centreon-plugins/database/mysql/mode/passwordexpiration.pm

#
# Copyright 2021 Centreon (http://www.centreon.com/)
#
# Centreon is a full-fledged industry-strength solution that meets
# the needs in IT infrastructure and application monitoring for
# service performance.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

package database::mysql::mode::passwordexpiration;

use base qw(centreon::plugins::templates::counter);

use strict;
use warnings;
use DateTime;
use centreon::plugins::misc;
use centreon::plugins::statefile;
use centreon::plugins::templates::catalog_functions qw(catalog_status_threshold_ng);

sub custom_status_output {
    my ($self, %options) = @_;
    
    return sprintf(
        "[user: %s] [password updated: %s] [expired: %s] expire in: %s",
        $self->{result_values}->{user},
        scalar(localtime($self->{result_values}->{password_last_changed})),
        $self->{result_values}->{expire} eq 'never' ? $self->{result_values}->{expire} : $self->{result_values}->{expire} . ' days',
        centreon::plugins::misc::change_seconds(value => $self->{result_values}->{expire_time})
    );
}

sub set_counters {
    my ($self, %options) = @_;

    $self->{maps_counters_type} = [
        { name => 'users', type => 2, format_output => '%s user(s) detected', display_counter_problem => { label => 'users', min => 0 },
          group => [ { name => 'user', skipped_code => { -11 => 1 } } ] 
        }
    ];

    $self->{maps_counters}->{user} = [
        { label => 'status', type => 2, critical_default => '%{expire} ne "never" and %{expire_time} == 0', set => {
                key_values => [
                    { name => 'user' }, { name => 'expire' },
                    { name => 'expire_time' }, { name => 'password_last_changed' }
                ],
                closure_custom_output => $self->can('custom_status_output'),
                closure_custom_perfdata => sub { return 0; },
                closure_custom_threshold_check => \&catalog_status_threshold_ng
            }
        }
    ];
}

sub new {
    my ($class, %options) = @_;
    my $self = $class->SUPER::new(package => __PACKAGE__, %options);
    bless $self, $class;
    
    $options{options}->add_options(arguments => {
    });

    return $self;
}

sub get_database_timezone {
    my ($self, %options) = @_;

    $options{sql}->query(
        query => q{SELECT @@GLOBAL.time_zone, @@system_time_zone}
    );
    my @row = $options{sql}->fetchrow_array();
    my $timezone = $row[0]; 
    if ($row[0] eq 'SYSTEM') {
        $timezone = $row[1];
    }
    return $timezone;
}

sub get_expire_time {
    my ($self, %options) = @_;

    my $current_time = time();
    my $dt = DateTime->from_epoch(epoch => $options{epoch}, time_zone => $options{timezone});
    $dt->add(days => $options{days});
    my $expire_in = $dt->epoch() - time();
    $expire_in = 0 if ($expire_in < 0);
    return $expire_in;
}

sub get_password_mariadb {
    my ($self, %options) = @_;

    my $timezone = $self->get_database_timezone(sql => $options{sql});
    $options{sql}->query(
        query => q{show variables like 'default_password_lifetime'}
    );
    my ($name, $default_password_lifetime) = $options{sql}->fetchrow_array();

    my $query = q{
        SELECT Host, User,
            JSON_EXTRACT(Priv, '$.password_last_changed') as password_last_changed,
            JSON_EXTRACT(Priv, '$.password_lifetime') as password_lifetime 
        FROM mysql.global_priv
    };
    $options{sql}->query(query => $query);
    my $i = 1;
    while ((my @row = $options{sql}->fetchrow_array())) {
        my $expire = 'never';
        if ((!defined($row[3]) || $row[3] == -1) && $default_password_lifetime > 0) {
            $expire = $default_password_lifetime;
        } elsif (defined($row[3]) && $row[3] > 0) {
            $expire = $row[3];
        }
        my $expire_time = 0;
        if ($expire ne 'never') {
            $expire_time = $self->get_expire_time(
                epoch => $row[2],
                days => $expire,
                timezone => $timezone
            );
        }
        $self->{users}->{global}->{user}->{$i} = {
            user => $row[0] . '@' . $row[1],
            password_last_changed => $row[2],
            expire => $expire,
            expire_time => $expire_time
        };
        $i++;
    }
}

sub get_password_mysql {
    my ($self, %options) = @_;

    my $timezone = $self->get_database_timezone(sql => $options{sql});
    $options{sql}->query(
        query => q{show variables like 'default_password_lifetime'}
    );
    my ($name, $default_password_lifetime) = $options{sql}->fetchrow_array();

    my $query = q{
        SELECT User, Host, UNIX_TIMESTAMP(password_last_changed), password_lifetime
        FROM mysql.user 
    };
    $options{sql}->query(query => $query);
    my $i = 1;
    while ((my @row = $options{sql}->fetchrow_array())) {
        my $expire = 'never';
        if (!defined($row[3]) && $default_password_lifetime > 0) {
            $expire = $default_password_lifetime;
        } elsif (defined($row[3]) && $row[3] > 0) {
            $expire = $row[3];
        }
        my $expire_time = 0;
        if ($expire ne 'never') {
            $expire_time = $self->get_expire_time(
                epoch => $row[2],
                days => $expire,
                timezone => $timezone
            );
        }
        $self->{users}->{global}->{user}->{$i} = {
            user => $row[0] . '@' . $row[1],
            password_last_changed => $row[2],
            expire => $expire,
            expire_time => $expire_time
        };
        $i++;
    }
}

sub manage_selection {
    my ($self, %options) = @_;

    $self->{users}->{global} = { user => {} };

    $options{sql}->connect();
    if ($options{sql}->is_mariadb() && $options{sql}->is_version_minimum(version => '10.4.3')) {
         $self->get_password_mariadb(sql => $options{sql});
    } elsif (!$options{sql}->is_mariadb() && $options{sql}->is_version_minimum(version => '5.7.4')) {
        $self->get_password_mysql(sql => $options{sql});
    } else {
        $self->{output}->add_option_msg(short_msg => 'unsupported password policy.');
        $self->{output}->option_exit();
    }
}

1;

__END__

=head1 MODE

Check user password expiration.

=over 8

=item B<--warning-status>

Set warning threshold for status.
Can used special variables like: %{user}, %{expire}, %{expire_time}

=item B<--critical-status>

Set critical threshold for status (Default: '%{expire} ne "never" and %{expire_time} == 0').
Can used special variables like: %{user}, %{expire}, %{expire_time}

=back

=cut