From 0b6423f9c99d9edf8c96fefd0f6c453859395aa1 Mon Sep 17 00:00:00 2001 From: Holger Weiss Date: Mon, 30 Sep 2013 00:03:24 +0200 Subject: Import Nagios Plugins site Import the Nagios Plugins web site, Cronjobs, infrastructure scripts, and configuration files. --- .../112577-check_smtp.c.patch.cvs.HEAD.20041215 | 504 +++++++++++++++++++++ 1 file changed, 504 insertions(+) create mode 100644 web/attachments/112577-check_smtp.c.patch.cvs.HEAD.20041215 (limited to 'web/attachments/112577-check_smtp.c.patch.cvs.HEAD.20041215') diff --git a/web/attachments/112577-check_smtp.c.patch.cvs.HEAD.20041215 b/web/attachments/112577-check_smtp.c.patch.cvs.HEAD.20041215 new file mode 100644 index 0000000..8dedb8c --- /dev/null +++ b/web/attachments/112577-check_smtp.c.patch.cvs.HEAD.20041215 @@ -0,0 +1,504 @@ +*** check_smtp.c.orig 2004-12-15 13:08:34.000000000 -0500 +--- check_smtp.c 2004-12-15 14:35:05.521604150 -0500 +*************** +*** 25,45 **** +--- 25,77 ---- + + #include "common.h" + #include "netutils.h" + #include "utils.h" + ++ #ifdef HAVE_SSL_H ++ # include ++ # include ++ # include ++ # include ++ # include ++ # include ++ #else ++ # ifdef HAVE_OPENSSL_SSL_H ++ # include ++ # include ++ # include ++ # include ++ # include ++ # include ++ # endif ++ #endif ++ ++ #ifdef HAVE_SSL ++ ++ int check_cert = FALSE; ++ int days_till_exp; ++ SSL_CTX *ctx; ++ SSL *ssl; ++ X509 *server_cert; ++ int connect_STARTTLS (void); ++ int check_certificate (X509 **); ++ #endif ++ + enum { + SMTP_PORT = 25 + }; + const char *SMTP_EXPECT = "220"; + const char *SMTP_HELO = "HELO "; + const char *SMTP_QUIT = "QUIT\r\n"; ++ const char *SMTP_STARTTLS = "STARTTLS\r\n"; + + int process_arguments (int, char **); + int validate_arguments (void); + void print_help (void); + void print_usage (void); ++ int myrecv(void); ++ int my_close(void); + + #ifdef HAVE_REGEX_H + #include + char regex_expect[MAX_INPUT_BUFFER] = ""; + regex_t preg; +*************** +*** 66,87 **** + int warning_time = 0; + int check_warning_time = FALSE; + int critical_time = 0; + int check_critical_time = FALSE; + int verbose = 0; +! +! + + int + main (int argc, char **argv) + { +! int sd; + int n = 0; + double elapsed_time; + long microsec; + int result = STATE_UNKNOWN; +- char buffer[MAX_INPUT_BUFFER]; + char *cmd_str = NULL; + char *helocmd = NULL; + struct timeval tv; + + setlocale (LC_ALL, ""); +--- 98,124 ---- + int warning_time = 0; + int check_warning_time = FALSE; + int critical_time = 0; + int check_critical_time = FALSE; + int verbose = 0; +! int use_ssl = FALSE; +! int sd; +! char buffer[MAX_INPUT_BUFFER]; +! enum { +! TCP_PROTOCOL = 1, +! UDP_PROTOCOL = 2, +! MAXBUF = 1024 +! }; + + int + main (int argc, char **argv) + { +! + int n = 0; + double elapsed_time; + long microsec; + int result = STATE_UNKNOWN; + char *cmd_str = NULL; + char *helocmd = NULL; + struct timeval tv; + + setlocale (LC_ALL, ""); +*************** +*** 138,153 **** + printf (_("Invalid SMTP response received from host on port %d\n"), + server_port); + result = STATE_WARNING; + } + } +! + /* send the HELO command */ + send(sd, helocmd, strlen(helocmd), 0); + + /* allow for response to helo command to reach us */ +! recv(sd, buffer, MAX_INPUT_BUFFER-1, 0); + + /* sendmail will syslog a "NOQUEUE" error if session does not attempt + * to do something useful. This can be prevented by giving a command + * even if syntax is illegal (MAIL requires a FROM:<...> argument) + * +--- 175,223 ---- + printf (_("Invalid SMTP response received from host on port %d\n"), + server_port); + result = STATE_WARNING; + } + } +! #ifdef HAVE_SSL +! if(use_ssl) { +! /* send the STARTTLS command */ +! send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0); +! +! recv(sd,buffer, MAX_INPUT_BUFFER-1, 0); // wait for it +! if (!strstr (buffer, server_expect)) { +! printf (_("Server does not support STARTTLS\n")); +! return STATE_UNKNOWN; +! } +! if(connect_STARTTLS() != OK) { +! printf (_("ERROR: Cannot create SSL context.\n")); +! return STATE_CRITICAL; +! } +! if ( check_cert ) { +! if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { +! result = check_certificate (&server_cert); +! X509_free(server_cert); +! } +! else { +! printf (_("ERROR: Cannot retrieve server certificate.\n")); +! result = STATE_CRITICAL; +! +! } +! my_close(); +! return result; +! } +! } +! #endif + /* send the HELO command */ ++ #ifdef HAVE_SSL ++ if (use_ssl) ++ SSL_write(ssl, helocmd, strlen(helocmd)); ++ else ++ #endif + send(sd, helocmd, strlen(helocmd), 0); + + /* allow for response to helo command to reach us */ +! myrecv(); + + /* sendmail will syslog a "NOQUEUE" error if session does not attempt + * to do something useful. This can be prevented by giving a command + * even if syntax is illegal (MAIL requires a FROM:<...> argument) + * +*************** +*** 156,175 **** + * + * You can disable sending mail_command with '--nocommand' + * Use the -f option to provide a FROM address + */ + if (smtp_use_dummycmd) { +! send(sd, cmd_str, strlen(cmd_str), 0); +! recv(sd, buffer, MAX_INPUT_BUFFER-1, 0); +! if (verbose) +! printf("%s", buffer); + } + + while (n < ncommands) { + asprintf (&cmd_str, "%s%s", commands[n], "\r\n"); + send(sd, cmd_str, strlen(cmd_str), 0); +! recv(sd, buffer, MAX_INPUT_BUFFER-1, 0); + if (verbose) + printf("%s", buffer); + strip (buffer); + if (n < nresponses) { + #ifdef HAVE_REGEX_H +--- 226,255 ---- + * + * You can disable sending mail_command with '--nocommand' + * Use the -f option to provide a FROM address + */ + if (smtp_use_dummycmd) { +! #ifdef HAVE_SSL +! if (use_ssl) +! SSL_write(ssl, cmd_str, strlen(cmd_str)); +! else +! #endif +! send(sd, cmd_str, strlen(cmd_str), 0); +! myrecv(); +! if (verbose) +! printf("%s", buffer); + } + + while (n < ncommands) { + asprintf (&cmd_str, "%s%s", commands[n], "\r\n"); ++ #ifdef HAVE_SSL ++ if (use_ssl) ++ SSL_write(ssl,cmd_str, strlen(cmd_str)); ++ else ++ #endif + send(sd, cmd_str, strlen(cmd_str), 0); +! myrecv(); + if (verbose) + printf("%s", buffer); + strip (buffer); + if (n < nresponses) { + #ifdef HAVE_REGEX_H +*************** +*** 204,213 **** +--- 284,298 ---- + } + n++; + } + + /* tell the server we're done */ ++ #ifdef HAVE_SSL ++ if (use_ssl) ++ SSL_write(ssl,SMTP_QUIT, strlen (SMTP_QUIT)); ++ else ++ #endif + send (sd, SMTP_QUIT, strlen (SMTP_QUIT), 0); + + /* finally close the connection */ + close (sd); + } +*************** +*** 259,268 **** +--- 344,355 ---- + {"verbose", no_argument, 0, 'v'}, + {"version", no_argument, 0, 'V'}, + {"use-ipv4", no_argument, 0, '4'}, + {"use-ipv6", no_argument, 0, '6'}, + {"help", no_argument, 0, 'h'}, ++ {"starttls",no_argument,0,'S'}, ++ {"certificate",required_argument,0,'D'}, + {0, 0, 0, 0} + }; + + if (argc < 2) + return ERROR; +*************** +*** 275,285 **** + else if (strcmp ("-ct", argv[c]) == 0) + strcpy (argv[c], "-c"); + } + + while (1) { +! c = getopt_long (argc, argv, "+hVv46t:p:f:e:c:w:H:C:R:", + longopts, &option); + + if (c == -1 || c == EOF) + break; + +--- 362,372 ---- + else if (strcmp ("-ct", argv[c]) == 0) + strcpy (argv[c], "-c"); + } + + while (1) { +! c = getopt_long (argc, argv, "+hVv46t:p:f:e:c:w:H:C:R:SD:", + longopts, &option); + + if (c == -1 || c == EOF) + break; + +*************** +*** 352,361 **** +--- 439,464 ---- + } + else { + usage4 (_("Time interval must be a positive integer")); + } + break; ++ case 'S': ++ /* starttls */ ++ use_ssl = TRUE; ++ break; ++ case 'D': ++ /* Check SSL cert validity */ ++ #ifdef HAVE_SSL ++ if (!is_intnonneg (optarg)) ++ usage2 ("invalid certificate expiration period",optarg); ++ days_till_exp = atoi (optarg); ++ check_cert = TRUE; ++ #else ++ terminate (STATE_UNKNOWN, ++ "SSL support not available. Install OpenSSL and recompile."); ++ #endif ++ break; + case '4': + address_family = AF_INET; + break; + case '6': + #ifdef USE_IPV6 +*************** +*** 443,452 **** +--- 546,562 ---- + -R, --command=STRING\n\ + Expected response to command (may be used repeatedly)\n\ + -f, --from=STRING\n\ + FROM-address to include in MAIL command, required by Exchange 2000\n"), + SMTP_EXPECT); ++ #ifdef HAVE_SSL ++ printf (_("\ ++ -D, --certificate=INTEGER\n\ ++ Minimum number of days a certificate has to be valid.\n\ ++ -S, --starttls\n\ ++ Use STARTTLS for the connection.\n")); ++ #endif + + printf (_(UT_WARN_CRIT)); + + printf (_(UT_TIMEOUT), DEFAULT_SOCKET_TIMEOUT); + +*************** +*** 466,472 **** + void + print_usage (void) + { + printf ("\ + Usage: %s -H host [-p port] [-e expect] [-C command] [-f from addr]\n\ +! [-w warn] [-c crit] [-t timeout] [-n] [-v] [-4|-6]\n", progname); + } +--- 576,731 ---- + void + print_usage (void) + { + printf ("\ + Usage: %s -H host [-p port] [-e expect] [-C command] [-f from addr]\n\ +! [-w warn] [-c crit] [-t timeout] [-S] [-D days] [-n] [-v] [-4|-6]\n", progname); +! } +! +! #ifdef HAVE_SSL +! int +! connect_STARTTLS (void) +! { +! SSL_METHOD *meth; +! +! /* Initialize SSL context */ +! SSLeay_add_ssl_algorithms (); +! meth = SSLv2_client_method (); +! SSL_load_error_strings (); +! if ((ctx = SSL_CTX_new (meth)) == NULL) +! { +! printf(_("ERROR: Cannot create SSL context.\n")); +! return STATE_CRITICAL; +! } +! /* do the SSL handshake */ +! if ((ssl = SSL_new (ctx)) != NULL) +! { +! SSL_set_fd (ssl, sd); +! /* original version checked for -1 +! I look for success instead (1) */ +! if (SSL_connect (ssl) == 1) +! return OK; +! ERR_print_errors_fp (stderr); +! } +! else +! { +! printf (_("ERROR: Cannot initiate SSL handshake.\n")); +! } +! /* this causes a seg faul +! not sure why, being sloppy +! and commenting it out */ +! // SSL_free (ssl); +! SSL_CTX_free(ctx); +! my_close(); +! +! return STATE_CRITICAL; +! } +! +! int +! check_certificate (X509 ** certificate) +! { +! ASN1_STRING *tm; +! int offset; +! struct tm stamp; +! int days_left; +! +! /* Retrieve timestamp of certificate */ +! tm = X509_get_notAfter (*certificate); +! +! /* Generate tm structure to process timestamp */ +! if (tm->type == V_ASN1_UTCTIME) { +! if (tm->length < 10) { +! printf (_("ERROR: Wrong time format in certificate.\n")); +! return STATE_CRITICAL; +! } +! else { +! stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0'); +! if (stamp.tm_year < 50) +! stamp.tm_year += 100; +! offset = 0; +! } +! } +! else { +! if (tm->length < 12) { +! printf (_("ERROR: Wrong time format in certificate.\n")); +! return STATE_CRITICAL; +! } +! else { +! stamp.tm_year = +! (tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 + +! (tm->data[2] - '0') * 10 + (tm->data[3] - '0'); +! stamp.tm_year -= 1900; +! offset = 2; +! } +! } +! stamp.tm_mon = +! (tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1; +! stamp.tm_mday = +! (tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0'); +! stamp.tm_hour = +! (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0'); +! stamp.tm_min = +! (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0'); +! stamp.tm_sec = 0; +! stamp.tm_isdst = -1; +! +! days_left = (mktime (&stamp) - time (NULL)) / 86400; +! snprintf +! (timestamp, 16, "%02d/%02d/%04d %02d:%02d", +! stamp.tm_mon + 1, +! stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); +! +! if (days_left > 0 && days_left <= days_till_exp) { +! printf ("Certificate expires in %d day(s) (%s).\n", days_left, timestamp); +! return STATE_WARNING; +! } +! if (days_left < 0) { +! printf ("Certificate expired on %s.\n", timestamp); +! return STATE_CRITICAL; +! } +! +! if (days_left == 0) { +! printf ("Certificate expires today (%s).\n", timestamp); +! return STATE_WARNING; +! } +! +! printf ("Certificate will expire on %s.\n", timestamp); +! +! return STATE_OK; +! } +! #endif +! +! int +! myrecv (void) +! { +! int i; +! +! #ifdef HAVE_SSL +! if (use_ssl) { +! i = SSL_read (ssl, buffer, MAXBUF - 1); +! } +! else { +! #endif +! i = read (sd, buffer, MAXBUF - 1); +! #ifdef HAVE_SSL +! } +! #endif +! return i; +! } +! +! int +! my_close (void) +! { +! #ifdef HAVE_SSL +! if (use_ssl == TRUE) { +! SSL_shutdown (ssl); +! SSL_free (ssl); +! SSL_CTX_free (ctx); +! return 0; +! } +! else { +! #endif +! return close(sd); +! #ifdef HAVE_SSL +! } +! #endif + } -- cgit v1.2.3-74-g34f1