X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=plugins%2Fcheck_smtp.c;h=62f102549880fa1c35e76912055335d878e7822b;hb=6b782ebfd4832c1fe621556bcf894162b8caa8aa;hp=d8b90597c8ad3489a688faefab2ea6b63ede2447;hpb=0c3386274ef5002dffc20337ef02407f24d7400c;p=nagiosplug.git
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index d8b9059..62f1025 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -1,185 +1,420 @@
-/******************************************************************************
-*
-* CHECK_SMTP.C
-*
-* Program: SMTP plugin for Nagios
+/*****************************************************************************
+*
+* Nagios check_smtp plugin
+*
* License: GPL
-* Copyright (c) 1999 Ethan Galstad (nagios@nagios.org)
-*
-* $Id$
-*
+* Copyright (c) 2000-2007 Nagios Plugins Development Team
+*
* Description:
-*
+*
+* This file contains the check_smtp plugin
+*
* This plugin will attempt to open an SMTP connection with the host.
-* Successul connects return STATE_OK, refusals and timeouts return
-* STATE_CRITICAL, other errors return STATE_UNKNOWN. Successful
-* connects, but incorrect reponse messages from the host result in
-* STATE_WARNING return values.
-*
-* License Information:
-*
-* This program is free software; you can redistribute it and/or modify
+*
+*
+* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
-* the Free Software Foundation; either version 2 of the License, or
+* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
-*
+*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
-*
+*
* You should have received a copy of the GNU General Public License
-* along with this program; if not, write to the Free Software
-* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*
+* along with this program. If not, see .
+*
+*
*****************************************************************************/
-#include "config.h"
+const char *progname = "check_smtp";
+const char *copyright = "2000-2007";
+const char *email = "nagiosplug-devel@lists.sourceforge.net";
+
#include "common.h"
#include "netutils.h"
#include "utils.h"
+#include "base64.h"
+
+#include
+
+#ifdef HAVE_SSL
+int check_cert = FALSE;
+int days_till_exp;
+# define my_recv(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
+# define my_send(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
+#else /* ifndef HAVE_SSL */
+# define my_recv(buf, len) read(sd, buf, len)
+# define my_send(buf, len) send(sd, buf, len, 0)
+#endif
-const char *progname = "check_smtp";
-
-#define SMTP_PORT 25
-#define SMTP_EXPECT "220"
+enum {
+ SMTP_PORT = 25
+};
+#define SMTP_EXPECT "220"
#define SMTP_HELO "HELO "
+#define SMTP_EHLO "EHLO "
+#define SMTP_QUIT "QUIT\r\n"
+#define SMTP_STARTTLS "STARTTLS\r\n"
+#define SMTP_AUTH_LOGIN "AUTH LOGIN\r\n"
-/* sendmail will syslog a "NOQUEUE" error if session does not attempt
- * to do something useful. This can be prevented by giving a command
- * even if syntax is illegal (MAIL requires a FROM:<...> argument)
- * You can disable sending DUMMYCMD by undefining SMTP_USE_DUMMYCMD.
- *
- * According to rfc821 you can include a null reversepath in the from command
- * - but a log message is generated on the smtp server.
- *
- * Use the -f option to provide a FROM address
- */
-
-#define SMTP_DUMMYCMD "MAIL "
-#define SMTP_USE_DUMMYCMD 1
-#define SMTP_QUIT "QUIT\r\n"
+#ifndef HOST_MAX_BYTES
+#define HOST_MAX_BYTES 255
+#endif
+
+#define EHLO_SUPPORTS_STARTTLS 1
int process_arguments (int, char **);
int validate_arguments (void);
void print_help (void);
void print_usage (void);
+void smtp_quit(void);
+int recvline(char *, size_t);
+int recvlines(char *, size_t);
+int my_close(void);
+
+#include "regex.h"
+char regex_expect[MAX_INPUT_BUFFER] = "";
+regex_t preg;
+regmatch_t pmatch[10];
+char timestamp[20] = "";
+char errbuf[MAX_INPUT_BUFFER];
+int cflags = REG_EXTENDED | REG_NOSUB | REG_NEWLINE;
+int eflags = 0;
+int errcode, excode;
int server_port = SMTP_PORT;
char *server_address = NULL;
char *server_expect = NULL;
-char *from_arg = " ";
+int smtp_use_dummycmd = 0;
+char *mail_command = NULL;
+char *from_arg = NULL;
+int ncommands=0;
+int command_size=0;
+int nresponses=0;
+int response_size=0;
+char **commands = NULL;
+char **responses = NULL;
+char *authtype = NULL;
+char *authuser = NULL;
+char *authpass = NULL;
int warning_time = 0;
int check_warning_time = FALSE;
int critical_time = 0;
int check_critical_time = FALSE;
-int verbose = FALSE;
+int verbose = 0;
+int use_ssl = FALSE;
+short use_ehlo = FALSE;
+short ssl_established = 0;
+char *localhostname = NULL;
+int sd;
+char buffer[MAX_INPUT_BUFFER];
+enum {
+ TCP_PROTOCOL = 1,
+ UDP_PROTOCOL = 2,
+};
+
int
main (int argc, char **argv)
{
- int sd;
- int result;
- char buffer[MAX_INPUT_BUFFER] = "";
- char *from_str = NULL;
+ short supports_tls=FALSE;
+ int n = 0;
+ double elapsed_time;
+ long microsec;
+ int result = STATE_UNKNOWN;
+ char *cmd_str = NULL;
char *helocmd = NULL;
+ char *error_msg = "";
+ struct timeval tv;
- if (process_arguments (argc, argv) != OK)
- usage ("Invalid command arguments supplied\n");
+ setlocale (LC_ALL, "");
+ bindtextdomain (PACKAGE, LOCALEDIR);
+ textdomain (PACKAGE);
- /* initialize the HELO command with the localhostname */
-#ifndef HOST_MAX_BYTES
-#define HOST_MAX_BYTES 255
-#endif
- helocmd = malloc (HOST_MAX_BYTES);
- gethostname(helocmd, HOST_MAX_BYTES);
- asprintf (&helocmd, "%s%s%s", SMTP_HELO, helocmd, "\r\n");
+ /* Parse extra opts if any */
+ argv=np_extra_opts (&argc, argv, progname);
+
+ if (process_arguments (argc, argv) == ERROR)
+ usage4 (_("Could not parse arguments"));
+
+ /* If localhostname not set on command line, use gethostname to set */
+ if(! localhostname){
+ localhostname = malloc (HOST_MAX_BYTES);
+ if(!localhostname){
+ printf(_("malloc() failed!\n"));
+ return STATE_CRITICAL;
+ }
+ if(gethostname(localhostname, HOST_MAX_BYTES)){
+ printf(_("gethostname() failed!\n"));
+ return STATE_CRITICAL;
+ }
+ }
+ if(use_ehlo)
+ asprintf (&helocmd, "%s%s%s", SMTP_EHLO, localhostname, "\r\n");
+ else
+ asprintf (&helocmd, "%s%s%s", SMTP_HELO, localhostname, "\r\n");
+
+ if (verbose)
+ printf("HELOCMD: %s", helocmd);
/* initialize the MAIL command with optional FROM command */
- asprintf (&from_str, "%sFROM: %s%s", SMTP_DUMMYCMD, from_arg, "\r\n");
+ asprintf (&cmd_str, "%sFROM: %s%s", mail_command, from_arg, "\r\n");
+
+ if (verbose && smtp_use_dummycmd)
+ printf ("FROM CMD: %s", cmd_str);
- if (verbose == TRUE)
- printf ("FROMCMD: %s\n", from_str);
-
/* initialize alarm signal handling */
- signal (SIGALRM, socket_timeout_alarm_handler);
+ (void) signal (SIGALRM, socket_timeout_alarm_handler);
/* set socket timeout */
- alarm (socket_timeout);
+ (void) alarm (socket_timeout);
+
+ /* start timer */
+ gettimeofday (&tv, NULL);
/* try to connect to the host at the given port number */
- time (&start_time);
result = my_tcp_connect (server_address, server_port, &sd);
- /* we connected, so close connection before exiting */
- if (result == STATE_OK) {
-
- /* watch for the SMTP connection string */
- result = recv (sd, buffer, MAX_INPUT_BUFFER - 1, 0);
-
- /* strip the buffer of carriage returns */
- strip (buffer);
+ if (result == STATE_OK) { /* we connected */
+ /* watch for the SMTP connection string and */
/* return a WARNING status if we couldn't read any data */
- if (result == -1) {
- printf ("recv() failed\n");
+ if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) {
+ printf (_("recv() failed\n"));
result = STATE_WARNING;
}
-
else {
-
+ if (verbose)
+ printf ("%s", buffer);
+ /* strip the buffer of carriage returns */
+ strip (buffer);
/* make sure we find the response we are looking for */
if (!strstr (buffer, server_expect)) {
if (server_port == SMTP_PORT)
- printf ("Invalid SMTP response received from host\n");
+ printf (_("Invalid SMTP response received from host: %s\n"), buffer);
else
- printf ("Invalid SMTP response received from host on port %d\n",
- server_port);
+ printf (_("Invalid SMTP response received from host on port %d: %s\n"),
+ server_port, buffer);
result = STATE_WARNING;
}
+ }
- else {
-
- time (&end_time);
-
- result = STATE_OK;
-
- if (check_critical_time == TRUE
- && (end_time - start_time) > critical_time) result =
- STATE_CRITICAL;
- else if (check_warning_time == TRUE
- && (end_time - start_time) > warning_time) result =
- STATE_WARNING;
+ /* send the HELO/EHLO command */
+ send(sd, helocmd, strlen(helocmd), 0);
- if (verbose == TRUE)
- printf ("SMTP %s - %d sec. response time, %s\n",
- state_text (result), (int) (end_time - start_time), buffer);
- else
- printf ("SMTP %s - %d second response time\n", state_text (result),
- (int) (end_time - start_time));
+ /* allow for response to helo command to reach us */
+ if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) {
+ printf (_("recv() failed\n"));
+ return STATE_WARNING;
+ } else if(use_ehlo){
+ if(strstr(buffer, "250 STARTTLS") != NULL ||
+ strstr(buffer, "250-STARTTLS") != NULL){
+ supports_tls=TRUE;
}
}
- /* close the connection */
+ if(use_ssl && ! supports_tls){
+ printf(_("WARNING - TLS not supported by server\n"));
+ smtp_quit();
+ return STATE_WARNING;
+ }
- /* first send the HELO command */
- send(sd, helocmd, strlen(helocmd), 0);
+#ifdef HAVE_SSL
+ if(use_ssl) {
+ /* send the STARTTLS command */
+ send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0);
+
+ recvlines(buffer, MAX_INPUT_BUFFER); /* wait for it */
+ if (!strstr (buffer, server_expect)) {
+ printf (_("Server does not support STARTTLS\n"));
+ smtp_quit();
+ return STATE_UNKNOWN;
+ }
+ result = np_net_ssl_init(sd);
+ if(result != STATE_OK) {
+ printf (_("CRITICAL - Cannot create SSL context.\n"));
+ np_net_ssl_cleanup();
+ close(sd);
+ return STATE_CRITICAL;
+ } else {
+ ssl_established = 1;
+ }
+
+ /*
+ * Resend the EHLO command.
+ *
+ * RFC 3207 (4.2) says: ``The client MUST discard any knowledge
+ * obtained from the server, such as the list of SMTP service
+ * extensions, which was not obtained from the TLS negotiation
+ * itself. The client SHOULD send an EHLO command as the first
+ * command after a successful TLS negotiation.'' For this
+ * reason, some MTAs will not allow an AUTH LOGIN command before
+ * we resent EHLO via TLS.
+ */
+ if (my_send(helocmd, strlen(helocmd)) <= 0) {
+ printf("%s\n", _("SMTP UNKNOWN - Cannot send EHLO command via TLS."));
+ my_close();
+ return STATE_UNKNOWN;
+ }
+ if (verbose)
+ printf(_("sent %s"), helocmd);
+ if ((n = recvlines(buffer, MAX_INPUT_BUFFER)) <= 0) {
+ printf("%s\n", _("SMTP UNKNOWN - Cannot read EHLO response via TLS."));
+ my_close();
+ return STATE_UNKNOWN;
+ }
+ if (verbose) {
+ printf("%s", buffer);
+ }
- /* allow for response to helo command to reach us */
- recv(sd, buffer, MAX_INPUT_BUFFER-1, 0);
-
-#ifdef SMTP_USE_DUMMYCMD
- send(sd, from_str, strlen(from_str), 0);
+# ifdef USE_OPENSSL
+ if ( check_cert ) {
+ result = np_net_ssl_check_cert(days_till_exp);
+ if(result != STATE_OK){
+ printf ("%s\n", _("CRITICAL - Cannot retrieve server certificate."));
+ }
+ my_close();
+ return result;
+ }
+# endif /* USE_OPENSSL */
+ }
+#endif
+
+ /* sendmail will syslog a "NOQUEUE" error if session does not attempt
+ * to do something useful. This can be prevented by giving a command
+ * even if syntax is illegal (MAIL requires a FROM:<...> argument)
+ *
+ * According to rfc821 you can include a null reversepath in the from command
+ * - but a log message is generated on the smtp server.
+ *
+ * Use the -f option to provide a FROM address
+ */
+ if (smtp_use_dummycmd) {
+ my_send(cmd_str, strlen(cmd_str));
+ if (recvlines(buffer, MAX_INPUT_BUFFER) >= 1 && verbose)
+ printf("%s", buffer);
+ }
- /* allow for response to DUMMYCMD to reach us */
- recv(sd, buffer, MAX_INPUT_BUFFER-1, 0);
+ while (n < ncommands) {
+ asprintf (&cmd_str, "%s%s", commands[n], "\r\n");
+ my_send(cmd_str, strlen(cmd_str));
+ if (recvlines(buffer, MAX_INPUT_BUFFER) >= 1 && verbose)
+ printf("%s", buffer);
+ strip (buffer);
+ if (n < nresponses) {
+ cflags |= REG_EXTENDED | REG_NOSUB | REG_NEWLINE;
+ errcode = regcomp (&preg, responses[n], cflags);
+ if (errcode != 0) {
+ regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
+ printf (_("Could Not Compile Regular Expression"));
+ return ERROR;
+ }
+ excode = regexec (&preg, buffer, 10, pmatch, eflags);
+ if (excode == 0) {
+ result = STATE_OK;
+ }
+ else if (excode == REG_NOMATCH) {
+ result = STATE_WARNING;
+ printf (_("SMTP %s - Invalid response '%s' to command '%s'\n"), state_text (result), buffer, commands[n]);
+ }
+ else {
+ regerror (excode, &preg, errbuf, MAX_INPUT_BUFFER);
+ printf (_("Execute Error: %s\n"), errbuf);
+ result = STATE_UNKNOWN;
+ }
+ }
+ n++;
+ }
- if (verbose == TRUE)
- printf("DUMMYCMD: %s\n%s\n",from_str,buffer);
-#endif /* SMTP_USE_DUMMYCMD */
+ if (authtype != NULL) {
+ if (strcmp (authtype, "LOGIN") == 0) {
+ char *abuf;
+ int ret;
+ do {
+ if (authuser == NULL) {
+ result = STATE_CRITICAL;
+ asprintf(&error_msg, _("no authuser specified, "));
+ break;
+ }
+ if (authpass == NULL) {
+ result = STATE_CRITICAL;
+ asprintf(&error_msg, _("no authpass specified, "));
+ break;
+ }
+
+ /* send AUTH LOGIN */
+ my_send(SMTP_AUTH_LOGIN, strlen(SMTP_AUTH_LOGIN));
+ if (verbose)
+ printf (_("sent %s\n"), "AUTH LOGIN");
+
+ if ((ret = recvlines(buffer, MAX_INPUT_BUFFER)) <= 0) {
+ asprintf(&error_msg, _("recv() failed after AUTH LOGIN, "));
+ result = STATE_WARNING;
+ break;
+ }
+ if (verbose)
+ printf (_("received %s\n"), buffer);
+
+ if (strncmp (buffer, "334", 3) != 0) {
+ result = STATE_CRITICAL;
+ asprintf(&error_msg, _("invalid response received after AUTH LOGIN, "));
+ break;
+ }
+
+ /* encode authuser with base64 */
+ base64_encode_alloc (authuser, strlen(authuser), &abuf);
+ /* FIXME: abuf shouldn't have enough space to strcat a '\r\n' into it. */
+ strcat (abuf, "\r\n");
+ my_send(abuf, strlen(abuf));
+ if (verbose)
+ printf (_("sent %s\n"), abuf);
+
+ if ((ret = recvlines(buffer, MAX_INPUT_BUFFER)) <= 0) {
+ result = STATE_CRITICAL;
+ asprintf(&error_msg, _("recv() failed after sending authuser, "));
+ break;
+ }
+ if (verbose) {
+ printf (_("received %s\n"), buffer);
+ }
+ if (strncmp (buffer, "334", 3) != 0) {
+ result = STATE_CRITICAL;
+ asprintf(&error_msg, _("invalid response received after authuser, "));
+ break;
+ }
+ /* encode authpass with base64 */
+ base64_encode_alloc (authpass, strlen(authpass), &abuf);
+ /* FIXME: abuf shouldn't have enough space to strcat a '\r\n' into it. */
+ strcat (abuf, "\r\n");
+ my_send(abuf, strlen(abuf));
+ if (verbose) {
+ printf (_("sent %s\n"), abuf);
+ }
+ if ((ret = recvlines(buffer, MAX_INPUT_BUFFER)) <= 0) {
+ result = STATE_CRITICAL;
+ asprintf(&error_msg, _("recv() failed after sending authpass, "));
+ break;
+ }
+ if (verbose) {
+ printf (_("received %s\n"), buffer);
+ }
+ if (strncmp (buffer, "235", 3) != 0) {
+ result = STATE_CRITICAL;
+ asprintf(&error_msg, _("invalid response received after authpass, "));
+ break;
+ }
+ break;
+ } while (0);
+ } else {
+ result = STATE_CRITICAL;
+ asprintf(&error_msg, _("only authtype LOGIN is supported, "));
+ }
+ }
/* tell the server we're done */
- send (sd, SMTP_QUIT, strlen (SMTP_QUIT), 0);
+ smtp_quit();
/* finally close the connection */
close (sd);
@@ -188,11 +423,28 @@ main (int argc, char **argv)
/* reset the alarm */
alarm (0);
- return result;
-}
+ microsec = deltime (tv);
+ elapsed_time = (double)microsec / 1.0e6;
+ if (result == STATE_OK) {
+ if (check_critical_time && elapsed_time > (double) critical_time)
+ result = STATE_CRITICAL;
+ else if (check_warning_time && elapsed_time > (double) warning_time)
+ result = STATE_WARNING;
+ }
+ printf (_("SMTP %s - %s%.3f sec. response time%s%s|%s\n"),
+ state_text (result),
+ error_msg,
+ elapsed_time,
+ verbose?", ":"", verbose?buffer:"",
+ fperfdata ("time", elapsed_time, "s",
+ (int)check_warning_time, warning_time,
+ (int)check_critical_time, critical_time,
+ TRUE, 0, FALSE, 0));
+ return result;
+}
@@ -202,21 +454,30 @@ process_arguments (int argc, char **argv)
{
int c;
-#ifdef HAVE_GETOPT_H
- int option_index = 0;
- static struct option long_options[] = {
+ int option = 0;
+ static struct option longopts[] = {
{"hostname", required_argument, 0, 'H'},
{"expect", required_argument, 0, 'e'},
{"critical", required_argument, 0, 'c'},
{"warning", required_argument, 0, 'w'},
+ {"timeout", required_argument, 0, 't'},
{"port", required_argument, 0, 'p'},
{"from", required_argument, 0, 'f'},
+ {"fqdn", required_argument, 0, 'F'},
+ {"authtype", required_argument, 0, 'A'},
+ {"authuser", required_argument, 0, 'U'},
+ {"authpass", required_argument, 0, 'P'},
+ {"command", required_argument, 0, 'C'},
+ {"response", required_argument, 0, 'R'},
{"verbose", no_argument, 0, 'v'},
{"version", no_argument, 0, 'V'},
+ {"use-ipv4", no_argument, 0, '4'},
+ {"use-ipv6", no_argument, 0, '6'},
{"help", no_argument, 0, 'h'},
+ {"starttls",no_argument,0,'S'},
+ {"certificate",required_argument,0,'D'},
{0, 0, 0, 0}
};
-#endif
if (argc < 2)
return ERROR;
@@ -231,13 +492,9 @@ process_arguments (int argc, char **argv)
}
while (1) {
-#ifdef HAVE_GETOPT_H
- c =
- getopt_long (argc, argv, "+hVvt:p:f:e:c:w:H:", long_options,
- &option_index);
-#else
- c = getopt (argc, argv, "+?hVvt:p:f:e:c:w:H:");
-#endif
+ c = getopt_long (argc, argv, "+hVv46t:p:f:e:c:w:H:C:R:SD:F:A:U:P:",
+ longopts, &option);
+
if (c == -1 || c == EOF)
break;
@@ -247,30 +504,67 @@ process_arguments (int argc, char **argv)
server_address = optarg;
}
else {
- usage ("Invalid host name\n");
+ usage2 (_("Invalid hostname/address"), optarg);
}
break;
case 'p': /* port */
- if (is_intpos (optarg)) {
+ if (is_intpos (optarg))
server_port = atoi (optarg);
- }
- else {
- usage ("Server port must be a positive integer\n");
- }
+ else
+ usage4 (_("Port must be a positive integer"));
+ break;
+ case 'F':
+ /* localhostname */
+ localhostname = strdup(optarg);
break;
case 'f': /* from argument */
from_arg = optarg;
+ smtp_use_dummycmd = 1;
+ break;
+ case 'A':
+ authtype = optarg;
+ use_ehlo = TRUE;
+ break;
+ case 'U':
+ authuser = optarg;
+ break;
+ case 'P':
+ authpass = optarg;
break;
case 'e': /* server expect string on 220 */
server_expect = optarg;
break;
+ case 'C': /* commands */
+ if (ncommands >= command_size) {
+ command_size+=8;
+ commands = realloc (commands, sizeof(char *) * command_size);
+ if (commands == NULL)
+ die (STATE_UNKNOWN,
+ _("Could not realloc() units [%d]\n"), ncommands);
+ }
+ commands[ncommands] = (char *) malloc (sizeof(char) * 255);
+ strncpy (commands[ncommands], optarg, 255);
+ ncommands++;
+ break;
+ case 'R': /* server responses */
+ if (nresponses >= response_size) {
+ response_size += 8;
+ responses = realloc (responses, sizeof(char *) * response_size);
+ if (responses == NULL)
+ die (STATE_UNKNOWN,
+ _("Could not realloc() units [%d]\n"), nresponses);
+ }
+ responses[nresponses] = (char *) malloc (sizeof(char) * 255);
+ strncpy (responses[nresponses], optarg, 255);
+ nresponses++;
+ break;
case 'c': /* critical time threshold */
if (is_intnonneg (optarg)) {
critical_time = atoi (optarg);
check_critical_time = TRUE;
}
else {
- usage ("Critical time must be a nonnegative integer\n");
+ usage4 (_("Critical time must be a positive integer"));
}
break;
case 'w': /* warning time threshold */
@@ -279,28 +573,54 @@ process_arguments (int argc, char **argv)
check_warning_time = TRUE;
}
else {
- usage ("Warning time must be a nonnegative integer\n");
+ usage4 (_("Warning time must be a positive integer"));
}
break;
case 'v': /* verbose */
- verbose = TRUE;
+ verbose++;
break;
case 't': /* timeout */
if (is_intnonneg (optarg)) {
socket_timeout = atoi (optarg);
}
else {
- usage ("Time interval must be a nonnegative integer\n");
+ usage4 (_("Timeout interval must be a positive integer"));
}
break;
+ case 'S':
+ /* starttls */
+ use_ssl = TRUE;
+ use_ehlo = TRUE;
+ break;
+ case 'D':
+ /* Check SSL cert validity */
+#ifdef USE_OPENSSL
+ if (!is_intnonneg (optarg))
+ usage2 ("Invalid certificate expiration period",optarg);
+ days_till_exp = atoi (optarg);
+ check_cert = TRUE;
+#else
+ usage (_("SSL support not available - install OpenSSL and recompile"));
+#endif
+ break;
+ case '4':
+ address_family = AF_INET;
+ break;
+ case '6':
+#ifdef USE_IPV6
+ address_family = AF_INET6;
+#else
+ usage4 (_("IPv6 support not available"));
+#endif
+ break;
case 'V': /* version */
- print_revision (progname, "$Revision$");
+ print_revision (progname, NP_VERSION);
exit (STATE_OK);
case 'h': /* help */
print_help ();
exit (STATE_OK);
case '?': /* help */
- usage ("Invalid argument\n");
+ usage5 ();
}
}
@@ -310,7 +630,7 @@ process_arguments (int argc, char **argv)
if (is_host (argv[c]))
server_address = argv[c];
else
- usage ("Invalid host name");
+ usage2 (_("Invalid hostname/address"), argv[c]);
}
else {
asprintf (&server_address, "127.0.0.1");
@@ -318,12 +638,16 @@ process_arguments (int argc, char **argv)
}
if (server_expect == NULL)
- asprintf (&server_expect, SMTP_EXPECT);
+ server_expect = strdup (SMTP_EXPECT);
- return validate_arguments ();
-}
+ if (mail_command == NULL)
+ mail_command = strdup("MAIL ");
+ if (from_arg==NULL)
+ from_arg = strdup(" ");
+ return validate_arguments ();
+}
@@ -334,52 +658,173 @@ validate_arguments (void)
}
+void
+smtp_quit(void)
+{
+ int bytes;
+
+ my_send(SMTP_QUIT, strlen(SMTP_QUIT));
+ if (verbose)
+ printf(_("sent %s\n"), "QUIT");
+
+ /* read the response but don't care about problems */
+ bytes = recvlines(buffer, MAX_INPUT_BUFFER);
+ if (verbose) {
+ if (bytes < 0)
+ printf(_("recv() failed after QUIT."));
+ else if (bytes == 0)
+ printf(_("Connection reset by peer."));
+ else {
+ buffer[bytes] = '\0';
+ printf(_("received %s\n"), buffer);
+ }
+ }
+}
+
+
+/*
+ * Receive one line, copy it into buf and nul-terminate it. Returns the
+ * number of bytes written to buf (excluding the '\0') or 0 on EOF or <0 on
+ * error.
+ *
+ * TODO: Reading one byte at a time is very inefficient. Replace this by a
+ * function which buffers the data, move that to netutils.c and change
+ * check_smtp and other plugins to use that. Also, remove (\r)\n.
+ */
+int
+recvline(char *buf, size_t bufsize)
+{
+ int result;
+ unsigned i;
+
+ for (i = result = 0; i < bufsize - 1; i++) {
+ if ((result = my_recv(&buf[i], 1)) != 1)
+ break;
+ if (buf[i] == '\n') {
+ buf[++i] = '\0';
+ return i;
+ }
+ }
+ return (result == 1 || i == 0) ? -2 : result; /* -2 if out of space */
+}
+
+
+/*
+ * Receive one or more lines, copy them into buf and nul-terminate it. Returns
+ * the number of bytes written to buf (excluding the '\0') or 0 on EOF or <0 on
+ * error. Works for all protocols which format multiline replies as follows:
+ *
+ * ``The format for multiline replies requires that every line, except the last,
+ * begin with the reply code, followed immediately by a hyphen, `-' (also known
+ * as minus), followed by text. The last line will begin with the reply code,
+ * followed immediately by , optionally some text, and . As noted
+ * above, servers SHOULD send the if subsequent text is not sent, but
+ * clients MUST be prepared for it to be omitted.'' (RFC 2821, 4.2.1)
+ *
+ * TODO: Move this to netutils.c. Also, remove \r and possibly the final \n.
+ */
+int
+recvlines(char *buf, size_t bufsize)
+{
+ int result, i;
+
+ for (i = 0; /* forever */; i += result)
+ if (!((result = recvline(buf + i, bufsize - i)) > 3 &&
+ isdigit((int)buf[i]) &&
+ isdigit((int)buf[i + 1]) &&
+ isdigit((int)buf[i + 2]) &&
+ buf[i + 3] == '-'))
+ break;
+
+ return (result <= 0) ? result : result + i;
+}
+int
+my_close (void)
+{
+#ifdef HAVE_SSL
+ np_net_ssl_cleanup();
+#endif
+ return close(sd);
+}
+
void
print_help (void)
{
- print_revision (progname, "$Revision$");
- printf
- ("Copyright (c) 2000 Ethan Galstad/Karl DeBisschop\n\n"
- "This plugin test the SMTP service on the specified host.\n\n");
+ char *myport;
+ asprintf (&myport, "%d", SMTP_PORT);
+
+ print_revision (progname, NP_VERSION);
+
+ printf ("Copyright (c) 1999-2001 Ethan Galstad \n");
+ printf (COPYRIGHT, copyright, email);
+
+ printf("%s\n", _("This plugin will attempt to open an SMTP connection with the host."));
+
+ printf ("\n\n");
+
print_usage ();
- printf
- ("\nOptions:\n"
- " -H, --hostname=STRING or IPADDRESS\n"
- " Check server on the indicated host\n"
- " -p, --port=INTEGER\n"
- " Make connection on the indicated port (default: %d)\n"
- " -e, --expect=STRING\n"
- " String to expect in first line of server response (default: %s)\n"
- " -f, --from=STRING\n"
- " from address to include in MAIL command (default NULL, Exchange2000 requires one)\n"
- " -w, --warning=INTEGER\n"
- " Seconds necessary to result in a warning status\n"
- " -c, --critical=INTEGER\n"
- " Seconds necessary to result in a critical status\n"
- " -t, --timeout=INTEGER\n"
- " Seconds before connection attempt times out (default: %d)\n"
- " -v, --verbose\n"
- " Print extra information (command-line use only)\n"
- " -h, --help\n"
- " Print detailed help screen\n"
- " -V, --version\n"
- " Print version information\n\n",
- SMTP_PORT, SMTP_EXPECT, DEFAULT_SOCKET_TIMEOUT);
- support ();
-}
+ printf (_(UT_HELP_VRSN));
+ printf (_(UT_EXTRA_OPTS));
+
+ printf (_(UT_HOST_PORT), 'p', myport);
+
+ printf (_(UT_IPv46));
+
+ printf (" %s\n", "-e, --expect=STRING");
+ printf (_(" String to expect in first line of server response (default: '%s')\n"), SMTP_EXPECT);
+ printf (" %s\n", "-C, --command=STRING");
+ printf (" %s\n", _("SMTP command (may be used repeatedly)"));
+ printf (" %s\n", "-R, --command=STRING");
+ printf (" %s\n", _("Expected response to command (may be used repeatedly)"));
+ printf (" %s\n", "-f, --from=STRING");
+ printf (" %s\n", _("FROM-address to include in MAIL command, required by Exchange 2000")),
+#ifdef HAVE_SSL
+ printf (" %s\n", "-D, --certificate=INTEGER");
+ printf (" %s\n", _("Minimum number of days a certificate has to be valid."));
+ printf (" %s\n", "-S, --starttls");
+ printf (" %s\n", _("Use STARTTLS for the connection."));
+#endif
+
+ printf (" %s\n", "-A, --authtype=STRING");
+ printf (" %s\n", _("SMTP AUTH type to check (default none, only LOGIN supported)"));
+ printf (" %s\n", "-U, --authuser=STRING");
+ printf (" %s\n", _("SMTP AUTH username"));
+ printf (" %s\n", "-P, --authpass=STRING");
+ printf (" %s\n", _("SMTP AUTH password"));
+ printf (_(UT_WARN_CRIT));
+
+ printf (_(UT_TIMEOUT), DEFAULT_SOCKET_TIMEOUT);
+
+ printf (_(UT_VERBOSE));
+
+ printf("\n");
+ printf ("%s\n", _("Successul connects return STATE_OK, refusals and timeouts return"));
+ printf ("%s\n", _("STATE_CRITICAL, other errors return STATE_UNKNOWN. Successful"));
+ printf ("%s\n", _("connects, but incorrect reponse messages from the host result in"));
+ printf ("%s\n", _("STATE_WARNING return values."));
+
+#ifdef NP_EXTRA_OPTS
+ printf ("\n");
+ printf ("%s\n", _("Notes:"));
+ printf (_(UT_EXTRA_OPTS_NOTES));
+#endif
+
+ printf (_(UT_SUPPORT));
+}
void
print_usage (void)
{
- printf
- ("Usage: %s -H host [-e expect] [-p port] [-f from addr] [-w warn] [-c crit] [-t timeout] [-v]\n"
- " %s --help\n"
- " %s --version\n", progname, progname, progname);
+ printf (_("Usage:"));
+ printf ("%s -H host [-p port] [-e expect] [-C command] [-f from addr]", progname);
+ printf ("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout]\n");
+ printf ("[-S] [-D days] [-v] [-4|-6]\n");
}
+