diff options
Diffstat (limited to 'plugins/check_radius.c')
-rw-r--r-- | plugins/check_radius.c | 152 |
1 files changed, 82 insertions, 70 deletions
diff --git a/plugins/check_radius.c b/plugins/check_radius.c index 714de58c..1e4fff7a 100644 --- a/plugins/check_radius.c +++ b/plugins/check_radius.c | |||
@@ -21,79 +21,21 @@ const char *revision = "$Revision$"; | |||
21 | const char *copyright = "2000-2003"; | 21 | const char *copyright = "2000-2003"; |
22 | const char *email = "nagiosplug-devel@lists.sourceforge.net"; | 22 | const char *email = "nagiosplug-devel@lists.sourceforge.net"; |
23 | 23 | ||
24 | #include "config.h" | ||
25 | #include "common.h" | 24 | #include "common.h" |
26 | #include "utils.h" | 25 | #include "utils.h" |
26 | #include "netutils.h" | ||
27 | #include <radiusclient.h> | 27 | #include <radiusclient.h> |
28 | 28 | ||
29 | void | ||
30 | print_usage (void) | ||
31 | { | ||
32 | printf ("\ | ||
33 | Usage: %s -H host -F config_file -u username -p password [-P port]\n\ | ||
34 | [-t timeout] [-r retries] [-e expect]\n", progname); | ||
35 | printf (_(UT_HLP_VRS), progname, progname); | ||
36 | } | ||
37 | |||
38 | void | ||
39 | print_help (void) | ||
40 | { | ||
41 | char *myport; | ||
42 | asprintf (&myport, "%d", PW_AUTH_UDP_PORT); | ||
43 | |||
44 | print_revision (progname, revision); | ||
45 | |||
46 | printf (_("Copyright (c) 1999 Robert August Vincent II\n")); | ||
47 | printf (_(COPYRIGHT), copyright, email); | ||
48 | |||
49 | printf(_("Tests to see if a radius server is accepting connections.\n\n")); | ||
50 | |||
51 | print_usage (); | ||
52 | |||
53 | printf (_(UT_HELP_VRSN)); | ||
54 | |||
55 | printf (_(UT_HOST_PORT), 'P', myport); | ||
56 | |||
57 | printf (_("\ | ||
58 | -u, --username=STRING\n\ | ||
59 | The user to authenticate\n\ | ||
60 | -p, --password=STRING\n\ | ||
61 | Password for autentication (SECURITY RISK)\n\ | ||
62 | -F, --filename=STRING\n\ | ||
63 | Configuration file\n\ | ||
64 | -e, --expect=STRING\n\ | ||
65 | Response string to expect from the server\n\ | ||
66 | -r, --retries=INTEGER\n\ | ||
67 | Number of times to retry a failed connection\n")); | ||
68 | |||
69 | printf (_(UT_TIMEOUT), timeout_interval); | ||
70 | |||
71 | printf (_("\n\ | ||
72 | This plugin tests a radius server to see if it is accepting connections.\n\ | ||
73 | \n\ | ||
74 | The server to test must be specified in the invocation, as well as a user\n\ | ||
75 | name and password. A configuration file may also be present. The format of\n\ | ||
76 | the configuration file is described in the radiusclient library sources.\n\n")); | ||
77 | |||
78 | printf (_("\ | ||
79 | The password option presents a substantial security issue because the\n\ | ||
80 | password can be determined by careful watching of the command line in\n\ | ||
81 | a process listing. This risk is exacerbated because nagios will\n\ | ||
82 | run the plugin at regular prdictable intervals. Please be sure that\n\ | ||
83 | the password used does not allow access to sensitive system resources,\n\ | ||
84 | otherwise compormise could occur.\n")); | ||
85 | |||
86 | printf (_(UT_SUPPORT)); | ||
87 | } | ||
88 | |||
89 | int process_arguments (int, char **); | 29 | int process_arguments (int, char **); |
30 | void print_help (void); | ||
31 | void print_usage (void); | ||
90 | 32 | ||
91 | char *server = NULL; | 33 | char *server = NULL; |
92 | char *username = NULL; | 34 | char *username = NULL; |
93 | char *password = NULL; | 35 | char *password = NULL; |
94 | char *expect = NULL; | 36 | char *expect = NULL; |
95 | char *config_file = NULL; | 37 | char *config_file = NULL; |
96 | int port = PW_AUTH_UDP_PORT; | 38 | unsigned short port = PW_AUTH_UDP_PORT; |
97 | int retries = 1; | 39 | int retries = 1; |
98 | int verbose = FALSE; | 40 | int verbose = FALSE; |
99 | ENV *env = NULL; | 41 | ENV *env = NULL; |
@@ -159,12 +101,14 @@ main (int argc, char **argv) | |||
159 | SEND_DATA data; | 101 | SEND_DATA data; |
160 | int result; | 102 | int result; |
161 | UINT4 client_id; | 103 | UINT4 client_id; |
104 | char *str; | ||
162 | 105 | ||
163 | if (process_arguments (argc, argv) == ERROR) | 106 | if (process_arguments (argc, argv) == ERROR) |
164 | usage (_("Could not parse arguments\n")); | 107 | usage (_("Could not parse arguments\n")); |
165 | 108 | ||
109 | str = strdup ("dictionary"); | ||
166 | if ((config_file && rc_read_config (config_file)) || | 110 | if ((config_file && rc_read_config (config_file)) || |
167 | rc_read_dictionary (rc_conf_str ("dictionary"))) | 111 | rc_read_dictionary (rc_conf_str (str))) |
168 | die (STATE_UNKNOWN, _("Config file error")); | 112 | die (STATE_UNKNOWN, _("Config file error")); |
169 | 113 | ||
170 | service = PW_AUTHENTICATE_ONLY; | 114 | service = PW_AUTHENTICATE_ONLY; |
@@ -184,8 +128,8 @@ main (int argc, char **argv) | |||
184 | if (rc_avpair_add (&(data.send_pairs), PW_NAS_IP_ADDRESS, &client_id, 0) == | 128 | if (rc_avpair_add (&(data.send_pairs), PW_NAS_IP_ADDRESS, &client_id, 0) == |
185 | NULL) return (ERROR_RC); | 129 | NULL) return (ERROR_RC); |
186 | 130 | ||
187 | rc_buildreq (&data, PW_ACCESS_REQUEST, server, port, timeout_interval, | 131 | rc_buildreq (&data, PW_ACCESS_REQUEST, server, port, (int)timeout_interval, |
188 | retries); | 132 | retries); |
189 | 133 | ||
190 | result = rc_send_server (&data, msg); | 134 | result = rc_send_server (&data, msg); |
191 | rc_avpair_free (data.send_pairs); | 135 | rc_avpair_free (data.send_pairs); |
@@ -199,7 +143,7 @@ main (int argc, char **argv) | |||
199 | if (result == BADRESP_RC) | 143 | if (result == BADRESP_RC) |
200 | die (STATE_WARNING, _("Auth Failed")); | 144 | die (STATE_WARNING, _("Auth Failed")); |
201 | if (expect && !strstr (msg, expect)) | 145 | if (expect && !strstr (msg, expect)) |
202 | die (STATE_WARNING, msg); | 146 | die (STATE_WARNING, "%s", msg); |
203 | if (result == OK_RC) | 147 | if (result == OK_RC) |
204 | die (STATE_OK, _("Auth OK")); | 148 | die (STATE_OK, _("Auth OK")); |
205 | return (0); | 149 | return (0); |
@@ -213,8 +157,8 @@ process_arguments (int argc, char **argv) | |||
213 | { | 157 | { |
214 | int c; | 158 | int c; |
215 | 159 | ||
216 | int option_index = 0; | 160 | int option = 0; |
217 | static struct option long_options[] = { | 161 | static struct option longopts[] = { |
218 | {"hostname", required_argument, 0, 'H'}, | 162 | {"hostname", required_argument, 0, 'H'}, |
219 | {"port", required_argument, 0, 'P'}, | 163 | {"port", required_argument, 0, 'P'}, |
220 | {"username", required_argument, 0, 'u'}, | 164 | {"username", required_argument, 0, 'u'}, |
@@ -254,8 +198,8 @@ process_arguments (int argc, char **argv) | |||
254 | } | 198 | } |
255 | 199 | ||
256 | while (1) { | 200 | while (1) { |
257 | c = getopt_long (argc, argv, "+hVvH:P:F:u:p:t:r:e:", long_options, | 201 | c = getopt_long (argc, argv, "+hVvH:P:F:u:p:t:r:e:", longopts, |
258 | &option_index); | 202 | &option); |
259 | 203 | ||
260 | if (c == -1 || c == EOF || c == 1) | 204 | if (c == -1 || c == EOF || c == 1) |
261 | break; | 205 | break; |
@@ -316,3 +260,71 @@ process_arguments (int argc, char **argv) | |||
316 | } | 260 | } |
317 | return OK; | 261 | return OK; |
318 | } | 262 | } |
263 | |||
264 | |||
265 | |||
266 | |||
267 | |||
268 | |||
269 | void | ||
270 | print_help (void) | ||
271 | { | ||
272 | char *myport; | ||
273 | asprintf (&myport, "%d", PW_AUTH_UDP_PORT); | ||
274 | |||
275 | print_revision (progname, revision); | ||
276 | |||
277 | printf (_("Copyright (c) 1999 Robert August Vincent II\n")); | ||
278 | printf (_(COPYRIGHT), copyright, email); | ||
279 | |||
280 | printf(_("Tests to see if a radius server is accepting connections.\n\n")); | ||
281 | |||
282 | print_usage (); | ||
283 | |||
284 | printf (_(UT_HELP_VRSN)); | ||
285 | |||
286 | printf (_(UT_HOST_PORT), 'P', myport); | ||
287 | |||
288 | printf (_("\ | ||
289 | -u, --username=STRING\n\ | ||
290 | The user to authenticate\n\ | ||
291 | -p, --password=STRING\n\ | ||
292 | Password for autentication (SECURITY RISK)\n\ | ||
293 | -F, --filename=STRING\n\ | ||
294 | Configuration file\n\ | ||
295 | -e, --expect=STRING\n\ | ||
296 | Response string to expect from the server\n\ | ||
297 | -r, --retries=INTEGER\n\ | ||
298 | Number of times to retry a failed connection\n")); | ||
299 | |||
300 | printf (_(UT_TIMEOUT), timeout_interval); | ||
301 | |||
302 | printf (_("\n\ | ||
303 | This plugin tests a radius server to see if it is accepting connections.\n\ | ||
304 | \n\ | ||
305 | The server to test must be specified in the invocation, as well as a user\n\ | ||
306 | name and password. A configuration file may also be present. The format of\n\ | ||
307 | the configuration file is described in the radiusclient library sources.\n\n")); | ||
308 | |||
309 | printf (_("\ | ||
310 | The password option presents a substantial security issue because the\n\ | ||
311 | password can be determined by careful watching of the command line in\n\ | ||
312 | a process listing. This risk is exacerbated because nagios will\n\ | ||
313 | run the plugin at regular prdictable intervals. Please be sure that\n\ | ||
314 | the password used does not allow access to sensitive system resources,\n\ | ||
315 | otherwise compormise could occur.\n")); | ||
316 | |||
317 | printf (_(UT_SUPPORT)); | ||
318 | } | ||
319 | |||
320 | |||
321 | |||
322 | |||
323 | void | ||
324 | print_usage (void) | ||
325 | { | ||
326 | printf ("\ | ||
327 | Usage: %s -H host -F config_file -u username -p password [-P port]\n\ | ||
328 | [-t timeout] [-r retries] [-e expect]\n", progname); | ||
329 | printf (_(UT_HLP_VRS), progname, progname); | ||
330 | } | ||