diff options
Diffstat (limited to 'plugins/check_radius.c')
-rw-r--r-- | plugins/check_radius.c | 189 |
1 files changed, 84 insertions, 105 deletions
diff --git a/plugins/check_radius.c b/plugins/check_radius.c index c71f3b4c..3aa5ae71 100644 --- a/plugins/check_radius.c +++ b/plugins/check_radius.c | |||
@@ -1,45 +1,60 @@ | |||
1 | /****************************************************************************** | 1 | /****************************************************************************** |
2 | * | 2 | |
3 | * Program: radius server check plugin for Nagios | 3 | This program is free software; you can redistribute it and/or modify |
4 | * License: GPL | 4 | it under the terms of the GNU General Public License as published by |
5 | * | 5 | the Free Software Foundation; either version 2 of the License, or |
6 | * License Information: | 6 | (at your option) any later version. |
7 | * | 7 | |
8 | * This program is free software; you can redistribute it and/or modify | 8 | This program is distributed in the hope that it will be useful, |
9 | * it under the terms of the GNU General Public License as published by | 9 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
10 | * the Free Software Foundation; either version 2 of the License, or | 10 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
11 | * (at your option) any later version. | 11 | GNU General Public License for more details. |
12 | * | 12 | |
13 | * This program is distributed in the hope that it will be useful, | 13 | You should have received a copy of the GNU General Public License |
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | 14 | along with this program; if not, write to the Free Software |
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 15 | Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
16 | * GNU General Public License for more details. | 16 | |
17 | * | 17 | ******************************************************************************/ |
18 | * You should have received a copy of the GNU General Public License | ||
19 | * along with this program; if not, write to the Free Software | ||
20 | * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. | ||
21 | * | ||
22 | * $Id$ | ||
23 | * | ||
24 | *****************************************************************************/ | ||
25 | 18 | ||
26 | const char *progname = "check_radius"; | 19 | const char *progname = "check_radius"; |
27 | #define REVISION "$Revision$" | 20 | const char *revision = "$Revision$"; |
28 | #define COPYRIGHT "1999-2001" | 21 | const char *copyright = "2000-2003"; |
29 | #define AUTHORS "Robert August Vincent II/Karl DeBisschop" | 22 | const char *email = "nagiosplug-devel@lists.sourceforge.net"; |
30 | #define EMAIL "kdebisschop@users.sourceforge.net" | 23 | |
31 | #define SUMMARY "Tests to see if a radius server is accepting connections.\n" | 24 | #include "config.h" |
32 | 25 | #include "common.h" | |
33 | #define OPTIONS "\ | 26 | #include "utils.h" |
34 | -H host -F config_file -u username -p password\'\ | 27 | #include <radiusclient.h> |
35 | [-P port] [-t timeout] [-r retries] [-e expect]" | 28 | |
36 | 29 | void | |
37 | #define LONGOPTIONS "\ | 30 | print_usage (void) |
38 | -H, --hostname=HOST\n\ | 31 | { |
39 | Host name argument for servers using host headers (use numeric\n\ | 32 | printf ("\ |
40 | address if possible to bypass DNS lookup).\n\ | 33 | Usage: %s -H host -F config_file -u username -p password [-P port]\n\ |
41 | -P, --port=INTEGER\n\ | 34 | [-t timeout] [-r retries] [-e expect]\n", progname); |
42 | Port number (default: %d)\n\ | 35 | printf (_(UT_HLP_VRS), progname, progname); |
36 | } | ||
37 | |||
38 | void | ||
39 | print_help (void) | ||
40 | { | ||
41 | char *myport; | ||
42 | asprintf (&myport, "%d", PW_AUTH_UDP_PORT); | ||
43 | |||
44 | print_revision (progname, revision); | ||
45 | |||
46 | printf (_("Copyright (c) 1999 Robert August Vincent II\n")); | ||
47 | printf (_(COPYRIGHT), copyright, email); | ||
48 | |||
49 | printf(_("Tests to see if a radius server is accepting connections.\n\n")); | ||
50 | |||
51 | print_usage (); | ||
52 | |||
53 | printf (_(UT_HELP_VRSN)); | ||
54 | |||
55 | printf (_(UT_HOST_PORT), 'P', myport); | ||
56 | |||
57 | printf (_("\ | ||
43 | -u, --username=STRING\n\ | 58 | -u, --username=STRING\n\ |
44 | The user to authenticate\n\ | 59 | The user to authenticate\n\ |
45 | -p, --password=STRING\n\ | 60 | -p, --password=STRING\n\ |
@@ -49,48 +64,38 @@ const char *progname = "check_radius"; | |||
49 | -e, --expect=STRING\n\ | 64 | -e, --expect=STRING\n\ |
50 | Response string to expect from the server\n\ | 65 | Response string to expect from the server\n\ |
51 | -r, --retries=INTEGER\n\ | 66 | -r, --retries=INTEGER\n\ |
52 | Number of times to retry a failed connection\n\ | 67 | Number of times to retry a failed connection\n")); |
53 | -t, --timeout=INTEGER\n\ | 68 | |
54 | Seconds before connection times out (default: %d)\n\ | 69 | printf (_(UT_TIMEOUT), timeout_interval); |
55 | -v, --verbose\n\ | 70 | |
56 | Show details for command-line debugging (do not use with nagios server)\n\ | 71 | printf (_("\n\ |
57 | -h, --help\n\ | ||
58 | Print detailed help screen\n\ | ||
59 | -V, --version\n\ | ||
60 | Print version information\n" | ||
61 | |||
62 | #define DESCRIPTION "\ | ||
63 | This plugin tests a radius server to see if it is accepting connections.\n\ | 72 | This plugin tests a radius server to see if it is accepting connections.\n\ |
64 | \n\ | 73 | \n\ |
65 | The server to test must be specified in the invocation, as well as a user\n\ | 74 | The server to test must be specified in the invocation, as well as a user\n\ |
66 | name and password. A configuration file may also be present. The format of\n\ | 75 | name and password. A configuration file may also be present. The format of\n\ |
67 | the configuration file is described in the radiusclient library sources.\n\ | 76 | the configuration file is described in the radiusclient library sources.\n\n")); |
68 | \n\ | 77 | |
78 | printf (_("\ | ||
69 | The password option presents a substantial security issue because the\n\ | 79 | The password option presents a substantial security issue because the\n\ |
70 | password can be determined by careful watching of the command line in\n\ | 80 | password can be determined by careful watching of the command line in\n\ |
71 | a process listing. This risk is exacerbated because nagios will\n\ | 81 | a process listing. This risk is exacerbated because nagios will\n\ |
72 | run the plugin at regular prdictable intervals. Please be sure that\n\ | 82 | run the plugin at regular prdictable intervals. Please be sure that\n\ |
73 | the password used does not allow access to sensitive system resources,\n\ | 83 | the password used does not allow access to sensitive system resources,\n\ |
74 | otherwise compormise could occur.\n" | 84 | otherwise compormise could occur.\n")); |
75 | |||
76 | #include "config.h" | ||
77 | #include "common.h" | ||
78 | #include "utils.h" | ||
79 | #include <radiusclient.h> | ||
80 | 85 | ||
86 | printf (_(UT_SUPPORT)); | ||
87 | } | ||
88 | |||
81 | int process_arguments (int, char **); | 89 | int process_arguments (int, char **); |
82 | void print_usage (void); | ||
83 | void print_help (void); | ||
84 | 90 | ||
85 | char *server = NULL; | 91 | char *server = NULL; |
86 | int port = PW_AUTH_UDP_PORT; | ||
87 | char *username = NULL; | 92 | char *username = NULL; |
88 | char *password = NULL; | 93 | char *password = NULL; |
89 | char *expect = NULL; | 94 | char *expect = NULL; |
90 | char *config_file = NULL; | 95 | char *config_file = NULL; |
96 | int port = PW_AUTH_UDP_PORT; | ||
91 | int retries = 1; | 97 | int retries = 1; |
92 | int verbose = FALSE; | 98 | int verbose = FALSE; |
93 | |||
94 | ENV *env = NULL; | 99 | ENV *env = NULL; |
95 | 100 | ||
96 | /****************************************************************************** | 101 | /****************************************************************************** |
@@ -151,23 +156,23 @@ main (int argc, char **argv) | |||
151 | { | 156 | { |
152 | UINT4 service; | 157 | UINT4 service; |
153 | char msg[BUFFER_LEN]; | 158 | char msg[BUFFER_LEN]; |
154 | SEND_DATA data = { 0 }; | 159 | SEND_DATA data; |
155 | int result; | 160 | int result; |
156 | UINT4 client_id; | 161 | UINT4 client_id; |
157 | 162 | ||
158 | if (process_arguments (argc, argv) == ERROR) | 163 | if (process_arguments (argc, argv) == ERROR) |
159 | usage ("Could not parse arguments\n"); | 164 | usage (_("Could not parse arguments\n")); |
160 | 165 | ||
161 | if ((config_file && rc_read_config (config_file)) || | 166 | if ((config_file && rc_read_config (config_file)) || |
162 | rc_read_dictionary (rc_conf_str ("dictionary"))) | 167 | rc_read_dictionary (rc_conf_str ("dictionary"))) |
163 | terminate (STATE_UNKNOWN, "Config file error"); | 168 | terminate (STATE_UNKNOWN, _("Config file error")); |
164 | 169 | ||
165 | service = PW_AUTHENTICATE_ONLY; | 170 | service = PW_AUTHENTICATE_ONLY; |
166 | 171 | ||
167 | if (!(rc_avpair_add (&data.send_pairs, PW_SERVICE_TYPE, &service, 0) && | 172 | if (!(rc_avpair_add (&data.send_pairs, PW_SERVICE_TYPE, &service, 0) && |
168 | rc_avpair_add (&data.send_pairs, PW_USER_NAME, username, 0) && | 173 | rc_avpair_add (&data.send_pairs, PW_USER_NAME, username, 0) && |
169 | rc_avpair_add (&data.send_pairs, PW_USER_PASSWORD, password, 0))) | 174 | rc_avpair_add (&data.send_pairs, PW_USER_PASSWORD, password, 0))) |
170 | terminate (STATE_UNKNOWN, "Out of Memory?"); | 175 | terminate (STATE_UNKNOWN, _("Out of Memory?")); |
171 | 176 | ||
172 | /* | 177 | /* |
173 | * Fill in NAS-IP-Address | 178 | * Fill in NAS-IP-Address |
@@ -188,15 +193,15 @@ main (int argc, char **argv) | |||
188 | rc_avpair_free (data.receive_pairs); | 193 | rc_avpair_free (data.receive_pairs); |
189 | 194 | ||
190 | if (result == TIMEOUT_RC) | 195 | if (result == TIMEOUT_RC) |
191 | terminate (STATE_CRITICAL, "Timeout"); | 196 | terminate (STATE_CRITICAL, _("Timeout")); |
192 | if (result == ERROR_RC) | 197 | if (result == ERROR_RC) |
193 | terminate (STATE_CRITICAL, "Auth Error"); | 198 | terminate (STATE_CRITICAL, _("Auth Error")); |
194 | if (result == BADRESP_RC) | 199 | if (result == BADRESP_RC) |
195 | terminate (STATE_WARNING, "Auth Failed"); | 200 | terminate (STATE_WARNING, _("Auth Failed")); |
196 | if (expect && !strstr (msg, expect)) | 201 | if (expect && !strstr (msg, expect)) |
197 | terminate (STATE_WARNING, msg); | 202 | terminate (STATE_WARNING, msg); |
198 | if (result == OK_RC) | 203 | if (result == OK_RC) |
199 | terminate (STATE_OK, "Auth OK"); | 204 | terminate (STATE_OK, _("Auth OK")); |
200 | return (0); | 205 | return (0); |
201 | } | 206 | } |
202 | 207 | ||
@@ -234,16 +239,16 @@ process_arguments (int argc, char **argv) | |||
234 | if (is_intpos (argv[4])) | 239 | if (is_intpos (argv[4])) |
235 | timeout_interval = atoi (argv[4]); | 240 | timeout_interval = atoi (argv[4]); |
236 | else | 241 | else |
237 | usage ("Timeout interval must be a positive integer"); | 242 | usage (_("Timeout interval must be a positive integer")); |
238 | if (is_intpos (argv[5])) | 243 | if (is_intpos (argv[5])) |
239 | retries = atoi (argv[5]); | 244 | retries = atoi (argv[5]); |
240 | else | 245 | else |
241 | usage ("Number of retries must be a positive integer"); | 246 | usage (_("Number of retries must be a positive integer")); |
242 | server = argv[6]; | 247 | server = argv[6]; |
243 | if (is_intpos (argv[7])) | 248 | if (is_intpos (argv[7])) |
244 | port = atoi (argv[7]); | 249 | port = atoi (argv[7]); |
245 | else | 250 | else |
246 | usage ("Server port must be a positive integer"); | 251 | usage (_("Server port must be a positive integer")); |
247 | expect = argv[8]; | 252 | expect = argv[8]; |
248 | return OK; | 253 | return OK; |
249 | } | 254 | } |
@@ -257,21 +262,21 @@ process_arguments (int argc, char **argv) | |||
257 | 262 | ||
258 | switch (c) { | 263 | switch (c) { |
259 | case '?': /* print short usage statement if args not parsable */ | 264 | case '?': /* print short usage statement if args not parsable */ |
260 | printf ("%s: Unknown argument: %s\n\n", progname, optarg); | 265 | printf (_("%s: Unknown argument: %s\n\n"), progname, optarg); |
261 | print_usage (); | 266 | print_usage (); |
262 | exit (STATE_UNKNOWN); | 267 | exit (STATE_UNKNOWN); |
263 | case 'h': /* help */ | 268 | case 'h': /* help */ |
264 | print_help (); | 269 | print_help (); |
265 | exit (OK); | 270 | exit (OK); |
266 | case 'V': /* version */ | 271 | case 'V': /* version */ |
267 | print_revision (progname, "$Revision$"); | 272 | print_revision (progname, revision); |
268 | exit (OK); | 273 | exit (OK); |
269 | case 'v': /* verbose mode */ | 274 | case 'v': /* verbose mode */ |
270 | verbose = TRUE; | 275 | verbose = TRUE; |
271 | break; | 276 | break; |
272 | case 'H': /* hostname */ | 277 | case 'H': /* hostname */ |
273 | if (is_host (optarg) == FALSE) { | 278 | if (is_host (optarg) == FALSE) { |
274 | printf ("Invalid host name/address\n\n"); | 279 | printf (_("Invalid host name/address\n\n")); |
275 | print_usage (); | 280 | print_usage (); |
276 | exit (STATE_UNKNOWN); | 281 | exit (STATE_UNKNOWN); |
277 | } | 282 | } |
@@ -281,7 +286,7 @@ process_arguments (int argc, char **argv) | |||
281 | if (is_intnonneg (optarg)) | 286 | if (is_intnonneg (optarg)) |
282 | port = atoi (optarg); | 287 | port = atoi (optarg); |
283 | else | 288 | else |
284 | usage ("Server port must be a positive integer"); | 289 | usage (_("Server port must be a positive integer")); |
285 | break; | 290 | break; |
286 | case 'u': /* username */ | 291 | case 'u': /* username */ |
287 | username = optarg; | 292 | username = optarg; |
@@ -299,41 +304,15 @@ process_arguments (int argc, char **argv) | |||
299 | if (is_intpos (optarg)) | 304 | if (is_intpos (optarg)) |
300 | retries = atoi (optarg); | 305 | retries = atoi (optarg); |
301 | else | 306 | else |
302 | usage ("Number of retries must be a positive integer"); | 307 | usage (_("Number of retries must be a positive integer")); |
303 | break; | 308 | break; |
304 | case 't': /* timeout */ | 309 | case 't': /* timeout */ |
305 | if (is_intpos (optarg)) | 310 | if (is_intpos (optarg)) |
306 | timeout_interval = atoi (optarg); | 311 | timeout_interval = atoi (optarg); |
307 | else | 312 | else |
308 | usage ("Timeout interval must be a positive integer"); | 313 | usage (_("Timeout interval must be a positive integer")); |
309 | break; | 314 | break; |
310 | } | 315 | } |
311 | } | 316 | } |
312 | return OK; | 317 | return OK; |
313 | } | 318 | } |
314 | |||
315 | |||
316 | |||
317 | void | ||
318 | print_help (void) | ||
319 | { | ||
320 | print_revision (progname, REVISION); | ||
321 | printf | ||
322 | ("Copyright (c) %s %s <%s>\n\n%s\n", | ||
323 | COPYRIGHT, AUTHORS, EMAIL, SUMMARY); | ||
324 | print_usage (); | ||
325 | printf | ||
326 | ("\nOptions:\n" LONGOPTIONS "\n" DESCRIPTION "\n", | ||
327 | port, timeout_interval); | ||
328 | support (); | ||
329 | } | ||
330 | |||
331 | |||
332 | void | ||
333 | print_usage (void) | ||
334 | { | ||
335 | printf ("Usage:\n" " %s %s\n" | ||
336 | " %s (-h | --help) for detailed help\n" | ||
337 | " %s (-V | --version) for version information\n", | ||
338 | progname, OPTIONS, progname, progname); | ||
339 | } | ||