summaryrefslogtreecommitdiffstats
path: root/plugins/check_smtp.c
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/check_smtp.c')
-rw-r--r--plugins/check_smtp.c1451
1 files changed, 794 insertions, 657 deletions
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index 986c3e18..24883fd8 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -1,265 +1,313 @@
1/***************************************************************************** 1/*****************************************************************************
2* 2 *
3* Monitoring check_smtp plugin 3 * Monitoring check_smtp plugin
4* 4 *
5* License: GPL 5 * License: GPL
6* Copyright (c) 2000-2023 Monitoring Plugins Development Team 6 * Copyright (c) 2000-2024 Monitoring Plugins Development Team
7* 7 *
8* Description: 8 * Description:
9* 9 *
10* This file contains the check_smtp plugin 10 * This file contains the check_smtp plugin
11* 11 *
12* This plugin will attempt to open an SMTP connection with the host. 12 * This plugin will attempt to open an SMTP connection with the host.
13* 13 *
14* 14 *
15* This program is free software: you can redistribute it and/or modify 15 * This program is free software: you can redistribute it and/or modify
16* it under the terms of the GNU General Public License as published by 16 * it under the terms of the GNU General Public License as published by
17* the Free Software Foundation, either version 3 of the License, or 17 * the Free Software Foundation, either version 3 of the License, or
18* (at your option) any later version. 18 * (at your option) any later version.
19* 19 *
20* This program is distributed in the hope that it will be useful, 20 * This program is distributed in the hope that it will be useful,
21* but WITHOUT ANY WARRANTY; without even the implied warranty of 21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23* GNU General Public License for more details. 23 * GNU General Public License for more details.
24* 24 *
25* You should have received a copy of the GNU General Public License 25 * You should have received a copy of the GNU General Public License
26* along with this program. If not, see <http://www.gnu.org/licenses/>. 26 * along with this program. If not, see <http://www.gnu.org/licenses/>.
27* 27 *
28* 28 *
29*****************************************************************************/ 29 *****************************************************************************/
30
31const char *progname = "check_smtp";
32const char *copyright = "2000-2007";
33const char *email = "devel@monitoring-plugins.org";
34 30
35#include "common.h" 31#include "common.h"
36#include "netutils.h" 32#include "netutils.h"
33#include "output.h"
34#include "perfdata.h"
35#include "thresholds.h"
37#include "utils.h" 36#include "utils.h"
38#include "base64.h" 37#include "base64.h"
38#include "regex.h"
39 39
40#include <ctype.h> 40#include <ctype.h>
41#include <string.h>
42#include "check_smtp.d/config.h"
43#include "../lib/states.h"
41 44
42#ifdef HAVE_SSL 45const char *progname = "check_smtp";
43bool check_cert = false; 46const char *copyright = "2000-2024";
44int days_till_exp_warn, days_till_exp_crit; 47const char *email = "devel@monitoring-plugins.org";
45# define my_recv(buf, len) (((use_starttls || use_ssl) && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
46# define my_send(buf, len) (((use_starttls || use_ssl) && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
47#else /* ifndef HAVE_SSL */
48# define my_recv(buf, len) read(sd, buf, len)
49# define my_send(buf, len) send(sd, buf, len, 0)
50#endif
51 48
52enum { 49#define PROXY_PREFIX "PROXY TCP4 0.0.0.0 0.0.0.0 25 25\r\n"
53 SMTP_PORT = 25, 50#define SMTP_HELO "HELO "
54 SMTPS_PORT = 465 51#define SMTP_EHLO "EHLO "
55}; 52#define SMTP_LHLO "LHLO "
56#define PROXY_PREFIX "PROXY TCP4 0.0.0.0 0.0.0.0 25 25\r\n" 53#define SMTP_QUIT "QUIT\r\n"
57#define SMTP_EXPECT "220" 54#define SMTP_STARTTLS "STARTTLS\r\n"
58#define SMTP_HELO "HELO "
59#define SMTP_EHLO "EHLO "
60#define SMTP_LHLO "LHLO "
61#define SMTP_QUIT "QUIT\r\n"
62#define SMTP_STARTTLS "STARTTLS\r\n"
63#define SMTP_AUTH_LOGIN "AUTH LOGIN\r\n" 55#define SMTP_AUTH_LOGIN "AUTH LOGIN\r\n"
64 56
65#define EHLO_SUPPORTS_STARTTLS 1 57#define EHLO_SUPPORTS_STARTTLS 1
66 58
67int process_arguments (int, char **); 59typedef struct {
68int validate_arguments (void); 60 int errorcode;
69void print_help (void); 61 check_smtp_config config;
70void print_usage (void); 62} check_smtp_config_wrapper;
71void smtp_quit(void); 63static check_smtp_config_wrapper process_arguments(int /*argc*/, char ** /*argv*/);
72int recvline(char *, size_t);
73int recvlines(char *, size_t);
74int my_close(void);
75 64
76#include "regex.h" 65int my_recv(check_smtp_config config, void *buf, int num, int socket_descriptor,
77char regex_expect[MAX_INPUT_BUFFER] = ""; 66 bool ssl_established) {
78regex_t preg; 67#ifdef HAVE_SSL
79regmatch_t pmatch[10]; 68 if ((config.use_starttls || config.use_ssl) && ssl_established) {
80char timestamp[20] = ""; 69 return np_net_ssl_read(buf, num);
81char errbuf[MAX_INPUT_BUFFER]; 70 }
82int cflags = REG_EXTENDED | REG_NOSUB | REG_NEWLINE; 71 return (int)read(socket_descriptor, buf, (size_t)num);
83int eflags = 0; 72#else /* ifndef HAVE_SSL */
84int errcode, excode; 73 return read(socket_descriptor, buf, len)
85 74#endif
86int server_port = SMTP_PORT; 75}
87int server_port_option = 0;
88char *server_address = NULL;
89char *server_expect = NULL;
90char *mail_command = NULL;
91char *from_arg = NULL;
92int send_mail_from=0;
93int ncommands=0;
94int command_size=0;
95int nresponses=0;
96int response_size=0;
97char **commands = NULL;
98char **responses = NULL;
99char *authtype = NULL;
100char *authuser = NULL;
101char *authpass = NULL;
102double warning_time = 0;
103bool check_warning_time = false;
104double critical_time = 0;
105bool check_critical_time = false;
106int verbose = 0;
107bool use_ssl = false;
108bool use_starttls = false;
109bool use_sni = false;
110bool use_proxy_prefix = false;
111bool use_ehlo = false;
112bool use_lhlo = false;
113bool ssl_established = false;
114char *localhostname = NULL;
115int sd;
116char buffer[MAX_INPUT_BUFFER];
117enum {
118 TCP_PROTOCOL = 1,
119 UDP_PROTOCOL = 2,
120};
121bool ignore_send_quit_failure = false;
122
123
124int
125main (int argc, char **argv)
126{
127 bool supports_tls = false;
128 int n = 0;
129 double elapsed_time;
130 long microsec;
131 int result = STATE_UNKNOWN;
132 char *cmd_str = NULL;
133 char *helocmd = NULL;
134 char *error_msg = "";
135 char *server_response = NULL;
136 struct timeval tv;
137 76
138 /* Catch pipe errors in read/write - sometimes occurs when writing QUIT */ 77int my_send(check_smtp_config config, void *buf, int num, int socket_descriptor,
139 (void) signal (SIGPIPE, SIG_IGN); 78 bool ssl_established) {
79#ifdef HAVE_SSL
80 if ((config.use_starttls || config.use_ssl) && ssl_established) {
81
82 return np_net_ssl_write(buf, num);
83 }
84 return (int)send(socket_descriptor, buf, (size_t)num, 0);
85#else /* ifndef HAVE_SSL */
86 return send(socket_descriptor, buf, len, 0);
87#endif
88}
140 89
141 setlocale (LC_ALL, ""); 90static void print_help(void);
142 bindtextdomain (PACKAGE, LOCALEDIR); 91void print_usage(void);
143 textdomain (PACKAGE); 92static char *smtp_quit(check_smtp_config /*config*/, char /*buffer*/[MAX_INPUT_BUFFER],
93 int /*socket_descriptor*/, bool /*ssl_established*/);
94static int recvline(char * /*buf*/, size_t /*bufsize*/, check_smtp_config /*config*/,
95 int /*socket_descriptor*/, bool /*ssl_established*/);
96static int recvlines(check_smtp_config /*config*/, char * /*buf*/, size_t /*bufsize*/,
97 int /*socket_descriptor*/, bool /*ssl_established*/);
98static int my_close(int /*socket_descriptor*/);
99
100static int verbose = 0;
101
102int main(int argc, char **argv) {
103#ifdef __OpenBSD__
104 /* - rpath is required to read --extra-opts (given up later)
105 * - inet is required for sockets
106 * - unix is required for Unix domain sockets
107 * - dns is required for name lookups */
108 pledge("stdio rpath inet unix dns", NULL);
109#endif // __OpenBSD__
110
111 setlocale(LC_ALL, "");
112 bindtextdomain(PACKAGE, LOCALEDIR);
113 textdomain(PACKAGE);
144 114
145 /* Parse extra opts if any */ 115 /* Parse extra opts if any */
146 argv=np_extra_opts (&argc, argv, progname); 116 argv = np_extra_opts(&argc, argv, progname);
117
118 check_smtp_config_wrapper tmp_config = process_arguments(argc, argv);
119
120 if (tmp_config.errorcode == ERROR) {
121 usage4(_("Could not parse arguments"));
122 }
123
124#ifdef __OpenBSD__
125 pledge("stdio inet unix dns", NULL);
126#endif // __OpenBSD__
147 127
148 if (process_arguments (argc, argv) == ERROR) 128 const check_smtp_config config = tmp_config.config;
149 usage4 (_("Could not parse arguments")); 129
130 if (config.output_format_is_set) {
131 mp_set_format(config.output_format);
132 }
150 133
151 /* If localhostname not set on command line, use gethostname to set */ 134 /* If localhostname not set on command line, use gethostname to set */
152 if(! localhostname){ 135 char *localhostname = config.localhostname;
153 localhostname = malloc (HOST_MAX_BYTES); 136 if (!localhostname) {
154 if(!localhostname){ 137 localhostname = malloc(HOST_MAX_BYTES);
138 if (!localhostname) {
155 printf(_("malloc() failed!\n")); 139 printf(_("malloc() failed!\n"));
156 return STATE_CRITICAL; 140 exit(STATE_CRITICAL);
157 } 141 }
158 if(gethostname(localhostname, HOST_MAX_BYTES)){ 142 if (gethostname(localhostname, HOST_MAX_BYTES)) {
159 printf(_("gethostname() failed!\n")); 143 printf(_("gethostname() failed!\n"));
160 return STATE_CRITICAL; 144 exit(STATE_CRITICAL);
161 } 145 }
162 } 146 }
163 if(use_lhlo)
164 xasprintf (&helocmd, "%s%s%s", SMTP_LHLO, localhostname, "\r\n");
165 else if(use_ehlo)
166 xasprintf (&helocmd, "%s%s%s", SMTP_EHLO, localhostname, "\r\n");
167 else
168 xasprintf (&helocmd, "%s%s%s", SMTP_HELO, localhostname, "\r\n");
169 147
170 if (verbose) 148 char *helocmd = NULL;
149 if (config.use_lhlo) {
150 xasprintf(&helocmd, "%s%s%s", SMTP_LHLO, localhostname, "\r\n");
151 } else if (config.use_ehlo) {
152 xasprintf(&helocmd, "%s%s%s", SMTP_EHLO, localhostname, "\r\n");
153 } else {
154 xasprintf(&helocmd, "%s%s%s", SMTP_HELO, localhostname, "\r\n");
155 }
156
157 if (verbose) {
171 printf("HELOCMD: %s", helocmd); 158 printf("HELOCMD: %s", helocmd);
159 }
172 160
161 char *mail_command = strdup("MAIL ");
162 char *cmd_str = NULL;
173 /* initialize the MAIL command with optional FROM command */ 163 /* initialize the MAIL command with optional FROM command */
174 xasprintf (&cmd_str, "%sFROM:<%s>%s", mail_command, from_arg, "\r\n"); 164 xasprintf(&cmd_str, "%sFROM:<%s>%s", mail_command, config.from_arg, "\r\n");
165
166 if (verbose && config.send_mail_from) {
167 printf("FROM CMD: %s", cmd_str);
168 }
175 169
176 if (verbose && send_mail_from) 170 /* Catch pipe errors in read/write - sometimes occurs when writing QUIT */
177 printf ("FROM CMD: %s", cmd_str); 171 (void)signal(SIGPIPE, SIG_IGN);
178 172
179 /* initialize alarm signal handling */ 173 /* initialize alarm signal handling */
180 (void) signal (SIGALRM, socket_timeout_alarm_handler); 174 (void)signal(SIGALRM, socket_timeout_alarm_handler);
181 175
182 /* set socket timeout */ 176 /* set socket timeout */
183 (void) alarm (socket_timeout); 177 (void)alarm(socket_timeout);
184 178
179 struct timeval start_time;
185 /* start timer */ 180 /* start timer */
186 gettimeofday (&tv, NULL); 181 gettimeofday(&start_time, NULL);
182
183 int socket_descriptor = 0;
187 184
188 /* try to connect to the host at the given port number */ 185 /* try to connect to the host at the given port number */
189 result = my_tcp_connect (server_address, server_port, &sd); 186 mp_state_enum tcp_result =
190 187 my_tcp_connect(config.server_address, config.server_port, &socket_descriptor);
191 if (result == STATE_OK) { /* we connected */ 188
192 /* If requested, send PROXY header */ 189 mp_check overall = mp_check_init();
193 if (use_proxy_prefix) { 190 mp_subcheck sc_tcp_connect = mp_subcheck_init();
194 if (verbose) 191 char buffer[MAX_INPUT_BUFFER];
195 printf ("Sending header %s\n", PROXY_PREFIX); 192 bool ssl_established = false;
196 my_send(PROXY_PREFIX, strlen(PROXY_PREFIX)); 193
194 if (tcp_result != STATE_OK) {
195 // Connect failed
196 sc_tcp_connect = mp_set_subcheck_state(sc_tcp_connect, STATE_CRITICAL);
197 xasprintf(&sc_tcp_connect.output, "TCP connect to '%s' failed", config.server_address);
198 mp_add_subcheck_to_check(&overall, sc_tcp_connect);
199 mp_exit(overall);
200 }
201
202 /* we connected */
203 /* If requested, send PROXY header */
204 if (config.use_proxy_prefix) {
205 if (verbose) {
206 printf("Sending header %s\n", PROXY_PREFIX);
197 } 207 }
208 my_send(config, PROXY_PREFIX, strlen(PROXY_PREFIX), socket_descriptor, ssl_established);
209 }
198 210
199#ifdef HAVE_SSL 211#ifdef HAVE_SSL
200 if (use_ssl) { 212 if (config.use_ssl) {
201 result = np_net_ssl_init_with_hostname(sd, (use_sni ? server_address : NULL)); 213 int tls_result = np_net_ssl_init_with_hostname(
202 if (result != STATE_OK) { 214 socket_descriptor, (config.use_sni ? config.server_address : NULL));
203 printf (_("CRITICAL - Cannot create SSL context.\n")); 215
204 close(sd); 216 mp_subcheck sc_tls_connection = mp_subcheck_init();
205 np_net_ssl_cleanup(); 217
206 return STATE_CRITICAL; 218 if (tls_result != STATE_OK) {
207 } else { 219 close(socket_descriptor);
208 ssl_established = 1; 220 np_net_ssl_cleanup();
209 } 221
222 sc_tls_connection = mp_set_subcheck_state(sc_tls_connection, STATE_CRITICAL);
223 xasprintf(&sc_tls_connection.output, "cannot create TLS context");
224 mp_add_subcheck_to_check(&overall, sc_tls_connection);
225 mp_exit(overall);
210 } 226 }
227
228 sc_tls_connection = mp_set_subcheck_state(sc_tls_connection, STATE_OK);
229 xasprintf(&sc_tls_connection.output, "TLS context established");
230 mp_add_subcheck_to_check(&overall, sc_tls_connection);
231 ssl_established = true;
232 }
211#endif 233#endif
212 234
213 /* watch for the SMTP connection string and */ 235 /* watch for the SMTP connection string and */
214 /* return a WARNING status if we couldn't read any data */ 236 /* return a WARNING status if we couldn't read any data */
215 if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) { 237 if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) <= 0) {
216 printf (_("recv() failed\n")); 238 mp_subcheck sc_read_data = mp_subcheck_init();
217 return STATE_WARNING; 239 sc_read_data = mp_set_subcheck_state(sc_read_data, STATE_WARNING);
240 xasprintf(&sc_read_data.output, "recv() failed");
241 mp_add_subcheck_to_check(&overall, sc_read_data);
242 mp_exit(overall);
243 }
244
245 char *server_response = NULL;
246 /* save connect return (220 hostname ..) for later use */
247 xasprintf(&server_response, "%s", buffer);
248
249 /* send the HELO/EHLO command */
250 my_send(config, helocmd, (int)strlen(helocmd), socket_descriptor, ssl_established);
251
252 /* allow for response to helo command to reach us */
253 if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) <= 0) {
254 mp_subcheck sc_read_data = mp_subcheck_init();
255 sc_read_data = mp_set_subcheck_state(sc_read_data, STATE_WARNING);
256 xasprintf(&sc_read_data.output, "recv() failed");
257 mp_add_subcheck_to_check(&overall, sc_read_data);
258 mp_exit(overall);
259 }
260
261 bool supports_tls = false;
262 if (config.use_ehlo || config.use_lhlo) {
263 if (strstr(buffer, "250 STARTTLS") != NULL || strstr(buffer, "250-STARTTLS") != NULL) {
264 supports_tls = true;
218 } 265 }
266 }
219 267
220 /* save connect return (220 hostname ..) for later use */ 268 if (config.use_starttls && !supports_tls) {
221 xasprintf(&server_response, "%s", buffer); 269 smtp_quit(config, buffer, socket_descriptor, ssl_established);
222 270
223 /* send the HELO/EHLO command */ 271 mp_subcheck sc_read_data = mp_subcheck_init();
224 my_send(helocmd, strlen(helocmd)); 272 sc_read_data = mp_set_subcheck_state(sc_read_data, STATE_WARNING);
273 xasprintf(&sc_read_data.output, "StartTLS not supported by server");
274 mp_add_subcheck_to_check(&overall, sc_read_data);
275 mp_exit(overall);
276 }
225 277
226 /* allow for response to helo command to reach us */ 278#ifdef HAVE_SSL
227 if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) { 279 if (config.use_starttls) {
228 printf (_("recv() failed\n")); 280 /* send the STARTTLS command */
229 return STATE_WARNING; 281 send(socket_descriptor, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0);
230 } else if(use_ehlo || use_lhlo){ 282
231 if(strstr(buffer, "250 STARTTLS") != NULL || 283 mp_subcheck sc_starttls_init = mp_subcheck_init();
232 strstr(buffer, "250-STARTTLS") != NULL){ 284 recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor,
233 supports_tls=true; 285 ssl_established); /* wait for it */
234 } 286 if (!strstr(buffer, SMTP_EXPECT)) {
287 smtp_quit(config, buffer, socket_descriptor, ssl_established);
288
289 xasprintf(&sc_starttls_init.output, "StartTLS not supported by server");
290 sc_starttls_init = mp_set_subcheck_state(sc_starttls_init, STATE_UNKNOWN);
291 mp_add_subcheck_to_check(&overall, sc_starttls_init);
292 mp_exit(overall);
235 } 293 }
236 294
237 if(use_starttls && ! supports_tls){ 295 mp_state_enum starttls_result = np_net_ssl_init_with_hostname(
238 printf(_("WARNING - TLS not supported by server\n")); 296 socket_descriptor, (config.use_sni ? config.server_address : NULL));
239 smtp_quit(); 297 if (starttls_result != STATE_OK) {
240 return STATE_WARNING; 298 close(socket_descriptor);
299 np_net_ssl_cleanup();
300
301 sc_starttls_init = mp_set_subcheck_state(sc_starttls_init, STATE_CRITICAL);
302 xasprintf(&sc_starttls_init.output, "failed to create StartTLS context");
303 mp_add_subcheck_to_check(&overall, sc_starttls_init);
304 mp_exit(overall);
241 } 305 }
306 sc_starttls_init = mp_set_subcheck_state(sc_starttls_init, STATE_OK);
307 xasprintf(&sc_starttls_init.output, "created StartTLS context");
308 mp_add_subcheck_to_check(&overall, sc_starttls_init);
242 309
243#ifdef HAVE_SSL 310 ssl_established = true;
244 if(use_starttls) {
245 /* send the STARTTLS command */
246 send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0);
247
248 recvlines(buffer, MAX_INPUT_BUFFER); /* wait for it */
249 if (!strstr (buffer, SMTP_EXPECT)) {
250 printf (_("Server does not support STARTTLS\n"));
251 smtp_quit();
252 return STATE_UNKNOWN;
253 }
254 result = np_net_ssl_init_with_hostname(sd, (use_sni ? server_address : NULL));
255 if(result != STATE_OK) {
256 printf (_("CRITICAL - Cannot create SSL context.\n"));
257 close(sd);
258 np_net_ssl_cleanup();
259 return STATE_CRITICAL;
260 } else {
261 ssl_established = 1;
262 }
263 311
264 /* 312 /*
265 * Resend the EHLO command. 313 * Resend the EHLO command.
@@ -272,218 +320,287 @@ main (int argc, char **argv)
272 * reason, some MTAs will not allow an AUTH LOGIN command before 320 * reason, some MTAs will not allow an AUTH LOGIN command before
273 * we resent EHLO via TLS. 321 * we resent EHLO via TLS.
274 */ 322 */
275 if (my_send(helocmd, strlen(helocmd)) <= 0) { 323 if (my_send(config, helocmd, (int)strlen(helocmd), socket_descriptor, ssl_established) <=
276 printf("%s\n", _("SMTP UNKNOWN - Cannot send EHLO command via TLS.")); 324 0) {
277 my_close(); 325 my_close(socket_descriptor);
278 return STATE_UNKNOWN; 326
327 mp_subcheck sc_ehlo = mp_subcheck_init();
328 sc_ehlo = mp_set_subcheck_state(sc_ehlo, STATE_UNKNOWN);
329 xasprintf(&sc_ehlo.output, "cannot send EHLO command via StartTLS");
330 mp_add_subcheck_to_check(&overall, sc_ehlo);
331 mp_exit(overall);
279 } 332 }
280 if (verbose) 333
334 if (verbose) {
281 printf(_("sent %s"), helocmd); 335 printf(_("sent %s"), helocmd);
282 if ((n = recvlines(buffer, MAX_INPUT_BUFFER)) <= 0) {
283 printf("%s\n", _("SMTP UNKNOWN - Cannot read EHLO response via TLS."));
284 my_close();
285 return STATE_UNKNOWN;
286 } 336 }
337
338 if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) <= 0) {
339 my_close(socket_descriptor);
340
341 mp_subcheck sc_ehlo = mp_subcheck_init();
342 sc_ehlo = mp_set_subcheck_state(sc_ehlo, STATE_UNKNOWN);
343 xasprintf(&sc_ehlo.output, "cannot read EHLO response via StartTLS");
344 mp_add_subcheck_to_check(&overall, sc_ehlo);
345 mp_exit(overall);
346 }
347
287 if (verbose) { 348 if (verbose) {
288 printf("%s", buffer); 349 printf("%s", buffer);
289 } 350 }
351 }
352
353# ifdef USE_OPENSSL
354 if (ssl_established) {
355 net_ssl_check_cert_result cert_check_result =
356 np_net_ssl_check_cert2(config.days_till_exp_warn, config.days_till_exp_crit);
357
358 mp_subcheck sc_cert_check = mp_subcheck_init();
359
360 switch (cert_check_result.errors) {
361 case ALL_OK: {
362
363 if (cert_check_result.result_state != STATE_OK &&
364 config.ignore_certificate_expiration) {
365 xasprintf(&sc_cert_check.output,
366 "Remaining certificate lifetime: %d days. Expiration will be ignored",
367 (int)(cert_check_result.remaining_seconds / 86400));
368 sc_cert_check = mp_set_subcheck_state(sc_cert_check, STATE_OK);
369 } else {
370 xasprintf(&sc_cert_check.output, "Remaining certificate lifetime: %d days",
371 (int)(cert_check_result.remaining_seconds / 86400));
372 sc_cert_check =
373 mp_set_subcheck_state(sc_cert_check, cert_check_result.result_state);
374 }
375 } break;
376 case NO_SERVER_CERTIFICATE_PRESENT: {
377 xasprintf(&sc_cert_check.output, "no server certificate present");
378 sc_cert_check = mp_set_subcheck_state(sc_cert_check, cert_check_result.result_state);
379 } break;
380 case UNABLE_TO_RETRIEVE_CERTIFICATE_SUBJECT: {
381 xasprintf(&sc_cert_check.output, "can not retrieve certificate subject");
382 sc_cert_check = mp_set_subcheck_state(sc_cert_check, cert_check_result.result_state);
383 } break;
384 case WRONG_TIME_FORMAT_IN_CERTIFICATE: {
385 xasprintf(&sc_cert_check.output, "wrong time format in certificate");
386 sc_cert_check = mp_set_subcheck_state(sc_cert_check, cert_check_result.result_state);
387 } break;
388 };
389
390 mp_add_subcheck_to_check(&overall, sc_cert_check);
391 }
392# endif /* USE_OPENSSL */
290 393
291# ifdef USE_OPENSSL
292 if ( check_cert ) {
293 result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
294 smtp_quit();
295 my_close();
296 return result;
297 }
298# endif /* USE_OPENSSL */
299 }
300#endif 394#endif
301 395
302 if (verbose) 396 if (verbose) {
303 printf ("%s", buffer); 397 printf("%s", buffer);
304 398 }
305 /* save buffer for later use */ 399
306 xasprintf(&server_response, "%s%s", server_response, buffer); 400 /* save buffer for later use */
307 /* strip the buffer of carriage returns */ 401 xasprintf(&server_response, "%s%s", server_response, buffer);
308 strip (server_response); 402 /* strip the buffer of carriage returns */
309 403 strip(server_response);
310 /* make sure we find the droids we are looking for */ 404
311 if (!strstr (server_response, server_expect)) { 405 /* make sure we find the droids we are looking for */
312 if (server_port == SMTP_PORT) 406 mp_subcheck sc_expect_response = mp_subcheck_init();
313 printf (_("Invalid SMTP response received from host: %s\n"), server_response); 407
314 else 408 if (!strstr(server_response, config.server_expect)) {
315 printf (_("Invalid SMTP response received from host on port %d: %s\n"), 409 sc_expect_response = mp_set_subcheck_state(sc_expect_response, STATE_WARNING);
316 server_port, server_response); 410 if (config.server_port == SMTP_PORT) {
317 return STATE_WARNING; 411 xasprintf(&sc_expect_response.output, _("invalid SMTP response received from host: %s"),
412 server_response);
413 } else {
414 xasprintf(&sc_expect_response.output,
415 _("invalid SMTP response received from host on port %d: %s"),
416 config.server_port, server_response);
318 } 417 }
418 exit(STATE_WARNING);
419 } else {
420 xasprintf(&sc_expect_response.output, "received valid SMTP response '%s' from host: '%s'",
421 config.server_expect, server_response);
422 sc_expect_response = mp_set_subcheck_state(sc_expect_response, STATE_OK);
423 }
424
425 mp_add_subcheck_to_check(&overall, sc_expect_response);
426
427 if (config.send_mail_from) {
428 my_send(config, cmd_str, (int)strlen(cmd_str), socket_descriptor, ssl_established);
429 if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) >= 1 &&
430 verbose) {
431 printf("%s", buffer);
432 }
433 }
434
435 size_t counter = 0;
436 while (counter < config.ncommands) {
437 xasprintf(&cmd_str, "%s%s", config.commands[counter], "\r\n");
438 my_send(config, cmd_str, (int)strlen(cmd_str), socket_descriptor, ssl_established);
439 if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) >= 1 &&
440 verbose) {
441 printf("%s", buffer);
442 }
443
444 strip(buffer);
445
446 if (counter < config.nresponses) {
447 int cflags = REG_EXTENDED | REG_NOSUB | REG_NEWLINE;
448 regex_t preg;
449 int errcode = regcomp(&preg, config.responses[counter], cflags);
450 char errbuf[MAX_INPUT_BUFFER];
451 if (errcode != 0) {
452 regerror(errcode, &preg, errbuf, MAX_INPUT_BUFFER);
453 printf(_("Could Not Compile Regular Expression"));
454 exit(STATE_UNKNOWN);
455 }
319 456
320 if (send_mail_from) { 457 regmatch_t pmatch[10];
321 my_send(cmd_str, strlen(cmd_str)); 458 int eflags = 0;
322 if (recvlines(buffer, MAX_INPUT_BUFFER) >= 1 && verbose) 459 int excode = regexec(&preg, buffer, 10, pmatch, eflags);
323 printf("%s", buffer); 460 mp_subcheck sc_expected_responses = mp_subcheck_init();
461 if (excode == 0) {
462 xasprintf(&sc_expected_responses.output, "valid response '%s' to command '%s'",
463 buffer, config.commands[counter]);
464 sc_expected_responses = mp_set_subcheck_state(sc_expected_responses, STATE_OK);
465 } else if (excode == REG_NOMATCH) {
466 sc_expected_responses = mp_set_subcheck_state(sc_expected_responses, STATE_WARNING);
467 xasprintf(&sc_expected_responses.output, "invalid response '%s' to command '%s'",
468 buffer, config.commands[counter]);
469 } else {
470 regerror(excode, &preg, errbuf, MAX_INPUT_BUFFER);
471 xasprintf(&sc_expected_responses.output, "regexec execute error: %s", errbuf);
472 sc_expected_responses = mp_set_subcheck_state(sc_expected_responses, STATE_UNKNOWN);
473 }
324 } 474 }
475 counter++;
476 }
325 477
326 n = 0; 478 if (config.authtype != NULL) {
327 while (n < ncommands) { 479 mp_subcheck sc_auth = mp_subcheck_init();
328 xasprintf (&cmd_str, "%s%s", commands[n], "\r\n"); 480
329 my_send(cmd_str, strlen(cmd_str)); 481 if (strcmp(config.authtype, "LOGIN") == 0) {
330 if (recvlines(buffer, MAX_INPUT_BUFFER) >= 1 && verbose) 482 char *abuf;
331 printf("%s", buffer); 483 int ret;
332 strip (buffer); 484 do {
333 if (n < nresponses) { 485 /* send AUTH LOGIN */
334 cflags |= REG_EXTENDED | REG_NOSUB | REG_NEWLINE; 486 my_send(config, SMTP_AUTH_LOGIN, strlen(SMTP_AUTH_LOGIN), socket_descriptor,
335 errcode = regcomp (&preg, responses[n], cflags); 487 ssl_established);
336 if (errcode != 0) { 488
337 regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER); 489 if (verbose) {
338 printf (_("Could Not Compile Regular Expression")); 490 printf(_("sent %s\n"), "AUTH LOGIN");
339 return ERROR;
340 } 491 }
341 excode = regexec (&preg, buffer, 10, pmatch, eflags); 492
342 if (excode == 0) { 493 if ((ret = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor,
343 result = STATE_OK; 494 ssl_established)) <= 0) {
495 xasprintf(&sc_auth.output, _("recv() failed after AUTH LOGIN"));
496 sc_auth = mp_set_subcheck_state(sc_auth, STATE_WARNING);
497 break;
344 } 498 }
345 else if (excode == REG_NOMATCH) { 499
346 result = STATE_WARNING; 500 if (verbose) {
347 printf (_("SMTP %s - Invalid response '%s' to command '%s'\n"), state_text (result), buffer, commands[n]); 501 printf(_("received %s\n"), buffer);
348 } 502 }
349 else { 503
350 regerror (excode, &preg, errbuf, MAX_INPUT_BUFFER); 504 if (strncmp(buffer, "334", 3) != 0) {
351 printf (_("Execute Error: %s\n"), errbuf); 505 xasprintf(&sc_auth.output, "invalid response received after AUTH LOGIN");
352 result = STATE_UNKNOWN; 506 sc_auth = mp_set_subcheck_state(sc_auth, STATE_CRITICAL);
507 break;
353 } 508 }
354 }
355 n++;
356 }
357 509
358 if (authtype != NULL) { 510 /* encode authuser with base64 */
359 if (strcmp (authtype, "LOGIN") == 0) { 511 base64_encode_alloc(config.authuser, strlen(config.authuser), &abuf);
360 char *abuf; 512 xasprintf(&abuf, "%s\r\n", abuf);
361 int ret; 513 my_send(config, abuf, (int)strlen(abuf), socket_descriptor, ssl_established);
362 do { 514 if (verbose) {
363 if (authuser == NULL) { 515 printf(_("sent %s\n"), abuf);
364 result = STATE_CRITICAL; 516 }
365 xasprintf(&error_msg, _("no authuser specified, ")); 517
366 break; 518 if ((ret = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor,
367 } 519 ssl_established)) <= 0) {
368 if (authpass == NULL) { 520 xasprintf(&sc_auth.output, "recv() failed after sending authuser");
369 result = STATE_CRITICAL; 521 sc_auth = mp_set_subcheck_state(sc_auth, STATE_CRITICAL);
370 xasprintf(&error_msg, _("no authpass specified, "));
371 break;
372 }
373
374 /* send AUTH LOGIN */
375 my_send(SMTP_AUTH_LOGIN, strlen(SMTP_AUTH_LOGIN));
376 if (verbose)
377 printf (_("sent %s\n"), "AUTH LOGIN");
378
379 if ((ret = recvlines(buffer, MAX_INPUT_BUFFER)) <= 0) {
380 xasprintf(&error_msg, _("recv() failed after AUTH LOGIN, "));
381 result = STATE_WARNING;
382 break;
383 }
384 if (verbose)
385 printf (_("received %s\n"), buffer);
386
387 if (strncmp (buffer, "334", 3) != 0) {
388 result = STATE_CRITICAL;
389 xasprintf(&error_msg, _("invalid response received after AUTH LOGIN, "));
390 break;
391 }
392
393 /* encode authuser with base64 */
394 base64_encode_alloc (authuser, strlen(authuser), &abuf);
395 xasprintf(&abuf, "%s\r\n", abuf);
396 my_send(abuf, strlen(abuf));
397 if (verbose)
398 printf (_("sent %s\n"), abuf);
399
400 if ((ret = recvlines(buffer, MAX_INPUT_BUFFER)) <= 0) {
401 result = STATE_CRITICAL;
402 xasprintf(&error_msg, _("recv() failed after sending authuser, "));
403 break;
404 }
405 if (verbose) {
406 printf (_("received %s\n"), buffer);
407 }
408 if (strncmp (buffer, "334", 3) != 0) {
409 result = STATE_CRITICAL;
410 xasprintf(&error_msg, _("invalid response received after authuser, "));
411 break;
412 }
413 /* encode authpass with base64 */
414 base64_encode_alloc (authpass, strlen(authpass), &abuf);
415 xasprintf(&abuf, "%s\r\n", abuf);
416 my_send(abuf, strlen(abuf));
417 if (verbose) {
418 printf (_("sent %s\n"), abuf);
419 }
420 if ((ret = recvlines(buffer, MAX_INPUT_BUFFER)) <= 0) {
421 result = STATE_CRITICAL;
422 xasprintf(&error_msg, _("recv() failed after sending authpass, "));
423 break;
424 }
425 if (verbose) {
426 printf (_("received %s\n"), buffer);
427 }
428 if (strncmp (buffer, "235", 3) != 0) {
429 result = STATE_CRITICAL;
430 xasprintf(&error_msg, _("invalid response received after authpass, "));
431 break;
432 }
433 break; 522 break;
434 } while (0); 523 }
435 } else {
436 result = STATE_CRITICAL;
437 xasprintf(&error_msg, _("only authtype LOGIN is supported, "));
438 }
439 }
440 524
441 /* tell the server we're done */ 525 if (verbose) {
442 smtp_quit(); 526 printf(_("received %s\n"), buffer);
527 }
443 528
444 /* finally close the connection */ 529 if (strncmp(buffer, "334", 3) != 0) {
445 close (sd); 530 xasprintf(&sc_auth.output, "invalid response received after authuser");
446 } 531 sc_auth = mp_set_subcheck_state(sc_auth, STATE_CRITICAL);
532 break;
533 }
447 534
448 /* reset the alarm */ 535 /* encode authpass with base64 */
449 alarm (0); 536 base64_encode_alloc(config.authpass, strlen(config.authpass), &abuf);
537 xasprintf(&abuf, "%s\r\n", abuf);
538 my_send(config, abuf, (int)strlen(abuf), socket_descriptor, ssl_established);
539
540 if (verbose) {
541 printf(_("sent %s\n"), abuf);
542 }
543
544 if ((ret = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor,
545 ssl_established)) <= 0) {
546 xasprintf(&sc_auth.output, "recv() failed after sending authpass");
547 sc_auth = mp_set_subcheck_state(sc_auth, STATE_CRITICAL);
548 break;
549 }
550
551 if (verbose) {
552 printf(_("received %s\n"), buffer);
553 }
450 554
451 microsec = deltime (tv); 555 if (strncmp(buffer, "235", 3) != 0) {
452 elapsed_time = (double)microsec / 1.0e6; 556 xasprintf(&sc_auth.output, "invalid response received after authpass");
557 sc_auth = mp_set_subcheck_state(sc_auth, STATE_CRITICAL);
558 break;
559 }
560 break;
561 } while (false);
562 } else {
563 sc_auth = mp_set_subcheck_state(sc_auth, STATE_CRITICAL);
564 xasprintf(&sc_auth.output, "only authtype LOGIN is supported");
565 }
453 566
454 if (result == STATE_OK) { 567 mp_add_subcheck_to_check(&overall, sc_auth);
455 if (check_critical_time && elapsed_time > critical_time)
456 result = STATE_CRITICAL;
457 else if (check_warning_time && elapsed_time > warning_time)
458 result = STATE_WARNING;
459 } 568 }
460 569
461 printf (_("SMTP %s - %s%.3f sec. response time%s%s|%s\n"), 570 /* tell the server we're done */
462 state_text (result), 571 smtp_quit(config, buffer, socket_descriptor, ssl_established);
463 error_msg,
464 elapsed_time,
465 verbose?", ":"", verbose?buffer:"",
466 fperfdata ("time", elapsed_time, "s",
467 (int)check_warning_time, warning_time,
468 (int)check_critical_time, critical_time,
469 true, 0, false, 0));
470 572
471 return result; 573 /* finally close the connection */
472} 574 close(socket_descriptor);
473 575
576 /* reset the alarm */
577 alarm(0);
474 578
579 long microsec = deltime(start_time);
580 double elapsed_time = (double)microsec / 1.0e6;
475 581
476/* process command-line arguments */ 582 mp_perfdata pd_elapsed_time = perfdata_init();
477int 583 pd_elapsed_time = mp_set_pd_value(pd_elapsed_time, elapsed_time);
478process_arguments (int argc, char **argv) 584 pd_elapsed_time.label = "time";
479{ 585 pd_elapsed_time.uom = "s";
480 int c;
481 char* temp;
482 586
483 bool implicit_tls = false; 587 pd_elapsed_time = mp_pd_set_thresholds(pd_elapsed_time, config.connection_time);
588
589 mp_subcheck sc_connection_time = mp_subcheck_init();
590 xasprintf(&sc_connection_time.output, "connection time: %.3gs", elapsed_time);
591 sc_connection_time =
592 mp_set_subcheck_state(sc_connection_time, mp_get_pd_status(pd_elapsed_time));
593 mp_add_subcheck_to_check(&overall, sc_connection_time);
484 594
595 mp_exit(overall);
596}
597
598/* process command-line arguments */
599check_smtp_config_wrapper process_arguments(int argc, char **argv) {
485 enum { 600 enum {
486 SNI_OPTION 601 SNI_OPTION = CHAR_MAX + 1,
602 output_format_index,
603 ignore_certificate_expiration_index,
487 }; 604 };
488 605
489 int option = 0; 606 int option = 0;
@@ -509,277 +626,301 @@ process_arguments (int argc, char **argv)
509 {"lmtp", no_argument, 0, 'L'}, 626 {"lmtp", no_argument, 0, 'L'},
510 {"ssl", no_argument, 0, 's'}, 627 {"ssl", no_argument, 0, 's'},
511 {"tls", no_argument, 0, 's'}, 628 {"tls", no_argument, 0, 's'},
512 {"starttls",no_argument,0,'S'}, 629 {"starttls", no_argument, 0, 'S'},
513 {"sni", no_argument, 0, SNI_OPTION}, 630 {"sni", no_argument, 0, SNI_OPTION},
514 {"certificate",required_argument,0,'D'}, 631 {"certificate", required_argument, 0, 'D'},
515 {"ignore-quit-failure",no_argument,0,'q'}, 632 {"ignore-quit-failure", no_argument, 0, 'q'},
516 {"proxy",no_argument,0,'r'}, 633 {"proxy", no_argument, 0, 'r'},
517 {0, 0, 0, 0} 634 {"ignore-certificate-expiration", no_argument, 0, ignore_certificate_expiration_index},
635 {"output-format", required_argument, 0, output_format_index},
636 {0, 0, 0, 0}};
637
638 check_smtp_config_wrapper result = {
639 .config = check_smtp_config_init(),
640 .errorcode = OK,
518 }; 641 };
519 642
520 if (argc < 2) 643 if (argc < 2) {
521 return ERROR; 644 result.errorcode = ERROR;
645 return result;
646 }
522 647
523 for (c = 1; c < argc; c++) { 648 for (int index = 1; index < argc; index++) {
524 if (strcmp ("-to", argv[c]) == 0) 649 if (strcmp("-to", argv[index]) == 0) {
525 strcpy (argv[c], "-t"); 650 strcpy(argv[index], "-t");
526 else if (strcmp ("-wt", argv[c]) == 0) 651 } else if (strcmp("-wt", argv[index]) == 0) {
527 strcpy (argv[c], "-w"); 652 strcpy(argv[index], "-w");
528 else if (strcmp ("-ct", argv[c]) == 0) 653 } else if (strcmp("-ct", argv[index]) == 0) {
529 strcpy (argv[c], "-c"); 654 strcpy(argv[index], "-c");
655 }
530 } 656 }
531 657
532 while (1) { 658 unsigned long command_size = 0;
533 c = getopt_long (argc, argv, "+hVv46Lrt:p:f:e:c:w:H:C:R:sSD:F:A:U:P:q", 659 unsigned long response_size = 0;
534 longopts, &option); 660 bool implicit_tls = false;
661 int server_port_option = 0;
662 while (true) {
663 int opt_index =
664 getopt_long(argc, argv, "+hVv46Lrt:p:f:e:c:w:H:C:R:sSD:F:A:U:P:q", longopts, &option);
535 665
536 if (c == -1 || c == EOF) 666 if (opt_index == -1 || opt_index == EOF) {
537 break; 667 break;
668 }
538 669
539 switch (c) { 670 switch (opt_index) {
540 case 'H': /* hostname */ 671 case 'H': /* hostname */
541 if (is_host (optarg)) { 672 if (is_host(optarg)) {
542 server_address = optarg; 673 result.config.server_address = optarg;
543 } 674 } else {
544 else { 675 usage2(_("Invalid hostname/address"), optarg);
545 usage2 (_("Invalid hostname/address"), optarg);
546 } 676 }
547 break; 677 break;
548 case 'p': /* port */ 678 case 'p': /* port */
549 if (is_intpos (optarg)) 679 if (is_intpos(optarg)) {
550 server_port_option = atoi (optarg); 680 server_port_option = atoi(optarg);
551 else 681 } else {
552 usage4 (_("Port must be a positive integer")); 682 usage4(_("Port must be a positive integer"));
683 }
553 break; 684 break;
554 case 'F': 685 case 'F':
555 /* localhostname */ 686 /* localhostname */
556 localhostname = strdup(optarg); 687 result.config.localhostname = strdup(optarg);
557 break; 688 break;
558 case 'f': /* from argument */ 689 case 'f': /* from argument */
559 from_arg = optarg + strspn(optarg, "<"); 690 result.config.from_arg = optarg + strspn(optarg, "<");
560 from_arg = strndup(from_arg, strcspn(from_arg, ">")); 691 result.config.from_arg =
561 send_mail_from = 1; 692 strndup(result.config.from_arg, strcspn(result.config.from_arg, ">"));
693 result.config.send_mail_from = true;
562 break; 694 break;
563 case 'A': 695 case 'A':
564 authtype = optarg; 696 result.config.authtype = optarg;
565 use_ehlo = true; 697 result.config.use_ehlo = true;
566 break; 698 break;
567 case 'U': 699 case 'U':
568 authuser = optarg; 700 result.config.authuser = optarg;
569 break; 701 break;
570 case 'P': 702 case 'P':
571 authpass = optarg; 703 result.config.authpass = optarg;
572 break; 704 break;
573 case 'e': /* server expect string on 220 */ 705 case 'e': /* server expect string on 220 */
574 server_expect = optarg; 706 result.config.server_expect = optarg;
575 break; 707 break;
576 case 'C': /* commands */ 708 case 'C': /* commands */
577 if (ncommands >= command_size) { 709 if (result.config.ncommands >= command_size) {
578 command_size+=8; 710 command_size += 8;
579 commands = realloc (commands, sizeof(char *) * command_size); 711 result.config.commands =
580 if (commands == NULL) 712 realloc(result.config.commands, sizeof(char *) * command_size);
581 die (STATE_UNKNOWN, 713 if (result.config.commands == NULL) {
582 _("Could not realloc() units [%d]\n"), ncommands); 714 die(STATE_UNKNOWN, _("Could not realloc() units [%lu]\n"),
715 result.config.ncommands);
716 }
583 } 717 }
584 commands[ncommands] = (char *) malloc (sizeof(char) * 255); 718 result.config.commands[result.config.ncommands] = (char *)malloc(sizeof(char) * 255);
585 strncpy (commands[ncommands], optarg, 255); 719 strncpy(result.config.commands[result.config.ncommands], optarg, 255);
586 ncommands++; 720 result.config.ncommands++;
587 break; 721 break;
588 case 'R': /* server responses */ 722 case 'R': /* server responses */
589 if (nresponses >= response_size) { 723 if (result.config.nresponses >= response_size) {
590 response_size += 8; 724 response_size += 8;
591 responses = realloc (responses, sizeof(char *) * response_size); 725 result.config.responses =
592 if (responses == NULL) 726 realloc(result.config.responses, sizeof(char *) * response_size);
593 die (STATE_UNKNOWN, 727 if (result.config.responses == NULL) {
594 _("Could not realloc() units [%d]\n"), nresponses); 728 die(STATE_UNKNOWN, _("Could not realloc() units [%lu]\n"),
729 result.config.nresponses);
730 }
595 } 731 }
596 responses[nresponses] = (char *) malloc (sizeof(char) * 255); 732 result.config.responses[result.config.nresponses] = (char *)malloc(sizeof(char) * 255);
597 strncpy (responses[nresponses], optarg, 255); 733 strncpy(result.config.responses[result.config.nresponses], optarg, 255);
598 nresponses++; 734 result.config.nresponses++;
599 break; 735 break;
600 case 'c': /* critical time threshold */ 736 case 'c': /* critical time threshold */ {
601 if (!is_nonnegative (optarg)) 737 mp_range_parsed tmp = mp_parse_range_string(optarg);
602 usage4 (_("Critical time must be a positive")); 738 if (tmp.error != MP_PARSING_SUCCESS) {
603 else { 739 die(STATE_UNKNOWN, "failed to parse critical time threshold");
604 critical_time = strtod (optarg, NULL);
605 check_critical_time = true;
606 } 740 }
607 break; 741 result.config.connection_time =
608 case 'w': /* warning time threshold */ 742 mp_thresholds_set_warn(result.config.connection_time, tmp.range);
609 if (!is_nonnegative (optarg)) 743 } break;
610 usage4 (_("Warning time must be a positive")); 744 case 'w': /* warning time threshold */ {
611 else { 745 mp_range_parsed tmp = mp_parse_range_string(optarg);
612 warning_time = strtod (optarg, NULL); 746 if (tmp.error != MP_PARSING_SUCCESS) {
613 check_warning_time = true; 747 die(STATE_UNKNOWN, "failed to parse warning time threshold");
614 } 748 }
615 break; 749 result.config.connection_time =
616 case 'v': /* verbose */ 750 mp_thresholds_set_crit(result.config.connection_time, tmp.range);
751 } break;
752 case 'v': /* verbose */
617 verbose++; 753 verbose++;
618 break; 754 break;
619 case 'q': 755 case 'q':
620 ignore_send_quit_failure = true; /* ignore problem sending QUIT */ 756 result.config.ignore_send_quit_failure = true; /* ignore problem sending QUIT */
621 break; 757 break;
622 case 't': /* timeout */ 758 case 't': /* timeout */
623 if (is_intnonneg (optarg)) { 759 if (is_intnonneg(optarg)) {
624 socket_timeout = atoi (optarg); 760 socket_timeout = atoi(optarg);
625 } 761 } else {
626 else { 762 usage4(_("Timeout interval must be a positive integer"));
627 usage4 (_("Timeout interval must be a positive integer"));
628 } 763 }
629 break; 764 break;
630 case 'D': 765 case 'D': {
631 /* Check SSL cert validity */ 766 /* Check SSL cert validity */
632#ifdef USE_OPENSSL 767#ifdef USE_OPENSSL
633 if ((temp=strchr(optarg,','))!=NULL) { 768 char *temp;
634 *temp='\0'; 769 if ((temp = strchr(optarg, ',')) != NULL) {
635 if (!is_intnonneg (optarg)) 770 *temp = '\0';
636 usage2 ("Invalid certificate expiration period", optarg); 771 if (!is_intnonneg(optarg)) {
637 days_till_exp_warn = atoi(optarg); 772 usage2("Invalid certificate expiration period", optarg);
638 *temp=','; 773 }
639 temp++; 774 result.config.days_till_exp_warn = atoi(optarg);
640 if (!is_intnonneg (temp)) 775 *temp = ',';
641 usage2 (_("Invalid certificate expiration period"), temp); 776 temp++;
642 days_till_exp_crit = atoi (temp); 777 if (!is_intnonneg(temp)) {
643 } 778 usage2(_("Invalid certificate expiration period"), temp);
644 else { 779 }
645 days_till_exp_crit=0; 780 result.config.days_till_exp_crit = atoi(temp);
646 if (!is_intnonneg (optarg)) 781 } else {
647 usage2 ("Invalid certificate expiration period", optarg); 782 result.config.days_till_exp_crit = 0;
648 days_till_exp_warn = atoi (optarg); 783 if (!is_intnonneg(optarg)) {
649 } 784 usage2("Invalid certificate expiration period", optarg);
650 check_cert = true; 785 }
651 ignore_send_quit_failure = true; 786 result.config.days_till_exp_warn = atoi(optarg);
787 }
788 result.config.ignore_send_quit_failure = true;
652#else 789#else
653 usage (_("SSL support not available - install OpenSSL and recompile")); 790 usage(_("SSL support not available - install OpenSSL and recompile"));
654#endif 791#endif
655 implicit_tls = true; 792 implicit_tls = true;
656 // fallthrough 793 // fallthrough
657 case 's': 794 case 's':
658 /* ssl */ 795 /* ssl */
659 use_ssl = true; 796 result.config.use_ssl = true;
660 server_port = SMTPS_PORT; 797 result.config.server_port = SMTPS_PORT;
661 break; 798 break;
662 case 'S': 799 case 'S':
663 /* starttls */ 800 /* starttls */
664 use_starttls = true; 801 result.config.use_starttls = true;
665 use_ehlo = true; 802 result.config.use_ehlo = true;
666 break; 803 break;
804 }
667 case SNI_OPTION: 805 case SNI_OPTION:
668#ifdef HAVE_SSL 806#ifdef HAVE_SSL
669 use_sni = true; 807 result.config.use_sni = true;
670#else 808#else
671 usage (_("SSL support not available - install OpenSSL and recompile")); 809 usage(_("SSL support not available - install OpenSSL and recompile"));
672#endif 810#endif
673 break; 811 break;
674 case 'r': 812 case 'r':
675 use_proxy_prefix = true; 813 result.config.use_proxy_prefix = true;
676 break; 814 break;
677 case 'L': 815 case 'L':
678 use_lhlo = true; 816 result.config.use_lhlo = true;
679 break; 817 break;
680 case '4': 818 case '4':
681 address_family = AF_INET; 819 address_family = AF_INET;
682 break; 820 break;
683 case '6': 821 case '6':
684#ifdef USE_IPV6
685 address_family = AF_INET6; 822 address_family = AF_INET6;
686#else
687 usage4 (_("IPv6 support not available"));
688#endif
689 break; 823 break;
690 case 'V': /* version */ 824 case 'V': /* version */
691 print_revision (progname, NP_VERSION); 825 print_revision(progname, NP_VERSION);
692 exit (STATE_UNKNOWN); 826 exit(STATE_UNKNOWN);
693 case 'h': /* help */ 827 case 'h': /* help */
694 print_help (); 828 print_help();
695 exit (STATE_UNKNOWN); 829 exit(STATE_UNKNOWN);
696 case '?': /* help */ 830 case '?': /* help */
697 usage5 (); 831 usage5();
832 case output_format_index: {
833 parsed_output_format parser = mp_parse_output_format(optarg);
834 if (!parser.parsing_success) {
835 // TODO List all available formats here, maybe add anothoer usage function
836 printf("Invalid output format: %s\n", optarg);
837 exit(STATE_UNKNOWN);
838 }
839
840 result.config.output_format_is_set = true;
841 result.config.output_format = parser.output_format;
842 break;
843 }
844 case ignore_certificate_expiration_index: {
845 result.config.ignore_certificate_expiration = true;
846 }
698 } 847 }
699 } 848 }
700 849
701 c = optind; 850 int c = optind;
702 if (server_address == NULL) { 851 if (result.config.server_address == NULL) {
703 if (argv[c]) { 852 if (argv[c]) {
704 if (is_host (argv[c])) 853 if (is_host(argv[c])) {
705 server_address = argv[c]; 854 result.config.server_address = argv[c];
706 else 855 } else {
707 usage2 (_("Invalid hostname/address"), argv[c]); 856 usage2(_("Invalid hostname/address"), argv[c]);
708 } 857 }
709 else { 858 } else {
710 xasprintf (&server_address, "127.0.0.1"); 859 result.config.server_address = strdup("localhost");
711 } 860 }
712 } 861 }
713 862
714 if (server_expect == NULL) 863 if (result.config.use_starttls && result.config.use_ssl) {
715 server_expect = strdup (SMTP_EXPECT);
716
717 if (mail_command == NULL)
718 mail_command = strdup("MAIL ");
719
720 if (from_arg==NULL)
721 from_arg = strdup(" ");
722
723 if (use_starttls && use_ssl) {
724 if (implicit_tls) { 864 if (implicit_tls) {
725 use_ssl = false; 865 result.config.use_ssl = false;
726 server_port = SMTP_PORT;
727 } else { 866 } else {
728 usage4 (_("Set either -s/--ssl/--tls or -S/--starttls")); 867 usage4(_("Set either -s/--ssl/--tls or -S/--starttls"));
729 } 868 }
730 } 869 }
731 870
732 if (server_port_option != 0) { 871 if (server_port_option != 0) {
733 server_port = server_port_option; 872 result.config.server_port = server_port_option;
734 } 873 }
735 874
736 return validate_arguments (); 875 if (result.config.authtype) {
737} 876 if (strcmp(result.config.authtype, "LOGIN") == 0) {
738 877 if (result.config.authuser == NULL) {
739 878 usage4("no authuser specified");
879 }
880 if (result.config.authpass == NULL) {
881 usage4("no authpass specified");
882 }
883 } else {
884 usage4("only authtype LOGIN is supported");
885 }
886 }
740 887
741int 888 return result;
742validate_arguments (void)
743{
744 return OK;
745} 889}
746 890
747 891char *smtp_quit(check_smtp_config config, char buffer[MAX_INPUT_BUFFER], int socket_descriptor,
748void 892 bool ssl_established) {
749smtp_quit(void) 893 int sent_bytes =
750{ 894 my_send(config, SMTP_QUIT, strlen(SMTP_QUIT), socket_descriptor, ssl_established);
751 int bytes; 895 if (sent_bytes < 0) {
752 int n; 896 if (config.ignore_send_quit_failure) {
753 897 if (verbose) {
754 n = my_send(SMTP_QUIT, strlen(SMTP_QUIT));
755 if(n < 0) {
756 if(ignore_send_quit_failure) {
757 if(verbose) {
758 printf(_("Connection closed by server before sending QUIT command\n")); 898 printf(_("Connection closed by server before sending QUIT command\n"));
759 } 899 }
760 return; 900 return buffer;
761 } 901 }
762 die (STATE_UNKNOWN, 902 die(STATE_UNKNOWN, _("Connection closed by server before sending QUIT command\n"));
763 _("Connection closed by server before sending QUIT command\n"));
764 } 903 }
765 904
766 if (verbose) 905 if (verbose) {
767 printf(_("sent %s\n"), "QUIT"); 906 printf(_("sent %s\n"), "QUIT");
907 }
768 908
769 /* read the response but don't care about problems */ 909 /* read the response but don't care about problems */
770 bytes = recvlines(buffer, MAX_INPUT_BUFFER); 910 int bytes = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established);
771 if (verbose) { 911 if (verbose) {
772 if (bytes < 0) 912 if (bytes < 0) {
773 printf(_("recv() failed after QUIT.")); 913 printf(_("recv() failed after QUIT."));
774 else if (bytes == 0) 914 } else if (bytes == 0) {
775 printf(_("Connection reset by peer.")); 915 printf(_("Connection reset by peer."));
776 else { 916 } else {
777 buffer[bytes] = '\0'; 917 buffer[bytes] = '\0';
778 printf(_("received %s\n"), buffer); 918 printf(_("received %s\n"), buffer);
779 } 919 }
780 } 920 }
781}
782 921
922 return buffer;
923}
783 924
784/* 925/*
785 * Receive one line, copy it into buf and nul-terminate it. Returns the 926 * Receive one line, copy it into buf and nul-terminate it. Returns the
@@ -790,24 +931,23 @@ smtp_quit(void)
790 * function which buffers the data, move that to netutils.c and change 931 * function which buffers the data, move that to netutils.c and change
791 * check_smtp and other plugins to use that. Also, remove (\r)\n. 932 * check_smtp and other plugins to use that. Also, remove (\r)\n.
792 */ 933 */
793int 934int recvline(char *buf, size_t bufsize, check_smtp_config config, int socket_descriptor,
794recvline(char *buf, size_t bufsize) 935 bool ssl_established) {
795{
796 int result; 936 int result;
797 unsigned i; 937 size_t counter;
798 938
799 for (i = result = 0; i < bufsize - 1; i++) { 939 for (counter = result = 0; counter < bufsize - 1; counter++) {
800 if ((result = my_recv(&buf[i], 1)) != 1) 940 if ((result = my_recv(config, &buf[counter], 1, socket_descriptor, ssl_established)) != 1) {
801 break; 941 break;
802 if (buf[i] == '\n') { 942 }
803 buf[++i] = '\0'; 943 if (buf[counter] == '\n') {
804 return i; 944 buf[++counter] = '\0';
945 return (int)counter;
805 } 946 }
806 } 947 }
807 return (result == 1 || i == 0) ? -2 : result; /* -2 if out of space */ 948 return (result == 1 || counter == 0) ? -2 : result; /* -2 if out of space */
808} 949}
809 950
810
811/* 951/*
812 * Receive one or more lines, copy them into buf and nul-terminate it. Returns 952 * Receive one or more lines, copy them into buf and nul-terminate it. Returns
813 * the number of bytes written to buf (excluding the '\0') or 0 on EOF or <0 on 953 * the number of bytes written to buf (excluding the '\0') or 0 on EOF or <0 on
@@ -822,117 +962,114 @@ recvline(char *buf, size_t bufsize)
822 * 962 *
823 * TODO: Move this to netutils.c. Also, remove \r and possibly the final \n. 963 * TODO: Move this to netutils.c. Also, remove \r and possibly the final \n.
824 */ 964 */
825int 965int recvlines(check_smtp_config config, char *buf, size_t bufsize, int socket_descriptor,
826recvlines(char *buf, size_t bufsize) 966 bool ssl_established) {
827{ 967 int result;
828 int result, i; 968 int counter;
829 969
830 for (i = 0; /* forever */; i += result) 970 for (counter = 0; /* forever */; counter += result) {
831 if (!((result = recvline(buf + i, bufsize - i)) > 3 && 971 if (!((result = recvline(buf + counter, bufsize - counter, config, socket_descriptor,
832 isdigit((int)buf[i]) && 972 ssl_established)) > 3 &&
833 isdigit((int)buf[i + 1]) && 973 isdigit((int)buf[counter]) && isdigit((int)buf[counter + 1]) &&
834 isdigit((int)buf[i + 2]) && 974 isdigit((int)buf[counter + 2]) && buf[counter + 3] == '-')) {
835 buf[i + 3] == '-'))
836 break; 975 break;
976 }
977 }
837 978
838 return (result <= 0) ? result : result + i; 979 return (result <= 0) ? result : result + counter;
839} 980}
840 981
841 982int my_close(int socket_descriptor) {
842int
843my_close (void)
844{
845 int result; 983 int result;
846 result = close(sd); 984 result = close(socket_descriptor);
847#ifdef HAVE_SSL 985#ifdef HAVE_SSL
848 np_net_ssl_cleanup(); 986 np_net_ssl_cleanup();
849#endif 987#endif
850 return result; 988 return result;
851} 989}
852 990
853 991void print_help(void) {
854void
855print_help (void)
856{
857 char *myport; 992 char *myport;
858 xasprintf (&myport, "%d", SMTP_PORT); 993 xasprintf(&myport, "%d", SMTP_PORT);
859 994
860 print_revision (progname, NP_VERSION); 995 print_revision(progname, NP_VERSION);
861 996
862 printf ("Copyright (c) 1999-2001 Ethan Galstad <nagios@nagios.org>\n"); 997 printf("Copyright (c) 1999-2001 Ethan Galstad <nagios@nagios.org>\n");
863 printf (COPYRIGHT, copyright, email); 998 printf(COPYRIGHT, copyright, email);
864 999
865 printf("%s\n", _("This plugin will attempt to open an SMTP connection with the host.")); 1000 printf("%s\n", _("This plugin will attempt to open an SMTP connection with the host."));
866 1001
867 printf ("\n\n"); 1002 printf("\n\n");
868 1003
869 print_usage (); 1004 print_usage();
870 1005
871 printf (UT_HELP_VRSN); 1006 printf(UT_HELP_VRSN);
872 printf (UT_EXTRA_OPTS); 1007 printf(UT_EXTRA_OPTS);
873 1008
874 printf (UT_HOST_PORT, 'p', myport); 1009 printf(UT_HOST_PORT, 'p', myport);
875 1010
876 printf (UT_IPv46); 1011 printf(UT_IPv46);
877 1012
878 printf (" %s\n", "-e, --expect=STRING"); 1013 printf(" %s\n", "-e, --expect=STRING");
879 printf (_(" String to expect in first line of server response (default: '%s')\n"), SMTP_EXPECT); 1014 printf(_(" String to expect in first line of server response (default: '%s')\n"),
880 printf (" %s\n", "-C, --command=STRING"); 1015 SMTP_EXPECT);
881 printf (" %s\n", _("SMTP command (may be used repeatedly)")); 1016 printf(" %s\n", "-C, --command=STRING");
882 printf (" %s\n", "-R, --response=STRING"); 1017 printf(" %s\n", _("SMTP command (may be used repeatedly)"));
883 printf (" %s\n", _("Expected response to command (may be used repeatedly)")); 1018 printf(" %s\n", "-R, --response=STRING");
884 printf (" %s\n", "-f, --from=STRING"); 1019 printf(" %s\n", _("Expected response to command (may be used repeatedly)"));
885 printf (" %s\n", _("FROM-address to include in MAIL command, required by Exchange 2000")), 1020 printf(" %s\n", "-f, --from=STRING");
886 printf (" %s\n", "-F, --fqdn=STRING"); 1021 printf(" %s\n", _("FROM-address to include in MAIL command, required by Exchange 2000")),
887 printf (" %s\n", _("FQDN used for HELO")); 1022 printf(" %s\n", "-F, --fqdn=STRING");
888 printf (" %s\n", "-r, --proxy"); 1023 printf(" %s\n", _("FQDN used for HELO"));
889 printf (" %s\n", _("Use PROXY protocol prefix for the connection.")); 1024 printf(" %s\n", "-r, --proxy");
1025 printf(" %s\n", _("Use PROXY protocol prefix for the connection."));
890#ifdef HAVE_SSL 1026#ifdef HAVE_SSL
891 printf (" %s\n", "-D, --certificate=INTEGER[,INTEGER]"); 1027 printf(" %s\n", "-D, --certificate=INTEGER[,INTEGER]");
892 printf (" %s\n", _("Minimum number of days a certificate has to be valid.")); 1028 printf(" %s\n", _("Minimum number of days a certificate has to be valid."));
893 printf (" %s\n", "-s, --ssl, --tls"); 1029 printf(" %s\n", "-s, --ssl, --tls");
894 printf (" %s\n", _("Use SSL/TLS for the connection.")); 1030 printf(" %s\n", _("Use SSL/TLS for the connection."));
895 printf (_(" Sets default port to %d.\n"), SMTPS_PORT); 1031 printf(_(" Sets default port to %d.\n"), SMTPS_PORT);
896 printf (" %s\n", "-S, --starttls"); 1032 printf(" %s\n", "-S, --starttls");
897 printf (" %s\n", _("Use STARTTLS for the connection.")); 1033 printf(" %s\n", _("Use STARTTLS for the connection."));
898 printf (" %s\n", "--sni"); 1034 printf(" %s\n", "--sni");
899 printf (" %s\n", _("Enable SSL/TLS hostname extension support (SNI)")); 1035 printf(" %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
900#endif 1036#endif
901 1037
902 printf (" %s\n", "-A, --authtype=STRING"); 1038 printf(" %s\n", "-A, --authtype=STRING");
903 printf (" %s\n", _("SMTP AUTH type to check (default none, only LOGIN supported)")); 1039 printf(" %s\n", _("SMTP AUTH type to check (default none, only LOGIN supported)"));
904 printf (" %s\n", "-U, --authuser=STRING"); 1040 printf(" %s\n", "-U, --authuser=STRING");
905 printf (" %s\n", _("SMTP AUTH username")); 1041 printf(" %s\n", _("SMTP AUTH username"));
906 printf (" %s\n", "-P, --authpass=STRING"); 1042 printf(" %s\n", "-P, --authpass=STRING");
907 printf (" %s\n", _("SMTP AUTH password")); 1043 printf(" %s\n", _("SMTP AUTH password"));
908 printf (" %s\n", "-L, --lmtp"); 1044 printf(" %s\n", "-L, --lmtp");
909 printf (" %s\n", _("Send LHLO instead of HELO/EHLO")); 1045 printf(" %s\n", _("Send LHLO instead of HELO/EHLO"));
910 printf (" %s\n", "-q, --ignore-quit-failure"); 1046 printf(" %s\n", "-q, --ignore-quit-failure");
911 printf (" %s\n", _("Ignore failure when sending QUIT command to server")); 1047 printf(" %s\n", _("Ignore failure when sending QUIT command to server"));
912 1048 printf(" %s\n", "--ignore-certificate-expiration");
913 printf (UT_WARN_CRIT); 1049 printf(" %s\n", _("Ignore certificate expiration"));
914
915 printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
916 1050
917 printf (UT_VERBOSE); 1051 printf(UT_WARN_CRIT);
918 1052
919 printf("\n"); 1053 printf(UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
920 printf ("%s\n", _("Successful connects return STATE_OK, refusals and timeouts return"));
921 printf ("%s\n", _("STATE_CRITICAL, other errors return STATE_UNKNOWN. Successful"));
922 printf ("%s\n", _("connects, but incorrect response messages from the host result in"));
923 printf ("%s\n", _("STATE_WARNING return values."));
924 1054
925 printf (UT_SUPPORT); 1055 printf(UT_OUTPUT_FORMAT);
926}
927 1056
1057 printf(UT_VERBOSE);
928 1058
1059 printf("\n");
1060 printf("%s\n", _("Successful connects return STATE_OK, refusals and timeouts return"));
1061 printf("%s\n", _("STATE_CRITICAL, other errors return STATE_UNKNOWN. Successful"));
1062 printf("%s\n", _("connects, but incorrect response messages from the host result in"));
1063 printf("%s\n", _("STATE_WARNING return values."));
929 1064
930void 1065 printf(UT_SUPPORT);
931print_usage (void)
932{
933 printf ("%s\n", _("Usage:"));
934 printf ("%s -H host [-p port] [-4|-6] [-e expect] [-C command] [-R response] [-f from addr]\n", progname);
935 printf ("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-q]\n");
936 printf ("[-F fqdn] [-S] [-L] [-D warn days cert expire[,crit days cert expire]] [-r] [--sni] [-v] \n");
937} 1066}
938 1067
1068void print_usage(void) {
1069 printf("%s\n", _("Usage:"));
1070 printf("%s -H host [-p port] [-4|-6] [-e expect] [-C command] [-R response] [-f from addr]\n",
1071 progname);
1072 printf("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-q]\n");
1073 printf("[-F fqdn] [-S] [-L] [-D warn days cert expire[,crit days cert expire]] [-r] [--sni] "
1074 "[-v] \n");
1075}