summaryrefslogtreecommitdiffstats
path: root/plugins/check_ldap.c
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/check_ldap.c')
-rw-r--r--plugins/check_ldap.c811
1 files changed, 449 insertions, 362 deletions
diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c
index 868ffc1e..1b2e2826 100644
--- a/plugins/check_ldap.c
+++ b/plugins/check_ldap.c
@@ -1,517 +1,604 @@
1/***************************************************************************** 1/*****************************************************************************
2* 2 *
3* Monitoring check_ldap plugin 3 * Monitoring check_ldap plugin
4* 4 *
5* License: GPL 5 * License: GPL
6* Copyright (c) 2000-2008 Monitoring Plugins Development Team 6 * Copyright (c) 2000-2024 Monitoring Plugins Development Team
7* 7 *
8* Description: 8 * Description:
9* 9 *
10* This file contains the check_ldap plugin 10 * This file contains the check_ldap plugin
11* 11 *
12* 12 *
13* This program is free software: you can redistribute it and/or modify 13 * This program is free software: you can redistribute it and/or modify
14* it under the terms of the GNU General Public License as published by 14 * it under the terms of the GNU General Public License as published by
15* the Free Software Foundation, either version 3 of the License, or 15 * the Free Software Foundation, either version 3 of the License, or
16* (at your option) any later version. 16 * (at your option) any later version.
17* 17 *
18* This program is distributed in the hope that it will be useful, 18 * This program is distributed in the hope that it will be useful,
19* but WITHOUT ANY WARRANTY; without even the implied warranty of 19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21* GNU General Public License for more details. 21 * GNU General Public License for more details.
22* 22 *
23* You should have received a copy of the GNU General Public License 23 * You should have received a copy of the GNU General Public License
24* along with this program. If not, see <http://www.gnu.org/licenses/>. 24 * along with this program. If not, see <http://www.gnu.org/licenses/>.
25* 25 *
26* 26 *
27*****************************************************************************/ 27 *****************************************************************************/
28 28
29/* progname may be check_ldaps */ 29/* progname may be check_ldaps */
30char *progname = "check_ldap"; 30#include "output.h"
31const char *copyright = "2000-2008";
32const char *email = "devel@monitoring-plugins.org";
33
34#include "common.h" 31#include "common.h"
35#include "netutils.h" 32#include "netutils.h"
33#include "perfdata.h"
34#include "thresholds.h"
36#include "utils.h" 35#include "utils.h"
36#include "check_ldap.d/config.h"
37 37
38#include "states.h"
38#include <lber.h> 39#include <lber.h>
39#define LDAP_DEPRECATED 1 40#define LDAP_DEPRECATED 1
40#include <ldap.h> 41#include <ldap.h>
41 42
43char *progname = "check_ldap";
44const char *copyright = "2000-2024";
45const char *email = "devel@monitoring-plugins.org";
46
42enum { 47enum {
43 UNDEFINED = 0,
44#ifdef HAVE_LDAP_SET_OPTION
45 DEFAULT_PROTOCOL = 2,
46#endif
47 DEFAULT_PORT = 389 48 DEFAULT_PORT = 389
48}; 49};
49 50
50int process_arguments (int, char **); 51typedef struct {
51int validate_arguments (void); 52 int errorcode;
52void print_help (void); 53 check_ldap_config config;
53void print_usage (void); 54} check_ldap_config_wrapper;
54 55static check_ldap_config_wrapper process_arguments(int /*argc*/, char ** /*argv*/);
55char ld_defattr[] = "(objectclass=*)"; 56static check_ldap_config_wrapper validate_arguments(check_ldap_config_wrapper /*config_wrapper*/);
56char *ld_attr = ld_defattr;
57char *ld_host = NULL;
58char *ld_base = NULL;
59char *ld_passwd = NULL;
60char *ld_binddn = NULL;
61int ld_port = -1;
62#ifdef HAVE_LDAP_SET_OPTION
63int ld_protocol = DEFAULT_PROTOCOL;
64#endif
65#ifndef LDAP_OPT_SUCCESS
66# define LDAP_OPT_SUCCESS LDAP_SUCCESS
67#endif
68double warn_time = UNDEFINED;
69double crit_time = UNDEFINED;
70thresholds *entries_thresholds = NULL;
71struct timeval tv;
72char* warn_entries = NULL;
73char* crit_entries = NULL;
74bool starttls = false;
75bool ssl_on_connect = false;
76bool verbose = false;
77
78/* for ldap tls */
79
80char *SERVICE = "LDAP";
81
82int
83main (int argc, char *argv[])
84{
85
86 LDAP *ld;
87 LDAPMessage *result;
88 57
89 /* should be int result = STATE_UNKNOWN; */ 58static void print_help(void);
59void print_usage(void);
90 60
91 int status = STATE_UNKNOWN; 61#ifndef LDAP_OPT_SUCCESS
92 long microsec; 62# define LDAP_OPT_SUCCESS LDAP_SUCCESS
93 double elapsed_time; 63#endif
94 64static int verbose = 0;
95 /* for ldap tls */
96
97 int tls;
98 int version=3;
99
100 int status_entries = STATE_OK;
101 int num_entries = 0;
102 65
103 setlocale (LC_ALL, ""); 66int main(int argc, char *argv[]) {
104 bindtextdomain (PACKAGE, LOCALEDIR); 67 setlocale(LC_ALL, "");
105 textdomain (PACKAGE); 68 bindtextdomain(PACKAGE, LOCALEDIR);
69 textdomain(PACKAGE);
106 70
107 if (strstr(argv[0],"check_ldaps")) { 71 if (strstr(argv[0], "check_ldaps")) {
108 xasprintf (&progname, "check_ldaps"); 72 xasprintf(&progname, "check_ldaps");
109 } 73 }
110 74
111 /* Parse extra opts if any */ 75 /* Parse extra opts if any */
112 argv=np_extra_opts (&argc, argv, progname); 76 argv = np_extra_opts(&argc, argv, progname);
77
78 check_ldap_config_wrapper tmp_config = process_arguments(argc, argv);
79 if (tmp_config.errorcode == ERROR) {
80 usage4(_("Could not parse arguments"));
81 }
113 82
114 if (process_arguments (argc, argv) == ERROR) 83 const check_ldap_config config = tmp_config.config;
115 usage4 (_("Could not parse arguments"));
116 84
117 if (strstr(argv[0],"check_ldaps") && ! starttls && ! ssl_on_connect) 85 if (config.output_format_is_set) {
118 starttls = true; 86 mp_set_format(config.output_format);
87 }
119 88
120 /* initialize alarm signal handling */ 89 /* initialize alarm signal handling */
121 signal (SIGALRM, socket_timeout_alarm_handler); 90 signal(SIGALRM, socket_timeout_alarm_handler);
122 91
123 /* set socket timeout */ 92 /* set socket timeout */
124 alarm (socket_timeout); 93 alarm(socket_timeout);
125 94
126 /* get the start time */ 95 /* get the start time */
127 gettimeofday (&tv, NULL); 96 struct timeval start_time;
97 gettimeofday(&start_time, NULL);
98
99 mp_check overall = mp_check_init();
128 100
101 LDAP *ldap_connection;
129 /* initialize ldap */ 102 /* initialize ldap */
103 {
130#ifdef HAVE_LDAP_INIT 104#ifdef HAVE_LDAP_INIT
131 if (!(ld = ldap_init (ld_host, ld_port))) { 105 mp_subcheck sc_ldap_init = mp_subcheck_init();
132 printf ("Could not connect to the server at port %i\n", ld_port); 106 if (!(ldap_connection = ldap_init(config.ld_host, config.ld_port))) {
133 return STATE_CRITICAL; 107 xasprintf(&sc_ldap_init.output, "could not connect to the server at port %i",
134 } 108 config.ld_port);
109 sc_ldap_init = mp_set_subcheck_state(sc_ldap_init, STATE_CRITICAL);
110 mp_add_subcheck_to_check(&overall, sc_ldap_init);
111 mp_exit(overall);
112 } else {
113 xasprintf(&sc_ldap_init.output, "connected to the server at port %i", config.ld_port);
114 sc_ldap_init = mp_set_subcheck_state(sc_ldap_init, STATE_OK);
115 mp_add_subcheck_to_check(&overall, sc_ldap_init);
116 }
135#else 117#else
136 if (!(ld = ldap_open (ld_host, ld_port))) { 118 mp_subcheck sc_ldap_init = mp_subcheck_init();
137 if (verbose) 119 if (!(ld = ldap_open(config.ld_host, config.ld_port))) {
138 ldap_perror(ld, "ldap_open"); 120 if (verbose) {
139 printf (_("Could not connect to the server at port %i\n"), ld_port); 121 ldap_perror(ldap_connection, "ldap_open");
140 return STATE_CRITICAL; 122 }
141 } 123 xasprintf(&sc_ldap_init.output, "Could not connect to the server at port %i"), config.ld_port);
124 sc_ldap_init = mp_set_subcheck_state(sc_ldap_init, STATE_CRITICAL);
125 mp_add_subcheck_to_check(&overall, sc_ldap_init);
126 mp_exit(overall);
127 } else {
128 xasprintf(&sc_ldap_init.output, "connected to the server at port %i", config.ld_port);
129 sc_ldap_init = mp_set_subcheck_state(sc_ldap_init, STATE_OK);
130 mp_add_subcheck_to_check(&overall, sc_ldap_init);
131 }
142#endif /* HAVE_LDAP_INIT */ 132#endif /* HAVE_LDAP_INIT */
133 }
143 134
144#ifdef HAVE_LDAP_SET_OPTION 135#ifdef HAVE_LDAP_SET_OPTION
145 /* set ldap options */ 136 /* set ldap options */
146 if (ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &ld_protocol) != 137 mp_subcheck sc_ldap_set_opts = mp_subcheck_init();
147 LDAP_OPT_SUCCESS ) { 138 if (ldap_set_option(ldap_connection, LDAP_OPT_PROTOCOL_VERSION, &config.ld_protocol) !=
148 printf(_("Could not set protocol version %d\n"), ld_protocol); 139 LDAP_OPT_SUCCESS) {
149 return STATE_CRITICAL; 140 xasprintf(&sc_ldap_set_opts.output, "Could not set protocol version %d",
141 config.ld_protocol);
142 sc_ldap_set_opts = mp_set_subcheck_state(sc_ldap_set_opts, STATE_CRITICAL);
143 mp_add_subcheck_to_check(&overall, sc_ldap_set_opts);
144 mp_exit(overall);
145 } else {
146 xasprintf(&sc_ldap_set_opts.output, "set protocol version %d", config.ld_protocol);
147 sc_ldap_set_opts = mp_set_subcheck_state(sc_ldap_set_opts, STATE_OK);
148 mp_add_subcheck_to_check(&overall, sc_ldap_set_opts);
150 } 149 }
151#endif 150#endif
152 151
153 if (ld_port == LDAPS_PORT || ssl_on_connect) { 152 int version = 3;
154 xasprintf (&SERVICE, "LDAPS"); 153 int tls;
154 {
155 if (config.ld_port == LDAPS_PORT || config.ssl_on_connect) {
155#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS) 156#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS)
156 /* ldaps: set option tls */ 157 /* ldaps: set option tls */
157 tls = LDAP_OPT_X_TLS_HARD; 158 tls = LDAP_OPT_X_TLS_HARD;
158 159
159 if (ldap_set_option (ld, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS) 160 mp_subcheck sc_ldap_tls_init = mp_subcheck_init();
160 { 161 if (ldap_set_option(ldap_connection, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS) {
161 if (verbose) 162 if (verbose) {
162 ldap_perror(ld, "ldaps_option"); 163 ldap_perror(ldap_connection, "ldaps_option");
163 printf (_("Could not init TLS at port %i!\n"), ld_port); 164 }
164 return STATE_CRITICAL; 165 xasprintf(&sc_ldap_tls_init.output, "could not init TLS at port %i!",
165 } 166 config.ld_port);
167 sc_ldap_tls_init = mp_set_subcheck_state(sc_ldap_tls_init, STATE_CRITICAL);
168 mp_add_subcheck_to_check(&overall, sc_ldap_tls_init);
169 mp_exit(overall);
170 } else {
171 xasprintf(&sc_ldap_tls_init.output, "initiated TLS at port %i!", config.ld_port);
172 sc_ldap_tls_init = mp_set_subcheck_state(sc_ldap_tls_init, STATE_OK);
173 mp_add_subcheck_to_check(&overall, sc_ldap_tls_init);
174 }
166#else 175#else
167 printf (_("TLS not supported by the libraries!\n")); 176 printf(_("TLS not supported by the libraries!\n"));
168 return STATE_CRITICAL; 177 exit(STATE_CRITICAL);
169#endif /* LDAP_OPT_X_TLS */ 178#endif /* LDAP_OPT_X_TLS */
170 } else if (starttls) { 179 } else if (config.starttls) {
171 xasprintf (&SERVICE, "LDAP-TLS");
172#if defined(HAVE_LDAP_SET_OPTION) && defined(HAVE_LDAP_START_TLS_S) 180#if defined(HAVE_LDAP_SET_OPTION) && defined(HAVE_LDAP_START_TLS_S)
173 /* ldap with startTLS: set option version */ 181 /* ldap with startTLS: set option version */
174 if (ldap_get_option(ld,LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS ) 182 if (ldap_get_option(ldap_connection, LDAP_OPT_PROTOCOL_VERSION, &version) ==
175 { 183 LDAP_OPT_SUCCESS) {
176 if (version < LDAP_VERSION3) 184 if (version < LDAP_VERSION3) {
177 { 185 version = LDAP_VERSION3;
178 version = LDAP_VERSION3; 186 ldap_set_option(ldap_connection, LDAP_OPT_PROTOCOL_VERSION, &version);
179 ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version); 187 }
188 }
189 /* call start_tls */
190 mp_subcheck sc_ldap_starttls = mp_subcheck_init();
191 if (ldap_start_tls_s(ldap_connection, NULL, NULL) != LDAP_SUCCESS) {
192 if (verbose) {
193 ldap_perror(ldap_connection, "ldap_start_tls");
194 }
195 xasprintf(&sc_ldap_starttls.output, "could not init STARTTLS at port %i!",
196 config.ld_port);
197 sc_ldap_starttls = mp_set_subcheck_state(sc_ldap_starttls, STATE_CRITICAL);
198 mp_add_subcheck_to_check(&overall, sc_ldap_starttls);
199 mp_exit(overall);
200 } else {
201 xasprintf(&sc_ldap_starttls.output, "initiated STARTTLS at port %i!",
202 config.ld_port);
203 sc_ldap_starttls = mp_set_subcheck_state(sc_ldap_starttls, STATE_OK);
204 mp_add_subcheck_to_check(&overall, sc_ldap_starttls);
180 } 205 }
181 }
182 /* call start_tls */
183 if (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS)
184 {
185 if (verbose)
186 ldap_perror(ld, "ldap_start_tls");
187 printf (_("Could not init startTLS at port %i!\n"), ld_port);
188 return STATE_CRITICAL;
189 }
190#else 206#else
191 printf (_("startTLS not supported by the library, needs LDAPv3!\n")); 207 printf(_("startTLS not supported by the library, needs LDAPv3!\n"));
192 return STATE_CRITICAL; 208 exit(STATE_CRITICAL);
193#endif /* HAVE_LDAP_START_TLS_S */ 209#endif /* HAVE_LDAP_START_TLS_S */
210 }
194 } 211 }
195 212
196 /* bind to the ldap server */ 213 /* bind to the ldap server */
197 if (ldap_bind_s (ld, ld_binddn, ld_passwd, LDAP_AUTH_SIMPLE) != 214 {
198 LDAP_SUCCESS) { 215 mp_subcheck sc_ldap_bind = mp_subcheck_init();
199 if (verbose) 216 int ldap_error =
200 ldap_perror(ld, "ldap_bind"); 217 ldap_bind_s(ldap_connection, config.ld_binddn, config.ld_passwd, LDAP_AUTH_SIMPLE);
201 printf (_("Could not bind to the LDAP server\n")); 218 if (ldap_error != LDAP_SUCCESS) {
202 return STATE_CRITICAL; 219 if (verbose) {
220 ldap_perror(ldap_connection, "ldap_bind");
221 }
222
223 xasprintf(&sc_ldap_bind.output, "could not bind to the LDAP server: %s",
224 ldap_err2string(ldap_error));
225 sc_ldap_bind = mp_set_subcheck_state(sc_ldap_bind, STATE_CRITICAL);
226 mp_add_subcheck_to_check(&overall, sc_ldap_bind);
227 mp_exit(overall);
228 } else {
229 xasprintf(&sc_ldap_bind.output, "execute bind to the LDAP server");
230 sc_ldap_bind = mp_set_subcheck_state(sc_ldap_bind, STATE_OK);
231 mp_add_subcheck_to_check(&overall, sc_ldap_bind);
232 }
203 } 233 }
204 234
235 LDAPMessage *result;
205 /* do a search of all objectclasses in the base dn */ 236 /* do a search of all objectclasses in the base dn */
206 if (ldap_search_s (ld, ld_base, (crit_entries!=NULL || warn_entries!=NULL) ? LDAP_SCOPE_SUBTREE : LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result) 237 {
207 != LDAP_SUCCESS) { 238 mp_subcheck sc_ldap_search = mp_subcheck_init();
208 if (verbose) 239 int ldap_error = ldap_search_s(
209 ldap_perror(ld, "ldap_search"); 240 ldap_connection, config.ld_base,
210 printf (_("Could not search/find objectclasses in %s\n"), ld_base); 241 (config.entries_thresholds.warning_is_set || config.entries_thresholds.critical_is_set)
211 return STATE_CRITICAL; 242 ? LDAP_SCOPE_SUBTREE
212 } else if (crit_entries!=NULL || warn_entries!=NULL) { 243 : LDAP_SCOPE_BASE,
213 num_entries = ldap_count_entries(ld, result); 244 config.ld_attr, NULL, 0, &result);
245
246 if (ldap_error != LDAP_SUCCESS) {
247 if (verbose) {
248 ldap_perror(ldap_connection, "ldap_search");
249 }
250 xasprintf(&sc_ldap_search.output, "could not search/find objectclasses in %s: %s",
251 config.ld_base, ldap_err2string(ldap_error));
252 sc_ldap_search = mp_set_subcheck_state(sc_ldap_search, STATE_CRITICAL);
253 mp_add_subcheck_to_check(&overall, sc_ldap_search);
254 mp_exit(overall);
255 } else {
256 xasprintf(&sc_ldap_search.output, "search/find objectclasses in %s", config.ld_base);
257 sc_ldap_search = mp_set_subcheck_state(sc_ldap_search, STATE_OK);
258 mp_add_subcheck_to_check(&overall, sc_ldap_search);
259 }
260 }
261
262 int num_entries = ldap_count_entries(ldap_connection, result);
263 if (verbose) {
264 printf("entries found: %d\n", num_entries);
214 } 265 }
215 266
216 /* unbind from the ldap server */ 267 /* unbind from the ldap server */
217 ldap_unbind (ld); 268 ldap_unbind(ldap_connection);
218 269
219 /* reset the alarm handler */ 270 /* reset the alarm handler */
220 alarm (0); 271 alarm(0);
221 272
222 /* calculate the elapsed time and compare to thresholds */ 273 /* calculate the elapsed time and compare to thresholds */
274 long microsec = deltime(start_time);
275 double elapsed_time = (double)microsec / 1.0e6;
276 mp_perfdata pd_connection_time = perfdata_init();
277 pd_connection_time.label = "time";
278 pd_connection_time.value = mp_create_pd_value(elapsed_time);
279 pd_connection_time = mp_pd_set_thresholds(pd_connection_time, config.connection_time_threshold);
280
281 mp_subcheck sc_connection_time = mp_subcheck_init();
282 mp_add_perfdata_to_subcheck(&sc_connection_time, pd_connection_time);
283
284 mp_state_enum connection_time_state = mp_get_pd_status(pd_connection_time);
285 sc_connection_time = mp_set_subcheck_state(sc_connection_time, connection_time_state);
286
287 if (connection_time_state == STATE_OK) {
288 xasprintf(&sc_connection_time.output, "connection time %.3fs is within thresholds",
289 elapsed_time);
290 } else {
291 xasprintf(&sc_connection_time.output, "connection time %.3fs is violating thresholds",
292 elapsed_time);
293 }
223 294
224 microsec = deltime (tv); 295 mp_add_subcheck_to_check(&overall, sc_connection_time);
225 elapsed_time = (double)microsec / 1.0e6;
226 296
227 if (crit_time!=UNDEFINED && elapsed_time>crit_time) 297 mp_perfdata pd_num_entries = perfdata_init();
228 status = STATE_CRITICAL; 298 pd_num_entries.label = "entries";
229 else if (warn_time!=UNDEFINED && elapsed_time>warn_time) 299 pd_num_entries.value = mp_create_pd_value(num_entries);
230 status = STATE_WARNING; 300 pd_num_entries = mp_pd_set_thresholds(pd_num_entries, config.entries_thresholds);
231 else
232 status = STATE_OK;
233 301
234 if(entries_thresholds != NULL) { 302 mp_subcheck sc_num_entries = mp_subcheck_init();
235 if (verbose) { 303 mp_add_perfdata_to_subcheck(&sc_num_entries, pd_num_entries);
236 printf ("entries found: %d\n", num_entries); 304 xasprintf(&sc_num_entries.output, "found %d entries", num_entries);
237 print_thresholds("entry thresholds", entries_thresholds); 305 sc_num_entries = mp_set_subcheck_state(sc_num_entries, mp_get_pd_status(pd_num_entries));
238 }
239 status_entries = get_status(num_entries, entries_thresholds);
240 if (status_entries == STATE_CRITICAL) {
241 status = STATE_CRITICAL;
242 } else if (status != STATE_CRITICAL) {
243 status = status_entries;
244 }
245 }
246 306
247 /* print out the result */ 307 mp_add_subcheck_to_check(&overall, sc_num_entries);
248 if (crit_entries!=NULL || warn_entries!=NULL) {
249 printf (_("LDAP %s - found %d entries in %.3f seconds|%s %s\n"),
250 state_text (status),
251 num_entries,
252 elapsed_time,
253 fperfdata ("time", elapsed_time, "s",
254 (int)warn_time, warn_time,
255 (int)crit_time, crit_time,
256 true, 0, false, 0),
257 sperfdata ("entries", (double)num_entries, "",
258 warn_entries,
259 crit_entries,
260 true, 0.0, false, 0.0));
261 } else {
262 printf (_("LDAP %s - %.3f seconds response time|%s\n"),
263 state_text (status),
264 elapsed_time,
265 fperfdata ("time", elapsed_time, "s",
266 (int)warn_time, warn_time,
267 (int)crit_time, crit_time,
268 true, 0, false, 0));
269 }
270 308
271 return status; 309 mp_exit(overall);
272} 310}
273 311
274/* process command-line arguments */ 312/* process command-line arguments */
275int 313check_ldap_config_wrapper process_arguments(int argc, char **argv) {
276process_arguments (int argc, char **argv) 314 enum {
277{ 315 output_format_index = CHAR_MAX + 1,
278 int c; 316 };
279 317
280 int option = 0;
281 /* initialize the long option struct */ 318 /* initialize the long option struct */
282 static struct option longopts[] = { 319 static struct option longopts[] = {{"help", no_argument, 0, 'h'},
283 {"help", no_argument, 0, 'h'}, 320 {"version", no_argument, 0, 'V'},
284 {"version", no_argument, 0, 'V'}, 321 {"timeout", required_argument, 0, 't'},
285 {"timeout", required_argument, 0, 't'}, 322 {"hostname", required_argument, 0, 'H'},
286 {"hostname", required_argument, 0, 'H'}, 323 {"base", required_argument, 0, 'b'},
287 {"base", required_argument, 0, 'b'}, 324 {"attr", required_argument, 0, 'a'},
288 {"attr", required_argument, 0, 'a'}, 325 {"bind", required_argument, 0, 'D'},
289 {"bind", required_argument, 0, 'D'}, 326 {"pass", required_argument, 0, 'P'},
290 {"pass", required_argument, 0, 'P'},
291#ifdef HAVE_LDAP_SET_OPTION 327#ifdef HAVE_LDAP_SET_OPTION
292 {"ver2", no_argument, 0, '2'}, 328 {"ver2", no_argument, 0, '2'},
293 {"ver3", no_argument, 0, '3'}, 329 {"ver3", no_argument, 0, '3'},
294#endif 330#endif
295 {"starttls", no_argument, 0, 'T'}, 331 {"starttls", no_argument, 0, 'T'},
296 {"ssl", no_argument, 0, 'S'}, 332 {"ssl", no_argument, 0, 'S'},
297 {"use-ipv4", no_argument, 0, '4'}, 333 {"use-ipv4", no_argument, 0, '4'},
298 {"use-ipv6", no_argument, 0, '6'}, 334 {"use-ipv6", no_argument, 0, '6'},
299 {"port", required_argument, 0, 'p'}, 335 {"port", required_argument, 0, 'p'},
300 {"warn", required_argument, 0, 'w'}, 336 {"warn", required_argument, 0, 'w'},
301 {"crit", required_argument, 0, 'c'}, 337 {"crit", required_argument, 0, 'c'},
302 {"warn-entries", required_argument, 0, 'W'}, 338 {"warn-entries", required_argument, 0, 'W'},
303 {"crit-entries", required_argument, 0, 'C'}, 339 {"crit-entries", required_argument, 0, 'C'},
304 {"verbose", no_argument, 0, 'v'}, 340 {"verbose", no_argument, 0, 'v'},
305 {0, 0, 0, 0} 341 {"output-format", required_argument, 0, output_format_index},
342 {0, 0, 0, 0}};
343
344 check_ldap_config_wrapper result = {
345 .errorcode = OK,
346 .config = check_ldap_config_init(),
306 }; 347 };
307 348
308 if (argc < 2) 349 if (argc < 2) {
309 return ERROR; 350 result.errorcode = ERROR;
351 return result;
352 }
310 353
311 for (c = 1; c < argc; c++) { 354 for (int index = 1; index < argc; index++) {
312 if (strcmp ("-to", argv[c]) == 0) 355 if (strcmp("-to", argv[index]) == 0) {
313 strcpy (argv[c], "-t"); 356 strcpy(argv[index], "-t");
357 }
314 } 358 }
315 359
360 int option = 0;
316 while (true) { 361 while (true) {
317 c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:W:", longopts, &option); 362 int option_index =
363 getopt_long(argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:W:", longopts, &option);
318 364
319 if (c == -1 || c == EOF) 365 if (option_index == -1 || option_index == EOF) {
320 break; 366 break;
367 }
321 368
322 switch (c) { 369 switch (option_index) {
323 case 'h': /* help */ 370 case 'h': /* help */
324 print_help (); 371 print_help();
325 exit (STATE_UNKNOWN); 372 exit(STATE_UNKNOWN);
326 case 'V': /* version */ 373 case 'V': /* version */
327 print_revision (progname, NP_VERSION); 374 print_revision(progname, NP_VERSION);
328 exit (STATE_UNKNOWN); 375 exit(STATE_UNKNOWN);
329 case 't': /* timeout period */ 376 case 't': /* timeout period */
330 if (!is_intnonneg (optarg)) 377 if (!is_intnonneg(optarg)) {
331 usage2 (_("Timeout interval must be a positive integer"), optarg); 378 usage2(_("Timeout interval must be a positive integer"), optarg);
332 else 379 } else {
333 socket_timeout = atoi (optarg); 380 socket_timeout = atoi(optarg);
381 }
334 break; 382 break;
335 case 'H': 383 case 'H':
336 ld_host = optarg; 384 result.config.ld_host = optarg;
337 break; 385 break;
338 case 'b': 386 case 'b':
339 ld_base = optarg; 387 result.config.ld_base = optarg;
340 break; 388 break;
341 case 'p': 389 case 'p':
342 ld_port = atoi (optarg); 390 result.config.ld_port = atoi(optarg);
343 break; 391 break;
344 case 'a': 392 case 'a':
345 ld_attr = optarg; 393 result.config.ld_attr = optarg;
346 break; 394 break;
347 case 'D': 395 case 'D':
348 ld_binddn = optarg; 396 result.config.ld_binddn = optarg;
349 break; 397 break;
350 case 'P': 398 case 'P':
351 ld_passwd = optarg; 399 result.config.ld_passwd = optarg;
352 break;
353 case 'w':
354 warn_time = strtod (optarg, NULL);
355 break;
356 case 'c':
357 crit_time = strtod (optarg, NULL);
358 break;
359 case 'W':
360 warn_entries = optarg;
361 break;
362 case 'C':
363 crit_entries = optarg;
364 break; 400 break;
401 case 'w': {
402 mp_range_parsed tmp = mp_parse_range_string(optarg);
403 if (tmp.error != MP_PARSING_SUCCES) {
404 die(STATE_UNKNOWN, "failed to parse warning connection time threshold");
405 }
406 result.config.connection_time_threshold =
407 mp_thresholds_set_warn(result.config.connection_time_threshold, tmp.range);
408 } break;
409 case 'c': {
410 mp_range_parsed tmp = mp_parse_range_string(optarg);
411 if (tmp.error != MP_PARSING_SUCCES) {
412 die(STATE_UNKNOWN, "failed to parse critical connection time threshold");
413 }
414 result.config.connection_time_threshold =
415 mp_thresholds_set_crit(result.config.connection_time_threshold, tmp.range);
416 } break;
417 case 'W': {
418 mp_range_parsed tmp = mp_parse_range_string(optarg);
419 if (tmp.error != MP_PARSING_SUCCES) {
420 die(STATE_UNKNOWN, "failed to parse number of entries warning threshold");
421 }
422 result.config.entries_thresholds =
423 mp_thresholds_set_warn(result.config.entries_thresholds, tmp.range);
424 } break;
425 case 'C': {
426 mp_range_parsed tmp = mp_parse_range_string(optarg);
427 if (tmp.error != MP_PARSING_SUCCES) {
428 die(STATE_UNKNOWN, "failed to parse number of entries critical threshold");
429 }
430 result.config.entries_thresholds =
431 mp_thresholds_set_crit(result.config.entries_thresholds, tmp.range);
432 } break;
365#ifdef HAVE_LDAP_SET_OPTION 433#ifdef HAVE_LDAP_SET_OPTION
366 case '2': 434 case '2':
367 ld_protocol = 2; 435 result.config.ld_protocol = 2;
368 break; 436 break;
369 case '3': 437 case '3':
370 ld_protocol = 3; 438 result.config.ld_protocol = 3;
371 break; 439 break;
372#endif 440#endif // HAVE_LDAP_SET_OPTION
373 case '4': 441 case '4':
374 address_family = AF_INET; 442 address_family = AF_INET;
375 break; 443 break;
376 case 'v': 444 case 'v':
377 verbose = true; 445 verbose++;
378 break; 446 break;
379 case 'T': 447 case 'T':
380 if (! ssl_on_connect) 448 if (!result.config.ssl_on_connect) {
381 starttls = true; 449 result.config.starttls = true;
382 else 450 } else {
383 usage_va(_("%s cannot be combined with %s"), "-T/--starttls", "-S/--ssl"); 451 usage_va(_("%s cannot be combined with %s"), "-T/--starttls", "-S/--ssl");
452 }
384 break; 453 break;
385 case 'S': 454 case 'S':
386 if (! starttls) { 455 if (!result.config.starttls) {
387 ssl_on_connect = true; 456 result.config.ssl_on_connect = true;
388 if (ld_port == -1) 457 if (result.config.ld_port == -1) {
389 ld_port = LDAPS_PORT; 458 result.config.ld_port = LDAPS_PORT;
390 } else 459 }
460 } else {
391 usage_va(_("%s cannot be combined with %s"), "-S/--ssl", "-T/--starttls"); 461 usage_va(_("%s cannot be combined with %s"), "-S/--ssl", "-T/--starttls");
462 }
392 break; 463 break;
393 case '6': 464 case '6':
394#ifdef USE_IPV6 465#ifdef USE_IPV6
395 address_family = AF_INET6; 466 address_family = AF_INET6;
396#else 467#else
397 usage (_("IPv6 support not available\n")); 468 usage(_("IPv6 support not available\n"));
398#endif 469#endif
399 break; 470 break;
471 case output_format_index: {
472 parsed_output_format parser = mp_parse_output_format(optarg);
473 if (!parser.parsing_success) {
474 // TODO List all available formats here, maybe add anothoer usage function
475 printf("Invalid output format: %s\n", optarg);
476 exit(STATE_UNKNOWN);
477 }
478
479 result.config.output_format_is_set = true;
480 result.config.output_format = parser.output_format;
481 break;
482 }
400 default: 483 default:
401 usage5 (); 484 usage5();
402 } 485 }
403 } 486 }
404 487
405 c = optind; 488 int index = optind;
406 if (ld_host == NULL && is_host(argv[c])) 489 if ((result.config.ld_host == NULL) && is_host(argv[index])) {
407 ld_host = strdup (argv[c++]); 490 result.config.ld_host = strdup(argv[index++]);
491 }
408 492
409 if (ld_base == NULL && argv[c]) 493 if ((result.config.ld_base == NULL) && argv[index]) {
410 ld_base = strdup (argv[c++]); 494 result.config.ld_base = strdup(argv[index++]);
495 }
411 496
412 if (ld_port == -1) 497 if (result.config.ld_port == -1) {
413 ld_port = DEFAULT_PORT; 498 result.config.ld_port = DEFAULT_PORT;
499 }
414 500
415 return validate_arguments (); 501 if (strstr(argv[0], "check_ldaps") && !result.config.starttls &&
416} 502 !result.config.ssl_on_connect) {
503 result.config.starttls = true;
504 }
417 505
506 return validate_arguments(result);
507}
418 508
419int 509check_ldap_config_wrapper validate_arguments(check_ldap_config_wrapper config_wrapper) {
420validate_arguments () 510 if (config_wrapper.config.ld_host == NULL || strlen(config_wrapper.config.ld_host) == 0) {
421{ 511 usage4(_("Please specify the host name\n"));
422 if (ld_host==NULL || strlen(ld_host)==0) 512 }
423 usage4 (_("Please specify the host name\n"));
424 513
425 if (ld_base==NULL) 514 if (config_wrapper.config.ld_base == NULL) {
426 usage4 (_("Please specify the LDAP base\n")); 515 usage4(_("Please specify the LDAP base\n"));
516 }
427 517
428 if (crit_entries!=NULL || warn_entries!=NULL) { 518 if (config_wrapper.config.ld_passwd == NULL) {
429 set_thresholds(&entries_thresholds, 519 config_wrapper.config.ld_passwd = getenv("LDAP_PASSWORD");
430 warn_entries, crit_entries);
431 } 520 }
432 if (ld_passwd==NULL)
433 ld_passwd = getenv("LDAP_PASSWORD");
434 521
435 return OK; 522 return config_wrapper;
436} 523}
437 524
438 525void print_help(void) {
439void
440print_help (void)
441{
442 char *myport; 526 char *myport;
443 xasprintf (&myport, "%d", DEFAULT_PORT); 527 xasprintf(&myport, "%d", DEFAULT_PORT);
444 528
445 print_revision (progname, NP_VERSION); 529 print_revision(progname, NP_VERSION);
446 530
447 printf ("Copyright (c) 1999 Didi Rieder (adrieder@sbox.tu-graz.ac.at)\n"); 531 printf("Copyright (c) 1999 Didi Rieder (adrieder@sbox.tu-graz.ac.at)\n");
448 printf (COPYRIGHT, copyright, email); 532 printf(COPYRIGHT, copyright, email);
449 533
450 printf ("\n\n"); 534 printf("\n\n");
451 535
452 print_usage (); 536 print_usage();
453 537
454 printf (UT_HELP_VRSN); 538 printf(UT_HELP_VRSN);
455 printf (UT_EXTRA_OPTS); 539 printf(UT_EXTRA_OPTS);
456 540
457 printf (UT_HOST_PORT, 'p', myport); 541 printf(UT_HOST_PORT, 'p', myport);
458 542
459 printf (UT_IPv46); 543 printf(UT_IPv46);
460 544
461 printf (" %s\n", "-a [--attr]"); 545 printf(" %s\n", "-a [--attr]");
462 printf (" %s\n", _("ldap attribute to search (default: \"(objectclass=*)\"")); 546 printf(" %s\n", _("ldap attribute to search (default: \"(objectclass=*)\""));
463 printf (" %s\n", "-b [--base]"); 547 printf(" %s\n", "-b [--base]");
464 printf (" %s\n", _("ldap base (eg. ou=my unit, o=my org, c=at")); 548 printf(" %s\n", _("ldap base (eg. ou=my unit, o=my org, c=at"));
465 printf (" %s\n", "-D [--bind]"); 549 printf(" %s\n", "-D [--bind]");
466 printf (" %s\n", _("ldap bind DN (if required)")); 550 printf(" %s\n", _("ldap bind DN (if required)"));
467 printf (" %s\n", "-P [--pass]"); 551 printf(" %s\n", "-P [--pass]");
468 printf (" %s\n", _("ldap password (if required, or set the password through environment variable 'LDAP_PASSWORD')")); 552 printf(" %s\n", _("ldap password (if required, or set the password through environment "
469 printf (" %s\n", "-T [--starttls]"); 553 "variable 'LDAP_PASSWORD')"));
470 printf (" %s\n", _("use starttls mechanism introduced in protocol version 3")); 554 printf(" %s\n", "-T [--starttls]");
471 printf (" %s\n", "-S [--ssl]"); 555 printf(" %s\n", _("use starttls mechanism introduced in protocol version 3"));
472 printf (" %s %i\n", _("use ldaps (ldap v2 ssl method). this also sets the default port to"), LDAPS_PORT); 556 printf(" %s\n", "-S [--ssl]");
557 printf(" %s %i\n", _("use ldaps (ldap v2 ssl method). this also sets the default port to"),
558 LDAPS_PORT);
473 559
474#ifdef HAVE_LDAP_SET_OPTION 560#ifdef HAVE_LDAP_SET_OPTION
475 printf (" %s\n", "-2 [--ver2]"); 561 printf(" %s\n", "-2 [--ver2]");
476 printf (" %s\n", _("use ldap protocol version 2")); 562 printf(" %s\n", _("use ldap protocol version 2"));
477 printf (" %s\n", "-3 [--ver3]"); 563 printf(" %s\n", "-3 [--ver3]");
478 printf (" %s\n", _("use ldap protocol version 3")); 564 printf(" %s\n", _("use ldap protocol version 3"));
479 printf (" (%s %d)\n", _("default protocol version:"), DEFAULT_PROTOCOL); 565 printf(" (%s %d)\n", _("default protocol version:"), DEFAULT_PROTOCOL);
480#endif 566#endif
481 567
482 printf (UT_WARN_CRIT); 568 printf(UT_WARN_CRIT);
483 569
484 printf (" %s\n", "-W [--warn-entries]"); 570 printf(" %s\n", "-W [--warn-entries]");
485 printf (" %s\n", _("Number of found entries to result in warning status")); 571 printf(" %s\n", _("Number of found entries to result in warning status"));
486 printf (" %s\n", "-C [--crit-entries]"); 572 printf(" %s\n", "-C [--crit-entries]");
487 printf (" %s\n", _("Number of found entries to result in critical status")); 573 printf(" %s\n", _("Number of found entries to result in critical status"));
488 574
489 printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); 575 printf(UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
490 576
491 printf (UT_VERBOSE); 577 printf(UT_VERBOSE);
578 printf(UT_OUTPUT_FORMAT);
492 579
493 printf ("\n"); 580 printf("\n");
494 printf ("%s\n", _("Notes:")); 581 printf("%s\n", _("Notes:"));
495 printf (" %s\n", _("If this plugin is called via 'check_ldaps', method 'STARTTLS' will be")); 582 printf(" %s\n", _("If this plugin is called via 'check_ldaps', method 'STARTTLS' will be"));
496 printf (_(" implied (using default port %i) unless --port=636 is specified. In that case\n"), DEFAULT_PORT); 583 printf(_(" implied (using default port %i) unless --port=636 is specified. In that case\n"),
497 printf (" %s\n", _("'SSL on connect' will be used no matter how the plugin was called.")); 584 DEFAULT_PORT);
498 printf (" %s\n", _("This detection is deprecated, please use 'check_ldap' with the '--starttls' or '--ssl' flags")); 585 printf(" %s\n", _("'SSL on connect' will be used no matter how the plugin was called."));
499 printf (" %s\n", _("to define the behaviour explicitly instead.")); 586 printf(" %s\n", _("This detection is deprecated, please use 'check_ldap' with the '--starttls' "
500 printf (" %s\n", _("The parameters --warn-entries and --crit-entries are optional.")); 587 "or '--ssl' flags"));
588 printf(" %s\n", _("to define the behaviour explicitly instead."));
589 printf(" %s\n", _("The parameters --warn-entries and --crit-entries are optional."));
501 590
502 printf (UT_SUPPORT); 591 printf(UT_SUPPORT);
503} 592}
504 593
505void 594void print_usage(void) {
506print_usage (void) 595 printf("%s\n", _("Usage:"));
507{ 596 printf(" %s -H <host> -b <base_dn> [-p <port>] [-a <attr>] [-D <binddn>]", progname);
508 printf ("%s\n", _("Usage:")); 597 printf("\n [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout]%s\n",
509 printf (" %s -H <host> -b <base_dn> [-p <port>] [-a <attr>] [-D <binddn>]",progname);
510 printf ("\n [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout]%s\n",
511#ifdef HAVE_LDAP_SET_OPTION 598#ifdef HAVE_LDAP_SET_OPTION
512 "\n [-2|-3] [-4|-6]" 599 "\n [-2|-3] [-4|-6]"
513#else 600#else
514 "" 601 ""
515#endif 602#endif
516 ); 603 );
517} 604}