summaryrefslogtreecommitdiffstats
path: root/plugins/check_smtp.c
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/check_smtp.c')
-rw-r--r--plugins/check_smtp.c826
1 files changed, 505 insertions, 321 deletions
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index 44b735f9..24883fd8 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -28,20 +28,24 @@
28 * 28 *
29 *****************************************************************************/ 29 *****************************************************************************/
30 30
31const char *progname = "check_smtp";
32const char *copyright = "2000-2024";
33const char *email = "devel@monitoring-plugins.org";
34
35#include "common.h" 31#include "common.h"
36#include "netutils.h" 32#include "netutils.h"
33#include "output.h"
34#include "perfdata.h"
35#include "thresholds.h"
37#include "utils.h" 36#include "utils.h"
38#include "base64.h" 37#include "base64.h"
39#include "regex.h" 38#include "regex.h"
40 39
41#include <ctype.h> 40#include <ctype.h>
41#include <string.h>
42#include "check_smtp.d/config.h" 42#include "check_smtp.d/config.h"
43#include "../lib/states.h" 43#include "../lib/states.h"
44 44
45const char *progname = "check_smtp";
46const char *copyright = "2000-2024";
47const char *email = "devel@monitoring-plugins.org";
48
45#define PROXY_PREFIX "PROXY TCP4 0.0.0.0 0.0.0.0 25 25\r\n" 49#define PROXY_PREFIX "PROXY TCP4 0.0.0.0 0.0.0.0 25 25\r\n"
46#define SMTP_HELO "HELO " 50#define SMTP_HELO "HELO "
47#define SMTP_EHLO "EHLO " 51#define SMTP_EHLO "EHLO "
@@ -58,7 +62,8 @@ typedef struct {
58} check_smtp_config_wrapper; 62} check_smtp_config_wrapper;
59static check_smtp_config_wrapper process_arguments(int /*argc*/, char ** /*argv*/); 63static check_smtp_config_wrapper process_arguments(int /*argc*/, char ** /*argv*/);
60 64
61int my_recv(check_smtp_config config, void *buf, int num, int socket_descriptor, bool ssl_established) { 65int my_recv(check_smtp_config config, void *buf, int num, int socket_descriptor,
66 bool ssl_established) {
62#ifdef HAVE_SSL 67#ifdef HAVE_SSL
63 if ((config.use_starttls || config.use_ssl) && ssl_established) { 68 if ((config.use_starttls || config.use_ssl) && ssl_established) {
64 return np_net_ssl_read(buf, num); 69 return np_net_ssl_read(buf, num);
@@ -69,7 +74,8 @@ int my_recv(check_smtp_config config, void *buf, int num, int socket_descriptor,
69#endif 74#endif
70} 75}
71 76
72int my_send(check_smtp_config config, void *buf, int num, int socket_descriptor, bool ssl_established) { 77int my_send(check_smtp_config config, void *buf, int num, int socket_descriptor,
78 bool ssl_established) {
73#ifdef HAVE_SSL 79#ifdef HAVE_SSL
74 if ((config.use_starttls || config.use_ssl) && ssl_established) { 80 if ((config.use_starttls || config.use_ssl) && ssl_established) {
75 81
@@ -83,15 +89,25 @@ int my_send(check_smtp_config config, void *buf, int num, int socket_descriptor,
83 89
84static void print_help(void); 90static void print_help(void);
85void print_usage(void); 91void print_usage(void);
86static char *smtp_quit(check_smtp_config /*config*/, char /*buffer*/[MAX_INPUT_BUFFER], int /*socket_descriptor*/, 92static char *smtp_quit(check_smtp_config /*config*/, char /*buffer*/[MAX_INPUT_BUFFER],
87 bool /*ssl_established*/); 93 int /*socket_descriptor*/, bool /*ssl_established*/);
88static int recvline(char * /*buf*/, size_t /*bufsize*/, check_smtp_config /*config*/, int /*socket_descriptor*/, bool /*ssl_established*/); 94static int recvline(char * /*buf*/, size_t /*bufsize*/, check_smtp_config /*config*/,
89static int recvlines(check_smtp_config /*config*/, char * /*buf*/, size_t /*bufsize*/, int /*socket_descriptor*/, bool /*ssl_established*/); 95 int /*socket_descriptor*/, bool /*ssl_established*/);
96static int recvlines(check_smtp_config /*config*/, char * /*buf*/, size_t /*bufsize*/,
97 int /*socket_descriptor*/, bool /*ssl_established*/);
90static int my_close(int /*socket_descriptor*/); 98static int my_close(int /*socket_descriptor*/);
91 99
92static int verbose = 0; 100static int verbose = 0;
93 101
94int main(int argc, char **argv) { 102int main(int argc, char **argv) {
103#ifdef __OpenBSD__
104 /* - rpath is required to read --extra-opts (given up later)
105 * - inet is required for sockets
106 * - unix is required for Unix domain sockets
107 * - dns is required for name lookups */
108 pledge("stdio rpath inet unix dns", NULL);
109#endif // __OpenBSD__
110
95 setlocale(LC_ALL, ""); 111 setlocale(LC_ALL, "");
96 bindtextdomain(PACKAGE, LOCALEDIR); 112 bindtextdomain(PACKAGE, LOCALEDIR);
97 textdomain(PACKAGE); 113 textdomain(PACKAGE);
@@ -105,8 +121,16 @@ int main(int argc, char **argv) {
105 usage4(_("Could not parse arguments")); 121 usage4(_("Could not parse arguments"));
106 } 122 }
107 123
124#ifdef __OpenBSD__
125 pledge("stdio inet unix dns", NULL);
126#endif // __OpenBSD__
127
108 const check_smtp_config config = tmp_config.config; 128 const check_smtp_config config = tmp_config.config;
109 129
130 if (config.output_format_is_set) {
131 mp_set_format(config.output_format);
132 }
133
110 /* If localhostname not set on command line, use gethostname to set */ 134 /* If localhostname not set on command line, use gethostname to set */
111 char *localhostname = config.localhostname; 135 char *localhostname = config.localhostname;
112 if (!localhostname) { 136 if (!localhostname) {
@@ -157,342 +181,459 @@ int main(int argc, char **argv) {
157 gettimeofday(&start_time, NULL); 181 gettimeofday(&start_time, NULL);
158 182
159 int socket_descriptor = 0; 183 int socket_descriptor = 0;
184
160 /* try to connect to the host at the given port number */ 185 /* try to connect to the host at the given port number */
161 mp_state_enum result = my_tcp_connect(config.server_address, config.server_port, &socket_descriptor); 186 mp_state_enum tcp_result =
187 my_tcp_connect(config.server_address, config.server_port, &socket_descriptor);
162 188
163 char *error_msg = ""; 189 mp_check overall = mp_check_init();
190 mp_subcheck sc_tcp_connect = mp_subcheck_init();
164 char buffer[MAX_INPUT_BUFFER]; 191 char buffer[MAX_INPUT_BUFFER];
165 bool ssl_established = false; 192 bool ssl_established = false;
166 if (result == STATE_OK) { /* we connected */ 193
167 /* If requested, send PROXY header */ 194 if (tcp_result != STATE_OK) {
168 if (config.use_proxy_prefix) { 195 // Connect failed
169 if (verbose) { 196 sc_tcp_connect = mp_set_subcheck_state(sc_tcp_connect, STATE_CRITICAL);
170 printf("Sending header %s\n", PROXY_PREFIX); 197 xasprintf(&sc_tcp_connect.output, "TCP connect to '%s' failed", config.server_address);
171 } 198 mp_add_subcheck_to_check(&overall, sc_tcp_connect);
172 my_send(config, PROXY_PREFIX, strlen(PROXY_PREFIX), socket_descriptor, ssl_established); 199 mp_exit(overall);
200 }
201
202 /* we connected */
203 /* If requested, send PROXY header */
204 if (config.use_proxy_prefix) {
205 if (verbose) {
206 printf("Sending header %s\n", PROXY_PREFIX);
173 } 207 }
208 my_send(config, PROXY_PREFIX, strlen(PROXY_PREFIX), socket_descriptor, ssl_established);
209 }
174 210
175#ifdef HAVE_SSL 211#ifdef HAVE_SSL
176 if (config.use_ssl) { 212 if (config.use_ssl) {
177 result = np_net_ssl_init_with_hostname(socket_descriptor, (config.use_sni ? config.server_address : NULL)); 213 int tls_result = np_net_ssl_init_with_hostname(
178 if (result != STATE_OK) { 214 socket_descriptor, (config.use_sni ? config.server_address : NULL));
179 printf(_("CRITICAL - Cannot create SSL context.\n")); 215
180 close(socket_descriptor); 216 mp_subcheck sc_tls_connection = mp_subcheck_init();
181 np_net_ssl_cleanup(); 217
182 exit(STATE_CRITICAL); 218 if (tls_result != STATE_OK) {
183 } 219 close(socket_descriptor);
184 ssl_established = true; 220 np_net_ssl_cleanup();
221
222 sc_tls_connection = mp_set_subcheck_state(sc_tls_connection, STATE_CRITICAL);
223 xasprintf(&sc_tls_connection.output, "cannot create TLS context");
224 mp_add_subcheck_to_check(&overall, sc_tls_connection);
225 mp_exit(overall);
185 } 226 }
227
228 sc_tls_connection = mp_set_subcheck_state(sc_tls_connection, STATE_OK);
229 xasprintf(&sc_tls_connection.output, "TLS context established");
230 mp_add_subcheck_to_check(&overall, sc_tls_connection);
231 ssl_established = true;
232 }
186#endif 233#endif
187 234
188 /* watch for the SMTP connection string and */ 235 /* watch for the SMTP connection string and */
189 /* return a WARNING status if we couldn't read any data */ 236 /* return a WARNING status if we couldn't read any data */
190 if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) <= 0) { 237 if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) <= 0) {
191 printf(_("recv() failed\n")); 238 mp_subcheck sc_read_data = mp_subcheck_init();
192 exit(STATE_WARNING); 239 sc_read_data = mp_set_subcheck_state(sc_read_data, STATE_WARNING);
193 } 240 xasprintf(&sc_read_data.output, "recv() failed");
241 mp_add_subcheck_to_check(&overall, sc_read_data);
242 mp_exit(overall);
243 }
194 244
195 char *server_response = NULL; 245 char *server_response = NULL;
196 /* save connect return (220 hostname ..) for later use */ 246 /* save connect return (220 hostname ..) for later use */
197 xasprintf(&server_response, "%s", buffer); 247 xasprintf(&server_response, "%s", buffer);
198 248
199 /* send the HELO/EHLO command */ 249 /* send the HELO/EHLO command */
200 my_send(config, helocmd, (int)strlen(helocmd), socket_descriptor, ssl_established); 250 my_send(config, helocmd, (int)strlen(helocmd), socket_descriptor, ssl_established);
201 251
202 /* allow for response to helo command to reach us */ 252 /* allow for response to helo command to reach us */
203 if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) <= 0) { 253 if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) <= 0) {
204 printf(_("recv() failed\n")); 254 mp_subcheck sc_read_data = mp_subcheck_init();
205 exit(STATE_WARNING); 255 sc_read_data = mp_set_subcheck_state(sc_read_data, STATE_WARNING);
206 } 256 xasprintf(&sc_read_data.output, "recv() failed");
257 mp_add_subcheck_to_check(&overall, sc_read_data);
258 mp_exit(overall);
259 }
207 260
208 bool supports_tls = false; 261 bool supports_tls = false;
209 if (config.use_ehlo || config.use_lhlo) { 262 if (config.use_ehlo || config.use_lhlo) {
210 if (strstr(buffer, "250 STARTTLS") != NULL || strstr(buffer, "250-STARTTLS") != NULL) { 263 if (strstr(buffer, "250 STARTTLS") != NULL || strstr(buffer, "250-STARTTLS") != NULL) {
211 supports_tls = true; 264 supports_tls = true;
212 }
213 } 265 }
266 }
267
268 if (config.use_starttls && !supports_tls) {
269 smtp_quit(config, buffer, socket_descriptor, ssl_established);
270
271 mp_subcheck sc_read_data = mp_subcheck_init();
272 sc_read_data = mp_set_subcheck_state(sc_read_data, STATE_WARNING);
273 xasprintf(&sc_read_data.output, "StartTLS not supported by server");
274 mp_add_subcheck_to_check(&overall, sc_read_data);
275 mp_exit(overall);
276 }
214 277
215 if (config.use_starttls && !supports_tls) { 278#ifdef HAVE_SSL
216 printf(_("WARNING - TLS not supported by server\n")); 279 if (config.use_starttls) {
280 /* send the STARTTLS command */
281 send(socket_descriptor, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0);
282
283 mp_subcheck sc_starttls_init = mp_subcheck_init();
284 recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor,
285 ssl_established); /* wait for it */
286 if (!strstr(buffer, SMTP_EXPECT)) {
217 smtp_quit(config, buffer, socket_descriptor, ssl_established); 287 smtp_quit(config, buffer, socket_descriptor, ssl_established);
218 exit(STATE_WARNING); 288
289 xasprintf(&sc_starttls_init.output, "StartTLS not supported by server");
290 sc_starttls_init = mp_set_subcheck_state(sc_starttls_init, STATE_UNKNOWN);
291 mp_add_subcheck_to_check(&overall, sc_starttls_init);
292 mp_exit(overall);
219 } 293 }
220 294
221#ifdef HAVE_SSL 295 mp_state_enum starttls_result = np_net_ssl_init_with_hostname(
222 if (config.use_starttls) { 296 socket_descriptor, (config.use_sni ? config.server_address : NULL));
223 /* send the STARTTLS command */ 297 if (starttls_result != STATE_OK) {
224 send(socket_descriptor, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0); 298 close(socket_descriptor);
225 299 np_net_ssl_cleanup();
226 recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established); /* wait for it */
227 if (!strstr(buffer, SMTP_EXPECT)) {
228 printf(_("Server does not support STARTTLS\n"));
229 smtp_quit(config, buffer, socket_descriptor, ssl_established);
230 exit(STATE_UNKNOWN);
231 }
232 300
233 result = np_net_ssl_init_with_hostname(socket_descriptor, (config.use_sni ? config.server_address : NULL)); 301 sc_starttls_init = mp_set_subcheck_state(sc_starttls_init, STATE_CRITICAL);
234 if (result != STATE_OK) { 302 xasprintf(&sc_starttls_init.output, "failed to create StartTLS context");
235 printf(_("CRITICAL - Cannot create SSL context.\n")); 303 mp_add_subcheck_to_check(&overall, sc_starttls_init);
236 close(socket_descriptor); 304 mp_exit(overall);
237 np_net_ssl_cleanup(); 305 }
238 exit(STATE_CRITICAL); 306 sc_starttls_init = mp_set_subcheck_state(sc_starttls_init, STATE_OK);
239 } 307 xasprintf(&sc_starttls_init.output, "created StartTLS context");
308 mp_add_subcheck_to_check(&overall, sc_starttls_init);
309
310 ssl_established = true;
311
312 /*
313 * Resend the EHLO command.
314 *
315 * RFC 3207 (4.2) says: ``The client MUST discard any knowledge
316 * obtained from the server, such as the list of SMTP service
317 * extensions, which was not obtained from the TLS negotiation
318 * itself. The client SHOULD send an EHLO command as the first
319 * command after a successful TLS negotiation.'' For this
320 * reason, some MTAs will not allow an AUTH LOGIN command before
321 * we resent EHLO via TLS.
322 */
323 if (my_send(config, helocmd, (int)strlen(helocmd), socket_descriptor, ssl_established) <=
324 0) {
325 my_close(socket_descriptor);
326
327 mp_subcheck sc_ehlo = mp_subcheck_init();
328 sc_ehlo = mp_set_subcheck_state(sc_ehlo, STATE_UNKNOWN);
329 xasprintf(&sc_ehlo.output, "cannot send EHLO command via StartTLS");
330 mp_add_subcheck_to_check(&overall, sc_ehlo);
331 mp_exit(overall);
332 }
240 333
241 ssl_established = true; 334 if (verbose) {
242 335 printf(_("sent %s"), helocmd);
243 /* 336 }
244 * Resend the EHLO command.
245 *
246 * RFC 3207 (4.2) says: ``The client MUST discard any knowledge
247 * obtained from the server, such as the list of SMTP service
248 * extensions, which was not obtained from the TLS negotiation
249 * itself. The client SHOULD send an EHLO command as the first
250 * command after a successful TLS negotiation.'' For this
251 * reason, some MTAs will not allow an AUTH LOGIN command before
252 * we resent EHLO via TLS.
253 */
254 if (my_send(config, helocmd, strlen(helocmd), socket_descriptor, ssl_established) <= 0) {
255 printf("%s\n", _("SMTP UNKNOWN - Cannot send EHLO command via TLS."));
256 my_close(socket_descriptor);
257 exit(STATE_UNKNOWN);
258 }
259 337
260 if (verbose) { 338 if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) <= 0) {
261 printf(_("sent %s"), helocmd); 339 my_close(socket_descriptor);
262 }
263 340
264 if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) <= 0) { 341 mp_subcheck sc_ehlo = mp_subcheck_init();
265 printf("%s\n", _("SMTP UNKNOWN - Cannot read EHLO response via TLS.")); 342 sc_ehlo = mp_set_subcheck_state(sc_ehlo, STATE_UNKNOWN);
266 my_close(socket_descriptor); 343 xasprintf(&sc_ehlo.output, "cannot read EHLO response via StartTLS");
267 exit(STATE_UNKNOWN); 344 mp_add_subcheck_to_check(&overall, sc_ehlo);
268 } 345 mp_exit(overall);
346 }
269 347
270 if (verbose) { 348 if (verbose) {
271 printf("%s", buffer); 349 printf("%s", buffer);
272 } 350 }
351 }
273 352
274# ifdef USE_OPENSSL 353# ifdef USE_OPENSSL
275 if (config.check_cert) { 354 if (ssl_established) {
276 result = np_net_ssl_check_cert(config.days_till_exp_warn, config.days_till_exp_crit); 355 net_ssl_check_cert_result cert_check_result =
277 smtp_quit(config, buffer, socket_descriptor, ssl_established); 356 np_net_ssl_check_cert2(config.days_till_exp_warn, config.days_till_exp_crit);
278 my_close(socket_descriptor); 357
279 exit(result); 358 mp_subcheck sc_cert_check = mp_subcheck_init();
359
360 switch (cert_check_result.errors) {
361 case ALL_OK: {
362
363 if (cert_check_result.result_state != STATE_OK &&
364 config.ignore_certificate_expiration) {
365 xasprintf(&sc_cert_check.output,
366 "Remaining certificate lifetime: %d days. Expiration will be ignored",
367 (int)(cert_check_result.remaining_seconds / 86400));
368 sc_cert_check = mp_set_subcheck_state(sc_cert_check, STATE_OK);
369 } else {
370 xasprintf(&sc_cert_check.output, "Remaining certificate lifetime: %d days",
371 (int)(cert_check_result.remaining_seconds / 86400));
372 sc_cert_check =
373 mp_set_subcheck_state(sc_cert_check, cert_check_result.result_state);
280 } 374 }
375 } break;
376 case NO_SERVER_CERTIFICATE_PRESENT: {
377 xasprintf(&sc_cert_check.output, "no server certificate present");
378 sc_cert_check = mp_set_subcheck_state(sc_cert_check, cert_check_result.result_state);
379 } break;
380 case UNABLE_TO_RETRIEVE_CERTIFICATE_SUBJECT: {
381 xasprintf(&sc_cert_check.output, "can not retrieve certificate subject");
382 sc_cert_check = mp_set_subcheck_state(sc_cert_check, cert_check_result.result_state);
383 } break;
384 case WRONG_TIME_FORMAT_IN_CERTIFICATE: {
385 xasprintf(&sc_cert_check.output, "wrong time format in certificate");
386 sc_cert_check = mp_set_subcheck_state(sc_cert_check, cert_check_result.result_state);
387 } break;
388 };
389
390 mp_add_subcheck_to_check(&overall, sc_cert_check);
391 }
281# endif /* USE_OPENSSL */ 392# endif /* USE_OPENSSL */
282 } 393
283#endif 394#endif
284 395
285 if (verbose) { 396 if (verbose) {
397 printf("%s", buffer);
398 }
399
400 /* save buffer for later use */
401 xasprintf(&server_response, "%s%s", server_response, buffer);
402 /* strip the buffer of carriage returns */
403 strip(server_response);
404
405 /* make sure we find the droids we are looking for */
406 mp_subcheck sc_expect_response = mp_subcheck_init();
407
408 if (!strstr(server_response, config.server_expect)) {
409 sc_expect_response = mp_set_subcheck_state(sc_expect_response, STATE_WARNING);
410 if (config.server_port == SMTP_PORT) {
411 xasprintf(&sc_expect_response.output, _("invalid SMTP response received from host: %s"),
412 server_response);
413 } else {
414 xasprintf(&sc_expect_response.output,
415 _("invalid SMTP response received from host on port %d: %s"),
416 config.server_port, server_response);
417 }
418 exit(STATE_WARNING);
419 } else {
420 xasprintf(&sc_expect_response.output, "received valid SMTP response '%s' from host: '%s'",
421 config.server_expect, server_response);
422 sc_expect_response = mp_set_subcheck_state(sc_expect_response, STATE_OK);
423 }
424
425 mp_add_subcheck_to_check(&overall, sc_expect_response);
426
427 if (config.send_mail_from) {
428 my_send(config, cmd_str, (int)strlen(cmd_str), socket_descriptor, ssl_established);
429 if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) >= 1 &&
430 verbose) {
286 printf("%s", buffer); 431 printf("%s", buffer);
287 } 432 }
433 }
288 434
289 /* save buffer for later use */ 435 size_t counter = 0;
290 xasprintf(&server_response, "%s%s", server_response, buffer); 436 while (counter < config.ncommands) {
291 /* strip the buffer of carriage returns */ 437 xasprintf(&cmd_str, "%s%s", config.commands[counter], "\r\n");
292 strip(server_response); 438 my_send(config, cmd_str, (int)strlen(cmd_str), socket_descriptor, ssl_established);
439 if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) >= 1 &&
440 verbose) {
441 printf("%s", buffer);
442 }
293 443
294 /* make sure we find the droids we are looking for */ 444 strip(buffer);
295 if (!strstr(server_response, config.server_expect)) { 445
296 if (config.server_port == SMTP_PORT) { 446 if (counter < config.nresponses) {
297 printf(_("Invalid SMTP response received from host: %s\n"), server_response); 447 int cflags = REG_EXTENDED | REG_NOSUB | REG_NEWLINE;
298 } else { 448 regex_t preg;
299 printf(_("Invalid SMTP response received from host on port %d: %s\n"), config.server_port, server_response); 449 int errcode = regcomp(&preg, config.responses[counter], cflags);
450 char errbuf[MAX_INPUT_BUFFER];
451 if (errcode != 0) {
452 regerror(errcode, &preg, errbuf, MAX_INPUT_BUFFER);
453 printf(_("Could Not Compile Regular Expression"));
454 exit(STATE_UNKNOWN);
300 } 455 }
301 exit(STATE_WARNING);
302 }
303 456
304 if (config.send_mail_from) { 457 regmatch_t pmatch[10];
305 my_send(config, cmd_str, (int)strlen(cmd_str), socket_descriptor, ssl_established); 458 int eflags = 0;
306 if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) >= 1 && verbose) { 459 int excode = regexec(&preg, buffer, 10, pmatch, eflags);
307 printf("%s", buffer); 460 mp_subcheck sc_expected_responses = mp_subcheck_init();
461 if (excode == 0) {
462 xasprintf(&sc_expected_responses.output, "valid response '%s' to command '%s'",
463 buffer, config.commands[counter]);
464 sc_expected_responses = mp_set_subcheck_state(sc_expected_responses, STATE_OK);
465 } else if (excode == REG_NOMATCH) {
466 sc_expected_responses = mp_set_subcheck_state(sc_expected_responses, STATE_WARNING);
467 xasprintf(&sc_expected_responses.output, "invalid response '%s' to command '%s'",
468 buffer, config.commands[counter]);
469 } else {
470 regerror(excode, &preg, errbuf, MAX_INPUT_BUFFER);
471 xasprintf(&sc_expected_responses.output, "regexec execute error: %s", errbuf);
472 sc_expected_responses = mp_set_subcheck_state(sc_expected_responses, STATE_UNKNOWN);
308 } 473 }
309 } 474 }
475 counter++;
476 }
310 477
311 int counter = 0; 478 if (config.authtype != NULL) {
312 while (counter < config.ncommands) { 479 mp_subcheck sc_auth = mp_subcheck_init();
313 xasprintf(&cmd_str, "%s%s", config.commands[counter], "\r\n"); 480
314 my_send(config, cmd_str, (int)strlen(cmd_str), socket_descriptor, ssl_established); 481 if (strcmp(config.authtype, "LOGIN") == 0) {
315 if (recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established) >= 1 && verbose) { 482 char *abuf;
316 printf("%s", buffer); 483 int ret;
317 } 484 do {
318 strip(buffer); 485 /* send AUTH LOGIN */
319 if (counter < config.nresponses) { 486 my_send(config, SMTP_AUTH_LOGIN, strlen(SMTP_AUTH_LOGIN), socket_descriptor,
320 int cflags = REG_EXTENDED | REG_NOSUB | REG_NEWLINE; 487 ssl_established);
321 regex_t preg; 488
322 int errcode = regcomp(&preg, config.responses[counter], cflags); 489 if (verbose) {
323 char errbuf[MAX_INPUT_BUFFER]; 490 printf(_("sent %s\n"), "AUTH LOGIN");
324 if (errcode != 0) { 491 }
325 regerror(errcode, &preg, errbuf, MAX_INPUT_BUFFER); 492
326 printf(_("Could Not Compile Regular Expression")); 493 if ((ret = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor,
327 exit(STATE_UNKNOWN); 494 ssl_established)) <= 0) {
495 xasprintf(&sc_auth.output, _("recv() failed after AUTH LOGIN"));
496 sc_auth = mp_set_subcheck_state(sc_auth, STATE_WARNING);
497 break;
328 } 498 }
329 499
330 regmatch_t pmatch[10]; 500 if (verbose) {
331 int eflags = 0; 501 printf(_("received %s\n"), buffer);
332 int excode = regexec(&preg, buffer, 10, pmatch, eflags);
333 if (excode == 0) {
334 result = STATE_OK;
335 } else if (excode == REG_NOMATCH) {
336 result = STATE_WARNING;
337 printf(_("SMTP %s - Invalid response '%s' to command '%s'\n"), state_text(result), buffer, config.commands[counter]);
338 } else {
339 regerror(excode, &preg, errbuf, MAX_INPUT_BUFFER);
340 printf(_("Execute Error: %s\n"), errbuf);
341 result = STATE_UNKNOWN;
342 } 502 }
343 }
344 counter++;
345 }
346 503
347 if (config.authtype != NULL) { 504 if (strncmp(buffer, "334", 3) != 0) {
348 if (strcmp(config.authtype, "LOGIN") == 0) { 505 xasprintf(&sc_auth.output, "invalid response received after AUTH LOGIN");
349 char *abuf; 506 sc_auth = mp_set_subcheck_state(sc_auth, STATE_CRITICAL);
350 int ret;
351 do {
352 if (config.authuser == NULL) {
353 result = STATE_CRITICAL;
354 xasprintf(&error_msg, _("no authuser specified, "));
355 break;
356 }
357 if (config.authpass == NULL) {
358 result = STATE_CRITICAL;
359 xasprintf(&error_msg, _("no authpass specified, "));
360 break;
361 }
362
363 /* send AUTH LOGIN */
364 my_send(config, SMTP_AUTH_LOGIN, strlen(SMTP_AUTH_LOGIN), socket_descriptor, ssl_established);
365 if (verbose) {
366 printf(_("sent %s\n"), "AUTH LOGIN");
367 }
368
369 if ((ret = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established)) <= 0) {
370 xasprintf(&error_msg, _("recv() failed after AUTH LOGIN, "));
371 result = STATE_WARNING;
372 break;
373 }
374 if (verbose) {
375 printf(_("received %s\n"), buffer);
376 }
377
378 if (strncmp(buffer, "334", 3) != 0) {
379 result = STATE_CRITICAL;
380 xasprintf(&error_msg, _("invalid response received after AUTH LOGIN, "));
381 break;
382 }
383
384 /* encode authuser with base64 */
385 base64_encode_alloc(config.authuser, strlen(config.authuser), &abuf);
386 xasprintf(&abuf, "%s\r\n", abuf);
387 my_send(config, abuf, (int)strlen(abuf), socket_descriptor, ssl_established);
388 if (verbose) {
389 printf(_("sent %s\n"), abuf);
390 }
391
392 if ((ret = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established)) <= 0) {
393 result = STATE_CRITICAL;
394 xasprintf(&error_msg, _("recv() failed after sending authuser, "));
395 break;
396 }
397 if (verbose) {
398 printf(_("received %s\n"), buffer);
399 }
400 if (strncmp(buffer, "334", 3) != 0) {
401 result = STATE_CRITICAL;
402 xasprintf(&error_msg, _("invalid response received after authuser, "));
403 break;
404 }
405 /* encode authpass with base64 */
406 base64_encode_alloc(config.authpass, strlen(config.authpass), &abuf);
407 xasprintf(&abuf, "%s\r\n", abuf);
408 my_send(config, abuf, (int)strlen(abuf), socket_descriptor, ssl_established);
409 if (verbose) {
410 printf(_("sent %s\n"), abuf);
411 }
412 if ((ret = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor, ssl_established)) <= 0) {
413 result = STATE_CRITICAL;
414 xasprintf(&error_msg, _("recv() failed after sending authpass, "));
415 break;
416 }
417 if (verbose) {
418 printf(_("received %s\n"), buffer);
419 }
420 if (strncmp(buffer, "235", 3) != 0) {
421 result = STATE_CRITICAL;
422 xasprintf(&error_msg, _("invalid response received after authpass, "));
423 break;
424 }
425 break; 507 break;
426 } while (false); 508 }
427 } else {
428 result = STATE_CRITICAL;
429 xasprintf(&error_msg, _("only authtype LOGIN is supported, "));
430 }
431 }
432 509
433 /* tell the server we're done */ 510 /* encode authuser with base64 */
434 smtp_quit(config, buffer, socket_descriptor, ssl_established); 511 base64_encode_alloc(config.authuser, strlen(config.authuser), &abuf);
512 xasprintf(&abuf, "%s\r\n", abuf);
513 my_send(config, abuf, (int)strlen(abuf), socket_descriptor, ssl_established);
514 if (verbose) {
515 printf(_("sent %s\n"), abuf);
516 }
517
518 if ((ret = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor,
519 ssl_established)) <= 0) {
520 xasprintf(&sc_auth.output, "recv() failed after sending authuser");
521 sc_auth = mp_set_subcheck_state(sc_auth, STATE_CRITICAL);
522 break;
523 }
524
525 if (verbose) {
526 printf(_("received %s\n"), buffer);
527 }
528
529 if (strncmp(buffer, "334", 3) != 0) {
530 xasprintf(&sc_auth.output, "invalid response received after authuser");
531 sc_auth = mp_set_subcheck_state(sc_auth, STATE_CRITICAL);
532 break;
533 }
534
535 /* encode authpass with base64 */
536 base64_encode_alloc(config.authpass, strlen(config.authpass), &abuf);
537 xasprintf(&abuf, "%s\r\n", abuf);
538 my_send(config, abuf, (int)strlen(abuf), socket_descriptor, ssl_established);
435 539
436 /* finally close the connection */ 540 if (verbose) {
437 close(socket_descriptor); 541 printf(_("sent %s\n"), abuf);
542 }
543
544 if ((ret = recvlines(config, buffer, MAX_INPUT_BUFFER, socket_descriptor,
545 ssl_established)) <= 0) {
546 xasprintf(&sc_auth.output, "recv() failed after sending authpass");
547 sc_auth = mp_set_subcheck_state(sc_auth, STATE_CRITICAL);
548 break;
549 }
550
551 if (verbose) {
552 printf(_("received %s\n"), buffer);
553 }
554
555 if (strncmp(buffer, "235", 3) != 0) {
556 xasprintf(&sc_auth.output, "invalid response received after authpass");
557 sc_auth = mp_set_subcheck_state(sc_auth, STATE_CRITICAL);
558 break;
559 }
560 break;
561 } while (false);
562 } else {
563 sc_auth = mp_set_subcheck_state(sc_auth, STATE_CRITICAL);
564 xasprintf(&sc_auth.output, "only authtype LOGIN is supported");
565 }
566
567 mp_add_subcheck_to_check(&overall, sc_auth);
438 } 568 }
439 569
570 /* tell the server we're done */
571 smtp_quit(config, buffer, socket_descriptor, ssl_established);
572
573 /* finally close the connection */
574 close(socket_descriptor);
575
440 /* reset the alarm */ 576 /* reset the alarm */
441 alarm(0); 577 alarm(0);
442 578
443 long microsec = deltime(start_time); 579 long microsec = deltime(start_time);
444 double elapsed_time = (double)microsec / 1.0e6; 580 double elapsed_time = (double)microsec / 1.0e6;
445 581
446 if (result == STATE_OK) { 582 mp_perfdata pd_elapsed_time = perfdata_init();
447 if (config.check_critical_time && elapsed_time > config.critical_time) { 583 pd_elapsed_time = mp_set_pd_value(pd_elapsed_time, elapsed_time);
448 result = STATE_CRITICAL; 584 pd_elapsed_time.label = "time";
449 } else if (config.check_warning_time && elapsed_time > config.warning_time) { 585 pd_elapsed_time.uom = "s";
450 result = STATE_WARNING; 586
451 } 587 pd_elapsed_time = mp_pd_set_thresholds(pd_elapsed_time, config.connection_time);
452 }
453 588
454 printf(_("SMTP %s - %s%.3f sec. response time%s%s|%s\n"), state_text(result), error_msg, elapsed_time, verbose ? ", " : "", 589 mp_subcheck sc_connection_time = mp_subcheck_init();
455 verbose ? buffer : "", 590 xasprintf(&sc_connection_time.output, "connection time: %.3gs", elapsed_time);
456 fperfdata("time", elapsed_time, "s", config.check_warning_time, config.warning_time, config.check_critical_time, 591 sc_connection_time =
457 config.critical_time, true, 0, false, 0)); 592 mp_set_subcheck_state(sc_connection_time, mp_get_pd_status(pd_elapsed_time));
593 mp_add_subcheck_to_check(&overall, sc_connection_time);
458 594
459 exit(result); 595 mp_exit(overall);
460} 596}
461 597
462/* process command-line arguments */ 598/* process command-line arguments */
463check_smtp_config_wrapper process_arguments(int argc, char **argv) { 599check_smtp_config_wrapper process_arguments(int argc, char **argv) {
464 enum { 600 enum {
465 SNI_OPTION = CHAR_MAX + 1 601 SNI_OPTION = CHAR_MAX + 1,
602 output_format_index,
603 ignore_certificate_expiration_index,
466 }; 604 };
467 605
468 int option = 0; 606 int option = 0;
469 static struct option longopts[] = {{"hostname", required_argument, 0, 'H'}, 607 static struct option longopts[] = {
470 {"expect", required_argument, 0, 'e'}, 608 {"hostname", required_argument, 0, 'H'},
471 {"critical", required_argument, 0, 'c'}, 609 {"expect", required_argument, 0, 'e'},
472 {"warning", required_argument, 0, 'w'}, 610 {"critical", required_argument, 0, 'c'},
473 {"timeout", required_argument, 0, 't'}, 611 {"warning", required_argument, 0, 'w'},
474 {"port", required_argument, 0, 'p'}, 612 {"timeout", required_argument, 0, 't'},
475 {"from", required_argument, 0, 'f'}, 613 {"port", required_argument, 0, 'p'},
476 {"fqdn", required_argument, 0, 'F'}, 614 {"from", required_argument, 0, 'f'},
477 {"authtype", required_argument, 0, 'A'}, 615 {"fqdn", required_argument, 0, 'F'},
478 {"authuser", required_argument, 0, 'U'}, 616 {"authtype", required_argument, 0, 'A'},
479 {"authpass", required_argument, 0, 'P'}, 617 {"authuser", required_argument, 0, 'U'},
480 {"command", required_argument, 0, 'C'}, 618 {"authpass", required_argument, 0, 'P'},
481 {"response", required_argument, 0, 'R'}, 619 {"command", required_argument, 0, 'C'},
482 {"verbose", no_argument, 0, 'v'}, 620 {"response", required_argument, 0, 'R'},
483 {"version", no_argument, 0, 'V'}, 621 {"verbose", no_argument, 0, 'v'},
484 {"use-ipv4", no_argument, 0, '4'}, 622 {"version", no_argument, 0, 'V'},
485 {"use-ipv6", no_argument, 0, '6'}, 623 {"use-ipv4", no_argument, 0, '4'},
486 {"help", no_argument, 0, 'h'}, 624 {"use-ipv6", no_argument, 0, '6'},
487 {"lmtp", no_argument, 0, 'L'}, 625 {"help", no_argument, 0, 'h'},
488 {"ssl", no_argument, 0, 's'}, 626 {"lmtp", no_argument, 0, 'L'},
489 {"tls", no_argument, 0, 's'}, 627 {"ssl", no_argument, 0, 's'},
490 {"starttls", no_argument, 0, 'S'}, 628 {"tls", no_argument, 0, 's'},
491 {"sni", no_argument, 0, SNI_OPTION}, 629 {"starttls", no_argument, 0, 'S'},
492 {"certificate", required_argument, 0, 'D'}, 630 {"sni", no_argument, 0, SNI_OPTION},
493 {"ignore-quit-failure", no_argument, 0, 'q'}, 631 {"certificate", required_argument, 0, 'D'},
494 {"proxy", no_argument, 0, 'r'}, 632 {"ignore-quit-failure", no_argument, 0, 'q'},
495 {0, 0, 0, 0}}; 633 {"proxy", no_argument, 0, 'r'},
634 {"ignore-certificate-expiration", no_argument, 0, ignore_certificate_expiration_index},
635 {"output-format", required_argument, 0, output_format_index},
636 {0, 0, 0, 0}};
496 637
497 check_smtp_config_wrapper result = { 638 check_smtp_config_wrapper result = {
498 .config = check_smtp_config_init(), 639 .config = check_smtp_config_init(),
@@ -514,12 +655,13 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) {
514 } 655 }
515 } 656 }
516 657
517 int command_size = 0; 658 unsigned long command_size = 0;
518 int response_size = 0; 659 unsigned long response_size = 0;
519 bool implicit_tls = false; 660 bool implicit_tls = false;
520 int server_port_option = 0; 661 int server_port_option = 0;
521 while (true) { 662 while (true) {
522 int opt_index = getopt_long(argc, argv, "+hVv46Lrt:p:f:e:c:w:H:C:R:sSD:F:A:U:P:q", longopts, &option); 663 int opt_index =
664 getopt_long(argc, argv, "+hVv46Lrt:p:f:e:c:w:H:C:R:sSD:F:A:U:P:q", longopts, &option);
523 665
524 if (opt_index == -1 || opt_index == EOF) { 666 if (opt_index == -1 || opt_index == EOF) {
525 break; 667 break;
@@ -546,7 +688,8 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) {
546 break; 688 break;
547 case 'f': /* from argument */ 689 case 'f': /* from argument */
548 result.config.from_arg = optarg + strspn(optarg, "<"); 690 result.config.from_arg = optarg + strspn(optarg, "<");
549 result.config.from_arg = strndup(result.config.from_arg, strcspn(result.config.from_arg, ">")); 691 result.config.from_arg =
692 strndup(result.config.from_arg, strcspn(result.config.from_arg, ">"));
550 result.config.send_mail_from = true; 693 result.config.send_mail_from = true;
551 break; 694 break;
552 case 'A': 695 case 'A':
@@ -565,9 +708,11 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) {
565 case 'C': /* commands */ 708 case 'C': /* commands */
566 if (result.config.ncommands >= command_size) { 709 if (result.config.ncommands >= command_size) {
567 command_size += 8; 710 command_size += 8;
568 result.config.commands = realloc(result.config.commands, sizeof(char *) * command_size); 711 result.config.commands =
712 realloc(result.config.commands, sizeof(char *) * command_size);
569 if (result.config.commands == NULL) { 713 if (result.config.commands == NULL) {
570 die(STATE_UNKNOWN, _("Could not realloc() units [%d]\n"), result.config.ncommands); 714 die(STATE_UNKNOWN, _("Could not realloc() units [%lu]\n"),
715 result.config.ncommands);
571 } 716 }
572 } 717 }
573 result.config.commands[result.config.ncommands] = (char *)malloc(sizeof(char) * 255); 718 result.config.commands[result.config.ncommands] = (char *)malloc(sizeof(char) * 255);
@@ -577,31 +722,33 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) {
577 case 'R': /* server responses */ 722 case 'R': /* server responses */
578 if (result.config.nresponses >= response_size) { 723 if (result.config.nresponses >= response_size) {
579 response_size += 8; 724 response_size += 8;
580 result.config.responses = realloc(result.config.responses, sizeof(char *) * response_size); 725 result.config.responses =
726 realloc(result.config.responses, sizeof(char *) * response_size);
581 if (result.config.responses == NULL) { 727 if (result.config.responses == NULL) {
582 die(STATE_UNKNOWN, _("Could not realloc() units [%d]\n"), result.config.nresponses); 728 die(STATE_UNKNOWN, _("Could not realloc() units [%lu]\n"),
729 result.config.nresponses);
583 } 730 }
584 } 731 }
585 result.config.responses[result.config.nresponses] = (char *)malloc(sizeof(char) * 255); 732 result.config.responses[result.config.nresponses] = (char *)malloc(sizeof(char) * 255);
586 strncpy(result.config.responses[result.config.nresponses], optarg, 255); 733 strncpy(result.config.responses[result.config.nresponses], optarg, 255);
587 result.config.nresponses++; 734 result.config.nresponses++;
588 break; 735 break;
589 case 'c': /* critical time threshold */ 736 case 'c': /* critical time threshold */ {
590 if (!is_nonnegative(optarg)) { 737 mp_range_parsed tmp = mp_parse_range_string(optarg);
591 usage4(_("Critical time must be a positive")); 738 if (tmp.error != MP_PARSING_SUCCESS) {
592 } else { 739 die(STATE_UNKNOWN, "failed to parse critical time threshold");
593 result.config.critical_time = strtod(optarg, NULL);
594 result.config.check_critical_time = true;
595 } 740 }
596 break; 741 result.config.connection_time =
597 case 'w': /* warning time threshold */ 742 mp_thresholds_set_warn(result.config.connection_time, tmp.range);
598 if (!is_nonnegative(optarg)) { 743 } break;
599 usage4(_("Warning time must be a positive")); 744 case 'w': /* warning time threshold */ {
600 } else { 745 mp_range_parsed tmp = mp_parse_range_string(optarg);
601 result.config.warning_time = strtod(optarg, NULL); 746 if (tmp.error != MP_PARSING_SUCCESS) {
602 result.config.check_warning_time = true; 747 die(STATE_UNKNOWN, "failed to parse warning time threshold");
603 } 748 }
604 break; 749 result.config.connection_time =
750 mp_thresholds_set_crit(result.config.connection_time, tmp.range);
751 } break;
605 case 'v': /* verbose */ 752 case 'v': /* verbose */
606 verbose++; 753 verbose++;
607 break; 754 break;
@@ -638,7 +785,6 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) {
638 } 785 }
639 result.config.days_till_exp_warn = atoi(optarg); 786 result.config.days_till_exp_warn = atoi(optarg);
640 } 787 }
641 result.config.check_cert = true;
642 result.config.ignore_send_quit_failure = true; 788 result.config.ignore_send_quit_failure = true;
643#else 789#else
644 usage(_("SSL support not available - install OpenSSL and recompile")); 790 usage(_("SSL support not available - install OpenSSL and recompile"));
@@ -673,11 +819,7 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) {
673 address_family = AF_INET; 819 address_family = AF_INET;
674 break; 820 break;
675 case '6': 821 case '6':
676#ifdef USE_IPV6
677 address_family = AF_INET6; 822 address_family = AF_INET6;
678#else
679 usage4(_("IPv6 support not available"));
680#endif
681 break; 823 break;
682 case 'V': /* version */ 824 case 'V': /* version */
683 print_revision(progname, NP_VERSION); 825 print_revision(progname, NP_VERSION);
@@ -687,6 +829,21 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) {
687 exit(STATE_UNKNOWN); 829 exit(STATE_UNKNOWN);
688 case '?': /* help */ 830 case '?': /* help */
689 usage5(); 831 usage5();
832 case output_format_index: {
833 parsed_output_format parser = mp_parse_output_format(optarg);
834 if (!parser.parsing_success) {
835 // TODO List all available formats here, maybe add anothoer usage function
836 printf("Invalid output format: %s\n", optarg);
837 exit(STATE_UNKNOWN);
838 }
839
840 result.config.output_format_is_set = true;
841 result.config.output_format = parser.output_format;
842 break;
843 }
844 case ignore_certificate_expiration_index: {
845 result.config.ignore_certificate_expiration = true;
846 }
690 } 847 }
691 } 848 }
692 849
@@ -715,11 +872,26 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) {
715 result.config.server_port = server_port_option; 872 result.config.server_port = server_port_option;
716 } 873 }
717 874
875 if (result.config.authtype) {
876 if (strcmp(result.config.authtype, "LOGIN") == 0) {
877 if (result.config.authuser == NULL) {
878 usage4("no authuser specified");
879 }
880 if (result.config.authpass == NULL) {
881 usage4("no authpass specified");
882 }
883 } else {
884 usage4("only authtype LOGIN is supported");
885 }
886 }
887
718 return result; 888 return result;
719} 889}
720 890
721char *smtp_quit(check_smtp_config config, char buffer[MAX_INPUT_BUFFER], int socket_descriptor, bool ssl_established) { 891char *smtp_quit(check_smtp_config config, char buffer[MAX_INPUT_BUFFER], int socket_descriptor,
722 int sent_bytes = my_send(config, SMTP_QUIT, strlen(SMTP_QUIT), socket_descriptor, ssl_established); 892 bool ssl_established) {
893 int sent_bytes =
894 my_send(config, SMTP_QUIT, strlen(SMTP_QUIT), socket_descriptor, ssl_established);
723 if (sent_bytes < 0) { 895 if (sent_bytes < 0) {
724 if (config.ignore_send_quit_failure) { 896 if (config.ignore_send_quit_failure) {
725 if (verbose) { 897 if (verbose) {
@@ -759,9 +931,10 @@ char *smtp_quit(check_smtp_config config, char buffer[MAX_INPUT_BUFFER], int soc
759 * function which buffers the data, move that to netutils.c and change 931 * function which buffers the data, move that to netutils.c and change
760 * check_smtp and other plugins to use that. Also, remove (\r)\n. 932 * check_smtp and other plugins to use that. Also, remove (\r)\n.
761 */ 933 */
762int recvline(char *buf, size_t bufsize, check_smtp_config config, int socket_descriptor, bool ssl_established) { 934int recvline(char *buf, size_t bufsize, check_smtp_config config, int socket_descriptor,
935 bool ssl_established) {
763 int result; 936 int result;
764 int counter; 937 size_t counter;
765 938
766 for (counter = result = 0; counter < bufsize - 1; counter++) { 939 for (counter = result = 0; counter < bufsize - 1; counter++) {
767 if ((result = my_recv(config, &buf[counter], 1, socket_descriptor, ssl_established)) != 1) { 940 if ((result = my_recv(config, &buf[counter], 1, socket_descriptor, ssl_established)) != 1) {
@@ -769,7 +942,7 @@ int recvline(char *buf, size_t bufsize, check_smtp_config config, int socket_des
769 } 942 }
770 if (buf[counter] == '\n') { 943 if (buf[counter] == '\n') {
771 buf[++counter] = '\0'; 944 buf[++counter] = '\0';
772 return counter; 945 return (int)counter;
773 } 946 }
774 } 947 }
775 return (result == 1 || counter == 0) ? -2 : result; /* -2 if out of space */ 948 return (result == 1 || counter == 0) ? -2 : result; /* -2 if out of space */
@@ -789,13 +962,16 @@ int recvline(char *buf, size_t bufsize, check_smtp_config config, int socket_des
789 * 962 *
790 * TODO: Move this to netutils.c. Also, remove \r and possibly the final \n. 963 * TODO: Move this to netutils.c. Also, remove \r and possibly the final \n.
791 */ 964 */
792int recvlines(check_smtp_config config, char *buf, size_t bufsize, int socket_descriptor, bool ssl_established) { 965int recvlines(check_smtp_config config, char *buf, size_t bufsize, int socket_descriptor,
966 bool ssl_established) {
793 int result; 967 int result;
794 int counter; 968 int counter;
795 969
796 for (counter = 0; /* forever */; counter += result) { 970 for (counter = 0; /* forever */; counter += result) {
797 if (!((result = recvline(buf + counter, bufsize - counter, config, socket_descriptor, ssl_established)) > 3 && 971 if (!((result = recvline(buf + counter, bufsize - counter, config, socket_descriptor,
798 isdigit((int)buf[counter]) && isdigit((int)buf[counter + 1]) && isdigit((int)buf[counter + 2]) && buf[counter + 3] == '-')) { 972 ssl_established)) > 3 &&
973 isdigit((int)buf[counter]) && isdigit((int)buf[counter + 1]) &&
974 isdigit((int)buf[counter + 2]) && buf[counter + 3] == '-')) {
799 break; 975 break;
800 } 976 }
801 } 977 }
@@ -835,13 +1011,15 @@ void print_help(void) {
835 printf(UT_IPv46); 1011 printf(UT_IPv46);
836 1012
837 printf(" %s\n", "-e, --expect=STRING"); 1013 printf(" %s\n", "-e, --expect=STRING");
838 printf(_(" String to expect in first line of server response (default: '%s')\n"), SMTP_EXPECT); 1014 printf(_(" String to expect in first line of server response (default: '%s')\n"),
1015 SMTP_EXPECT);
839 printf(" %s\n", "-C, --command=STRING"); 1016 printf(" %s\n", "-C, --command=STRING");
840 printf(" %s\n", _("SMTP command (may be used repeatedly)")); 1017 printf(" %s\n", _("SMTP command (may be used repeatedly)"));
841 printf(" %s\n", "-R, --response=STRING"); 1018 printf(" %s\n", "-R, --response=STRING");
842 printf(" %s\n", _("Expected response to command (may be used repeatedly)")); 1019 printf(" %s\n", _("Expected response to command (may be used repeatedly)"));
843 printf(" %s\n", "-f, --from=STRING"); 1020 printf(" %s\n", "-f, --from=STRING");
844 printf(" %s\n", _("FROM-address to include in MAIL command, required by Exchange 2000")), printf(" %s\n", "-F, --fqdn=STRING"); 1021 printf(" %s\n", _("FROM-address to include in MAIL command, required by Exchange 2000")),
1022 printf(" %s\n", "-F, --fqdn=STRING");
845 printf(" %s\n", _("FQDN used for HELO")); 1023 printf(" %s\n", _("FQDN used for HELO"));
846 printf(" %s\n", "-r, --proxy"); 1024 printf(" %s\n", "-r, --proxy");
847 printf(" %s\n", _("Use PROXY protocol prefix for the connection.")); 1025 printf(" %s\n", _("Use PROXY protocol prefix for the connection."));
@@ -867,11 +1045,15 @@ void print_help(void) {
867 printf(" %s\n", _("Send LHLO instead of HELO/EHLO")); 1045 printf(" %s\n", _("Send LHLO instead of HELO/EHLO"));
868 printf(" %s\n", "-q, --ignore-quit-failure"); 1046 printf(" %s\n", "-q, --ignore-quit-failure");
869 printf(" %s\n", _("Ignore failure when sending QUIT command to server")); 1047 printf(" %s\n", _("Ignore failure when sending QUIT command to server"));
1048 printf(" %s\n", "--ignore-certificate-expiration");
1049 printf(" %s\n", _("Ignore certificate expiration"));
870 1050
871 printf(UT_WARN_CRIT); 1051 printf(UT_WARN_CRIT);
872 1052
873 printf(UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); 1053 printf(UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
874 1054
1055 printf(UT_OUTPUT_FORMAT);
1056
875 printf(UT_VERBOSE); 1057 printf(UT_VERBOSE);
876 1058
877 printf("\n"); 1059 printf("\n");
@@ -885,7 +1067,9 @@ void print_help(void) {
885 1067
886void print_usage(void) { 1068void print_usage(void) {
887 printf("%s\n", _("Usage:")); 1069 printf("%s\n", _("Usage:"));
888 printf("%s -H host [-p port] [-4|-6] [-e expect] [-C command] [-R response] [-f from addr]\n", progname); 1070 printf("%s -H host [-p port] [-4|-6] [-e expect] [-C command] [-R response] [-f from addr]\n",
1071 progname);
889 printf("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-q]\n"); 1072 printf("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-q]\n");
890 printf("[-F fqdn] [-S] [-L] [-D warn days cert expire[,crit days cert expire]] [-r] [--sni] [-v] \n"); 1073 printf("[-F fqdn] [-S] [-L] [-D warn days cert expire[,crit days cert expire]] [-r] [--sni] "
1074 "[-v] \n");
891} 1075}