diff options
Diffstat (limited to 'plugins/check_ldap.c')
-rw-r--r-- | plugins/check_ldap.c | 67 |
1 files changed, 66 insertions, 1 deletions
diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c index e77ad308..29bc01b2 100644 --- a/plugins/check_ldap.c +++ b/plugins/check_ldap.c | |||
@@ -57,6 +57,10 @@ double warn_time = UNDEFINED; | |||
57 | double crit_time = UNDEFINED; | 57 | double crit_time = UNDEFINED; |
58 | struct timeval tv; | 58 | struct timeval tv; |
59 | 59 | ||
60 | /* for ldap tls */ | ||
61 | |||
62 | char *SERVICE = "LDAP"; | ||
63 | |||
60 | int | 64 | int |
61 | main (int argc, char *argv[]) | 65 | main (int argc, char *argv[]) |
62 | { | 66 | { |
@@ -69,11 +73,20 @@ main (int argc, char *argv[]) | |||
69 | int status = STATE_UNKNOWN; | 73 | int status = STATE_UNKNOWN; |
70 | long microsec; | 74 | long microsec; |
71 | double elapsed_time; | 75 | double elapsed_time; |
76 | |||
77 | /* for ldap tls */ | ||
78 | |||
79 | int tls; | ||
80 | int version=3; | ||
72 | 81 | ||
73 | setlocale (LC_ALL, ""); | 82 | setlocale (LC_ALL, ""); |
74 | bindtextdomain (PACKAGE, LOCALEDIR); | 83 | bindtextdomain (PACKAGE, LOCALEDIR); |
75 | textdomain (PACKAGE); | 84 | textdomain (PACKAGE); |
76 | 85 | ||
86 | if (strstr(argv[0],"check_ldaps")) { | ||
87 | asprintf (&progname, "check_ldaps"); | ||
88 | } | ||
89 | |||
77 | if (process_arguments (argc, argv) == ERROR) | 90 | if (process_arguments (argc, argv) == ERROR) |
78 | usage4 (_("Could not parse arguments")); | 91 | usage4 (_("Could not parse arguments")); |
79 | 92 | ||
@@ -87,12 +100,19 @@ main (int argc, char *argv[]) | |||
87 | gettimeofday (&tv, NULL); | 100 | gettimeofday (&tv, NULL); |
88 | 101 | ||
89 | /* initialize ldap */ | 102 | /* initialize ldap */ |
103 | #ifdef HAVE_LDAP_INIT | ||
104 | if (!(ld = ldap_init (ld_host, ld_port))) { | ||
105 | printf ("Could not connect to the server at port %i\n", ld_port); | ||
106 | return STATE_CRITICAL; | ||
107 | } | ||
108 | #else | ||
90 | if (!(ld = ldap_open (ld_host, ld_port))) { | 109 | if (!(ld = ldap_open (ld_host, ld_port))) { |
91 | /*ldap_perror(ld, "ldap_open"); */ | 110 | /*ldap_perror(ld, "ldap_open"); */ |
92 | printf (_("Could not connect to the server at port %i\n"), ld_port); | 111 | printf (_("Could not connect to the server at port %i\n"), ld_port); |
93 | return STATE_CRITICAL; | 112 | return STATE_CRITICAL; |
94 | } | 113 | } |
95 | 114 | #endif /* HAVE_LDAP_INIT */ | |
115 | |||
96 | #ifdef HAVE_LDAP_SET_OPTION | 116 | #ifdef HAVE_LDAP_SET_OPTION |
97 | /* set ldap options */ | 117 | /* set ldap options */ |
98 | if (ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &ld_protocol) != | 118 | if (ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &ld_protocol) != |
@@ -101,6 +121,51 @@ main (int argc, char *argv[]) | |||
101 | return STATE_CRITICAL; | 121 | return STATE_CRITICAL; |
102 | } | 122 | } |
103 | #endif | 123 | #endif |
124 | |||
125 | if (strstr(argv[0],"check_ldaps")) { | ||
126 | /* with TLS */ | ||
127 | if ( ld_port == LDAPS_PORT ) { | ||
128 | asprintf (&SERVICE, "LDAPS"); | ||
129 | #if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS) | ||
130 | /* ldaps: set option tls */ | ||
131 | tls = LDAP_OPT_X_TLS_HARD; | ||
132 | |||
133 | if (ldap_set_option (ld, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS) | ||
134 | { | ||
135 | /*ldap_perror(ld, "ldaps_option"); */ | ||
136 | printf ("Could not init TLS at port %i!\n", ld_port); | ||
137 | return STATE_CRITICAL; | ||
138 | } | ||
139 | #else | ||
140 | printf ("TLS not supported by the libraries!\n", ld_port); | ||
141 | return STATE_CRITICAL; | ||
142 | #endif /* LDAP_OPT_X_TLS */ | ||
143 | } else { | ||
144 | asprintf (&SERVICE, "LDAP-TLS"); | ||
145 | #if defined(HAVE_LDAP_SET_OPTION) && defined(HAVE_LDAP_START_TLS_S) | ||
146 | /* ldap with startTLS: set option version */ | ||
147 | if (ldap_get_option(ld,LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS ) | ||
148 | { | ||
149 | if (version < LDAP_VERSION3) | ||
150 | { | ||
151 | version = LDAP_VERSION3; | ||
152 | ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version); | ||
153 | } | ||
154 | } | ||
155 | /* call start_tls */ | ||
156 | if (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS) | ||
157 | { | ||
158 | /*ldap_perror(ld, "ldap_start_tls"); */ | ||
159 | printf ("Could not init startTLS at port %i!\n", ld_port); | ||
160 | return STATE_CRITICAL; | ||
161 | } | ||
162 | #else | ||
163 | printf ("startTLS not supported by the library, needs LDAPv3!\n"); | ||
164 | return STATE_CRITICAL; | ||
165 | #endif /* HAVE_LDAP_START_TLS_S */ | ||
166 | } | ||
167 | } | ||
168 | |||
104 | /* bind to the ldap server */ | 169 | /* bind to the ldap server */ |
105 | if (ldap_bind_s (ld, ld_binddn, ld_passwd, LDAP_AUTH_SIMPLE) != | 170 | if (ldap_bind_s (ld, ld_binddn, ld_passwd, LDAP_AUTH_SIMPLE) != |
106 | LDAP_SUCCESS) { | 171 | LDAP_SUCCESS) { |