mirror of
https://github.com/monitoring-plugins/monitoring-plugins.git
synced 2026-03-02 13:20:54 -05:00
Resend EHLO after TLS negotiation as per RFC3207 (Holger Weiss - 1482832)
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1493 f882894a-f735-0410-b71e-b25c423dba1c
This commit is contained in:
Ton Voon
parent
caaf4be9b6
commit
d00a65f817
2 changed files with 69 additions and 20 deletions
|
|
@ -282,6 +282,35 @@ main (int argc, char **argv)
|
|||
} else {
|
||||
ssl_established = 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Resend the EHLO command.
|
||||
*
|
||||
* RFC 3207 (4.2) says: ``The client MUST discard any knowledge
|
||||
* obtained from the server, such as the list of SMTP service
|
||||
* extensions, which was not obtained from the TLS negotiation
|
||||
* itself. The client SHOULD send an EHLO command as the first
|
||||
* command after a successful TLS negotiation.'' For this
|
||||
* reason, some MTAs will not allow an AUTH LOGIN command before
|
||||
* we resent EHLO via TLS.
|
||||
*/
|
||||
if (my_send(helocmd, strlen(helocmd)) <= 0) {
|
||||
printf(_("SMTP UNKNOWN - Cannot send EHLO command via TLS.\n"));
|
||||
my_close();
|
||||
return STATE_UNKNOWN;
|
||||
}
|
||||
if (verbose)
|
||||
printf(_("sent %s"), helocmd);
|
||||
if ((n = my_recv(buffer, MAX_INPUT_BUFFER - 1)) <= 0) {
|
||||
printf(_("SMTP UNKNOWN - Cannot read EHLO response via TLS.\n"));
|
||||
my_close();
|
||||
return STATE_UNKNOWN;
|
||||
}
|
||||
if (verbose) {
|
||||
buffer[n] = '\0';
|
||||
printf("%s", buffer);
|
||||
}
|
||||
|
||||
# ifdef USE_OPENSSL
|
||||
if ( check_cert ) {
|
||||
result = np_net_ssl_check_cert(days_till_exp);
|
||||
|
|
@ -705,8 +734,8 @@ print_help (void)
|
|||
printf (_(UT_IPv46));
|
||||
|
||||
printf (" %s\n", "-e, --expect=STRING");
|
||||
printf (_("String to expect in first line of server response (default: '%s')"),SMTP_EXPECT);
|
||||
printf (" %s\n\n", "-n, nocommand\n");
|
||||
printf (_(" String to expect in first line of server response (default: '%s')\n"), SMTP_EXPECT);
|
||||
printf (" %s\n", "-n, nocommand");
|
||||
printf (" %s\n", _("Suppress SMTP command"));
|
||||
printf (" %s\n", "-C, --command=STRING");
|
||||
printf (" %s\n", _("SMTP command (may be used repeatedly)"));
|
||||
|
|
@ -734,6 +763,7 @@ print_help (void)
|
|||
|
||||
printf (_(UT_VERBOSE));
|
||||
|
||||
printf("\n");
|
||||
printf ("%s\n", _("Successul connects return STATE_OK, refusals and timeouts return"));
|
||||
printf ("%s\n", _("STATE_CRITICAL, other errors return STATE_UNKNOWN. Successful"));
|
||||
printf ("%s\n", _("connects, but incorrect reponse messages from the host result in"));
|
||||
|
|
|
|||
|
|
@ -6,29 +6,48 @@
|
|||
#
|
||||
|
||||
use strict;
|
||||
use Test;
|
||||
use Test::More;
|
||||
use NPTest;
|
||||
|
||||
use vars qw($tests);
|
||||
BEGIN {$tests = 5; plan tests => $tests}
|
||||
my $host_tcp_smtp = getTestParameter( "NP_HOST_TCP_SMTP",
|
||||
"A host providing an SMTP Service (a mail server)", "mailhost");
|
||||
|
||||
my $host_tcp_smtp = getTestParameter( "host_tcp_smtp", "NP_HOST_TCP_SMTP", "mailhost",
|
||||
"A host providing an STMP Service (a mail server)");
|
||||
my $host_nonresponsive = getTestParameter( "NP_HOST_NONRESPONSIVE",
|
||||
"The hostname of system not responsive to network requests", "10.0.0.1" );
|
||||
|
||||
my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1",
|
||||
"The hostname of system not responsive to network requests" );
|
||||
my $hostname_invalid = getTestParameter( "NP_HOSTNAME_INVALID",
|
||||
"An invalid (not known to DNS) hostname", "nosuchhost" );
|
||||
my $res;
|
||||
|
||||
my $hostname_invalid = getTestParameter( "hostname_invalid", "NP_HOSTNAME_INVALID", "nosuchhost",
|
||||
"An invalid (not known to DNS) hostname" );
|
||||
my %exceptions = ( 2 => "No SMTP Server present?" );
|
||||
plan tests => 8;
|
||||
|
||||
my $t;
|
||||
SKIP: {
|
||||
skip "No SMTP server defined", 3 unless $host_tcp_smtp;
|
||||
$res = NPTest->testCmd( "./check_smtp $host_tcp_smtp" );
|
||||
is ($res->return_code, 0, "OK");
|
||||
|
||||
$res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp -p 25 -w 9 -c 9 -t 10 -e 220" );
|
||||
is ($res->return_code, 0, "OK, within 9 second response");
|
||||
|
||||
$t += checkCmd( "./check_smtp $host_tcp_smtp", 0, undef, %exceptions );
|
||||
$t += checkCmd( "./check_smtp -H $host_tcp_smtp -p 25 -t 1 -w 9 -c 9 -t 10 -e 220", 0, undef, %exceptions );
|
||||
$t += checkCmd( "./check_smtp -H $host_tcp_smtp -p 25 -wt 9 -ct 9 -to 10 -e 220", 0, undef, %exceptions );
|
||||
$t += checkCmd( "./check_smtp $host_nonresponsive", 2 );
|
||||
$t += checkCmd( "./check_smtp $hostname_invalid", 3 );
|
||||
$res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp -p 25 -wt 9 -ct 9 -to 10 -e 220" );
|
||||
is ($res->return_code, 0, "OK, old syntax");
|
||||
|
||||
$res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp -e 221" );
|
||||
is ($res->return_code, 1, "WARNING - got correct error when expecting 221 instead of 220" );
|
||||
|
||||
TODO: {
|
||||
local $TODO = "Output is over two lines";
|
||||
like ( $res->output, qr/^SMTP WARNING/, "Correct error message" );
|
||||
}
|
||||
|
||||
# SSL connection
|
||||
$res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp -p 25 -S" );
|
||||
is ($res->return_code, 0, "OK, with STARTTLS" );
|
||||
}
|
||||
|
||||
$res = NPTest->testCmd( "./check_smtp $host_nonresponsive" );
|
||||
is ($res->return_code, 2, "CRITICAL - host non responding" );
|
||||
|
||||
$res = NPTest->testCmd( "./check_smtp $hostname_invalid" );
|
||||
is ($res->return_code, 3, "UNKNOWN - hostname invalid" );
|
||||
|
||||
exit(0) if defined($Test::Harness::VERSION);
|
||||
exit($tests - $t);
|
||||
|
|
|
|||
Loading…
Reference in a new issue