upstream/monitoring-plugins
1
0
Fork 0
mirror of https://github.com/monitoring-plugins/monitoring-plugins.git synced 2026-06-08 16:26:23 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

Refactor check_smtp

Browse source
This commit is contained in:
Lorenz Kästle 2025-03-10 01:31:52 +01:00
parent 0867319268
commit 883fcb607f
3 changed files with 343 additions and 270 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
plugins/Makefile.am
View file

@ -52,7 +52,8 @@ EXTRA_DIST = t \
check_swap.d \
check_dbi.d \
check_ssh.d \
check_dns.d
check_dns.d \
check_smtp.d
PLUGINHDRS = common.h

518
plugins/check_smtp.c
View file

@ -28,6 +28,7 @@
*
*****************************************************************************/
#include "states.h"
const char *progname = "check_smtp";
const char *copyright = "2000-2024";
const char *email = "devel@monitoring-plugins.org";
@ -36,21 +37,12 @@ const char *email = "devel@monitoring-plugins.org";
#include "netutils.h"
#include "utils.h"
#include "base64.h"
#include "regex.h"
#include <ctype.h>
#ifdef HAVE_SSL
static bool check_cert = false;
static int days_till_exp_warn, days_till_exp_crit;
# define my_recv(buf, len) (((use_starttls || use_ssl) && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
# define my_send(buf, len) (((use_starttls || use_ssl) && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
#else /* ifndef HAVE_SSL */
# define my_recv(buf, len) read(sd, buf, len)
# define my_send(buf, len) send(sd, buf, len, 0)
#endif
#include "check_smtp.d/config.h"
#define PROXY_PREFIX "PROXY TCP4 0.0.0.0 0.0.0.0 25 25\r\n"
#define SMTP_EXPECT "220"
#define SMTP_HELO "HELO "
#define SMTP_EHLO "EHLO "
#define SMTP_LHLO "LHLO "
@ -60,71 +52,51 @@ static int days_till_exp_warn, days_till_exp_crit;
#define EHLO_SUPPORTS_STARTTLS 1
static int process_arguments (int, char **);
static int validate_arguments (void);
static void print_help (void);
void print_usage (void);
static void smtp_quit(void);
static int recvline(char *, size_t);
static int recvlines(char *, size_t);
static int my_close(void);
typedef struct {
int errorcode;
check_smtp_config config;
} check_smtp_config_wrapper;
static check_smtp_config_wrapper process_arguments(int /*argc*/, char ** /*argv*/);
#include "regex.h"
static regex_t preg;
static regmatch_t pmatch[10];
static char errbuf[MAX_INPUT_BUFFER];
static int cflags = REG_EXTENDED | REG_NOSUB | REG_NEWLINE;
static int eflags = 0;
static int errcode, excode;
int my_recv(check_smtp_config config, void *buf, int num, int socket_descriptor, bool ssl_established) {
#ifdef HAVE_SSL
if ((config.use_starttls || config.use_ssl) && ssl_established) {
return np_net_ssl_read(buf, num);
}
return (int)read(socket_descriptor, buf, (size_t)num);
#else /* ifndef HAVE_SSL */
return read(socket_descriptor, buf, len)
#endif
}
int my_send(check_smtp_config config, void *buf, int num, int socket_descriptor, bool ssl_established) {
#ifdef HAVE_SSL
if ((config.use_starttls || config.use_ssl) && ssl_established) {
return np_net_ssl_write(buf, num);
}
return (int)send(socket_descriptor, buf, (size_t)num, 0);
#else /* ifndef HAVE_SSL */
return send(socket_descriptor, buf, len, 0);
#endif
}
static void print_help(void);
void print_usage(void);
static char *smtp_quit(check_smtp_config /*config*/, char /*buffer*/[MAX_INPUT_BUFFER], int /*socket_descriptor*/,
bool /*ssl_established*/);
static int recvline(char * /*buf*/, size_t /*bufsize*/, check_smtp_config /*config*/, int /*socket_descriptor*/, bool /*ssl_established*/);
static int recvlines(check_smtp_config /*config*/, char * /*buf*/, size_t /*bufsize*/, int /*socket_descriptor*/, bool /*ssl_established*/);
static int my_close(int /*socket_descriptor*/);
static int server_port_option = 0;
static char *server_address = NULL;
static char *server_expect = NULL;
static char *mail_command = NULL;
static char *from_arg = NULL;
static int send_mail_from = 0;
static int ncommands = 0;
static int command_size = 0;
static int nresponses = 0;
static int response_size = 0;
static char **commands = NULL;
static char **responses = NULL;
static char *authtype = NULL;
static char *authuser = NULL;
static char *authpass = NULL;
static double warning_time = 0;
static bool check_warning_time = false;
static double critical_time = 0;
static bool check_critical_time = false;
static int verbose = 0;
static bool use_ssl = false;
static bool use_starttls = false;
static bool use_sni = false;
static bool use_proxy_prefix = false;
static bool use_ehlo = false;
static bool use_lhlo = false;
static bool ssl_established = false;
static char *localhostname = NULL;
static int sd;
static char buffer[MAX_INPUT_BUFFER];
enum {
TCP_PROTOCOL = 1,
UDP_PROTOCOL = 2,
};
static bool ignore_send_quit_failure = false;
int main(int argc, char **argv) {
bool supports_tls = false;
int n = 0;
double elapsed_time;
long microsec;
int result = STATE_UNKNOWN;
char *cmd_str = NULL;
char *helocmd = NULL;
char *error_msg = "";
char *server_response = NULL;
struct timeval tv;
/* Catch pipe errors in read/write - sometimes occurs when writing QUIT */
(void)signal(SIGPIPE, SIG_IGN);
@ -135,25 +107,31 @@ int main(int argc, char **argv) {
/* Parse extra opts if any */
argv = np_extra_opts(&argc, argv, progname);
if (process_arguments(argc, argv) == ERROR) {
check_smtp_config_wrapper tmp_config = process_arguments(argc, argv);
if (tmp_config.errorcode == ERROR) {
usage4(_("Could not parse arguments"));
}
const check_smtp_config config = tmp_config.config;
/* If localhostname not set on command line, use gethostname to set */
char *localhostname = config.localhostname;
if (!localhostname) {
localhostname = malloc(HOST_MAX_BYTES);
if (!localhostname) {
printf(_("malloc() failed!\n"));
return STATE_CRITICAL;
exit(STATE_CRITICAL);
}
if (gethostname(localhostname, HOST_MAX_BYTES)) {
printf(_("gethostname() failed!\n"));
return STATE_CRITICAL;
exit(STATE_CRITICAL);
}
}
if (use_lhlo) {
char *helocmd = NULL;
if (config.use_lhlo) {
xasprintf(&helocmd, "%s%s%s", SMTP_LHLO, localhostname, "\r\n");
} else if (use_ehlo) {
} else if (config.use_ehlo) {
xasprintf(&helocmd, "%s%s%s", SMTP_EHLO, localhostname, "\r\n");
} else {
xasprintf(&helocmd, "%s%s%s", SMTP_HELO, localhostname, "\r\n");
@ -163,10 +141,13 @@ int main(int argc, char **argv) {
printf("HELOCMD: %s", helocmd);
}
/* initialize the MAIL command with optional FROM command */
xasprintf(&cmd_str, "%sFROM:<%s>%s", mail_command, from_arg, "\r\n");
char *mail_command = strdup("MAIL ");
if (verbose && send_mail_from) {
char *cmd_str = NULL;
/* initialize the MAIL command with optional FROM command */
xasprintf(&cmd_str, "%sFROM:<%s>%s", mail_command, config.from_arg, "\r\n");
if (verbose && config.send_mail_from) {
printf("FROM CMD: %s", cmd_str);
}
@ -176,84 +157,90 @@ int main(int argc, char **argv) {
/* set socket timeout */
(void)alarm(socket_timeout);
struct timeval start_time;
/* start timer */
gettimeofday(&tv, NULL);
gettimeofday(&start_time, NULL);
int socket_descriptor = 0;
/* try to connect to the host at the given port number */
result = my_tcp_connect(server_address, server_port, &sd);
mp_state_enum result = my_tcp_connect(config.server_address, config.server_port, &socket_descriptor);
char *error_msg = "";
char buffer[MAX_INPUT_BUFFER];
bool ssl_established = false;
if (result == STATE_OK) { /* we connected */
/* If requested, send PROXY header */
if (use_proxy_prefix) {
if (config.use_proxy_prefix) {
if (verbose) {
printf("Sending header %s\n", PROXY_PREFIX);
}
my_send(PROXY_PREFIX, strlen(PROXY_PREFIX));
my_send(config, PROXY_PREFIX, strlen(PROXY_PREFIX), socket_descriptor, ssl_established);
}
#ifdef HAVE_SSL
if (use_ssl) {
result = np_net_ssl_init_with_hostname(sd, (use_sni ? server_address : NULL));
if (config.use_ssl) {
result = np_net_ssl_init_with_hostname(socket_descriptor, (config.use_sni ? config.server_address : NULL));
if (result != STATE_OK) {
printf(_("CRITICAL - Cannot create SSL context.\n"));
close(sd);
close(socket_descriptor);
np_net_ssl_cleanup();
return STATE_CRITICAL;
} else {
ssl_established = 1;
exit(STATE_CRITICAL);
}
ssl_established = true;
}
#endif
/* watch for the SMTP connection string and */
/* return a WARNING status if we couldn't read any data */
if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) {
if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) <= 0) {
printf(_("recv() failed\n"));
return STATE_WARNING;
exit(STATE_WARNING);
}
char *server_response = NULL;
/* save connect return (220 hostname ..) for later use */
xasprintf(&server_response, "%s", buffer);
/* send the HELO/EHLO command */
my_send(helocmd, strlen(helocmd));
my_send(config, helocmd, (int)strlen(helocmd), socket_descriptor, ssl_established);
/* allow for response to helo command to reach us */
if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) {
if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) <= 0) {
printf(_("recv() failed\n"));
return STATE_WARNING;
} else if (use_ehlo || use_lhlo) {
exit(STATE_WARNING);
}
bool supports_tls = false;
if (config.use_ehlo || config.use_lhlo) {
if (strstr(buffer, "250 STARTTLS") != NULL || strstr(buffer, "250-STARTTLS") != NULL) {
supports_tls = true;
}
}
if (use_starttls && !supports_tls) {
if (config.use_starttls && !supports_tls) {
printf(_("WARNING - TLS not supported by server\n"));
smtp_quit();
return STATE_WARNING;
smtp_quit(config, buffer, socket_descriptor, ssl_established);
exit(STATE_WARNING);
}
#ifdef HAVE_SSL
if (use_starttls) {
if (config.use_starttls) {
/* send the STARTTLS command */
send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0);
send(socket_descriptor, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0);
recvlines(buffer, MAX_INPUT_BUFFER); /* wait for it */
recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established); /* wait for it */
if (!strstr(buffer, SMTP_EXPECT)) {
printf(_("Server does not support STARTTLS\n"));
smtp_quit();
return STATE_UNKNOWN;
smtp_quit(config, buffer, socket_descriptor, ssl_established);
exit(STATE_UNKNOWN);
}
result = np_net_ssl_init_with_hostname(sd, (use_sni ? server_address : NULL));
result = np_net_ssl_init_with_hostname(socket_descriptor, (config.use_sni ? config.server_address : NULL));
if (result != STATE_OK) {
printf(_("CRITICAL - Cannot create SSL context.\n"));
close(sd);
close(socket_descriptor);
np_net_ssl_cleanup();
return STATE_CRITICAL;
} else {
ssl_established = 1;
exit(STATE_CRITICAL);
}
ssl_established = true;
/*
* Resend the EHLO command.
@ -266,29 +253,32 @@ int main(int argc, char **argv) {
* reason, some MTAs will not allow an AUTH LOGIN command before
* we resent EHLO via TLS.
*/
if (my_send(helocmd, strlen(helocmd)) <= 0) {
if (my_send(config, helocmd, strlen(helocmd), socket_descriptor, ssl_established) <= 0) {
printf("%s\n", _("SMTP UNKNOWN - Cannot send EHLO command via TLS."));
my_close();
return STATE_UNKNOWN;
my_close(socket_descriptor);
exit(STATE_UNKNOWN);
}
if (verbose) {
printf(_("sent %s"), helocmd);
}
if ((n = recvlines(buffer, MAX_INPUT_BUFFER)) <= 0) {
if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) <= 0) {
printf("%s\n", _("SMTP UNKNOWN - Cannot read EHLO response via TLS."));
my_close();
return STATE_UNKNOWN;
my_close(socket_descriptor);
exit(STATE_UNKNOWN);
}
if (verbose) {
printf("%s", buffer);
}
# ifdef USE_OPENSSL
if (check_cert) {
result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
smtp_quit();
my_close();
return result;
if (config.check_cert) {
result = np_net_ssl_check_cert(config.days_till_exp_warn, config.days_till_exp_crit);
smtp_quit(config, buffer, socket_descriptor, ssl_established);
my_close(socket_descriptor);
exit(result);
}
# endif /* USE_OPENSSL */
}
@ -304,76 +294,81 @@ int main(int argc, char **argv) {
strip(server_response);
/* make sure we find the droids we are looking for */
if (!strstr(server_response, server_expect)) {
if (server_port == SMTP_PORT) {
if (!strstr(server_response, config.server_expect)) {
if (config.server_port == SMTP_PORT) {
printf(_("Invalid SMTP response received from host: %s\n"), server_response);
} else {
printf(_("Invalid SMTP response received from host on port %d: %s\n"), server_port, server_response);
printf(_("Invalid SMTP response received from host on port %d: %s\n"), config.server_port, server_response);
}
return STATE_WARNING;
exit(STATE_WARNING);
}
if (send_mail_from) {
my_send(cmd_str, strlen(cmd_str));
if (recvlines(buffer, MAX_INPUT_BUFFER) >= 1 && verbose) {
if (config.send_mail_from) {
my_send(config, cmd_str, (int)strlen(cmd_str), socket_descriptor, ssl_established);
if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) >= 1 && verbose) {
printf("%s", buffer);
}
}
n = 0;
while (n < ncommands) {
xasprintf(&cmd_str, "%s%s", commands[n], "\r\n");
my_send(cmd_str, strlen(cmd_str));
if (recvlines(buffer, MAX_INPUT_BUFFER) >= 1 && verbose) {
int counter = 0;
while (counter < config.ncommands) {
xasprintf(&cmd_str, "%s%s", config.commands[counter], "\r\n");
my_send(config, cmd_str, (int)strlen(cmd_str), socket_descriptor, ssl_established);
if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) >= 1 && verbose) {
printf("%s", buffer);
}
strip(buffer);
if (n < nresponses) {
cflags |= REG_EXTENDED | REG_NOSUB | REG_NEWLINE;
errcode = regcomp(&preg, responses[n], cflags);
if (counter < config.nresponses) {
int cflags = REG_EXTENDED | REG_NOSUB | REG_NEWLINE;
regex_t preg;
int errcode = regcomp(&preg, config.responses[counter], cflags);
char errbuf[MAX_INPUT_BUFFER];
if (errcode != 0) {
regerror(errcode, &preg, errbuf, MAX_INPUT_BUFFER);
printf(_("Could Not Compile Regular Expression"));
return ERROR;
exit(STATE_UNKNOWN);
}
excode = regexec(&preg, buffer, 10, pmatch, eflags);
regmatch_t pmatch[10];
int eflags = 0;
int excode = regexec(&preg, buffer, 10, pmatch, eflags);
if (excode == 0) {
result = STATE_OK;
} else if (excode == REG_NOMATCH) {
result = STATE_WARNING;
printf(_("SMTP %s - Invalid response '%s' to command '%s'\n"), state_text(result), buffer, commands[n]);
printf(_("SMTP %s - Invalid response '%s' to command '%s'\n"), state_text(result), buffer, config.commands[counter]);
} else {
regerror(excode, &preg, errbuf, MAX_INPUT_BUFFER);
printf(_("Execute Error: %s\n"), errbuf);
result = STATE_UNKNOWN;
}
}
n++;
counter++;
}
if (authtype != NULL) {
if (strcmp(authtype, "LOGIN") == 0) {
if (config.authtype != NULL) {
if (strcmp(config.authtype, "LOGIN") == 0) {
char *abuf;
int ret;
do {
if (authuser == NULL) {
if (config.authuser == NULL) {
result = STATE_CRITICAL;
xasprintf(&error_msg, _("no authuser specified, "));
break;
}
if (authpass == NULL) {
if (config.authpass == NULL) {
result = STATE_CRITICAL;
xasprintf(&error_msg, _("no authpass specified, "));
break;
}
/* send AUTH LOGIN */
my_send(SMTP_AUTH_LOGIN, strlen(SMTP_AUTH_LOGIN));
my_send(config, SMTP_AUTH_LOGIN, strlen(SMTP_AUTH_LOGIN), socket_descriptor, ssl_established);
if (verbose) {
printf(_("sent %s\n"), "AUTH LOGIN");
}
if ((ret = recvlines(buffer, MAX_INPUT_BUFFER)) <= 0) {
if ((ret = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established)) <= 0) {
xasprintf(&error_msg, _("recv() failed after AUTH LOGIN, "));
result = STATE_WARNING;
break;
@ -389,14 +384,14 @@ int main(int argc, char **argv) {
}
/* encode authuser with base64 */
base64_encode_alloc(authuser, strlen(authuser), &abuf);
base64_encode_alloc(config.authuser, strlen(config.authuser), &abuf);
xasprintf(&abuf, "%s\r\n", abuf);
my_send(abuf, strlen(abuf));
my_send(config, abuf, (int)strlen(abuf), socket_descriptor, ssl_established);
if (verbose) {
printf(_("sent %s\n"), abuf);
}
if ((ret = recvlines(buffer, MAX_INPUT_BUFFER)) <= 0) {
if ((ret = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established)) <= 0) {
result = STATE_CRITICAL;
xasprintf(&error_msg, _("recv() failed after sending authuser, "));
break;
@ -410,13 +405,13 @@ int main(int argc, char **argv) {
break;
}
/* encode authpass with base64 */
base64_encode_alloc(authpass, strlen(authpass), &abuf);
base64_encode_alloc(config.authpass, strlen(config.authpass), &abuf);
xasprintf(&abuf, "%s\r\n", abuf);
my_send(abuf, strlen(abuf));
my_send(config, abuf, (int)strlen(abuf), socket_descriptor, ssl_established);
if (verbose) {
printf(_("sent %s\n"), abuf);
}
if ((ret = recvlines(buffer, MAX_INPUT_BUFFER)) <= 0) {
if ((ret = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established)) <= 0) {
result = STATE_CRITICAL;
xasprintf(&error_msg, _("recv() failed after sending authpass, "));
break;
@ -438,41 +433,36 @@ int main(int argc, char **argv) {
}
/* tell the server we're done */
smtp_quit();
smtp_quit(config, buffer, socket_descriptor, ssl_established);
/* finally close the connection */
close(sd);
close(socket_descriptor);
}
/* reset the alarm */
alarm(0);
microsec = deltime(tv);
elapsed_time = (double)microsec / 1.0e6;
long microsec = deltime(start_time);
double elapsed_time = (double)microsec / 1.0e6;
if (result == STATE_OK) {
if (check_critical_time && elapsed_time > critical_time) {
if (config.check_critical_time && elapsed_time > config.critical_time) {
result = STATE_CRITICAL;
} else if (check_warning_time && elapsed_time > warning_time) {
} else if (config.check_warning_time && elapsed_time > config.warning_time) {
result = STATE_WARNING;
}
}
printf(_("SMTP %s - %s%.3f sec. response time%s%s|%s\n"), state_text(result), error_msg, elapsed_time, verbose ? ", " : "",
verbose ? buffer : "",
fperfdata("time", elapsed_time, "s", (int)check_warning_time, warning_time, (int)check_critical_time, critical_time, true, 0,
false, 0));
fperfdata("time", elapsed_time, "s", config.check_warning_time, config.warning_time, config.check_critical_time,
config.critical_time, true, 0, false, 0));
return result;
exit(result);
}
/* process command-line arguments */
int process_arguments(int argc, char **argv) {
int c;
char *temp;
bool implicit_tls = false;
check_smtp_config_wrapper process_arguments(int argc, char **argv) {
enum {
SNI_OPTION
};
@ -506,109 +496,118 @@ int process_arguments(int argc, char **argv) {
{"proxy", no_argument, 0, 'r'},
{0, 0, 0, 0}};
check_smtp_config_wrapper result = {
.config = check_smtp_config_init(),
.errorcode = OK,
};
if (argc < 2) {
return ERROR;
result.errorcode = ERROR;
return result;
}
for (c = 1; c < argc; c++) {
if (strcmp("-to", argv[c]) == 0) {
strcpy(argv[c], "-t");
} else if (strcmp("-wt", argv[c]) == 0) {
strcpy(argv[c], "-w");
} else if (strcmp("-ct", argv[c]) == 0) {
strcpy(argv[c], "-c");
for (int index = 1; index < argc; index++) {
if (strcmp("-to", argv[index]) == 0) {
strcpy(argv[index], "-t");
} else if (strcmp("-wt", argv[index]) == 0) {
strcpy(argv[index], "-w");
} else if (strcmp("-ct", argv[index]) == 0) {
strcpy(argv[index], "-c");
}
}
while (1) {
c = getopt_long(argc, argv, "+hVv46Lrt:p:f:e:c:w:H:C:R:sSD:F:A:U:P:q", longopts, &option);
int command_size = 0;
int response_size = 0;
bool implicit_tls = false;
while (true) {
int opt_index = getopt_long(argc, argv, "+hVv46Lrt:p:f:e:c:w:H:C:R:sSD:F:A:U:P:q", longopts, &option);
if (c == -1 || c == EOF) {
if (opt_index == -1 || opt_index == EOF) {
break;
}
switch (c) {
switch (opt_index) {
case 'H': /* hostname */
if (is_host(optarg)) {
server_address = optarg;
result.config.server_address = optarg;
} else {
usage2(_("Invalid hostname/address"), optarg);
}
break;
case 'p': /* port */
if (is_intpos(optarg)) {
server_port_option = atoi(optarg);
result.config.server_port = atoi(optarg);
} else {
usage4(_("Port must be a positive integer"));
}
break;
case 'F':
/* localhostname */
localhostname = strdup(optarg);
result.config.localhostname = strdup(optarg);
break;
case 'f': /* from argument */
from_arg = optarg + strspn(optarg, "<");
from_arg = strndup(from_arg, strcspn(from_arg, ">"));
send_mail_from = 1;
result.config.from_arg = optarg + strspn(optarg, "<");
result.config.from_arg = strndup(result.config.from_arg, strcspn(result.config.from_arg, ">"));
result.config.send_mail_from = true;
break;
case 'A':
authtype = optarg;
use_ehlo = true;
result.config.authtype = optarg;
result.config.use_ehlo = true;
break;
case 'U':
authuser = optarg;
result.config.authuser = optarg;
break;
case 'P':
authpass = optarg;
result.config.authpass = optarg;
break;
case 'e': /* server expect string on 220 */
server_expect = optarg;
result.config.server_expect = optarg;
break;
case 'C': /* commands */
if (ncommands >= command_size) {
if (result.config.ncommands >= command_size) {
command_size += 8;
commands = realloc(commands, sizeof(char *) * command_size);
if (commands == NULL) {
die(STATE_UNKNOWN, _("Could not realloc() units [%d]\n"), ncommands);
result.config.commands = realloc(result.config.commands, sizeof(char *) * command_size);
if (result.config.commands == NULL) {
die(STATE_UNKNOWN, _("Could not realloc() units [%d]\n"), result.config.ncommands);
}
}
commands[ncommands] = (char *)malloc(sizeof(char) * 255);
strncpy(commands[ncommands], optarg, 255);
ncommands++;
result.config.commands[result.config.ncommands] = (char *)malloc(sizeof(char) * 255);
strncpy(result.config.commands[result.config.ncommands], optarg, 255);
result.config.ncommands++;
break;
case 'R': /* server responses */
if (nresponses >= response_size) {
if (result.config.nresponses >= response_size) {
response_size += 8;
responses = realloc(responses, sizeof(char *) * response_size);
if (responses == NULL) {
die(STATE_UNKNOWN, _("Could not realloc() units [%d]\n"), nresponses);
result.config.responses = realloc(result.config.responses, sizeof(char *) * response_size);
if (result.config.responses == NULL) {
die(STATE_UNKNOWN, _("Could not realloc() units [%d]\n"), result.config.nresponses);
}
}
responses[nresponses] = (char *)malloc(sizeof(char) * 255);
strncpy(responses[nresponses], optarg, 255);
nresponses++;
result.config.responses[result.config.nresponses] = (char *)malloc(sizeof(char) * 255);
strncpy(result.config.responses[result.config.nresponses], optarg, 255);
result.config.nresponses++;
break;
case 'c': /* critical time threshold */
if (!is_nonnegative(optarg)) {
usage4(_("Critical time must be a positive"));
} else {
critical_time = strtod(optarg, NULL);
check_critical_time = true;
result.config.critical_time = strtod(optarg, NULL);
result.config.check_critical_time = true;
}
break;
case 'w': /* warning time threshold */
if (!is_nonnegative(optarg)) {
usage4(_("Warning time must be a positive"));
} else {
warning_time = strtod(optarg, NULL);
check_warning_time = true;
result.config.warning_time = strtod(optarg, NULL);
result.config.check_warning_time = true;
}
break;
case 'v': /* verbose */
verbose++;
break;
case 'q':
ignore_send_quit_failure = true; /* ignore problem sending QUIT */
result.config.ignore_send_quit_failure = true; /* ignore problem sending QUIT */
break;
case 't': /* timeout */
if (is_intnonneg(optarg)) {
@ -617,30 +616,31 @@ int process_arguments(int argc, char **argv) {
usage4(_("Timeout interval must be a positive integer"));
}
break;
case 'D':
case 'D': {
/* Check SSL cert validity */
#ifdef USE_OPENSSL
char *temp;
if ((temp = strchr(optarg, ',')) != NULL) {
*temp = '\0';
if (!is_intnonneg(optarg)) {
usage2("Invalid certificate expiration period", optarg);
}
days_till_exp_warn = atoi(optarg);
result.config.days_till_exp_warn = atoi(optarg);
*temp = ',';
temp++;
if (!is_intnonneg(temp)) {
usage2(_("Invalid certificate expiration period"), temp);
}
days_till_exp_crit = atoi(temp);
result.config.days_till_exp_crit = atoi(temp);
} else {
days_till_exp_crit = 0;
result.config.days_till_exp_crit = 0;
if (!is_intnonneg(optarg)) {
usage2("Invalid certificate expiration period", optarg);
}
days_till_exp_warn = atoi(optarg);
result.config.days_till_exp_warn = atoi(optarg);
}
check_cert = true;
ignore_send_quit_failure = true;
result.config.check_cert = true;
result.config.ignore_send_quit_failure = true;
#else
usage(_("SSL support not available - install OpenSSL and recompile"));
#endif
@ -648,26 +648,27 @@ int process_arguments(int argc, char **argv) {
// fallthrough
case 's':
/* ssl */
use_ssl = true;
server_port = SMTPS_PORT;
result.config.use_ssl = true;
result.config.server_port = SMTPS_PORT;
break;
case 'S':
/* starttls */
use_starttls = true;
use_ehlo = true;
result.config.use_starttls = true;
result.config.use_ehlo = true;
break;
}
case SNI_OPTION:
#ifdef HAVE_SSL
use_sni = true;
result.config.use_sni = true;
#else
usage(_("SSL support not available - install OpenSSL and recompile"));
#endif
break;
case 'r':
use_proxy_prefix = true;
result.config.use_proxy_prefix = true;
break;
case 'L':
use_lhlo = true;
result.config.use_lhlo = true;
break;
case '4':
address_family = AF_INET;
@ -690,60 +691,36 @@ int process_arguments(int argc, char **argv) {
}
}
c = optind;
if (server_address == NULL) {
int c = optind;
if (result.config.server_address == NULL) {
if (argv[c]) {
if (is_host(argv[c])) {
server_address = argv[c];
result.config.server_address = argv[c];
} else {
usage2(_("Invalid hostname/address"), argv[c]);
}
} else {
xasprintf(&server_address, "127.0.0.1");
}
}
if (server_expect == NULL) {
server_expect = strdup(SMTP_EXPECT);
}
if (mail_command == NULL) {
mail_command = strdup("MAIL ");
}
if (from_arg == NULL) {
from_arg = strdup(" ");
}
if (use_starttls && use_ssl) {
if (result.config.use_starttls && result.config.use_ssl) {
if (implicit_tls) {
use_ssl = false;
server_port = SMTP_PORT;
result.config.use_ssl = false;
} else {
usage4(_("Set either -s/--ssl/--tls or -S/--starttls"));
}
}
if (server_port_option != 0) {
server_port = server_port_option;
}
return validate_arguments();
return result;
}
int validate_arguments(void) { return OK; }
void smtp_quit(void) {
int bytes;
int n;
n = my_send(SMTP_QUIT, strlen(SMTP_QUIT));
if (n < 0) {
if (ignore_send_quit_failure) {
char *smtp_quit(check_smtp_config config, char buffer[MAX_INPUT_BUFFER], int socket_descriptor, bool ssl_established) {
int sent_bytes = my_send(config, SMTP_QUIT, strlen(SMTP_QUIT), socket_descriptor, ssl_established);
if (sent_bytes < 0) {
if (config.ignore_send_quit_failure) {
if (verbose) {
printf(_("Connection closed by server before sending QUIT command\n"));
}
return;
return buffer;
}
die(STATE_UNKNOWN, _("Connection closed by server before sending QUIT command\n"));
}
@ -753,7 +730,7 @@ void smtp_quit(void) {
}
/* read the response but don't care about problems */
bytes = recvlines(buffer, MAX_INPUT_BUFFER);
int bytes = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established);
if (verbose) {
if (bytes < 0) {
printf(_("recv() failed after QUIT."));
@ -764,6 +741,8 @@ void smtp_quit(void) {
printf(_("received %s\n"), buffer);
}
}
return buffer;
}
/*
@ -775,20 +754,20 @@ void smtp_quit(void) {
* function which buffers the data, move that to netutils.c and change
* check_smtp and other plugins to use that. Also, remove (\r)\n.
*/
int recvline(char *buf, size_t bufsize) {
int recvline(char *buf, size_t bufsize, check_smtp_config config, int socket_descriptor, bool ssl_established) {
int result;
unsigned i;
int counter;
for (i = result = 0; i < bufsize - 1; i++) {
if ((result = my_recv(&buf[i], 1)) != 1) {
for (counter = result = 0; counter < bufsize - 1; counter++) {
if ((result = my_recv(config, &buf[counter], 1, socket_descriptor, ssl_established)) != 1) {
break;
}
if (buf[i] == '\n') {
buf[++i] = '\0';
return i;
if (buf[counter] == '\n') {
buf[++counter] = '\0';
return counter;
}
}
return (result == 1 || i == 0) ? -2 : result; /* -2 if out of space */
return (result == 1 || counter == 0) ? -2 : result; /* -2 if out of space */
}
/*
@ -805,22 +784,23 @@ int recvline(char *buf, size_t bufsize) {
*
* TODO: Move this to netutils.c. Also, remove \r and possibly the final \n.
*/
int recvlines(char *buf, size_t bufsize) {
int result, i;
int recvlines(check_smtp_config config, char *buf, size_t bufsize, int socket_descriptor, bool ssl_established) {
int result;
int counter;
for (i = 0; /* forever */; i += result) {
if (!((result = recvline(buf + i, bufsize - i)) > 3 && isdigit((int)buf[i]) && isdigit((int)buf[i + 1]) &&
isdigit((int)buf[i + 2]) && buf[i + 3] == '-')) {
for (counter = 0; /* forever */; counter += result) {
if (!((result = recvline(buf + counter, bufsize - counter, config, socket_descriptor, ssl_established)) > 3 &&
isdigit((int)buf[counter]) && isdigit((int)buf[counter + 1]) && isdigit((int)buf[counter + 2]) && buf[counter + 3] == '-')) {
break;
}
}
return (result <= 0) ? result : result + i;
return (result <= 0) ? result : result + counter;
}
int my_close(void) {
int my_close(int socket_descriptor) {
int result;
result = close(sd);
result = close(socket_descriptor);
#ifdef HAVE_SSL
np_net_ssl_cleanup();
#endif

92
plugins/check_smtp.d/config.h Normal file
View file

@ -0,0 +1,92 @@
#pragma once
#include "../../config.h"
#include <stddef.h>
#include <string.h>
enum {
SMTP_PORT = 25,
SMTPS_PORT = 465
};
#define SMTP_EXPECT "220"
typedef struct {
int server_port;
char *server_address;
char *localhostname;
char *server_expect;
bool ignore_send_quit_failure;
double warning_time;
bool check_warning_time;
double critical_time;
bool check_critical_time;
bool use_ehlo;
bool use_lhlo;
char *from_arg;
bool send_mail_from;
int ncommands;
char **commands;
int nresponses;
char **responses;
char *authtype;
char *authuser;
char *authpass;
bool use_proxy_prefix;
#ifdef HAVE_SSL
bool check_cert;
int days_till_exp_warn;
int days_till_exp_crit;
bool use_ssl;
bool use_starttls;
bool use_sni;
#endif
} check_smtp_config;
check_smtp_config check_smtp_config_init() {
check_smtp_config tmp = {
.server_port = SMTP_PORT,
.server_address = strdup("localhost"),
.localhostname = NULL,
.server_expect = SMTP_EXPECT,
.ignore_send_quit_failure = false,
.warning_time = 0,
.check_warning_time = false,
.critical_time = 0,
.check_critical_time = false,
.use_ehlo = false,
.use_lhlo = false,
.from_arg = strdup(" "),
.send_mail_from = false,
.ncommands = 0,
.commands = NULL,
.nresponses = 0,
.responses = NULL,
.authtype = NULL,
.authuser = NULL,
.authpass = NULL,
.use_proxy_prefix = false,
#ifdef HAVE_SSL
.check_cert = false,
.days_till_exp_warn = 0,
.days_till_exp_crit = 0,
.use_ssl = false,
.use_starttls = false,
.use_sni = false,
#endif
};
return tmp;
}