Imported Upstream version 1.4.10

2013-11-26 23:54:42 +01:00 · 2013-11-26 23:54:42 +01:00 · cff68b4c0a
commit cff68b4c0a
parent 6dd54dd8e2
203 changed files with 15026 additions and 8063 deletions
--- a/plugins/check_ldap.c
+++ b/plugins/check_ldap.c
@ -5,7 +5,7 @@
 * License: GPL
 * Copyright (c) 2000-2006 nagios-plugins team
 *
-* Last Modified: $Date: 2007/01/28 21:46:40 $
+* Last Modified: $Date: 2007-07-07 23:20:40 +0100 (Sat, 07 Jul 2007) $
 *
 * Description:
 *
@ -27,13 +27,13 @@
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

- $Id: check_ldap.c,v 1.35 2007/01/28 21:46:40 hweiss Exp $
+ $Id: check_ldap.c 1753 2007-07-07 22:20:40Z psychotrahe $
 
 ******************************************************************************/

 /* progname may be check_ldaps */
 char *progname = "check_ldap";
-const char *revision = "$Revision: 1.35 $";
+const char *revision = "$Revision: 1753 $";
 const char *copyright = "2000-2006";
 const char *email = "nagiosplug-devel@lists.sourceforge.net";

@ -70,6 +70,9 @@ int ld_protocol = DEFAULT_PROTOCOL;
 double warn_time = UNDEFINED;
 double crit_time = UNDEFINED;
 struct timeval tv;
+int starttls = FALSE;
+int ssl_on_connect = FALSE;
+int verbose = 0;

 /* for ldap tls */

@ -104,6 +107,9 @@ main (int argc, char *argv[])
 	if (process_arguments (argc, argv) == ERROR)
 		usage4 (_("Could not parse arguments"));

+	if (strstr(argv[0],"check_ldaps") && ! starttls && ! ssl_on_connect)
+		starttls = TRUE;
+
 	/* initialize alarm signal handling */
 	signal (SIGALRM, socket_timeout_alarm_handler);

@ -121,7 +127,8 @@ main (int argc, char *argv[])
 	}
 #else	
 	if (!(ld = ldap_open (ld_host, ld_port))) {
-		/*ldap_perror(ld, "ldap_open"); */
+		if (verbose)
+			ldap_perror(ld, "ldap_open");
 		printf (_("Could not connect to the server at port %i\n"), ld_port);
 		return STATE_CRITICAL;
 	}
@ -136,54 +143,54 @@ main (int argc, char *argv[])
 	}
 #endif

-	if (strstr(argv[0],"check_ldaps")) {
-	/* with TLS */
-		if ( ld_port == LDAPS_PORT ) {
- 			asprintf (&SERVICE, "LDAPS");
+	if (ld_port == LDAPS_PORT || ssl_on_connect) {
+		asprintf (&SERVICE, "LDAPS");
 #if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS)
- 			/* ldaps: set option tls */
- 			tls = LDAP_OPT_X_TLS_HARD;
-			
- 			if (ldap_set_option (ld, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS)
- 			{
- 				/*ldap_perror(ld, "ldaps_option"); */
- 				printf (_("Could not init TLS at port %i!\n"), ld_port);
-				return STATE_CRITICAL;
-   		}
-#else
-			printf (_("TLS not supported by the libraries!\n"), ld_port);
+		/* ldaps: set option tls */
+		tls = LDAP_OPT_X_TLS_HARD;
+		
+		if (ldap_set_option (ld, LDAP_OPT_X_TLS, &tls) != LDAP_SUCCESS)
+		{
+			if (verbose)
+				ldap_perror(ld, "ldaps_option");
+			printf (_("Could not init TLS at port %i!\n"), ld_port);
 			return STATE_CRITICAL;
-#endif /* LDAP_OPT_X_TLS */
-		} else {
-			asprintf (&SERVICE, "LDAP-TLS");
-#if defined(HAVE_LDAP_SET_OPTION) && defined(HAVE_LDAP_START_TLS_S)
-			/* ldap with startTLS: set option version */
-			if (ldap_get_option(ld,LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS )
-			{
-				if (version < LDAP_VERSION3)
-				{
-					version = LDAP_VERSION3;
-					ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
-				}
-			}
-			/* call start_tls */
-			if (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS)
-			{
-				/*ldap_perror(ld, "ldap_start_tls"); */
-				printf (_("Could not init startTLS at port %i!\n"), ld_port);
-				return STATE_CRITICAL;
-			}
-#else
-			printf (_("startTLS not supported by the library, needs LDAPv3!\n"));
-			return STATE_CRITICAL;
-#endif /* HAVE_LDAP_START_TLS_S */
 		}
+#else
+		printf (_("TLS not supported by the libraries!\n"));
+		return STATE_CRITICAL;
+#endif /* LDAP_OPT_X_TLS */
+	} else if (starttls) {
+		asprintf (&SERVICE, "LDAP-TLS");
+#if defined(HAVE_LDAP_SET_OPTION) && defined(HAVE_LDAP_START_TLS_S)
+		/* ldap with startTLS: set option version */
+		if (ldap_get_option(ld,LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS )
+		{
+			if (version < LDAP_VERSION3)
+			{
+				version = LDAP_VERSION3;
+				ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
+			}
+		}
+		/* call start_tls */
+		if (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS)
+		{
+			if (verbose) 
+				ldap_perror(ld, "ldap_start_tls");
+			printf (_("Could not init startTLS at port %i!\n"), ld_port);
+			return STATE_CRITICAL;
+		}
+#else
+		printf (_("startTLS not supported by the library, needs LDAPv3!\n"));
+		return STATE_CRITICAL;
+#endif /* HAVE_LDAP_START_TLS_S */
 	}
 	
 	/* bind to the ldap server */
 	if (ldap_bind_s (ld, ld_binddn, ld_passwd, LDAP_AUTH_SIMPLE) !=
 			LDAP_SUCCESS) {
-		/*ldap_perror(ld, "ldap_bind"); */
+		if (verbose)
+			ldap_perror(ld, "ldap_bind");
 		printf (_("Could not bind to the ldap-server\n"));
 		return STATE_CRITICAL;
 	}
@ -191,7 +198,8 @@ main (int argc, char *argv[])
 	/* do a search of all objectclasses in the base dn */
 	if (ldap_search_s (ld, ld_base, LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result)
 			!= LDAP_SUCCESS) {
-		/*ldap_perror(ld, "ldap_search"); */
+		if (verbose)
+			ldap_perror(ld, "ldap_search");
 		printf (_("Could not search/find objectclasses in %s\n"), ld_base);
 		return STATE_CRITICAL;
 	}
@ -247,11 +255,14 @@ process_arguments (int argc, char **argv)
 		{"ver2", no_argument, 0, '2'},
 		{"ver3", no_argument, 0, '3'},
 #endif
+		{"starttls", no_argument, 0, 'T'},
+		{"ssl", no_argument, 0, 'S'},
 		{"use-ipv4", no_argument, 0, '4'},
 		{"use-ipv6", no_argument, 0, '6'},
 		{"port", required_argument, 0, 'p'},
 		{"warn", required_argument, 0, 'w'},
 		{"crit", required_argument, 0, 'c'},
+		{"verbose", no_argument, 0, 'v'},
 		{0, 0, 0, 0}
 	};

@ -264,7 +275,7 @@ process_arguments (int argc, char **argv)
 	}

 	while (1) {
-		c = getopt_long (argc, argv, "hV2346t:c:w:H:b:p:a:D:P:", longopts, &option);
+		c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:", longopts, &option);

 		if (c == -1 || c == EOF)
 			break;
@ -317,6 +328,22 @@ process_arguments (int argc, char **argv)
 		case '4':
 			address_family = AF_INET;
 			break;
+		case 'v':
+			verbose++;
+			break;
+		case 'T':
+			if (! ssl_on_connect)
+				starttls = TRUE;
+			else
+				usage_va(_("%s cannot be combined with %s"), "-T/--starttls", "-S/--ssl");
+			break;
+		case 'S':
+			if (! starttls) {
+				ssl_on_connect = TRUE;
+				ld_port = LDAPS_PORT;
+			} else
+				usage_va(_("%s cannot be combined with %s"), "-S/--ssl", "-T/--starttls");
+			break;
 		case '6':
 #ifdef USE_IPV6
 			address_family = AF_INET6;
@ -382,13 +409,17 @@ print_help (void)
  printf ("    %s\n", _("ldap bind DN (if required)"));
  printf (" %s\n", "-P [--pass]");
  printf ("    %s\n", _("ldap password (if required)"));
+  printf (" %s\n", "-T [--starttls]");
+  printf ("    %s\n", _("use starttls mechanism introduced in protocol version 3"));
+  printf (" %s\n", "-S [--ssl]");
+  printf ("    %s\n", _("use ldaps (ldap v2 ssl method). this also sets the default port to %s"), LDAPS_PORT);

 #ifdef HAVE_LDAP_SET_OPTION
 	printf (" %s\n", "-2 [--ver2]");
  printf ("    %s\n", _("use ldap protocol version 2"));
  printf (" %s\n", "-3 [--ver3]");
  printf ("    %s\n", _("use ldap protocol version 3"));
-  printf ("(default protocol version: %d)", DEFAULT_PROTOCOL);
+  printf ("    (default protocol version: %d)\n", DEFAULT_PROTOCOL);
 #endif

 	printf (_(UT_WARN_CRIT));
@ -397,6 +428,13 @@ print_help (void)

 	printf (_(UT_VERBOSE));

+	printf ("\n%s\n", _("Note:"));
+	printf ("%s\n", _("If this plugin is called via 'check_ldaps', method 'STARTTLS' will be"));
+	printf (_("implied (using default port %i) unless --port=636 is specified. In that case %s"), DEFAULT_PORT, "\n");
+	printf ("%s\n", _("'SSL on connect' will be used no matter how the plugin was called."));
+	printf ("%s\n", _("This detection is deprecated, please use 'check_ldap' with the '--starttls' or '--ssl' flags"));
+	printf ("%s\n", _("to define the behaviour explicitly instead."));
+
 	printf (_(UT_SUPPORT));
 }