diff options
Diffstat (limited to 'plugins/check_ldap.c')
| -rw-r--r-- | plugins/check_ldap.c | 104 |
1 files changed, 82 insertions, 22 deletions
diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c index c371be97..845a4f52 100644 --- a/plugins/check_ldap.c +++ b/plugins/check_ldap.c | |||
| @@ -1,29 +1,29 @@ | |||
| 1 | /***************************************************************************** | 1 | /***************************************************************************** |
| 2 | * | 2 | * |
| 3 | * Monitoring check_ldap plugin | 3 | * Monitoring check_ldap plugin |
| 4 | * | 4 | * |
| 5 | * License: GPL | 5 | * License: GPL |
| 6 | * Copyright (c) 2000-2008 Monitoring Plugins Development Team | 6 | * Copyright (c) 2000-2008 Monitoring Plugins Development Team |
| 7 | * | 7 | * |
| 8 | * Description: | 8 | * Description: |
| 9 | * | 9 | * |
| 10 | * This file contains the check_ldap plugin | 10 | * This file contains the check_ldap plugin |
| 11 | * | 11 | * |
| 12 | * | 12 | * |
| 13 | * This program is free software: you can redistribute it and/or modify | 13 | * This program is free software: you can redistribute it and/or modify |
| 14 | * it under the terms of the GNU General Public License as published by | 14 | * it under the terms of the GNU General Public License as published by |
| 15 | * the Free Software Foundation, either version 3 of the License, or | 15 | * the Free Software Foundation, either version 3 of the License, or |
| 16 | * (at your option) any later version. | 16 | * (at your option) any later version. |
| 17 | * | 17 | * |
| 18 | * This program is distributed in the hope that it will be useful, | 18 | * This program is distributed in the hope that it will be useful, |
| 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 21 | * GNU General Public License for more details. | 21 | * GNU General Public License for more details. |
| 22 | * | 22 | * |
| 23 | * You should have received a copy of the GNU General Public License | 23 | * You should have received a copy of the GNU General Public License |
| 24 | * along with this program. If not, see <http://www.gnu.org/licenses/>. | 24 | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 25 | * | 25 | * |
| 26 | * | 26 | * |
| 27 | *****************************************************************************/ | 27 | *****************************************************************************/ |
| 28 | 28 | ||
| 29 | /* progname may be check_ldaps */ | 29 | /* progname may be check_ldaps */ |
| @@ -67,7 +67,10 @@ int ld_protocol = DEFAULT_PROTOCOL; | |||
| 67 | #endif | 67 | #endif |
| 68 | double warn_time = UNDEFINED; | 68 | double warn_time = UNDEFINED; |
| 69 | double crit_time = UNDEFINED; | 69 | double crit_time = UNDEFINED; |
| 70 | thresholds *entries_thresholds = NULL; | ||
| 70 | struct timeval tv; | 71 | struct timeval tv; |
| 72 | char* warn_entries = NULL; | ||
| 73 | char* crit_entries = NULL; | ||
| 71 | int starttls = FALSE; | 74 | int starttls = FALSE; |
| 72 | int ssl_on_connect = FALSE; | 75 | int ssl_on_connect = FALSE; |
| 73 | int verbose = 0; | 76 | int verbose = 0; |
| @@ -94,6 +97,12 @@ main (int argc, char *argv[]) | |||
| 94 | int tls; | 97 | int tls; |
| 95 | int version=3; | 98 | int version=3; |
| 96 | 99 | ||
| 100 | /* for entry counting */ | ||
| 101 | |||
| 102 | LDAPMessage *next_entry; | ||
| 103 | int status_entries = STATE_OK; | ||
| 104 | int num_entries = 0; | ||
| 105 | |||
| 97 | setlocale (LC_ALL, ""); | 106 | setlocale (LC_ALL, ""); |
| 98 | bindtextdomain (PACKAGE, LOCALEDIR); | 107 | bindtextdomain (PACKAGE, LOCALEDIR); |
| 99 | textdomain (PACKAGE); | 108 | textdomain (PACKAGE); |
| @@ -197,12 +206,14 @@ main (int argc, char *argv[]) | |||
| 197 | } | 206 | } |
| 198 | 207 | ||
| 199 | /* do a search of all objectclasses in the base dn */ | 208 | /* do a search of all objectclasses in the base dn */ |
| 200 | if (ldap_search_s (ld, ld_base, LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result) | 209 | if (ldap_search_s (ld, ld_base, (crit_entries!=NULL || warn_entries!=NULL) ? LDAP_SCOPE_SUBTREE : LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result) |
| 201 | != LDAP_SUCCESS) { | 210 | != LDAP_SUCCESS) { |
| 202 | if (verbose) | 211 | if (verbose) |
| 203 | ldap_perror(ld, "ldap_search"); | 212 | ldap_perror(ld, "ldap_search"); |
| 204 | printf (_("Could not search/find objectclasses in %s\n"), ld_base); | 213 | printf (_("Could not search/find objectclasses in %s\n"), ld_base); |
| 205 | return STATE_CRITICAL; | 214 | return STATE_CRITICAL; |
| 215 | } else if (crit_entries!=NULL || warn_entries!=NULL) { | ||
| 216 | num_entries = ldap_count_entries(ld, result); | ||
| 206 | } | 217 | } |
| 207 | 218 | ||
| 208 | /* unbind from the ldap server */ | 219 | /* unbind from the ldap server */ |
| @@ -223,14 +234,42 @@ main (int argc, char *argv[]) | |||
| 223 | else | 234 | else |
| 224 | status = STATE_OK; | 235 | status = STATE_OK; |
| 225 | 236 | ||
| 237 | if(entries_thresholds != NULL) { | ||
| 238 | if (verbose) { | ||
| 239 | printf ("entries found: %d\n", num_entries); | ||
| 240 | print_thresholds("entry thresholds", entries_thresholds); | ||
| 241 | } | ||
| 242 | status_entries = get_status(num_entries, entries_thresholds); | ||
| 243 | if (status_entries == STATE_CRITICAL) { | ||
| 244 | status = STATE_CRITICAL; | ||
| 245 | } else if (status != STATE_CRITICAL) { | ||
| 246 | status = status_entries; | ||
| 247 | } | ||
| 248 | } | ||
| 249 | |||
| 226 | /* print out the result */ | 250 | /* print out the result */ |
| 227 | printf (_("LDAP %s - %.3f seconds response time|%s\n"), | 251 | if (crit_entries!=NULL || warn_entries!=NULL) { |
| 228 | state_text (status), | 252 | printf (_("LDAP %s - found %d entries in %.3f seconds|%s %s\n"), |
| 229 | elapsed_time, | 253 | state_text (status), |
| 230 | fperfdata ("time", elapsed_time, "s", | 254 | num_entries, |
| 231 | (int)warn_time, warn_time, | 255 | elapsed_time, |
| 232 | (int)crit_time, crit_time, | 256 | fperfdata ("time", elapsed_time, "s", |
| 233 | TRUE, 0, FALSE, 0)); | 257 | (int)warn_time, warn_time, |
| 258 | (int)crit_time, crit_time, | ||
| 259 | TRUE, 0, FALSE, 0), | ||
| 260 | sperfdata ("entries", (double)num_entries, "", | ||
| 261 | warn_entries, | ||
| 262 | crit_entries, | ||
| 263 | TRUE, 0.0, FALSE, 0.0)); | ||
| 264 | } else { | ||
| 265 | printf (_("LDAP %s - %.3f seconds response time|%s\n"), | ||
| 266 | state_text (status), | ||
| 267 | elapsed_time, | ||
| 268 | fperfdata ("time", elapsed_time, "s", | ||
| 269 | (int)warn_time, warn_time, | ||
| 270 | (int)crit_time, crit_time, | ||
| 271 | TRUE, 0, FALSE, 0)); | ||
| 272 | } | ||
| 234 | 273 | ||
| 235 | return status; | 274 | return status; |
| 236 | } | 275 | } |
| @@ -263,6 +302,8 @@ process_arguments (int argc, char **argv) | |||
| 263 | {"port", required_argument, 0, 'p'}, | 302 | {"port", required_argument, 0, 'p'}, |
| 264 | {"warn", required_argument, 0, 'w'}, | 303 | {"warn", required_argument, 0, 'w'}, |
| 265 | {"crit", required_argument, 0, 'c'}, | 304 | {"crit", required_argument, 0, 'c'}, |
| 305 | {"warn-entries", required_argument, 0, 'W'}, | ||
| 306 | {"crit-entries", required_argument, 0, 'C'}, | ||
| 266 | {"verbose", no_argument, 0, 'v'}, | 307 | {"verbose", no_argument, 0, 'v'}, |
| 267 | {0, 0, 0, 0} | 308 | {0, 0, 0, 0} |
| 268 | }; | 309 | }; |
| @@ -276,7 +317,7 @@ process_arguments (int argc, char **argv) | |||
| 276 | } | 317 | } |
| 277 | 318 | ||
| 278 | while (1) { | 319 | while (1) { |
| 279 | c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:", longopts, &option); | 320 | c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:W:", longopts, &option); |
| 280 | 321 | ||
| 281 | if (c == -1 || c == EOF) | 322 | if (c == -1 || c == EOF) |
| 282 | break; | 323 | break; |
| @@ -284,10 +325,10 @@ process_arguments (int argc, char **argv) | |||
| 284 | switch (c) { | 325 | switch (c) { |
| 285 | case 'h': /* help */ | 326 | case 'h': /* help */ |
| 286 | print_help (); | 327 | print_help (); |
| 287 | exit (STATE_OK); | 328 | exit (STATE_UNKNOWN); |
| 288 | case 'V': /* version */ | 329 | case 'V': /* version */ |
| 289 | print_revision (progname, NP_VERSION); | 330 | print_revision (progname, NP_VERSION); |
| 290 | exit (STATE_OK); | 331 | exit (STATE_UNKNOWN); |
| 291 | case 't': /* timeout period */ | 332 | case 't': /* timeout period */ |
| 292 | if (!is_intnonneg (optarg)) | 333 | if (!is_intnonneg (optarg)) |
| 293 | usage2 (_("Timeout interval must be a positive integer"), optarg); | 334 | usage2 (_("Timeout interval must be a positive integer"), optarg); |
| @@ -318,6 +359,12 @@ process_arguments (int argc, char **argv) | |||
| 318 | case 'c': | 359 | case 'c': |
| 319 | crit_time = strtod (optarg, NULL); | 360 | crit_time = strtod (optarg, NULL); |
| 320 | break; | 361 | break; |
| 362 | case 'W': | ||
| 363 | warn_entries = optarg; | ||
| 364 | break; | ||
| 365 | case 'C': | ||
| 366 | crit_entries = optarg; | ||
| 367 | break; | ||
| 321 | #ifdef HAVE_LDAP_SET_OPTION | 368 | #ifdef HAVE_LDAP_SET_OPTION |
| 322 | case '2': | 369 | case '2': |
| 323 | ld_protocol = 2; | 370 | ld_protocol = 2; |
| @@ -381,6 +428,13 @@ validate_arguments () | |||
| 381 | if (ld_base==NULL) | 428 | if (ld_base==NULL) |
| 382 | usage4 (_("Please specify the LDAP base\n")); | 429 | usage4 (_("Please specify the LDAP base\n")); |
| 383 | 430 | ||
| 431 | if (crit_entries!=NULL || warn_entries!=NULL) { | ||
| 432 | set_thresholds(&entries_thresholds, | ||
| 433 | warn_entries, crit_entries); | ||
| 434 | } | ||
| 435 | if (ld_passwd==NULL) | ||
| 436 | ld_passwd = getenv("LDAP_PASSWORD"); | ||
| 437 | |||
| 384 | return OK; | 438 | return OK; |
| 385 | } | 439 | } |
| 386 | 440 | ||
| @@ -414,7 +468,7 @@ print_help (void) | |||
| 414 | printf (" %s\n", "-D [--bind]"); | 468 | printf (" %s\n", "-D [--bind]"); |
| 415 | printf (" %s\n", _("ldap bind DN (if required)")); | 469 | printf (" %s\n", _("ldap bind DN (if required)")); |
| 416 | printf (" %s\n", "-P [--pass]"); | 470 | printf (" %s\n", "-P [--pass]"); |
| 417 | printf (" %s\n", _("ldap password (if required)")); | 471 | printf (" %s\n", _("ldap password (if required, or set the password through environment variable 'LDAP_PASSWORD')")); |
| 418 | printf (" %s\n", "-T [--starttls]"); | 472 | printf (" %s\n", "-T [--starttls]"); |
| 419 | printf (" %s\n", _("use starttls mechanism introduced in protocol version 3")); | 473 | printf (" %s\n", _("use starttls mechanism introduced in protocol version 3")); |
| 420 | printf (" %s\n", "-S [--ssl]"); | 474 | printf (" %s\n", "-S [--ssl]"); |
| @@ -430,6 +484,11 @@ print_help (void) | |||
| 430 | 484 | ||
| 431 | printf (UT_WARN_CRIT); | 485 | printf (UT_WARN_CRIT); |
| 432 | 486 | ||
| 487 | printf (" %s\n", "-W [--warn-entries]"); | ||
| 488 | printf (" %s\n", _("Number of found entries to result in warning status")); | ||
| 489 | printf (" %s\n", "-C [--crit-entries]"); | ||
| 490 | printf (" %s\n", _("Number of found entries to result in critical status")); | ||
| 491 | |||
| 433 | printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); | 492 | printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); |
| 434 | 493 | ||
| 435 | printf (UT_VERBOSE); | 494 | printf (UT_VERBOSE); |
| @@ -441,6 +500,7 @@ print_help (void) | |||
| 441 | printf (" %s\n", _("'SSL on connect' will be used no matter how the plugin was called.")); | 500 | printf (" %s\n", _("'SSL on connect' will be used no matter how the plugin was called.")); |
| 442 | printf (" %s\n", _("This detection is deprecated, please use 'check_ldap' with the '--starttls' or '--ssl' flags")); | 501 | printf (" %s\n", _("This detection is deprecated, please use 'check_ldap' with the '--starttls' or '--ssl' flags")); |
| 443 | printf (" %s\n", _("to define the behaviour explicitly instead.")); | 502 | printf (" %s\n", _("to define the behaviour explicitly instead.")); |
| 503 | printf (" %s\n", _("The parameters --warn-entries and --crit-entries are optional.")); | ||
| 444 | 504 | ||
| 445 | printf (UT_SUPPORT); | 505 | printf (UT_SUPPORT); |
| 446 | } | 506 | } |