From: Matthias Eble <psychotrahe@gmx.de>
Date: Wed, 10 Jun 2009 23:17:58 +0000 (+0200)
Subject: Fixed SNMPv3 behaviour of check_ifoperstatus. Added -x to define privprotocol (#23434... 
X-Git-Url: https://git.tokkee.org/?p=nagiosplug.git;a=commitdiff_plain;h=5195074095cac48dd15d857bce69c1aa909ec2b2

Fixed SNMPv3 behaviour of check_ifoperstatus. Added -x to define privprotocol (#2343438 - Robin Schroeder)

check_ifoperstatus didn't function correctly with SNMPv3. This is fixed now.
Created argument-hash for SNMP session creation. This removes redundant code.
Session creation was moved out of process_arguments() and now takes place
after setting the timeout handler.

Additionally the -x argument was added to specify the privprotocol.
---

diff --git a/NEWS b/NEWS
index ecfd67e..768a1cc 100644
--- a/NEWS
+++ b/NEWS
@@ -39,6 +39,7 @@ This file documents the major additions and syntax changes between releases.
 	Fixed check_by_ssh interpretation of quotes in -C parameter (#1985246, #2268675)
 	check_snmp now supports standard threshold ranges and doubles (floating numbers) in thresholds
 	check_fping now supports passing target timeout and interval to fping (#2347686 - Martin Foster)
+	Fixed SNMPv3 behaviour of check_ifoperstatus. Added -x to define privprotocol (#2343438 - Robin Schroeder)
 
 1.4.13 25th Sept 2008
 	Fix Debian bug #460097: check_http --max-age broken (Hilko Bengen)
diff --git a/plugins-scripts/check_ifoperstatus.pl b/plugins-scripts/check_ifoperstatus.pl
index d0a1655..503f1e4 100755
--- a/plugins-scripts/check_ifoperstatus.pl
+++ b/plugins-scripts/check_ifoperstatus.pl
@@ -61,7 +61,7 @@ my $answer = "";
 my $snmpkey = 0;
 my $community = "public";
 my $maxmsgsize = 1472 ; # Net::SNMP default is 1472
-my ($seclevel, $authproto, $secname, $authpass, $privpass, $auth, $priv, $context);
+my ($seclevel, $authproto, $secname, $authpass, $privpass, $privproto, $auth, $priv, $context);
 my $port = 161;
 my @snmpoids;
 my $sysUptime        = '1.3.6.1.2.1.1.3.0';
@@ -89,12 +89,14 @@ my $lastc;
 my $dormantWarn;
 my $adminWarn;
 my $name;
+my %session_opts;
 
 ### Validate Arguments
 
 $status = process_arguments();
 
 
+use Data::Dumper;
 # Just in case of problems, let's not hang Nagios
 $SIG{'ALRM'} = sub {
      print ("ERROR: No snmp response from $hostname (alarm)\n");
@@ -103,6 +105,16 @@ $SIG{'ALRM'} = sub {
 
 alarm($timeout);
 
+print Dumper(\%session_opts);
+($session, $error) = Net::SNMP->session(%session_opts);
+
+		
+if (!defined($session)) {
+			$state='UNKNOWN';
+			$answer=$error;
+			print ("$state: $answer\n");
+			exit $ERRORS{$state};
+}
 
 ## map ifdescr to ifindex - should look at being able to cache this value
 
@@ -293,6 +305,7 @@ sub print_help() {
 	printf "   -X (--privpass)   privacy password (cleartext ascii or localized key\n";
 	printf "                     in hex with 0x prefix generated by using	\"snmpkey\" utility\n"; 
 	printf "                     privacy password and authEngineID\n";
+	printf "   -x (--privproto)  privacy protocol (DES or AES; default: DES)\n";
 	printf "   -k (--key)        SNMP IfIndex value\n";
 	printf "   -d (--descr)      SNMP ifDescr value\n";
 	printf "   -T (--type)       SNMP ifType integer value (see http://www.iana.org/assignments/ianaiftype-mib)\n";
@@ -327,6 +340,7 @@ sub process_arguments() {
 			"U=s" => \$secname,   "secname=s"   => \$secname,
 			"A=s" => \$authpass,  "authpass=s"  => \$authpass,
 			"X=s" => \$privpass,  "privpass=s"  => \$privpass,
+			"x=s" => \$privproto,  "privproto=s"  => \$privproto,
 			"c=s" => \$context,   "context=s"   => \$context,
 			"k=i" => \$snmpkey, "key=i",\$snmpkey,
 			"d=s" => \$ifdescr, "descr=s" => \$ifdescr,
@@ -387,10 +401,27 @@ sub process_arguments() {
 		$timeout = $TIMEOUT;
 	}
 
+		
+	if ($snmp_version !~ /[123]/){
+		$state='UNKNOWN';
+		print ("$state: No support for SNMP v$snmp_version yet\n");
+		exit $ERRORS{$state};
+	}
+
+	%session_opts = (
+		-hostname  => $hostname,
+		-port      => $port,
+		-version	=> $snmp_version,
+		-maxmsgsize => $maxmsgsize
+	);
+
+	$session_opts{'-community'} = $community if (defined $community && $snmp_version =~ /[12]/);
+
 	if ($snmp_version =~ /3/ ) {
 		# Must define a security level even though default is noAuthNoPriv
 		# v3 requires a security username
 		if (defined $seclevel  && defined $secname) {
+			$session_opts{'-username'} = $secname;
 		
 			# Must define a security level even though defualt is noAuthNoPriv
 			unless ( grep /^$seclevel$/, qw(noAuthNoPriv authNoPriv authPriv) ) {
@@ -400,23 +431,22 @@ sub process_arguments() {
 			
 			# Authentication wanted
 			if ( $seclevel eq 'authNoPriv' || $seclevel eq 'authPriv' ) {
-		
 				unless ( $authproto eq 'MD5' || $authproto eq 'SHA1' ) {
 					usage();
 					exit $ERRORS{"UNKNOWN"};
 				}
+				$session_opts{'-authprotocol'} = $authproto if(defined $authproto);
 
 				if ( !defined $authpass) {
 					usage();
 					exit $ERRORS{"UNKNOWN"};
 				}else{
 					if ($authpass =~ /^0x/ ) {
-						$auth = "-authkey => $authpass" ;
+						$session_opts{'-authkey'} = $authpass ;
 					}else{
-						$auth = "-authpassword => $authpass";
+						$session_opts{'-authpassword'} = $authpass ;
 					}
 				}
-					
 			}
 			
 			# Privacy (DES encryption) wanted
@@ -426,21 +456,20 @@ sub process_arguments() {
 					exit $ERRORS{"UNKNOWN"};
 				}else{
 					if ($privpass =~ /^0x/){
-						$priv = "-privkey => $privpass";
+						$session_opts{'-privkey'} = $privpass;
 					}else{
-						$priv = "-privpassword => $privpass";
+						$session_opts{'-privpassword'} = $privpass;
 					}
 				}
+
+				$session_opts{'-privprotocol'} = $privproto if(defined $privproto);
 			}
 
 			# Context name defined or default
-
 			unless ( defined $context) {
 				$context = "";
 			}
 		
-		
-		
 		}else {
 					usage();
 					exit $ERRORS{'UNKNOWN'}; ;
@@ -448,67 +477,6 @@ sub process_arguments() {
 	} # end snmpv3
 
 
-	if ( $snmp_version =~ /[12]/ ) {
-  	($session, $error) = Net::SNMP->session(
-			-hostname  => $hostname,
-			-community => $community,
-			-port      => $port,
-			-version	=> $snmp_version,
-			-maxmsgsize => $maxmsgsize
-		);
-
-		if (!defined($session)) {
-			$state='UNKNOWN';
-			$answer=$error;
-			print ("$state: $answer\n");
-			exit $ERRORS{$state};
-		}
-	
-	}elsif ( $snmp_version =~ /3/ ) {
-
-		if ($seclevel eq 'noAuthNoPriv') {
-			($session, $error) = Net::SNMP->session(
-				-hostname  => $hostname,
-				-port      => $port,
-				-version  => $snmp_version,
-				-username => $secname,
-			);
-
-		}elsif ( $seclevel eq 'authNoPriv' ) {
-			($session, $error) = Net::SNMP->session(
-				-hostname  => $hostname,
-				-port      => $port,
-				-version  => $snmp_version,
-				-username => $secname,
-				$auth,
-				-authprotocol => $authproto,
-			);	
-		}elsif ($seclevel eq 'authPriv' ) {
-			($session, $error) = Net::SNMP->session(
-				-hostname  => $hostname,
-				-port      => $port,
-				-version  => $snmp_version,
-				-username => $secname,
-				$auth,
-				-authprotocol => $authproto,
-				$priv
-			);
-		}
-					
-					
-		if (!defined($session)) {
-					$state='UNKNOWN';
-					$answer=$error;
-					print ("$state: $answer\n");
-					exit $ERRORS{$state};
-		}
-
-	}else{
-		$state='UNKNOWN';
-		print ("$state: No support for SNMP v$snmp_version yet\n");
-		exit $ERRORS{$state};
-	}
-
 }
 ## End validation