summaryrefslogtreecommitdiffstats
path: root/plugins/check_radius.c
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/check_radius.c')
-rw-r--r--plugins/check_radius.c633
1 files changed, 361 insertions, 272 deletions
diff --git a/plugins/check_radius.c b/plugins/check_radius.c
index 6b32710a..03153926 100644
--- a/plugins/check_radius.c
+++ b/plugins/check_radius.c
@@ -1,99 +1,96 @@
1/***************************************************************************** 1/*****************************************************************************
2* 2 *
3* Monitoring check_radius plugin 3 * Monitoring check_radius plugin
4* 4 *
5* License: GPL 5 * License: GPL
6* Copyright (c) 1999-2008 Monitoring Plugins Development Team 6 * Copyright (c) 1999-2024 Monitoring Plugins Development Team
7* 7 *
8* Description: 8 * Description:
9* 9 *
10* This file contains the check_radius plugin 10 * This file contains the check_radius plugin
11* 11 *
12* Tests to see if a radius server is accepting connections. 12 * Tests to see if a radius server is accepting connections.
13* 13 *
14* 14 *
15* This program is free software: you can redistribute it and/or modify 15 * This program is free software: you can redistribute it and/or modify
16* it under the terms of the GNU General Public License as published by 16 * it under the terms of the GNU General Public License as published by
17* the Free Software Foundation, either version 3 of the License, or 17 * the Free Software Foundation, either version 3 of the License, or
18* (at your option) any later version. 18 * (at your option) any later version.
19* 19 *
20* This program is distributed in the hope that it will be useful, 20 * This program is distributed in the hope that it will be useful,
21* but WITHOUT ANY WARRANTY; without even the implied warranty of 21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23* GNU General Public License for more details. 23 * GNU General Public License for more details.
24* 24 *
25* You should have received a copy of the GNU General Public License 25 * You should have received a copy of the GNU General Public License
26* along with this program. If not, see <http://www.gnu.org/licenses/>. 26 * along with this program. If not, see <http://www.gnu.org/licenses/>.
27* 27 *
28* 28 *
29*****************************************************************************/ 29 *****************************************************************************/
30 30
31#include "output.h"
31const char *progname = "check_radius"; 32const char *progname = "check_radius";
32const char *copyright = "2000-2008"; 33const char *copyright = "2000-2024";
33const char *email = "devel@monitoring-plugins.org"; 34const char *email = "devel@monitoring-plugins.org";
34 35
35#include "common.h" 36#include "common.h"
36#include "utils.h" 37#include "utils.h"
37#include "netutils.h" 38#include "netutils.h"
39#include "states.h"
40#include "check_radius.d/config.h"
38 41
39#if defined(HAVE_LIBRADCLI) 42#if defined(HAVE_LIBRADCLI)
40#include <radcli/radcli.h> 43# include <radcli/radcli.h>
41#elif defined(HAVE_LIBFREERADIUS_CLIENT) 44#elif defined(HAVE_LIBFREERADIUS_CLIENT)
42#include <freeradius-client.h> 45# include <freeradius-client.h>
43#elif defined(HAVE_LIBRADIUSCLIENT_NG) 46#elif defined(HAVE_LIBRADIUSCLIENT_NG)
44#include <radiusclient-ng.h> 47# include <radiusclient-ng.h>
45#else 48#else
46#include <radiusclient.h> 49# include <radiusclient.h>
47#endif 50#endif
48 51
49int process_arguments (int, char **); 52typedef struct {
50void print_help (void); 53 int errorcode;
51void print_usage (void); 54 check_radius_config config;
52 55} check_radius_config_wrapper;
53#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) || defined(HAVE_LIBRADCLI) 56static check_radius_config_wrapper process_arguments(int /*argc*/, char ** /*argv*/);
54#define my_rc_conf_str(a) rc_conf_str(rch,a) 57static void print_help(void);
55#if defined(HAVE_LIBRADCLI) 58void print_usage(void);
56#define my_rc_send_server(a,b) rc_send_server(rch,a,b,AUTH) 59
57#else 60#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) || \
58#define my_rc_send_server(a,b) rc_send_server(rch,a,b) 61 defined(HAVE_LIBRADCLI)
59#endif 62# define my_rc_conf_str(a) rc_conf_str(rch, a)
60#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADCLI) 63# if defined(HAVE_LIBRADCLI)
61#define my_rc_buildreq(a,b,c,d,e,f) rc_buildreq(rch,a,b,c,d,(a)->secret,e,f) 64# define my_rc_send_server(a, b) rc_send_server(rch, a, b, AUTH)
65# elif defined(HAVE_LIBFREERADIUS_CLIENT)
66# define my_rc_send_server(a, b) rc_send_server(rch, a, b, 0)
67# else
68# define my_rc_send_server(a, b) rc_send_server(rch, a, b)
69# endif
70# if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADCLI)
71# define my_rc_buildreq(a, b, c, d, e, f) rc_buildreq(rch, a, b, c, d, (a)->secret, e, f)
72# else
73# define my_rc_buildreq(a, b, c, d, e, f) rc_buildreq(rch, a, b, c, d, e, f)
74# endif
75# define my_rc_avpair_add(a, b, c, d) rc_avpair_add(rch, a, b, c, -1, d)
76# define my_rc_read_dictionary(a) rc_read_dictionary(rch, a)
62#else 77#else
63#define my_rc_buildreq(a,b,c,d,e,f) rc_buildreq(rch,a,b,c,d,e,f) 78# define my_rc_conf_str(a) rc_conf_str(a)
64#endif 79# define my_rc_send_server(a, b) rc_send_server(a, b)
65#define my_rc_avpair_add(a,b,c,d) rc_avpair_add(rch,a,b,c,-1,d) 80# define my_rc_buildreq(a, b, c, d, e, f) rc_buildreq(a, b, c, d, e, f)
66#define my_rc_read_dictionary(a) rc_read_dictionary(rch, a) 81# define my_rc_avpair_add(a, b, c, d) rc_avpair_add(a, b, c, d)
67#else 82# define my_rc_read_dictionary(a) rc_read_dictionary(a)
68#define my_rc_conf_str(a) rc_conf_str(a)
69#define my_rc_send_server(a,b) rc_send_server(a, b)
70#define my_rc_buildreq(a,b,c,d,e,f) rc_buildreq(a,b,c,d,e,f)
71#define my_rc_avpair_add(a,b,c,d) rc_avpair_add(a, b, c, d)
72#define my_rc_read_dictionary(a) rc_read_dictionary(a)
73#endif 83#endif
74 84
75/* REJECT_RC is only defined in some version of radiusclient. It has 85/* REJECT_RC is only defined in some version of radiusclient. It has
76 * been reported from radiusclient-ng 0.5.6 on FreeBSD 7.2-RELEASE */ 86 * been reported from radiusclient-ng 0.5.6 on FreeBSD 7.2-RELEASE */
77#ifndef REJECT_RC 87#ifndef REJECT_RC
78#define REJECT_RC BADRESP_RC 88# define REJECT_RC BADRESP_RC
79#endif 89#endif
80 90
81int my_rc_read_config(char *); 91static int my_rc_read_config(char * /*a*/, rc_handle ** /*rch*/);
82
83#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) || defined(HAVE_LIBRADCLI)
84rc_handle *rch = NULL;
85#endif
86 92
87char *server = NULL; 93static bool verbose = false;
88char *username = NULL;
89char *password = NULL;
90char *nasid = NULL;
91char *nasipaddress = NULL;
92char *expect = NULL;
93char *config_file = NULL;
94unsigned short port = PW_AUTH_UDP_PORT;
95int retries = 1;
96bool verbose = false;
97 94
98/****************************************************************************** 95/******************************************************************************
99 96
@@ -148,149 +145,229 @@ Please note that all tags must be lowercase to use the DocBook XML DTD.
148-@@ 145-@@
149******************************************************************************/ 146******************************************************************************/
150 147
148int main(int argc, char **argv) {
149 setlocale(LC_ALL, "");
150 bindtextdomain(PACKAGE, LOCALEDIR);
151 textdomain(PACKAGE);
151 152
153 /* Parse extra opts if any */
154 argv = np_extra_opts(&argc, argv, progname);
155
156 check_radius_config_wrapper tmp_config = process_arguments(argc, argv);
157
158 if (tmp_config.errorcode == ERROR) {
159 usage4(_("Could not parse arguments"));
160 }
161
162 check_radius_config config = tmp_config.config;
163
164 if (config.output_format_is_set) {
165 mp_set_format(config.output_format);
166 }
167
168#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) || \
169 defined(HAVE_LIBRADCLI)
170 rc_handle *rch = NULL;
171#endif
172
173 mp_check overall = mp_check_init();
174 mp_subcheck sc_read_config = mp_subcheck_init();
175
176 char *str = strdup("dictionary");
177 if ((config.config_file && my_rc_read_config(config.config_file, &rch)) ||
178 my_rc_read_dictionary(my_rc_conf_str(str))) {
179 sc_read_config = mp_set_subcheck_state(sc_read_config, STATE_UNKNOWN);
180 xasprintf(&sc_read_config.output, "failed to read config file");
181 mp_add_subcheck_to_check(&overall, sc_read_config);
182 mp_exit(overall);
183 }
184
185 sc_read_config = mp_set_subcheck_state(sc_read_config, STATE_OK);
186 xasprintf(&sc_read_config.output, "read config file successfully");
187 mp_add_subcheck_to_check(&overall, sc_read_config);
188
189 uint32_t service = PW_AUTHENTICATE_ONLY;
190
191 mp_subcheck sc_configuring = mp_subcheck_init();
192 SEND_DATA data;
193 memset(&data, 0, sizeof(data));
194 if (!(my_rc_avpair_add(&data.send_pairs, PW_SERVICE_TYPE, &service, 0) &&
195 my_rc_avpair_add(&data.send_pairs, PW_USER_NAME, config.username, 0) &&
196 my_rc_avpair_add(&data.send_pairs, PW_USER_PASSWORD, config.password, 0))) {
197 xasprintf(&sc_configuring.output, "Failed to the radius options: Out of Memory?");
198 sc_configuring = mp_set_subcheck_state(sc_configuring, STATE_UNKNOWN);
199 mp_add_subcheck_to_check(&overall, sc_configuring);
200 mp_exit(overall);
201 }
202
203 if (config.nas_id != NULL) {
204 if (!(my_rc_avpair_add(&data.send_pairs, PW_NAS_IDENTIFIER, config.nas_id, 0))) {
205 xasprintf(&sc_configuring.output,
206 "Failed to the radius options: invalid NAS identifier?");
207 sc_configuring = mp_set_subcheck_state(sc_configuring, STATE_UNKNOWN);
208 mp_add_subcheck_to_check(&overall, sc_configuring);
209 mp_exit(overall);
210 }
211 }
152 212
153int
154main (int argc, char **argv)
155{
156 struct sockaddr_storage ss;
157 char name[HOST_NAME_MAX]; 213 char name[HOST_NAME_MAX];
214 if (config.nas_ip_address == NULL) {
215 if (gethostname(name, sizeof(name)) != 0) {
216 xasprintf(&sc_configuring.output, "gethostname() failed");
217 sc_configuring = mp_set_subcheck_state(sc_configuring, STATE_UNKNOWN);
218 mp_add_subcheck_to_check(&overall, sc_configuring);
219 mp_exit(overall);
220 }
221 config.nas_ip_address = name;
222 }
223
224 struct sockaddr_storage radius_server_socket;
225 if (!dns_lookup(config.nas_ip_address, &radius_server_socket, AF_UNSPEC)) {
226 xasprintf(&sc_configuring.output, "invalid NAS IP address. Lookup failed");
227 sc_configuring = mp_set_subcheck_state(sc_configuring, STATE_UNKNOWN);
228 mp_add_subcheck_to_check(&overall, sc_configuring);
229 mp_exit(overall);
230 }
231
232 uint32_t client_id = ntohl(((struct sockaddr_in *)&radius_server_socket)->sin_addr.s_addr);
233 if (my_rc_avpair_add(&(data.send_pairs), PW_NAS_IP_ADDRESS, &client_id, 0) == NULL) {
234 xasprintf(&sc_configuring.output, "invalid NAS IP address. Setting option failed");
235 sc_configuring = mp_set_subcheck_state(sc_configuring, STATE_UNKNOWN);
236 mp_add_subcheck_to_check(&overall, sc_configuring);
237 mp_exit(overall);
238 }
239
240 my_rc_buildreq(&data, PW_ACCESS_REQUEST, config.server, config.port, (int)timeout_interval,
241 config.retries);
242
158#ifdef RC_BUFFER_LEN 243#ifdef RC_BUFFER_LEN
159 char msg[RC_BUFFER_LEN]; 244 char msg[RC_BUFFER_LEN];
160#else 245#else
161 char msg[BUFFER_LEN]; 246 char msg[BUFFER_LEN];
162#endif 247#endif
163 SEND_DATA data;
164 int result = STATE_UNKNOWN;
165 uint32_t client_id, service;
166 char *str;
167 248
168 setlocale (LC_ALL, ""); 249 int result = my_rc_send_server(&data, msg);
169 bindtextdomain (PACKAGE, LOCALEDIR); 250 rc_avpair_free(data.send_pairs);
170 textdomain (PACKAGE); 251 if (data.receive_pairs) {
252 rc_avpair_free(data.receive_pairs);
253 }
171 254
172 /* Parse extra opts if any */ 255 mp_subcheck sc_eval = mp_subcheck_init();
173 argv=np_extra_opts (&argc, argv, progname);
174 256
175 if (process_arguments (argc, argv) == ERROR) 257 if (result == TIMEOUT_RC) {
176 usage4 (_("Could not parse arguments")); 258 xasprintf(&sc_eval.output, "timeout");
259 sc_eval = mp_set_subcheck_state(sc_eval, STATE_CRITICAL);
260 mp_add_subcheck_to_check(&overall, sc_eval);
261 mp_exit(overall);
262 }
177 263
178 str = strdup ("dictionary"); 264 if (result == ERROR_RC) {
179 if ((config_file && my_rc_read_config (config_file)) || 265 xasprintf(&sc_eval.output, "auth error");
180 my_rc_read_dictionary (my_rc_conf_str (str))) 266 sc_eval = mp_set_subcheck_state(sc_eval, STATE_CRITICAL);
181 die (STATE_UNKNOWN, _("Config file error\n")); 267 mp_add_subcheck_to_check(&overall, sc_eval);
268 mp_exit(overall);
269 }
182 270
183 service = PW_AUTHENTICATE_ONLY; 271 if (result == REJECT_RC) {
272 xasprintf(&sc_eval.output, "auth failed");
273 sc_eval = mp_set_subcheck_state(sc_eval, STATE_WARNING);
274 mp_add_subcheck_to_check(&overall, sc_eval);
275 mp_exit(overall);
276 }
184 277
185 memset (&data, 0, sizeof(data)); 278 if (result == BADRESP_RC) {
186 if (!(my_rc_avpair_add (&data.send_pairs, PW_SERVICE_TYPE, &service, 0) && 279 xasprintf(&sc_eval.output, "bad response");
187 my_rc_avpair_add (&data.send_pairs, PW_USER_NAME, username, 0) && 280 sc_eval = mp_set_subcheck_state(sc_eval, STATE_WARNING);
188 my_rc_avpair_add (&data.send_pairs, PW_USER_PASSWORD, password, 0) 281 mp_add_subcheck_to_check(&overall, sc_eval);
189 )) 282 mp_exit(overall);
190 die (STATE_UNKNOWN, _("Out of Memory?\n")); 283 }
191 284
192 if (nasid != NULL) { 285 if (config.expect && !strstr(msg, config.expect)) {
193 if (!(my_rc_avpair_add (&data.send_pairs, PW_NAS_IDENTIFIER, nasid, 0))) 286 xasprintf(&sc_eval.output, "%s", msg);
194 die (STATE_UNKNOWN, _("Invalid NAS-Identifier\n")); 287 sc_eval = mp_set_subcheck_state(sc_eval, STATE_WARNING);
288 mp_add_subcheck_to_check(&overall, sc_eval);
289 mp_exit(overall);
195 } 290 }
196 291
197 if (nasipaddress == NULL) { 292 if (result == OK_RC) {
198 if (gethostname (name, sizeof(name)) != 0) 293 xasprintf(&sc_eval.output, "auth OK");
199 die (STATE_UNKNOWN, _("gethostname() failed!\n")); 294 sc_eval = mp_set_subcheck_state(sc_eval, STATE_OK);
200 nasipaddress = name; 295 mp_add_subcheck_to_check(&overall, sc_eval);
296 mp_exit(overall);
201 } 297 }
202 if (!dns_lookup (nasipaddress, &ss, AF_INET)) /* TODO: Support IPv6. */
203 die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n"));
204 client_id = ntohl (((struct sockaddr_in *)&ss)->sin_addr.s_addr);
205 if (my_rc_avpair_add (&(data.send_pairs), PW_NAS_IP_ADDRESS, &client_id, 0) == NULL)
206 die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n"));
207
208 my_rc_buildreq (&data, PW_ACCESS_REQUEST, server, port, (int)timeout_interval,
209 retries);
210
211 result = my_rc_send_server (&data, msg);
212 rc_avpair_free (data.send_pairs);
213 if (data.receive_pairs)
214 rc_avpair_free (data.receive_pairs);
215
216 if (result == TIMEOUT_RC)
217 die (STATE_CRITICAL, _("Timeout\n"));
218 if (result == ERROR_RC)
219 die (STATE_CRITICAL, _("Auth Error\n"));
220 if (result == REJECT_RC)
221 die (STATE_WARNING, _("Auth Failed\n"));
222 if (result == BADRESP_RC)
223 die (STATE_WARNING, _("Bad Response\n"));
224 if (expect && !strstr (msg, expect))
225 die (STATE_WARNING, "%s\n", msg);
226 if (result == OK_RC)
227 die (STATE_OK, _("Auth OK\n"));
228 (void)snprintf(msg, sizeof(msg), _("Unexpected result code %d"), result);
229 die (STATE_UNKNOWN, "%s\n", msg);
230}
231 298
299 xasprintf(&sc_eval.output, "unexpected result code: %d", result);
300 sc_eval = mp_set_subcheck_state(sc_eval, STATE_UNKNOWN);
301 mp_add_subcheck_to_check(&overall, sc_eval);
232 302
303 mp_exit(overall);
304}
233 305
234/* process command-line arguments */ 306/* process command-line arguments */
235int 307check_radius_config_wrapper process_arguments(int argc, char **argv) {
236process_arguments (int argc, char **argv) 308 enum {
237{ 309 output_format_index
238 int c;
239
240 int option = 0;
241 static struct option longopts[] = {
242 {"hostname", required_argument, 0, 'H'},
243 {"port", required_argument, 0, 'P'},
244 {"username", required_argument, 0, 'u'},
245 {"password", required_argument, 0, 'p'},
246 {"nas-id", required_argument, 0, 'n'},
247 {"nas-ip-address", required_argument, 0, 'N'},
248 {"filename", required_argument, 0, 'F'},
249 {"expect", required_argument, 0, 'e'},
250 {"retries", required_argument, 0, 'r'},
251 {"timeout", required_argument, 0, 't'},
252 {"verbose", no_argument, 0, 'v'},
253 {"version", no_argument, 0, 'V'},
254 {"help", no_argument, 0, 'h'},
255 {0, 0, 0, 0}
256 }; 310 };
257 311
258 while (1) { 312 static struct option longopts[] = {{"hostname", required_argument, 0, 'H'},
259 c = getopt_long (argc, argv, "+hVvH:P:F:u:p:n:N:t:r:e:", longopts, 313 {"port", required_argument, 0, 'P'},
260 &option); 314 {"username", required_argument, 0, 'u'},
315 {"password", required_argument, 0, 'p'},
316 {"nas-id", required_argument, 0, 'n'},
317 {"nas-ip-address", required_argument, 0, 'N'},
318 {"filename", required_argument, 0, 'F'},
319 {"expect", required_argument, 0, 'e'},
320 {"retries", required_argument, 0, 'r'},
321 {"timeout", required_argument, 0, 't'},
322 {"verbose", no_argument, 0, 'v'},
323 {"version", no_argument, 0, 'V'},
324 {"help", no_argument, 0, 'h'},
325 {"output-format", required_argument, 0, output_format_index},
326 {0, 0, 0, 0}};
327
328 check_radius_config_wrapper result = {
329 .errorcode = OK,
330 .config = check_radius_config_init(),
331 };
332
333 while (true) {
334 int option = 0;
335 int option_index = getopt_long(argc, argv, "+hVvH:P:F:u:p:n:N:t:r:e:", longopts, &option);
261 336
262 if (c == -1 || c == EOF || c == 1) 337 if (CHECK_EOF(option_index) || option_index == 1) {
263 break; 338 break;
339 }
264 340
265 switch (c) { 341 switch (option_index) {
266 case '?': /* print short usage statement if args not parsable */ 342 case '?': /* print short usage statement if args not parsable */
267 usage5 (); 343 usage5();
268 case 'h': /* help */ 344 case 'h': /* help */
269 print_help (); 345 print_help();
270 exit (STATE_UNKNOWN); 346 exit(STATE_UNKNOWN);
271 case 'V': /* version */ 347 case 'V': /* version */
272 print_revision (progname, NP_VERSION); 348 print_revision(progname, NP_VERSION);
273 exit (STATE_UNKNOWN); 349 exit(STATE_UNKNOWN);
274 case 'v': /* verbose mode */ 350 case 'v': /* verbose mode */
275 verbose = true; 351 verbose = true;
276 break; 352 break;
277 case 'H': /* hostname */ 353 case 'H': /* hostname */
278 if (!is_host (optarg)) { 354 if (!is_host(optarg)) {
279 usage2 (_("Invalid hostname/address"), optarg); 355 usage2(_("Invalid hostname/address"), optarg);
280 } 356 }
281 server = optarg; 357 result.config.server = optarg;
282 break; 358 break;
283 case 'P': /* port */ 359 case 'P': /* port */
284 if (is_intnonneg (optarg)) 360 if (is_intnonneg(optarg)) {
285 port = (unsigned short)atoi (optarg); 361 result.config.port = (unsigned short)atoi(optarg);
286 else 362 } else {
287 usage4 (_("Port must be a positive integer")); 363 usage4(_("Port must be a positive integer"));
364 }
288 break; 365 break;
289 case 'u': /* username */ 366 case 'u': /* username */
290 username = optarg; 367 result.config.username = optarg;
291 break; 368 break;
292 case 'p': /* password */ 369 case 'p': /* password */
293 password = strdup(optarg); 370 result.config.password = strdup(optarg);
294 371
295 /* Delete the password from process list */ 372 /* Delete the password from process list */
296 while (*optarg != '\0') { 373 while (*optarg != '\0') {
@@ -298,119 +375,131 @@ process_arguments (int argc, char **argv)
298 optarg++; 375 optarg++;
299 } 376 }
300 break; 377 break;
301 case 'n': /* nas id */ 378 case 'n': /* nas id */
302 nasid = optarg; 379 result.config.nas_id = optarg;
303 break; 380 break;
304 case 'N': /* nas ip address */ 381 case 'N': /* nas ip address */
305 nasipaddress = optarg; 382 result.config.nas_ip_address = optarg;
306 break; 383 break;
307 case 'F': /* configuration file */ 384 case 'F': /* configuration file */
308 config_file = optarg; 385 result.config.config_file = optarg;
309 break; 386 break;
310 case 'e': /* expect */ 387 case 'e': /* expect */
311 expect = optarg; 388 result.config.expect = optarg;
312 break; 389 break;
313 case 'r': /* retries */ 390 case 'r': /* retries */
314 if (is_intpos (optarg)) 391 if (is_intpos(optarg)) {
315 retries = atoi (optarg); 392 result.config.retries = atoi(optarg);
316 else 393 } else {
317 usage4 (_("Number of retries must be a positive integer")); 394 usage4(_("Number of retries must be a positive integer"));
395 }
396 break;
397 case 't': /* timeout */
398 if (is_intpos(optarg)) {
399 timeout_interval = (unsigned)atoi(optarg);
400 } else {
401 usage2(_("Timeout interval must be a positive integer"), optarg);
402 }
318 break; 403 break;
319 case 't': /* timeout */ 404 case output_format_index: {
320 if (is_intpos (optarg)) 405 parsed_output_format parser = mp_parse_output_format(optarg);
321 timeout_interval = (unsigned)atoi (optarg); 406 if (!parser.parsing_success) {
322 else 407 // TODO List all available formats here, maybe add anothoer usage function
323 usage2 (_("Timeout interval must be a positive integer"), optarg); 408 printf("Invalid output format: %s\n", optarg);
409 exit(STATE_UNKNOWN);
410 }
411
412 result.config.output_format_is_set = true;
413 result.config.output_format = parser.output_format;
324 break; 414 break;
325 } 415 }
416 }
326 } 417 }
327 418
328 if (server == NULL) 419 if (result.config.server == NULL) {
329 usage4 (_("Hostname was not supplied")); 420 usage4(_("Hostname was not supplied"));
330 if (username == NULL) 421 }
331 usage4 (_("User not specified")); 422 if (result.config.username == NULL) {
332 if (password == NULL) 423 usage4(_("User not specified"));
333 usage4 (_("Password not specified")); 424 }
334 if (config_file == NULL) 425 if (result.config.password == NULL) {
335 usage4 (_("Configuration file not specified")); 426 usage4(_("Password not specified"));
427 }
428 if (result.config.config_file == NULL) {
429 usage4(_("Configuration file not specified"));
430 }
336 431
337 return OK; 432 return result;
338} 433}
339 434
340 435void print_help(void) {
341
342void
343print_help (void)
344{
345 char *myport; 436 char *myport;
346 xasprintf (&myport, "%d", PW_AUTH_UDP_PORT); 437 xasprintf(&myport, "%d", PW_AUTH_UDP_PORT);
347 438
348 print_revision (progname, NP_VERSION); 439 print_revision(progname, NP_VERSION);
349 440
350 printf ("Copyright (c) 1999 Robert August Vincent II\n"); 441 printf("Copyright (c) 1999 Robert August Vincent II\n");
351 printf (COPYRIGHT, copyright, email); 442 printf(COPYRIGHT, copyright, email);
352 443
353 printf("%s\n", _("Tests to see if a RADIUS server is accepting connections.")); 444 printf("%s\n", _("Tests to see if a RADIUS server is accepting connections."));
354 445
355 printf ("\n\n"); 446 printf("\n\n");
356 447
357 print_usage (); 448 print_usage();
358 449
359 printf (UT_HELP_VRSN); 450 printf(UT_HELP_VRSN);
360 printf (UT_EXTRA_OPTS); 451 printf(UT_EXTRA_OPTS);
361 452
362 printf (UT_HOST_PORT, 'P', myport); 453 printf(UT_HOST_PORT, 'P', myport);
363 454
364 printf (" %s\n", "-u, --username=STRING"); 455 printf(" %s\n", "-u, --username=STRING");
365 printf (" %s\n", _("The user to authenticate")); 456 printf(" %s\n", _("The user to authenticate"));
366 printf (" %s\n", "-p, --password=STRING"); 457 printf(" %s\n", "-p, --password=STRING");
367 printf (" %s\n", _("Password for authentication (SECURITY RISK)")); 458 printf(" %s\n", _("Password for authentication (SECURITY RISK)"));
368 printf (" %s\n", "-n, --nas-id=STRING"); 459 printf(" %s\n", "-n, --nas-id=STRING");
369 printf (" %s\n", _("NAS identifier")); 460 printf(" %s\n", _("NAS identifier"));
370 printf (" %s\n", "-N, --nas-ip-address=STRING"); 461 printf(" %s\n", "-N, --nas-ip-address=STRING");
371 printf (" %s\n", _("NAS IP Address")); 462 printf(" %s\n", _("NAS IP Address"));
372 printf (" %s\n", "-F, --filename=STRING"); 463 printf(" %s\n", "-F, --filename=STRING");
373 printf (" %s\n", _("Configuration file")); 464 printf(" %s\n", _("Configuration file"));
374 printf (" %s\n", "-e, --expect=STRING"); 465 printf(" %s\n", "-e, --expect=STRING");
375 printf (" %s\n", _("Response string to expect from the server")); 466 printf(" %s\n", _("Response string to expect from the server"));
376 printf (" %s\n", "-r, --retries=INTEGER"); 467 printf(" %s\n", "-r, --retries=INTEGER");
377 printf (" %s\n", _("Number of times to retry a failed connection")); 468 printf(" %s\n", _("Number of times to retry a failed connection"));
378 469 printf(UT_OUTPUT_FORMAT);
379 printf (UT_CONN_TIMEOUT, timeout_interval); 470
380 471 printf(UT_CONN_TIMEOUT, timeout_interval);
381 printf ("\n"); 472
382 printf ("%s\n", _("This plugin tests a RADIUS server to see if it is accepting connections.")); 473 printf("\n");
383 printf ("%s\n", _("The server to test must be specified in the invocation, as well as a user")); 474 printf("%s\n", _("This plugin tests a RADIUS server to see if it is accepting connections."));
384 printf ("%s\n", _("name and password. A configuration file must be present. The format of")); 475 printf("%s\n", _("The server to test must be specified in the invocation, as well as a user"));
385 printf ("%s\n", _("the configuration file is described in the radiusclient library sources.")); 476 printf("%s\n", _("name and password. A configuration file must be present. The format of"));
386 printf ("%s\n", _("The password option presents a substantial security issue because the")); 477 printf("%s\n", _("the configuration file is described in the radiusclient library sources."));
387 printf ("%s\n", _("password can possibly be determined by careful watching of the command line")); 478 printf("%s\n", _("The password option presents a substantial security issue because the"));
388 printf ("%s\n", _("in a process listing. This risk is exacerbated because the plugin will")); 479 printf("%s\n",
389 printf ("%s\n", _("typically be executed at regular predictable intervals. Please be sure that")); 480 _("password can possibly be determined by careful watching of the command line"));
390 printf ("%s\n", _("the password used does not allow access to sensitive system resources.")); 481 printf("%s\n", _("in a process listing. This risk is exacerbated because the plugin will"));
391 482 printf("%s\n",
392 printf (UT_SUPPORT); 483 _("typically be executed at regular predictable intervals. Please be sure that"));
484 printf("%s\n", _("the password used does not allow access to sensitive system resources."));
485
486 printf(UT_SUPPORT);
393} 487}
394 488
395 489void print_usage(void) {
396 490 printf("%s\n", _("Usage:"));
397void 491 printf("%s -H host -F config_file -u username -p password\n\
398print_usage (void)
399{
400 printf ("%s\n", _("Usage:"));
401 printf ("%s -H host -F config_file -u username -p password\n\
402 [-P port] [-t timeout] [-r retries] [-e expect]\n\ 492 [-P port] [-t timeout] [-r retries] [-e expect]\n\
403 [-n nas-id] [-N nas-ip-addr]\n", progname); 493 [-n nas-id] [-N nas-ip-addr]\n",
494 progname);
404} 495}
405 496
406 497int my_rc_read_config(char *config_file_name, rc_handle **rch) {
407 498#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) || \
408int my_rc_read_config(char * a) 499 defined(HAVE_LIBRADCLI)
409{ 500 *rch = rc_read_config(config_file_name);
410#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) || defined(HAVE_LIBRADCLI)
411 rch = rc_read_config(a);
412 return (rch == NULL) ? 1 : 0; 501 return (rch == NULL) ? 1 : 0;
413#else 502#else
414 return rc_read_config(a); 503 return rc_read_config(config_file_name);
415#endif 504#endif
416} 505}