diff --git a/plugins/check_radius.c b/plugins/check_radius.c
index 3e6bdcae5880bca166cea2d699983fbeb5800822..57b7090d77d2ec7cd5e71b38c5725d0e069c5a37 100644 (file)
--- a/plugins/check_radius.c
+++ b/plugins/check_radius.c
-/******************************************************************************
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
- $Id$
-
- ******************************************************************************/
+/*****************************************************************************
+*
+* Nagios check_radius plugin
+*
+* License: GPL
+* Copyright (c) 1999-2008 Nagios Plugins Development Team
+*
+* Description:
+*
+* This file contains the check_radius plugin
+*
+* Tests to see if a radius server is accepting connections.
+*
+*
+* This program is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation, either version 3 of the License, or
+* (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program. If not, see <http://www.gnu.org/licenses/>.
+*
+*
+*****************************************************************************/
const char *progname = "check_radius";
-const char *revision = "$Revision$";
-const char *copyright = "2000-2003";
+const char *copyright = "2000-2008";
const char *email = "nagiosplug-devel@lists.sourceforge.net";
#include "common.h"
#include "utils.h"
#include "netutils.h"
+
+#ifdef HAVE_LIBRADIUSCLIENT_NG
+#include <radiusclient-ng.h>
+rc_handle *rch = NULL;
+#else
#include <radiusclient.h>
+#endif
int process_arguments (int, char **);
void print_help (void);
void print_usage (void);
+/* libradiusclient(-ng) wrapper functions */
+#ifdef HAVE_LIBRADIUSCLIENT_NG
+#define my_rc_conf_str(a) rc_conf_str(rch,a)
+#define my_rc_send_server(a,b) rc_send_server(rch,a,b)
+#define my_rc_buildreq(a,b,c,d,e,f) rc_buildreq(rch,a,b,c,d,e,f)
+#define my_rc_own_ipaddress() rc_own_ipaddress(rch)
+#define my_rc_avpair_add(a,b,c,d) rc_avpair_add(rch,a,b,c,-1,d)
+#define my_rc_read_dictionary(a) rc_read_dictionary(rch, a)
+#else
+#define my_rc_conf_str(a) rc_conf_str(a)
+#define my_rc_send_server(a,b) rc_send_server(a, b)
+#define my_rc_buildreq(a,b,c,d,e,f) rc_buildreq(a,b,c,d,e,f)
+#define my_rc_own_ipaddress() rc_own_ipaddress()
+#define my_rc_avpair_add(a,b,c,d) rc_avpair_add(a, b, c, d)
+#define my_rc_read_dictionary(a) rc_read_dictionary(a)
+#endif
+int my_rc_read_config(char *);
+
char *server = NULL;
char *username = NULL;
char *password = NULL;
UINT4 service;
char msg[BUFFER_LEN];
SEND_DATA data;
- int result;
+ int result = STATE_UNKNOWN;
UINT4 client_id;
char *str;
bindtextdomain (PACKAGE, LOCALEDIR);
textdomain (PACKAGE);
+ /* Parse extra opts if any */
+ argv=np_extra_opts (&argc, argv, progname);
+
if (process_arguments (argc, argv) == ERROR)
- usage (_("check_radius: could not parse arguments\n"));
+ usage4 (_("Could not parse arguments"));
str = strdup ("dictionary");
- if ((config_file && rc_read_config (config_file)) ||
- rc_read_dictionary (rc_conf_str (str)))
+ if ((config_file && my_rc_read_config (config_file)) ||
+ my_rc_read_dictionary (my_rc_conf_str (str)))
die (STATE_UNKNOWN, _("Config file error"));
service = PW_AUTHENTICATE_ONLY;
- if (!(rc_avpair_add (&data.send_pairs, PW_SERVICE_TYPE, &service, 0) &&
- rc_avpair_add (&data.send_pairs, PW_USER_NAME, username, 0) &&
- rc_avpair_add (&data.send_pairs, PW_USER_PASSWORD, password, 0) &&
- (nasid==NULL || rc_avpair_add (&data.send_pairs, PW_NAS_IDENTIFIER, nasid, 0))))
+ memset (&data, 0, sizeof(data));
+ if (!(my_rc_avpair_add (&data.send_pairs, PW_SERVICE_TYPE, &service, 0) &&
+ my_rc_avpair_add (&data.send_pairs, PW_USER_NAME, username, 0) &&
+ my_rc_avpair_add (&data.send_pairs, PW_USER_PASSWORD, password, 0) &&
+ (nasid==NULL || my_rc_avpair_add (&data.send_pairs, PW_NAS_IDENTIFIER, nasid, 0))))
die (STATE_UNKNOWN, _("Out of Memory?"));
- /*
- * Fill in NAS-IP-Address
+ /*
+ * Fill in NAS-IP-Address
*/
- if ((client_id = rc_own_ipaddress ()) == 0)
+ if ((client_id = my_rc_own_ipaddress ()) == 0)
return (ERROR_RC);
- if (rc_avpair_add (&(data.send_pairs), PW_NAS_IP_ADDRESS, &client_id, 0) ==
+ if (my_rc_avpair_add (&(data.send_pairs), PW_NAS_IP_ADDRESS, &client_id, 0) ==
NULL) return (ERROR_RC);
- rc_buildreq (&data, PW_ACCESS_REQUEST, server, port, (int)timeout_interval,
+ my_rc_buildreq (&data, PW_ACCESS_REQUEST, server, port, (int)timeout_interval,
retries);
- result = rc_send_server (&data, msg);
+ result = my_rc_send_server (&data, msg);
rc_avpair_free (data.send_pairs);
if (data.receive_pairs)
rc_avpair_free (data.receive_pairs);
{0, 0, 0, 0}
};
- if (argc < 2)
- return ERROR;
-
- if (argc == 9) {
- config_file = argv[1];
- username = argv[2];
- password = argv[3];
- if (is_intpos (argv[4]))
- timeout_interval = atoi (argv[4]);
- else
- usage2 (_("Timeout interval must be a positive integer"), optarg);
- if (is_intpos (argv[5]))
- retries = atoi (argv[5]);
- else
- usage (_("Number of retries must be a positive integer"));
- server = argv[6];
- if (is_intpos (argv[7]))
- port = atoi (argv[7]);
- else
- usage (_("Port must be a positive integer"));
- expect = argv[8];
- return OK;
- }
-
while (1) {
c = getopt_long (argc, argv, "+hVvH:P:F:u:p:n:t:r:e:", longopts,
&option);
switch (c) {
case '?': /* print short usage statement if args not parsable */
- printf (_("%s: Unknown argument: %s\n\n"), progname, optarg);
- print_usage ();
- exit (STATE_UNKNOWN);
+ usage5 ();
case 'h': /* help */
print_help ();
exit (OK);
case 'V': /* version */
- print_revision (progname, revision);
+ print_revision (progname, NP_VERSION);
exit (OK);
case 'v': /* verbose mode */
verbose = TRUE;
if (is_intnonneg (optarg))
port = atoi (optarg);
else
- usage (_("Port must be a positive integer"));
+ usage4 (_("Port must be a positive integer"));
break;
case 'u': /* username */
username = optarg;
break;
case 'p': /* password */
- password = optarg;
+ password = strdup(optarg);
+
+ /* Delete the password from process list */
+ while (*optarg != '\0') {
+ *optarg = 'X';
+ optarg++;
+ }
break;
case 'n': /* nas id */
nasid = optarg;
if (is_intpos (optarg))
retries = atoi (optarg);
else
- usage (_("Number of retries must be a positive integer"));
+ usage4 (_("Number of retries must be a positive integer"));
break;
case 't': /* timeout */
if (is_intpos (optarg))
break;
}
}
+
+ if (server == NULL)
+ usage4 (_("Hostname was not supplied"));
+ if (username == NULL)
+ usage4 (_("User not specified"));
+ if (password == NULL)
+ usage4 (_("Password not specified"));
+ if (config_file == NULL)
+ usage4 (_("Configuration file not specified"));
+
return OK;
}
char *myport;
asprintf (&myport, "%d", PW_AUTH_UDP_PORT);
- print_revision (progname, revision);
+ print_revision (progname, NP_VERSION);
printf ("Copyright (c) 1999 Robert August Vincent II\n");
printf (COPYRIGHT, copyright, email);
- printf(_("Tests to see if a radius server is accepting connections.\n\n"));
+ printf("%s\n", _("Tests to see if a RADIUS server is accepting connections."));
+
+ printf ("\n\n");
print_usage ();
printf (_(UT_HELP_VRSN));
+ printf (_(UT_EXTRA_OPTS));
printf (_(UT_HOST_PORT), 'P', myport);
- printf (_("\
- -u, --username=STRING\n\
- The user to authenticate\n\
- -p, --password=STRING\n\
- Password for autentication (SECURITY RISK)\n\
- -n, --nas-id=STRING\n\
- NAS identifier\n\
- -F, --filename=STRING\n\
- Configuration file\n\
- -e, --expect=STRING\n\
- Response string to expect from the server\n\
- -r, --retries=INTEGER\n\
- Number of times to retry a failed connection\n"));
+ printf (" %s\n", "-u, --username=STRING");
+ printf (" %s\n", _("The user to authenticate"));
+ printf (" %s\n", "-p, --password=STRING");
+ printf (" %s\n", _("Password for autentication (SECURITY RISK)"));
+ printf (" %s\n", "-n, --nas-id=STRING");
+ printf (" %s\n", _("NAS identifier"));
+ printf (" %s\n", "-F, --filename=STRING");
+ printf (" %s\n", _("Configuration file"));
+ printf (" %s\n", "-e, --expect=STRING");
+ printf (" %s\n", _("Response string to expect from the server"));
+ printf (" %s\n", "-r, --retries=INTEGER");
+ printf (" %s\n", _("Number of times to retry a failed connection"));
printf (_(UT_TIMEOUT), timeout_interval);
- printf (_("\n\
-This plugin tests a radius server to see if it is accepting connections.\n\
-\n\
-The server to test must be specified in the invocation, as well as a user\n\
-name and password. A configuration file may also be present. The format of\n\
-the configuration file is described in the radiusclient library sources.\n\n"));
-
- printf (_("\
-The password option presents a substantial security issue because the\n\
-password can be determined by careful watching of the command line in\n\
-a process listing. This risk is exacerbated because nagios will\n\
-run the plugin at regular prdictable intervals. Please be sure that\n\
-the password used does not allow access to sensitive system resources,\n\
-otherwise compormise could occur.\n"));
+ printf ("\n");
+ printf ("%s\n", _("This plugin tests a RADIUS server to see if it is accepting connections."));
+ printf ("%s\n", _("The server to test must be specified in the invocation, as well as a user"));
+ printf ("%s\n", _("name and password. A configuration file may also be present. The format of"));
+ printf ("%s\n", _("the configuration file is described in the radiusclient library sources."));
+ printf ("%s\n", _("The password option presents a substantial security issue because the"));
+ printf ("%s\n", _("password can possibly be determined by careful watching of the command line"));
+ printf ("%s\n", _("in a process listing. This risk is exacerbated because nagios will"));
+ printf ("%s\n", _("run the plugin at regular predictable intervals. Please be sure that"));
+ printf ("%s\n", _("the password used does not allow access to sensitive system resources."));
+
+#ifdef NP_EXTRA_OPTS
+ printf ("\n");
+ printf ("%s\n", _("Notes:"));
+ printf (_(UT_EXTRA_OPTS_NOTES));
+#endif
printf (_(UT_SUPPORT));
}
void
print_usage (void)
{
- printf ("\
-Usage: %s -H host -F config_file -u username -p password [-n nas-id] [-P port]\n\
- [-t timeout] [-r retries] [-e expect]\n", progname);
- printf (_(UT_HLP_VRS), progname, progname);
+ printf (_("Usage:"));
+ printf ("%s -H host -F config_file -u username -p password [-n nas-id] [-P port]\n\
+ [-t timeout] [-r retries] [-e expect]\n", progname);
+}
+
+
+
+int my_rc_read_config(char * a)
+{
+#ifdef HAVE_LIBRADIUSCLIENT_NG
+ rch = rc_read_config(a);
+ return (rch == NULL) ? 1 : 0;
+#else
+ return rc_read_config(a);
+#endif
}