![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c
index adfa966a9c13dad9964ac06b6f199e88109ee302..4f14328074cc92b964ab51633fdcec8db46ed9f4 100644 (file)
--- a/plugins/check_ldap.c
+++ b/plugins/check_ldap.c
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ $Id$
+
******************************************************************************/
-const char *progname = "check_ldap";
+/* progname may be check_ldaps */
+char *progname = "check_ldap";
const char *revision = "$Revision$";
-const char *copyright = "2000-2003";
+const char *copyright = "2000-2004";
const char *email = "nagiosplug-devel@lists.sourceforge.net";
#include "common.h"
#include <ldap.h>
enum {
- UNDEFINED = -1,
+ UNDEFINED = 0,
#ifdef HAVE_LDAP_SET_OPTION
DEFAULT_PROTOCOL = 2,
#endif
#ifdef HAVE_LDAP_SET_OPTION
int ld_protocol = DEFAULT_PROTOCOL;
#endif
-int warn_time = UNDEFINED;
-int crit_time = UNDEFINED;
+double warn_time = UNDEFINED;
+double crit_time = UNDEFINED;
+struct timeval tv;
+
+/* for ldap tls */
+
+char *SERVICE = "LDAP";
int
main (int argc, char *argv[])
LDAP *ld;
LDAPMessage *result;
- int t_diff;
- time_t time0, time1;
+ /* should be int result = STATE_UNKNOWN; */
+
+ int status = STATE_UNKNOWN;
+ long microsec;
+ double elapsed_time;
+
+ /* for ldap tls */
+
+ int tls;
+ int version=3;
setlocale (LC_ALL, "");
bindtextdomain (PACKAGE, LOCALEDIR);
textdomain (PACKAGE);
+ if (strstr(argv[0],"check_ldaps")) {
+ asprintf (&progname, "check_ldaps");
+ }
+
if (process_arguments (argc, argv) == ERROR)
- usage (_("check_ldap: could not parse arguments\n"));
+ usage4 (_("Could not parse arguments"));
/* initialize alarm signal handling */
signal (SIGALRM, socket_timeout_alarm_handler);
alarm (socket_timeout);
/* get the start time */
- time (&time0);
+ gettimeofday (&tv, NULL);
/* initialize ldap */
+#ifdef HAVE_LDAP_INIT
+ if (!(ld = ldap_init (ld_host, ld_port))) {
+ printf ("Could not connect to the server at port %i\n", ld_port);
+ return STATE_CRITICAL;
+ }
+#else
if (!(ld = ldap_open (ld_host, ld_port))) {
/*ldap_perror(ld, "ldap_open"); */
printf (_("Could not connect to the server at port %i\n"), ld_port);
return STATE_CRITICAL;
}
-
+#endif /* HAVE_LDAP_INIT */
+
#ifdef HAVE_LDAP_SET_OPTION
/* set ldap options */
if (ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &ld_protocol) !=
return STATE_CRITICAL;
}
#endif
+
+ if (strstr(argv[0],"check_ldaps")) {
+ /* with TLS */
+ if ( ld_port == LDAPS_PORT ) {
+ asprintf (&SERVICE, "LDAPS");
+#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS)
+ /* ldaps: set option tls */
+ tls = LDAP_OPT_X_TLS_HARD;
+
+ if (ldap_set_option (ld, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS)
+ {
+ /*ldap_perror(ld, "ldaps_option"); */
+ printf (_("Could not init TLS at port %i!\n"), ld_port);
+ return STATE_CRITICAL;
+ }
+#else
+ printf (_("TLS not supported by the libraries!\n"), ld_port);
+ return STATE_CRITICAL;
+#endif /* LDAP_OPT_X_TLS */
+ } else {
+ asprintf (&SERVICE, "LDAP-TLS");
+#if defined(HAVE_LDAP_SET_OPTION) && defined(HAVE_LDAP_START_TLS_S)
+ /* ldap with startTLS: set option version */
+ if (ldap_get_option(ld,LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS )
+ {
+ if (version < LDAP_VERSION3)
+ {
+ version = LDAP_VERSION3;
+ ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
+ }
+ }
+ /* call start_tls */
+ if (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS)
+ {
+ /*ldap_perror(ld, "ldap_start_tls"); */
+ printf (_("Could not init startTLS at port %i!\n"), ld_port);
+ return STATE_CRITICAL;
+ }
+#else
+ printf (_("startTLS not supported by the library, needs LDAPv3!\n"));
+ return STATE_CRITICAL;
+#endif /* HAVE_LDAP_START_TLS_S */
+ }
+ }
+
/* bind to the ldap server */
if (ldap_bind_s (ld, ld_binddn, ld_passwd, LDAP_AUTH_SIMPLE) !=
LDAP_SUCCESS) {
/* reset the alarm handler */
alarm (0);
- /* get the finish time */
- time (&time1);
-
/* calcutate the elapsed time and compare to thresholds */
- t_diff = time1 - time0;
- if (crit_time!=UNDEFINED && t_diff>=crit_time) {
- printf (_("LDAP CRITICAL - %i seconds response time\n"), t_diff);
- return STATE_CRITICAL;
- }
+ microsec = deltime (tv);
+ elapsed_time = (double)microsec / 1.0e6;
- if (warn_time!=UNDEFINED && t_diff>=warn_time) {
- printf (_("LDAP WARNING - %i seconds response time\n"), t_diff);
- return STATE_WARNING;
- }
+ if (crit_time!=UNDEFINED && elapsed_time>crit_time)
+ status = STATE_CRITICAL;
+ else if (warn_time!=UNDEFINED && elapsed_time>warn_time)
+ status = STATE_WARNING;
+ else
+ status = STATE_OK;
/* print out the result */
- printf (_("LDAP OK - %i seconds response time\n"), t_diff);
-
- return STATE_OK;
+ printf (_("LDAP %s - %.3f seconds response time|%s\n"),
+ state_text (status),
+ elapsed_time,
+ fperfdata ("time", elapsed_time, "s",
+ (int)warn_time, warn_time,
+ (int)crit_time, crit_time,
+ TRUE, 0, FALSE, 0));
+
+ return status;
}
/* process command-line arguments */
exit (STATE_OK);
case 't': /* timeout period */
if (!is_intnonneg (optarg))
- usage2 (_("timeout interval must be a positive integer"), optarg);
+ usage2 (_("Timeout interval must be a positive integer"), optarg);
else
socket_timeout = atoi (optarg);
break;
ld_passwd = optarg;
break;
case 'w':
- warn_time = atoi (optarg);
+ warn_time = strtod (optarg, NULL);
break;
case 'c':
- crit_time = atoi (optarg);
+ crit_time = strtod (optarg, NULL);
break;
#ifdef HAVE_LDAP_SET_OPTION
case '2':
#endif
break;
default:
- usage (_("check_ldap: could not parse unknown arguments\n"));
- break;
+ usage2 (_("Unknown argument"), optarg);
}
}
return validate_arguments ();
}
+
int
validate_arguments ()
{
- if (strlen(ld_host) == 0)
- usage (_("please specify the host name\n"));
+ if (ld_host==NULL || strlen(ld_host)==0)
+ usage4 (_("Please specify the host name\n"));
- if (strlen(ld_base) == 0)
- usage (_("please specify the LDAP base\n"));
+ if (ld_base==NULL || strlen(ld_base)==0)
+ usage4 (_("Please specify the LDAP base\n"));
return OK;
-
}
-
-
-
-\f
void
print_help (void)
{
print_revision (progname, revision);
- printf (_("Copyright (c) 1999 Didi Rieder (adrieder@sbox.tu-graz.ac.at)\n"));
- printf (_(COPYRIGHT), copyright, email);
+ printf ("Copyright (c) 1999 Didi Rieder (adrieder@sbox.tu-graz.ac.at)\n");
+ printf (COPYRIGHT, copyright, email);
print_usage ();
}
-
-
void
print_usage (void)
{
- printf (_("\
+ printf ("\
Usage: %s -H <host> -b <base_dn> [-p <port>] [-a <attr>] [-D <binddn>]\n\
- [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout]%s\n\
-(Note: all times are in seconds.)\n"),
- progname, (HAVE_LDAP_SET_OPTION ? "[-2|-3] [-4|-6]" : ""));
- printf (_(UT_HLP_VRS), progname, progname);
+ [-P <password>] [-w <warn_time>] [-c <crit_time>]\n\
+ [-t timeout]%s\n",
+//(Note: all times are in seconds.)\n",
+ progname,
+#ifdef HAVE_LDAP_SET_OPTION
+ " [-2|-3] [-4|-6]"
+#else
+ ""
+#endif
+ );
}