X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=plugins%2Fcheck_smtp.c;h=3b0e4694120abfed0604ad79a87396fa2630ce54;hb=3982b98ba2db3ebebf65d7f0f4ad83a55a3efc49;hp=2c03874b1f332020e96f6abb42e2ba9d4eac4708;hpb=2d61d4b43eb58662474e8aff51d6d8e8a780a751;p=nagiosplug.git diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c index 2c03874..3b0e469 100644 --- a/plugins/check_smtp.c +++ b/plugins/check_smtp.c @@ -1,161 +1,325 @@ /****************************************************************************** -* -* CHECK_SMTP.C -* -* Program: SMTP plugin for Nagios -* License: GPL -* Copyright (c) 1999 Ethan Galstad (nagios@nagios.org) -* -* $Id$ -* -* Description: -* -* This plugin will attempt to open an SMTP connection with the host. -* Successul connects return STATE_OK, refusals and timeouts return -* STATE_CRITICAL, other errors return STATE_UNKNOWN. Successful -* connects, but incorrect reponse messages from the host result in -* STATE_WARNING return values. -* -* License Information: -* -* This program is free software; you can redistribute it and/or modify -* it under the terms of the GNU General Public License as published by -* the Free Software Foundation; either version 2 of the License, or -* (at your option) any later version. -* -* This program is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU General Public License for more details. -* -* You should have received a copy of the GNU General Public License -* along with this program; if not, write to the Free Software -* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -* -*****************************************************************************/ - -#include "config.h" + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id$ + +******************************************************************************/ + +const char *progname = "check_smtp"; +const char *revision = "$Revision$"; +const char *copyright = "2000-2004"; +const char *email = "nagiosplug-devel@lists.sourceforge.net"; + #include "common.h" #include "netutils.h" #include "utils.h" -#define PROGNAME "check_smtp" +#ifdef HAVE_SSL_H +# include +# include +# include +# include +# include +# include +#else +# ifdef HAVE_OPENSSL_SSL_H +# include +# include +# include +# include +# include +# include +# endif +#endif + +#ifdef HAVE_SSL + +int check_cert = FALSE; +int days_till_exp; +SSL_CTX *ctx; +SSL *ssl; +X509 *server_cert; +int connect_STARTTLS (void); +int check_certificate (X509 **); +#endif -#define SMTP_PORT 25 -#define SMTP_EXPECT "220" -/* sendmail will syslog a "NOQUEUE" error if session does not attempt - * to do something useful. This can be prevented by giving a command - * even if syntax is illegal (MAIL requires a FROM:<...> argument) - * You can disable sending DUMMYCMD by undefining SMTP_USE_DUMMYCMD. - */ -#define SMTP_DUMMYCMD "MAIL\n" -#define SMTP_USE_DUMMYCMD 1 -#define SMTP_QUIT "QUIT\n" +enum { + SMTP_PORT = 25 +}; +const char *SMTP_EXPECT = "220"; +const char *SMTP_HELO = "HELO "; +const char *SMTP_QUIT = "QUIT\r\n"; +const char *SMTP_STARTTLS = "STARTTLS\r\n"; int process_arguments (int, char **); -int call_getopt (int, char **); int validate_arguments (void); -int check_disk (int usp, int free_disk); void print_help (void); void print_usage (void); +int myrecv(void); +int my_close(void); + +#ifdef HAVE_REGEX_H +#include +char regex_expect[MAX_INPUT_BUFFER] = ""; +regex_t preg; +regmatch_t pmatch[10]; +char timestamp[10] = ""; +char errbuf[MAX_INPUT_BUFFER]; +int cflags = REG_EXTENDED | REG_NOSUB | REG_NEWLINE; +int eflags = 0; +int errcode, excode; +#endif int server_port = SMTP_PORT; char *server_address = NULL; char *server_expect = NULL; +int smtp_use_dummycmd = 0; +char *mail_command = NULL; +char *from_arg = NULL; +int ncommands=0; +int command_size=0; +int nresponses=0; +int response_size=0; +char **commands = NULL; +char **responses = NULL; int warning_time = 0; int check_warning_time = FALSE; int critical_time = 0; int check_critical_time = FALSE; -int verbose = FALSE; +int verbose = 0; +int use_ssl = FALSE; +int sd; +char buffer[MAX_INPUT_BUFFER]; +enum { + TCP_PROTOCOL = 1, + UDP_PROTOCOL = 2, + MAXBUF = 1024 +}; int main (int argc, char **argv) { - int sd; - int result; - char buffer[MAX_INPUT_BUFFER] = ""; - if (process_arguments (argc, argv) != OK) - usage ("Invalid command arguments supplied\n"); + int n = 0; + double elapsed_time; + long microsec; + int result = STATE_UNKNOWN; + char *cmd_str = NULL; + char *helocmd = NULL; + struct timeval tv; + + setlocale (LC_ALL, ""); + bindtextdomain (PACKAGE, LOCALEDIR); + textdomain (PACKAGE); + + if (process_arguments (argc, argv) == ERROR) + usage4 (_("Could not parse arguments")); + + /* initialize the HELO command with the localhostname */ +#ifndef HOST_MAX_BYTES +#define HOST_MAX_BYTES 255 +#endif + helocmd = malloc (HOST_MAX_BYTES); + gethostname(helocmd, HOST_MAX_BYTES); + asprintf (&helocmd, "%s%s%s", SMTP_HELO, helocmd, "\r\n"); + + /* initialize the MAIL command with optional FROM command */ + asprintf (&cmd_str, "%sFROM: %s%s", mail_command, from_arg, "\r\n"); + if (verbose && smtp_use_dummycmd) + printf ("FROM CMD: %s", cmd_str); + /* initialize alarm signal handling */ - signal (SIGALRM, socket_timeout_alarm_handler); + (void) signal (SIGALRM, socket_timeout_alarm_handler); /* set socket timeout */ - alarm (socket_timeout); + (void) alarm (socket_timeout); + + /* start timer */ + gettimeofday (&tv, NULL); /* try to connect to the host at the given port number */ - time (&start_time); result = my_tcp_connect (server_address, server_port, &sd); - /* we connected, so close connection before exiting */ - if (result == STATE_OK) { - - /* watch for the SMTP connection string */ - result = recv (sd, buffer, MAX_INPUT_BUFFER - 1, 0); - - /* strip the buffer of carriage returns */ - strip (buffer); + if (result == STATE_OK) { /* we connected */ + /* watch for the SMTP connection string and */ /* return a WARNING status if we couldn't read any data */ - if (result == -1) { - printf ("recv() failed\n"); + if (recv (sd, buffer, MAX_INPUT_BUFFER - 1, 0) == -1) { + printf (_("recv() failed\n")); result = STATE_WARNING; } - else { - + if (verbose) + printf ("%s", buffer); + /* strip the buffer of carriage returns */ + strip (buffer); /* make sure we find the response we are looking for */ if (!strstr (buffer, server_expect)) { if (server_port == SMTP_PORT) - printf ("Invalid SMTP response received from host\n"); + printf (_("Invalid SMTP response received from host\n")); else - printf ("Invalid SMTP response received from host on port %d\n", + printf (_("Invalid SMTP response received from host on port %d\n"), server_port); result = STATE_WARNING; } + } +#ifdef HAVE_SSL + if(use_ssl) { + /* send the STARTTLS command */ + send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0); + + recv(sd,buffer, MAX_INPUT_BUFFER-1, 0); // wait for it + if (!strstr (buffer, server_expect)) { + printf (_("Server does not support STARTTLS\n")); + return STATE_UNKNOWN; + } + if(connect_STARTTLS() != OK) { + printf (_("CRITICAL - Cannot create SSL context.\n")); + return STATE_CRITICAL; + } + if ( check_cert ) { + if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) { + result = check_certificate (&server_cert); + X509_free(server_cert); + } + else { + printf (_("CRITICAL - Cannot retrieve server certificate.\n")); + result = STATE_CRITICAL; + + } + my_close(); + return result; + } + } +#endif + /* send the HELO command */ +#ifdef HAVE_SSL + if (use_ssl) + SSL_write(ssl, helocmd, strlen(helocmd)); + else +#endif + send(sd, helocmd, strlen(helocmd), 0); + + /* allow for response to helo command to reach us */ + myrecv(); + + /* sendmail will syslog a "NOQUEUE" error if session does not attempt + * to do something useful. This can be prevented by giving a command + * even if syntax is illegal (MAIL requires a FROM:<...> argument) + * + * According to rfc821 you can include a null reversepath in the from command + * - but a log message is generated on the smtp server. + * + * You can disable sending mail_command with '--nocommand' + * Use the -f option to provide a FROM address + */ + if (smtp_use_dummycmd) { +#ifdef HAVE_SSL + if (use_ssl) + SSL_write(ssl, cmd_str, strlen(cmd_str)); + else +#endif + send(sd, cmd_str, strlen(cmd_str), 0); + myrecv(); + if (verbose) + printf("%s", buffer); + } - else { - - time (&end_time); - - result = STATE_OK; - - if (check_critical_time == TRUE - && (end_time - start_time) > critical_time) result = - STATE_CRITICAL; - else if (check_warning_time == TRUE - && (end_time - start_time) > warning_time) result = - STATE_WARNING; - - if (verbose == TRUE) - printf ("SMTP %s - %d sec. response time, %s\n", - state_text (result), (int) (end_time - start_time), buffer); - else - printf ("SMTP %s - %d second response time\n", state_text (result), - (int) (end_time - start_time)); + while (n < ncommands) { + asprintf (&cmd_str, "%s%s", commands[n], "\r\n"); +#ifdef HAVE_SSL + if (use_ssl) + SSL_write(ssl,cmd_str, strlen(cmd_str)); + else +#endif + send(sd, cmd_str, strlen(cmd_str), 0); + myrecv(); + if (verbose) + printf("%s", buffer); + strip (buffer); + if (n < nresponses) { +#ifdef HAVE_REGEX_H + cflags |= REG_EXTENDED | REG_NOSUB | REG_NEWLINE; + //strncpy (regex_expect, responses[n], sizeof (regex_expect) - 1); + //regex_expect[sizeof (regex_expect) - 1] = '\0'; + errcode = regcomp (&preg, responses[n], cflags); + if (errcode != 0) { + regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER); + printf (_("Could Not Compile Regular Expression")); + return ERROR; + } + excode = regexec (&preg, buffer, 10, pmatch, eflags); + if (excode == 0) { + result = STATE_OK; + } + else if (excode == REG_NOMATCH) { + result = STATE_WARNING; + printf (_("SMTP %s - Invalid response '%s' to command '%s'\n"), state_text (result), buffer, commands[n]); + } + else { + regerror (excode, &preg, errbuf, MAX_INPUT_BUFFER); + printf (_("Execute Error: %s\n"), errbuf); + result = STATE_UNKNOWN; + } +#else + if (strstr(buffer, responses[n])!=buffer) { + result = STATE_WARNING; + printf (_("SMTP %s - Invalid response '%s' to command '%s'\n"), state_text (result), buffer, commands[n]); + } +#endif } + n++; } - /* close the connection */ -#ifdef SMTP_USE_DUMMYCMD - send(sd,SMTP_DUMMYCMD,strlen(SMTP_DUMMYCMD),0); - /* allow for response to DUMMYCMD to reach us */ - recv(sd,buffer,MAX_INPUT_BUFFER-1,0); -#endif /* SMTP_USE_DUMMYCMD */ - + /* tell the server we're done */ +#ifdef HAVE_SSL + if (use_ssl) + SSL_write(ssl,SMTP_QUIT, strlen (SMTP_QUIT)); + else +#endif send (sd, SMTP_QUIT, strlen (SMTP_QUIT), 0); + + /* finally close the connection */ close (sd); } /* reset the alarm */ alarm (0); - return result; -} + microsec = deltime (tv); + elapsed_time = (double)microsec / 1.0e6; + if (result == STATE_OK) { + if (check_critical_time && elapsed_time > (double) critical_time) + result = STATE_CRITICAL; + else if (check_warning_time && elapsed_time > (double) warning_time) + result = STATE_WARNING; + } + printf (_("SMTP %s - %.3f sec. response time%s%s|%s\n"), + state_text (result), elapsed_time, + verbose?", ":"", verbose?buffer:"", + fperfdata ("time", elapsed_time, "s", + (int)check_warning_time, warning_time, + (int)check_critical_time, critical_time, + TRUE, 0, FALSE, 0)); + return result; +} @@ -165,6 +329,28 @@ process_arguments (int argc, char **argv) { int c; + int option = 0; + static struct option longopts[] = { + {"hostname", required_argument, 0, 'H'}, + {"expect", required_argument, 0, 'e'}, + {"critical", required_argument, 0, 'c'}, + {"warning", required_argument, 0, 'w'}, + {"timeout", required_argument, 0, 't'}, + {"port", required_argument, 0, 'p'}, + {"from", required_argument, 0, 'f'}, + {"command", required_argument, 0, 'C'}, + {"response", required_argument, 0, 'R'}, + {"nocommand", required_argument, 0, 'n'}, + {"verbose", no_argument, 0, 'v'}, + {"version", no_argument, 0, 'V'}, + {"use-ipv4", no_argument, 0, '4'}, + {"use-ipv6", no_argument, 0, '6'}, + {"help", no_argument, 0, 'h'}, + {"starttls",no_argument,0,'S'}, + {"certificate",required_argument,0,'D'}, + {0, 0, 0, 0} + }; + if (argc < 2) return ERROR; @@ -177,109 +363,62 @@ process_arguments (int argc, char **argv) strcpy (argv[c], "-c"); } - - - c = 0; - while ((c += (call_getopt (argc - c, &argv[c]))) < argc) { - - if (is_option (argv[c])) - continue; - - if (server_address == NULL) { - if (is_host (argv[c])) { - server_address = argv[c]; - } - else { - usage ("Invalid host name"); - } - } - } - - if (server_address == NULL) - server_address = strscpy (NULL, "127.0.0.1"); - - if (server_expect == NULL) - server_expect = strscpy (NULL, SMTP_EXPECT); - - return validate_arguments (); -} - - - - - - -int -call_getopt (int argc, char **argv) -{ - int c, i = 0; - -#ifdef HAVE_GETOPT_H - int option_index = 0; - static struct option long_options[] = { - {"hostname", required_argument, 0, 'H'}, - {"expect", required_argument, 0, 'e'}, - {"critical", required_argument, 0, 'c'}, - {"warning", required_argument, 0, 'w'}, - {"port", required_argument, 0, 'P'}, - {"verbose", no_argument, 0, 'v'}, - {"version", no_argument, 0, 'V'}, - {"help", no_argument, 0, 'h'}, - {0, 0, 0, 0} - }; -#endif - while (1) { -#ifdef HAVE_GETOPT_H - c = - getopt_long (argc, argv, "+hVvt:p:e:c:w:H:", long_options, - &option_index); -#else - c = getopt (argc, argv, "+?hVvt:p:e:c:w:H:"); -#endif + c = getopt_long (argc, argv, "+hVv46t:p:f:e:c:w:H:C:R:SD:", + longopts, &option); - i++; - - if (c == -1 || c == EOF || c == 1) + if (c == -1 || c == EOF) break; - switch (c) { - case 't': - case 'p': - case 'e': - case 'c': - case 'w': - case 'H': - i++; - } - switch (c) { case 'H': /* hostname */ if (is_host (optarg)) { server_address = optarg; } else { - usage ("Invalid host name\n"); + usage2 (_("Invalid hostname/address"), optarg); } break; case 'p': /* port */ - if (is_intpos (optarg)) { + if (is_intpos (optarg)) server_port = atoi (optarg); - } - else { - usage ("Server port must be a positive integer\n"); - } + else + usage4 (_("Port must be a positive integer")); break; - case 'e': /* username */ + case 'f': /* from argument */ + from_arg = optarg; + smtp_use_dummycmd = 1; + break; + case 'e': /* server expect string on 220 */ server_expect = optarg; break; + case 'C': /* commands */ + if (ncommands >= command_size) { + commands = realloc (commands, command_size+8); + if (commands == NULL) + die (STATE_UNKNOWN, + _("Could not realloc() units [%d]\n"), ncommands); + } + commands[ncommands] = optarg; + ncommands++; + break; + case 'R': /* server responses */ + if (nresponses >= response_size) { + responses = realloc (responses, response_size+8); + if (responses == NULL) + die (STATE_UNKNOWN, + _("Could not realloc() units [%d]\n"), nresponses); + } + responses[nresponses] = optarg; + nresponses++; + break; case 'c': /* critical time threshold */ if (is_intnonneg (optarg)) { critical_time = atoi (optarg); check_critical_time = TRUE; } else { - usage ("Critical time must be a nonnegative integer\n"); + usage4 (_("Critical time must be a positive integer")); } break; case 'w': /* warning time threshold */ @@ -288,34 +427,80 @@ call_getopt (int argc, char **argv) check_warning_time = TRUE; } else { - usage ("Warning time must be a nonnegative integer\n"); + usage4 (_("Warning time must be a positive integer")); } break; case 'v': /* verbose */ - verbose = TRUE; + verbose++; break; case 't': /* timeout */ if (is_intnonneg (optarg)) { socket_timeout = atoi (optarg); } else { - usage ("Time interval must be a nonnegative integer\n"); + usage4 (_("Timeout interval must be a positive integer")); } break; + case 'S': + /* starttls */ + use_ssl = TRUE; + break; + case 'D': + /* Check SSL cert validity */ +#ifdef HAVE_SSL + if (!is_intnonneg (optarg)) + usage2 ("Invalid certificate expiration period",optarg); + days_till_exp = atoi (optarg); + check_cert = TRUE; +#else + usage (_("SSL support not available - install OpenSSL and recompile")); +#endif + break; + case '4': + address_family = AF_INET; + break; + case '6': +#ifdef USE_IPV6 + address_family = AF_INET6; +#else + usage4 (_("IPv6 support not available")); +#endif + break; case 'V': /* version */ - print_revision (PROGNAME, "$Revision$"); + print_revision (progname, revision); exit (STATE_OK); case 'h': /* help */ print_help (); exit (STATE_OK); case '?': /* help */ - usage ("Invalid argument\n"); + usage2 (_("Unknown argument"), optarg); } } - return i; -} + c = optind; + if (server_address == NULL) { + if (argv[c]) { + if (is_host (argv[c])) + server_address = argv[c]; + else + usage2 (_("Invalid hostname/address"), argv[c]); + } + else { + asprintf (&server_address, "127.0.0.1"); + } + } + if (server_expect == NULL) + server_expect = strdup (SMTP_EXPECT); + + if (mail_command == NULL) + mail_command = strdup("MAIL "); + + if (from_arg==NULL) + from_arg = strdup(" "); + + return validate_arguments (); +} @@ -327,49 +512,217 @@ validate_arguments (void) - - void print_help (void) { - print_revision (PROGNAME, "$Revision$"); - printf - ("Copyright (c) 2000 Ethan Galstad/Karl DeBisschop\n\n" - "This plugin test the SMTP service on the specified host.\n\n"); + char *myport; + asprintf (&myport, "%d", SMTP_PORT); + + print_revision (progname, revision); + + printf ("Copyright (c) 1999-2001 Ethan Galstad \n"); + printf (COPYRIGHT, copyright, email); + + printf(_("This plugin will attempt to open an SMTP connection with the host.\n\n")); + print_usage (); - printf - ("\nOptions:\n" - " -H, --hostname=STRING or IPADDRESS\n" - " Check server on the indicated host\n" - " -p, --port=INTEGER\n" - " Make connection on the indicated port (default: %d)\n" - " -e, --expect=STRING\n" - " String to expect in first line of server response (default: %s)\n" - " -w, --warning=INTEGER\n" - " Seconds necessary to result in a warning status\n" - " -c, --critical=INTEGER\n" - " Seconds necessary to result in a critical status\n" - " -t, --timeout=INTEGER\n" - " Seconds before connection attempt times out (default: %d)\n" - " -v, --verbose\n" - " Print extra information (command-line use only)\n" - " -h, --help\n" - " Print detailed help screen\n" - " -V, --version\n" - " Print version information\n\n", - SMTP_PORT, SMTP_EXPECT, DEFAULT_SOCKET_TIMEOUT); - support (); -} + printf (_(UT_HELP_VRSN)); + + printf (_(UT_HOST_PORT), 'p', myport); + + printf (_(UT_IPv46)); + + printf (_("\ + -e, --expect=STRING\n\ + String to expect in first line of server response (default: '%s')\n\ + -n, nocommand\n\ + Suppress SMTP command\n\ + -C, --command=STRING\n\ + SMTP command (may be used repeatedly)\n\ + -R, --command=STRING\n\ + Expected response to command (may be used repeatedly)\n\ + -f, --from=STRING\n\ + FROM-address to include in MAIL command, required by Exchange 2000\n"), + SMTP_EXPECT); +#ifdef HAVE_SSL + printf (_("\ + -D, --certificate=INTEGER\n\ + Minimum number of days a certificate has to be valid.\n\ + -S, --starttls\n\ + Use STARTTLS for the connection.\n")); +#endif + + printf (_(UT_WARN_CRIT)); + + printf (_(UT_TIMEOUT), DEFAULT_SOCKET_TIMEOUT); + printf (_(UT_VERBOSE)); + + printf(_("\n\ +Successul connects return STATE_OK, refusals and timeouts return\n\ +STATE_CRITICAL, other errors return STATE_UNKNOWN. Successful\n\ +connects, but incorrect reponse messages from the host result in\n\ +STATE_WARNING return values.\n")); + + printf (_(UT_SUPPORT)); +} void print_usage (void) { - printf - ("Usage: %s -H host [-e expect] [-p port] [-w warn] [-c crit] [-t timeout] [-v]\n" - " %s --help\n" - " %s --version\n", PROGNAME, PROGNAME, PROGNAME); + printf ("\ +Usage: %s -H host [-p port] [-e expect] [-C command] [-f from addr]\n\ + [-w warn] [-c crit] [-t timeout] [-S] [-D days] [-n] [-v] [-4|-6]\n", progname); +} + +#ifdef HAVE_SSL +int +connect_STARTTLS (void) +{ + SSL_METHOD *meth; + + /* Initialize SSL context */ + SSLeay_add_ssl_algorithms (); + meth = SSLv2_client_method (); + SSL_load_error_strings (); + if ((ctx = SSL_CTX_new (meth)) == NULL) + { + printf(_("CRITICAL - Cannot create SSL context.\n")); + return STATE_CRITICAL; + } + /* do the SSL handshake */ + if ((ssl = SSL_new (ctx)) != NULL) + { + SSL_set_fd (ssl, sd); + /* original version checked for -1 + I look for success instead (1) */ + if (SSL_connect (ssl) == 1) + return OK; + ERR_print_errors_fp (stderr); + } + else + { + printf (_("CRITICAL - Cannot initiate SSL handshake.\n")); + } + /* this causes a seg faul + not sure why, being sloppy + and commenting it out */ + // SSL_free (ssl); + SSL_CTX_free(ctx); + my_close(); + + return STATE_CRITICAL; +} + +int +check_certificate (X509 ** certificate) +{ + ASN1_STRING *tm; + int offset; + struct tm stamp; + int days_left; + + /* Retrieve timestamp of certificate */ + tm = X509_get_notAfter (*certificate); + + /* Generate tm structure to process timestamp */ + if (tm->type == V_ASN1_UTCTIME) { + if (tm->length < 10) { + printf (_("CRITICAL - Wrong time format in certificate.\n")); + return STATE_CRITICAL; + } + else { + stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0'); + if (stamp.tm_year < 50) + stamp.tm_year += 100; + offset = 0; + } + } + else { + if (tm->length < 12) { + printf (_("CRITICAL - Wrong time format in certificate.\n")); + return STATE_CRITICAL; + } + else { + stamp.tm_year = + (tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 + + (tm->data[2] - '0') * 10 + (tm->data[3] - '0'); + stamp.tm_year -= 1900; + offset = 2; + } + } + stamp.tm_mon = + (tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1; + stamp.tm_mday = + (tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0'); + stamp.tm_hour = + (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0'); + stamp.tm_min = + (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0'); + stamp.tm_sec = 0; + stamp.tm_isdst = -1; + + days_left = (mktime (&stamp) - time (NULL)) / 86400; + snprintf + (timestamp, 16, "%02d/%02d/%04d %02d:%02d", + stamp.tm_mon + 1, + stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min); + + if (days_left > 0 && days_left <= days_till_exp) { + printf ("Certificate expires in %d day(s) (%s).\n", days_left, timestamp); + return STATE_WARNING; + } + if (days_left < 0) { + printf ("Certificate expired on %s.\n", timestamp); + return STATE_CRITICAL; + } + + if (days_left == 0) { + printf ("Certificate expires today (%s).\n", timestamp); + return STATE_WARNING; + } + + printf ("Certificate will expire on %s.\n", timestamp); + + return STATE_OK; +} +#endif + +int +myrecv (void) +{ + int i; + +#ifdef HAVE_SSL + if (use_ssl) { + i = SSL_read (ssl, buffer, MAXBUF - 1); + } + else { +#endif + i = read (sd, buffer, MAXBUF - 1); +#ifdef HAVE_SSL + } +#endif + return i; +} + +int +my_close (void) +{ +#ifdef HAVE_SSL + if (use_ssl == TRUE) { + SSL_shutdown (ssl); + SSL_free (ssl); + SSL_CTX_free (ctx); + return 0; + } + else { +#endif + return close(sd); +#ifdef HAVE_SSL + } +#endif }