#!/usr/bin/perl

our $VERSION = "0.0.0";
$VERSION = eval $VERSION;

use Modern::Perl;
use Getopt::Long 2.39;
use File::Basename qw(basename);
use Net::SNMP      qw(:snmp);

# application context
my $app = { };

# RADIUS Authentication Server oids (see https://tools.ietf.org/html/rfc2619)
$app->{snmp}{oid}{radiusAuthServTotalAccessRequests}   = "1.3.6.1.2.1.67.1.1.1.1.5";
$app->{snmp}{oid}{radiusAuthServTotalAccessAccepts}    = "1.3.6.1.2.1.67.1.1.1.1.8";
$app->{snmp}{oid}{radiusAuthServTotalAccessRejects}    = "1.3.6.1.2.1.67.1.1.1.1.9";
$app->{snmp}{oid}{radiusAuthServTotalAccessChallenges} = "1.3.6.1.2.1.67.1.1.1.1.10";
$app->{snmp}{oid}{radiusAuthServTotalPacketsDropped}   = "1.3.6.1.2.1.67.1.1.1.1.13";

# anonymous pod2usage sub
my $pod2usage = sub {
    require Pod::Usage;
	Pod::Usage::pod2usage(@_);
};

BEGIN {
    # set alarm to kill script if it takes too long to finish
    $SIG{ALRM} = sub { die "" };
    alarm 60;
}

END {
    say "ERROR: " . $app->{error} if $app->{error};

    # cancel alarm
    alarm 0;
}


### Main Processing Section ###

MAIN:
{
    # parse command line
    parse_cmdline(@ARGV);

    # check query
	my $query = $app->{query} = shift @{$app->{args}};
    $pod2usage->( -message => "Missing query!\n"        ) unless $query;
    $pod2usage->( -message => "Unknown query: $query\n" ) unless $query eq "authentication";

    # check snmp options
    $pod2usage->( -message => "Missing SNMP version!\n"     ) unless $app->{opts}{'snmp-version'};
    $pod2usage->( -message => "Unsupported SNMP version!\n" ) unless $app->{opts}{'snmp-version'} eq "1" or $app->{opts}{'snmp-version'} eq "2";
    $pod2usage->( -message => "Missing SNMP community!\n"   ) unless $app->{opts}{'snmp-community'};

    # check servers
    $pod2usage->( -message => "Missing radius servers(s)!\n" ) if scalar @{$app->{args}} == 0;

    # iterate given servers
    foreach my $server (@{$app->{args}}) {

        # open snmp session
        open_snmp_session($server, $app->{opts}{'snmp-version'}, $app->{opts}{'snmp-community'});

        if ($query eq "authentication") {
            # get authentication statistics
            my $stats = get_authentication_statistics($server);

            $app->{results}->{totalAccessRequests}   += $stats->{totalAccessRequests};
            $app->{results}->{totalAccessAccepts}    += $stats->{totalAccessAccepts};
            $app->{results}->{totalAccessRejects}    += $stats->{totalAccessRejects};
            $app->{results}->{totalAccessChallenges} += $stats->{totalAccessChallenges};
            $app->{results}->{totalPacketsDropped}   += $stats->{totalPacketsDropped};
        }

        # close snmp session
        close_snmp_session();
    }

    # print cacti string
    print hash2cacti($app->{results})
}


### Subroutines ###

sub parse_cmdline {
    my @argv = @_;

    # option parser
    my $parser = Getopt::Long::Parser->new;
    $parser->configure('no_ignore_case');

    # option specifications
    my %opts;
    my @specs = (
        "debug",                    # optional,  debug
        "help|h",                   # optional,  help info
        "manual|m",                 # optional,  complete manual
        "version|V",                # optional,  version info
        "snmp-version|v=s",         # mandatory, snmp version
        "snmp-community|c=s",       # mandatory, snmp community string
    );
	
    # parse options
    $pod2usage->(
        -verbose => 0,
        -exitval => 2,
        -message => " ",
    ) unless $parser->getoptionsfromarray(\@argv, \%opts, @specs);

    print_version() if $opts{version};
    print_manual()  if $opts{manual};
    print_help()    if $opts{help};

    # store args and opts in context
    $app->{args} = \@argv;
    $app->{opts} = \%opts;

    return 1;
};

sub open_snmp_session {
    my ($host, $version, $community) = @_;
    debug("Opening SNMP session to host $host");

    ($app->{snmp}{session}, $app->{error}) = Net::SNMP->session(
        -hostname  => $host,
        -version   => $version,
        -community => $community,
    );

    exit(1) unless ($app->{snmp}{session});
}

sub close_snmp_session {
    debug("Closing SNMP session");

    $app->{snmp}{session}->close;
}

sub get_authentication_statistics {
    my $server = shift;
    debug("Retreiving session summary for server $server");

    my $snmp = $app->{snmp};
    my $snmp_data = $snmp->{session}->get_request(
        -varbindlist => [
            $snmp->{oid}{radiusAuthServTotalAccessRequests},
            $snmp->{oid}{radiusAuthServTotalAccessAccepts},
            $snmp->{oid}{radiusAuthServTotalAccessRejects},
            $snmp->{oid}{radiusAuthServTotalAccessChallenges},
            $snmp->{oid}{radiusAuthServTotalPacketsDropped},
        ]
    );

    if (not defined $snmp_data) {
        $app->{error} = $snmp->{session}->error();
        exit(1);
    }

    return {
        totalAccessRequests   => $snmp_data->{$snmp->{oid}{radiusAuthServTotalAccessRequests}},
        totalAccessAccepts    => $snmp_data->{$snmp->{oid}{radiusAuthServTotalAccessAccepts}},
        totalAccessRejects    => $snmp_data->{$snmp->{oid}{radiusAuthServTotalAccessRejects}},
        totalAccessChallenges => $snmp_data->{$snmp->{oid}{radiusAuthServTotalAccessChallenges}},
        totalPacketsDropped   => $snmp_data->{$snmp->{oid}{radiusAuthServTotalPacketsDropped}},
    };
}

sub hash2cacti {
    my $href = shift;
    my $result;

    $result = join(" ", map { "$_:$href->{$_}" } sort keys %$href);
	$result = "CACTI | $result\n" if $app->{opts}{debug};

    return $result;
}

sub print_version {
    say STDERR basename($0) . " v" . main->VERSION();
    exit(0);
}

sub print_manual {
    alarm 0;
    $pod2usage->(
        -verbose => 2,
        -exitval => 1,
    );
};

sub print_help {
    $pod2usage->(
        -verbose => 0,
        -exitval => 1,
    );
};

sub debug {
    my $string = shift;
    say "DEBUG | $string" if $app->{opts}{debug};
}

__END__


=head1 NAME

radius2cacti - Query Radius server statistics for Cacti

=head1 SYNOPSIS

B<radius2cacti> {snmp options} [query] <server{:port}> [<server{:port}>]... [options]

=over 2

=item SNMP Options:

  -v, --snmp-version { 1 | 2 }        SNMP version
  -c, --snmp-community <community>    SNMP community

=item Query:

  authentication                      Authentication statistics

=item Options:

  -h --help       Help info
  -m --manual     Manpages
  -V --version    Version info
  -d --debug      Debugging

=back

See `radius2cacti --manual` for the full documentation.

=head1 DESCRIPTION

This program queries one or more radius instances for authentication statistics. The output is formatted to use with Cacti.

=head1 ARGUMENTS

=over 4

=item B<server{:port}>

Server address and optional port of radius SNMP agent. Port defaults to 161.

=back

=head1 SNMP OPTIONS

=over 4

=item B<-v,  --snmp-version>

Specifies SNMP version

=item B<-c,  --snmp-community>

Specifies SNMP community

=back

=head1 QUERY

=over 4

=item B<authentication>

Returns authentication statistics for the given radius instance(s)

=back

=head1 OPTIONS

=over 4

=item B<-h, --help>

Displays a brief summary of cisco2cacti's options.

=item B<-m, --manual>

Displays cisco2cacti's full documentation.

=item B<-V, --version>

Display the version of cisco2cacti.

=item B<-d, --debug>

Displays debug information.

=back

=head1 EXAMPLES

radius2cacti -v 2 -c public authentication radius1.localdomain

cisco2cacti authentication radius1:9941 radius1:9942 -v 2 -c public 

=head1 AUTHOR

Jurgen van den Hurk, E<lt>jvdhurk@tilburguniversity.eduE<gt>

=head1 LICENSE AND COPYRIGHT

Copyright 2017 Tilburg University. All rights reserved.

This program is free software; you may redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.

=cut