Resend EHLO after TLS negotiation as per RFC3207 (Holger Weiss - 1482832)

git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1493 f882894a-f735-0410-b71e-b25c423dba1c

plugins/check_smtp.c

@@ -282,6 +282,35 @@ main (int argc, char **argv)
 		  } else {
 			ssl_established = 1;
 		  }
+
+		/*
+		 * Resend the EHLO command.
+		 *
+		 * RFC 3207 (4.2) says: ``The client MUST discard any knowledge
+		 * obtained from the server, such as the list of SMTP service
+		 * extensions, which was not obtained from the TLS negotiation
+		 * itself.  The client SHOULD send an EHLO command as the first
+		 * command after a successful TLS negotiation.''  For this
+		 * reason, some MTAs will not allow an AUTH LOGIN command before
+		 * we resent EHLO via TLS.
+		 */
+		if (my_send(helocmd, strlen(helocmd)) <= 0) {
+			printf(_("SMTP UNKNOWN - Cannot send EHLO command via TLS.\n"));
+			my_close();
+			return STATE_UNKNOWN;
+		}
+		if (verbose)
+			printf(_("sent %s"), helocmd);
+		if ((n = my_recv(buffer, MAX_INPUT_BUFFER - 1)) <= 0) {
+			printf(_("SMTP UNKNOWN - Cannot read EHLO response via TLS.\n"));
+			my_close();
+			return STATE_UNKNOWN;
+		}
+		if (verbose) {
+			buffer[n] = '\0';
+			printf("%s", buffer);
+		}
+
 #  ifdef USE_OPENSSL
 		  if ( check_cert ) {
 		    result = np_net_ssl_check_cert(days_till_exp);
@@ -705,8 +734,8 @@ print_help (void)
 	printf (_(UT_IPv46));
 
 	printf (" %s\n", "-e, --expect=STRING");
-  printf (_("String to expect in first line of server response (default: '%s')"),SMTP_EXPECT);
-  printf (" %s\n\n", "-n, nocommand\n");
+  printf (_("    String to expect in first line of server response (default: '%s')\n"), SMTP_EXPECT);
+  printf (" %s\n", "-n, nocommand");
   printf ("    %s\n", _("Suppress SMTP command"));
   printf (" %s\n", "-C, --command=STRING");
   printf ("    %s\n", _("SMTP command (may be used repeatedly)"));
@@ -734,6 +763,7 @@ print_help (void)
 
 	printf (_(UT_VERBOSE));
 
+	printf("\n");
 	printf ("%s\n", _("Successul connects return STATE_OK, refusals and timeouts return"));
   printf ("%s\n", _("STATE_CRITICAL, other errors return STATE_UNKNOWN.  Successful"));
   printf ("%s\n", _("connects, but incorrect reponse messages from the host result in"));

plugins/t/check_smtp.t

@@ -6,29 +6,48 @@
 #
 
 use strict;
-use Test;
+use Test::More;
 use NPTest;
 
-use vars qw($tests);
-BEGIN {$tests = 5; plan tests => $tests}
+my $host_tcp_smtp      = getTestParameter( "NP_HOST_TCP_SMTP", 
+					   "A host providing an SMTP Service (a mail server)", "mailhost");
 
-my $host_tcp_smtp      = getTestParameter( "host_tcp_smtp",      "NP_HOST_TCP_SMTP",      "mailhost",
-					   "A host providing an STMP Service (a mail server)");
+my $host_nonresponsive = getTestParameter( "NP_HOST_NONRESPONSIVE", 
+					   "The hostname of system not responsive to network requests", "10.0.0.1" );
 
-my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1",
-					   "The hostname of system not responsive to network requests" );
+my $hostname_invalid   = getTestParameter( "NP_HOSTNAME_INVALID",   
+                                           "An invalid (not known to DNS) hostname", "nosuchhost" );
+my $res;
 
-my $hostname_invalid   = getTestParameter( "hostname_invalid",   "NP_HOSTNAME_INVALID",   "nosuchhost",
-                                           "An invalid (not known to DNS) hostname" );
-my %exceptions = ( 2 => "No SMTP Server present?" );
+plan tests => 8;
 
-my $t;
+SKIP: {
+	skip "No SMTP server defined", 3 unless $host_tcp_smtp;
+	$res = NPTest->testCmd( "./check_smtp $host_tcp_smtp" );
+	is ($res->return_code, 0, "OK");
+	
+	$res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp -p 25 -w 9 -c 9 -t 10 -e 220" );
+	is ($res->return_code, 0, "OK, within 9 second response");
 
-$t += checkCmd( "./check_smtp    $host_tcp_smtp",                                   0, undef, %exceptions );
-$t += checkCmd( "./check_smtp -H $host_tcp_smtp -p 25 -t 1 -w 9 -c 9 -t 10 -e 220", 0, undef, %exceptions );
-$t += checkCmd( "./check_smtp -H $host_tcp_smtp -p 25 -wt 9 -ct 9 -to 10 -e 220",   0, undef, %exceptions );
-$t += checkCmd( "./check_smtp    $host_nonresponsive", 2 );
-$t += checkCmd( "./check_smtp    $hostname_invalid",   3 );
+	$res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp -p 25 -wt 9 -ct 9 -to 10 -e 220" );
+	is ($res->return_code, 0, "OK, old syntax");
+
+	$res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp -e 221" );
+	is ($res->return_code, 1, "WARNING - got correct error when expecting 221 instead of 220" );
+
+	TODO: {
+		local $TODO = "Output is over two lines";
+		like ( $res->output, qr/^SMTP WARNING/, "Correct error message" );
+	}
+
+	# SSL connection
+	$res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp -p 25 -S" );
+	is ($res->return_code, 0, "OK, with STARTTLS" );
+}
+
+$res = NPTest->testCmd( "./check_smtp $host_nonresponsive" );
+is ($res->return_code, 2, "CRITICAL - host non responding" );
+
+$res = NPTest->testCmd( "./check_smtp $hostname_invalid" );
+is ($res->return_code, 3, "UNKNOWN - hostname invalid" );
 
-exit(0) if defined($Test::Harness::VERSION);
-exit($tests - $t);