1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
|
package probes::LDAP;
=head1 NAME
probes::LDAP - a LDAP probe for SmokePing
=head1 OVERVIEW
Measures LDAP search latency for SmkoePing
=head1 SYNOPSYS
*** Probes ***
+ LDAP
passwordfile = /usr/share/smokeping/etc/password # optional
sleeptime = 0.5 # optional, 1 second by default
*** Targets ***
probe = LDAP
+ PROBE_CONF
port = 389 # optional
version = 3 # optional
start_tls = 1 # disabled by default
timeout = 60 # optional
base = dc=foo,dc=bar # optional
filter = uid=testuser # the actual search
attrs = uid,someotherattr
# if binddn isn't present, the LDAP bind is unauthenticated
binddn = uid=testuser,dc=foo,dc=bar
password = mypass # if not present in <passwordfile>
=head1 DESCRIPTION
This probe measures LDAP query latency for SmokePing.
The query is specified by the target-specific variable `filter' and,
optionally, by the target-specific variable `base'. The attributes
queried can be specified in the comma-separated list `attrs'.
The TCP port of the LDAP server and the LDAP version to be used can
be specified by the variables `port' and `version'.
The probe can issue the starttls command to convert the connection
into encrypted mode, if so instructed by the `start_tls' variable.
It can also optionally do an authenticated LDAP bind, if the `binddn'
variable is present. The password to be used can be specified by the
target-specific variable `password' or in an external file.
The location of this file is given in the probe-specific variable
`passwordfile'. See probes::passwordchecker(3pm) for the format
of this file (summary: colon-separated triplets of the form
`<host>:<bind-dn>:<password>')
The probe tries to be nice to the server and sleeps for the probe-specific
variable `sleeptime' (one second by default) between each authentication
request.
=head1 AUTHOR
Niko Tyni E<lt>ntyni@iki.fiE<gt>
=head1 BUGS
There should be a way of specifying TLS options, such as the certificates
involved etc.
The probe has an ugly way of working around the fact that the
IO::Socket::SSL class complains if start_tls() is done more than once
in the same program. But It Works For Me (tm).
=cut
use strict;
use probes::passwordchecker;
use Net::LDAP;
use Time::HiRes qw(gettimeofday sleep);
use base qw(probes::passwordchecker);
use IO::Socket::SSL;
sub ProbeDesc {
return "LDAP queries";
}
sub new {
my $proto = shift;
my $class = ref($proto) || $proto;
my $self = $class->SUPER::new(@_);
my $sleeptime = $self->{properties}{sleeptime};
$sleeptime = 1 unless defined $sleeptime;
$self->sleeptime($sleeptime);
return $self;
}
sub sleeptime {
my $self = shift;
my $newval = shift;
$self->{sleeptime} = $newval if defined $newval;
return $self->{sleeptime};
}
sub pingone {
my $self = shift;
my $target = shift;
my $host = $target->{addr};
my $vars = $target->{vars};
my $version = $vars->{version} || 3;
my $port = $vars->{port};
my $binddn = $vars->{binddn};
my $timeout = $vars->{timeout};
my $password = $vars->{password} || $self->password($host, $binddn) if defined $binddn;
my $start_tls = $vars->{start_tls};
my $filter = $vars->{filter};
my $base = $vars->{base};
my $attrs = $vars->{attrs};
my @attrs = split(/,/, $attrs);
my @times;
for (1..$self->pings($target)) {
local $IO::Socket::SSL::SSL_Context_obj; # ugly but necessary
sleep $self->sleeptime unless $_ == 1; # be nice
my $start = gettimeofday();
my $ldap = new Net::LDAP($host, port => $port, version => $version, timeout => $timeout)
or do {
$self->do_log("connection error on $host: $!");
next;
};
my $mesg;
if ($start_tls) {
$mesg = $ldap->start_tls;
$mesg->code and do {
$self->do_log("start_tls error on $host: " . $mesg->error);
$ldap->unbind;
next;
}
}
if (defined $binddn and defined $password) {
$mesg = $ldap->bind($binddn, password => $password);
} else {
if (defined $binddn and not defined $password) {
$self->do_debug("No password specified for $binddn, doing anonymous bind instead");
}
$mesg = $ldap->bind();
}
$mesg->code and do {
$self->do_log("bind error on $host: " . $mesg->error);
$ldap->unbind;
next;
};
$mesg = $ldap->search(base => $base, filter => $filter, attrs => [ @attrs ]);
$mesg->code and do {
$self->do_log("filter error on $host: " . $mesg->error);
$ldap->unbind;
next;
};
$ldap->unbind;
my $end = gettimeofday();
my $elapsed = $end - $start;
$self->do_debug("$host: LDAP query $_ took $elapsed seconds");
push @times, $elapsed;
}
return sort { $a <=> $b } @times;
}
1;
|
