diff --git a/plugins/check_radius.c b/plugins/check_radius.c
index ba61c106a4fee0635a7a5944fd721e9b69742026..c95fbe1ff2ec2ad20fec96da721d9a7f5087461c 100644 (file)
--- a/plugins/check_radius.c
+++ b/plugins/check_radius.c
-/******************************************************************************
-*
+/*****************************************************************************
+*
* Nagios check_radius plugin
* Nagios check_radius plugin
-*
+*
* License: GPL
* License: GPL
-* Copyright (c) 1999-2006 nagios-plugins team
-*
-* Last Modified: $Date$
-*
+* Copyright (c) 1999-2008 Nagios Plugins Development Team
+*
* Description:
* Description:
-*
+*
* This file contains the check_radius plugin
* This file contains the check_radius plugin
-*
-* Tests to see if a radius server is accepting connections.
-*
-*
-* License Information:
-*
-* This program is free software; you can redistribute it and/or modify
+*
+* Tests to see if a radius server is accepting connections.
+*
+*
+* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* it under the terms of the GNU General Public License as published by
-* the Free Software Foundation; either version 2 of the License, or
+* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* (at your option) any later version.
-*
+*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
-*
+*
* You should have received a copy of the GNU General Public License
* You should have received a copy of the GNU General Public License
-* along with this program; if not, write to the Free Software
-* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*
-* $Id$
+* along with this program. If not, see <http://www.gnu.org/licenses/>.
+*
*
*
-*******************************************************************************/
+*****************************************************************************/
const char *progname = "check_radius";
const char *progname = "check_radius";
-const char *revision = "$Revision$";
-const char *copyright = "2000-2006";
+const char *copyright = "2000-2008";
const char *email = "nagiosplug-devel@lists.sourceforge.net";
#include "common.h"
const char *email = "nagiosplug-devel@lists.sourceforge.net";
#include "common.h"
#define my_rc_avpair_add(a,b,c,d) rc_avpair_add(a, b, c, d)
#define my_rc_read_dictionary(a) rc_read_dictionary(a)
#endif
#define my_rc_avpair_add(a,b,c,d) rc_avpair_add(a, b, c, d)
#define my_rc_read_dictionary(a) rc_read_dictionary(a)
#endif
+
+/* REJECT_RC is only defined in some version of radiusclient. It has
+ * been reported from radiusclient-ng 0.5.6 on FreeBSD 7.2-RELEASE */
+#ifndef REJECT_RC
+#define REJECT_RC BADRESP_RC
+#endif
+
int my_rc_read_config(char *);
char *server = NULL;
char *username = NULL;
char *password = NULL;
char *nasid = NULL;
int my_rc_read_config(char *);
char *server = NULL;
char *username = NULL;
char *password = NULL;
char *nasid = NULL;
+char *nasipaddress = NULL;
char *expect = NULL;
char *config_file = NULL;
unsigned short port = PW_AUTH_UDP_PORT;
char *expect = NULL;
char *config_file = NULL;
unsigned short port = PW_AUTH_UDP_PORT;
bindtextdomain (PACKAGE, LOCALEDIR);
textdomain (PACKAGE);
bindtextdomain (PACKAGE, LOCALEDIR);
textdomain (PACKAGE);
+ /* Parse extra opts if any */
+ argv=np_extra_opts (&argc, argv, progname);
+
if (process_arguments (argc, argv) == ERROR)
usage4 (_("Could not parse arguments"));
if (process_arguments (argc, argv) == ERROR)
usage4 (_("Could not parse arguments"));
memset (&data, 0, sizeof(data));
if (!(my_rc_avpair_add (&data.send_pairs, PW_SERVICE_TYPE, &service, 0) &&
my_rc_avpair_add (&data.send_pairs, PW_USER_NAME, username, 0) &&
memset (&data, 0, sizeof(data));
if (!(my_rc_avpair_add (&data.send_pairs, PW_SERVICE_TYPE, &service, 0) &&
my_rc_avpair_add (&data.send_pairs, PW_USER_NAME, username, 0) &&
- my_rc_avpair_add (&data.send_pairs, PW_USER_PASSWORD, password, 0) &&
- (nasid==NULL || my_rc_avpair_add (&data.send_pairs, PW_NAS_IDENTIFIER, nasid, 0))))
+ my_rc_avpair_add (&data.send_pairs, PW_USER_PASSWORD, password, 0)
+ ))
die (STATE_UNKNOWN, _("Out of Memory?"));
die (STATE_UNKNOWN, _("Out of Memory?"));
- /*
- * Fill in NAS-IP-Address
- */
-
- if ((client_id = my_rc_own_ipaddress ()) == 0)
- return (ERROR_RC);
+ if (nasid != NULL) {
+ if (!(my_rc_avpair_add (&data.send_pairs, PW_NAS_IDENTIFIER, nasid, 0)))
+ die (STATE_UNKNOWN, _("Invalid NAS-Identifier"));
+ }
- if (my_rc_avpair_add (&(data.send_pairs), PW_NAS_IP_ADDRESS, &client_id, 0) ==
- NULL) return (ERROR_RC);
+ if (nasipaddress != NULL) {
+ if (rc_good_ipaddr (nasipaddress))
+ die (STATE_UNKNOWN, _("Invalid NAS-IP-Address"));
+ if ((client_id = rc_get_ipaddr(nasipaddress)) == 0)
+ die (STATE_UNKNOWN, _("Invalid NAS-IP-Address"));
+ } else {
+ if ((client_id = my_rc_own_ipaddress ()) == 0)
+ die (STATE_UNKNOWN, _("Can't find local IP for NAS-IP-Address"));
+ }
+ if (my_rc_avpair_add (&(data.send_pairs), PW_NAS_IP_ADDRESS, &client_id, 0) == NULL)
+ die (STATE_UNKNOWN, _("Invalid NAS-IP-Address"));
my_rc_buildreq (&data, PW_ACCESS_REQUEST, server, port, (int)timeout_interval,
retries);
my_rc_buildreq (&data, PW_ACCESS_REQUEST, server, port, (int)timeout_interval,
retries);
die (STATE_CRITICAL, _("Timeout"));
if (result == ERROR_RC)
die (STATE_CRITICAL, _("Auth Error"));
die (STATE_CRITICAL, _("Timeout"));
if (result == ERROR_RC)
die (STATE_CRITICAL, _("Auth Error"));
- if (result == BADRESP_RC)
+ if (result == REJECT_RC)
die (STATE_WARNING, _("Auth Failed"));
die (STATE_WARNING, _("Auth Failed"));
+ if (result == BADRESP_RC)
+ die (STATE_WARNING, _("Bad Response"));
if (expect && !strstr (msg, expect))
die (STATE_WARNING, "%s", msg);
if (result == OK_RC)
die (STATE_OK, _("Auth OK"));
if (expect && !strstr (msg, expect))
die (STATE_WARNING, "%s", msg);
if (result == OK_RC)
die (STATE_OK, _("Auth OK"));
- return (0);
+ (void)snprintf(msg, sizeof(msg), _("Unexpected result code %d"), result);
+ die (STATE_UNKNOWN, msg);
}
}
{"username", required_argument, 0, 'u'},
{"password", required_argument, 0, 'p'},
{"nas-id", required_argument, 0, 'n'},
{"username", required_argument, 0, 'u'},
{"password", required_argument, 0, 'p'},
{"nas-id", required_argument, 0, 'n'},
+ {"nas-ip-address", required_argument, 0, 'N'},
{"filename", required_argument, 0, 'F'},
{"expect", required_argument, 0, 'e'},
{"retries", required_argument, 0, 'r'},
{"filename", required_argument, 0, 'F'},
{"expect", required_argument, 0, 'e'},
{"retries", required_argument, 0, 'r'},
};
while (1) {
};
while (1) {
- c = getopt_long (argc, argv, "+hVvH:P:F:u:p:n:t:r:e:", longopts,
+ c = getopt_long (argc, argv, "+hVvH:P:F:u:p:n:N:t:r:e:", longopts,
&option);
if (c == -1 || c == EOF || c == 1)
&option);
if (c == -1 || c == EOF || c == 1)
print_help ();
exit (OK);
case 'V': /* version */
print_help ();
exit (OK);
case 'V': /* version */
- print_revision (progname, revision);
+ print_revision (progname, NP_VERSION);
exit (OK);
case 'v': /* verbose mode */
verbose = TRUE;
exit (OK);
case 'v': /* verbose mode */
verbose = TRUE;
username = optarg;
break;
case 'p': /* password */
username = optarg;
break;
case 'p': /* password */
- password = optarg;
+ password = strdup(optarg);
+
+ /* Delete the password from process list */
+ while (*optarg != '\0') {
+ *optarg = 'X';
+ optarg++;
+ }
break;
case 'n': /* nas id */
nasid = optarg;
break;
break;
case 'n': /* nas id */
nasid = optarg;
break;
+ case 'N': /* nas ip address */
+ nasipaddress = optarg;
+ break;
case 'F': /* configuration file */
config_file = optarg;
break;
case 'F': /* configuration file */
config_file = optarg;
break;
char *myport;
asprintf (&myport, "%d", PW_AUTH_UDP_PORT);
char *myport;
asprintf (&myport, "%d", PW_AUTH_UDP_PORT);
- print_revision (progname, revision);
+ print_revision (progname, NP_VERSION);
printf ("Copyright (c) 1999 Robert August Vincent II\n");
printf (COPYRIGHT, copyright, email);
printf ("Copyright (c) 1999 Robert August Vincent II\n");
printf (COPYRIGHT, copyright, email);
- printf("%s\n", _("Tests to see if a radius server is accepting connections."));
+ printf("%s\n", _("Tests to see if a RADIUS server is accepting connections."));
printf ("\n\n");
print_usage ();
printf ("\n\n");
print_usage ();
- printf (_(UT_HELP_VRSN));
+ printf (UT_HELP_VRSN);
+ printf (UT_EXTRA_OPTS);
- printf (_(UT_HOST_PORT), 'P', myport);
+ printf (UT_HOST_PORT, 'P', myport);
printf (" %s\n", "-u, --username=STRING");
printf (" %s\n", _("The user to authenticate"));
printf (" %s\n", "-u, --username=STRING");
printf (" %s\n", _("The user to authenticate"));
printf (" %s\n", _("Password for autentication (SECURITY RISK)"));
printf (" %s\n", "-n, --nas-id=STRING");
printf (" %s\n", _("NAS identifier"));
printf (" %s\n", _("Password for autentication (SECURITY RISK)"));
printf (" %s\n", "-n, --nas-id=STRING");
printf (" %s\n", _("NAS identifier"));
+ printf (" %s\n", "-N, --nas-ip-address=STRING");
+ printf (" %s\n", _("NAS IP Address"));
printf (" %s\n", "-F, --filename=STRING");
printf (" %s\n", _("Configuration file"));
printf (" %s\n", "-e, --expect=STRING");
printf (" %s\n", "-F, --filename=STRING");
printf (" %s\n", _("Configuration file"));
printf (" %s\n", "-e, --expect=STRING");
printf (" %s\n", "-r, --retries=INTEGER");
printf (" %s\n", _("Number of times to retry a failed connection"));
printf (" %s\n", "-r, --retries=INTEGER");
printf (" %s\n", _("Number of times to retry a failed connection"));
- printf (_(UT_TIMEOUT), timeout_interval);
+ printf (UT_TIMEOUT, timeout_interval);
- printf ("%s\n", _("This plugin tests a radius server to see if it is accepting connections."));
+ printf ("\n");
+ printf ("%s\n", _("This plugin tests a RADIUS server to see if it is accepting connections."));
printf ("%s\n", _("The server to test must be specified in the invocation, as well as a user"));
printf ("%s\n", _("name and password. A configuration file may also be present. The format of"));
printf ("%s\n", _("the configuration file is described in the radiusclient library sources."));
printf ("%s\n", _("The password option presents a substantial security issue because the"));
printf ("%s\n", _("The server to test must be specified in the invocation, as well as a user"));
printf ("%s\n", _("name and password. A configuration file may also be present. The format of"));
printf ("%s\n", _("the configuration file is described in the radiusclient library sources."));
printf ("%s\n", _("The password option presents a substantial security issue because the"));
- printf ("%s\n", _("password can be determined by careful watching of the command line in"));
- printf ("%s\n", _("a process listing. This risk is exacerbated because nagios will"));
- printf ("%s\n", _("run the plugin at regular prdictable intervals. Please be sure that"));
- printf ("%s\n", _("the password used does not allow access to sensitive system resources,"));
- printf ("%s\n", _("otherwise compormise could occur."));
+ printf ("%s\n", _("password can possibly be determined by careful watching of the command line"));
+ printf ("%s\n", _("in a process listing. This risk is exacerbated because nagios will"));
+ printf ("%s\n", _("run the plugin at regular predictable intervals. Please be sure that"));
+ printf ("%s\n", _("the password used does not allow access to sensitive system resources."));
+
+#ifdef NP_EXTRA_OPTS
+ printf ("\n");
+ printf ("%s\n", _("Notes:"));
+ printf (UT_EXTRA_OPTS_NOTES);
+#endif
- printf (_(UT_SUPPORT));
+ printf (UT_SUPPORT);
}
}
print_usage (void)
{
printf (_("Usage:"));
print_usage (void)
{
printf (_("Usage:"));
- printf ("%s -H host -F config_file -u username -p password [-n nas-id] [-P port]\n\
- [-t timeout] [-r retries] [-e expect]\n", progname);
+ printf ("%s -H host -F config_file -u username -p password\n\
+ [-P port] [-t timeout] [-r retries] [-e expect]\n\
+ [-n nas-id] [-N nas-ip-addr]\n", progname);
}
}