Главная Обзор Помощь
Вход
LBP
/
nagios-plugins
зеркало из https://github.com/nagios-plugins/nagios-plugins.git
4
0
Ответвить 0
Файлы Задачи 0 Вики
Просмотр исходного кода

multiple fixes in check_smtp from debian (bts #285554):
- fix for double free via SSL_CTX_free. looks like the previous author
knew this was a problem but didn't care enough to fix it ;p.
- use defines instead of const chars for SMTP strings.
- default to send our fqdn (via gethostbyname lookup on gethostname)
in the HELO string, as this is an RFC/SMTP requirement. overridable
via cmdline.
- use EHLO instead of HELO if using STARTTLS, as it is not SMTP but
ESMTP.
- verify the server supports STARTTLS before initializing it.
- always send QUIT before disconnecting when possible.


git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1246 f882894a-f735-0410-b71e-b25c423dba1c

M. Sean Finney 20 лет назад
Родитель
866709d4b5
Сommit
321075cd56
1 измененных файлов с 65 добавлено и 21 удалено
Разделённый вид Показать статистику Diff
  1. 65 21
      plugins/check_smtp.c

+ 65 - 21
plugins/check_smtp.c
Просмотреть файл 

@@ -59,10 +59,17 @@ int check_certificate (X509 **);
 
 enum {
 
 	SMTP_PORT	= 25
 
 };
 
-const char *SMTP_EXPECT = "220";
 
-const char *SMTP_HELO = "HELO ";
 
-const char *SMTP_QUIT	= "QUIT\r\n";
 
-const char *SMTP_STARTTLS = "STARTTLS\r\n";
 
+#define SMTP_EXPECT "220"
 
+#define SMTP_HELO "HELO "
 
+#define SMTP_EHLO "EHLO "
 
+#define SMTP_QUIT "QUIT\r\n"
 
+#define SMTP_STARTTLS "STARTTLS\r\n"
 
+
 
+#ifndef HOST_MAX_BYTES
 
+#define HOST_MAX_BYTES 255
 
+#endif
 
+
 
+#define EHLO_SUPPORTS_STARTTLS 1
 
 
 int process_arguments (int, char **);
 
 int validate_arguments (void);
 
@@ -101,6 +108,9 @@ int critical_time = 0;
 
 int check_critical_time = FALSE;
 
 int verbose = 0;
 
 int use_ssl = FALSE;
 
+short use_ehlo = FALSE;
 
+short ssl_established = TRUE;
 
+char *localhostname = NULL;
 
 int sd;
 
 char buffer[MAX_INPUT_BUFFER];
 
 enum {
 
@@ -112,7 +122,7 @@ enum {
 
 int
 
 main (int argc, char **argv)
 
 {
 
-
 
+	short supports_tls=FALSE;
 
 	int n = 0;
 
 	double elapsed_time;
 
 	long microsec;
 
@@ -120,6 +130,7 @@ main (int argc, char **argv)
 
 	char *cmd_str = NULL;
 
 	char *helocmd = NULL;
 
 	struct timeval tv;
 
+	struct hostent *hp;
 
 
 	setlocale (LC_ALL, "");
 
 	bindtextdomain (PACKAGE, LOCALEDIR);
 
@@ -129,12 +140,26 @@ main (int argc, char **argv)
 
 		usage4 (_("Could not parse arguments"));
 
 
 	/* initialize the HELO command with the localhostname */
 
-#ifndef HOST_MAX_BYTES
 
-#define HOST_MAX_BYTES 255
 
-#endif
 
-	helocmd = malloc (HOST_MAX_BYTES);
 
-	gethostname(helocmd, HOST_MAX_BYTES);
 
-	asprintf (&helocmd, "%s%s%s", SMTP_HELO, helocmd, "\r\n");
 
+	if(! localhostname){
 
+		localhostname = malloc (HOST_MAX_BYTES);
 
+		if(!localhostname){
 
+			printf(_("malloc() failed!\n"));
 
+			return STATE_CRITICAL;
 
+		}
 
+		if(gethostname(localhostname, HOST_MAX_BYTES)){
 
+			printf(_("gethostname() failed!\n"));
 
+			return STATE_CRITICAL;
 
+		}
 
+		hp = gethostbyname(localhostname);
 
+		if(!hp) helocmd = localhostname;
 
+		else helocmd = hp->h_name;
 
+	} else {
 
+		helocmd = localhostname;
 
+	}
 
+	if(use_ehlo)
 
+		asprintf (&helocmd, "%s%s%s", SMTP_EHLO, helocmd, "\r\n");
 
+	else
 
+		asprintf (&helocmd, "%s%s%s", SMTP_HELO, helocmd, "\r\n");
 
 
 	/* initialize the MAIL command with optional FROM command  */
 
 	asprintf (&cmd_str, "%sFROM: %s%s", mail_command, from_arg, "\r\n");
 
@@ -178,11 +203,26 @@ main (int argc, char **argv)
 
 			}
 
 		}
 
 
-		/* send the HELO command */
 
+		/* send the HELO/EHLO command */
 
 		send(sd, helocmd, strlen(helocmd), 0);
 
 
 		/* allow for response to helo command to reach us */
 
-		read (sd, buffer, MAXBUF - 1);
 
+		if(read (sd, buffer, MAXBUF - 1) < 0){
 
+			printf (_("recv() failed\n"));
 
+			return STATE_WARNING;
 
+		} else if(use_ehlo){
 
+			buffer[MAXBUF-1]='\0';
 
+			if(strstr(buffer, "250 STARTTLS") != NULL ||
 
+			   strstr(buffer, "250-STARTTLS") != NULL){
 
+				supports_tls=TRUE;
 
+			}
 
+		}
 
+
 
+		if(use_ssl && ! supports_tls){
 
+			printf(_("WARNING - TLS not supported by server\n"));
 
+			send (sd, SMTP_QUIT, strlen (SMTP_QUIT), 0);
 
+			return STATE_WARNING;
 
+		}
 
 
 #ifdef HAVE_SSL
 
 		if(use_ssl) {
 
@@ -192,11 +232,14 @@ main (int argc, char **argv)
 
 		  recv(sd,buffer, MAX_INPUT_BUFFER-1, 0); /* wait for it */
 
 		  if (!strstr (buffer, server_expect)) {
 
 		    printf (_("Server does not support STARTTLS\n"));
 
+		    send (sd, SMTP_QUIT, strlen (SMTP_QUIT), 0);
 
 		    return STATE_UNKNOWN;
 
 		  }
 
 		  if(connect_STARTTLS() != OK) {
 
 		    printf (_("CRITICAL - Cannot create SSL context.\n"));
 
 		    return STATE_CRITICAL;
 
+		  } else {
 
+			ssl_established = TRUE;
 
 		  }
 
 		  if ( check_cert ) {
 
 		    if ((server_cert = SSL_get_peer_certificate (ssl)) != NULL) {
 
@@ -333,6 +376,7 @@ process_arguments (int argc, char **argv)
 
 		{"timeout", required_argument, 0, 't'},
 
 		{"port", required_argument, 0, 'p'},
 
 		{"from", required_argument, 0, 'f'},
 
+		{"fqdn", required_argument, 0, 'F'},
 
 		{"command", required_argument, 0, 'C'},
 
 		{"response", required_argument, 0, 'R'},
 
 		{"nocommand", required_argument, 0, 'n'},
 
@@ -359,7 +403,7 @@ process_arguments (int argc, char **argv)
 
 	}
 
 
 	while (1) {
 
-		c = getopt_long (argc, argv, "+hVv46t:p:f:e:c:w:H:C:R:SD:",
 
+		c = getopt_long (argc, argv, "+hVv46t:p:f:e:c:w:H:C:R:SD:F:",
 
 		                 longopts, &option);
 
 
 		if (c == -1 || c == EOF)
 
@@ -380,6 +424,10 @@ process_arguments (int argc, char **argv)
 
 			else
 
 				usage4 (_("Port must be a positive integer"));
 
 			break;
 
+		case 'F':
 
+		/* localhostname */
 
+			localhostname = strdup(optarg);
 
+			break;
 
 		case 'f':									/* from argument */
 
 			from_arg = optarg;
 
 			smtp_use_dummycmd = 1;
 
@@ -439,6 +487,7 @@ process_arguments (int argc, char **argv)
 
 		case 'S':
 
 		/* starttls */
 
 			use_ssl = TRUE;
 
+			use_ehlo = TRUE;
 
 			break;
 
 		case 'D':
 
 		/* Check SSL cert validity */
 
@@ -581,7 +630,7 @@ connect_STARTTLS (void)
 
 
   /* Initialize SSL context */
 
   SSLeay_add_ssl_algorithms ();
 
-  meth = SSLv2_client_method ();
 
+  meth = SSLv23_client_method ();
 
   SSL_load_error_strings ();
 
   if ((ctx = SSL_CTX_new (meth)) == NULL)
 
     {
 
@@ -602,11 +651,6 @@ connect_STARTTLS (void)
 
     {
 
       printf (_("CRITICAL - Cannot initiate SSL handshake.\n"));
 
     }
 
-  /* this causes a seg faul
 
-     not sure why, being sloppy
 
-     and commenting it out */
 
-  /*  SSL_free (ssl); */
 
-  SSL_CTX_free(ctx);
 
   my_close();
 
   
   return STATE_CRITICAL;
 
@@ -708,7 +752,7 @@ int
 
 my_close (void)
 
 {
 
 #ifdef HAVE_SSL
 
-  if (use_ssl == TRUE) {
 
+  if (use_ssl == TRUE && ssl_established == TRUE) {
 
     SSL_shutdown (ssl);
 
     SSL_free (ssl);
 
     SSL_CTX_free (ctx);