summaryrefslogtreecommitdiffstats
path: root/plugins/check_ldap.c
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/check_ldap.c')
-rw-r--r--plugins/check_ldap.c602
1 files changed, 285 insertions, 317 deletions
diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c
index 87818da6..597644bd 100644
--- a/plugins/check_ldap.c
+++ b/plugins/check_ldap.c
@@ -1,30 +1,30 @@
1/***************************************************************************** 1/*****************************************************************************
2* 2 *
3* Monitoring check_ldap plugin 3 * Monitoring check_ldap plugin
4* 4 *
5* License: GPL 5 * License: GPL
6* Copyright (c) 2000-2024 Monitoring Plugins Development Team 6 * Copyright (c) 2000-2024 Monitoring Plugins Development Team
7* 7 *
8* Description: 8 * Description:
9* 9 *
10* This file contains the check_ldap plugin 10 * This file contains the check_ldap plugin
11* 11 *
12* 12 *
13* This program is free software: you can redistribute it and/or modify 13 * This program is free software: you can redistribute it and/or modify
14* it under the terms of the GNU General Public License as published by 14 * it under the terms of the GNU General Public License as published by
15* the Free Software Foundation, either version 3 of the License, or 15 * the Free Software Foundation, either version 3 of the License, or
16* (at your option) any later version. 16 * (at your option) any later version.
17* 17 *
18* This program is distributed in the hope that it will be useful, 18 * This program is distributed in the hope that it will be useful,
19* but WITHOUT ANY WARRANTY; without even the implied warranty of 19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21* GNU General Public License for more details. 21 * GNU General Public License for more details.
22* 22 *
23* You should have received a copy of the GNU General Public License 23 * You should have received a copy of the GNU General Public License
24* along with this program. If not, see <http://www.gnu.org/licenses/>. 24 * along with this program. If not, see <http://www.gnu.org/licenses/>.
25* 25 *
26* 26 *
27*****************************************************************************/ 27 *****************************************************************************/
28 28
29/* progname may be check_ldaps */ 29/* progname may be check_ldaps */
30char *progname = "check_ldap"; 30char *progname = "check_ldap";
@@ -34,209 +34,178 @@ const char *email = "devel@monitoring-plugins.org";
34#include "common.h" 34#include "common.h"
35#include "netutils.h" 35#include "netutils.h"
36#include "utils.h" 36#include "utils.h"
37#include "check_ldap.d/config.h"
37 38
39#include "states.h"
38#include <lber.h> 40#include <lber.h>
39#define LDAP_DEPRECATED 1 41#define LDAP_DEPRECATED 1
40#include <ldap.h> 42#include <ldap.h>
41 43
42enum { 44enum {
43 UNDEFINED = 0,
44#ifdef HAVE_LDAP_SET_OPTION
45 DEFAULT_PROTOCOL = 2,
46#endif
47 DEFAULT_PORT = 389 45 DEFAULT_PORT = 389
48}; 46};
49 47
50static int process_arguments (int, char **); 48typedef struct {
51static int validate_arguments (void); 49 int errorcode;
52static void print_help (void); 50 check_ldap_config config;
53void print_usage (void); 51} check_ldap_config_wrapper;
54 52static check_ldap_config_wrapper process_arguments(int /*argc*/, char ** /*argv*/);
55static char ld_defattr[] = "(objectclass=*)"; 53static check_ldap_config_wrapper validate_arguments(check_ldap_config_wrapper /*config_wrapper*/);
56static char *ld_attr = ld_defattr;
57static char *ld_host = NULL;
58static char *ld_base = NULL;
59static char *ld_passwd = NULL;
60static char *ld_binddn = NULL;
61static int ld_port = -1;
62#ifdef HAVE_LDAP_SET_OPTION
63static int ld_protocol = DEFAULT_PROTOCOL;
64#endif
65#ifndef LDAP_OPT_SUCCESS
66# define LDAP_OPT_SUCCESS LDAP_SUCCESS
67#endif
68static double warn_time = UNDEFINED;
69static double crit_time = UNDEFINED;
70static thresholds *entries_thresholds = NULL;
71static struct timeval tv;
72static char* warn_entries = NULL;
73static char* crit_entries = NULL;
74static bool starttls = false;
75static bool ssl_on_connect = false;
76static bool verbose = false;
77
78/* for ldap tls */
79
80static char *SERVICE = "LDAP";
81
82int
83main (int argc, char *argv[])
84{
85
86 LDAP *ld;
87 LDAPMessage *result;
88
89 /* should be int result = STATE_UNKNOWN; */
90
91 int status = STATE_UNKNOWN;
92 long microsec;
93 double elapsed_time;
94
95 /* for ldap tls */
96 54
97 int tls; 55static void print_help(void);
98 int version=3; 56void print_usage(void);
99 57
100 int status_entries = STATE_OK; 58#ifndef LDAP_OPT_SUCCESS
101 int num_entries = 0; 59# define LDAP_OPT_SUCCESS LDAP_SUCCESS
60#endif
61static int verbose = 0;
102 62
103 setlocale (LC_ALL, ""); 63int main(int argc, char *argv[]) {
104 bindtextdomain (PACKAGE, LOCALEDIR); 64 setlocale(LC_ALL, "");
105 textdomain (PACKAGE); 65 bindtextdomain(PACKAGE, LOCALEDIR);
66 textdomain(PACKAGE);
106 67
107 if (strstr(argv[0],"check_ldaps")) { 68 if (strstr(argv[0], "check_ldaps")) {
108 xasprintf (&progname, "check_ldaps"); 69 xasprintf(&progname, "check_ldaps");
109 } 70 }
110 71
111 /* Parse extra opts if any */ 72 /* Parse extra opts if any */
112 argv=np_extra_opts (&argc, argv, progname); 73 argv = np_extra_opts(&argc, argv, progname);
113 74
114 if (process_arguments (argc, argv) == ERROR) 75 check_ldap_config_wrapper tmp_config = process_arguments(argc, argv);
115 usage4 (_("Could not parse arguments")); 76 if (tmp_config.errorcode == ERROR) {
77 usage4(_("Could not parse arguments"));
78 }
116 79
117 if (strstr(argv[0],"check_ldaps") && ! starttls && ! ssl_on_connect) 80 const check_ldap_config config = tmp_config.config;
118 starttls = true;
119 81
120 /* initialize alarm signal handling */ 82 /* initialize alarm signal handling */
121 signal (SIGALRM, socket_timeout_alarm_handler); 83 signal(SIGALRM, socket_timeout_alarm_handler);
122 84
123 /* set socket timeout */ 85 /* set socket timeout */
124 alarm (socket_timeout); 86 alarm(socket_timeout);
125 87
126 /* get the start time */ 88 /* get the start time */
127 gettimeofday (&tv, NULL); 89 struct timeval start_time;
90 gettimeofday(&start_time, NULL);
128 91
92 LDAP *ldap_connection;
129 /* initialize ldap */ 93 /* initialize ldap */
130#ifdef HAVE_LDAP_INIT 94#ifdef HAVE_LDAP_INIT
131 if (!(ld = ldap_init (ld_host, ld_port))) { 95 if (!(ldap_connection = ldap_init(config.ld_host, config.ld_port))) {
132 printf ("Could not connect to the server at port %i\n", ld_port); 96 printf("Could not connect to the server at port %i\n", config.ld_port);
133 return STATE_CRITICAL; 97 return STATE_CRITICAL;
134 } 98 }
135#else 99#else
136 if (!(ld = ldap_open (ld_host, ld_port))) { 100 if (!(ld = ldap_open(config.ld_host, config.ld_port))) {
137 if (verbose) 101 if (verbose) {
138 ldap_perror(ld, "ldap_open"); 102 ldap_perror(ldap_connection, "ldap_open");
139 printf (_("Could not connect to the server at port %i\n"), ld_port); 103 }
104 printf(_("Could not connect to the server at port %i\n"), config.ld_port);
140 return STATE_CRITICAL; 105 return STATE_CRITICAL;
141 } 106 }
142#endif /* HAVE_LDAP_INIT */ 107#endif /* HAVE_LDAP_INIT */
143 108
144#ifdef HAVE_LDAP_SET_OPTION 109#ifdef HAVE_LDAP_SET_OPTION
145 /* set ldap options */ 110 /* set ldap options */
146 if (ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &ld_protocol) != 111 if (ldap_set_option(ldap_connection, LDAP_OPT_PROTOCOL_VERSION, &config.ld_protocol) != LDAP_OPT_SUCCESS) {
147 LDAP_OPT_SUCCESS ) { 112 printf(_("Could not set protocol version %d\n"), config.ld_protocol);
148 printf(_("Could not set protocol version %d\n"), ld_protocol);
149 return STATE_CRITICAL; 113 return STATE_CRITICAL;
150 } 114 }
151#endif 115#endif
152 116
153 if (ld_port == LDAPS_PORT || ssl_on_connect) { 117 int version = 3;
154 xasprintf (&SERVICE, "LDAPS"); 118 int tls;
119 if (config.ld_port == LDAPS_PORT || config.ssl_on_connect) {
155#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS) 120#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS)
156 /* ldaps: set option tls */ 121 /* ldaps: set option tls */
157 tls = LDAP_OPT_X_TLS_HARD; 122 tls = LDAP_OPT_X_TLS_HARD;
158 123
159 if (ldap_set_option (ld, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS) 124 if (ldap_set_option(ldap_connection, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS) {
160 { 125 if (verbose) {
161 if (verbose) 126 ldap_perror(ldap_connection, "ldaps_option");
162 ldap_perror(ld, "ldaps_option"); 127 }
163 printf (_("Could not init TLS at port %i!\n"), ld_port); 128 printf(_("Could not init TLS at port %i!\n"), config.ld_port);
164 return STATE_CRITICAL; 129 return STATE_CRITICAL;
165 } 130 }
166#else 131#else
167 printf (_("TLS not supported by the libraries!\n")); 132 printf(_("TLS not supported by the libraries!\n"));
168 return STATE_CRITICAL; 133 return STATE_CRITICAL;
169#endif /* LDAP_OPT_X_TLS */ 134#endif /* LDAP_OPT_X_TLS */
170 } else if (starttls) { 135 } else if (config.starttls) {
171 xasprintf (&SERVICE, "LDAP-TLS");
172#if defined(HAVE_LDAP_SET_OPTION) && defined(HAVE_LDAP_START_TLS_S) 136#if defined(HAVE_LDAP_SET_OPTION) && defined(HAVE_LDAP_START_TLS_S)
173 /* ldap with startTLS: set option version */ 137 /* ldap with startTLS: set option version */
174 if (ldap_get_option(ld,LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS ) 138 if (ldap_get_option(ldap_connection, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS) {
175 { 139 if (version < LDAP_VERSION3) {
176 if (version < LDAP_VERSION3)
177 {
178 version = LDAP_VERSION3; 140 version = LDAP_VERSION3;
179 ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version); 141 ldap_set_option(ldap_connection, LDAP_OPT_PROTOCOL_VERSION, &version);
180 } 142 }
181 } 143 }
182 /* call start_tls */ 144 /* call start_tls */
183 if (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS) 145 if (ldap_start_tls_s(ldap_connection, NULL, NULL) != LDAP_SUCCESS) {
184 { 146 if (verbose) {
185 if (verbose) 147 ldap_perror(ldap_connection, "ldap_start_tls");
186 ldap_perror(ld, "ldap_start_tls"); 148 }
187 printf (_("Could not init startTLS at port %i!\n"), ld_port); 149 printf(_("Could not init startTLS at port %i!\n"), config.ld_port);
188 return STATE_CRITICAL; 150 return STATE_CRITICAL;
189 } 151 }
190#else 152#else
191 printf (_("startTLS not supported by the library, needs LDAPv3!\n")); 153 printf(_("startTLS not supported by the library, needs LDAPv3!\n"));
192 return STATE_CRITICAL; 154 return STATE_CRITICAL;
193#endif /* HAVE_LDAP_START_TLS_S */ 155#endif /* HAVE_LDAP_START_TLS_S */
194 } 156 }
195 157
196 /* bind to the ldap server */ 158 /* bind to the ldap server */
197 if (ldap_bind_s (ld, ld_binddn, ld_passwd, LDAP_AUTH_SIMPLE) != 159 if (ldap_bind_s(ldap_connection, config.ld_binddn, config.ld_passwd, LDAP_AUTH_SIMPLE) != LDAP_SUCCESS) {
198 LDAP_SUCCESS) { 160 if (verbose) {
199 if (verbose) 161 ldap_perror(ldap_connection, "ldap_bind");
200 ldap_perror(ld, "ldap_bind"); 162 }
201 printf (_("Could not bind to the LDAP server\n")); 163 printf(_("Could not bind to the LDAP server\n"));
202 return STATE_CRITICAL; 164 return STATE_CRITICAL;
203 } 165 }
204 166
167 LDAPMessage *result;
168 int num_entries = 0;
205 /* do a search of all objectclasses in the base dn */ 169 /* do a search of all objectclasses in the base dn */
206 if (ldap_search_s (ld, ld_base, (crit_entries!=NULL || warn_entries!=NULL) ? LDAP_SCOPE_SUBTREE : LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result) 170 if (ldap_search_s(ldap_connection, config.ld_base,
207 != LDAP_SUCCESS) { 171 (config.crit_entries != NULL || config.warn_entries != NULL) ? LDAP_SCOPE_SUBTREE : LDAP_SCOPE_BASE, config.ld_attr,
208 if (verbose) 172 NULL, 0, &result) != LDAP_SUCCESS) {
209 ldap_perror(ld, "ldap_search"); 173 if (verbose) {
210 printf (_("Could not search/find objectclasses in %s\n"), ld_base); 174 ldap_perror(ldap_connection, "ldap_search");
175 }
176 printf(_("Could not search/find objectclasses in %s\n"), config.ld_base);
211 return STATE_CRITICAL; 177 return STATE_CRITICAL;
212 } else if (crit_entries!=NULL || warn_entries!=NULL) { 178 }
213 num_entries = ldap_count_entries(ld, result); 179
180 if (config.crit_entries != NULL || config.warn_entries != NULL) {
181 num_entries = ldap_count_entries(ldap_connection, result);
214 } 182 }
215 183
216 /* unbind from the ldap server */ 184 /* unbind from the ldap server */
217 ldap_unbind (ld); 185 ldap_unbind(ldap_connection);
218 186
219 /* reset the alarm handler */ 187 /* reset the alarm handler */
220 alarm (0); 188 alarm(0);
221 189
222 /* calculate the elapsed time and compare to thresholds */ 190 /* calculate the elapsed time and compare to thresholds */
223 191
224 microsec = deltime (tv); 192 long microsec = deltime(start_time);
225 elapsed_time = (double)microsec / 1.0e6; 193 double elapsed_time = (double)microsec / 1.0e6;
226 194 mp_state_enum status = STATE_UNKNOWN;
227 if (crit_time!=UNDEFINED && elapsed_time>crit_time) 195 if (config.crit_time_set && elapsed_time > config.crit_time) {
228 status = STATE_CRITICAL; 196 status = STATE_CRITICAL;
229 else if (warn_time!=UNDEFINED && elapsed_time>warn_time) 197 } else if (config.warn_time_set && elapsed_time > config.warn_time) {
230 status = STATE_WARNING; 198 status = STATE_WARNING;
231 else 199 } else {
232 status = STATE_OK; 200 status = STATE_OK;
201 }
233 202
234 if(entries_thresholds != NULL) { 203 if (config.entries_thresholds != NULL) {
235 if (verbose) { 204 if (verbose) {
236 printf ("entries found: %d\n", num_entries); 205 printf("entries found: %d\n", num_entries);
237 print_thresholds("entry thresholds", entries_thresholds); 206 print_thresholds("entry thresholds", config.entries_thresholds);
238 } 207 }
239 status_entries = get_status(num_entries, entries_thresholds); 208 mp_state_enum status_entries = get_status(num_entries, config.entries_thresholds);
240 if (status_entries == STATE_CRITICAL) { 209 if (status_entries == STATE_CRITICAL) {
241 status = STATE_CRITICAL; 210 status = STATE_CRITICAL;
242 } else if (status != STATE_CRITICAL) { 211 } else if (status != STATE_CRITICAL) {
@@ -245,273 +214,272 @@ main (int argc, char *argv[])
245 } 214 }
246 215
247 /* print out the result */ 216 /* print out the result */
248 if (crit_entries!=NULL || warn_entries!=NULL) { 217 if (config.crit_entries != NULL || config.warn_entries != NULL) {
249 printf (_("LDAP %s - found %d entries in %.3f seconds|%s %s\n"), 218 printf(_("LDAP %s - found %d entries in %.3f seconds|%s %s\n"), state_text(status), num_entries, elapsed_time,
250 state_text (status), 219 fperfdata("time", elapsed_time, "s", config.warn_time_set, config.warn_time, config.crit_time_set, config.crit_time, true, 0,
251 num_entries, 220 false, 0),
252 elapsed_time, 221 sperfdata("entries", (double)num_entries, "", config.warn_entries, config.crit_entries, true, 0.0, false, 0.0));
253 fperfdata ("time", elapsed_time, "s",
254 (int)warn_time, warn_time,
255 (int)crit_time, crit_time,
256 true, 0, false, 0),
257 sperfdata ("entries", (double)num_entries, "",
258 warn_entries,
259 crit_entries,
260 true, 0.0, false, 0.0));
261 } else { 222 } else {
262 printf (_("LDAP %s - %.3f seconds response time|%s\n"), 223 printf(_("LDAP %s - %.3f seconds response time|%s\n"), state_text(status), elapsed_time,
263 state_text (status), 224 fperfdata("time", elapsed_time, "s", config.warn_time_set, config.warn_time, config.crit_time_set, config.crit_time, true, 0,
264 elapsed_time, 225 false, 0));
265 fperfdata ("time", elapsed_time, "s",
266 (int)warn_time, warn_time,
267 (int)crit_time, crit_time,
268 true, 0, false, 0));
269 } 226 }
270 227
271 return status; 228 exit(status);
272} 229}
273 230
274/* process command-line arguments */ 231/* process command-line arguments */
275int 232check_ldap_config_wrapper process_arguments(int argc, char **argv) {
276process_arguments (int argc, char **argv)
277{
278 int c;
279
280 int option = 0;
281 /* initialize the long option struct */ 233 /* initialize the long option struct */
282 static struct option longopts[] = { 234 static struct option longopts[] = {{"help", no_argument, 0, 'h'},
283 {"help", no_argument, 0, 'h'}, 235 {"version", no_argument, 0, 'V'},
284 {"version", no_argument, 0, 'V'}, 236 {"timeout", required_argument, 0, 't'},
285 {"timeout", required_argument, 0, 't'}, 237 {"hostname", required_argument, 0, 'H'},
286 {"hostname", required_argument, 0, 'H'}, 238 {"base", required_argument, 0, 'b'},
287 {"base", required_argument, 0, 'b'}, 239 {"attr", required_argument, 0, 'a'},
288 {"attr", required_argument, 0, 'a'}, 240 {"bind", required_argument, 0, 'D'},
289 {"bind", required_argument, 0, 'D'}, 241 {"pass", required_argument, 0, 'P'},
290 {"pass", required_argument, 0, 'P'},
291#ifdef HAVE_LDAP_SET_OPTION 242#ifdef HAVE_LDAP_SET_OPTION
292 {"ver2", no_argument, 0, '2'}, 243 {"ver2", no_argument, 0, '2'},
293 {"ver3", no_argument, 0, '3'}, 244 {"ver3", no_argument, 0, '3'},
294#endif 245#endif
295 {"starttls", no_argument, 0, 'T'}, 246 {"starttls", no_argument, 0, 'T'},
296 {"ssl", no_argument, 0, 'S'}, 247 {"ssl", no_argument, 0, 'S'},
297 {"use-ipv4", no_argument, 0, '4'}, 248 {"use-ipv4", no_argument, 0, '4'},
298 {"use-ipv6", no_argument, 0, '6'}, 249 {"use-ipv6", no_argument, 0, '6'},
299 {"port", required_argument, 0, 'p'}, 250 {"port", required_argument, 0, 'p'},
300 {"warn", required_argument, 0, 'w'}, 251 {"warn", required_argument, 0, 'w'},
301 {"crit", required_argument, 0, 'c'}, 252 {"crit", required_argument, 0, 'c'},
302 {"warn-entries", required_argument, 0, 'W'}, 253 {"warn-entries", required_argument, 0, 'W'},
303 {"crit-entries", required_argument, 0, 'C'}, 254 {"crit-entries", required_argument, 0, 'C'},
304 {"verbose", no_argument, 0, 'v'}, 255 {"verbose", no_argument, 0, 'v'},
305 {0, 0, 0, 0} 256 {0, 0, 0, 0}};
257
258 check_ldap_config_wrapper result = {
259 .errorcode = OK,
260 .config = check_ldap_config_init(),
306 }; 261 };
307 262
308 if (argc < 2) 263 if (argc < 2) {
309 return ERROR; 264 result.errorcode = ERROR;
265 return result;
266 }
310 267
311 for (c = 1; c < argc; c++) { 268 for (int index = 1; index < argc; index++) {
312 if (strcmp ("-to", argv[c]) == 0) 269 if (strcmp("-to", argv[index]) == 0) {
313 strcpy (argv[c], "-t"); 270 strcpy(argv[index], "-t");
271 }
314 } 272 }
315 273
274 int option = 0;
316 while (true) { 275 while (true) {
317 c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:W:", longopts, &option); 276 int option_index = getopt_long(argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:W:", longopts, &option);
318 277
319 if (c == -1 || c == EOF) 278 if (option_index == -1 || option_index == EOF) {
320 break; 279 break;
280 }
321 281
322 switch (c) { 282 switch (option_index) {
323 case 'h': /* help */ 283 case 'h': /* help */
324 print_help (); 284 print_help();
325 exit (STATE_UNKNOWN); 285 exit(STATE_UNKNOWN);
326 case 'V': /* version */ 286 case 'V': /* version */
327 print_revision (progname, NP_VERSION); 287 print_revision(progname, NP_VERSION);
328 exit (STATE_UNKNOWN); 288 exit(STATE_UNKNOWN);
329 case 't': /* timeout period */ 289 case 't': /* timeout period */
330 if (!is_intnonneg (optarg)) 290 if (!is_intnonneg(optarg)) {
331 usage2 (_("Timeout interval must be a positive integer"), optarg); 291 usage2(_("Timeout interval must be a positive integer"), optarg);
332 else 292 } else {
333 socket_timeout = atoi (optarg); 293 socket_timeout = atoi(optarg);
294 }
334 break; 295 break;
335 case 'H': 296 case 'H':
336 ld_host = optarg; 297 result.config.ld_host = optarg;
337 break; 298 break;
338 case 'b': 299 case 'b':
339 ld_base = optarg; 300 result.config.ld_base = optarg;
340 break; 301 break;
341 case 'p': 302 case 'p':
342 ld_port = atoi (optarg); 303 result.config.ld_port = atoi(optarg);
343 break; 304 break;
344 case 'a': 305 case 'a':
345 ld_attr = optarg; 306 result.config.ld_attr = optarg;
346 break; 307 break;
347 case 'D': 308 case 'D':
348 ld_binddn = optarg; 309 result.config.ld_binddn = optarg;
349 break; 310 break;
350 case 'P': 311 case 'P':
351 ld_passwd = optarg; 312 result.config.ld_passwd = optarg;
352 break; 313 break;
353 case 'w': 314 case 'w':
354 warn_time = strtod (optarg, NULL); 315 result.config.warn_time_set = true;
316 result.config.warn_time = strtod(optarg, NULL);
355 break; 317 break;
356 case 'c': 318 case 'c':
357 crit_time = strtod (optarg, NULL); 319 result.config.crit_time_set = true;
320 result.config.crit_time = strtod(optarg, NULL);
358 break; 321 break;
359 case 'W': 322 case 'W':
360 warn_entries = optarg; 323 result.config.warn_entries = optarg;
361 break; 324 break;
362 case 'C': 325 case 'C':
363 crit_entries = optarg; 326 result.config.crit_entries = optarg;
364 break; 327 break;
365#ifdef HAVE_LDAP_SET_OPTION 328#ifdef HAVE_LDAP_SET_OPTION
366 case '2': 329 case '2':
367 ld_protocol = 2; 330 result.config.ld_protocol = 2;
368 break; 331 break;
369 case '3': 332 case '3':
370 ld_protocol = 3; 333 result.config.ld_protocol = 3;
371 break; 334 break;
372#endif 335#endif // HAVE_LDAP_SET_OPTION
373 case '4': 336 case '4':
374 address_family = AF_INET; 337 address_family = AF_INET;
375 break; 338 break;
376 case 'v': 339 case 'v':
377 verbose = true; 340 verbose++;
378 break; 341 break;
379 case 'T': 342 case 'T':
380 if (! ssl_on_connect) 343 if (!result.config.ssl_on_connect) {
381 starttls = true; 344 result.config.starttls = true;
382 else 345 } else {
383 usage_va(_("%s cannot be combined with %s"), "-T/--starttls", "-S/--ssl"); 346 usage_va(_("%s cannot be combined with %s"), "-T/--starttls", "-S/--ssl");
347 }
384 break; 348 break;
385 case 'S': 349 case 'S':
386 if (! starttls) { 350 if (!result.config.starttls) {
387 ssl_on_connect = true; 351 result.config.ssl_on_connect = true;
388 if (ld_port == -1) 352 if (result.config.ld_port == -1) {
389 ld_port = LDAPS_PORT; 353 result.config.ld_port = LDAPS_PORT;
390 } else 354 }
355 } else {
391 usage_va(_("%s cannot be combined with %s"), "-S/--ssl", "-T/--starttls"); 356 usage_va(_("%s cannot be combined with %s"), "-S/--ssl", "-T/--starttls");
357 }
392 break; 358 break;
393 case '6': 359 case '6':
394#ifdef USE_IPV6 360#ifdef USE_IPV6
395 address_family = AF_INET6; 361 address_family = AF_INET6;
396#else 362#else
397 usage (_("IPv6 support not available\n")); 363 usage(_("IPv6 support not available\n"));
398#endif 364#endif
399 break; 365 break;
400 default: 366 default:
401 usage5 (); 367 usage5();
402 } 368 }
403 } 369 }
404 370
405 c = optind; 371 int index = optind;
406 if (ld_host == NULL && is_host(argv[c])) 372 if ((result.config.ld_host == NULL) && is_host(argv[index])) {
407 ld_host = strdup (argv[c++]); 373 result.config.ld_host = strdup(argv[index++]);
374 }
408 375
409 if (ld_base == NULL && argv[c]) 376 if ((result.config.ld_base == NULL) && argv[index]) {
410 ld_base = strdup (argv[c++]); 377 result.config.ld_base = strdup(argv[index++]);
378 }
411 379
412 if (ld_port == -1) 380 if (result.config.ld_port == -1) {
413 ld_port = DEFAULT_PORT; 381 result.config.ld_port = DEFAULT_PORT;
382 }
414 383
415 return validate_arguments (); 384 if (strstr(argv[0], "check_ldaps") && !result.config.starttls && !result.config.ssl_on_connect) {
385 result.config.starttls = true;
386 }
387
388 return validate_arguments(result);
416} 389}
417 390
391check_ldap_config_wrapper validate_arguments(check_ldap_config_wrapper config_wrapper) {
392 if (config_wrapper.config.ld_host == NULL || strlen(config_wrapper.config.ld_host) == 0) {
393 usage4(_("Please specify the host name\n"));
394 }
418 395
419int 396 if (config_wrapper.config.ld_base == NULL) {
420validate_arguments () 397 usage4(_("Please specify the LDAP base\n"));
421{ 398 }
422 if (ld_host==NULL || strlen(ld_host)==0)
423 usage4 (_("Please specify the host name\n"));
424 399
425 if (ld_base==NULL) 400 if (config_wrapper.config.crit_entries != NULL || config_wrapper.config.warn_entries != NULL) {
426 usage4 (_("Please specify the LDAP base\n")); 401 set_thresholds(&config_wrapper.config.entries_thresholds, config_wrapper.config.warn_entries, config_wrapper.config.crit_entries);
402 }
427 403
428 if (crit_entries!=NULL || warn_entries!=NULL) { 404 if (config_wrapper.config.ld_passwd == NULL) {
429 set_thresholds(&entries_thresholds, 405 config_wrapper.config.ld_passwd = getenv("LDAP_PASSWORD");
430 warn_entries, crit_entries);
431 } 406 }
432 if (ld_passwd==NULL)
433 ld_passwd = getenv("LDAP_PASSWORD");
434 407
435 return OK; 408 return config_wrapper;
436} 409}
437 410
438 411void print_help(void) {
439void
440print_help (void)
441{
442 char *myport; 412 char *myport;
443 xasprintf (&myport, "%d", DEFAULT_PORT); 413 xasprintf(&myport, "%d", DEFAULT_PORT);
444 414
445 print_revision (progname, NP_VERSION); 415 print_revision(progname, NP_VERSION);
446 416
447 printf ("Copyright (c) 1999 Didi Rieder (adrieder@sbox.tu-graz.ac.at)\n"); 417 printf("Copyright (c) 1999 Didi Rieder (adrieder@sbox.tu-graz.ac.at)\n");
448 printf (COPYRIGHT, copyright, email); 418 printf(COPYRIGHT, copyright, email);
449 419
450 printf ("\n\n"); 420 printf("\n\n");
451 421
452 print_usage (); 422 print_usage();
453 423
454 printf (UT_HELP_VRSN); 424 printf(UT_HELP_VRSN);
455 printf (UT_EXTRA_OPTS); 425 printf(UT_EXTRA_OPTS);
456 426
457 printf (UT_HOST_PORT, 'p', myport); 427 printf(UT_HOST_PORT, 'p', myport);
458 428
459 printf (UT_IPv46); 429 printf(UT_IPv46);
460 430
461 printf (" %s\n", "-a [--attr]"); 431 printf(" %s\n", "-a [--attr]");
462 printf (" %s\n", _("ldap attribute to search (default: \"(objectclass=*)\"")); 432 printf(" %s\n", _("ldap attribute to search (default: \"(objectclass=*)\""));
463 printf (" %s\n", "-b [--base]"); 433 printf(" %s\n", "-b [--base]");
464 printf (" %s\n", _("ldap base (eg. ou=my unit, o=my org, c=at")); 434 printf(" %s\n", _("ldap base (eg. ou=my unit, o=my org, c=at"));
465 printf (" %s\n", "-D [--bind]"); 435 printf(" %s\n", "-D [--bind]");
466 printf (" %s\n", _("ldap bind DN (if required)")); 436 printf(" %s\n", _("ldap bind DN (if required)"));
467 printf (" %s\n", "-P [--pass]"); 437 printf(" %s\n", "-P [--pass]");
468 printf (" %s\n", _("ldap password (if required, or set the password through environment variable 'LDAP_PASSWORD')")); 438 printf(" %s\n", _("ldap password (if required, or set the password through environment variable 'LDAP_PASSWORD')"));
469 printf (" %s\n", "-T [--starttls]"); 439 printf(" %s\n", "-T [--starttls]");
470 printf (" %s\n", _("use starttls mechanism introduced in protocol version 3")); 440 printf(" %s\n", _("use starttls mechanism introduced in protocol version 3"));
471 printf (" %s\n", "-S [--ssl]"); 441 printf(" %s\n", "-S [--ssl]");
472 printf (" %s %i\n", _("use ldaps (ldap v2 ssl method). this also sets the default port to"), LDAPS_PORT); 442 printf(" %s %i\n", _("use ldaps (ldap v2 ssl method). this also sets the default port to"), LDAPS_PORT);
473 443
474#ifdef HAVE_LDAP_SET_OPTION 444#ifdef HAVE_LDAP_SET_OPTION
475 printf (" %s\n", "-2 [--ver2]"); 445 printf(" %s\n", "-2 [--ver2]");
476 printf (" %s\n", _("use ldap protocol version 2")); 446 printf(" %s\n", _("use ldap protocol version 2"));
477 printf (" %s\n", "-3 [--ver3]"); 447 printf(" %s\n", "-3 [--ver3]");
478 printf (" %s\n", _("use ldap protocol version 3")); 448 printf(" %s\n", _("use ldap protocol version 3"));
479 printf (" (%s %d)\n", _("default protocol version:"), DEFAULT_PROTOCOL); 449 printf(" (%s %d)\n", _("default protocol version:"), DEFAULT_PROTOCOL);
480#endif 450#endif
481 451
482 printf (UT_WARN_CRIT); 452 printf(UT_WARN_CRIT);
483 453
484 printf (" %s\n", "-W [--warn-entries]"); 454 printf(" %s\n", "-W [--warn-entries]");
485 printf (" %s\n", _("Number of found entries to result in warning status")); 455 printf(" %s\n", _("Number of found entries to result in warning status"));
486 printf (" %s\n", "-C [--crit-entries]"); 456 printf(" %s\n", "-C [--crit-entries]");
487 printf (" %s\n", _("Number of found entries to result in critical status")); 457 printf(" %s\n", _("Number of found entries to result in critical status"));
488 458
489 printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); 459 printf(UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
490 460
491 printf (UT_VERBOSE); 461 printf(UT_VERBOSE);
492 462
493 printf ("\n"); 463 printf("\n");
494 printf ("%s\n", _("Notes:")); 464 printf("%s\n", _("Notes:"));
495 printf (" %s\n", _("If this plugin is called via 'check_ldaps', method 'STARTTLS' will be")); 465 printf(" %s\n", _("If this plugin is called via 'check_ldaps', method 'STARTTLS' will be"));
496 printf (_(" implied (using default port %i) unless --port=636 is specified. In that case\n"), DEFAULT_PORT); 466 printf(_(" implied (using default port %i) unless --port=636 is specified. In that case\n"), DEFAULT_PORT);
497 printf (" %s\n", _("'SSL on connect' will be used no matter how the plugin was called.")); 467 printf(" %s\n", _("'SSL on connect' will be used no matter how the plugin was called."));
498 printf (" %s\n", _("This detection is deprecated, please use 'check_ldap' with the '--starttls' or '--ssl' flags")); 468 printf(" %s\n", _("This detection is deprecated, please use 'check_ldap' with the '--starttls' or '--ssl' flags"));
499 printf (" %s\n", _("to define the behaviour explicitly instead.")); 469 printf(" %s\n", _("to define the behaviour explicitly instead."));
500 printf (" %s\n", _("The parameters --warn-entries and --crit-entries are optional.")); 470 printf(" %s\n", _("The parameters --warn-entries and --crit-entries are optional."));
501 471
502 printf (UT_SUPPORT); 472 printf(UT_SUPPORT);
503} 473}
504 474
505void 475void print_usage(void) {
506print_usage (void) 476 printf("%s\n", _("Usage:"));
507{ 477 printf(" %s -H <host> -b <base_dn> [-p <port>] [-a <attr>] [-D <binddn>]", progname);
508 printf ("%s\n", _("Usage:")); 478 printf("\n [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout]%s\n",
509 printf (" %s -H <host> -b <base_dn> [-p <port>] [-a <attr>] [-D <binddn>]",progname);
510 printf ("\n [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout]%s\n",
511#ifdef HAVE_LDAP_SET_OPTION 479#ifdef HAVE_LDAP_SET_OPTION
512 "\n [-2|-3] [-4|-6]" 480 "\n [-2|-3] [-4|-6]"
513#else 481#else
514 "" 482 ""
515#endif 483#endif
516 ); 484 );
517} 485}