summaryrefslogtreecommitdiffstats
path: root/plugins/check_radius.c
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/check_radius.c')
-rw-r--r--plugins/check_radius.c152
1 files changed, 82 insertions, 70 deletions
diff --git a/plugins/check_radius.c b/plugins/check_radius.c
index 714de58c..1e4fff7a 100644
--- a/plugins/check_radius.c
+++ b/plugins/check_radius.c
@@ -21,79 +21,21 @@ const char *revision = "$Revision$";
21const char *copyright = "2000-2003"; 21const char *copyright = "2000-2003";
22const char *email = "nagiosplug-devel@lists.sourceforge.net"; 22const char *email = "nagiosplug-devel@lists.sourceforge.net";
23 23
24#include "config.h"
25#include "common.h" 24#include "common.h"
26#include "utils.h" 25#include "utils.h"
26#include "netutils.h"
27#include <radiusclient.h> 27#include <radiusclient.h>
28 28
29void
30print_usage (void)
31{
32 printf ("\
33Usage: %s -H host -F config_file -u username -p password [-P port]\n\
34 [-t timeout] [-r retries] [-e expect]\n", progname);
35 printf (_(UT_HLP_VRS), progname, progname);
36}
37
38void
39print_help (void)
40{
41 char *myport;
42 asprintf (&myport, "%d", PW_AUTH_UDP_PORT);
43
44 print_revision (progname, revision);
45
46 printf (_("Copyright (c) 1999 Robert August Vincent II\n"));
47 printf (_(COPYRIGHT), copyright, email);
48
49 printf(_("Tests to see if a radius server is accepting connections.\n\n"));
50
51 print_usage ();
52
53 printf (_(UT_HELP_VRSN));
54
55 printf (_(UT_HOST_PORT), 'P', myport);
56
57 printf (_("\
58 -u, --username=STRING\n\
59 The user to authenticate\n\
60 -p, --password=STRING\n\
61 Password for autentication (SECURITY RISK)\n\
62 -F, --filename=STRING\n\
63 Configuration file\n\
64 -e, --expect=STRING\n\
65 Response string to expect from the server\n\
66 -r, --retries=INTEGER\n\
67 Number of times to retry a failed connection\n"));
68
69 printf (_(UT_TIMEOUT), timeout_interval);
70
71 printf (_("\n\
72This plugin tests a radius server to see if it is accepting connections.\n\
73\n\
74The server to test must be specified in the invocation, as well as a user\n\
75name and password. A configuration file may also be present. The format of\n\
76the configuration file is described in the radiusclient library sources.\n\n"));
77
78 printf (_("\
79The password option presents a substantial security issue because the\n\
80password can be determined by careful watching of the command line in\n\
81a process listing. This risk is exacerbated because nagios will\n\
82run the plugin at regular prdictable intervals. Please be sure that\n\
83the password used does not allow access to sensitive system resources,\n\
84otherwise compormise could occur.\n"));
85
86 printf (_(UT_SUPPORT));
87}
88
89int process_arguments (int, char **); 29int process_arguments (int, char **);
30void print_help (void);
31void print_usage (void);
90 32
91char *server = NULL; 33char *server = NULL;
92char *username = NULL; 34char *username = NULL;
93char *password = NULL; 35char *password = NULL;
94char *expect = NULL; 36char *expect = NULL;
95char *config_file = NULL; 37char *config_file = NULL;
96int port = PW_AUTH_UDP_PORT; 38unsigned short port = PW_AUTH_UDP_PORT;
97int retries = 1; 39int retries = 1;
98int verbose = FALSE; 40int verbose = FALSE;
99ENV *env = NULL; 41ENV *env = NULL;
@@ -159,12 +101,14 @@ main (int argc, char **argv)
159 SEND_DATA data; 101 SEND_DATA data;
160 int result; 102 int result;
161 UINT4 client_id; 103 UINT4 client_id;
104 char *str;
162 105
163 if (process_arguments (argc, argv) == ERROR) 106 if (process_arguments (argc, argv) == ERROR)
164 usage (_("Could not parse arguments\n")); 107 usage (_("Could not parse arguments\n"));
165 108
109 str = strdup ("dictionary");
166 if ((config_file && rc_read_config (config_file)) || 110 if ((config_file && rc_read_config (config_file)) ||
167 rc_read_dictionary (rc_conf_str ("dictionary"))) 111 rc_read_dictionary (rc_conf_str (str)))
168 die (STATE_UNKNOWN, _("Config file error")); 112 die (STATE_UNKNOWN, _("Config file error"));
169 113
170 service = PW_AUTHENTICATE_ONLY; 114 service = PW_AUTHENTICATE_ONLY;
@@ -184,8 +128,8 @@ main (int argc, char **argv)
184 if (rc_avpair_add (&(data.send_pairs), PW_NAS_IP_ADDRESS, &client_id, 0) == 128 if (rc_avpair_add (&(data.send_pairs), PW_NAS_IP_ADDRESS, &client_id, 0) ==
185 NULL) return (ERROR_RC); 129 NULL) return (ERROR_RC);
186 130
187 rc_buildreq (&data, PW_ACCESS_REQUEST, server, port, timeout_interval, 131 rc_buildreq (&data, PW_ACCESS_REQUEST, server, port, (int)timeout_interval,
188 retries); 132 retries);
189 133
190 result = rc_send_server (&data, msg); 134 result = rc_send_server (&data, msg);
191 rc_avpair_free (data.send_pairs); 135 rc_avpair_free (data.send_pairs);
@@ -199,7 +143,7 @@ main (int argc, char **argv)
199 if (result == BADRESP_RC) 143 if (result == BADRESP_RC)
200 die (STATE_WARNING, _("Auth Failed")); 144 die (STATE_WARNING, _("Auth Failed"));
201 if (expect && !strstr (msg, expect)) 145 if (expect && !strstr (msg, expect))
202 die (STATE_WARNING, msg); 146 die (STATE_WARNING, "%s", msg);
203 if (result == OK_RC) 147 if (result == OK_RC)
204 die (STATE_OK, _("Auth OK")); 148 die (STATE_OK, _("Auth OK"));
205 return (0); 149 return (0);
@@ -213,8 +157,8 @@ process_arguments (int argc, char **argv)
213{ 157{
214 int c; 158 int c;
215 159
216 int option_index = 0; 160 int option = 0;
217 static struct option long_options[] = { 161 static struct option longopts[] = {
218 {"hostname", required_argument, 0, 'H'}, 162 {"hostname", required_argument, 0, 'H'},
219 {"port", required_argument, 0, 'P'}, 163 {"port", required_argument, 0, 'P'},
220 {"username", required_argument, 0, 'u'}, 164 {"username", required_argument, 0, 'u'},
@@ -254,8 +198,8 @@ process_arguments (int argc, char **argv)
254 } 198 }
255 199
256 while (1) { 200 while (1) {
257 c = getopt_long (argc, argv, "+hVvH:P:F:u:p:t:r:e:", long_options, 201 c = getopt_long (argc, argv, "+hVvH:P:F:u:p:t:r:e:", longopts,
258 &option_index); 202 &option);
259 203
260 if (c == -1 || c == EOF || c == 1) 204 if (c == -1 || c == EOF || c == 1)
261 break; 205 break;
@@ -316,3 +260,71 @@ process_arguments (int argc, char **argv)
316 } 260 }
317 return OK; 261 return OK;
318} 262}
263
264
265
266
267
268
269void
270print_help (void)
271{
272 char *myport;
273 asprintf (&myport, "%d", PW_AUTH_UDP_PORT);
274
275 print_revision (progname, revision);
276
277 printf (_("Copyright (c) 1999 Robert August Vincent II\n"));
278 printf (_(COPYRIGHT), copyright, email);
279
280 printf(_("Tests to see if a radius server is accepting connections.\n\n"));
281
282 print_usage ();
283
284 printf (_(UT_HELP_VRSN));
285
286 printf (_(UT_HOST_PORT), 'P', myport);
287
288 printf (_("\
289 -u, --username=STRING\n\
290 The user to authenticate\n\
291 -p, --password=STRING\n\
292 Password for autentication (SECURITY RISK)\n\
293 -F, --filename=STRING\n\
294 Configuration file\n\
295 -e, --expect=STRING\n\
296 Response string to expect from the server\n\
297 -r, --retries=INTEGER\n\
298 Number of times to retry a failed connection\n"));
299
300 printf (_(UT_TIMEOUT), timeout_interval);
301
302 printf (_("\n\
303This plugin tests a radius server to see if it is accepting connections.\n\
304\n\
305The server to test must be specified in the invocation, as well as a user\n\
306name and password. A configuration file may also be present. The format of\n\
307the configuration file is described in the radiusclient library sources.\n\n"));
308
309 printf (_("\
310The password option presents a substantial security issue because the\n\
311password can be determined by careful watching of the command line in\n\
312a process listing. This risk is exacerbated because nagios will\n\
313run the plugin at regular prdictable intervals. Please be sure that\n\
314the password used does not allow access to sensitive system resources,\n\
315otherwise compormise could occur.\n"));
316
317 printf (_(UT_SUPPORT));
318}
319
320
321
322
323void
324print_usage (void)
325{
326 printf ("\
327Usage: %s -H host -F config_file -u username -p password [-P port]\n\
328 [-t timeout] [-r retries] [-e expect]\n", progname);
329 printf (_(UT_HLP_VRS), progname, progname);
330}