From 7a33e28e4e104c6121e6c209d504141f4a876015 Mon Sep 17 00:00:00 2001 From: Johannes Engel Date: Thu, 26 Dec 2013 20:13:26 +0100 Subject: Introduce support for SNMPv3 context in check_snmp snmpget already supports using SNMPv3 contexts using the option "-n". Thus all we need to do is introduce a new argument to check_snmp and pass the argument on to snmpget using snmpget's option "-n". Since "-n" is already in use for check_snmp for a different purpose, we use "-N" instead. --- plugins/check_snmp.c | 42 +++++++++++++++++++++++++++++++----------- 1 file changed, 31 insertions(+), 11 deletions(-) diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c index ba5b1d37..9d966faa 100644 --- a/plugins/check_snmp.c +++ b/plugins/check_snmp.c @@ -104,6 +104,8 @@ int errcode, excode; char *server_address = NULL; char *community = NULL; +char **contextargs = NULL; +char *context = NULL; char **authpriv = NULL; char *proto = NULL; char *seclevel = NULL; @@ -128,6 +130,7 @@ size_t nunits = 0; size_t unitv_size = OID_COUNT_STEP; int numoids = 0; int numauthpriv = 0; +int numcontext = 0; int verbose = 0; int usesnmpgetnext = FALSE; char *warning_thresholds = NULL; @@ -297,8 +300,8 @@ main (int argc, char **argv) snmpcmd = strdup (PATH_TO_SNMPGET); } - /* 10 arguments to pass before authpriv options + 1 for host and numoids. Add one for terminating NULL */ - command_line = calloc (10 + numauthpriv + 1 + numoids + 1, sizeof (char *)); + /* 10 arguments to pass before context and authpriv options + 1 for host and numoids. Add one for terminating NULL */ + command_line = calloc (10 + numcontext + numauthpriv + 1 + numoids + 1, sizeof (char *)); command_line[0] = snmpcmd; command_line[1] = strdup ("-Le"); command_line[2] = strdup ("-t"); @@ -310,23 +313,27 @@ main (int argc, char **argv) command_line[8] = "-v"; command_line[9] = strdup (proto); + for (i = 0; i < numcontext; i++) { + command_line[10 + i] = contextargs[i]; + } + for (i = 0; i < numauthpriv; i++) { - command_line[10 + i] = authpriv[i]; + command_line[10 + numcontext + i] = authpriv[i]; } - xasprintf (&command_line[10 + numauthpriv], "%s:%s", server_address, port); + xasprintf (&command_line[10 + numcontext + numauthpriv], "%s:%s", server_address, port); /* This is just for display purposes, so it can remain a string */ - xasprintf(&cl_hidden_auth, "%s -Le -t %d -r %d -m %s -v %s %s %s:%s", - snmpcmd, timeout_interval, retries, strlen(miblist) ? miblist : "''", proto, "[authpriv]", + xasprintf(&cl_hidden_auth, "%s -Le -t %d -r %d -m %s -v %s %s %s %s:%s", + snmpcmd, timeout_interval, retries, strlen(miblist) ? miblist : "''", proto, "[context]", "[authpriv]", server_address, port); for (i = 0; i < numoids; i++) { - command_line[10 + numauthpriv + 1 + i] = oids[i]; + command_line[10 + numcontext + numauthpriv + 1 + i] = oids[i]; xasprintf(&cl_hidden_auth, "%s %s", cl_hidden_auth, oids[i]); } - command_line[10 + numauthpriv + 1 + numoids] = NULL; + command_line[10 + numcontext + numauthpriv + 1 + numoids] = NULL; if (verbose) printf ("%s\n", cl_hidden_auth); @@ -658,6 +665,7 @@ process_arguments (int argc, char **argv) {"retries", required_argument, 0, 'e'}, {"miblist", required_argument, 0, 'm'}, {"protocol", required_argument, 0, 'P'}, + {"context", required_argument, 0, 'N'}, {"seclevel", required_argument, 0, 'L'}, {"secname", required_argument, 0, 'U'}, {"authproto", required_argument, 0, 'a'}, @@ -687,7 +695,7 @@ process_arguments (int argc, char **argv) } while (1) { - c = getopt_long (argc, argv, "nhvVOt:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:L:U:a:x:A:X:", + c = getopt_long (argc, argv, "nhvVOt:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:", longopts, &option); if (c == -1 || c == EOF) @@ -725,6 +733,9 @@ process_arguments (int argc, char **argv) case 'P': /* SNMP protocol version */ proto = optarg; break; + case 'N': /* SNMPv3 context */ + context = optarg; + break; case 'L': /* security level */ seclevel = optarg; break; @@ -972,6 +983,13 @@ validate_arguments () authpriv[1] = strdup (community); } else if ( strcmp (proto, "3") == 0 ) { /* snmpv3 args */ + if (!(context == NULL)) { + numcontext = 2; + contextargs = calloc (numcontext, sizeof (char *)); + contextargs[0] = strdup ("-n"); + contextargs[1] = strdup (context); + } + if (seclevel == NULL) xasprintf(&seclevel, "noAuthNoPriv"); @@ -1115,6 +1133,8 @@ print_help (void) printf (" %s\n", _("Use SNMP GETNEXT instead of SNMP GET")); printf (" %s\n", "-P, --protocol=[1|2c|3]"); printf (" %s\n", _("SNMP protocol version")); + printf (" %s\n", "-N, --context=CONTEXT"); + printf (" %s\n", _("SNMPv3 context")); printf (" %s\n", "-L, --seclevel=[noAuthNoPriv|authNoPriv|authPriv]"); printf (" %s\n", _("SNMPv3 securityLevel")); printf (" %s\n", "-a, --authproto=[MD5|SHA]"); @@ -1222,6 +1242,6 @@ print_usage (void) printf ("%s -H -o [-w warn_range] [-c crit_range]\n",progname); printf ("[-C community] [-s string] [-r regex] [-R regexi] [-t timeout] [-e retries]\n"); printf ("[-l label] [-u units] [-p port-number] [-d delimiter] [-D output-delimiter]\n"); - printf ("[-m miblist] [-P snmp version] [-L seclevel] [-U secname] [-a authproto]\n"); - printf ("[-A authpasswd] [-x privproto] [-X privpasswd]\n"); + printf ("[-m miblist] [-P snmp version] [-N context] [-L seclevel] [-U secname]\n"); + printf ("[-a authproto] [-A authpasswd] [-x privproto] [-X privpasswd]\n"); } -- cgit v1.2.3-74-g34f1