#!/bin/sh

#####################################################
# Check Windows share access                        #
#                                                   #
# Steve Beauchemin - 06-06-2017                     #
#                                                   #
# This plugin check access to Windows share         #
# It's testing Authentication and Authorization too #
#                                                   #
# Authentication mean a bad usr/pwd config          #
# Authorization mean a denied access on the share   #
#                                                   #
#                                                   #
# Verified with SMBClient 4.4.4                     #
#####################################################


#!/bin/bash
# uncomment below for debug
#set -x
REVISION=1.2
PROGNAME=`/bin/basename $0`
PROGPATH=`echo $0 | /bin/sed -e 's,[\\/][^\\/][^\\/]*$,,'`

ACCESS_DENIED='NT_STATUS_ACCESS_DENIED'
LOGON_DENIED='NT_STATUS_LOGON_FAILURE'
BAD_NETWORK_NAME='NT_STATUS_BAD_NETWORK_NAME'

logon_state=0
acces_state=0

. $PROGPATH/utils.sh

usage () {
    echo "\
Nagios plugin to check Windows share

Usage:
  $PROGNAME -H <host> -U USERNAME -P PASSWORD -D DOMAIN/WORKGROP -S SHARE -M PROTOCOL
"
}

help () {
  print_revision $PROGNAME $REVISION
  echo ""
  usage
  echo "-H ADDRESS"
  echo "   Name or IP address of host"
  echo "-U USERNAME"
  echo "   User with permission to the share"
  echo "-P PASSWORD"
  echo "   User password"
  echo "-D Domain or Workgroup"
  echo "   Name of the Domain or Workgroup needed to authenticate"
  echo "-S SHARE"
  echo "   The file share name on the host"
  echo "-M PROTOCOL"
  echo "   The SMB protocol to use SMB1 SMB2 SMB3 (Default: SMB3)"
  echo "-h"
  echo "   Print this help screen"
  echo "-V"
  echo "   Print version and license information"
  echo ""
  support
}

if [ $# -lt 1 ] || [ $# -gt 12 ]; then
    usage
    exit $STATE_UNKNOWN
fi

while test -n "$1"; do
    case "$1" in
   --help | -h)
       help
       exit $STATE_OK;;
   --version | -V)
       print_revision $PROGNAME $REVISION
       exit $STATE_OK;;
   -H)
       shift
       host=$1;;
   -U)
       shift
       usr=$1;;
   -P)
      shift
      pass=$1;;
   -D)
      shift
      domain=$1;;
   -S)
       shift
       share=$1;;
   -M)
       shift
       prot="${1:-SMB3}"
       ;;
   *)
       usage; exit $STATE_UNKNOWN;;
    esac
    shift
done

protocol="${prot:-SMB3}"

stdout=$(smbclient //$host/$share -U "$usr"%"$pass" -W $domain -m $protocol -c dir 2>&1)


logon_state=$(echo $stdout | grep $LOGON_DENIED | wc -l)
acces_state=$(echo $stdout | grep $ACCESS_DENIED | wc -l)
share_exists=$(echo $stdout | grep $BAD_NETWORK_NAME | wc -l)
share_state=$(echo "$stdout" | wc -l)

if [ $logon_state -eq 1 ]; then
    echo "CRITICAL Authentication problem : Check USER/PWD config"
    exit $STATE_CRITICAL
fi

if [ $acces_state -eq 1 ]; then
    echo "CRITICAL Authorization problem : Access denied"
    exit $STATE_CRITICAL
fi

if [ $share_exists -eq 1 ]; then	
	echo "CRITICAL: Share $share not avalible."
	exit $STATE_CRITICAL
fi

if [[ $acces_state -eq 0 && $logon_state -eq 0 && $share_state -gt 3 ]]; then
    echo "OK Share : $share"
    exit $STATE_OK
fi

echo "Unknown state : $share"
exit $STATE_UNKNOWN