'check_snmp is not compiled' unless -x "./check_snmp"; | 12 | plan skip_all => 'check_snmp is not compiled' unless -x "./check_snmp"; |
13 | plan tests => 60; | 13 | plan tests => 61; |
14 | } | 14 | } |
15 | 15 | ||
16 | my $res; | 16 | my $res; |
@@ -26,6 +26,7 @@ my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRES | |||
26 | 26 | ||
27 | my $hostname_invalid = getTestParameter( "hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost", | 27 | my $hostname_invalid = getTestParameter( "hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost", |
28 | "An invalid (not known to DNS) hostname" ); | 28 | "An invalid (not known to DNS) hostname" ); |
29 | my $user_snmp = getTestParameter( "user_snmp", "NP_SNMP_USER", "auth_md5", "An SNMP user"); | ||
29 | 30 | ||
30 | $res = NPTest->testCmd( "./check_snmp -t 1" ); | 31 | $res = NPTest->testCmd( "./check_snmp -t 1" ); |
31 | is( $res->return_code, 3, "No host name" ); | 32 | is( $res->return_code, 3, "No host name" ); |
@@ -35,7 +36,7 @@ $res = NPTest->testCmd( "./check_snmp -H fakehostname" ); | |||
35 | is( $res->return_code, 3, "No OIDs specified" ); | 36 | is( $res->return_code, 3, "No OIDs specified" ); |
36 | is( $res->output, "No OIDs specified" ); | 37 | is( $res->output, "No OIDs specified" ); |
37 | 38 | ||
38 | $res = NPTest->testCmd( "./check_snmp -H fakehost -o oids -P 3 --seclevel=rubbish" ); | 39 | $res = NPTest->testCmd( "./check_snmp -H fakehost -o oids -P 3 -U not_a_user --seclevel=rubbish" ); |
39 | is( $res->return_code, 3, "Invalid seclevel" ); | 40 | is( $res->return_code, 3, "Invalid seclevel" ); |
40 | like( $res->output, "/check_snmp: Invalid seclevel - rubbish/" ); | 41 | like( $res->output, "/check_snmp: Invalid seclevel - rubbish/" ); |
41 | 42 | ||
@@ -154,6 +155,12 @@ SKIP: { | |||
154 | like($res->output, '/^SNMP OK - Timeticks:\s\(\d+\)\s+(?:\d+ days?,\s+)?\d+:\d+:\d+\.\d+\s.*$/', "Timetick used as a string, result printed rather than parsed"); | 155 | like($res->output, '/^SNMP OK - Timeticks:\s\(\d+\)\s+(?:\d+ days?,\s+)?\d+:\d+:\d+\.\d+\s.*$/', "Timetick used as a string, result printed rather than parsed"); |
155 | } | 156 | } |
156 | 157 | ||
158 | SKIP: { | ||
159 | skip "no SNMP user defined", 1 if ( ! $user_snmp ); | ||
160 | $res = NPTest->testCmd( "./check_snmp -H $host_snmp -o HOST-RESOURCES-MIB::hrSystemUptime.0 -P 3 -U $user_snmp -L noAuthNoPriv"); | ||
161 | like( $res->output, '/^SNMP OK - Timeticks:\s\(\d+\)\s+(?:\d+ days?,\s+)?\d+:\d+:\d+\.\d+\s.*$/', "noAuthNoPriv security level works properly" ); | ||
162 | } | ||
163 | |||
157 | # These checks need a complete command line. An invalid community is used so | 164 | # These checks need a complete command line. An invalid community is used so |
158 | # the tests can run on hosts w/o snmp host/community in NPTest.cache. Execution will fail anyway | 165 | # the tests can run on hosts w/o snmp host/community in NPTest.cache. Execution will fail anyway |
159 | SKIP: { | 166 | SKIP: { |