* Added check_krb5 plugin

diff --git a/Makefile b/Makefile
index 346b3edb97b172e587defc03fd983fa2ca5e7792..5239f17bccc55b5d1ada3e03835a0aca6c263cfe 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -17,6 +17,7 @@ install:
        $(INSTALL) -m 0755 $(PLUGINDIR)/check_md_raid $(DSTPLUGINDIR)
        $(INSTALL) -m 0755 $(PLUGINDIR)/check_ldaps_ip $(DSTPLUGINDIR)
        $(INSTALL) -m 0755 $(PLUGINDIR)/check_networkclients $(DSTPLUGINDIR)
+       $(INSTALL) -m 0755 $(PLUGINDIR)/check_krb5 $(DSTPLUGINDIR)
 
 clean:
        $(RM) plugins/check_ldaps_ip

diff --git a/debian/changelog b/debian/changelog
index 6ba7bc0aa51741fe368a6bdaea1b1e07614b1702..4a1039742c6461fae344852212d8cad643495029 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+nagios-plugins-local (0.7) unstable; urgency=low
+
+  * Added check_krb5 plugin 
+
+ -- Michael Howe <michael@michaelhowe.org>  Sat, 20 Oct 2012 22:04:39 +0100
+
 nagios-plugins-local (0.6) unstable; urgency=low
 
   * Added check_networkclients plugin 

diff --git a/debian/control b/debian/control
index 82ca05bb4c026d8e8f8cbc841e335fd80771387a..6c98a12c44b66729ef84b23202517c0c1ab87371 100644 (file)
--- a/debian/control
+++ b/debian/control
@@ -8,6 +8,6 @@ Homepage:
 
 Package: nagios-plugins-local
 Architecture: amd64
-Depends: ${misc:Depends}, perl, python, libc6, gnutls-bin, libnet-telnet-perl, libnagios-plugin-perl, libregexp-common-perl
+Depends: ${misc:Depends}, perl, python, libc6, gnutls-bin, libnet-telnet-perl, libnagios-plugin-perl, libregexp-common-perl, libauthen-krb5-perl
 Description: Local nagios plugins
  Nagios plugins customized for use on michaelhowe.org hosts.

diff --git a/plugins/check_krb5 b/plugins/check_krb5
new file mode 100755 (executable)
index 0000000..e20d150
--- /dev/null
+++ b/plugins/check_krb5
@@ -0,0 +1,134 @@
+#!/usr/bin/perl
+use strict;
+use warnings;
+
+# Plugin downloaded/adapted from http://exchange.nagios.org/directory/Plugins/Security/check_krb5/details
+
+use Authen::Krb5;
+use Getopt::Long;
+use File::Temp qw/mkstemp/;
+use lib "/usr/lib/nagios/plugins" ;
+use utils qw($TIMEOUT %ERRORS &print_revision &support &usage);
+use vars qw($PROGNAME);
+use vars qw($opt_P $opt_V $opt_h $opt_H $opt_k $opt_p $opt_r $verbose);
+
+$PROGNAME = 'check_krb5';
+
+sub print_help () {
+    print_revision($PROGNAME,'$Revision: 1.0 $');
+    print "Copyright (c) 2005 Jonathan Chen\n";
+    print "\n";
+    print "Perl Check Kerberos 5 plugin for Nagios\n";
+    print "\n";
+    print_usage();
+    print "\n";
+    print "-H, --hostname=HOST\n";
+    print "\tName or IP address of host to check\n";
+    print "-d, --realm=NAME\n";
+    print "\tKerberos realm to authenticate to\n";
+    print "-p, --principal=NAME\n";
+    print "\tName of principal to try authentication as\n";
+    print "-k, --keytab=file\n";
+    print "\tPath to keytab file containing key to principal\n";
+    print "-P, --port=INTEGER\n";
+    print "\tPort the kdc runs on\n";
+    print "-v, --verbose\n";
+    print "\tPrint extra debugging information\n";
+    
+}
+
+sub print_usage () {                                                                                                                
+    print "Usage: $PROGNAME -H <host> -d <realm> -p <principal> -k <keytab_file> [-p <port>]\n";
+}
+
+sub dieunknown ($) {
+    my ($msg) = @_;
+    print "KRB5 UNKNOWN: Unknown Error - $msg\n";
+    exit $ERRORS{"UNKNOWN"};
+}
+
+Getopt::Long::Configure('bundling');
+GetOptions (
+    "v"   => \$verbose, "verbose"  => \$verbose,
+    "P=s" => \$opt_P, "port=s"     => \$opt_P,
+    "V"   => \$opt_V, "version"    => \$opt_V,
+    "h"   => \$opt_h, "help"       => \$opt_h,
+    "k=s" => \$opt_k, "keytab=s"   => \$opt_k,
+    "p=s" => \$opt_p, "principal=s"=> \$opt_p,
+    "r=s" => \$opt_r, "realm=s"    => \$opt_r,
+    "H=s" => \$opt_H, "hostname=s" => \$opt_H
+);
+
+if ($opt_V) {
+    print_revision($PROGNAME,'$Revision: 1.0 $');
+    exit $ERRORS{'OK'};
+}
+if ($opt_h) {print_help(); exit $ERRORS{'OK'};}
+
+($opt_H) || ($opt_H = shift) || usage("Host name not specified\n");
+my $host = $1 if ($opt_H =~ /^([-_.A-Za-z0-9]+\$?)$/);
+($host) || usage("Invalid host: $opt_H\n");
+
+($opt_r) || ($opt_r = shift) || usage("Realm not specified\n");
+my $realm = $1 if ($opt_r =~ /^([-_.A-Za-z0-9]+\$?)$/);
+($realm) || usage("Invalid realm: $opt_r\n");
+
+($opt_p) || ($opt_p = shift) || usage("Principal not specified\n");
+my $princ= $1 if ($opt_p =~ /^([^\@]+)$/);
+($princ) || usage("Invalid principal: $opt_p\n");
+
+($opt_k) || ($opt_k = shift) || usage("Keytab file not specified\n");
+my $keytab = $1 if ($opt_k =~ /^(\/.*)$/);
+($keytab) || usage("Invalid keytab: $opt_k\n");
+
+($opt_P) || ($opt_P = shift) || ($opt_P = 88);
+my $port = $1 if ($opt_P =~ /^([0-9]+)$/);
+($port) || usage("Invalid port: $opt_P\n");
+
+
+my ($fh,$template) = mkstemp('/tmp/krb5.conf.XXXXXX');
+if (!defined($fh)) {
+    print "KRB5 UNKNOWN: Unknown error - unable to create temp config file\n";
+    exit $ERRORS{"UNKNOWN"};
+}
+#$template = "/tmp/" . $template;
+
+print $fh "[libdefaults]\n";
+print $fh "default_realm = $realm\n";
+print $fh "[realms]\n";
+print $fh "$realm = {\n";
+print $fh "kdc = ${host}:${port}\n";
+print $fh "}\n";
+close $fh;
+$ENV{'KRB5_CONFIG'} = $template;
+
+Authen::Krb5::init_context() || dieunknown("Cannot initialize Kerberos context");
+Authen::Krb5::init_ets();
+
+my $cc = Authen::Krb5::cc_resolve("MEMORY:check_krb5");
+($cc) || dieunknown("Cannot resolve MEMORY CC");
+my $princo = Authen::Krb5::parse_name($princ);
+($princo) || dieunknown("Cannot resolve principal $princ");
+my $servo = Authen::Krb5::parse_name("krbtgt/" . $realm);
+($servo) || dieunknown("Cannot resolve principal krbtgt/$realm");
+my $kto = Authen::Krb5::kt_resolve($keytab);
+($servo) || dieunknown("Cannot resolve keytab file $keytab");
+$cc->initialize($princo);
+my $ret = Authen::Krb5::get_in_tkt_with_keytab($princo,$servo,$kto,$cc);
+
+($verbose) && print "ret: $ret\n";
+($verbose) && print "err: " . Authen::Krb5::error() . "\n";
+
+my $ecode;
+
+if (defined($ret) && $ret == 1) {
+    print "KRB5 OK\n";
+    $ecode = $ERRORS{"OK"};
+} else {
+    print "KRB5 CRITICAL: " . Authen::Krb5::error() . "\n";
+    $ecode = $ERRORS{"CRITICAL"};
+}
+
+$cc->destroy;
+unlink($template);
+exit $ecode;