From 590c190bd88d5907b9e649fc45f8d8997227c4c4 Mon Sep 17 00:00:00 2001
From: Lorenz Kästle <12514511+RincewindsHat@users.noreply.github.com>
Date: Tue, 11 Mar 2025 11:15:45 +0100
Subject: check_ldap: clang-format
---
plugins/check_ldap.c | 460 +++++++++++++++++++++++++--------------------------
1 file changed, 223 insertions(+), 237 deletions(-)
(limited to 'plugins/check_ldap.c')
diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c
index 87818da6..fc8eccec 100644
--- a/plugins/check_ldap.c
+++ b/plugins/check_ldap.c
@@ -1,30 +1,30 @@
/*****************************************************************************
-*
-* Monitoring check_ldap plugin
-*
-* License: GPL
-* Copyright (c) 2000-2024 Monitoring Plugins Development Team
-*
-* Description:
-*
-* This file contains the check_ldap plugin
-*
-*
-* This program is free software: you can redistribute it and/or modify
-* it under the terms of the GNU General Public License as published by
-* the Free Software Foundation, either version 3 of the License, or
-* (at your option) any later version.
-*
-* This program is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU General Public License for more details.
-*
-* You should have received a copy of the GNU General Public License
-* along with this program. If not, see .
-*
-*
-*****************************************************************************/
+ *
+ * Monitoring check_ldap plugin
+ *
+ * License: GPL
+ * Copyright (c) 2000-2024 Monitoring Plugins Development Team
+ *
+ * Description:
+ *
+ * This file contains the check_ldap plugin
+ *
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ *
+ *
+ *****************************************************************************/
/* progname may be check_ldaps */
char *progname = "check_ldap";
@@ -47,10 +47,10 @@ enum {
DEFAULT_PORT = 389
};
-static int process_arguments (int, char **);
-static int validate_arguments (void);
-static void print_help (void);
-void print_usage (void);
+static int process_arguments(int, char **);
+static int validate_arguments(void);
+static void print_help(void);
+void print_usage(void);
static char ld_defattr[] = "(objectclass=*)";
static char *ld_attr = ld_defattr;
@@ -63,14 +63,14 @@ static int ld_port = -1;
static int ld_protocol = DEFAULT_PROTOCOL;
#endif
#ifndef LDAP_OPT_SUCCESS
-# define LDAP_OPT_SUCCESS LDAP_SUCCESS
+# define LDAP_OPT_SUCCESS LDAP_SUCCESS
#endif
static double warn_time = UNDEFINED;
static double crit_time = UNDEFINED;
static thresholds *entries_thresholds = NULL;
static struct timeval tv;
-static char* warn_entries = NULL;
-static char* crit_entries = NULL;
+static char *warn_entries = NULL;
+static char *crit_entries = NULL;
static bool starttls = false;
static bool ssl_on_connect = false;
static bool verbose = false;
@@ -79,9 +79,7 @@ static bool verbose = false;
static char *SERVICE = "LDAP";
-int
-main (int argc, char *argv[])
-{
+int main(int argc, char *argv[]) {
LDAP *ld;
LDAPMessage *result;
@@ -95,145 +93,147 @@ main (int argc, char *argv[])
/* for ldap tls */
int tls;
- int version=3;
+ int version = 3;
int status_entries = STATE_OK;
int num_entries = 0;
- setlocale (LC_ALL, "");
- bindtextdomain (PACKAGE, LOCALEDIR);
- textdomain (PACKAGE);
+ setlocale(LC_ALL, "");
+ bindtextdomain(PACKAGE, LOCALEDIR);
+ textdomain(PACKAGE);
- if (strstr(argv[0],"check_ldaps")) {
- xasprintf (&progname, "check_ldaps");
- }
+ if (strstr(argv[0], "check_ldaps")) {
+ xasprintf(&progname, "check_ldaps");
+ }
/* Parse extra opts if any */
- argv=np_extra_opts (&argc, argv, progname);
+ argv = np_extra_opts(&argc, argv, progname);
- if (process_arguments (argc, argv) == ERROR)
- usage4 (_("Could not parse arguments"));
+ if (process_arguments(argc, argv) == ERROR) {
+ usage4(_("Could not parse arguments"));
+ }
- if (strstr(argv[0],"check_ldaps") && ! starttls && ! ssl_on_connect)
+ if (strstr(argv[0], "check_ldaps") && !starttls && !ssl_on_connect) {
starttls = true;
+ }
/* initialize alarm signal handling */
- signal (SIGALRM, socket_timeout_alarm_handler);
+ signal(SIGALRM, socket_timeout_alarm_handler);
/* set socket timeout */
- alarm (socket_timeout);
+ alarm(socket_timeout);
/* get the start time */
- gettimeofday (&tv, NULL);
+ gettimeofday(&tv, NULL);
/* initialize ldap */
#ifdef HAVE_LDAP_INIT
- if (!(ld = ldap_init (ld_host, ld_port))) {
- printf ("Could not connect to the server at port %i\n", ld_port);
+ if (!(ld = ldap_init(ld_host, ld_port))) {
+ printf("Could not connect to the server at port %i\n", ld_port);
return STATE_CRITICAL;
}
#else
- if (!(ld = ldap_open (ld_host, ld_port))) {
- if (verbose)
+ if (!(ld = ldap_open(ld_host, ld_port))) {
+ if (verbose) {
ldap_perror(ld, "ldap_open");
- printf (_("Could not connect to the server at port %i\n"), ld_port);
+ }
+ printf(_("Could not connect to the server at port %i\n"), ld_port);
return STATE_CRITICAL;
}
#endif /* HAVE_LDAP_INIT */
#ifdef HAVE_LDAP_SET_OPTION
/* set ldap options */
- if (ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &ld_protocol) !=
- LDAP_OPT_SUCCESS ) {
+ if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ld_protocol) != LDAP_OPT_SUCCESS) {
printf(_("Could not set protocol version %d\n"), ld_protocol);
return STATE_CRITICAL;
}
#endif
if (ld_port == LDAPS_PORT || ssl_on_connect) {
- xasprintf (&SERVICE, "LDAPS");
+ xasprintf(&SERVICE, "LDAPS");
#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS)
/* ldaps: set option tls */
tls = LDAP_OPT_X_TLS_HARD;
- if (ldap_set_option (ld, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS)
- {
- if (verbose)
+ if (ldap_set_option(ld, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS) {
+ if (verbose) {
ldap_perror(ld, "ldaps_option");
- printf (_("Could not init TLS at port %i!\n"), ld_port);
+ }
+ printf(_("Could not init TLS at port %i!\n"), ld_port);
return STATE_CRITICAL;
}
#else
- printf (_("TLS not supported by the libraries!\n"));
+ printf(_("TLS not supported by the libraries!\n"));
return STATE_CRITICAL;
#endif /* LDAP_OPT_X_TLS */
} else if (starttls) {
- xasprintf (&SERVICE, "LDAP-TLS");
+ xasprintf(&SERVICE, "LDAP-TLS");
#if defined(HAVE_LDAP_SET_OPTION) && defined(HAVE_LDAP_START_TLS_S)
/* ldap with startTLS: set option version */
- if (ldap_get_option(ld,LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS )
- {
- if (version < LDAP_VERSION3)
- {
+ if (ldap_get_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS) {
+ if (version < LDAP_VERSION3) {
version = LDAP_VERSION3;
ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
}
}
/* call start_tls */
- if (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS)
- {
- if (verbose)
+ if (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS) {
+ if (verbose) {
ldap_perror(ld, "ldap_start_tls");
- printf (_("Could not init startTLS at port %i!\n"), ld_port);
+ }
+ printf(_("Could not init startTLS at port %i!\n"), ld_port);
return STATE_CRITICAL;
}
#else
- printf (_("startTLS not supported by the library, needs LDAPv3!\n"));
+ printf(_("startTLS not supported by the library, needs LDAPv3!\n"));
return STATE_CRITICAL;
#endif /* HAVE_LDAP_START_TLS_S */
}
/* bind to the ldap server */
- if (ldap_bind_s (ld, ld_binddn, ld_passwd, LDAP_AUTH_SIMPLE) !=
- LDAP_SUCCESS) {
- if (verbose)
+ if (ldap_bind_s(ld, ld_binddn, ld_passwd, LDAP_AUTH_SIMPLE) != LDAP_SUCCESS) {
+ if (verbose) {
ldap_perror(ld, "ldap_bind");
- printf (_("Could not bind to the LDAP server\n"));
+ }
+ printf(_("Could not bind to the LDAP server\n"));
return STATE_CRITICAL;
}
/* do a search of all objectclasses in the base dn */
- if (ldap_search_s (ld, ld_base, (crit_entries!=NULL || warn_entries!=NULL) ? LDAP_SCOPE_SUBTREE : LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result)
- != LDAP_SUCCESS) {
- if (verbose)
+ if (ldap_search_s(ld, ld_base, (crit_entries != NULL || warn_entries != NULL) ? LDAP_SCOPE_SUBTREE : LDAP_SCOPE_BASE, ld_attr, NULL, 0,
+ &result) != LDAP_SUCCESS) {
+ if (verbose) {
ldap_perror(ld, "ldap_search");
- printf (_("Could not search/find objectclasses in %s\n"), ld_base);
+ }
+ printf(_("Could not search/find objectclasses in %s\n"), ld_base);
return STATE_CRITICAL;
- } else if (crit_entries!=NULL || warn_entries!=NULL) {
+ } else if (crit_entries != NULL || warn_entries != NULL) {
num_entries = ldap_count_entries(ld, result);
}
/* unbind from the ldap server */
- ldap_unbind (ld);
+ ldap_unbind(ld);
/* reset the alarm handler */
- alarm (0);
+ alarm(0);
/* calculate the elapsed time and compare to thresholds */
- microsec = deltime (tv);
+ microsec = deltime(tv);
elapsed_time = (double)microsec / 1.0e6;
- if (crit_time!=UNDEFINED && elapsed_time>crit_time)
+ if (crit_time != UNDEFINED && elapsed_time > crit_time) {
status = STATE_CRITICAL;
- else if (warn_time!=UNDEFINED && elapsed_time>warn_time)
+ } else if (warn_time != UNDEFINED && elapsed_time > warn_time) {
status = STATE_WARNING;
- else
+ } else {
status = STATE_OK;
+ }
- if(entries_thresholds != NULL) {
+ if (entries_thresholds != NULL) {
if (verbose) {
- printf ("entries found: %d\n", num_entries);
+ printf("entries found: %d\n", num_entries);
print_thresholds("entry thresholds", entries_thresholds);
}
status_entries = get_status(num_entries, entries_thresholds);
@@ -245,92 +245,78 @@ main (int argc, char *argv[])
}
/* print out the result */
- if (crit_entries!=NULL || warn_entries!=NULL) {
- printf (_("LDAP %s - found %d entries in %.3f seconds|%s %s\n"),
- state_text (status),
- num_entries,
- elapsed_time,
- fperfdata ("time", elapsed_time, "s",
- (int)warn_time, warn_time,
- (int)crit_time, crit_time,
- true, 0, false, 0),
- sperfdata ("entries", (double)num_entries, "",
- warn_entries,
- crit_entries,
- true, 0.0, false, 0.0));
+ if (crit_entries != NULL || warn_entries != NULL) {
+ printf(_("LDAP %s - found %d entries in %.3f seconds|%s %s\n"), state_text(status), num_entries, elapsed_time,
+ fperfdata("time", elapsed_time, "s", (int)warn_time, warn_time, (int)crit_time, crit_time, true, 0, false, 0),
+ sperfdata("entries", (double)num_entries, "", warn_entries, crit_entries, true, 0.0, false, 0.0));
} else {
- printf (_("LDAP %s - %.3f seconds response time|%s\n"),
- state_text (status),
- elapsed_time,
- fperfdata ("time", elapsed_time, "s",
- (int)warn_time, warn_time,
- (int)crit_time, crit_time,
- true, 0, false, 0));
+ printf(_("LDAP %s - %.3f seconds response time|%s\n"), state_text(status), elapsed_time,
+ fperfdata("time", elapsed_time, "s", (int)warn_time, warn_time, (int)crit_time, crit_time, true, 0, false, 0));
}
return status;
}
/* process command-line arguments */
-int
-process_arguments (int argc, char **argv)
-{
+int process_arguments(int argc, char **argv) {
int c;
int option = 0;
/* initialize the long option struct */
- static struct option longopts[] = {
- {"help", no_argument, 0, 'h'},
- {"version", no_argument, 0, 'V'},
- {"timeout", required_argument, 0, 't'},
- {"hostname", required_argument, 0, 'H'},
- {"base", required_argument, 0, 'b'},
- {"attr", required_argument, 0, 'a'},
- {"bind", required_argument, 0, 'D'},
- {"pass", required_argument, 0, 'P'},
+ static struct option longopts[] = {{"help", no_argument, 0, 'h'},
+ {"version", no_argument, 0, 'V'},
+ {"timeout", required_argument, 0, 't'},
+ {"hostname", required_argument, 0, 'H'},
+ {"base", required_argument, 0, 'b'},
+ {"attr", required_argument, 0, 'a'},
+ {"bind", required_argument, 0, 'D'},
+ {"pass", required_argument, 0, 'P'},
#ifdef HAVE_LDAP_SET_OPTION
- {"ver2", no_argument, 0, '2'},
- {"ver3", no_argument, 0, '3'},
+ {"ver2", no_argument, 0, '2'},
+ {"ver3", no_argument, 0, '3'},
#endif
- {"starttls", no_argument, 0, 'T'},
- {"ssl", no_argument, 0, 'S'},
- {"use-ipv4", no_argument, 0, '4'},
- {"use-ipv6", no_argument, 0, '6'},
- {"port", required_argument, 0, 'p'},
- {"warn", required_argument, 0, 'w'},
- {"crit", required_argument, 0, 'c'},
- {"warn-entries", required_argument, 0, 'W'},
- {"crit-entries", required_argument, 0, 'C'},
- {"verbose", no_argument, 0, 'v'},
- {0, 0, 0, 0}
- };
-
- if (argc < 2)
+ {"starttls", no_argument, 0, 'T'},
+ {"ssl", no_argument, 0, 'S'},
+ {"use-ipv4", no_argument, 0, '4'},
+ {"use-ipv6", no_argument, 0, '6'},
+ {"port", required_argument, 0, 'p'},
+ {"warn", required_argument, 0, 'w'},
+ {"crit", required_argument, 0, 'c'},
+ {"warn-entries", required_argument, 0, 'W'},
+ {"crit-entries", required_argument, 0, 'C'},
+ {"verbose", no_argument, 0, 'v'},
+ {0, 0, 0, 0}};
+
+ if (argc < 2) {
return ERROR;
+ }
for (c = 1; c < argc; c++) {
- if (strcmp ("-to", argv[c]) == 0)
- strcpy (argv[c], "-t");
+ if (strcmp("-to", argv[c]) == 0) {
+ strcpy(argv[c], "-t");
+ }
}
while (true) {
- c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:W:", longopts, &option);
+ c = getopt_long(argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:W:", longopts, &option);
- if (c == -1 || c == EOF)
+ if (c == -1 || c == EOF) {
break;
+ }
switch (c) {
- case 'h': /* help */
- print_help ();
- exit (STATE_UNKNOWN);
- case 'V': /* version */
- print_revision (progname, NP_VERSION);
- exit (STATE_UNKNOWN);
- case 't': /* timeout period */
- if (!is_intnonneg (optarg))
- usage2 (_("Timeout interval must be a positive integer"), optarg);
- else
- socket_timeout = atoi (optarg);
+ case 'h': /* help */
+ print_help();
+ exit(STATE_UNKNOWN);
+ case 'V': /* version */
+ print_revision(progname, NP_VERSION);
+ exit(STATE_UNKNOWN);
+ case 't': /* timeout period */
+ if (!is_intnonneg(optarg)) {
+ usage2(_("Timeout interval must be a positive integer"), optarg);
+ } else {
+ socket_timeout = atoi(optarg);
+ }
break;
case 'H':
ld_host = optarg;
@@ -339,7 +325,7 @@ process_arguments (int argc, char **argv)
ld_base = optarg;
break;
case 'p':
- ld_port = atoi (optarg);
+ ld_port = atoi(optarg);
break;
case 'a':
ld_attr = optarg;
@@ -351,10 +337,10 @@ process_arguments (int argc, char **argv)
ld_passwd = optarg;
break;
case 'w':
- warn_time = strtod (optarg, NULL);
+ warn_time = strtod(optarg, NULL);
break;
case 'c':
- crit_time = strtod (optarg, NULL);
+ crit_time = strtod(optarg, NULL);
break;
case 'W':
warn_entries = optarg;
@@ -377,141 +363,141 @@ process_arguments (int argc, char **argv)
verbose = true;
break;
case 'T':
- if (! ssl_on_connect)
+ if (!ssl_on_connect) {
starttls = true;
- else
+ } else {
usage_va(_("%s cannot be combined with %s"), "-T/--starttls", "-S/--ssl");
+ }
break;
case 'S':
- if (! starttls) {
+ if (!starttls) {
ssl_on_connect = true;
- if (ld_port == -1)
+ if (ld_port == -1) {
ld_port = LDAPS_PORT;
- } else
+ }
+ } else {
usage_va(_("%s cannot be combined with %s"), "-S/--ssl", "-T/--starttls");
+ }
break;
case '6':
#ifdef USE_IPV6
address_family = AF_INET6;
#else
- usage (_("IPv6 support not available\n"));
+ usage(_("IPv6 support not available\n"));
#endif
break;
default:
- usage5 ();
+ usage5();
}
}
c = optind;
- if (ld_host == NULL && is_host(argv[c]))
- ld_host = strdup (argv[c++]);
+ if (ld_host == NULL && is_host(argv[c])) {
+ ld_host = strdup(argv[c++]);
+ }
- if (ld_base == NULL && argv[c])
- ld_base = strdup (argv[c++]);
+ if (ld_base == NULL && argv[c]) {
+ ld_base = strdup(argv[c++]);
+ }
- if (ld_port == -1)
+ if (ld_port == -1) {
ld_port = DEFAULT_PORT;
+ }
- return validate_arguments ();
+ return validate_arguments();
}
+int validate_arguments() {
+ if (ld_host == NULL || strlen(ld_host) == 0) {
+ usage4(_("Please specify the host name\n"));
+ }
-int
-validate_arguments ()
-{
- if (ld_host==NULL || strlen(ld_host)==0)
- usage4 (_("Please specify the host name\n"));
-
- if (ld_base==NULL)
- usage4 (_("Please specify the LDAP base\n"));
+ if (ld_base == NULL) {
+ usage4(_("Please specify the LDAP base\n"));
+ }
- if (crit_entries!=NULL || warn_entries!=NULL) {
- set_thresholds(&entries_thresholds,
- warn_entries, crit_entries);
+ if (crit_entries != NULL || warn_entries != NULL) {
+ set_thresholds(&entries_thresholds, warn_entries, crit_entries);
}
- if (ld_passwd==NULL)
+ if (ld_passwd == NULL) {
ld_passwd = getenv("LDAP_PASSWORD");
+ }
return OK;
}
-
-void
-print_help (void)
-{
+void print_help(void) {
char *myport;
- xasprintf (&myport, "%d", DEFAULT_PORT);
+ xasprintf(&myport, "%d", DEFAULT_PORT);
- print_revision (progname, NP_VERSION);
+ print_revision(progname, NP_VERSION);
- printf ("Copyright (c) 1999 Didi Rieder (adrieder@sbox.tu-graz.ac.at)\n");
- printf (COPYRIGHT, copyright, email);
+ printf("Copyright (c) 1999 Didi Rieder (adrieder@sbox.tu-graz.ac.at)\n");
+ printf(COPYRIGHT, copyright, email);
- printf ("\n\n");
+ printf("\n\n");
- print_usage ();
+ print_usage();
- printf (UT_HELP_VRSN);
- printf (UT_EXTRA_OPTS);
+ printf(UT_HELP_VRSN);
+ printf(UT_EXTRA_OPTS);
- printf (UT_HOST_PORT, 'p', myport);
+ printf(UT_HOST_PORT, 'p', myport);
- printf (UT_IPv46);
+ printf(UT_IPv46);
- printf (" %s\n", "-a [--attr]");
- printf (" %s\n", _("ldap attribute to search (default: \"(objectclass=*)\""));
- printf (" %s\n", "-b [--base]");
- printf (" %s\n", _("ldap base (eg. ou=my unit, o=my org, c=at"));
- printf (" %s\n", "-D [--bind]");
- printf (" %s\n", _("ldap bind DN (if required)"));
- printf (" %s\n", "-P [--pass]");
- printf (" %s\n", _("ldap password (if required, or set the password through environment variable 'LDAP_PASSWORD')"));
- printf (" %s\n", "-T [--starttls]");
- printf (" %s\n", _("use starttls mechanism introduced in protocol version 3"));
- printf (" %s\n", "-S [--ssl]");
- printf (" %s %i\n", _("use ldaps (ldap v2 ssl method). this also sets the default port to"), LDAPS_PORT);
+ printf(" %s\n", "-a [--attr]");
+ printf(" %s\n", _("ldap attribute to search (default: \"(objectclass=*)\""));
+ printf(" %s\n", "-b [--base]");
+ printf(" %s\n", _("ldap base (eg. ou=my unit, o=my org, c=at"));
+ printf(" %s\n", "-D [--bind]");
+ printf(" %s\n", _("ldap bind DN (if required)"));
+ printf(" %s\n", "-P [--pass]");
+ printf(" %s\n", _("ldap password (if required, or set the password through environment variable 'LDAP_PASSWORD')"));
+ printf(" %s\n", "-T [--starttls]");
+ printf(" %s\n", _("use starttls mechanism introduced in protocol version 3"));
+ printf(" %s\n", "-S [--ssl]");
+ printf(" %s %i\n", _("use ldaps (ldap v2 ssl method). this also sets the default port to"), LDAPS_PORT);
#ifdef HAVE_LDAP_SET_OPTION
- printf (" %s\n", "-2 [--ver2]");
- printf (" %s\n", _("use ldap protocol version 2"));
- printf (" %s\n", "-3 [--ver3]");
- printf (" %s\n", _("use ldap protocol version 3"));
- printf (" (%s %d)\n", _("default protocol version:"), DEFAULT_PROTOCOL);
+ printf(" %s\n", "-2 [--ver2]");
+ printf(" %s\n", _("use ldap protocol version 2"));
+ printf(" %s\n", "-3 [--ver3]");
+ printf(" %s\n", _("use ldap protocol version 3"));
+ printf(" (%s %d)\n", _("default protocol version:"), DEFAULT_PROTOCOL);
#endif
- printf (UT_WARN_CRIT);
+ printf(UT_WARN_CRIT);
- printf (" %s\n", "-W [--warn-entries]");
- printf (" %s\n", _("Number of found entries to result in warning status"));
- printf (" %s\n", "-C [--crit-entries]");
- printf (" %s\n", _("Number of found entries to result in critical status"));
+ printf(" %s\n", "-W [--warn-entries]");
+ printf(" %s\n", _("Number of found entries to result in warning status"));
+ printf(" %s\n", "-C [--crit-entries]");
+ printf(" %s\n", _("Number of found entries to result in critical status"));
- printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
+ printf(UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
- printf (UT_VERBOSE);
+ printf(UT_VERBOSE);
- printf ("\n");
- printf ("%s\n", _("Notes:"));
- printf (" %s\n", _("If this plugin is called via 'check_ldaps', method 'STARTTLS' will be"));
- printf (_(" implied (using default port %i) unless --port=636 is specified. In that case\n"), DEFAULT_PORT);
- printf (" %s\n", _("'SSL on connect' will be used no matter how the plugin was called."));
- printf (" %s\n", _("This detection is deprecated, please use 'check_ldap' with the '--starttls' or '--ssl' flags"));
- printf (" %s\n", _("to define the behaviour explicitly instead."));
- printf (" %s\n", _("The parameters --warn-entries and --crit-entries are optional."));
+ printf("\n");
+ printf("%s\n", _("Notes:"));
+ printf(" %s\n", _("If this plugin is called via 'check_ldaps', method 'STARTTLS' will be"));
+ printf(_(" implied (using default port %i) unless --port=636 is specified. In that case\n"), DEFAULT_PORT);
+ printf(" %s\n", _("'SSL on connect' will be used no matter how the plugin was called."));
+ printf(" %s\n", _("This detection is deprecated, please use 'check_ldap' with the '--starttls' or '--ssl' flags"));
+ printf(" %s\n", _("to define the behaviour explicitly instead."));
+ printf(" %s\n", _("The parameters --warn-entries and --crit-entries are optional."));
- printf (UT_SUPPORT);
+ printf(UT_SUPPORT);
}
-void
-print_usage (void)
-{
- printf ("%s\n", _("Usage:"));
- printf (" %s -H -b [-p ] [-a ] [-D ]",progname);
- printf ("\n [-P ] [-w ] [-c ] [-t timeout]%s\n",
+void print_usage(void) {
+ printf("%s\n", _("Usage:"));
+ printf(" %s -H -b [-p ] [-a ] [-D ]", progname);
+ printf("\n [-P ] [-w ] [-c ] [-t timeout]%s\n",
#ifdef HAVE_LDAP_SET_OPTION
- "\n [-2|-3] [-4|-6]"
+ "\n [-2|-3] [-4|-6]"
#else
- ""
+ ""
#endif
- );
+ );
}
--
cgit v1.2.3-74-g34f1
From 7a518f99a57a6ee169cedd062e4e2e1e7c3fc2d2 Mon Sep 17 00:00:00 2001
From: Lorenz Kästle <12514511+RincewindsHat@users.noreply.github.com>
Date: Tue, 11 Mar 2025 12:12:32 +0100
Subject: Refactor check_ldap
---
plugins/Makefile.am | 1 +
plugins/check_ldap.c | 262 ++++++++++++++++++++----------------------
plugins/check_ldap.d/config.h | 61 ++++++++++
3 files changed, 184 insertions(+), 140 deletions(-)
create mode 100644 plugins/check_ldap.d/config.h
(limited to 'plugins/check_ldap.c')
diff --git a/plugins/Makefile.am b/plugins/Makefile.am
index be650089..9f7266ad 100644
--- a/plugins/Makefile.am
+++ b/plugins/Makefile.am
@@ -50,6 +50,7 @@ EXTRA_DIST = t \
tests \
$(np_test_scripts) \
check_swap.d \
+ check_ldap.d \
check_game.d \
check_dbi.d \
check_ssh.d \
diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c
index fc8eccec..597644bd 100644
--- a/plugins/check_ldap.c
+++ b/plugins/check_ldap.c
@@ -34,70 +34,33 @@ const char *email = "devel@monitoring-plugins.org";
#include "common.h"
#include "netutils.h"
#include "utils.h"
+#include "check_ldap.d/config.h"
+#include "states.h"
#include
#define LDAP_DEPRECATED 1
#include
enum {
- UNDEFINED = 0,
-#ifdef HAVE_LDAP_SET_OPTION
- DEFAULT_PROTOCOL = 2,
-#endif
DEFAULT_PORT = 389
};
-static int process_arguments(int, char **);
-static int validate_arguments(void);
+typedef struct {
+ int errorcode;
+ check_ldap_config config;
+} check_ldap_config_wrapper;
+static check_ldap_config_wrapper process_arguments(int /*argc*/, char ** /*argv*/);
+static check_ldap_config_wrapper validate_arguments(check_ldap_config_wrapper /*config_wrapper*/);
+
static void print_help(void);
void print_usage(void);
-static char ld_defattr[] = "(objectclass=*)";
-static char *ld_attr = ld_defattr;
-static char *ld_host = NULL;
-static char *ld_base = NULL;
-static char *ld_passwd = NULL;
-static char *ld_binddn = NULL;
-static int ld_port = -1;
-#ifdef HAVE_LDAP_SET_OPTION
-static int ld_protocol = DEFAULT_PROTOCOL;
-#endif
#ifndef LDAP_OPT_SUCCESS
# define LDAP_OPT_SUCCESS LDAP_SUCCESS
#endif
-static double warn_time = UNDEFINED;
-static double crit_time = UNDEFINED;
-static thresholds *entries_thresholds = NULL;
-static struct timeval tv;
-static char *warn_entries = NULL;
-static char *crit_entries = NULL;
-static bool starttls = false;
-static bool ssl_on_connect = false;
-static bool verbose = false;
-
-/* for ldap tls */
-
-static char *SERVICE = "LDAP";
+static int verbose = 0;
int main(int argc, char *argv[]) {
-
- LDAP *ld;
- LDAPMessage *result;
-
- /* should be int result = STATE_UNKNOWN; */
-
- int status = STATE_UNKNOWN;
- long microsec;
- double elapsed_time;
-
- /* for ldap tls */
-
- int tls;
- int version = 3;
-
- int status_entries = STATE_OK;
- int num_entries = 0;
-
setlocale(LC_ALL, "");
bindtextdomain(PACKAGE, LOCALEDIR);
textdomain(PACKAGE);
@@ -109,13 +72,12 @@ int main(int argc, char *argv[]) {
/* Parse extra opts if any */
argv = np_extra_opts(&argc, argv, progname);
- if (process_arguments(argc, argv) == ERROR) {
+ check_ldap_config_wrapper tmp_config = process_arguments(argc, argv);
+ if (tmp_config.errorcode == ERROR) {
usage4(_("Could not parse arguments"));
}
- if (strstr(argv[0], "check_ldaps") && !starttls && !ssl_on_connect) {
- starttls = true;
- }
+ const check_ldap_config config = tmp_config.config;
/* initialize alarm signal handling */
signal(SIGALRM, socket_timeout_alarm_handler);
@@ -124,65 +86,67 @@ int main(int argc, char *argv[]) {
alarm(socket_timeout);
/* get the start time */
- gettimeofday(&tv, NULL);
+ struct timeval start_time;
+ gettimeofday(&start_time, NULL);
+ LDAP *ldap_connection;
/* initialize ldap */
#ifdef HAVE_LDAP_INIT
- if (!(ld = ldap_init(ld_host, ld_port))) {
- printf("Could not connect to the server at port %i\n", ld_port);
+ if (!(ldap_connection = ldap_init(config.ld_host, config.ld_port))) {
+ printf("Could not connect to the server at port %i\n", config.ld_port);
return STATE_CRITICAL;
}
#else
- if (!(ld = ldap_open(ld_host, ld_port))) {
+ if (!(ld = ldap_open(config.ld_host, config.ld_port))) {
if (verbose) {
- ldap_perror(ld, "ldap_open");
+ ldap_perror(ldap_connection, "ldap_open");
}
- printf(_("Could not connect to the server at port %i\n"), ld_port);
+ printf(_("Could not connect to the server at port %i\n"), config.ld_port);
return STATE_CRITICAL;
}
#endif /* HAVE_LDAP_INIT */
#ifdef HAVE_LDAP_SET_OPTION
/* set ldap options */
- if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &ld_protocol) != LDAP_OPT_SUCCESS) {
- printf(_("Could not set protocol version %d\n"), ld_protocol);
+ if (ldap_set_option(ldap_connection, LDAP_OPT_PROTOCOL_VERSION, &config.ld_protocol) != LDAP_OPT_SUCCESS) {
+ printf(_("Could not set protocol version %d\n"), config.ld_protocol);
return STATE_CRITICAL;
}
#endif
- if (ld_port == LDAPS_PORT || ssl_on_connect) {
- xasprintf(&SERVICE, "LDAPS");
+ int version = 3;
+ int tls;
+ if (config.ld_port == LDAPS_PORT || config.ssl_on_connect) {
#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS)
/* ldaps: set option tls */
tls = LDAP_OPT_X_TLS_HARD;
- if (ldap_set_option(ld, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS) {
+ if (ldap_set_option(ldap_connection, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS) {
if (verbose) {
- ldap_perror(ld, "ldaps_option");
+ ldap_perror(ldap_connection, "ldaps_option");
}
- printf(_("Could not init TLS at port %i!\n"), ld_port);
+ printf(_("Could not init TLS at port %i!\n"), config.ld_port);
return STATE_CRITICAL;
}
#else
printf(_("TLS not supported by the libraries!\n"));
return STATE_CRITICAL;
#endif /* LDAP_OPT_X_TLS */
- } else if (starttls) {
- xasprintf(&SERVICE, "LDAP-TLS");
+ } else if (config.starttls) {
#if defined(HAVE_LDAP_SET_OPTION) && defined(HAVE_LDAP_START_TLS_S)
/* ldap with startTLS: set option version */
- if (ldap_get_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS) {
+ if (ldap_get_option(ldap_connection, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS) {
if (version < LDAP_VERSION3) {
version = LDAP_VERSION3;
- ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
+ ldap_set_option(ldap_connection, LDAP_OPT_PROTOCOL_VERSION, &version);
}
}
/* call start_tls */
- if (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS) {
+ if (ldap_start_tls_s(ldap_connection, NULL, NULL) != LDAP_SUCCESS) {
if (verbose) {
- ldap_perror(ld, "ldap_start_tls");
+ ldap_perror(ldap_connection, "ldap_start_tls");
}
- printf(_("Could not init startTLS at port %i!\n"), ld_port);
+ printf(_("Could not init startTLS at port %i!\n"), config.ld_port);
return STATE_CRITICAL;
}
#else
@@ -192,51 +156,56 @@ int main(int argc, char *argv[]) {
}
/* bind to the ldap server */
- if (ldap_bind_s(ld, ld_binddn, ld_passwd, LDAP_AUTH_SIMPLE) != LDAP_SUCCESS) {
+ if (ldap_bind_s(ldap_connection, config.ld_binddn, config.ld_passwd, LDAP_AUTH_SIMPLE) != LDAP_SUCCESS) {
if (verbose) {
- ldap_perror(ld, "ldap_bind");
+ ldap_perror(ldap_connection, "ldap_bind");
}
printf(_("Could not bind to the LDAP server\n"));
return STATE_CRITICAL;
}
+ LDAPMessage *result;
+ int num_entries = 0;
/* do a search of all objectclasses in the base dn */
- if (ldap_search_s(ld, ld_base, (crit_entries != NULL || warn_entries != NULL) ? LDAP_SCOPE_SUBTREE : LDAP_SCOPE_BASE, ld_attr, NULL, 0,
- &result) != LDAP_SUCCESS) {
+ if (ldap_search_s(ldap_connection, config.ld_base,
+ (config.crit_entries != NULL || config.warn_entries != NULL) ? LDAP_SCOPE_SUBTREE : LDAP_SCOPE_BASE, config.ld_attr,
+ NULL, 0, &result) != LDAP_SUCCESS) {
if (verbose) {
- ldap_perror(ld, "ldap_search");
+ ldap_perror(ldap_connection, "ldap_search");
}
- printf(_("Could not search/find objectclasses in %s\n"), ld_base);
+ printf(_("Could not search/find objectclasses in %s\n"), config.ld_base);
return STATE_CRITICAL;
- } else if (crit_entries != NULL || warn_entries != NULL) {
- num_entries = ldap_count_entries(ld, result);
+ }
+
+ if (config.crit_entries != NULL || config.warn_entries != NULL) {
+ num_entries = ldap_count_entries(ldap_connection, result);
}
/* unbind from the ldap server */
- ldap_unbind(ld);
+ ldap_unbind(ldap_connection);
/* reset the alarm handler */
alarm(0);
/* calculate the elapsed time and compare to thresholds */
- microsec = deltime(tv);
- elapsed_time = (double)microsec / 1.0e6;
-
- if (crit_time != UNDEFINED && elapsed_time > crit_time) {
+ long microsec = deltime(start_time);
+ double elapsed_time = (double)microsec / 1.0e6;
+ mp_state_enum status = STATE_UNKNOWN;
+ if (config.crit_time_set && elapsed_time > config.crit_time) {
status = STATE_CRITICAL;
- } else if (warn_time != UNDEFINED && elapsed_time > warn_time) {
+ } else if (config.warn_time_set && elapsed_time > config.warn_time) {
status = STATE_WARNING;
} else {
status = STATE_OK;
}
- if (entries_thresholds != NULL) {
+ if (config.entries_thresholds != NULL) {
if (verbose) {
printf("entries found: %d\n", num_entries);
- print_thresholds("entry thresholds", entries_thresholds);
+ print_thresholds("entry thresholds", config.entries_thresholds);
}
- status_entries = get_status(num_entries, entries_thresholds);
+ mp_state_enum status_entries = get_status(num_entries, config.entries_thresholds);
if (status_entries == STATE_CRITICAL) {
status = STATE_CRITICAL;
} else if (status != STATE_CRITICAL) {
@@ -245,23 +214,22 @@ int main(int argc, char *argv[]) {
}
/* print out the result */
- if (crit_entries != NULL || warn_entries != NULL) {
+ if (config.crit_entries != NULL || config.warn_entries != NULL) {
printf(_("LDAP %s - found %d entries in %.3f seconds|%s %s\n"), state_text(status), num_entries, elapsed_time,
- fperfdata("time", elapsed_time, "s", (int)warn_time, warn_time, (int)crit_time, crit_time, true, 0, false, 0),
- sperfdata("entries", (double)num_entries, "", warn_entries, crit_entries, true, 0.0, false, 0.0));
+ fperfdata("time", elapsed_time, "s", config.warn_time_set, config.warn_time, config.crit_time_set, config.crit_time, true, 0,
+ false, 0),
+ sperfdata("entries", (double)num_entries, "", config.warn_entries, config.crit_entries, true, 0.0, false, 0.0));
} else {
printf(_("LDAP %s - %.3f seconds response time|%s\n"), state_text(status), elapsed_time,
- fperfdata("time", elapsed_time, "s", (int)warn_time, warn_time, (int)crit_time, crit_time, true, 0, false, 0));
+ fperfdata("time", elapsed_time, "s", config.warn_time_set, config.warn_time, config.crit_time_set, config.crit_time, true, 0,
+ false, 0));
}
- return status;
+ exit(status);
}
/* process command-line arguments */
-int process_arguments(int argc, char **argv) {
- int c;
-
- int option = 0;
+check_ldap_config_wrapper process_arguments(int argc, char **argv) {
/* initialize the long option struct */
static struct option longopts[] = {{"help", no_argument, 0, 'h'},
{"version", no_argument, 0, 'V'},
@@ -287,24 +255,31 @@ int process_arguments(int argc, char **argv) {
{"verbose", no_argument, 0, 'v'},
{0, 0, 0, 0}};
+ check_ldap_config_wrapper result = {
+ .errorcode = OK,
+ .config = check_ldap_config_init(),
+ };
+
if (argc < 2) {
- return ERROR;
+ result.errorcode = ERROR;
+ return result;
}
- for (c = 1; c < argc; c++) {
- if (strcmp("-to", argv[c]) == 0) {
- strcpy(argv[c], "-t");
+ for (int index = 1; index < argc; index++) {
+ if (strcmp("-to", argv[index]) == 0) {
+ strcpy(argv[index], "-t");
}
}
+ int option = 0;
while (true) {
- c = getopt_long(argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:W:", longopts, &option);
+ int option_index = getopt_long(argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:W:", longopts, &option);
- if (c == -1 || c == EOF) {
+ if (option_index == -1 || option_index == EOF) {
break;
}
- switch (c) {
+ switch (option_index) {
case 'h': /* help */
print_help();
exit(STATE_UNKNOWN);
@@ -319,61 +294,63 @@ int process_arguments(int argc, char **argv) {
}
break;
case 'H':
- ld_host = optarg;
+ result.config.ld_host = optarg;
break;
case 'b':
- ld_base = optarg;
+ result.config.ld_base = optarg;
break;
case 'p':
- ld_port = atoi(optarg);
+ result.config.ld_port = atoi(optarg);
break;
case 'a':
- ld_attr = optarg;
+ result.config.ld_attr = optarg;
break;
case 'D':
- ld_binddn = optarg;
+ result.config.ld_binddn = optarg;
break;
case 'P':
- ld_passwd = optarg;
+ result.config.ld_passwd = optarg;
break;
case 'w':
- warn_time = strtod(optarg, NULL);
+ result.config.warn_time_set = true;
+ result.config.warn_time = strtod(optarg, NULL);
break;
case 'c':
- crit_time = strtod(optarg, NULL);
+ result.config.crit_time_set = true;
+ result.config.crit_time = strtod(optarg, NULL);
break;
case 'W':
- warn_entries = optarg;
+ result.config.warn_entries = optarg;
break;
case 'C':
- crit_entries = optarg;
+ result.config.crit_entries = optarg;
break;
#ifdef HAVE_LDAP_SET_OPTION
case '2':
- ld_protocol = 2;
+ result.config.ld_protocol = 2;
break;
case '3':
- ld_protocol = 3;
+ result.config.ld_protocol = 3;
break;
-#endif
+#endif // HAVE_LDAP_SET_OPTION
case '4':
address_family = AF_INET;
break;
case 'v':
- verbose = true;
+ verbose++;
break;
case 'T':
- if (!ssl_on_connect) {
- starttls = true;
+ if (!result.config.ssl_on_connect) {
+ result.config.starttls = true;
} else {
usage_va(_("%s cannot be combined with %s"), "-T/--starttls", "-S/--ssl");
}
break;
case 'S':
- if (!starttls) {
- ssl_on_connect = true;
- if (ld_port == -1) {
- ld_port = LDAPS_PORT;
+ if (!result.config.starttls) {
+ result.config.ssl_on_connect = true;
+ if (result.config.ld_port == -1) {
+ result.config.ld_port = LDAPS_PORT;
}
} else {
usage_va(_("%s cannot be combined with %s"), "-S/--ssl", "-T/--starttls");
@@ -391,39 +368,44 @@ int process_arguments(int argc, char **argv) {
}
}
- c = optind;
- if (ld_host == NULL && is_host(argv[c])) {
- ld_host = strdup(argv[c++]);
+ int index = optind;
+ if ((result.config.ld_host == NULL) && is_host(argv[index])) {
+ result.config.ld_host = strdup(argv[index++]);
+ }
+
+ if ((result.config.ld_base == NULL) && argv[index]) {
+ result.config.ld_base = strdup(argv[index++]);
}
- if (ld_base == NULL && argv[c]) {
- ld_base = strdup(argv[c++]);
+ if (result.config.ld_port == -1) {
+ result.config.ld_port = DEFAULT_PORT;
}
- if (ld_port == -1) {
- ld_port = DEFAULT_PORT;
+ if (strstr(argv[0], "check_ldaps") && !result.config.starttls && !result.config.ssl_on_connect) {
+ result.config.starttls = true;
}
- return validate_arguments();
+ return validate_arguments(result);
}
-int validate_arguments() {
- if (ld_host == NULL || strlen(ld_host) == 0) {
+check_ldap_config_wrapper validate_arguments(check_ldap_config_wrapper config_wrapper) {
+ if (config_wrapper.config.ld_host == NULL || strlen(config_wrapper.config.ld_host) == 0) {
usage4(_("Please specify the host name\n"));
}
- if (ld_base == NULL) {
+ if (config_wrapper.config.ld_base == NULL) {
usage4(_("Please specify the LDAP base\n"));
}
- if (crit_entries != NULL || warn_entries != NULL) {
- set_thresholds(&entries_thresholds, warn_entries, crit_entries);
+ if (config_wrapper.config.crit_entries != NULL || config_wrapper.config.warn_entries != NULL) {
+ set_thresholds(&config_wrapper.config.entries_thresholds, config_wrapper.config.warn_entries, config_wrapper.config.crit_entries);
}
- if (ld_passwd == NULL) {
- ld_passwd = getenv("LDAP_PASSWORD");
+
+ if (config_wrapper.config.ld_passwd == NULL) {
+ config_wrapper.config.ld_passwd = getenv("LDAP_PASSWORD");
}
- return OK;
+ return config_wrapper;
}
void print_help(void) {
diff --git a/plugins/check_ldap.d/config.h b/plugins/check_ldap.d/config.h
new file mode 100644
index 00000000..97a9cfa7
--- /dev/null
+++ b/plugins/check_ldap.d/config.h
@@ -0,0 +1,61 @@
+#pragma once
+
+#include "../../config.h"
+#include "thresholds.h"
+#include
+#include
+
+static char ld_defattr[] = "(objectclass=*)";
+
+enum {
+#ifdef HAVE_LDAP_SET_OPTION
+ DEFAULT_PROTOCOL = 2,
+#endif
+};
+
+typedef struct {
+ char *ld_host;
+ char *ld_base;
+ char *ld_passwd;
+ char *ld_binddn;
+ char *ld_attr;
+ int ld_port;
+ bool starttls;
+ bool ssl_on_connect;
+#ifdef HAVE_LDAP_SET_OPTION
+ int ld_protocol;
+#endif
+
+ char *warn_entries;
+ char *crit_entries;
+ thresholds *entries_thresholds;
+ bool warn_time_set;
+ double warn_time;
+ bool crit_time_set;
+ double crit_time;
+} check_ldap_config;
+
+check_ldap_config check_ldap_config_init() {
+ check_ldap_config tmp = {
+ .ld_host = NULL,
+ .ld_base = NULL,
+ .ld_passwd = NULL,
+ .ld_binddn = NULL,
+ .ld_attr = ld_defattr,
+ .ld_port = -1,
+ .starttls = false,
+ .ssl_on_connect = false,
+#ifdef HAVE_LDAP_SET_OPTION
+ .ld_protocol = DEFAULT_PROTOCOL,
+#endif
+
+ .warn_entries = NULL,
+ .crit_entries = NULL,
+ .entries_thresholds = NULL,
+ .warn_time_set = false,
+ .warn_time = 0,
+ .crit_time_set = false,
+ .crit_time = 0,
+ };
+ return tmp;
+}
--
cgit v1.2.3-74-g34f1