diff options
| author | Lorenz Kästle <12514511+RincewindsHat@users.noreply.github.com> | 2023-08-29 16:59:11 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-08-29 16:59:11 +0200 |
| commit | 554c1433cf624cd0ed0565e4a8d06ea5e4bdf942 (patch) | |
| tree | 8581b8ea800314cd2c5565c0a8d276a7bf97533b /plugins | |
| parent | 29613c3be27fb9c7f97ca87e3da3712977e419dc (diff) | |
| parent | dc3598662eb5efe2f71e87391da6d2f8ca17be1e (diff) | |
| download | monitoring-plugins-554c1433cf624cd0ed0565e4a8d06ea5e4bdf942.tar.gz | |
Merge pull request #1889 from franzs/feature_check_smtp_ssl
Add support for SMTP over TLS
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/check_smtp.c | 57 |
1 files changed, 45 insertions, 12 deletions
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c index 996bd875..fc0ae2c4 100644 --- a/plugins/check_smtp.c +++ b/plugins/check_smtp.c | |||
| @@ -42,15 +42,16 @@ const char *email = "devel@monitoring-plugins.org"; | |||
| 42 | #ifdef HAVE_SSL | 42 | #ifdef HAVE_SSL |
| 43 | int check_cert = FALSE; | 43 | int check_cert = FALSE; |
| 44 | int days_till_exp_warn, days_till_exp_crit; | 44 | int days_till_exp_warn, days_till_exp_crit; |
| 45 | # define my_recv(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) | 45 | # define my_recv(buf, len) (((use_starttls || use_ssl) && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) |
| 46 | # define my_send(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0)) | 46 | # define my_send(buf, len) (((use_starttls || use_ssl) && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0)) |
| 47 | #else /* ifndef HAVE_SSL */ | 47 | #else /* ifndef HAVE_SSL */ |
| 48 | # define my_recv(buf, len) read(sd, buf, len) | 48 | # define my_recv(buf, len) read(sd, buf, len) |
| 49 | # define my_send(buf, len) send(sd, buf, len, 0) | 49 | # define my_send(buf, len) send(sd, buf, len, 0) |
| 50 | #endif | 50 | #endif |
| 51 | 51 | ||
| 52 | enum { | 52 | enum { |
| 53 | SMTP_PORT = 25 | 53 | SMTP_PORT = 25, |
| 54 | SMTPS_PORT = 465 | ||
| 54 | }; | 55 | }; |
| 55 | #define PROXY_PREFIX "PROXY TCP4 0.0.0.0 0.0.0.0 25 25\r\n" | 56 | #define PROXY_PREFIX "PROXY TCP4 0.0.0.0 0.0.0.0 25 25\r\n" |
| 56 | #define SMTP_EXPECT "220" | 57 | #define SMTP_EXPECT "220" |
| @@ -83,6 +84,7 @@ int eflags = 0; | |||
| 83 | int errcode, excode; | 84 | int errcode, excode; |
| 84 | 85 | ||
| 85 | int server_port = SMTP_PORT; | 86 | int server_port = SMTP_PORT; |
| 87 | int server_port_option = 0; | ||
| 86 | char *server_address = NULL; | 88 | char *server_address = NULL; |
| 87 | char *server_expect = NULL; | 89 | char *server_expect = NULL; |
| 88 | char *mail_command = NULL; | 90 | char *mail_command = NULL; |
| @@ -103,6 +105,7 @@ double critical_time = 0; | |||
| 103 | int check_critical_time = FALSE; | 105 | int check_critical_time = FALSE; |
| 104 | int verbose = 0; | 106 | int verbose = 0; |
| 105 | int use_ssl = FALSE; | 107 | int use_ssl = FALSE; |
| 108 | int use_starttls = FALSE; | ||
| 106 | int use_sni = FALSE; | 109 | int use_sni = FALSE; |
| 107 | short use_proxy_prefix = FALSE; | 110 | short use_proxy_prefix = FALSE; |
| 108 | short use_ehlo = FALSE; | 111 | short use_ehlo = FALSE; |
| @@ -186,14 +189,27 @@ main (int argc, char **argv) | |||
| 186 | result = my_tcp_connect (server_address, server_port, &sd); | 189 | result = my_tcp_connect (server_address, server_port, &sd); |
| 187 | 190 | ||
| 188 | if (result == STATE_OK) { /* we connected */ | 191 | if (result == STATE_OK) { /* we connected */ |
| 189 | |||
| 190 | /* If requested, send PROXY header */ | 192 | /* If requested, send PROXY header */ |
| 191 | if (use_proxy_prefix) { | 193 | if (use_proxy_prefix) { |
| 192 | if (verbose) | 194 | if (verbose) |
| 193 | printf ("Sending header %s\n", PROXY_PREFIX); | 195 | printf ("Sending header %s\n", PROXY_PREFIX); |
| 194 | send(sd, PROXY_PREFIX, strlen(PROXY_PREFIX), 0); | 196 | my_send(PROXY_PREFIX, strlen(PROXY_PREFIX)); |
| 195 | } | 197 | } |
| 196 | 198 | ||
| 199 | #ifdef HAVE_SSL | ||
| 200 | if (use_ssl) { | ||
| 201 | result = np_net_ssl_init_with_hostname(sd, (use_sni ? server_address : NULL)); | ||
| 202 | if (result != STATE_OK) { | ||
| 203 | printf (_("CRITICAL - Cannot create SSL context.\n")); | ||
| 204 | close(sd); | ||
| 205 | np_net_ssl_cleanup(); | ||
| 206 | return STATE_CRITICAL; | ||
| 207 | } else { | ||
| 208 | ssl_established = 1; | ||
| 209 | } | ||
| 210 | } | ||
| 211 | #endif | ||
| 212 | |||
| 197 | /* watch for the SMTP connection string and */ | 213 | /* watch for the SMTP connection string and */ |
| 198 | /* return a WARNING status if we couldn't read any data */ | 214 | /* return a WARNING status if we couldn't read any data */ |
| 199 | if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) { | 215 | if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) { |
| @@ -205,7 +221,7 @@ main (int argc, char **argv) | |||
| 205 | xasprintf(&server_response, "%s", buffer); | 221 | xasprintf(&server_response, "%s", buffer); |
| 206 | 222 | ||
| 207 | /* send the HELO/EHLO command */ | 223 | /* send the HELO/EHLO command */ |
| 208 | send(sd, helocmd, strlen(helocmd), 0); | 224 | my_send(helocmd, strlen(helocmd)); |
| 209 | 225 | ||
| 210 | /* allow for response to helo command to reach us */ | 226 | /* allow for response to helo command to reach us */ |
| 211 | if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) { | 227 | if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) { |
| @@ -218,14 +234,14 @@ main (int argc, char **argv) | |||
| 218 | } | 234 | } |
| 219 | } | 235 | } |
| 220 | 236 | ||
| 221 | if(use_ssl && ! supports_tls){ | 237 | if(use_starttls && ! supports_tls){ |
| 222 | printf(_("WARNING - TLS not supported by server\n")); | 238 | printf(_("WARNING - TLS not supported by server\n")); |
| 223 | smtp_quit(); | 239 | smtp_quit(); |
| 224 | return STATE_WARNING; | 240 | return STATE_WARNING; |
| 225 | } | 241 | } |
| 226 | 242 | ||
| 227 | #ifdef HAVE_SSL | 243 | #ifdef HAVE_SSL |
| 228 | if(use_ssl) { | 244 | if(use_starttls) { |
| 229 | /* send the STARTTLS command */ | 245 | /* send the STARTTLS command */ |
| 230 | send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0); | 246 | send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0); |
| 231 | 247 | ||
| @@ -489,6 +505,8 @@ process_arguments (int argc, char **argv) | |||
| 489 | {"use-ipv6", no_argument, 0, '6'}, | 505 | {"use-ipv6", no_argument, 0, '6'}, |
| 490 | {"help", no_argument, 0, 'h'}, | 506 | {"help", no_argument, 0, 'h'}, |
| 491 | {"lmtp", no_argument, 0, 'L'}, | 507 | {"lmtp", no_argument, 0, 'L'}, |
| 508 | {"ssl", no_argument, 0, 's'}, | ||
| 509 | {"tls", no_argument, 0, 's'}, | ||
| 492 | {"starttls",no_argument,0,'S'}, | 510 | {"starttls",no_argument,0,'S'}, |
| 493 | {"sni", no_argument, 0, SNI_OPTION}, | 511 | {"sni", no_argument, 0, SNI_OPTION}, |
| 494 | {"certificate",required_argument,0,'D'}, | 512 | {"certificate",required_argument,0,'D'}, |
| @@ -510,7 +528,7 @@ process_arguments (int argc, char **argv) | |||
| 510 | } | 528 | } |
| 511 | 529 | ||
| 512 | while (1) { | 530 | while (1) { |
| 513 | c = getopt_long (argc, argv, "+hVv46Lrt:p:f:e:c:w:H:C:R:SD:F:A:U:P:q", | 531 | c = getopt_long (argc, argv, "+hVv46Lrt:p:f:e:c:w:H:C:R:sSD:F:A:U:P:q", |
| 514 | longopts, &option); | 532 | longopts, &option); |
| 515 | 533 | ||
| 516 | if (c == -1 || c == EOF) | 534 | if (c == -1 || c == EOF) |
| @@ -527,7 +545,7 @@ process_arguments (int argc, char **argv) | |||
| 527 | break; | 545 | break; |
| 528 | case 'p': /* port */ | 546 | case 'p': /* port */ |
| 529 | if (is_intpos (optarg)) | 547 | if (is_intpos (optarg)) |
| 530 | server_port = atoi (optarg); | 548 | server_port_option = atoi (optarg); |
| 531 | else | 549 | else |
| 532 | usage4 (_("Port must be a positive integer")); | 550 | usage4 (_("Port must be a positive integer")); |
| 533 | break; | 551 | break; |
| @@ -632,10 +650,14 @@ process_arguments (int argc, char **argv) | |||
| 632 | #else | 650 | #else |
| 633 | usage (_("SSL support not available - install OpenSSL and recompile")); | 651 | usage (_("SSL support not available - install OpenSSL and recompile")); |
| 634 | #endif | 652 | #endif |
| 635 | // fall through | 653 | case 's': |
| 654 | /* ssl */ | ||
| 655 | use_ssl = TRUE; | ||
| 656 | server_port = SMTPS_PORT; | ||
| 657 | break; | ||
| 636 | case 'S': | 658 | case 'S': |
| 637 | /* starttls */ | 659 | /* starttls */ |
| 638 | use_ssl = TRUE; | 660 | use_starttls = TRUE; |
| 639 | use_ehlo = TRUE; | 661 | use_ehlo = TRUE; |
| 640 | break; | 662 | break; |
| 641 | case SNI_OPTION: | 663 | case SNI_OPTION: |
| @@ -694,6 +716,14 @@ process_arguments (int argc, char **argv) | |||
| 694 | if (from_arg==NULL) | 716 | if (from_arg==NULL) |
| 695 | from_arg = strdup(" "); | 717 | from_arg = strdup(" "); |
| 696 | 718 | ||
| 719 | if (use_starttls && use_ssl) { | ||
| 720 | usage4 (_("Set either -s/--ssl/--tls or -S/--starttls")); | ||
| 721 | } | ||
| 722 | |||
| 723 | if (server_port_option != 0) { | ||
| 724 | server_port = server_port_option; | ||
| 725 | } | ||
| 726 | |||
| 697 | return validate_arguments (); | 727 | return validate_arguments (); |
| 698 | } | 728 | } |
| 699 | 729 | ||
| @@ -851,6 +881,9 @@ print_help (void) | |||
| 851 | #ifdef HAVE_SSL | 881 | #ifdef HAVE_SSL |
| 852 | printf (" %s\n", "-D, --certificate=INTEGER[,INTEGER]"); | 882 | printf (" %s\n", "-D, --certificate=INTEGER[,INTEGER]"); |
| 853 | printf (" %s\n", _("Minimum number of days a certificate has to be valid.")); | 883 | printf (" %s\n", _("Minimum number of days a certificate has to be valid.")); |
| 884 | printf (" %s\n", "-s, --ssl, --tls"); | ||
| 885 | printf (" %s\n", _("Use SSL/TLS for the connection.")); | ||
| 886 | printf (_(" Sets default port to %d.\n"), SMTPS_PORT); | ||
| 854 | printf (" %s\n", "-S, --starttls"); | 887 | printf (" %s\n", "-S, --starttls"); |
| 855 | printf (" %s\n", _("Use STARTTLS for the connection.")); | 888 | printf (" %s\n", _("Use STARTTLS for the connection.")); |
| 856 | printf (" %s\n", "--sni"); | 889 | printf (" %s\n", "--sni"); |