summaryrefslogtreecommitdiffstats
path: root/plugins/check_smtp.c
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/check_smtp.c')
-rw-r--r--plugins/check_smtp.c1450
1 files changed, 796 insertions, 654 deletions
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index e6369e63..e1f2842e 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -1,263 +1,316 @@
1/***************************************************************************** 1/*****************************************************************************
2* 2 *
3* Monitoring check_smtp plugin 3 * Monitoring check_smtp plugin
4* 4 *
5* License: GPL 5 * License: GPL
6* Copyright (c) 2000-2024 Monitoring Plugins Development Team 6 * Copyright (c) 2000-2024 Monitoring Plugins Development Team
7* 7 *
8* Description: 8 * Description:
9* 9 *
10* This file contains the check_smtp plugin 10 * This file contains the check_smtp plugin
11* 11 *
12* This plugin will attempt to open an SMTP connection with the host. 12 * This plugin will attempt to open an SMTP connection with the host.
13* 13 *
14* 14 *
15* This program is free software: you can redistribute it and/or modify 15 * This program is free software: you can redistribute it and/or modify
16* it under the terms of the GNU General Public License as published by 16 * it under the terms of the GNU General Public License as published by
17* the Free Software Foundation, either version 3 of the License, or 17 * the Free Software Foundation, either version 3 of the License, or
18* (at your option) any later version. 18 * (at your option) any later version.
19* 19 *
20* This program is distributed in the hope that it will be useful, 20 * This program is distributed in the hope that it will be useful,
21* but WITHOUT ANY WARRANTY; without even the implied warranty of 21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23* GNU General Public License for more details. 23 * GNU General Public License for more details.
24* 24 *
25* You should have received a copy of the GNU General Public License 25 * You should have received a copy of the GNU General Public License
26* along with this program. If not, see <http://www.gnu.org/licenses/>. 26 * along with this program. If not, see <http://www.gnu.org/licenses/>.
27* 27 *
28* 28 *
29*****************************************************************************/ 29 *****************************************************************************/
30
31const char *progname = "check_smtp";
32const char *copyright = "2000-2024";
33const char *email = "devel@monitoring-plugins.org";
34 30
35#include "common.h" 31#include "common.h"
36#include "netutils.h" 32#include "netutils.h"
33#include "output.h"
34#include "perfdata.h"
35#include "thresholds.h"
37#include "utils.h" 36#include "utils.h"
38#include "base64.h" 37#include "base64.h"
38#include "regex.h"
39 39
40#include <ctype.h> 40#include <ctype.h>
41#include <string.h>
42#include "check_smtp.d/config.h"
43#include "../lib/states.h"
44
45const char *progname = "check_smtp";
46const char *copyright = "2000-2024";
47const char *email = "devel@monitoring-plugins.org";
48
49#define PROXY_PREFIX "PROXY TCP4 0.0.0.0 0.0.0.0 25 25\r\n"
50#define SMTP_HELO "HELO "
51#define SMTP_EHLO "EHLO "
52#define SMTP_LHLO "LHLO "
53#define SMTP_QUIT "QUIT\r\n"
54#define SMTP_STARTTLS "STARTTLS\r\n"
55#define SMTP_AUTH_LOGIN "AUTH LOGIN\r\n"
56
57#define EHLO_SUPPORTS_STARTTLS 1
58
59typedef struct {
60 int errorcode;
61 check_smtp_config config;
62} check_smtp_config_wrapper;
63static check_smtp_config_wrapper process_arguments(int /*argc*/, char ** /*argv*/);
41 64
65int my_recv(check_smtp_config config, void *buf, int num, int socket_descriptor,
66 bool ssl_established) {
42#ifdef HAVE_SSL 67#ifdef HAVE_SSL
43static bool check_cert = false; 68 if ((config.use_starttls || config.use_ssl) && ssl_established) {
44static int days_till_exp_warn, days_till_exp_crit; 69 return np_net_ssl_read(buf, num);
45# define my_recv(buf, len) (((use_starttls || use_ssl) && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) 70 }
46# define my_send(buf, len) (((use_starttls || use_ssl) && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0)) 71 return (int)read(socket_descriptor, buf, (size_t)num);
47#else /* ifndef HAVE_SSL */ 72#else /* ifndef HAVE_SSL */
48# define my_recv(buf, len) read(sd, buf, len) 73 return read(socket_descriptor, buf, len)
49# define my_send(buf, len) send(sd, buf, len, 0)
50#endif 74#endif
75}
51 76
52enum { 77int my_send(check_smtp_config config, void *buf, int num, int socket_descriptor,
53 SMTP_PORT = 25, 78 bool ssl_established) {
54 SMTPS_PORT = 465 79#ifdef HAVE_SSL
55}; 80 if ((config.use_starttls || config.use_ssl) && ssl_established) {
56#define PROXY_PREFIX "PROXY TCP4 0.0.0.0 0.0.0.0 25 25\r\n"
57#define SMTP_EXPECT "220"
58#define SMTP_HELO "HELO "
59#define SMTP_EHLO "EHLO "
60#define SMTP_LHLO "LHLO "
61#define SMTP_QUIT "QUIT\r\n"
62#define SMTP_STARTTLS "STARTTLS\r\n"
63#define SMTP_AUTH_LOGIN "AUTH LOGIN\r\n"
64 81
65#define EHLO_SUPPORTS_STARTTLS 1 82 return np_net_ssl_write(buf, num);
83 }
84 return (int)send(socket_descriptor, buf, (size_t)num, 0);
85#else /* ifndef HAVE_SSL */
86 return send(socket_descriptor, buf, len, 0);
87#endif
88}
66 89
67static int process_arguments (int, char **); 90static void print_help(void);
68static int validate_arguments (void); 91void print_usage(void);
69static void print_help (void); 92static char *smtp_quit(check_smtp_config /*config*/, char /*buffer*/[MAX_INPUT_BUFFER],
70void print_usage (void); 93 int /*socket_descriptor*/, bool /*ssl_established*/);
71static void smtp_quit(void); 94static int recvline(char * /*buf*/, size_t /*bufsize*/, check_smtp_config /*config*/,
72static int recvline(char *, size_t); 95 int /*socket_descriptor*/, bool /*ssl_established*/);
73static int recvlines(char *, size_t); 96static int recvlines(check_smtp_config /*config*/, char * /*buf*/, size_t /*bufsize*/,
74static int my_close(void); 97 int /*socket_descriptor*/, bool /*ssl_established*/);
98static int my_close(int /*socket_descriptor*/);
75 99
76#include "regex.h"
77static regex_t preg;
78static regmatch_t pmatch[10];
79static char errbuf[MAX_INPUT_BUFFER];
80static int cflags = REG_EXTENDED | REG_NOSUB | REG_NEWLINE;
81static int eflags = 0;
82static int errcode, excode;
83
84static int server_port = SMTP_PORT;
85static int server_port_option = 0;
86static char *server_address = NULL;
87static char *server_expect = NULL;
88static char *mail_command = NULL;
89static char *from_arg = NULL;
90static int send_mail_from=0;
91static int ncommands=0;
92static int command_size=0;
93static int nresponses=0;
94static int response_size=0;
95static char **commands = NULL;
96static char **responses = NULL;
97static char *authtype = NULL;
98static char *authuser = NULL;
99static char *authpass = NULL;
100static double warning_time = 0;
101static bool check_warning_time = false;
102static double critical_time = 0;
103static bool check_critical_time = false;
104static int verbose = 0; 100static int verbose = 0;
105static bool use_ssl = false;
106static bool use_starttls = false;
107static bool use_sni = false;
108static bool use_proxy_prefix = false;
109static bool use_ehlo = false;
110static bool use_lhlo = false;
111static bool ssl_established = false;
112static char *localhostname = NULL;
113static int sd;
114static char buffer[MAX_INPUT_BUFFER];
115enum {
116 TCP_PROTOCOL = 1,
117 UDP_PROTOCOL = 2,
118};
119static bool ignore_send_quit_failure = false;
120
121
122int
123main (int argc, char **argv)
124{
125 bool supports_tls = false;
126 int n = 0;
127 double elapsed_time;
128 long microsec;
129 int result = STATE_UNKNOWN;
130 char *cmd_str = NULL;
131 char *helocmd = NULL;
132 char *error_msg = "";
133 char *server_response = NULL;
134 struct timeval tv;
135 101
136 /* Catch pipe errors in read/write - sometimes occurs when writing QUIT */ 102int main(int argc, char **argv) {
137 (void) signal (SIGPIPE, SIG_IGN); 103#ifdef __OpenBSD__
104 /* - rpath is required to read --extra-opts (given up later)
105 * - inet is required for sockets
106 * - unix is required for Unix domain sockets
107 * - dns is required for name lookups */
108 pledge("stdio rpath inet unix dns", NULL);
109#endif // __OpenBSD__
138 110
139 setlocale (LC_ALL, ""); 111 setlocale(LC_ALL, "");
140 bindtextdomain (PACKAGE, LOCALEDIR); 112 bindtextdomain(PACKAGE, LOCALEDIR);
141 textdomain (PACKAGE); 113 textdomain(PACKAGE);
142 114
143 /* Parse extra opts if any */ 115 /* Parse extra opts if any */
144 argv=np_extra_opts (&argc, argv, progname); 116 argv = np_extra_opts(&argc, argv, progname);
117
118 check_smtp_config_wrapper tmp_config = process_arguments(argc, argv);
119
120 if (tmp_config.errorcode == ERROR) {
121 usage4(_("Could not parse arguments"));
122 }
123
124#ifdef __OpenBSD__
125 pledge("stdio inet unix dns", NULL);
126#endif // __OpenBSD__
145 127
146 if (process_arguments (argc, argv) == ERROR) 128 const check_smtp_config config = tmp_config.config;
147 usage4 (_("Could not parse arguments")); 129
130 if (config.output_format_is_set) {
131 mp_set_format(config.output_format);
132 }
148 133
149 /* If localhostname not set on command line, use gethostname to set */ 134 /* If localhostname not set on command line, use gethostname to set */
150 if(! localhostname){ 135 char *localhostname = config.localhostname;
151 localhostname = malloc (HOST_MAX_BYTES); 136 if (!localhostname) {
152 if(!localhostname){ 137 localhostname = malloc(HOST_MAX_BYTES);
138 if (!localhostname) {
153 printf(_("malloc() failed!\n")); 139 printf(_("malloc() failed!\n"));
154 return STATE_CRITICAL; 140 exit(STATE_CRITICAL);
155 } 141 }
156 if(gethostname(localhostname, HOST_MAX_BYTES)){ 142 if (gethostname(localhostname, HOST_MAX_BYTES)) {
157 printf(_("gethostname() failed!\n")); 143 printf(_("gethostname() failed!\n"));
158 return STATE_CRITICAL; 144 exit(STATE_CRITICAL);
159 } 145 }
160 } 146 }
161 if(use_lhlo)
162 xasprintf (&helocmd, "%s%s%s", SMTP_LHLO, localhostname, "\r\n");
163 else if(use_ehlo)
164 xasprintf (&helocmd, "%s%s%s", SMTP_EHLO, localhostname, "\r\n");
165 else
166 xasprintf (&helocmd, "%s%s%s", SMTP_HELO, localhostname, "\r\n");
167 147
168 if (verbose) 148 char *helocmd = NULL;
149 if (config.use_lhlo) {
150 xasprintf(&helocmd, "%s%s%s", SMTP_LHLO, localhostname, "\r\n");
151 } else if (config.use_ehlo) {
152 xasprintf(&helocmd, "%s%s%s", SMTP_EHLO, localhostname, "\r\n");
153 } else {
154 xasprintf(&helocmd, "%s%s%s", SMTP_HELO, localhostname, "\r\n");
155 }
156
157 if (verbose) {
169 printf("HELOCMD: %s", helocmd); 158 printf("HELOCMD: %s", helocmd);
159 }
170 160
161 char *mail_command = strdup("MAIL ");
162 char *cmd_str = NULL;
171 /* initialize the MAIL command with optional FROM command */ 163 /* initialize the MAIL command with optional FROM command */
172 xasprintf (&cmd_str, "%sFROM:<%s>%s", mail_command, from_arg, "\r\n"); 164 xasprintf(&cmd_str, "%sFROM:<%s>%s", mail_command, config.from_arg, "\r\n");
173 165
174 if (verbose && send_mail_from) 166 if (verbose && config.send_mail_from) {
175 printf ("FROM CMD: %s", cmd_str); 167 printf("FROM CMD: %s", cmd_str);
168 }
169
170 /* Catch pipe errors in read/write - sometimes occurs when writing QUIT */
171 (void)signal(SIGPIPE, SIG_IGN);
176 172
177 /* initialize alarm signal handling */ 173 /* initialize alarm signal handling */
178 (void) signal (SIGALRM, socket_timeout_alarm_handler); 174 (void)signal(SIGALRM, socket_timeout_alarm_handler);
179 175
180 /* set socket timeout */ 176 /* set socket timeout */
181 (void) alarm (socket_timeout); 177 (void)alarm(socket_timeout);
182 178
179 struct timeval start_time;
183 /* start timer */ 180 /* start timer */
184 gettimeofday (&tv, NULL); 181 gettimeofday(&start_time, NULL);
182
183 int socket_descriptor = 0;
185 184
186 /* try to connect to the host at the given port number */ 185 /* try to connect to the host at the given port number */
187 result = my_tcp_connect (server_address, server_port, &sd); 186 mp_state_enum tcp_result =
188 187 my_tcp_connect(config.server_address, config.server_port, &socket_descriptor);
189 if (result == STATE_OK) { /* we connected */ 188
190 /* If requested, send PROXY header */ 189 mp_check overall = mp_check_init();
191 if (use_proxy_prefix) { 190
192 if (verbose) 191 mp_set_ok_summary(&overall, "SMTP connection check is OK");
193 printf ("Sending header %s\n", PROXY_PREFIX); 192
194 my_send(PROXY_PREFIX, strlen(PROXY_PREFIX)); 193 mp_subcheck sc_tcp_connect = mp_subcheck_init();
194 char buffer[MAX_INPUT_BUFFER];
195 bool ssl_established = false;
196
197 if (tcp_result != STATE_OK) {
198 // Connect failed
199 sc_tcp_connect = mp_set_subcheck_state(sc_tcp_connect, STATE_CRITICAL);
200 xasprintf(&sc_tcp_connect.output, "TCP connect to '%s' failed", config.server_address);
201 mp_add_subcheck_to_check(&overall, sc_tcp_connect);
202 mp_exit(overall);
203 }
204
205 /* we connected */
206 /* If requested, send PROXY header */
207 if (config.use_proxy_prefix) {
208 if (verbose) {
209 printf("Sending header %s\n", PROXY_PREFIX);
195 } 210 }
211 my_send(config, PROXY_PREFIX, strlen(PROXY_PREFIX), socket_descriptor, ssl_established);
212 }
196 213
197#ifdef HAVE_SSL 214#ifdef HAVE_SSL
198 if (use_ssl) { 215 if (config.use_ssl) {
199 result = np_net_ssl_init_with_hostname(sd, (use_sni ? server_address : NULL)); 216 int tls_result = np_net_ssl_init_with_hostname(
200 if (result != STATE_OK) { 217 socket_descriptor, (config.use_sni ? config.server_address : NULL));
201 printf (_("CRITICAL - Cannot create SSL context.\n")); 218
202 close(sd); 219 mp_subcheck sc_tls_connection = mp_subcheck_init();
203 np_net_ssl_cleanup(); 220
204 return STATE_CRITICAL; 221 if (tls_result != STATE_OK) {
205 } else { 222 close(socket_descriptor);
206 ssl_established = 1; 223 np_net_ssl_cleanup();
207 } 224
225 sc_tls_connection = mp_set_subcheck_state(sc_tls_connection, STATE_CRITICAL);
226 xasprintf(&sc_tls_connection.output, "cannot create TLS context");
227 mp_add_subcheck_to_check(&overall, sc_tls_connection);
228 mp_exit(overall);
208 } 229 }
230
231 sc_tls_connection = mp_set_subcheck_state(sc_tls_connection, STATE_OK);
232 xasprintf(&sc_tls_connection.output, "TLS context established");
233 mp_add_subcheck_to_check(&overall, sc_tls_connection);
234 ssl_established = true;
235 }
209#endif 236#endif
210 237
211 /* watch for the SMTP connection string and */ 238 /* watch for the SMTP connection string and */
212 /* return a WARNING status if we couldn't read any data */ 239 /* return a WARNING status if we couldn't read any data */
213 if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) { 240 if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) <= 0) {
214 printf (_("recv() failed\n")); 241 mp_subcheck sc_read_data = mp_subcheck_init();
215 return STATE_WARNING; 242 sc_read_data = mp_set_subcheck_state(sc_read_data, STATE_WARNING);
243 xasprintf(&sc_read_data.output, "recv() failed");
244 mp_add_subcheck_to_check(&overall, sc_read_data);
245 mp_exit(overall);
246 }
247
248 char *server_response = NULL;
249 /* save connect return (220 hostname ..) for later use */
250 xasprintf(&server_response, "%s", buffer);
251
252 /* send the HELO/EHLO command */
253 my_send(config, helocmd, (int)strlen(helocmd), socket_descriptor, ssl_established);
254
255 /* allow for response to helo command to reach us */
256 if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) <= 0) {
257 mp_subcheck sc_read_data = mp_subcheck_init();
258 sc_read_data = mp_set_subcheck_state(sc_read_data, STATE_WARNING);
259 xasprintf(&sc_read_data.output, "recv() failed");
260 mp_add_subcheck_to_check(&overall, sc_read_data);
261 mp_exit(overall);
262 }
263
264 bool supports_tls = false;
265 if (config.use_ehlo || config.use_lhlo) {
266 if (strstr(buffer, "250 STARTTLS") != NULL || strstr(buffer, "250-STARTTLS") != NULL) {
267 supports_tls = true;
216 } 268 }
269 }
217 270
218 /* save connect return (220 hostname ..) for later use */ 271 if (config.use_starttls && !supports_tls) {
219 xasprintf(&server_response, "%s", buffer); 272 smtp_quit(config, buffer, socket_descriptor, ssl_established);
220 273
221 /* send the HELO/EHLO command */ 274 mp_subcheck sc_read_data = mp_subcheck_init();
222 my_send(helocmd, strlen(helocmd)); 275 sc_read_data = mp_set_subcheck_state(sc_read_data, STATE_WARNING);
276 xasprintf(&sc_read_data.output, "StartTLS not supported by server");
277 mp_add_subcheck_to_check(&overall, sc_read_data);
278 mp_exit(overall);
279 }
223 280
224 /* allow for response to helo command to reach us */ 281#ifdef HAVE_SSL
225 if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) { 282 if (config.use_starttls) {
226 printf (_("recv() failed\n")); 283 /* send the STARTTLS command */
227 return STATE_WARNING; 284 send(socket_descriptor, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0);
228 } else if(use_ehlo || use_lhlo){ 285
229 if(strstr(buffer, "250 STARTTLS") != NULL || 286 mp_subcheck sc_starttls_init = mp_subcheck_init();
230 strstr(buffer, "250-STARTTLS") != NULL){ 287 recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor,
231 supports_tls=true; 288 ssl_established); /* wait for it */
232 } 289 if (!strstr(buffer, SMTP_EXPECT)) {
290 smtp_quit(config, buffer, socket_descriptor, ssl_established);
291
292 xasprintf(&sc_starttls_init.output, "StartTLS not supported by server");
293 sc_starttls_init = mp_set_subcheck_state(sc_starttls_init, STATE_UNKNOWN);
294 mp_add_subcheck_to_check(&overall, sc_starttls_init);
295 mp_exit(overall);
233 } 296 }
234 297
235 if(use_starttls && ! supports_tls){ 298 mp_state_enum starttls_result = np_net_ssl_init_with_hostname(
236 printf(_("WARNING - TLS not supported by server\n")); 299 socket_descriptor, (config.use_sni ? config.server_address : NULL));
237 smtp_quit(); 300 if (starttls_result != STATE_OK) {
238 return STATE_WARNING; 301 close(socket_descriptor);
302 np_net_ssl_cleanup();
303
304 sc_starttls_init = mp_set_subcheck_state(sc_starttls_init, STATE_CRITICAL);
305 xasprintf(&sc_starttls_init.output, "failed to create StartTLS context");
306 mp_add_subcheck_to_check(&overall, sc_starttls_init);
307 mp_exit(overall);
239 } 308 }
309 sc_starttls_init = mp_set_subcheck_state(sc_starttls_init, STATE_OK);
310 xasprintf(&sc_starttls_init.output, "created StartTLS context");
311 mp_add_subcheck_to_check(&overall, sc_starttls_init);
240 312
241#ifdef HAVE_SSL 313 ssl_established = true;
242 if(use_starttls) {
243 /* send the STARTTLS command */
244 send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0);
245
246 recvlines(buffer, MAX_INPUT_BUFFER); /* wait for it */
247 if (!strstr (buffer, SMTP_EXPECT)) {
248 printf (_("Server does not support STARTTLS\n"));
249 smtp_quit();
250 return STATE_UNKNOWN;
251 }
252 result = np_net_ssl_init_with_hostname(sd, (use_sni ? server_address : NULL));
253 if(result != STATE_OK) {
254 printf (_("CRITICAL - Cannot create SSL context.\n"));
255 close(sd);
256 np_net_ssl_cleanup();
257 return STATE_CRITICAL;
258 } else {
259 ssl_established = 1;
260 }
261 314
262 /* 315 /*
263 * Resend the EHLO command. 316 * Resend the EHLO command.
@@ -270,218 +323,287 @@ main (int argc, char **argv)
270 * reason, some MTAs will not allow an AUTH LOGIN command before 323 * reason, some MTAs will not allow an AUTH LOGIN command before
271 * we resent EHLO via TLS. 324 * we resent EHLO via TLS.
272 */ 325 */
273 if (my_send(helocmd, strlen(helocmd)) <= 0) { 326 if (my_send(config, helocmd, (int)strlen(helocmd), socket_descriptor, ssl_established) <=
274 printf("%s\n", _("SMTP UNKNOWN - Cannot send EHLO command via TLS.")); 327 0) {
275 my_close(); 328 my_close(socket_descriptor);
276 return STATE_UNKNOWN; 329
330 mp_subcheck sc_ehlo = mp_subcheck_init();
331 sc_ehlo = mp_set_subcheck_state(sc_ehlo, STATE_UNKNOWN);
332 xasprintf(&sc_ehlo.output, "cannot send EHLO command via StartTLS");
333 mp_add_subcheck_to_check(&overall, sc_ehlo);
334 mp_exit(overall);
277 } 335 }
278 if (verbose) 336
337 if (verbose) {
279 printf(_("sent %s"), helocmd); 338 printf(_("sent %s"), helocmd);
280 if ((n = recvlines(buffer, MAX_INPUT_BUFFER)) <= 0) {
281 printf("%s\n", _("SMTP UNKNOWN - Cannot read EHLO response via TLS."));
282 my_close();
283 return STATE_UNKNOWN;
284 } 339 }
340
341 if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) <= 0) {
342 my_close(socket_descriptor);
343
344 mp_subcheck sc_ehlo = mp_subcheck_init();
345 sc_ehlo = mp_set_subcheck_state(sc_ehlo, STATE_UNKNOWN);
346 xasprintf(&sc_ehlo.output, "cannot read EHLO response via StartTLS");
347 mp_add_subcheck_to_check(&overall, sc_ehlo);
348 mp_exit(overall);
349 }
350
285 if (verbose) { 351 if (verbose) {
286 printf("%s", buffer); 352 printf("%s", buffer);
287 } 353 }
354 }
355
356# ifdef MOPL_USE_OPENSSL
357 if (ssl_established) {
358 net_ssl_check_cert_result cert_check_result =
359 np_net_ssl_check_cert2(config.days_till_exp_warn, config.days_till_exp_crit);
360
361 mp_subcheck sc_cert_check = mp_subcheck_init();
362
363 switch (cert_check_result.errors) {
364 case ALL_OK: {
365
366 if (cert_check_result.result_state != STATE_OK &&
367 config.ignore_certificate_expiration) {
368 xasprintf(&sc_cert_check.output,
369 "Remaining certificate lifetime: %d days. Expiration will be ignored",
370 (int)(cert_check_result.remaining_seconds / 86400));
371 sc_cert_check = mp_set_subcheck_state(sc_cert_check, STATE_OK);
372 } else {
373 xasprintf(&sc_cert_check.output, "Remaining certificate lifetime: %d days",
374 (int)(cert_check_result.remaining_seconds / 86400));
375 sc_cert_check =
376 mp_set_subcheck_state(sc_cert_check, cert_check_result.result_state);
377 }
378 } break;
379 case NO_SERVER_CERTIFICATE_PRESENT: {
380 xasprintf(&sc_cert_check.output, "no server certificate present");
381 sc_cert_check = mp_set_subcheck_state(sc_cert_check, cert_check_result.result_state);
382 } break;
383 case UNABLE_TO_RETRIEVE_CERTIFICATE_SUBJECT: {
384 xasprintf(&sc_cert_check.output, "can not retrieve certificate subject");
385 sc_cert_check = mp_set_subcheck_state(sc_cert_check, cert_check_result.result_state);
386 } break;
387 case WRONG_TIME_FORMAT_IN_CERTIFICATE: {
388 xasprintf(&sc_cert_check.output, "wrong time format in certificate");
389 sc_cert_check = mp_set_subcheck_state(sc_cert_check, cert_check_result.result_state);
390 } break;
391 };
392
393 mp_add_subcheck_to_check(&overall, sc_cert_check);
394 }
395# endif /* MOPL_USE_OPENSSL */
288 396
289# ifdef USE_OPENSSL
290 if ( check_cert ) {
291 result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
292 smtp_quit();
293 my_close();
294 return result;
295 }
296# endif /* USE_OPENSSL */
297 }
298#endif 397#endif
299 398
300 if (verbose) 399 if (verbose) {
301 printf ("%s", buffer); 400 printf("%s", buffer);
302 401 }
303 /* save buffer for later use */ 402
304 xasprintf(&server_response, "%s%s", server_response, buffer); 403 /* save buffer for later use */
305 /* strip the buffer of carriage returns */ 404 xasprintf(&server_response, "%s%s", server_response, buffer);
306 strip (server_response); 405 /* strip the buffer of carriage returns */
307 406 strip(server_response);
308 /* make sure we find the droids we are looking for */ 407
309 if (!strstr (server_response, server_expect)) { 408 /* make sure we find the droids we are looking for */
310 if (server_port == SMTP_PORT) 409 mp_subcheck sc_expect_response = mp_subcheck_init();
311 printf (_("Invalid SMTP response received from host: %s\n"), server_response); 410
312 else 411 if (!strstr(server_response, config.server_expect)) {
313 printf (_("Invalid SMTP response received from host on port %d: %s\n"), 412 sc_expect_response = mp_set_subcheck_state(sc_expect_response, STATE_WARNING);
314 server_port, server_response); 413 if (config.server_port == SMTP_PORT) {
315 return STATE_WARNING; 414 xasprintf(&sc_expect_response.output, _("invalid SMTP response received from host: %s"),
415 server_response);
416 } else {
417 xasprintf(&sc_expect_response.output,
418 _("invalid SMTP response received from host on port %d: %s"),
419 config.server_port, server_response);
316 } 420 }
421 exit(STATE_WARNING);
422 } else {
423 xasprintf(&sc_expect_response.output, "received valid SMTP response '%s' from host: '%s'",
424 config.server_expect, server_response);
425 sc_expect_response = mp_set_subcheck_state(sc_expect_response, STATE_OK);
426 }
317 427
318 if (send_mail_from) { 428 mp_add_subcheck_to_check(&overall, sc_expect_response);
319 my_send(cmd_str, strlen(cmd_str)); 429
320 if (recvlines(buffer, MAX_INPUT_BUFFER) >= 1 && verbose) 430 if (config.send_mail_from) {
321 printf("%s", buffer); 431 my_send(config, cmd_str, (int)strlen(cmd_str), socket_descriptor, ssl_established);
432 if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) >= 1 &&
433 verbose) {
434 printf("%s", buffer);
435 }
436 }
437
438 size_t counter = 0;
439 while (counter < config.ncommands) {
440 xasprintf(&cmd_str, "%s%s", config.commands[counter], "\r\n");
441 my_send(config, cmd_str, (int)strlen(cmd_str), socket_descriptor, ssl_established);
442 if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) >= 1 &&
443 verbose) {
444 printf("%s", buffer);
322 } 445 }
323 446
324 n = 0; 447 strip(buffer);
325 while (n < ncommands) { 448
326 xasprintf (&cmd_str, "%s%s", commands[n], "\r\n"); 449 if (counter < config.nresponses) {
327 my_send(cmd_str, strlen(cmd_str)); 450 int cflags = REG_EXTENDED | REG_NOSUB | REG_NEWLINE;
328 if (recvlines(buffer, MAX_INPUT_BUFFER) >= 1 && verbose) 451 regex_t preg;
329 printf("%s", buffer); 452 int errcode = regcomp(&preg, config.responses[counter], cflags);
330 strip (buffer); 453 char errbuf[MAX_INPUT_BUFFER];
331 if (n < nresponses) { 454 if (errcode != 0) {
332 cflags |= REG_EXTENDED | REG_NOSUB | REG_NEWLINE; 455 regerror(errcode, &preg, errbuf, MAX_INPUT_BUFFER);
333 errcode = regcomp (&preg, responses[n], cflags); 456 printf(_("Could Not Compile Regular Expression"));
334 if (errcode != 0) { 457 exit(STATE_UNKNOWN);
335 regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER); 458 }
336 printf (_("Could Not Compile Regular Expression")); 459
337 return ERROR; 460 regmatch_t pmatch[10];
461 int eflags = 0;
462 int excode = regexec(&preg, buffer, 10, pmatch, eflags);
463 mp_subcheck sc_expected_responses = mp_subcheck_init();
464 if (excode == 0) {
465 xasprintf(&sc_expected_responses.output, "valid response '%s' to command '%s'",
466 buffer, config.commands[counter]);
467 sc_expected_responses = mp_set_subcheck_state(sc_expected_responses, STATE_OK);
468 } else if (excode == REG_NOMATCH) {
469 sc_expected_responses = mp_set_subcheck_state(sc_expected_responses, STATE_WARNING);
470 xasprintf(&sc_expected_responses.output, "invalid response '%s' to command '%s'",
471 buffer, config.commands[counter]);
472 } else {
473 regerror(excode, &preg, errbuf, MAX_INPUT_BUFFER);
474 xasprintf(&sc_expected_responses.output, "regexec execute error: %s", errbuf);
475 sc_expected_responses = mp_set_subcheck_state(sc_expected_responses, STATE_UNKNOWN);
476 }
477 }
478 counter++;
479 }
480
481 if (config.authtype != NULL) {
482 mp_subcheck sc_auth = mp_subcheck_init();
483
484 if (strcmp(config.authtype, "LOGIN") == 0) {
485 char *abuf;
486 int ret;
487 do {
488 /* send AUTH LOGIN */
489 my_send(config, SMTP_AUTH_LOGIN, strlen(SMTP_AUTH_LOGIN), socket_descriptor,
490 ssl_established);
491
492 if (verbose) {
493 printf(_("sent %s\n"), "AUTH LOGIN");
338 } 494 }
339 excode = regexec (&preg, buffer, 10, pmatch, eflags); 495
340 if (excode == 0) { 496 if ((ret = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor,
341 result = STATE_OK; 497 ssl_established)) <= 0) {
498 xasprintf(&sc_auth.output, _("recv() failed after AUTH LOGIN"));
499 sc_auth = mp_set_subcheck_state(sc_auth, STATE_WARNING);
500 break;
342 } 501 }
343 else if (excode == REG_NOMATCH) { 502
344 result = STATE_WARNING; 503 if (verbose) {
345 printf (_("SMTP %s - Invalid response '%s' to command '%s'\n"), state_text (result), buffer, commands[n]); 504 printf(_("received %s\n"), buffer);
505 }
506
507 if (strncmp(buffer, "334", 3) != 0) {
508 xasprintf(&sc_auth.output, "invalid response received after AUTH LOGIN");
509 sc_auth = mp_set_subcheck_state(sc_auth, STATE_CRITICAL);
510 break;
346 } 511 }
347 else { 512
348 regerror (excode, &preg, errbuf, MAX_INPUT_BUFFER); 513 /* encode authuser with base64 */
349 printf (_("Execute Error: %s\n"), errbuf); 514 base64_encode_alloc(config.authuser, strlen(config.authuser), &abuf);
350 result = STATE_UNKNOWN; 515 xasprintf(&abuf, "%s\r\n", abuf);
516 my_send(config, abuf, (int)strlen(abuf), socket_descriptor, ssl_established);
517 if (verbose) {
518 printf(_("sent %s\n"), abuf);
351 } 519 }
352 }
353 n++;
354 }
355 520
356 if (authtype != NULL) { 521 if ((ret = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor,
357 if (strcmp (authtype, "LOGIN") == 0) { 522 ssl_established)) <= 0) {
358 char *abuf; 523 xasprintf(&sc_auth.output, "recv() failed after sending authuser");
359 int ret; 524 sc_auth = mp_set_subcheck_state(sc_auth, STATE_CRITICAL);
360 do {
361 if (authuser == NULL) {
362 result = STATE_CRITICAL;
363 xasprintf(&error_msg, _("no authuser specified, "));
364 break;
365 }
366 if (authpass == NULL) {
367 result = STATE_CRITICAL;
368 xasprintf(&error_msg, _("no authpass specified, "));
369 break;
370 }
371
372 /* send AUTH LOGIN */
373 my_send(SMTP_AUTH_LOGIN, strlen(SMTP_AUTH_LOGIN));
374 if (verbose)
375 printf (_("sent %s\n"), "AUTH LOGIN");
376
377 if ((ret = recvlines(buffer, MAX_INPUT_BUFFER)) <= 0) {
378 xasprintf(&error_msg, _("recv() failed after AUTH LOGIN, "));
379 result = STATE_WARNING;
380 break;
381 }
382 if (verbose)
383 printf (_("received %s\n"), buffer);
384
385 if (strncmp (buffer, "334", 3) != 0) {
386 result = STATE_CRITICAL;
387 xasprintf(&error_msg, _("invalid response received after AUTH LOGIN, "));
388 break;
389 }
390
391 /* encode authuser with base64 */
392 base64_encode_alloc (authuser, strlen(authuser), &abuf);
393 xasprintf(&abuf, "%s\r\n", abuf);
394 my_send(abuf, strlen(abuf));
395 if (verbose)
396 printf (_("sent %s\n"), abuf);
397
398 if ((ret = recvlines(buffer, MAX_INPUT_BUFFER)) <= 0) {
399 result = STATE_CRITICAL;
400 xasprintf(&error_msg, _("recv() failed after sending authuser, "));
401 break;
402 }
403 if (verbose) {
404 printf (_("received %s\n"), buffer);
405 }
406 if (strncmp (buffer, "334", 3) != 0) {
407 result = STATE_CRITICAL;
408 xasprintf(&error_msg, _("invalid response received after authuser, "));
409 break;
410 }
411 /* encode authpass with base64 */
412 base64_encode_alloc (authpass, strlen(authpass), &abuf);
413 xasprintf(&abuf, "%s\r\n", abuf);
414 my_send(abuf, strlen(abuf));
415 if (verbose) {
416 printf (_("sent %s\n"), abuf);
417 }
418 if ((ret = recvlines(buffer, MAX_INPUT_BUFFER)) <= 0) {
419 result = STATE_CRITICAL;
420 xasprintf(&error_msg, _("recv() failed after sending authpass, "));
421 break;
422 }
423 if (verbose) {
424 printf (_("received %s\n"), buffer);
425 }
426 if (strncmp (buffer, "235", 3) != 0) {
427 result = STATE_CRITICAL;
428 xasprintf(&error_msg, _("invalid response received after authpass, "));
429 break;
430 }
431 break; 525 break;
432 } while (0); 526 }
433 } else {
434 result = STATE_CRITICAL;
435 xasprintf(&error_msg, _("only authtype LOGIN is supported, "));
436 }
437 }
438 527
439 /* tell the server we're done */ 528 if (verbose) {
440 smtp_quit(); 529 printf(_("received %s\n"), buffer);
530 }
441 531
442 /* finally close the connection */ 532 if (strncmp(buffer, "334", 3) != 0) {
443 close (sd); 533 xasprintf(&sc_auth.output, "invalid response received after authuser");
444 } 534 sc_auth = mp_set_subcheck_state(sc_auth, STATE_CRITICAL);
535 break;
536 }
445 537
446 /* reset the alarm */ 538 /* encode authpass with base64 */
447 alarm (0); 539 base64_encode_alloc(config.authpass, strlen(config.authpass), &abuf);
540 xasprintf(&abuf, "%s\r\n", abuf);
541 my_send(config, abuf, (int)strlen(abuf), socket_descriptor, ssl_established);
448 542
449 microsec = deltime (tv); 543 if (verbose) {
450 elapsed_time = (double)microsec / 1.0e6; 544 printf(_("sent %s\n"), abuf);
545 }
451 546
452 if (result == STATE_OK) { 547 if ((ret = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor,
453 if (check_critical_time && elapsed_time > critical_time) 548 ssl_established)) <= 0) {
454 result = STATE_CRITICAL; 549 xasprintf(&sc_auth.output, "recv() failed after sending authpass");
455 else if (check_warning_time && elapsed_time > warning_time) 550 sc_auth = mp_set_subcheck_state(sc_auth, STATE_CRITICAL);
456 result = STATE_WARNING; 551 break;
552 }
553
554 if (verbose) {
555 printf(_("received %s\n"), buffer);
556 }
557
558 if (strncmp(buffer, "235", 3) != 0) {
559 xasprintf(&sc_auth.output, "invalid response received after authpass");
560 sc_auth = mp_set_subcheck_state(sc_auth, STATE_CRITICAL);
561 break;
562 }
563 break;
564 } while (false);
565 } else {
566 sc_auth = mp_set_subcheck_state(sc_auth, STATE_CRITICAL);
567 xasprintf(&sc_auth.output, "only authtype LOGIN is supported");
568 }
569
570 mp_add_subcheck_to_check(&overall, sc_auth);
457 } 571 }
458 572
459 printf (_("SMTP %s - %s%.3f sec. response time%s%s|%s\n"), 573 /* tell the server we're done */
460 state_text (result), 574 smtp_quit(config, buffer, socket_descriptor, ssl_established);
461 error_msg,
462 elapsed_time,
463 verbose?", ":"", verbose?buffer:"",
464 fperfdata ("time", elapsed_time, "s",
465 (int)check_warning_time, warning_time,
466 (int)check_critical_time, critical_time,
467 true, 0, false, 0));
468 575
469 return result; 576 /* finally close the connection */
470} 577 close(socket_descriptor);
471 578
579 /* reset the alarm */
580 alarm(0);
472 581
582 long microsec = deltime(start_time);
583 double elapsed_time = (double)microsec / 1.0e6;
473 584
474/* process command-line arguments */ 585 mp_perfdata pd_elapsed_time = perfdata_init();
475int 586 pd_elapsed_time = mp_set_pd_value(pd_elapsed_time, elapsed_time);
476process_arguments (int argc, char **argv) 587 pd_elapsed_time.label = "time";
477{ 588 pd_elapsed_time.uom = "s";
478 int c;
479 char* temp;
480 589
481 bool implicit_tls = false; 590 pd_elapsed_time = mp_pd_set_thresholds(pd_elapsed_time, config.connection_time);
591
592 mp_subcheck sc_connection_time = mp_subcheck_init();
593 xasprintf(&sc_connection_time.output, "connection time: %.3gs", elapsed_time);
594 sc_connection_time =
595 mp_set_subcheck_state(sc_connection_time, mp_get_pd_status(pd_elapsed_time));
596 mp_add_subcheck_to_check(&overall, sc_connection_time);
597
598 mp_exit(overall);
599}
482 600
601/* process command-line arguments */
602check_smtp_config_wrapper process_arguments(int argc, char **argv) {
483 enum { 603 enum {
484 SNI_OPTION 604 SNI_OPTION = CHAR_MAX + 1,
605 output_format_index,
606 ignore_certificate_expiration_index,
485 }; 607 };
486 608
487 int option = 0; 609 int option = 0;
@@ -507,277 +629,301 @@ process_arguments (int argc, char **argv)
507 {"lmtp", no_argument, 0, 'L'}, 629 {"lmtp", no_argument, 0, 'L'},
508 {"ssl", no_argument, 0, 's'}, 630 {"ssl", no_argument, 0, 's'},
509 {"tls", no_argument, 0, 's'}, 631 {"tls", no_argument, 0, 's'},
510 {"starttls",no_argument,0,'S'}, 632 {"starttls", no_argument, 0, 'S'},
511 {"sni", no_argument, 0, SNI_OPTION}, 633 {"sni", no_argument, 0, SNI_OPTION},
512 {"certificate",required_argument,0,'D'}, 634 {"certificate", required_argument, 0, 'D'},
513 {"ignore-quit-failure",no_argument,0,'q'}, 635 {"ignore-quit-failure", no_argument, 0, 'q'},
514 {"proxy",no_argument,0,'r'}, 636 {"proxy", no_argument, 0, 'r'},
515 {0, 0, 0, 0} 637 {"ignore-certificate-expiration", no_argument, 0, ignore_certificate_expiration_index},
638 {"output-format", required_argument, 0, output_format_index},
639 {0, 0, 0, 0}};
640
641 check_smtp_config_wrapper result = {
642 .config = check_smtp_config_init(),
643 .errorcode = OK,
516 }; 644 };
517 645
518 if (argc < 2) 646 if (argc < 2) {
519 return ERROR; 647 result.errorcode = ERROR;
648 return result;
649 }
520 650
521 for (c = 1; c < argc; c++) { 651 for (int index = 1; index < argc; index++) {
522 if (strcmp ("-to", argv[c]) == 0) 652 if (strcmp("-to", argv[index]) == 0) {
523 strcpy (argv[c], "-t"); 653 strcpy(argv[index], "-t");
524 else if (strcmp ("-wt", argv[c]) == 0) 654 } else if (strcmp("-wt", argv[index]) == 0) {
525 strcpy (argv[c], "-w"); 655 strcpy(argv[index], "-w");
526 else if (strcmp ("-ct", argv[c]) == 0) 656 } else if (strcmp("-ct", argv[index]) == 0) {
527 strcpy (argv[c], "-c"); 657 strcpy(argv[index], "-c");
658 }
528 } 659 }
529 660
530 while (1) { 661 unsigned long command_size = 0;
531 c = getopt_long (argc, argv, "+hVv46Lrt:p:f:e:c:w:H:C:R:sSD:F:A:U:P:q", 662 unsigned long response_size = 0;
532 longopts, &option); 663 bool implicit_tls = false;
664 int server_port_option = 0;
665 while (true) {
666 int opt_index =
667 getopt_long(argc, argv, "+hVv46Lrt:p:f:e:c:w:H:C:R:sSD:F:A:U:P:q", longopts, &option);
533 668
534 if (c == -1 || c == EOF) 669 if (opt_index == -1 || opt_index == EOF) {
535 break; 670 break;
671 }
536 672
537 switch (c) { 673 switch (opt_index) {
538 case 'H': /* hostname */ 674 case 'H': /* hostname */
539 if (is_host (optarg)) { 675 if (is_host(optarg)) {
540 server_address = optarg; 676 result.config.server_address = optarg;
541 } 677 } else {
542 else { 678 usage2(_("Invalid hostname/address"), optarg);
543 usage2 (_("Invalid hostname/address"), optarg);
544 } 679 }
545 break; 680 break;
546 case 'p': /* port */ 681 case 'p': /* port */
547 if (is_intpos (optarg)) 682 if (is_intpos(optarg)) {
548 server_port_option = atoi (optarg); 683 server_port_option = atoi(optarg);
549 else 684 } else {
550 usage4 (_("Port must be a positive integer")); 685 usage4(_("Port must be a positive integer"));
686 }
551 break; 687 break;
552 case 'F': 688 case 'F':
553 /* localhostname */ 689 /* localhostname */
554 localhostname = strdup(optarg); 690 result.config.localhostname = strdup(optarg);
555 break; 691 break;
556 case 'f': /* from argument */ 692 case 'f': /* from argument */
557 from_arg = optarg + strspn(optarg, "<"); 693 result.config.from_arg = optarg + strspn(optarg, "<");
558 from_arg = strndup(from_arg, strcspn(from_arg, ">")); 694 result.config.from_arg =
559 send_mail_from = 1; 695 strndup(result.config.from_arg, strcspn(result.config.from_arg, ">"));
696 result.config.send_mail_from = true;
560 break; 697 break;
561 case 'A': 698 case 'A':
562 authtype = optarg; 699 result.config.authtype = optarg;
563 use_ehlo = true; 700 result.config.use_ehlo = true;
564 break; 701 break;
565 case 'U': 702 case 'U':
566 authuser = optarg; 703 result.config.authuser = optarg;
567 break; 704 break;
568 case 'P': 705 case 'P':
569 authpass = optarg; 706 result.config.authpass = optarg;
570 break; 707 break;
571 case 'e': /* server expect string on 220 */ 708 case 'e': /* server expect string on 220 */
572 server_expect = optarg; 709 result.config.server_expect = optarg;
573 break; 710 break;
574 case 'C': /* commands */ 711 case 'C': /* commands */
575 if (ncommands >= command_size) { 712 if (result.config.ncommands >= command_size) {
576 command_size+=8; 713 command_size += 8;
577 commands = realloc (commands, sizeof(char *) * command_size); 714 result.config.commands =
578 if (commands == NULL) 715 realloc(result.config.commands, sizeof(char *) * command_size);
579 die (STATE_UNKNOWN, 716 if (result.config.commands == NULL) {
580 _("Could not realloc() units [%d]\n"), ncommands); 717 die(STATE_UNKNOWN, _("Could not realloc() units [%lu]\n"),
718 result.config.ncommands);
719 }
581 } 720 }
582 commands[ncommands] = (char *) malloc (sizeof(char) * 255); 721 result.config.commands[result.config.ncommands] = (char *)malloc(sizeof(char) * 255);
583 strncpy (commands[ncommands], optarg, 255); 722 strncpy(result.config.commands[result.config.ncommands], optarg, 255);
584 ncommands++; 723 result.config.ncommands++;
585 break; 724 break;
586 case 'R': /* server responses */ 725 case 'R': /* server responses */
587 if (nresponses >= response_size) { 726 if (result.config.nresponses >= response_size) {
588 response_size += 8; 727 response_size += 8;
589 responses = realloc (responses, sizeof(char *) * response_size); 728 result.config.responses =
590 if (responses == NULL) 729 realloc(result.config.responses, sizeof(char *) * response_size);
591 die (STATE_UNKNOWN, 730 if (result.config.responses == NULL) {
592 _("Could not realloc() units [%d]\n"), nresponses); 731 die(STATE_UNKNOWN, _("Could not realloc() units [%lu]\n"),
732 result.config.nresponses);
733 }
593 } 734 }
594 responses[nresponses] = (char *) malloc (sizeof(char) * 255); 735 result.config.responses[result.config.nresponses] = (char *)malloc(sizeof(char) * 255);
595 strncpy (responses[nresponses], optarg, 255); 736 strncpy(result.config.responses[result.config.nresponses], optarg, 255);
596 nresponses++; 737 result.config.nresponses++;
597 break; 738 break;
598 case 'c': /* critical time threshold */ 739 case 'c': /* critical time threshold */ {
599 if (!is_nonnegative (optarg)) 740 mp_range_parsed tmp = mp_parse_range_string(optarg);
600 usage4 (_("Critical time must be a positive")); 741 if (tmp.error != MP_PARSING_SUCCESS) {
601 else { 742 die(STATE_UNKNOWN, "failed to parse critical time threshold");
602 critical_time = strtod (optarg, NULL);
603 check_critical_time = true;
604 } 743 }
605 break; 744 result.config.connection_time =
606 case 'w': /* warning time threshold */ 745 mp_thresholds_set_warn(result.config.connection_time, tmp.range);
607 if (!is_nonnegative (optarg)) 746 } break;
608 usage4 (_("Warning time must be a positive")); 747 case 'w': /* warning time threshold */ {
609 else { 748 mp_range_parsed tmp = mp_parse_range_string(optarg);
610 warning_time = strtod (optarg, NULL); 749 if (tmp.error != MP_PARSING_SUCCESS) {
611 check_warning_time = true; 750 die(STATE_UNKNOWN, "failed to parse warning time threshold");
612 } 751 }
613 break; 752 result.config.connection_time =
614 case 'v': /* verbose */ 753 mp_thresholds_set_crit(result.config.connection_time, tmp.range);
754 } break;
755 case 'v': /* verbose */
615 verbose++; 756 verbose++;
616 break; 757 break;
617 case 'q': 758 case 'q':
618 ignore_send_quit_failure = true; /* ignore problem sending QUIT */ 759 result.config.ignore_send_quit_failure = true; /* ignore problem sending QUIT */
619 break; 760 break;
620 case 't': /* timeout */ 761 case 't': /* timeout */
621 if (is_intnonneg (optarg)) { 762 if (is_intnonneg(optarg)) {
622 socket_timeout = atoi (optarg); 763 socket_timeout = atoi(optarg);
623 } 764 } else {
624 else { 765 usage4(_("Timeout interval must be a positive integer"));
625 usage4 (_("Timeout interval must be a positive integer"));
626 } 766 }
627 break; 767 break;
628 case 'D': 768 case 'D': {
629 /* Check SSL cert validity */ 769 /* Check SSL cert validity */
630#ifdef USE_OPENSSL 770#ifdef MOPL_USE_OPENSSL
631 if ((temp=strchr(optarg,','))!=NULL) { 771 char *temp;
632 *temp='\0'; 772 if ((temp = strchr(optarg, ',')) != NULL) {
633 if (!is_intnonneg (optarg)) 773 *temp = '\0';
634 usage2 ("Invalid certificate expiration period", optarg); 774 if (!is_intnonneg(optarg)) {
635 days_till_exp_warn = atoi(optarg); 775 usage2("Invalid certificate expiration period", optarg);
636 *temp=','; 776 }
637 temp++; 777 result.config.days_till_exp_warn = atoi(optarg);
638 if (!is_intnonneg (temp)) 778 *temp = ',';
639 usage2 (_("Invalid certificate expiration period"), temp); 779 temp++;
640 days_till_exp_crit = atoi (temp); 780 if (!is_intnonneg(temp)) {
641 } 781 usage2(_("Invalid certificate expiration period"), temp);
642 else { 782 }
643 days_till_exp_crit=0; 783 result.config.days_till_exp_crit = atoi(temp);
644 if (!is_intnonneg (optarg)) 784 } else {
645 usage2 ("Invalid certificate expiration period", optarg); 785 result.config.days_till_exp_crit = 0;
646 days_till_exp_warn = atoi (optarg); 786 if (!is_intnonneg(optarg)) {
647 } 787 usage2("Invalid certificate expiration period", optarg);
648 check_cert = true; 788 }
649 ignore_send_quit_failure = true; 789 result.config.days_till_exp_warn = atoi(optarg);
790 }
791 result.config.ignore_send_quit_failure = true;
650#else 792#else
651 usage (_("SSL support not available - install OpenSSL and recompile")); 793 usage(_("SSL support not available - install OpenSSL and recompile"));
652#endif 794#endif
653 implicit_tls = true; 795 implicit_tls = true;
654 // fallthrough 796 // fallthrough
655 case 's': 797 case 's':
656 /* ssl */ 798 /* ssl */
657 use_ssl = true; 799 result.config.use_ssl = true;
658 server_port = SMTPS_PORT; 800 result.config.server_port = SMTPS_PORT;
659 break; 801 break;
660 case 'S': 802 case 'S':
661 /* starttls */ 803 /* starttls */
662 use_starttls = true; 804 result.config.use_starttls = true;
663 use_ehlo = true; 805 result.config.use_ehlo = true;
664 break; 806 break;
807 }
665 case SNI_OPTION: 808 case SNI_OPTION:
666#ifdef HAVE_SSL 809#ifdef HAVE_SSL
667 use_sni = true; 810 result.config.use_sni = true;
668#else 811#else
669 usage (_("SSL support not available - install OpenSSL and recompile")); 812 usage(_("SSL support not available - install OpenSSL and recompile"));
670#endif 813#endif
671 break; 814 break;
672 case 'r': 815 case 'r':
673 use_proxy_prefix = true; 816 result.config.use_proxy_prefix = true;
674 break; 817 break;
675 case 'L': 818 case 'L':
676 use_lhlo = true; 819 result.config.use_lhlo = true;
677 break; 820 break;
678 case '4': 821 case '4':
679 address_family = AF_INET; 822 address_family = AF_INET;
680 break; 823 break;
681 case '6': 824 case '6':
682#ifdef USE_IPV6
683 address_family = AF_INET6; 825 address_family = AF_INET6;
684#else
685 usage4 (_("IPv6 support not available"));
686#endif
687 break; 826 break;
688 case 'V': /* version */ 827 case 'V': /* version */
689 print_revision (progname, NP_VERSION); 828 print_revision(progname, NP_VERSION);
690 exit (STATE_UNKNOWN); 829 exit(STATE_UNKNOWN);
691 case 'h': /* help */ 830 case 'h': /* help */
692 print_help (); 831 print_help();
693 exit (STATE_UNKNOWN); 832 exit(STATE_UNKNOWN);
694 case '?': /* help */ 833 case '?': /* help */
695 usage5 (); 834 usage5();
835 case output_format_index: {
836 parsed_output_format parser = mp_parse_output_format(optarg);
837 if (!parser.parsing_success) {
838 // TODO List all available formats here, maybe add anothoer usage function
839 printf("Invalid output format: %s\n", optarg);
840 exit(STATE_UNKNOWN);
841 }
842
843 result.config.output_format_is_set = true;
844 result.config.output_format = parser.output_format;
845 break;
846 }
847 case ignore_certificate_expiration_index: {
848 result.config.ignore_certificate_expiration = true;
849 }
696 } 850 }
697 } 851 }
698 852
699 c = optind; 853 int c = optind;
700 if (server_address == NULL) { 854 if (result.config.server_address == NULL) {
701 if (argv[c]) { 855 if (argv[c]) {
702 if (is_host (argv[c])) 856 if (is_host(argv[c])) {
703 server_address = argv[c]; 857 result.config.server_address = argv[c];
704 else 858 } else {
705 usage2 (_("Invalid hostname/address"), argv[c]); 859 usage2(_("Invalid hostname/address"), argv[c]);
706 } 860 }
707 else { 861 } else {
708 xasprintf (&server_address, "127.0.0.1"); 862 result.config.server_address = strdup("localhost");
709 } 863 }
710 } 864 }
711 865
712 if (server_expect == NULL) 866 if (result.config.use_starttls && result.config.use_ssl) {
713 server_expect = strdup (SMTP_EXPECT);
714
715 if (mail_command == NULL)
716 mail_command = strdup("MAIL ");
717
718 if (from_arg==NULL)
719 from_arg = strdup(" ");
720
721 if (use_starttls && use_ssl) {
722 if (implicit_tls) { 867 if (implicit_tls) {
723 use_ssl = false; 868 result.config.use_ssl = false;
724 server_port = SMTP_PORT;
725 } else { 869 } else {
726 usage4 (_("Set either -s/--ssl/--tls or -S/--starttls")); 870 usage4(_("Set either -s/--ssl/--tls or -S/--starttls"));
727 } 871 }
728 } 872 }
729 873
730 if (server_port_option != 0) { 874 if (server_port_option != 0) {
731 server_port = server_port_option; 875 result.config.server_port = server_port_option;
732 } 876 }
733 877
734 return validate_arguments (); 878 if (result.config.authtype) {
735} 879 if (strcmp(result.config.authtype, "LOGIN") == 0) {
736 880 if (result.config.authuser == NULL) {
737 881 usage4("no authuser specified");
882 }
883 if (result.config.authpass == NULL) {
884 usage4("no authpass specified");
885 }
886 } else {
887 usage4("only authtype LOGIN is supported");
888 }
889 }
738 890
739int 891 return result;
740validate_arguments (void)
741{
742 return OK;
743} 892}
744 893
745 894char *smtp_quit(check_smtp_config config, char buffer[MAX_INPUT_BUFFER], int socket_descriptor,
746void 895 bool ssl_established) {
747smtp_quit(void) 896 int sent_bytes =
748{ 897 my_send(config, SMTP_QUIT, strlen(SMTP_QUIT), socket_descriptor, ssl_established);
749 int bytes; 898 if (sent_bytes < 0) {
750 int n; 899 if (config.ignore_send_quit_failure) {
751 900 if (verbose) {
752 n = my_send(SMTP_QUIT, strlen(SMTP_QUIT));
753 if(n < 0) {
754 if(ignore_send_quit_failure) {
755 if(verbose) {
756 printf(_("Connection closed by server before sending QUIT command\n")); 901 printf(_("Connection closed by server before sending QUIT command\n"));
757 } 902 }
758 return; 903 return buffer;
759 } 904 }
760 die (STATE_UNKNOWN, 905 die(STATE_UNKNOWN, _("Connection closed by server before sending QUIT command\n"));
761 _("Connection closed by server before sending QUIT command\n"));
762 } 906 }
763 907
764 if (verbose) 908 if (verbose) {
765 printf(_("sent %s\n"), "QUIT"); 909 printf(_("sent %s\n"), "QUIT");
910 }
766 911
767 /* read the response but don't care about problems */ 912 /* read the response but don't care about problems */
768 bytes = recvlines(buffer, MAX_INPUT_BUFFER); 913 int bytes = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established);
769 if (verbose) { 914 if (verbose) {
770 if (bytes < 0) 915 if (bytes < 0) {
771 printf(_("recv() failed after QUIT.")); 916 printf(_("recv() failed after QUIT."));
772 else if (bytes == 0) 917 } else if (bytes == 0) {
773 printf(_("Connection reset by peer.")); 918 printf(_("Connection reset by peer."));
774 else { 919 } else {
775 buffer[bytes] = '\0'; 920 buffer[bytes] = '\0';
776 printf(_("received %s\n"), buffer); 921 printf(_("received %s\n"), buffer);
777 } 922 }
778 } 923 }
779}
780 924
925 return buffer;
926}
781 927
782/* 928/*
783 * Receive one line, copy it into buf and nul-terminate it. Returns the 929 * Receive one line, copy it into buf and nul-terminate it. Returns the
@@ -788,24 +934,23 @@ smtp_quit(void)
788 * function which buffers the data, move that to netutils.c and change 934 * function which buffers the data, move that to netutils.c and change
789 * check_smtp and other plugins to use that. Also, remove (\r)\n. 935 * check_smtp and other plugins to use that. Also, remove (\r)\n.
790 */ 936 */
791int 937int recvline(char *buf, size_t bufsize, check_smtp_config config, int socket_descriptor,
792recvline(char *buf, size_t bufsize) 938 bool ssl_established) {
793{
794 int result; 939 int result;
795 unsigned i; 940 size_t counter;
796 941
797 for (i = result = 0; i < bufsize - 1; i++) { 942 for (counter = result = 0; counter < bufsize - 1; counter++) {
798 if ((result = my_recv(&buf[i], 1)) != 1) 943 if ((result = my_recv(config, &buf[counter], 1, socket_descriptor, ssl_established)) != 1) {
799 break; 944 break;
800 if (buf[i] == '\n') { 945 }
801 buf[++i] = '\0'; 946 if (buf[counter] == '\n') {
802 return i; 947 buf[++counter] = '\0';
948 return (int)counter;
803 } 949 }
804 } 950 }
805 return (result == 1 || i == 0) ? -2 : result; /* -2 if out of space */ 951 return (result == 1 || counter == 0) ? -2 : result; /* -2 if out of space */
806} 952}
807 953
808
809/* 954/*
810 * Receive one or more lines, copy them into buf and nul-terminate it. Returns 955 * Receive one or more lines, copy them into buf and nul-terminate it. Returns
811 * the number of bytes written to buf (excluding the '\0') or 0 on EOF or <0 on 956 * the number of bytes written to buf (excluding the '\0') or 0 on EOF or <0 on
@@ -820,117 +965,114 @@ recvline(char *buf, size_t bufsize)
820 * 965 *
821 * TODO: Move this to netutils.c. Also, remove \r and possibly the final \n. 966 * TODO: Move this to netutils.c. Also, remove \r and possibly the final \n.
822 */ 967 */
823int 968int recvlines(check_smtp_config config, char *buf, size_t bufsize, int socket_descriptor,
824recvlines(char *buf, size_t bufsize) 969 bool ssl_established) {
825{ 970 int result;
826 int result, i; 971 int counter;
827 972
828 for (i = 0; /* forever */; i += result) 973 for (counter = 0; /* forever */; counter += result) {
829 if (!((result = recvline(buf + i, bufsize - i)) > 3 && 974 if (!((result = recvline(buf + counter, bufsize - counter, config, socket_descriptor,
830 isdigit((int)buf[i]) && 975 ssl_established)) > 3 &&
831 isdigit((int)buf[i + 1]) && 976 isdigit((int)buf[counter]) && isdigit((int)buf[counter + 1]) &&
832 isdigit((int)buf[i + 2]) && 977 isdigit((int)buf[counter + 2]) && buf[counter + 3] == '-')) {
833 buf[i + 3] == '-'))
834 break; 978 break;
979 }
980 }
835 981
836 return (result <= 0) ? result : result + i; 982 return (result <= 0) ? result : result + counter;
837} 983}
838 984
839 985int my_close(int socket_descriptor) {
840int
841my_close (void)
842{
843 int result; 986 int result;
844 result = close(sd); 987 result = close(socket_descriptor);
845#ifdef HAVE_SSL 988#ifdef HAVE_SSL
846 np_net_ssl_cleanup(); 989 np_net_ssl_cleanup();
847#endif 990#endif
848 return result; 991 return result;
849} 992}
850 993
851 994void print_help(void) {
852void
853print_help (void)
854{
855 char *myport; 995 char *myport;
856 xasprintf (&myport, "%d", SMTP_PORT); 996 xasprintf(&myport, "%d", SMTP_PORT);
857 997
858 print_revision (progname, NP_VERSION); 998 print_revision(progname, NP_VERSION);
859 999
860 printf ("Copyright (c) 1999-2001 Ethan Galstad <nagios@nagios.org>\n"); 1000 printf("Copyright (c) 1999-2001 Ethan Galstad <nagios@nagios.org>\n");
861 printf (COPYRIGHT, copyright, email); 1001 printf(COPYRIGHT, copyright, email);
862 1002
863 printf("%s\n", _("This plugin will attempt to open an SMTP connection with the host.")); 1003 printf("%s\n", _("This plugin will attempt to open an SMTP connection with the host."));
864 1004
865 printf ("\n\n"); 1005 printf("\n\n");
866 1006
867 print_usage (); 1007 print_usage();
868 1008
869 printf (UT_HELP_VRSN); 1009 printf(UT_HELP_VRSN);
870 printf (UT_EXTRA_OPTS); 1010 printf(UT_EXTRA_OPTS);
871 1011
872 printf (UT_HOST_PORT, 'p', myport); 1012 printf(UT_HOST_PORT, 'p', myport);
873 1013
874 printf (UT_IPv46); 1014 printf(UT_IPv46);
875 1015
876 printf (" %s\n", "-e, --expect=STRING"); 1016 printf(" %s\n", "-e, --expect=STRING");
877 printf (_(" String to expect in first line of server response (default: '%s')\n"), SMTP_EXPECT); 1017 printf(_(" String to expect in first line of server response (default: '%s')\n"),
878 printf (" %s\n", "-C, --command=STRING"); 1018 SMTP_EXPECT);
879 printf (" %s\n", _("SMTP command (may be used repeatedly)")); 1019 printf(" %s\n", "-C, --command=STRING");
880 printf (" %s\n", "-R, --response=STRING"); 1020 printf(" %s\n", _("SMTP command (may be used repeatedly)"));
881 printf (" %s\n", _("Expected response to command (may be used repeatedly)")); 1021 printf(" %s\n", "-R, --response=STRING");
882 printf (" %s\n", "-f, --from=STRING"); 1022 printf(" %s\n", _("Expected response to command (may be used repeatedly)"));
883 printf (" %s\n", _("FROM-address to include in MAIL command, required by Exchange 2000")), 1023 printf(" %s\n", "-f, --from=STRING");
884 printf (" %s\n", "-F, --fqdn=STRING"); 1024 printf(" %s\n", _("FROM-address to include in MAIL command, required by Exchange 2000")),
885 printf (" %s\n", _("FQDN used for HELO")); 1025 printf(" %s\n", "-F, --fqdn=STRING");
886 printf (" %s\n", "-r, --proxy"); 1026 printf(" %s\n", _("FQDN used for HELO"));
887 printf (" %s\n", _("Use PROXY protocol prefix for the connection.")); 1027 printf(" %s\n", "-r, --proxy");
1028 printf(" %s\n", _("Use PROXY protocol prefix for the connection."));
888#ifdef HAVE_SSL 1029#ifdef HAVE_SSL
889 printf (" %s\n", "-D, --certificate=INTEGER[,INTEGER]"); 1030 printf(" %s\n", "-D, --certificate=INTEGER[,INTEGER]");
890 printf (" %s\n", _("Minimum number of days a certificate has to be valid.")); 1031 printf(" %s\n", _("Minimum number of days a certificate has to be valid."));
891 printf (" %s\n", "-s, --ssl, --tls"); 1032 printf(" %s\n", "-s, --ssl, --tls");
892 printf (" %s\n", _("Use SSL/TLS for the connection.")); 1033 printf(" %s\n", _("Use SSL/TLS for the connection."));
893 printf (_(" Sets default port to %d.\n"), SMTPS_PORT); 1034 printf(_(" Sets default port to %d.\n"), SMTPS_PORT);
894 printf (" %s\n", "-S, --starttls"); 1035 printf(" %s\n", "-S, --starttls");
895 printf (" %s\n", _("Use STARTTLS for the connection.")); 1036 printf(" %s\n", _("Use STARTTLS for the connection."));
896 printf (" %s\n", "--sni"); 1037 printf(" %s\n", "--sni");
897 printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); 1038 printf(" %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
898#endif 1039#endif
899 1040
900 printf (" %s\n", "-A, --authtype=STRING"); 1041 printf(" %s\n", "-A, --authtype=STRING");
901 printf (" %s\n", _("SMTP AUTH type to check (default none, only LOGIN supported)")); 1042 printf(" %s\n", _("SMTP AUTH type to check (default none, only LOGIN supported)"));
902 printf (" %s\n", "-U, --authuser=STRING"); 1043 printf(" %s\n", "-U, --authuser=STRING");
903 printf (" %s\n", _("SMTP AUTH username")); 1044 printf(" %s\n", _("SMTP AUTH username"));
904 printf (" %s\n", "-P, --authpass=STRING"); 1045 printf(" %s\n", "-P, --authpass=STRING");
905 printf (" %s\n", _("SMTP AUTH password")); 1046 printf(" %s\n", _("SMTP AUTH password"));
906 printf (" %s\n", "-L, --lmtp"); 1047 printf(" %s\n", "-L, --lmtp");
907 printf (" %s\n", _("Send LHLO instead of HELO/EHLO")); 1048 printf(" %s\n", _("Send LHLO instead of HELO/EHLO"));
908 printf (" %s\n", "-q, --ignore-quit-failure"); 1049 printf(" %s\n", "-q, --ignore-quit-failure");
909 printf (" %s\n", _("Ignore failure when sending QUIT command to server")); 1050 printf(" %s\n", _("Ignore failure when sending QUIT command to server"));
910 1051 printf(" %s\n", "--ignore-certificate-expiration");
911 printf (UT_WARN_CRIT); 1052 printf(" %s\n", _("Ignore certificate expiration"));
912
913 printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
914 1053
915 printf (UT_VERBOSE); 1054 printf(UT_WARN_CRIT);
916 1055
917 printf("\n"); 1056 printf(UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
918 printf ("%s\n", _("Successful connects return STATE_OK, refusals and timeouts return"));
919 printf ("%s\n", _("STATE_CRITICAL, other errors return STATE_UNKNOWN. Successful"));
920 printf ("%s\n", _("connects, but incorrect response messages from the host result in"));
921 printf ("%s\n", _("STATE_WARNING return values."));
922 1057
923 printf (UT_SUPPORT); 1058 printf(UT_OUTPUT_FORMAT);
924}
925 1059
1060 printf(UT_VERBOSE);
926 1061
1062 printf("\n");
1063 printf("%s\n", _("Successful connects return STATE_OK, refusals and timeouts return"));
1064 printf("%s\n", _("STATE_CRITICAL, other errors return STATE_UNKNOWN. Successful"));
1065 printf("%s\n", _("connects, but incorrect response messages from the host result in"));
1066 printf("%s\n", _("STATE_WARNING return values."));
927 1067
928void 1068 printf(UT_SUPPORT);
929print_usage (void)
930{
931 printf ("%s\n", _("Usage:"));
932 printf ("%s -H host [-p port] [-4|-6] [-e expect] [-C command] [-R response] [-f from addr]\n", progname);
933 printf ("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-q]\n");
934 printf ("[-F fqdn] [-S] [-L] [-D warn days cert expire[,crit days cert expire]] [-r] [--sni] [-v] \n");
935} 1069}
936 1070
1071void print_usage(void) {
1072 printf("%s\n", _("Usage:"));
1073 printf("%s -H host [-p port] [-4|-6] [-e expect] [-C command] [-R response] [-f from addr]\n",
1074 progname);
1075 printf("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-q]\n");
1076 printf("[-F fqdn] [-S] [-L] [-D warn days cert expire[,crit days cert expire]] [-r] [--sni] "
1077 "[-v] \n");
1078}