#!/bin/sh
#
# Univention Nagios Plugin
#  check_univention_ad_connector: check Active Directory connector status
#
# Copyright 2011-2021 Univention GmbH
#
# https://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <https://www.gnu.org/licenses/>.
#
#

PROGNAME=$(/usr/bin/basename $0)

STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2
STATE_UNKNOWN=3

print_usage() {
	echo
	echo "Usage: $PROGNAME [--help|-h] [<connectorName>]"
	echo
	echo "connectorName:"
	echo "    Name of the AD connector instance to be monitored, defaults to 'connector'."
	echo "    In the case of several running AD connector instances, this parameter can"
	echo "    be specified to monitor other instances than the default one."
	echo
	exit $STATE_OK
}

nagios_exit() {
	local state="$1"
	local msg="$2"

	case $state in
	0)
		echo "ADCONNECTOR OK: System operational.${MSG_CONNECTOR}"
		exit 0
		;;
	1)
		echo "ADCONNECTOR WARNING: $msg${MSG_CONNECTOR}"
		exit 1
		;;
	2)
		echo "ADCONNECTOR CRITICAL: $msg${MSG_CONNECTOR}"
		exit 2
		;;
	*)
		echo "ADCONNECTOR UNKNOWN: $msg${MSG_CONNECTOR}"
		exit 3
		;;
	esac
}

# parse help parameters
[ "$1" = -h -o "$1" = --help ] && print_usage

# check whether a different connector name is given
CONNECTOR="connector"
MSG_CONNECTOR=""
if [ "$#" -gt 0 -a -n "$1" ]; then
	CONNECTOR="$1"
	MSG_CONNECTOR=" [$1]"
fi

# check whether the AD connector is running; for this, get the exact command
# that was used to launch the process; remove multiple whitespaces and quotes
# in order to match the command via check_procs
/usr/lib/nagios/plugins/check_procs -w :1 -c 1: --ereg-argument-array "^([^ ]+)?python.*univention.connector.ad.main(.py)?\$" >/dev/null 2>&1
ret="$?"

# WARNING: if more then one instance of the same connector is running
# CRITICAL: if no process is running
case "$ret" in
	$STATE_OK)
		;;
	$STATE_WARNING)
		nagios_exit $ret "More than one AD connector instance are running!"
		;;
	$STATE_CRITICAL)
		nagios_exit $ret "AD connector is not running!"
		;;
	*)
		nagios_exit $ret "Unknown state!"
		;;
esac

# count rejects by parsing the output of univention-adconnector-list-rejected
# WARNING: if there are any rejects
nRejects=$(univention-adconnector-list-rejected -c "$CONNECTOR" | sed -rn '/^ *[1-9]+: *(AD|UCS) DN:/p' | wc -l)
[ "$nRejects" -gt 0 ] && nagios_exit $STATE_WARNING "There have been $nRejects reject(s)!"

# check whether we can connect to the AD
# CRITICAL: in case we cannot connect to the AD
univention-adsearch -c "$CONNECTOR" cn=users >/dev/null 2>&1
ret="$?"
[ "$ret" != 0 ] && nagios_exit $STATE_CRITICAL "Could not connect to AD server!"

# otherwise everything looks fine
nagios_exit $STATE_OK

