From 41ef6173363e95e01e1dba8b130695e51e826a86 Mon Sep 17 00:00:00 2001 From: Quentin Garnier Date: Thu, 4 Sep 2014 17:01:28 +0200 Subject: [PATCH] Fix #5796 New ldap protocol plugin --- apps/protocols/ldap/lib/ldap.pm | 147 ++++++++++++++++++++ apps/protocols/ldap/mode/login.pm | 178 ++++++++++++++++++++++++ apps/protocols/ldap/mode/search.pm | 209 +++++++++++++++++++++++++++++ apps/protocols/ldap/plugin.pm | 64 +++++++++ apps/protocols/smtp/mode/login.pm | 2 +- apps/protocols/smtp/plugin.pm | 2 +- 6 files changed, 600 insertions(+), 2 deletions(-) create mode 100644 apps/protocols/ldap/lib/ldap.pm create mode 100644 apps/protocols/ldap/mode/login.pm create mode 100644 apps/protocols/ldap/mode/search.pm create mode 100644 apps/protocols/ldap/plugin.pm diff --git a/apps/protocols/ldap/lib/ldap.pm b/apps/protocols/ldap/lib/ldap.pm new file mode 100644 index 000000000..5c4117719 --- /dev/null +++ b/apps/protocols/ldap/lib/ldap.pm @@ -0,0 +1,147 @@ +############################################################################### +# Copyright 2005-2014 MERETHIS +# Centreon is developped by : Julien Mathis and Romain Le Merlus under +# GPL Licence 2.0. +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation ; either version 2 of the License. +# +# This program is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, see . +# +# Linking this program statically or dynamically with other modules is making a +# combined work based on this program. Thus, the terms and conditions of the GNU +# General Public License cover the whole combination. +# +# As a special exception, the copyright holders of this program give MERETHIS +# permission to link this program with independent modules to produce an timeelapsedutable, +# regardless of the license terms of these independent modules, and to copy and +# distribute the resulting timeelapsedutable under terms of MERETHIS choice, provided that +# MERETHIS also meet, for each linked independent module, the terms and conditions +# of the license of that module. An independent module is a module which is not +# derived from this program. If you modify this program, you may extend this +# exception to your version of the program, but you are not obliged to do so. If you +# do not wish to do so, delete this exception statement from your version. +# +# For more information : contact@centreon.com +# Author : Simon BOMM +# +#################################################################################### + +package apps::protocols::ldap::lib::ldap; + +use strict; +use warnings; +use Net::LDAP; + +my $ldap_handle; +my $connected = 0; + +sub quit { + if ($connected == 1) { + $ldap_handle->unbind; + } +} + +sub search { + my ($self, %options) = @_; + my %ldap_search_options = (); + + $ldap_search_options{base} = $self->{option_results}->{search_base}; + $ldap_search_options{filter} = $self->{option_results}->{search_filter}; + my $attrs; + foreach my $option (@{$self->{option_results}->{ldap_search_options}}) { + next if ($option !~ /^(.+?)=(.+)$/); + if ($1 =~ /attrs/) { + $attrs = [] if (!defined($attrs)); + push @$attrs, $2; + } else { + $ldap_search_options{$1} = $2; + } + } + $ldap_search_options{attrs} = $attrs if (defined($attrs)); + my $search_result = $ldap_handle->search(%ldap_search_options); + if ($search_result->code) { + $self->{output}->output_add(severity => 'UNKNOWN', + short_msg => 'Search operation error: ' . $search_result->error); + $self->{output}->display(); + $self->{output}->exit(); + } + + return $search_result; +} + +sub connect { + my ($self, %options) = @_; + my %ldap_connect_options = (); + my %ldap_bind_options = (); + + if (defined($self->{option_results}->{username}) && $self->{option_results}->{username} ne '' && + !defined($self->{option_results}->{password})) { + $self->{output}->add_option_msg(short_msg => "Please set --password option."); + $self->{output}->option_exit(); + } + + my $connection_exit = defined($options{connection_exit}) ? $options{connection_exit} : 'unknown'; + $ldap_connect_options{timeout} = $self->{option_results}->{timeout} if (defined($self->{option_results}->{timeout})); + foreach my $option (@{$self->{option_results}->{ldap_connect_options}}) { + next if ($option !~ /^(.+?)=(.+)$/); + $ldap_connect_options{$1} = $2; + } + + $ldap_handle = Net::LDAP->new($self->{option_results}->{hostname}, %ldap_connect_options); + + if (!defined($ldap_handle)) { + $self->{output}->output_add(severity => $connection_exit, + short_msg => 'Unable to connect to LDAP: ' . $@); + $self->{output}->display(); + $self->{output}->exit(); + } + + # TLS Process + if (defined($self->{option_results}->{use_tls})) { + my %ldap_starttls_options = (); + + foreach my $option (@{$self->{option_results}->{ldap_starttls_options}}) { + next if ($option !~ /^(.+?)=(.+)$/); + $ldap_starttls_options{$1} = $2; + } + + my $tls_result = $ldap_handle->start_tls(%ldap_starttls_options); + if ($tls_result->code) { + $self->{output}->output_add(severity => $connection_exit, + short_msg => 'Start TLS operation error: ' . $tls_result->error); + $self->{output}->display(); + $self->{output}->exit(); + } + } + + # Bind process + my $username; + if (defined($self->{option_results}->{username}) && $self->{option_results}->{username} ne '') { + $ldap_bind_options{password} = $self->{option_results}->{password}; + $username = $self->{option_results}->{username}; + } + + foreach my $option (@{$self->{option_results}->{ldap_bind_options}}) { + next if ($option !~ /^(.+?)=(.+)$/); + $ldap_bind_options{$1} = $2; + } + + my $bind_result = $ldap_handle->bind($username, %ldap_bind_options); + if ($bind_result->code) { + $self->{output}->output_add(severity => $connection_exit, + short_msg => 'Bind operation error: ' . $bind_result->error); + $self->{output}->display(); + $self->{output}->exit(); + } + + $connected = 1; +} + +1; diff --git a/apps/protocols/ldap/mode/login.pm b/apps/protocols/ldap/mode/login.pm new file mode 100644 index 000000000..4c5e0bbac --- /dev/null +++ b/apps/protocols/ldap/mode/login.pm @@ -0,0 +1,178 @@ +############################################################################### +# Copyright 2005-2014 MERETHIS +# Centreon is developped by : Julien Mathis and Romain Le Merlus under +# GPL Licence 2.0. +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation ; either version 2 of the License. +# +# This program is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, see . +# +# Linking this program statically or dynamically with other modules is making a +# combined work based on this program. Thus, the terms and conditions of the GNU +# General Public License cover the whole combination. +# +# As a special exception, the copyright holders of this program give MERETHIS +# permission to link this program with independent modules to produce an timeelapsedutable, +# regardless of the license terms of these independent modules, and to copy and +# distribute the resulting timeelapsedutable under terms of MERETHIS choice, provided that +# MERETHIS also meet, for each linked independent module, the terms and conditions +# of the license of that module. An independent module is a module which is not +# derived from this program. If you modify this program, you may extend this +# exception to your version of the program, but you are not obliged to do so. If you +# do not wish to do so, delete this exception statement from your version. +# +# For more information : contact@centreon.com +# Author : Quentin Garnier +# +#################################################################################### + +package apps::protocols::ldap::mode::login; + +use base qw(centreon::plugins::mode); + +use strict; +use warnings; +use Time::HiRes qw(gettimeofday tv_interval); +use apps::protocols::ldap::lib::ldap; + +sub new { + my ($class, %options) = @_; + my $self = $class->SUPER::new(package => __PACKAGE__, %options); + bless $self, $class; + + $self->{version} = '1.0'; + $options{options}->add_options(arguments => + { + "hostname:s" => { name => 'hostname' }, + "ldap-connect-options:s@" => { name => 'ldap_connect_options' }, + "ldap-starttls-options:s@" => { name => 'ldap_starttls_options' }, + "ldap-bind-options:s@" => { name => 'ldap_bind_options' }, + "tls" => { name => 'use_tls' }, + "username:s" => { name => 'username' }, + "password:s" => { name => 'password' }, + "warning:s" => { name => 'warning' }, + "critical:s" => { name => 'critical' }, + "timeout:s" => { name => 'timeout', default => '30' }, + }); + return $self; +} + +sub check_options { + my ($self, %options) = @_; + $self->SUPER::init(%options); + + if (($self->{perfdata}->threshold_validate(label => 'warning', value => $self->{option_results}->{warning})) == 0) { + $self->{output}->add_option_msg(short_msg => "Wrong warning threshold '" . $self->{option_results}->{warning} . "'."); + $self->{output}->option_exit(); + } + if (($self->{perfdata}->threshold_validate(label => 'critical', value => $self->{option_results}->{critical})) == 0) { + $self->{output}->add_option_msg(short_msg => "Wrong critical threshold '" . $self->{option_results}->{critical} . "'."); + $self->{output}->option_exit(); + } + + if (!defined($self->{option_results}->{hostname})) { + $self->{output}->add_option_msg(short_msg => "Please set the hostname option"); + $self->{output}->option_exit(); + } +} + +sub run { + my ($self, %options) = @_; + + my $timing0 = [gettimeofday]; + + apps::protocols::ldap::lib::ldap::connect($self, connection_exit => 'critical'); + apps::protocols::ldap::lib::ldap::quit(); + + my $timeelapsed = tv_interval ($timing0, [gettimeofday]); + + my $exit = $self->{perfdata}->threshold_check(value => $timeelapsed, + threshold => [ { label => 'critical', 'exit_litteral' => 'critical' }, { label => 'warning', exit_litteral => 'warning' } ]); + $self->{output}->output_add(severity => $exit, + short_msg => sprintf("Response time %.3f second(s)", $timeelapsed)); + $self->{output}->perfdata_add(label => "time", unit => 's', + value => sprintf('%.3f', $timeelapsed), + warning => $self->{perfdata}->get_perfdata_for_output(label => 'warning'), + critical => $self->{perfdata}->get_perfdata_for_output(label => 'critical')); + + $self->{output}->display(); + $self->{output}->exit(); +} + +1; + +__END__ + +=head1 MODE + +Check Connection (also login) to an LDAP Server. +LDAP Control are not still managed. + +=over 8 + +=item B<--hostname> + +IP Addr/FQDN of the ldap host + +=item B<--ldap-connect-options> + +Add custom ldap connect options: + +=over 16 + +=item B + +--ldap-connect-options='scheme=ldaps' + +=item B + +--ldap-connect-options='version=2' + +=back + +=item B<--ldap-starttls-options> + +Add custom start tls options (need --tls option): + +=over 16 + +=item B + +--ldap-starttls-options='verify=none' + +=back + +=item B<--ldap-bind-options> + +Add custom bind options (can force noauth) (not really useful now). + +=item B<--username> + +Specify username for authentification (can be a DN) + +=item B<--password> + +Specify password for authentification + +=item B<--timeout> + +Connection timeout in seconds (Default: 30) + +=item B<--warning> + +Threshold warning in seconds + +=item B<--critical> + +Threshold critical in seconds + +=back + +=cut diff --git a/apps/protocols/ldap/mode/search.pm b/apps/protocols/ldap/mode/search.pm new file mode 100644 index 000000000..c16be025c --- /dev/null +++ b/apps/protocols/ldap/mode/search.pm @@ -0,0 +1,209 @@ +############################################################################### +# Copyright 2005-2014 MERETHIS +# Centreon is developped by : Julien Mathis and Romain Le Merlus under +# GPL Licence 2.0. +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation ; either version 2 of the License. +# +# This program is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, see . +# +# Linking this program statically or dynamically with other modules is making a +# combined work based on this program. Thus, the terms and conditions of the GNU +# General Public License cover the whole combination. +# +# As a special exception, the copyright holders of this program give MERETHIS +# permission to link this program with independent modules to produce an timeelapsedutable, +# regardless of the license terms of these independent modules, and to copy and +# distribute the resulting timeelapsedutable under terms of MERETHIS choice, provided that +# MERETHIS also meet, for each linked independent module, the terms and conditions +# of the license of that module. An independent module is a module which is not +# derived from this program. If you modify this program, you may extend this +# exception to your version of the program, but you are not obliged to do so. If you +# do not wish to do so, delete this exception statement from your version. +# +# For more information : contact@centreon.com +# Author : Quentin Garnier +# +#################################################################################### + +package apps::protocols::ldap::mode::search; + +use base qw(centreon::plugins::mode); + +use strict; +use warnings; +use Time::HiRes qw(gettimeofday tv_interval); +use apps::protocols::ldap::lib::ldap; + +sub new { + my ($class, %options) = @_; + my $self = $class->SUPER::new(package => __PACKAGE__, %options); + bless $self, $class; + + $self->{version} = '1.0'; + $options{options}->add_options(arguments => + { + "hostname:s" => { name => 'hostname' }, + "search-base:s" => { name => 'search_base' }, + "search-filter:s" => { name => 'search_filter' }, + "ldap-connect-options:s@" => { name => 'ldap_connect_options' }, + "ldap-starttls-options:s@" => { name => 'ldap_starttls_options' }, + "ldap-bind-options:s@" => { name => 'ldap_bind_options' }, + "ldap-search-options:s@" => { name => 'ldap_search_options' }, + "tls" => { name => 'use_tls' }, + "username:s" => { name => 'username' }, + "password:s" => { name => 'password' }, + "warning:s" => { name => 'warning' }, + "critical:s" => { name => 'critical' }, + "timeout:s" => { name => 'timeout', default => '30' }, + }); + return $self; +} + +sub check_options { + my ($self, %options) = @_; + $self->SUPER::init(%options); + + if (($self->{perfdata}->threshold_validate(label => 'warning', value => $self->{option_results}->{warning})) == 0) { + $self->{output}->add_option_msg(short_msg => "Wrong warning threshold '" . $self->{option_results}->{warning} . "'."); + $self->{output}->option_exit(); + } + if (($self->{perfdata}->threshold_validate(label => 'critical', value => $self->{option_results}->{critical})) == 0) { + $self->{output}->add_option_msg(short_msg => "Wrong critical threshold '" . $self->{option_results}->{critical} . "'."); + $self->{output}->option_exit(); + } + + if (!defined($self->{option_results}->{hostname})) { + $self->{output}->add_option_msg(short_msg => "Please set the hostname option"); + $self->{output}->option_exit(); + } + if (!defined($self->{option_results}->{search_base})) { + $self->{output}->add_option_msg(short_msg => "Please set the search-base option"); + $self->{output}->option_exit(); + } + if (!defined($self->{option_results}->{search_filter})) { + $self->{output}->add_option_msg(short_msg => "Please set the search-filter option"); + $self->{output}->option_exit(); + } +} + +sub run { + my ($self, %options) = @_; + + my $timing0 = [gettimeofday]; + + apps::protocols::ldap::lib::ldap::connect($self); + my $search_result = apps::protocols::ldap::lib::ldap::search($self); + apps::protocols::ldap::lib::ldap::quit(); + + my $timeelapsed = tv_interval ($timing0, [gettimeofday]); + + my $num_entries = scalar($search_result->entries); + my $exit = $self->{perfdata}->threshold_check(value => $num_entries, + threshold => [ { label => 'critical', 'exit_litteral' => 'critical' }, { label => 'warning', exit_litteral => 'warning' } ]); + $self->{output}->output_add(severity => $exit, + short_msg => sprintf("Number of results returned: %s", $num_entries)); + + $self->{output}->perfdata_add(label => "time", unit => 's', + value => sprintf('%.3f', $timeelapsed), + warning => $self->{perfdata}->get_perfdata_for_output(label => 'warning'), + critical => $self->{perfdata}->get_perfdata_for_output(label => 'critical')); + + $self->{output}->display(); + $self->{output}->exit(); +} + +1; + +__END__ + +=head1 MODE + +Check search results (by default it uses the scope 'sub'). +LDAP Control are not still managed. +Example: +centreon_plugins.pl --plugin=apps::protocols::ldap::plugin --mode=search --hostname='xxx.xxx.xxx.xxx' +--username='cn=Manager,dc=merethis,dc=com' --password='secret' --search-base='dc=merethis,dc=com' --search-filter='(objectclass=organizationalunit)' + +=over 8 + +=item B<--hostname> + +IP Addr/FQDN of the ldap host (required). + +=item B<--search-base> + +Set the DN that is the base object entry relative to which the +search is to be performed (required). + +=item B<--search-filter> + +Set filter that defines the conditions an entry in the directory +must meet in order for it to be returned by the search (required). + +=item B<--ldap-connect-options> + +Add custom ldap connect options: + +=over 16 + +=item B + +--ldap-connect-options='scheme=ldaps' + +=item B + +--ldap-connect-options='version=2' + +=back + +=item B<--ldap-starttls-options> + +Add custom start tls options (need --tls option): + +=over 16 + +=item B + +--ldap-starttls-options='verify=none' + +=back + +=item B<--ldap-bind-options> + +Add custom bind options (can force noauth) (not really useful now). + +=item B<--ldap-search-options> + +Add custom search options (can change the scope for example). + +=item B<--username> + +Specify username for authentification (can be a DN) + +=item B<--password> + +Specify password for authentification + +=item B<--timeout> + +Connection timeout in seconds (Default: 30) + +=item B<--warning> + +Threshold warning (number of results) + +=item B<--critical> + +Threshold critical (number of results) + +=back + +=cut diff --git a/apps/protocols/ldap/plugin.pm b/apps/protocols/ldap/plugin.pm new file mode 100644 index 000000000..5ff9cd8db --- /dev/null +++ b/apps/protocols/ldap/plugin.pm @@ -0,0 +1,64 @@ +################################################################################ +# Copyright 2005-2014 MERETHIS +# Centreon is developped by : Julien Mathis and Romain Le Merlus under +# GPL Licence 2.0. +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free Software +# Foundation ; either version 2 of the License. +# +# This program is distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, see . +# +# Linking this program statically or dynamically with other modules is making a +# combined work based on this program. Thus, the terms and conditions of the GNU +# General Public License cover the whole combination. +# +# As a special exception, the copyright holders of this program give MERETHIS +# permission to link this program with independent modules to produce an executable, +# regardless of the license terms of these independent modules, and to copy and +# distribute the resulting executable under terms of MERETHIS choice, provided that +# MERETHIS also meet, for each linked independent module, the terms and conditions +# of the license of that module. An independent module is a module which is not +# derived from this program. If you modify this program, you may extend this +# exception to your version of the program, but you are not obliged to do so. If you +# do not wish to do so, delete this exception statement from your version. +# +# For more information : contact@centreon.com +# Authors : Quentin Garnier +# +#################################################################################### + +package apps::protocols::ldap::plugin; + +use strict; +use warnings; +use base qw(centreon::plugins::script_simple); + +sub new { + my ($class, %options) = @_; + my $self = $class->SUPER::new(package => __PACKAGE__, %options); + bless $self, $class; + # $options->{options} = options object + + $self->{version} = '0.1'; + %{$self->{modes}} = ( + 'login' => 'apps::protocols::ldap::mode::login', + 'search' => 'apps::protocols::ldap::mode::search', + ); + return $self; +} + +1; + +__END__ + +=head1 PLUGIN DESCRIPTION + +Check a LDAP server. + +=cut diff --git a/apps/protocols/smtp/mode/login.pm b/apps/protocols/smtp/mode/login.pm index 07dc276d1..10bc9b17f 100644 --- a/apps/protocols/smtp/mode/login.pm +++ b/apps/protocols/smtp/mode/login.pm @@ -116,7 +116,7 @@ Check Connection (also login) to an SMTP Server. =item B<--hostname> -IP Addr/FQDN of the ftp host +IP Addr/FQDN of the smtp host =item B<--port> diff --git a/apps/protocols/smtp/plugin.pm b/apps/protocols/smtp/plugin.pm index 400802796..8519add04 100644 --- a/apps/protocols/smtp/plugin.pm +++ b/apps/protocols/smtp/plugin.pm @@ -59,6 +59,6 @@ __END__ =head1 PLUGIN DESCRIPTION -Check an SMTP server. +Check a SMTP server. =cut