From 883fcb607f9b3e810e22b2e21da7441a073b6e32 Mon Sep 17 00:00:00 2001 From: Lorenz Kästle <12514511+RincewindsHat@users.noreply.github.com> Date: Mon, 10 Mar 2025 01:31:52 +0100 Subject: Refactor check_smtp --- plugins/Makefile.am | 3 +- plugins/check_smtp.c | 518 ++++++++++++++++++++---------------------- plugins/check_smtp.d/config.h | 92 ++++++++ 3 files changed, 343 insertions(+), 270 deletions(-) create mode 100644 plugins/check_smtp.d/config.h (limited to 'plugins') diff --git a/plugins/Makefile.am b/plugins/Makefile.am index 6ee93c18..5e8f0650 100644 --- a/plugins/Makefile.am +++ b/plugins/Makefile.am @@ -52,7 +52,8 @@ EXTRA_DIST = t \ check_swap.d \ check_dbi.d \ check_ssh.d \ - check_dns.d + check_dns.d \ + check_smtp.d PLUGINHDRS = common.h diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c index bb45e01b..0be02937 100644 --- a/plugins/check_smtp.c +++ b/plugins/check_smtp.c @@ -28,6 +28,7 @@ * *****************************************************************************/ +#include "states.h" const char *progname = "check_smtp"; const char *copyright = "2000-2024"; const char *email = "devel@monitoring-plugins.org"; @@ -36,21 +37,12 @@ const char *email = "devel@monitoring-plugins.org"; #include "netutils.h" #include "utils.h" #include "base64.h" +#include "regex.h" #include - -#ifdef HAVE_SSL -static bool check_cert = false; -static int days_till_exp_warn, days_till_exp_crit; -# define my_recv(buf, len) (((use_starttls || use_ssl) && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) -# define my_send(buf, len) (((use_starttls || use_ssl) && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0)) -#else /* ifndef HAVE_SSL */ -# define my_recv(buf, len) read(sd, buf, len) -# define my_send(buf, len) send(sd, buf, len, 0) -#endif +#include "check_smtp.d/config.h" #define PROXY_PREFIX "PROXY TCP4 0.0.0.0 0.0.0.0 25 25\r\n" -#define SMTP_EXPECT "220" #define SMTP_HELO "HELO " #define SMTP_EHLO "EHLO " #define SMTP_LHLO "LHLO " @@ -60,71 +52,51 @@ static int days_till_exp_warn, days_till_exp_crit; #define EHLO_SUPPORTS_STARTTLS 1 -static int process_arguments (int, char **); -static int validate_arguments (void); -static void print_help (void); -void print_usage (void); -static void smtp_quit(void); -static int recvline(char *, size_t); -static int recvlines(char *, size_t); -static int my_close(void); +typedef struct { + int errorcode; + check_smtp_config config; +} check_smtp_config_wrapper; +static check_smtp_config_wrapper process_arguments(int /*argc*/, char ** /*argv*/); + +int my_recv(check_smtp_config config, void *buf, int num, int socket_descriptor, bool ssl_established) { +#ifdef HAVE_SSL + if ((config.use_starttls || config.use_ssl) && ssl_established) { + return np_net_ssl_read(buf, num); + } + return (int)read(socket_descriptor, buf, (size_t)num); +#else /* ifndef HAVE_SSL */ + return read(socket_descriptor, buf, len) +#endif +} + +int my_send(check_smtp_config config, void *buf, int num, int socket_descriptor, bool ssl_established) { +#ifdef HAVE_SSL + if ((config.use_starttls || config.use_ssl) && ssl_established) { + + return np_net_ssl_write(buf, num); + } + return (int)send(socket_descriptor, buf, (size_t)num, 0); +#else /* ifndef HAVE_SSL */ + return send(socket_descriptor, buf, len, 0); +#endif +} + +static void print_help(void); +void print_usage(void); +static char *smtp_quit(check_smtp_config /*config*/, char /*buffer*/[MAX_INPUT_BUFFER], int /*socket_descriptor*/, + bool /*ssl_established*/); +static int recvline(char * /*buf*/, size_t /*bufsize*/, check_smtp_config /*config*/, int /*socket_descriptor*/, bool /*ssl_established*/); +static int recvlines(check_smtp_config /*config*/, char * /*buf*/, size_t /*bufsize*/, int /*socket_descriptor*/, bool /*ssl_established*/); +static int my_close(int /*socket_descriptor*/); -#include "regex.h" -static regex_t preg; -static regmatch_t pmatch[10]; -static char errbuf[MAX_INPUT_BUFFER]; -static int cflags = REG_EXTENDED | REG_NOSUB | REG_NEWLINE; -static int eflags = 0; -static int errcode, excode; - -static int server_port_option = 0; -static char *server_address = NULL; -static char *server_expect = NULL; -static char *mail_command = NULL; -static char *from_arg = NULL; -static int send_mail_from = 0; -static int ncommands = 0; -static int command_size = 0; -static int nresponses = 0; -static int response_size = 0; -static char **commands = NULL; -static char **responses = NULL; -static char *authtype = NULL; -static char *authuser = NULL; -static char *authpass = NULL; -static double warning_time = 0; -static bool check_warning_time = false; -static double critical_time = 0; -static bool check_critical_time = false; static int verbose = 0; -static bool use_ssl = false; -static bool use_starttls = false; -static bool use_sni = false; -static bool use_proxy_prefix = false; -static bool use_ehlo = false; -static bool use_lhlo = false; -static bool ssl_established = false; -static char *localhostname = NULL; -static int sd; -static char buffer[MAX_INPUT_BUFFER]; + enum { TCP_PROTOCOL = 1, UDP_PROTOCOL = 2, }; -static bool ignore_send_quit_failure = false; int main(int argc, char **argv) { - bool supports_tls = false; - int n = 0; - double elapsed_time; - long microsec; - int result = STATE_UNKNOWN; - char *cmd_str = NULL; - char *helocmd = NULL; - char *error_msg = ""; - char *server_response = NULL; - struct timeval tv; - /* Catch pipe errors in read/write - sometimes occurs when writing QUIT */ (void)signal(SIGPIPE, SIG_IGN); @@ -135,25 +107,31 @@ int main(int argc, char **argv) { /* Parse extra opts if any */ argv = np_extra_opts(&argc, argv, progname); - if (process_arguments(argc, argv) == ERROR) { + check_smtp_config_wrapper tmp_config = process_arguments(argc, argv); + + if (tmp_config.errorcode == ERROR) { usage4(_("Could not parse arguments")); } + const check_smtp_config config = tmp_config.config; + /* If localhostname not set on command line, use gethostname to set */ + char *localhostname = config.localhostname; if (!localhostname) { localhostname = malloc(HOST_MAX_BYTES); if (!localhostname) { printf(_("malloc() failed!\n")); - return STATE_CRITICAL; + exit(STATE_CRITICAL); } if (gethostname(localhostname, HOST_MAX_BYTES)) { printf(_("gethostname() failed!\n")); - return STATE_CRITICAL; + exit(STATE_CRITICAL); } } - if (use_lhlo) { + char *helocmd = NULL; + if (config.use_lhlo) { xasprintf(&helocmd, "%s%s%s", SMTP_LHLO, localhostname, "\r\n"); - } else if (use_ehlo) { + } else if (config.use_ehlo) { xasprintf(&helocmd, "%s%s%s", SMTP_EHLO, localhostname, "\r\n"); } else { xasprintf(&helocmd, "%s%s%s", SMTP_HELO, localhostname, "\r\n"); @@ -163,10 +141,13 @@ int main(int argc, char **argv) { printf("HELOCMD: %s", helocmd); } + char *mail_command = strdup("MAIL "); + + char *cmd_str = NULL; /* initialize the MAIL command with optional FROM command */ - xasprintf(&cmd_str, "%sFROM:<%s>%s", mail_command, from_arg, "\r\n"); + xasprintf(&cmd_str, "%sFROM:<%s>%s", mail_command, config.from_arg, "\r\n"); - if (verbose && send_mail_from) { + if (verbose && config.send_mail_from) { printf("FROM CMD: %s", cmd_str); } @@ -176,84 +157,90 @@ int main(int argc, char **argv) { /* set socket timeout */ (void)alarm(socket_timeout); + struct timeval start_time; /* start timer */ - gettimeofday(&tv, NULL); + gettimeofday(&start_time, NULL); + int socket_descriptor = 0; /* try to connect to the host at the given port number */ - result = my_tcp_connect(server_address, server_port, &sd); + mp_state_enum result = my_tcp_connect(config.server_address, config.server_port, &socket_descriptor); + char *error_msg = ""; + char buffer[MAX_INPUT_BUFFER]; + bool ssl_established = false; if (result == STATE_OK) { /* we connected */ /* If requested, send PROXY header */ - if (use_proxy_prefix) { + if (config.use_proxy_prefix) { if (verbose) { printf("Sending header %s\n", PROXY_PREFIX); } - my_send(PROXY_PREFIX, strlen(PROXY_PREFIX)); + my_send(config, PROXY_PREFIX, strlen(PROXY_PREFIX), socket_descriptor, ssl_established); } #ifdef HAVE_SSL - if (use_ssl) { - result = np_net_ssl_init_with_hostname(sd, (use_sni ? server_address : NULL)); + if (config.use_ssl) { + result = np_net_ssl_init_with_hostname(socket_descriptor, (config.use_sni ? config.server_address : NULL)); if (result != STATE_OK) { printf(_("CRITICAL - Cannot create SSL context.\n")); - close(sd); + close(socket_descriptor); np_net_ssl_cleanup(); - return STATE_CRITICAL; - } else { - ssl_established = 1; + exit(STATE_CRITICAL); } + ssl_established = true; } #endif /* watch for the SMTP connection string and */ /* return a WARNING status if we couldn't read any data */ - if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) { + if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) <= 0) { printf(_("recv() failed\n")); - return STATE_WARNING; + exit(STATE_WARNING); } + char *server_response = NULL; /* save connect return (220 hostname ..) for later use */ xasprintf(&server_response, "%s", buffer); /* send the HELO/EHLO command */ - my_send(helocmd, strlen(helocmd)); + my_send(config, helocmd, (int)strlen(helocmd), socket_descriptor, ssl_established); /* allow for response to helo command to reach us */ - if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) { + if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) <= 0) { printf(_("recv() failed\n")); - return STATE_WARNING; - } else if (use_ehlo || use_lhlo) { + exit(STATE_WARNING); + } + bool supports_tls = false; + if (config.use_ehlo || config.use_lhlo) { if (strstr(buffer, "250 STARTTLS") != NULL || strstr(buffer, "250-STARTTLS") != NULL) { supports_tls = true; } } - if (use_starttls && !supports_tls) { + if (config.use_starttls && !supports_tls) { printf(_("WARNING - TLS not supported by server\n")); - smtp_quit(); - return STATE_WARNING; + smtp_quit(config, buffer, socket_descriptor, ssl_established); + exit(STATE_WARNING); } #ifdef HAVE_SSL - if (use_starttls) { + if (config.use_starttls) { /* send the STARTTLS command */ - send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0); + send(socket_descriptor, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0); - recvlines(buffer, MAX_INPUT_BUFFER); /* wait for it */ + recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established); /* wait for it */ if (!strstr(buffer, SMTP_EXPECT)) { printf(_("Server does not support STARTTLS\n")); - smtp_quit(); - return STATE_UNKNOWN; + smtp_quit(config, buffer, socket_descriptor, ssl_established); + exit(STATE_UNKNOWN); } - result = np_net_ssl_init_with_hostname(sd, (use_sni ? server_address : NULL)); + result = np_net_ssl_init_with_hostname(socket_descriptor, (config.use_sni ? config.server_address : NULL)); if (result != STATE_OK) { printf(_("CRITICAL - Cannot create SSL context.\n")); - close(sd); + close(socket_descriptor); np_net_ssl_cleanup(); - return STATE_CRITICAL; - } else { - ssl_established = 1; + exit(STATE_CRITICAL); } + ssl_established = true; /* * Resend the EHLO command. @@ -266,29 +253,32 @@ int main(int argc, char **argv) { * reason, some MTAs will not allow an AUTH LOGIN command before * we resent EHLO via TLS. */ - if (my_send(helocmd, strlen(helocmd)) <= 0) { + if (my_send(config, helocmd, strlen(helocmd), socket_descriptor, ssl_established) <= 0) { printf("%s\n", _("SMTP UNKNOWN - Cannot send EHLO command via TLS.")); - my_close(); - return STATE_UNKNOWN; + my_close(socket_descriptor); + exit(STATE_UNKNOWN); } + if (verbose) { printf(_("sent %s"), helocmd); } - if ((n = recvlines(buffer, MAX_INPUT_BUFFER)) <= 0) { + + if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) <= 0) { printf("%s\n", _("SMTP UNKNOWN - Cannot read EHLO response via TLS.")); - my_close(); - return STATE_UNKNOWN; + my_close(socket_descriptor); + exit(STATE_UNKNOWN); } + if (verbose) { printf("%s", buffer); } # ifdef USE_OPENSSL - if (check_cert) { - result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit); - smtp_quit(); - my_close(); - return result; + if (config.check_cert) { + result = np_net_ssl_check_cert(config.days_till_exp_warn, config.days_till_exp_crit); + smtp_quit(config, buffer, socket_descriptor, ssl_established); + my_close(socket_descriptor); + exit(result); } # endif /* USE_OPENSSL */ } @@ -304,76 +294,81 @@ int main(int argc, char **argv) { strip(server_response); /* make sure we find the droids we are looking for */ - if (!strstr(server_response, server_expect)) { - if (server_port == SMTP_PORT) { + if (!strstr(server_response, config.server_expect)) { + if (config.server_port == SMTP_PORT) { printf(_("Invalid SMTP response received from host: %s\n"), server_response); } else { - printf(_("Invalid SMTP response received from host on port %d: %s\n"), server_port, server_response); + printf(_("Invalid SMTP response received from host on port %d: %s\n"), config.server_port, server_response); } - return STATE_WARNING; + exit(STATE_WARNING); } - if (send_mail_from) { - my_send(cmd_str, strlen(cmd_str)); - if (recvlines(buffer, MAX_INPUT_BUFFER) >= 1 && verbose) { + if (config.send_mail_from) { + my_send(config, cmd_str, (int)strlen(cmd_str), socket_descriptor, ssl_established); + if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) >= 1 && verbose) { printf("%s", buffer); } } - n = 0; - while (n < ncommands) { - xasprintf(&cmd_str, "%s%s", commands[n], "\r\n"); - my_send(cmd_str, strlen(cmd_str)); - if (recvlines(buffer, MAX_INPUT_BUFFER) >= 1 && verbose) { + int counter = 0; + while (counter < config.ncommands) { + xasprintf(&cmd_str, "%s%s", config.commands[counter], "\r\n"); + my_send(config, cmd_str, (int)strlen(cmd_str), socket_descriptor, ssl_established); + if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) >= 1 && verbose) { printf("%s", buffer); } strip(buffer); - if (n < nresponses) { - cflags |= REG_EXTENDED | REG_NOSUB | REG_NEWLINE; - errcode = regcomp(&preg, responses[n], cflags); + if (counter < config.nresponses) { + int cflags = REG_EXTENDED | REG_NOSUB | REG_NEWLINE; + regex_t preg; + int errcode = regcomp(&preg, config.responses[counter], cflags); + char errbuf[MAX_INPUT_BUFFER]; if (errcode != 0) { regerror(errcode, &preg, errbuf, MAX_INPUT_BUFFER); printf(_("Could Not Compile Regular Expression")); - return ERROR; + exit(STATE_UNKNOWN); } - excode = regexec(&preg, buffer, 10, pmatch, eflags); + + regmatch_t pmatch[10]; + int eflags = 0; + int excode = regexec(&preg, buffer, 10, pmatch, eflags); if (excode == 0) { result = STATE_OK; } else if (excode == REG_NOMATCH) { result = STATE_WARNING; - printf(_("SMTP %s - Invalid response '%s' to command '%s'\n"), state_text(result), buffer, commands[n]); + printf(_("SMTP %s - Invalid response '%s' to command '%s'\n"), state_text(result), buffer, config.commands[counter]); } else { regerror(excode, &preg, errbuf, MAX_INPUT_BUFFER); printf(_("Execute Error: %s\n"), errbuf); result = STATE_UNKNOWN; } } - n++; + counter++; } - if (authtype != NULL) { - if (strcmp(authtype, "LOGIN") == 0) { + if (config.authtype != NULL) { + if (strcmp(config.authtype, "LOGIN") == 0) { char *abuf; int ret; do { - if (authuser == NULL) { + if (config.authuser == NULL) { result = STATE_CRITICAL; xasprintf(&error_msg, _("no authuser specified, ")); break; } - if (authpass == NULL) { + if (config.authpass == NULL) { result = STATE_CRITICAL; xasprintf(&error_msg, _("no authpass specified, ")); break; } /* send AUTH LOGIN */ - my_send(SMTP_AUTH_LOGIN, strlen(SMTP_AUTH_LOGIN)); + my_send(config, SMTP_AUTH_LOGIN, strlen(SMTP_AUTH_LOGIN), socket_descriptor, ssl_established); if (verbose) { printf(_("sent %s\n"), "AUTH LOGIN"); } - if ((ret = recvlines(buffer, MAX_INPUT_BUFFER)) <= 0) { + if ((ret = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established)) <= 0) { xasprintf(&error_msg, _("recv() failed after AUTH LOGIN, ")); result = STATE_WARNING; break; @@ -389,14 +384,14 @@ int main(int argc, char **argv) { } /* encode authuser with base64 */ - base64_encode_alloc(authuser, strlen(authuser), &abuf); + base64_encode_alloc(config.authuser, strlen(config.authuser), &abuf); xasprintf(&abuf, "%s\r\n", abuf); - my_send(abuf, strlen(abuf)); + my_send(config, abuf, (int)strlen(abuf), socket_descriptor, ssl_established); if (verbose) { printf(_("sent %s\n"), abuf); } - if ((ret = recvlines(buffer, MAX_INPUT_BUFFER)) <= 0) { + if ((ret = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established)) <= 0) { result = STATE_CRITICAL; xasprintf(&error_msg, _("recv() failed after sending authuser, ")); break; @@ -410,13 +405,13 @@ int main(int argc, char **argv) { break; } /* encode authpass with base64 */ - base64_encode_alloc(authpass, strlen(authpass), &abuf); + base64_encode_alloc(config.authpass, strlen(config.authpass), &abuf); xasprintf(&abuf, "%s\r\n", abuf); - my_send(abuf, strlen(abuf)); + my_send(config, abuf, (int)strlen(abuf), socket_descriptor, ssl_established); if (verbose) { printf(_("sent %s\n"), abuf); } - if ((ret = recvlines(buffer, MAX_INPUT_BUFFER)) <= 0) { + if ((ret = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established)) <= 0) { result = STATE_CRITICAL; xasprintf(&error_msg, _("recv() failed after sending authpass, ")); break; @@ -438,41 +433,36 @@ int main(int argc, char **argv) { } /* tell the server we're done */ - smtp_quit(); + smtp_quit(config, buffer, socket_descriptor, ssl_established); /* finally close the connection */ - close(sd); + close(socket_descriptor); } /* reset the alarm */ alarm(0); - microsec = deltime(tv); - elapsed_time = (double)microsec / 1.0e6; + long microsec = deltime(start_time); + double elapsed_time = (double)microsec / 1.0e6; if (result == STATE_OK) { - if (check_critical_time && elapsed_time > critical_time) { + if (config.check_critical_time && elapsed_time > config.critical_time) { result = STATE_CRITICAL; - } else if (check_warning_time && elapsed_time > warning_time) { + } else if (config.check_warning_time && elapsed_time > config.warning_time) { result = STATE_WARNING; } } printf(_("SMTP %s - %s%.3f sec. response time%s%s|%s\n"), state_text(result), error_msg, elapsed_time, verbose ? ", " : "", verbose ? buffer : "", - fperfdata("time", elapsed_time, "s", (int)check_warning_time, warning_time, (int)check_critical_time, critical_time, true, 0, - false, 0)); + fperfdata("time", elapsed_time, "s", config.check_warning_time, config.warning_time, config.check_critical_time, + config.critical_time, true, 0, false, 0)); - return result; + exit(result); } /* process command-line arguments */ -int process_arguments(int argc, char **argv) { - int c; - char *temp; - - bool implicit_tls = false; - +check_smtp_config_wrapper process_arguments(int argc, char **argv) { enum { SNI_OPTION }; @@ -506,109 +496,118 @@ int process_arguments(int argc, char **argv) { {"proxy", no_argument, 0, 'r'}, {0, 0, 0, 0}}; + check_smtp_config_wrapper result = { + .config = check_smtp_config_init(), + .errorcode = OK, + }; + if (argc < 2) { - return ERROR; + result.errorcode = ERROR; + return result; } - for (c = 1; c < argc; c++) { - if (strcmp("-to", argv[c]) == 0) { - strcpy(argv[c], "-t"); - } else if (strcmp("-wt", argv[c]) == 0) { - strcpy(argv[c], "-w"); - } else if (strcmp("-ct", argv[c]) == 0) { - strcpy(argv[c], "-c"); + for (int index = 1; index < argc; index++) { + if (strcmp("-to", argv[index]) == 0) { + strcpy(argv[index], "-t"); + } else if (strcmp("-wt", argv[index]) == 0) { + strcpy(argv[index], "-w"); + } else if (strcmp("-ct", argv[index]) == 0) { + strcpy(argv[index], "-c"); } } - while (1) { - c = getopt_long(argc, argv, "+hVv46Lrt:p:f:e:c:w:H:C:R:sSD:F:A:U:P:q", longopts, &option); + int command_size = 0; + int response_size = 0; + bool implicit_tls = false; + while (true) { + int opt_index = getopt_long(argc, argv, "+hVv46Lrt:p:f:e:c:w:H:C:R:sSD:F:A:U:P:q", longopts, &option); - if (c == -1 || c == EOF) { + if (opt_index == -1 || opt_index == EOF) { break; } - switch (c) { + switch (opt_index) { case 'H': /* hostname */ if (is_host(optarg)) { - server_address = optarg; + result.config.server_address = optarg; } else { usage2(_("Invalid hostname/address"), optarg); } break; case 'p': /* port */ if (is_intpos(optarg)) { - server_port_option = atoi(optarg); + result.config.server_port = atoi(optarg); } else { usage4(_("Port must be a positive integer")); } break; case 'F': /* localhostname */ - localhostname = strdup(optarg); + result.config.localhostname = strdup(optarg); break; case 'f': /* from argument */ - from_arg = optarg + strspn(optarg, "<"); - from_arg = strndup(from_arg, strcspn(from_arg, ">")); - send_mail_from = 1; + result.config.from_arg = optarg + strspn(optarg, "<"); + result.config.from_arg = strndup(result.config.from_arg, strcspn(result.config.from_arg, ">")); + result.config.send_mail_from = true; break; case 'A': - authtype = optarg; - use_ehlo = true; + result.config.authtype = optarg; + result.config.use_ehlo = true; break; case 'U': - authuser = optarg; + result.config.authuser = optarg; break; case 'P': - authpass = optarg; + result.config.authpass = optarg; break; case 'e': /* server expect string on 220 */ - server_expect = optarg; + result.config.server_expect = optarg; break; case 'C': /* commands */ - if (ncommands >= command_size) { + if (result.config.ncommands >= command_size) { command_size += 8; - commands = realloc(commands, sizeof(char *) * command_size); - if (commands == NULL) { - die(STATE_UNKNOWN, _("Could not realloc() units [%d]\n"), ncommands); + result.config.commands = realloc(result.config.commands, sizeof(char *) * command_size); + if (result.config.commands == NULL) { + die(STATE_UNKNOWN, _("Could not realloc() units [%d]\n"), result.config.ncommands); } } - commands[ncommands] = (char *)malloc(sizeof(char) * 255); - strncpy(commands[ncommands], optarg, 255); - ncommands++; + result.config.commands[result.config.ncommands] = (char *)malloc(sizeof(char) * 255); + strncpy(result.config.commands[result.config.ncommands], optarg, 255); + result.config.ncommands++; break; case 'R': /* server responses */ - if (nresponses >= response_size) { + if (result.config.nresponses >= response_size) { response_size += 8; - responses = realloc(responses, sizeof(char *) * response_size); - if (responses == NULL) { - die(STATE_UNKNOWN, _("Could not realloc() units [%d]\n"), nresponses); + result.config.responses = realloc(result.config.responses, sizeof(char *) * response_size); + if (result.config.responses == NULL) { + die(STATE_UNKNOWN, _("Could not realloc() units [%d]\n"), result.config.nresponses); } } - responses[nresponses] = (char *)malloc(sizeof(char) * 255); - strncpy(responses[nresponses], optarg, 255); - nresponses++; + result.config.responses[result.config.nresponses] = (char *)malloc(sizeof(char) * 255); + strncpy(result.config.responses[result.config.nresponses], optarg, 255); + result.config.nresponses++; break; case 'c': /* critical time threshold */ if (!is_nonnegative(optarg)) { usage4(_("Critical time must be a positive")); } else { - critical_time = strtod(optarg, NULL); - check_critical_time = true; + result.config.critical_time = strtod(optarg, NULL); + result.config.check_critical_time = true; } break; case 'w': /* warning time threshold */ if (!is_nonnegative(optarg)) { usage4(_("Warning time must be a positive")); } else { - warning_time = strtod(optarg, NULL); - check_warning_time = true; + result.config.warning_time = strtod(optarg, NULL); + result.config.check_warning_time = true; } break; case 'v': /* verbose */ verbose++; break; case 'q': - ignore_send_quit_failure = true; /* ignore problem sending QUIT */ + result.config.ignore_send_quit_failure = true; /* ignore problem sending QUIT */ break; case 't': /* timeout */ if (is_intnonneg(optarg)) { @@ -617,30 +616,31 @@ int process_arguments(int argc, char **argv) { usage4(_("Timeout interval must be a positive integer")); } break; - case 'D': + case 'D': { /* Check SSL cert validity */ #ifdef USE_OPENSSL + char *temp; if ((temp = strchr(optarg, ',')) != NULL) { *temp = '\0'; if (!is_intnonneg(optarg)) { usage2("Invalid certificate expiration period", optarg); } - days_till_exp_warn = atoi(optarg); + result.config.days_till_exp_warn = atoi(optarg); *temp = ','; temp++; if (!is_intnonneg(temp)) { usage2(_("Invalid certificate expiration period"), temp); } - days_till_exp_crit = atoi(temp); + result.config.days_till_exp_crit = atoi(temp); } else { - days_till_exp_crit = 0; + result.config.days_till_exp_crit = 0; if (!is_intnonneg(optarg)) { usage2("Invalid certificate expiration period", optarg); } - days_till_exp_warn = atoi(optarg); + result.config.days_till_exp_warn = atoi(optarg); } - check_cert = true; - ignore_send_quit_failure = true; + result.config.check_cert = true; + result.config.ignore_send_quit_failure = true; #else usage(_("SSL support not available - install OpenSSL and recompile")); #endif @@ -648,26 +648,27 @@ int process_arguments(int argc, char **argv) { // fallthrough case 's': /* ssl */ - use_ssl = true; - server_port = SMTPS_PORT; + result.config.use_ssl = true; + result.config.server_port = SMTPS_PORT; break; case 'S': /* starttls */ - use_starttls = true; - use_ehlo = true; + result.config.use_starttls = true; + result.config.use_ehlo = true; break; + } case SNI_OPTION: #ifdef HAVE_SSL - use_sni = true; + result.config.use_sni = true; #else usage(_("SSL support not available - install OpenSSL and recompile")); #endif break; case 'r': - use_proxy_prefix = true; + result.config.use_proxy_prefix = true; break; case 'L': - use_lhlo = true; + result.config.use_lhlo = true; break; case '4': address_family = AF_INET; @@ -690,60 +691,36 @@ int process_arguments(int argc, char **argv) { } } - c = optind; - if (server_address == NULL) { + int c = optind; + if (result.config.server_address == NULL) { if (argv[c]) { if (is_host(argv[c])) { - server_address = argv[c]; + result.config.server_address = argv[c]; } else { usage2(_("Invalid hostname/address"), argv[c]); } - } else { - xasprintf(&server_address, "127.0.0.1"); } } - if (server_expect == NULL) { - server_expect = strdup(SMTP_EXPECT); - } - - if (mail_command == NULL) { - mail_command = strdup("MAIL "); - } - - if (from_arg == NULL) { - from_arg = strdup(" "); - } - - if (use_starttls && use_ssl) { + if (result.config.use_starttls && result.config.use_ssl) { if (implicit_tls) { - use_ssl = false; - server_port = SMTP_PORT; + result.config.use_ssl = false; } else { usage4(_("Set either -s/--ssl/--tls or -S/--starttls")); } } - if (server_port_option != 0) { - server_port = server_port_option; - } - - return validate_arguments(); + return result; } -int validate_arguments(void) { return OK; } - -void smtp_quit(void) { - int bytes; - int n; - - n = my_send(SMTP_QUIT, strlen(SMTP_QUIT)); - if (n < 0) { - if (ignore_send_quit_failure) { +char *smtp_quit(check_smtp_config config, char buffer[MAX_INPUT_BUFFER], int socket_descriptor, bool ssl_established) { + int sent_bytes = my_send(config, SMTP_QUIT, strlen(SMTP_QUIT), socket_descriptor, ssl_established); + if (sent_bytes < 0) { + if (config.ignore_send_quit_failure) { if (verbose) { printf(_("Connection closed by server before sending QUIT command\n")); } - return; + return buffer; } die(STATE_UNKNOWN, _("Connection closed by server before sending QUIT command\n")); } @@ -753,7 +730,7 @@ void smtp_quit(void) { } /* read the response but don't care about problems */ - bytes = recvlines(buffer, MAX_INPUT_BUFFER); + int bytes = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established); if (verbose) { if (bytes < 0) { printf(_("recv() failed after QUIT.")); @@ -764,6 +741,8 @@ void smtp_quit(void) { printf(_("received %s\n"), buffer); } } + + return buffer; } /* @@ -775,20 +754,20 @@ void smtp_quit(void) { * function which buffers the data, move that to netutils.c and change * check_smtp and other plugins to use that. Also, remove (\r)\n. */ -int recvline(char *buf, size_t bufsize) { +int recvline(char *buf, size_t bufsize, check_smtp_config config, int socket_descriptor, bool ssl_established) { int result; - unsigned i; + int counter; - for (i = result = 0; i < bufsize - 1; i++) { - if ((result = my_recv(&buf[i], 1)) != 1) { + for (counter = result = 0; counter < bufsize - 1; counter++) { + if ((result = my_recv(config, &buf[counter], 1, socket_descriptor, ssl_established)) != 1) { break; } - if (buf[i] == '\n') { - buf[++i] = '\0'; - return i; + if (buf[counter] == '\n') { + buf[++counter] = '\0'; + return counter; } } - return (result == 1 || i == 0) ? -2 : result; /* -2 if out of space */ + return (result == 1 || counter == 0) ? -2 : result; /* -2 if out of space */ } /* @@ -805,22 +784,23 @@ int recvline(char *buf, size_t bufsize) { * * TODO: Move this to netutils.c. Also, remove \r and possibly the final \n. */ -int recvlines(char *buf, size_t bufsize) { - int result, i; +int recvlines(check_smtp_config config, char *buf, size_t bufsize, int socket_descriptor, bool ssl_established) { + int result; + int counter; - for (i = 0; /* forever */; i += result) { - if (!((result = recvline(buf + i, bufsize - i)) > 3 && isdigit((int)buf[i]) && isdigit((int)buf[i + 1]) && - isdigit((int)buf[i + 2]) && buf[i + 3] == '-')) { + for (counter = 0; /* forever */; counter += result) { + if (!((result = recvline(buf + counter, bufsize - counter, config, socket_descriptor, ssl_established)) > 3 && + isdigit((int)buf[counter]) && isdigit((int)buf[counter + 1]) && isdigit((int)buf[counter + 2]) && buf[counter + 3] == '-')) { break; } } - return (result <= 0) ? result : result + i; + return (result <= 0) ? result : result + counter; } -int my_close(void) { +int my_close(int socket_descriptor) { int result; - result = close(sd); + result = close(socket_descriptor); #ifdef HAVE_SSL np_net_ssl_cleanup(); #endif diff --git a/plugins/check_smtp.d/config.h b/plugins/check_smtp.d/config.h new file mode 100644 index 00000000..c8660445 --- /dev/null +++ b/plugins/check_smtp.d/config.h @@ -0,0 +1,92 @@ +#pragma once + +#include "../../config.h" +#include +#include + +enum { + SMTP_PORT = 25, + SMTPS_PORT = 465 +}; + +#define SMTP_EXPECT "220" + +typedef struct { + int server_port; + char *server_address; + char *localhostname; + char *server_expect; + bool ignore_send_quit_failure; + + double warning_time; + bool check_warning_time; + double critical_time; + bool check_critical_time; + bool use_ehlo; + bool use_lhlo; + + char *from_arg; + bool send_mail_from; + + int ncommands; + char **commands; + + int nresponses; + char **responses; + + char *authtype; + char *authuser; + char *authpass; + + bool use_proxy_prefix; +#ifdef HAVE_SSL + bool check_cert; + int days_till_exp_warn; + int days_till_exp_crit; + bool use_ssl; + bool use_starttls; + bool use_sni; +#endif +} check_smtp_config; + +check_smtp_config check_smtp_config_init() { + check_smtp_config tmp = { + .server_port = SMTP_PORT, + .server_address = strdup("localhost"), + .localhostname = NULL, + + .server_expect = SMTP_EXPECT, + .ignore_send_quit_failure = false, + + .warning_time = 0, + .check_warning_time = false, + .critical_time = 0, + .check_critical_time = false, + .use_ehlo = false, + .use_lhlo = false, + + .from_arg = strdup(" "), + .send_mail_from = false, + + .ncommands = 0, + .commands = NULL, + + .nresponses = 0, + .responses = NULL, + + .authtype = NULL, + .authuser = NULL, + .authpass = NULL, + + .use_proxy_prefix = false, +#ifdef HAVE_SSL + .check_cert = false, + .days_till_exp_warn = 0, + .days_till_exp_crit = 0, + .use_ssl = false, + .use_starttls = false, + .use_sni = false, +#endif + }; + return tmp; +} -- cgit v1.2.3-74-g34f1