From 6bc9e518b247e85a39479a0ac6685e68c3a61b40 Mon Sep 17 00:00:00 2001 From: Lorenz Kästle <12514511+RincewindsHat@users.noreply.github.com> Date: Sat, 8 Nov 2025 00:19:25 +0100 Subject: check_smtp: modern output + some tls cert helper functions --- plugins/check_smtp.d/config.h | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) (limited to 'plugins/check_smtp.d/config.h') diff --git a/plugins/check_smtp.d/config.h b/plugins/check_smtp.d/config.h index 0a6511ef..bc433093 100644 --- a/plugins/check_smtp.d/config.h +++ b/plugins/check_smtp.d/config.h @@ -1,6 +1,7 @@ #pragma once #include "../../config.h" +#include "thresholds.h" #include #include @@ -18,20 +19,18 @@ typedef struct { char *server_expect; bool ignore_send_quit_failure; - double warning_time; - bool check_warning_time; - double critical_time; - bool check_critical_time; + mp_thresholds connection_time; + bool use_ehlo; bool use_lhlo; char *from_arg; bool send_mail_from; - int ncommands; + unsigned long ncommands; char **commands; - int nresponses; + unsigned long nresponses; char **responses; char *authtype; @@ -58,10 +57,7 @@ check_smtp_config check_smtp_config_init() { .server_expect = SMTP_EXPECT, .ignore_send_quit_failure = false, - .warning_time = 0, - .check_warning_time = false, - .critical_time = 0, - .check_critical_time = false, + .connection_time = mp_thresholds_init(), .use_ehlo = false, .use_lhlo = false, -- cgit v1.2.3-74-g34f1 From 62035adf6c8199eba54755f23e8affe97e645300 Mon Sep 17 00:00:00 2001 From: Lorenz Kästle <12514511+RincewindsHat@users.noreply.github.com> Date: Sun, 9 Nov 2025 11:32:43 +0100 Subject: check_smtp: implement output format cli parameter --- plugins/check_smtp.c | 22 +++++++++++++++++++++- plugins/check_smtp.d/config.h | 6 ++++++ 2 files changed, 27 insertions(+), 1 deletion(-) (limited to 'plugins/check_smtp.d/config.h') diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c index f2c7f05c..cb92421c 100644 --- a/plugins/check_smtp.c +++ b/plugins/check_smtp.c @@ -115,6 +115,10 @@ int main(int argc, char **argv) { const check_smtp_config config = tmp_config.config; + if (config.output_format_is_set) { + mp_set_format(config.output_format); + } + /* If localhostname not set on command line, use gethostname to set */ char *localhostname = config.localhostname; if (!localhostname) { @@ -578,7 +582,8 @@ int main(int argc, char **argv) { /* process command-line arguments */ check_smtp_config_wrapper process_arguments(int argc, char **argv) { enum { - SNI_OPTION = CHAR_MAX + 1 + SNI_OPTION = CHAR_MAX + 1, + output_format_index, }; int option = 0; @@ -608,6 +613,7 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) { {"certificate", required_argument, 0, 'D'}, {"ignore-quit-failure", no_argument, 0, 'q'}, {"proxy", no_argument, 0, 'r'}, + {"output-format", required_argument, 0, output_format_index}, {0, 0, 0, 0}}; check_smtp_config_wrapper result = { @@ -809,6 +815,18 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) { exit(STATE_UNKNOWN); case '?': /* help */ usage5(); + case output_format_index: { + parsed_output_format parser = mp_parse_output_format(optarg); + if (!parser.parsing_success) { + // TODO List all available formats here, maybe add anothoer usage function + printf("Invalid output format: %s\n", optarg); + exit(STATE_UNKNOWN); + } + + result.config.output_format_is_set = true; + result.config.output_format = parser.output_format; + break; + } } } @@ -1015,6 +1033,8 @@ void print_help(void) { printf(UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT); + printf(UT_OUTPUT_FORMAT); + printf(UT_VERBOSE); printf("\n"); diff --git a/plugins/check_smtp.d/config.h b/plugins/check_smtp.d/config.h index bc433093..11d7fe56 100644 --- a/plugins/check_smtp.d/config.h +++ b/plugins/check_smtp.d/config.h @@ -1,6 +1,7 @@ #pragma once #include "../../config.h" +#include "output.h" #include "thresholds.h" #include #include @@ -46,6 +47,9 @@ typedef struct { bool use_starttls; bool use_sni; #endif + + bool output_format_is_set; + mp_output_format output_format; } check_smtp_config; check_smtp_config check_smtp_config_init() { @@ -83,6 +87,8 @@ check_smtp_config check_smtp_config_init() { .use_starttls = false, .use_sni = false, #endif + + .output_format_is_set = false, }; return tmp; } -- cgit v1.2.3-74-g34f1 From bc2720abddf8e379c4e1f23ed25f7702ef29ad08 Mon Sep 17 00:00:00 2001 From: Lorenz Kästle <12514511+RincewindsHat@users.noreply.github.com> Date: Sun, 9 Nov 2025 11:46:36 +0100 Subject: check_smtp: certificate check is no longer opt-in This is a breaking change. Testing whether a TLS certificate is still valid (expiration wise) is now the default in check_smtp. The reasoning is, that in most scenarios an expired certificate will effectively mean that the service is not working anymore due to the refusal of other software to talk to it. There is a new cli parameter though to explicitly ignore that. --- plugins/check_smtp.c | 88 ++++++++++++++++++++++++------------------- plugins/check_smtp.d/config.h | 6 ++- 2 files changed, 54 insertions(+), 40 deletions(-) (limited to 'plugins/check_smtp.d/config.h') diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c index cb92421c..e806ad29 100644 --- a/plugins/check_smtp.c +++ b/plugins/check_smtp.c @@ -37,6 +37,7 @@ #include "base64.h" #include "regex.h" +#include #include #include #include "check_smtp.d/config.h" @@ -347,9 +348,19 @@ int main(int argc, char **argv) { switch (cert_check_result.errors) { case ALL_OK: { - xasprintf(&sc_cert_check.output, "Certificate expiration. Remaining time %g days", - cert_check_result.remaining_seconds / 86400); - sc_cert_check = mp_set_subcheck_state(sc_cert_check, cert_check_result.result_state); + + if (cert_check_result.result_state != STATE_OK && + config.ignore_certificate_expiration) { + xasprintf(&sc_cert_check.output, + "Remaining certificate lifetime: %d days. Expiration will be ignored", + (int)(cert_check_result.remaining_seconds / 86400)); + sc_cert_check = mp_set_subcheck_state(sc_cert_check, STATE_OK); + } else { + xasprintf(&sc_cert_check.output, "Remaining certificate lifetime: %d days", + (int)(cert_check_result.remaining_seconds / 86400)); + sc_cert_check = + mp_set_subcheck_state(sc_cert_check, cert_check_result.result_state); + } } break; case NO_SERVER_CERTIFICATE_PRESENT: { xasprintf(&sc_cert_check.output, "no server certificate present"); @@ -366,12 +377,6 @@ int main(int argc, char **argv) { }; mp_add_subcheck_to_check(&overall, sc_cert_check); - - if (config.check_cert) { - smtp_quit(config, buffer, socket_descriptor, ssl_established); - my_close(socket_descriptor); - mp_exit(overall); - } } # endif /* USE_OPENSSL */ @@ -584,37 +589,40 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) { enum { SNI_OPTION = CHAR_MAX + 1, output_format_index, + ignore_certificate_expiration_index, }; int option = 0; - static struct option longopts[] = {{"hostname", required_argument, 0, 'H'}, - {"expect", required_argument, 0, 'e'}, - {"critical", required_argument, 0, 'c'}, - {"warning", required_argument, 0, 'w'}, - {"timeout", required_argument, 0, 't'}, - {"port", required_argument, 0, 'p'}, - {"from", required_argument, 0, 'f'}, - {"fqdn", required_argument, 0, 'F'}, - {"authtype", required_argument, 0, 'A'}, - {"authuser", required_argument, 0, 'U'}, - {"authpass", required_argument, 0, 'P'}, - {"command", required_argument, 0, 'C'}, - {"response", required_argument, 0, 'R'}, - {"verbose", no_argument, 0, 'v'}, - {"version", no_argument, 0, 'V'}, - {"use-ipv4", no_argument, 0, '4'}, - {"use-ipv6", no_argument, 0, '6'}, - {"help", no_argument, 0, 'h'}, - {"lmtp", no_argument, 0, 'L'}, - {"ssl", no_argument, 0, 's'}, - {"tls", no_argument, 0, 's'}, - {"starttls", no_argument, 0, 'S'}, - {"sni", no_argument, 0, SNI_OPTION}, - {"certificate", required_argument, 0, 'D'}, - {"ignore-quit-failure", no_argument, 0, 'q'}, - {"proxy", no_argument, 0, 'r'}, - {"output-format", required_argument, 0, output_format_index}, - {0, 0, 0, 0}}; + static struct option longopts[] = { + {"hostname", required_argument, 0, 'H'}, + {"expect", required_argument, 0, 'e'}, + {"critical", required_argument, 0, 'c'}, + {"warning", required_argument, 0, 'w'}, + {"timeout", required_argument, 0, 't'}, + {"port", required_argument, 0, 'p'}, + {"from", required_argument, 0, 'f'}, + {"fqdn", required_argument, 0, 'F'}, + {"authtype", required_argument, 0, 'A'}, + {"authuser", required_argument, 0, 'U'}, + {"authpass", required_argument, 0, 'P'}, + {"command", required_argument, 0, 'C'}, + {"response", required_argument, 0, 'R'}, + {"verbose", no_argument, 0, 'v'}, + {"version", no_argument, 0, 'V'}, + {"use-ipv4", no_argument, 0, '4'}, + {"use-ipv6", no_argument, 0, '6'}, + {"help", no_argument, 0, 'h'}, + {"lmtp", no_argument, 0, 'L'}, + {"ssl", no_argument, 0, 's'}, + {"tls", no_argument, 0, 's'}, + {"starttls", no_argument, 0, 'S'}, + {"sni", no_argument, 0, SNI_OPTION}, + {"certificate", required_argument, 0, 'D'}, + {"ignore-quit-failure", no_argument, 0, 'q'}, + {"proxy", no_argument, 0, 'r'}, + {"ignore-certificate-expiration", no_argument, 0, ignore_certificate_expiration_index}, + {"output-format", required_argument, 0, output_format_index}, + {0, 0, 0, 0}}; check_smtp_config_wrapper result = { .config = check_smtp_config_init(), @@ -766,7 +774,6 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) { } result.config.days_till_exp_warn = atoi(optarg); } - result.config.check_cert = true; result.config.ignore_send_quit_failure = true; #else usage(_("SSL support not available - install OpenSSL and recompile")); @@ -827,6 +834,9 @@ check_smtp_config_wrapper process_arguments(int argc, char **argv) { result.config.output_format = parser.output_format; break; } + case ignore_certificate_expiration_index: { + result.config.ignore_certificate_expiration = true; + } } } @@ -1028,6 +1038,8 @@ void print_help(void) { printf(" %s\n", _("Send LHLO instead of HELO/EHLO")); printf(" %s\n", "-q, --ignore-quit-failure"); printf(" %s\n", _("Ignore failure when sending QUIT command to server")); + printf(" %s\n", "--ignore-certificate-expiration"); + printf(" %s\n", _("Ignore certificate expiration")); printf(UT_WARN_CRIT); diff --git a/plugins/check_smtp.d/config.h b/plugins/check_smtp.d/config.h index 11d7fe56..b0d42ed1 100644 --- a/plugins/check_smtp.d/config.h +++ b/plugins/check_smtp.d/config.h @@ -40,12 +40,13 @@ typedef struct { bool use_proxy_prefix; #ifdef HAVE_SSL - bool check_cert; int days_till_exp_warn; int days_till_exp_crit; bool use_ssl; bool use_starttls; bool use_sni; + + bool ignore_certificate_expiration; #endif bool output_format_is_set; @@ -80,12 +81,13 @@ check_smtp_config check_smtp_config_init() { .use_proxy_prefix = false, #ifdef HAVE_SSL - .check_cert = false, .days_till_exp_warn = 0, .days_till_exp_crit = 0, .use_ssl = false, .use_starttls = false, .use_sni = false, + + .ignore_certificate_expiration = false, #endif .output_format_is_set = false, -- cgit v1.2.3-74-g34f1