3 files changed, 297 insertions, 32 deletions
diff --git a/plugins/Makefile.am b/plugins/Makefile.am
index 538f9057..51858215 100644
--- a/plugins/Makefile.am
+++ b/plugins/Makefile.am
@@ -69,7 +69,7 @@ check_procs_LDADD = $(BASEOBJS) popen.o
 check_radius_LDADD = $(NETLIBS) $(RADIUSLIBS)
 check_real_LDADD = $(NETLIBS)
 check_snmp_LDADD = $(BASEOBJS) popen.o
-check_smtp_LDADD = $(NETLIBS)
+check_smtp_LDADD = $(NETLIBS) $(SSLLIBS)
 check_ssh_LDADD = $(NETLIBS)
 check_swap_LDADD = $(BASEOBJS) popen.o
 check_tcp_LDADD = $(NETLIBS) $(SSLLIBS)
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index 55cf5da5..6e5d972a 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -27,17 +27,49 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net";
 #include "netutils.h"
 #include "utils.h"
+#ifdef HAVE_SSL_H
+#  include <rsa.h>
+#  include <crypto.h>
+#  include <x509.h>
+#  include <pem.h>
+#  include <ssl.h>
+#  include <err.h>
+#else
+#  ifdef HAVE_OPENSSL_SSL_H
+#    include <openssl/rsa.h>
+#    include <openssl/crypto.h>
+#    include <openssl/x509.h>
+#    include <openssl/pem.h>
+#    include <openssl/ssl.h>
+#    include <openssl/err.h>
+#  endif
+#endif
+#ifdef HAVE_SSL
+int check_cert = FALSE;
+int days_till_exp;
+SSL_CTX *ctx;
+SSL *ssl;
+X509 *server_cert;
+int connect_STARTTLS (void);
+int check_certificate (X509 **);
+#endif
 enum {
        SMTP_PORT       = 25
 };
 const char *SMTP_EXPECT = "220";
 const char *SMTP_HELO = "HELO ";
 const char *SMTP_QUIT   = "QUIT\r\n";
+const char *SMTP_STARTTLS = "STARTTLS\r\n";
 int process_arguments (int, char **);
 int validate_arguments (void);
 void print_help (void);
 void print_usage (void);
+int myrecv(void);
+int my_close(void);
 #ifdef HAVE_REGEX_H
 #include <regex.h>
@@ -68,18 +100,23 @@ int check_warning_time = FALSE;
 int critical_time = 0;
 int check_critical_time = FALSE;
 int verbose = 0;
+int use_ssl = FALSE;
+int sd;
+char buffer[MAX_INPUT_BUFFER];
+enum {
+  TCP_PROTOCOL = 1,
+  UDP_PROTOCOL = 2,
+  MAXBUF = 1024
+};
 int
 main (int argc, char **argv)
 {
-        int sd;
        int n = 0;
        double elapsed_time;
        long microsec;
        int result = STATE_UNKNOWN;
-        char buffer[MAX_INPUT_BUFFER];
        char *cmd_str = NULL;
        char *helocmd = NULL;
        struct timeval tv;
@@ -140,12 +177,45 @@ main (int argc, char **argv)
                                result = STATE_WARNING;
                        }
                }
+#ifdef HAVE_SSL
+                if(use_ssl) {
+                  /* send the STARTTLS command */
+                  send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0);
+                  recv(sd,buffer, MAX_INPUT_BUFFER-1, 0); // wait for it
+                  if (!strstr (buffer, server_expect)) {
+                    printf (_("Server does not support STARTTLS\n"));
+                    return STATE_UNKNOWN;
+                  }
+                  if(connect_STARTTLS() != OK) {
+                    printf (_("ERROR: Cannot create SSL context.\n"));
+                    return STATE_CRITICAL;
+                  }
+                  if ( check_cert ) {
+                    if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
+                      result = check_certificate (&server_cert);
+                      X509_free(server_cert);
+                    }
+                    else {
+                      printf (_("ERROR: Cannot retrieve server certificate.\n"));
+                      result = STATE_CRITICAL;
+                              
+                    }
+                    my_close();
+                    return result;
+                  }
+                }
+#endif
                /* send the HELO command */
+#ifdef HAVE_SSL
+                if (use_ssl)
+                  SSL_write(ssl, helocmd, strlen(helocmd));
+                else
+#endif
                send(sd, helocmd, strlen(helocmd), 0);
                /* allow for response to helo command to reach us */
-                recv(sd, buffer, MAX_INPUT_BUFFER-1, 0);
+                myrecv();
                                
                /* sendmail will syslog a "NOQUEUE" error if session does not attempt
                 * to do something useful. This can be prevented by giving a command
@@ -158,16 +228,26 @@ main (int argc, char **argv)
                 * Use the -f option to provide a FROM address
                 */
                if (smtp_use_dummycmd) {
-                        send(sd, cmd_str, strlen(cmd_str), 0);
+#ifdef HAVE_SSL
-                        recv(sd, buffer, MAX_INPUT_BUFFER-1, 0);
+                  if (use_ssl)
-                        if (verbose) 
+                    SSL_write(ssl, cmd_str, strlen(cmd_str));
-                                printf("%s", buffer);
+                  else
+#endif
+                  send(sd, cmd_str, strlen(cmd_str), 0);
+                  myrecv();
+                  if (verbose) 
+                    printf("%s", buffer);
                }
                while (n < ncommands) {
                        asprintf (&cmd_str, "%s%s", commands[n], "\r\n");
+#ifdef HAVE_SSL
+                        if (use_ssl)
+                          SSL_write(ssl,cmd_str, strlen(cmd_str));
+                        else
+#endif
                        send(sd, cmd_str, strlen(cmd_str), 0);
-                        recv(sd, buffer, MAX_INPUT_BUFFER-1, 0);
+                        myrecv();
                        if (verbose) 
                                printf("%s", buffer);
                        strip (buffer);
@@ -206,6 +286,11 @@ main (int argc, char **argv)
                }
                /* tell the server we're done */
+#ifdef HAVE_SSL
+                if (use_ssl)
+                  SSL_write(ssl,SMTP_QUIT, strlen (SMTP_QUIT));
+                else
+#endif
                send (sd, SMTP_QUIT, strlen (SMTP_QUIT), 0);
                /* finally close the connection */
@@ -261,6 +346,8 @@ process_arguments (int argc, char **argv)
                {"use-ipv4", no_argument, 0, '4'},
                {"use-ipv6", no_argument, 0, '6'},
                {"help", no_argument, 0, 'h'},
+                {"starttls",no_argument,0,'S'},
+                {"certificate",required_argument,0,'D'},
                {0, 0, 0, 0}
        };
@@ -277,7 +364,7 @@ process_arguments (int argc, char **argv)
        }
        while (1) {
-                c = getopt_long (argc, argv, "+hVv46t:p:f:e:c:w:H:C:R:",
+                c = getopt_long (argc, argv, "+hVv46t:p:f:e:c:w:H:C:R:SD:",
                                 longopts, &option);
                if (c == -1 || c == EOF)
@@ -354,6 +441,22 @@ process_arguments (int argc, char **argv)
                                usage4 (_("Timeout interval must be a positive integer"));
                        }
                        break;
+                case 'S':
+                /* starttls */
+                        use_ssl = TRUE;
+                        break;
+                case 'D':
+                /* Check SSL cert validity */
+#ifdef HAVE_SSL
+                        if (!is_intnonneg (optarg))
+                                usage2 ("Invalid certificate expiration period",optarg);
+                                days_till_exp = atoi (optarg);
+                                check_cert = TRUE;
+#else
+                                terminate (STATE_UNKNOWN,
+                                                "SSL support not available.  Install OpenSSL and recompile.");
+#endif
+                        break;
                case '4':
                        address_family = AF_INET;
                        break;
@@ -443,6 +546,13 @@ print_help (void)
 -f, --from=STRING\n\
   FROM-address to include in MAIL command, required by Exchange 2000\n"),
                SMTP_EXPECT);
+#ifdef HAVE_SSL
+        printf (_("\
+ -D, --certificate=INTEGER\n\
+    Minimum number of days a certificate has to be valid.\n\
+ -S, --starttls\n\
+    Use STARTTLS for the connection.\n"));
+#endif
        printf (_(UT_WARN_CRIT));
@@ -466,5 +576,154 @@ print_usage (void)
 {
        printf ("\
 Usage: %s -H host [-p port] [-e expect] [-C command] [-f from addr]\n\
-                  [-w warn] [-c crit] [-t timeout] [-n] [-v] [-4|-6]\n", progname);
+                  [-w warn] [-c crit] [-t timeout] [-S] [-D days] [-n] [-v] [-4|-6]\n", progname);
+}
+#ifdef HAVE_SSL
+int
+connect_STARTTLS (void)
+{
+  SSL_METHOD *meth;
+  /* Initialize SSL context */
+  SSLeay_add_ssl_algorithms ();
+  meth = SSLv2_client_method ();
+  SSL_load_error_strings ();
+  if ((ctx = SSL_CTX_new (meth)) == NULL)
+    {
+      printf(_("ERROR: Cannot create SSL context.\n"));
+      return STATE_CRITICAL;
+    }
+  /* do the SSL handshake */
+  if ((ssl = SSL_new (ctx)) != NULL)
+    {
+      SSL_set_fd (ssl, sd);
+      /* original version checked for -1
+         I look for success instead (1) */
+      if (SSL_connect (ssl) == 1)
+        return OK;
+      ERR_print_errors_fp (stderr);
+    }
+  else
+    {
+      printf (_("ERROR: Cannot initiate SSL handshake.\n"));
+    }
+  /* this causes a seg faul
+     not sure why, being sloppy
+     and commenting it out */
+  //  SSL_free (ssl);
+  SSL_CTX_free(ctx);
+  my_close();
+  
+  return STATE_CRITICAL;
+}
+int
+check_certificate (X509 ** certificate)
+{
+  ASN1_STRING *tm;
+  int offset;
+  struct tm stamp;
+  int days_left;
+  /* Retrieve timestamp of certificate */
+  tm = X509_get_notAfter (*certificate);
+  
+  /* Generate tm structure to process timestamp */
+  if (tm->type == V_ASN1_UTCTIME) {
+    if (tm->length < 10) {
+      printf (_("ERROR: Wrong time format in certificate.\n"));
+      return STATE_CRITICAL;
+    }
+    else {
+      stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0');
+      if (stamp.tm_year < 50)
+        stamp.tm_year += 100;
+      offset = 0;
+    }
+  }
+  else {
+    if (tm->length < 12) {
+      printf (_("ERROR: Wrong time format in certificate.\n"));
+      return STATE_CRITICAL;
+    }
+    else {
+      stamp.tm_year =
+        (tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 +
+        (tm->data[2] - '0') * 10 + (tm->data[3] - '0');
+      stamp.tm_year -= 1900;
+      offset = 2;
+    }
+  }
+  stamp.tm_mon =
+    (tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1;
+  stamp.tm_mday =
+    (tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0');
+  stamp.tm_hour =
+    (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0');
+  stamp.tm_min =
+    (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0');
+  stamp.tm_sec = 0;
+  stamp.tm_isdst = -1;
+  
+  days_left = (mktime (&stamp) - time (NULL)) / 86400;
+  snprintf
+    (timestamp, 16, "%02d/%02d/%04d %02d:%02d",
+     stamp.tm_mon + 1,
+     stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
+  
+  if (days_left > 0 && days_left <= days_till_exp) {
+    printf ("Certificate expires in %d day(s) (%s).\n", days_left, timestamp);
+    return STATE_WARNING;
+  }
+  if (days_left < 0) {
+    printf ("Certificate expired on %s.\n", timestamp);
+    return STATE_CRITICAL;
+  }
+  
+  if (days_left == 0) {
+    printf ("Certificate expires today (%s).\n", timestamp);
+    return STATE_WARNING;
+  }
+  
+  printf ("Certificate will expire on %s.\n", timestamp);
+  
+  return STATE_OK;  
+}
+#endif
+int
+myrecv (void)
+{
+  int i;
+#ifdef HAVE_SSL
+  if (use_ssl) {
+    i = SSL_read (ssl, buffer, MAXBUF - 1);
+  }
+  else {
+#endif
+    i = read (sd, buffer, MAXBUF - 1);
+#ifdef HAVE_SSL
+  }
+#endif
+  return i;
+}
+int 
+my_close (void)
+{
+#ifdef HAVE_SSL
+  if (use_ssl == TRUE) {
+    SSL_shutdown (ssl);
+    SSL_free (ssl);
+    SSL_CTX_free (ctx);
+    return 0;
+  }
+  else {
+#endif
+    return close(sd);
+#ifdef HAVE_SSL
+  }
+#endif
 }
diff --git a/po/fr.po b/po/fr.po
index ed178637..4ad5f2c0 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -10,7 +10,7 @@ msgstr ""
 "Project-Id-Version: fr\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2004-12-26 00:06+0100\n"
-"PO-Revision-Date: 2004-12-27 23:43+0100\n"
+"PO-Revision-Date: 2004-12-29 00:09+0100\n"
 "Last-Translator: Benoit Mortier <benoit.mortier@opensides.be>\n"
 "Language-Team: Français <fr@li.org>\n"
 "MIME-Version: 1.0\n"
@@ -324,81 +324,87 @@ msgstr "DHCPOFFER XID (%lu) ne correspond pas à DHCPDISCOVER XID (%lu) - paquet
 #, c-format
 msgid "DHCPOFFER hardware address did not match our own - ignoring packet\n"
 msgstr ""
+" l'addresse matérielleh du DHCPOFFER ne correspond pas à la notre\n"
+"paquet ignoré\n"
 #: plugins/check_dhcp.c:568
 #, c-format
 msgid "Total responses seen on the wire: %d\n"
-msgstr ""
+msgstr "Nombre total de réponses: %d\n"
 #: plugins/check_dhcp.c:569
-#, fuzzy, c-format
+#, c-format
 msgid "Valid responses for this machine: %d\n"
-msgstr "Réponse invalide du serveur après load 1\n"
+msgstr "Nombre de réponse valides pour cette machine: %d\n"
 #: plugins/check_dhcp.c:585
 #, c-format
 msgid "send_dhcp_packet result: %d\n"
-msgstr ""
+msgstr "résultat de send_dchp_packet: %d\n"
 #: plugins/check_dhcp.c:614
-#, fuzzy, c-format
+#, c-format
 msgid "No (more) data received\n"
-msgstr "Pas de données reçues %s\n"
+msgstr "Plus de données reçues\n"
 #: plugins/check_dhcp.c:633
-#, fuzzy, c-format
+#, c-format
 msgid "recvfrom() failed, "
 msgstr "La réception à échoué\n"
 #: plugins/check_dhcp.c:640
 #, c-format
 msgid "receive_dhcp_packet() result: %d\n"
-msgstr ""
+msgstr "résultat de receive_dchp_packet: %d\n"
 #: plugins/check_dhcp.c:641
 #, c-format
 msgid "receive_dhcp_packet() source: %s\n"
-msgstr ""
+msgstr "source de receive_dchp_packet: %s\n"
 #: plugins/check_dhcp.c:670
 #, c-format
 msgid "Error: Could not create socket!\n"
-msgstr ""
+msgstr "Erreur: Impossible de créer un socket!\n"
 #: plugins/check_dhcp.c:680
 #, c-format
 msgid "Error: Could not set reuse address option on DHCP socket!\n"
 msgstr ""
+"Erreur: Impossible de configurer l'option de réutilisation de l'adresse sur\n"
+"le socket DHCP!\n"
 #: plugins/check_dhcp.c:686
 #, c-format
 msgid "Error: Could not set broadcast option on DHCP socket!\n"
-msgstr ""
+msgstr "Erreur: Impossible de configurer l'option broadcast sur le socket DHCP!\n"
 #: plugins/check_dhcp.c:694
 #, c-format
 msgid "Error: Could not bind socket to interface %s.  Check your privileges...\n"
 msgstr ""
+"Erreur: Impossible de connecter le socket à l'interface %s.\n"
+"Verifiez vos droits...\n"
 #: plugins/check_dhcp.c:704
 #, c-format
 msgid "Error: Could not bind to DHCP socket (port %d)!  Check your privileges...\n"
-msgstr ""
+msgstr "Erreur: Impossible de se connecter au socket (port %d)!  Verifiez vos droits..\n"
 #: plugins/check_dhcp.c:737
-#, fuzzy, c-format
+#, c-format
 msgid "Requested server address: %s\n"
-msgstr "Vous devez fournir une adresse serveur\n"
+msgstr "Adresse serveur demandée: %s\n"
 #: plugins/check_dhcp.c:787
 #, c-format
 msgid "Lease Time: Infinite\n"
-msgstr ""
+msgstr "Durée du Bail: Infini\n"
 #: plugins/check_dhcp.c:789
-#, fuzzy, c-format
+#, c-format
 msgid "Lease Time: %lu seconds\n"
-msgstr "LRU temps d'attente = %lu secondes"
+msgstr "Durée du Bai: %lu secondes\n"
 #: plugins/check_dhcp.c:791
 #, c-format

diff --git a/plugins/Makefile.am b/plugins/Makefile.am index 538f9057..51858215 100644 --- a/plugins/Makefile.am +++ b/plugins/Makefile.am
@@ -69,7 +69,7 @@ check_procs_LDADD = $(BASEOBJS) popen.o
69	check_radius_LDADD = $(NETLIBS) $(RADIUSLIBS)	69	check_radius_LDADD = $(NETLIBS) $(RADIUSLIBS)
70	check_real_LDADD = $(NETLIBS)	70	check_real_LDADD = $(NETLIBS)
71	check_snmp_LDADD = $(BASEOBJS) popen.o	71	check_snmp_LDADD = $(BASEOBJS) popen.o
72	check_smtp_LDADD = $(NETLIBS)	72	check_smtp_LDADD = $(NETLIBS) $(SSLLIBS)
73	check_ssh_LDADD = $(NETLIBS)	73	check_ssh_LDADD = $(NETLIBS)
74	check_swap_LDADD = $(BASEOBJS) popen.o	74	check_swap_LDADD = $(BASEOBJS) popen.o
75	check_tcp_LDADD = $(NETLIBS) $(SSLLIBS)	75	check_tcp_LDADD = $(NETLIBS) $(SSLLIBS)


diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c index 55cf5da5..6e5d972a 100644 --- a/plugins/check_smtp.c +++ b/plugins/check_smtp.c
@@ -27,17 +27,49 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net";
27	#include "netutils.h"	27	#include "netutils.h"
28	#include "utils.h"	28	#include "utils.h"
29		29
		30	#ifdef HAVE_SSL_H
		31	# include <rsa.h>
		32	# include <crypto.h>
		33	# include <x509.h>
		34	# include <pem.h>
		35	# include <ssl.h>
		36	# include <err.h>
		37	#else
		38	# ifdef HAVE_OPENSSL_SSL_H
		39	# include <openssl/rsa.h>
		40	# include <openssl/crypto.h>
		41	# include <openssl/x509.h>
		42	# include <openssl/pem.h>
		43	# include <openssl/ssl.h>
		44	# include <openssl/err.h>
		45	# endif
		46	#endif
		47
		48	#ifdef HAVE_SSL
		49
		50	int check_cert = FALSE;
		51	int days_till_exp;
		52	SSL_CTX *ctx;
		53	SSL *ssl;
		54	X509 *server_cert;
		55	int connect_STARTTLS (void);
		56	int check_certificate (X509 **);
		57	#endif
		58
30	enum {	59	enum {
31	SMTP_PORT = 25	60	SMTP_PORT = 25
32	};	61	};
33	const char *SMTP_EXPECT = "220";	62	const char *SMTP_EXPECT = "220";
34	const char *SMTP_HELO = "HELO ";	63	const char *SMTP_HELO = "HELO ";
35	const char *SMTP_QUIT = "QUIT\r\n";	64	const char *SMTP_QUIT = "QUIT\r\n";
		65	const char *SMTP_STARTTLS = "STARTTLS\r\n";
36		66
37	int process_arguments (int, char **);	67	int process_arguments (int, char **);
38	int validate_arguments (void);	68	int validate_arguments (void);
39	void print_help (void);	69	void print_help (void);
40	void print_usage (void);	70	void print_usage (void);
		71	int myrecv(void);
		72	int my_close(void);
41		73
42	#ifdef HAVE_REGEX_H	74	#ifdef HAVE_REGEX_H
43	#include <regex.h>	75	#include <regex.h>
@@ -68,18 +100,23 @@ int check_warning_time = FALSE;
68	int critical_time = 0;	100	int critical_time = 0;
69	int check_critical_time = FALSE;	101	int check_critical_time = FALSE;
70	int verbose = 0;	102	int verbose = 0;
71		103	int use_ssl = FALSE;
72		104	int sd;
		105	char buffer[MAX_INPUT_BUFFER];
		106	enum {
		107	TCP_PROTOCOL = 1,
		108	UDP_PROTOCOL = 2,
		109	MAXBUF = 1024
		110	};
73		111
74	int	112	int
75	main (int argc, char **argv)	113	main (int argc, char **argv)
76	{	114	{
77	int sd;	115
78	int n = 0;	116	int n = 0;
79	double elapsed_time;	117	double elapsed_time;
80	long microsec;	118	long microsec;
81	int result = STATE_UNKNOWN;	119	int result = STATE_UNKNOWN;
82	char buffer[MAX_INPUT_BUFFER];
83	char *cmd_str = NULL;	120	char *cmd_str = NULL;
84	char *helocmd = NULL;	121	char *helocmd = NULL;
85	struct timeval tv;	122	struct timeval tv;
@@ -140,12 +177,45 @@ main (int argc, char **argv)
140	result = STATE_WARNING;	177	result = STATE_WARNING;
141	}	178	}
142	}	179	}
143		180	#ifdef HAVE_SSL
		181	if(use_ssl) {
		182	/* send the STARTTLS command */
		183	send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0);
		184
		185	recv(sd,buffer, MAX_INPUT_BUFFER-1, 0); // wait for it
		186	if (!strstr (buffer, server_expect)) {
		187	printf (_("Server does not support STARTTLS\n"));
		188	return STATE_UNKNOWN;
		189	}
		190	if(connect_STARTTLS() != OK) {
		191	printf (_("ERROR: Cannot create SSL context.\n"));
		192	return STATE_CRITICAL;
		193	}
		194	if ( check_cert ) {
		195	if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
		196	result = check_certificate (&server_cert);
		197	X509_free(server_cert);
		198	}
		199	else {
		200	printf (_("ERROR: Cannot retrieve server certificate.\n"));
		201	result = STATE_CRITICAL;
		202
		203	}
		204	my_close();
		205	return result;
		206	}
		207	}
		208	#endif
144	/* send the HELO command */	209	/* send the HELO command */
		210	#ifdef HAVE_SSL
		211	if (use_ssl)
		212	SSL_write(ssl, helocmd, strlen(helocmd));
		213	else
		214	#endif
145	send(sd, helocmd, strlen(helocmd), 0);	215	send(sd, helocmd, strlen(helocmd), 0);
146		216
147	/* allow for response to helo command to reach us */	217	/* allow for response to helo command to reach us */
148	recv(sd, buffer, MAX_INPUT_BUFFER-1, 0);	218	myrecv();
149		219
150	/* sendmail will syslog a "NOQUEUE" error if session does not attempt	220	/* sendmail will syslog a "NOQUEUE" error if session does not attempt
151	* to do something useful. This can be prevented by giving a command	221	* to do something useful. This can be prevented by giving a command
@@ -158,16 +228,26 @@ main (int argc, char **argv)
158	* Use the -f option to provide a FROM address	228	* Use the -f option to provide a FROM address
159	*/	229	*/
160	if (smtp_use_dummycmd) {	230	if (smtp_use_dummycmd) {
161	send(sd, cmd_str, strlen(cmd_str), 0);	231	#ifdef HAVE_SSL
162	recv(sd, buffer, MAX_INPUT_BUFFER-1, 0);	232	if (use_ssl)
163	if (verbose)	233	SSL_write(ssl, cmd_str, strlen(cmd_str));
164	printf("%s", buffer);	234	else
		235	#endif
		236	send(sd, cmd_str, strlen(cmd_str), 0);
		237	myrecv();
		238	if (verbose)
		239	printf("%s", buffer);
165	}	240	}
166		241
167	while (n < ncommands) {	242	while (n < ncommands) {
168	asprintf (&cmd_str, "%s%s", commands[n], "\r\n");	243	asprintf (&cmd_str, "%s%s", commands[n], "\r\n");
		244	#ifdef HAVE_SSL
		245	if (use_ssl)
		246	SSL_write(ssl,cmd_str, strlen(cmd_str));
		247	else
		248	#endif
169	send(sd, cmd_str, strlen(cmd_str), 0);	249	send(sd, cmd_str, strlen(cmd_str), 0);
170	recv(sd, buffer, MAX_INPUT_BUFFER-1, 0);	250	myrecv();
171	if (verbose)	251	if (verbose)
172	printf("%s", buffer);	252	printf("%s", buffer);
173	strip (buffer);	253	strip (buffer);
@@ -206,6 +286,11 @@ main (int argc, char **argv)
206	}	286	}
207		287
208	/* tell the server we're done */	288	/* tell the server we're done */
		289	#ifdef HAVE_SSL
		290	if (use_ssl)
		291	SSL_write(ssl,SMTP_QUIT, strlen (SMTP_QUIT));
		292	else
		293	#endif
209	send (sd, SMTP_QUIT, strlen (SMTP_QUIT), 0);	294	send (sd, SMTP_QUIT, strlen (SMTP_QUIT), 0);
210		295
211	/* finally close the connection */	296	/* finally close the connection */
@@ -261,6 +346,8 @@ process_arguments (int argc, char **argv)
261	{"use-ipv4", no_argument, 0, '4'},	346	{"use-ipv4", no_argument, 0, '4'},
262	{"use-ipv6", no_argument, 0, '6'},	347	{"use-ipv6", no_argument, 0, '6'},
263	{"help", no_argument, 0, 'h'},	348	{"help", no_argument, 0, 'h'},
		349	{"starttls",no_argument,0,'S'},
		350	{"certificate",required_argument,0,'D'},
264	{0, 0, 0, 0}	351	{0, 0, 0, 0}
265	};	352	};
266		353
@@ -277,7 +364,7 @@ process_arguments (int argc, char **argv)
277	}	364	}
278		365
279	while (1) {	366	while (1) {
280	c = getopt_long (argc, argv, "+hVv46t:p:f:e:c:w:H:C:R:",	367	c = getopt_long (argc, argv, "+hVv46t:p:f:e:c:w:H:C:R:SD:",
281	longopts, &option);	368	longopts, &option);
282		369
283	if (c == -1 \|\| c == EOF)	370	if (c == -1 \|\| c == EOF)
@@ -354,6 +441,22 @@ process_arguments (int argc, char **argv)
354	usage4 (_("Timeout interval must be a positive integer"));	441	usage4 (_("Timeout interval must be a positive integer"));
355	}	442	}
356	break;	443	break;
		444	case 'S':
		445	/* starttls */
		446	use_ssl = TRUE;
		447	break;
		448	case 'D':
		449	/* Check SSL cert validity */
		450	#ifdef HAVE_SSL
		451	if (!is_intnonneg (optarg))
		452	usage2 ("Invalid certificate expiration period",optarg);
		453	days_till_exp = atoi (optarg);
		454	check_cert = TRUE;
		455	#else
		456	terminate (STATE_UNKNOWN,
		457	"SSL support not available. Install OpenSSL and recompile.");
		458	#endif
		459	break;
357	case '4':	460	case '4':
358	address_family = AF_INET;	461	address_family = AF_INET;
359	break;	462	break;
@@ -443,6 +546,13 @@ print_help (void)
443	-f, --from=STRING\n\	546	-f, --from=STRING\n\
444	FROM-address to include in MAIL command, required by Exchange 2000\n"),	547	FROM-address to include in MAIL command, required by Exchange 2000\n"),
445	SMTP_EXPECT);	548	SMTP_EXPECT);
		549	#ifdef HAVE_SSL
		550	printf (_("\
		551	-D, --certificate=INTEGER\n\
		552	Minimum number of days a certificate has to be valid.\n\
		553	-S, --starttls\n\
		554	Use STARTTLS for the connection.\n"));
		555	#endif
446		556
447	printf (_(UT_WARN_CRIT));	557	printf (_(UT_WARN_CRIT));
448		558
@@ -466,5 +576,154 @@ print_usage (void)
466	{	576	{
467	printf ("\	577	printf ("\
468	Usage: %s -H host [-p port] [-e expect] [-C command] [-f from addr]\n\	578	Usage: %s -H host [-p port] [-e expect] [-C command] [-f from addr]\n\
469	[-w warn] [-c crit] [-t timeout] [-n] [-v] [-4\|-6]\n", progname);	579	[-w warn] [-c crit] [-t timeout] [-S] [-D days] [-n] [-v] [-4\|-6]\n", progname);
		580	}
		581
		582	#ifdef HAVE_SSL
		583	int
		584	connect_STARTTLS (void)
		585	{
		586	SSL_METHOD *meth;
		587
		588	/* Initialize SSL context */
		589	SSLeay_add_ssl_algorithms ();
		590	meth = SSLv2_client_method ();
		591	SSL_load_error_strings ();
		592	if ((ctx = SSL_CTX_new (meth)) == NULL)
		593	{
		594	printf(_("ERROR: Cannot create SSL context.\n"));
		595	return STATE_CRITICAL;
		596	}
		597	/* do the SSL handshake */
		598	if ((ssl = SSL_new (ctx)) != NULL)
		599	{
		600	SSL_set_fd (ssl, sd);
		601	/* original version checked for -1
		602	I look for success instead (1) */
		603	if (SSL_connect (ssl) == 1)
		604	return OK;
		605	ERR_print_errors_fp (stderr);
		606	}
		607	else
		608	{
		609	printf (_("ERROR: Cannot initiate SSL handshake.\n"));
		610	}
		611	/* this causes a seg faul
		612	not sure why, being sloppy
		613	and commenting it out */
		614	// SSL_free (ssl);
		615	SSL_CTX_free(ctx);
		616	my_close();
		617
		618	return STATE_CRITICAL;
		619	}
		620
		621	int
		622	check_certificate (X509 ** certificate)
		623	{
		624	ASN1_STRING *tm;
		625	int offset;
		626	struct tm stamp;
		627	int days_left;
		628
		629	/* Retrieve timestamp of certificate */
		630	tm = X509_get_notAfter (*certificate);
		631
		632	/* Generate tm structure to process timestamp */
		633	if (tm->type == V_ASN1_UTCTIME) {
		634	if (tm->length < 10) {
		635	printf (_("ERROR: Wrong time format in certificate.\n"));
		636	return STATE_CRITICAL;
		637	}
		638	else {
		639	stamp.tm_year = (tm->data[0] - '0') * 10 + (tm->data[1] - '0');
		640	if (stamp.tm_year < 50)
		641	stamp.tm_year += 100;
		642	offset = 0;
		643	}
		644	}
		645	else {
		646	if (tm->length < 12) {
		647	printf (_("ERROR: Wrong time format in certificate.\n"));
		648	return STATE_CRITICAL;
		649	}
		650	else {
		651	stamp.tm_year =
		652	(tm->data[0] - '0') * 1000 + (tm->data[1] - '0') * 100 +
		653	(tm->data[2] - '0') * 10 + (tm->data[3] - '0');
		654	stamp.tm_year -= 1900;
		655	offset = 2;
		656	}
		657	}
		658	stamp.tm_mon =
		659	(tm->data[2 + offset] - '0') * 10 + (tm->data[3 + offset] - '0') - 1;
		660	stamp.tm_mday =
		661	(tm->data[4 + offset] - '0') * 10 + (tm->data[5 + offset] - '0');
		662	stamp.tm_hour =
		663	(tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0');
		664	stamp.tm_min =
		665	(tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0');
		666	stamp.tm_sec = 0;
		667	stamp.tm_isdst = -1;
		668
		669	days_left = (mktime (&stamp) - time (NULL)) / 86400;
		670	snprintf
		671	(timestamp, 16, "%02d/%02d/%04d %02d:%02d",
		672	stamp.tm_mon + 1,
		673	stamp.tm_mday, stamp.tm_year + 1900, stamp.tm_hour, stamp.tm_min);
		674
		675	if (days_left > 0 && days_left <= days_till_exp) {
		676	printf ("Certificate expires in %d day(s) (%s).\n", days_left, timestamp);
		677	return STATE_WARNING;
		678	}
		679	if (days_left < 0) {
		680	printf ("Certificate expired on %s.\n", timestamp);
		681	return STATE_CRITICAL;
		682	}
		683
		684	if (days_left == 0) {
		685	printf ("Certificate expires today (%s).\n", timestamp);
		686	return STATE_WARNING;
		687	}
		688
		689	printf ("Certificate will expire on %s.\n", timestamp);
		690
		691	return STATE_OK;
		692	}
		693	#endif
		694
		695	int
		696	myrecv (void)
		697	{
		698	int i;
		699
		700	#ifdef HAVE_SSL
		701	if (use_ssl) {
		702	i = SSL_read (ssl, buffer, MAXBUF - 1);
		703	}
		704	else {
		705	#endif
		706	i = read (sd, buffer, MAXBUF - 1);
		707	#ifdef HAVE_SSL
		708	}
		709	#endif
		710	return i;
		711	}
		712
		713	int
		714	my_close (void)
		715	{
		716	#ifdef HAVE_SSL
		717	if (use_ssl == TRUE) {
		718	SSL_shutdown (ssl);
		719	SSL_free (ssl);
		720	SSL_CTX_free (ctx);
		721	return 0;
		722	}
		723	else {
		724	#endif
		725	return close(sd);
		726	#ifdef HAVE_SSL
		727	}
		728	#endif
470	}	729	}


diff --git a/po/fr.po b/po/fr.po index ed178637..4ad5f2c0 100644 --- a/po/fr.po +++ b/po/fr.po
@@ -10,7 +10,7 @@ msgstr ""
10	"Project-Id-Version: fr\n"	10	"Project-Id-Version: fr\n"
11	"Report-Msgid-Bugs-To: \n"	11	"Report-Msgid-Bugs-To: \n"
12	"POT-Creation-Date: 2004-12-26 00:06+0100\n"	12	"POT-Creation-Date: 2004-12-26 00:06+0100\n"
13	"PO-Revision-Date: 2004-12-27 23:43+0100\n"	13	"PO-Revision-Date: 2004-12-29 00:09+0100\n"
14	"Last-Translator: Benoit Mortier <benoit.mortier@opensides.be>\n"	14	"Last-Translator: Benoit Mortier <benoit.mortier@opensides.be>\n"
15	"Language-Team: Français <fr@li.org>\n"	15	"Language-Team: Français <fr@li.org>\n"
16	"MIME-Version: 1.0\n"	16	"MIME-Version: 1.0\n"
@@ -324,81 +324,87 @@ msgstr "DHCPOFFER XID (%lu) ne correspond pas à DHCPDISCOVER XID (%lu) - paquet
324	#, c-format	324	#, c-format
325	msgid "DHCPOFFER hardware address did not match our own - ignoring packet\n"	325	msgid "DHCPOFFER hardware address did not match our own - ignoring packet\n"
326	msgstr ""	326	msgstr ""
		327	" l'addresse matérielleh du DHCPOFFER ne correspond pas à la notre\n"
		328	"paquet ignoré\n"
327		329
328	#: plugins/check_dhcp.c:568	330	#: plugins/check_dhcp.c:568
329	#, c-format	331	#, c-format
330	msgid "Total responses seen on the wire: %d\n"	332	msgid "Total responses seen on the wire: %d\n"
331	msgstr ""	333	msgstr "Nombre total de réponses: %d\n"
332		334
333	#: plugins/check_dhcp.c:569	335	#: plugins/check_dhcp.c:569
334	#, fuzzy, c-format	336	#, c-format
335	msgid "Valid responses for this machine: %d\n"	337	msgid "Valid responses for this machine: %d\n"
336	msgstr "Réponse invalide du serveur après load 1\n"	338	msgstr "Nombre de réponse valides pour cette machine: %d\n"
337		339
338	#: plugins/check_dhcp.c:585	340	#: plugins/check_dhcp.c:585
339	#, c-format	341	#, c-format
340	msgid "send_dhcp_packet result: %d\n"	342	msgid "send_dhcp_packet result: %d\n"
341	msgstr ""	343	msgstr "résultat de send_dchp_packet: %d\n"
342		344
343	#: plugins/check_dhcp.c:614	345	#: plugins/check_dhcp.c:614
344	#, fuzzy, c-format	346	#, c-format
345	msgid "No (more) data received\n"	347	msgid "No (more) data received\n"
346	msgstr "Pas de données reçues %s\n"	348	msgstr "Plus de données reçues\n"
347		349
348	#: plugins/check_dhcp.c:633	350	#: plugins/check_dhcp.c:633
349	#, fuzzy, c-format	351	#, c-format
350	msgid "recvfrom() failed, "	352	msgid "recvfrom() failed, "
351	msgstr "La réception à échoué\n"	353	msgstr "La réception à échoué\n"
352		354
353	#: plugins/check_dhcp.c:640	355	#: plugins/check_dhcp.c:640
354	#, c-format	356	#, c-format
355	msgid "receive_dhcp_packet() result: %d\n"	357	msgid "receive_dhcp_packet() result: %d\n"
356	msgstr ""	358	msgstr "résultat de receive_dchp_packet: %d\n"
357		359
358	#: plugins/check_dhcp.c:641	360	#: plugins/check_dhcp.c:641
359	#, c-format	361	#, c-format
360	msgid "receive_dhcp_packet() source: %s\n"	362	msgid "receive_dhcp_packet() source: %s\n"
361	msgstr ""	363	msgstr "source de receive_dchp_packet: %s\n"
362		364
363	#: plugins/check_dhcp.c:670	365	#: plugins/check_dhcp.c:670
364	#, c-format	366	#, c-format
365	msgid "Error: Could not create socket!\n"	367	msgid "Error: Could not create socket!\n"
366	msgstr ""	368	msgstr "Erreur: Impossible de créer un socket!\n"
367		369
368	#: plugins/check_dhcp.c:680	370	#: plugins/check_dhcp.c:680
369	#, c-format	371	#, c-format
370	msgid "Error: Could not set reuse address option on DHCP socket!\n"	372	msgid "Error: Could not set reuse address option on DHCP socket!\n"
371	msgstr ""	373	msgstr ""
		374	"Erreur: Impossible de configurer l'option de réutilisation de l'adresse sur\n"
		375	"le socket DHCP!\n"
372		376
373	#: plugins/check_dhcp.c:686	377	#: plugins/check_dhcp.c:686
374	#, c-format	378	#, c-format
375	msgid "Error: Could not set broadcast option on DHCP socket!\n"	379	msgid "Error: Could not set broadcast option on DHCP socket!\n"
376	msgstr ""	380	msgstr "Erreur: Impossible de configurer l'option broadcast sur le socket DHCP!\n"
377		381
378	#: plugins/check_dhcp.c:694	382	#: plugins/check_dhcp.c:694
379	#, c-format	383	#, c-format
380	msgid "Error: Could not bind socket to interface %s. Check your privileges...\n"	384	msgid "Error: Could not bind socket to interface %s. Check your privileges...\n"
381	msgstr ""	385	msgstr ""
		386	"Erreur: Impossible de connecter le socket à l'interface %s.\n"
		387	"Verifiez vos droits...\n"
382		388
383	#: plugins/check_dhcp.c:704	389	#: plugins/check_dhcp.c:704
384	#, c-format	390	#, c-format
385	msgid "Error: Could not bind to DHCP socket (port %d)! Check your privileges...\n"	391	msgid "Error: Could not bind to DHCP socket (port %d)! Check your privileges...\n"
386	msgstr ""	392	msgstr "Erreur: Impossible de se connecter au socket (port %d)! Verifiez vos droits..\n"
387		393
388	#: plugins/check_dhcp.c:737	394	#: plugins/check_dhcp.c:737
389	#, fuzzy, c-format	395	#, c-format
390	msgid "Requested server address: %s\n"	396	msgid "Requested server address: %s\n"
391	msgstr "Vous devez fournir une adresse serveur\n"	397	msgstr "Adresse serveur demandée: %s\n"
392		398
393	#: plugins/check_dhcp.c:787	399	#: plugins/check_dhcp.c:787
394	#, c-format	400	#, c-format
395	msgid "Lease Time: Infinite\n"	401	msgid "Lease Time: Infinite\n"
396	msgstr ""	402	msgstr "Durée du Bail: Infini\n"
397		403
398	#: plugins/check_dhcp.c:789	404	#: plugins/check_dhcp.c:789
399	#, fuzzy, c-format	405	#, c-format
400	msgid "Lease Time: %lu seconds\n"	406	msgid "Lease Time: %lu seconds\n"
401	msgstr "LRU temps d'attente = %lu secondes"	407	msgstr "Durée du Bai: %lu secondes\n"
402		408
403	#: plugins/check_dhcp.c:791	409	#: plugins/check_dhcp.c:791
404	#, c-format	410	#, c-format