[Reconnoiter-devel] [reconnoiter commit] Reconnoiter branch, master, updated. a64139dcd7cce8a609a80ee6827795c4ee240da5
git at labs.omniti.com
git at labs.omniti.com
Fri Jan 27 16:31:03 EST 2012
Pushed by: jesus
The branch, master has been updated
via a64139dcd7cce8a609a80ee6827795c4ee240da5 (commit)
via b60d0a0a5c157f44f85f06584143de0ec35f4cf6 (commit)
via 3f101f068925bb2945f43579b29a13d33088a227 (commit)
from 92ea84fba40e491c2a29a0f6a1c94b6af12146d9 (commit)
Summary of changes:
docs/config/modules/noit.module.http.xml | 24 ++++++-
docs/config/modules/noit.module.smtp.xml | 112 ++++++++++++++++++++++++++++++
src/modules-lua/noit/module/smtp.lua | 87 +++++++++++++++++++++++
3 files changed, 222 insertions(+), 1 deletions(-)
Log:
commit a64139dcd7cce8a609a80ee6827795c4ee240da5
Author: Theo Schlossnagle <jesus at omniti.com>
Date: Fri Jan 27 16:31:01 2012 -0500
update docs from code
diff --git a/docs/config/modules/noit.module.http.xml b/docs/config/modules/noit.module.http.xml
index 54720ae..8a01426 100644
--- a/docs/config/modules/noit.module.http.xml
+++ b/docs/config/modules/noit.module.http.xml
@@ -343,7 +343,29 @@
</listitem>
</varlistentry>
</variablelist>
- <para>This regular expression is matched against the body of the response. If a match is not found, the check will be marked as "bad."</para>
+ <para>This regular expression is matched against the body of the response. If a match is not found, the check will be marked as "bad."</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ <variablelist>
+ <varlistentry>
+ <term>body_match_*</term>
+ <listitem>
+ <variablelist>
+ <varlistentry>
+ <term>required</term>
+ <listitem>
+ <para>optional</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>allowed</term>
+ <listitem>
+ <para>.+</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ <para>This regular expression is matched against the body of the response. If a match is found it is captured and added as a metric. For example, if setting is named 'body_match_foo_bar' and a match is found new metric called 'foo_bar' will be added.</para>
</listitem>
</varlistentry>
</variablelist>
diff --git a/docs/config/modules/noit.module.smtp.xml b/docs/config/modules/noit.module.smtp.xml
index 963bb66..dd554cd 100644
--- a/docs/config/modules/noit.module.smtp.xml
+++ b/docs/config/modules/noit.module.smtp.xml
@@ -271,6 +271,118 @@
</listitem>
</varlistentry>
</variablelist>
+ <variablelist>
+ <varlistentry>
+ <term>sasl_authentication</term>
+ <listitem>
+ <variablelist>
+ <varlistentry>
+ <term>required</term>
+ <listitem>
+ <para>optional</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>default</term>
+ <listitem>
+ <para>off</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>allowed</term>
+ <listitem>
+ <para>(?:off|login|plain)</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ <para>Specifies the type of SASL Authentication to use</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ <variablelist>
+ <varlistentry>
+ <term>sasl_user</term>
+ <listitem>
+ <variablelist>
+ <varlistentry>
+ <term>required</term>
+ <listitem>
+ <para>optional</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>default</term>
+ <listitem>
+ <para/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>allowed</term>
+ <listitem>
+ <para>.+</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ <para>The SASL Authentication username</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ <variablelist>
+ <varlistentry>
+ <term>sasl_password</term>
+ <listitem>
+ <variablelist>
+ <varlistentry>
+ <term>required</term>
+ <listitem>
+ <para>optional</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>default</term>
+ <listitem>
+ <para/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>allowed</term>
+ <listitem>
+ <para>.+</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ <para>The SASL Authentication password</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ <variablelist>
+ <varlistentry>
+ <term>sasl_auth_id</term>
+ <listitem>
+ <variablelist>
+ <varlistentry>
+ <term>required</term>
+ <listitem>
+ <para>optional</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>default</term>
+ <listitem>
+ <para/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>allowed</term>
+ <listitem>
+ <para>.+</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ <para>The SASL Authorization Identity</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
</section>
<example>
<title>Send an email to test SMTP service.</title>
commit b60d0a0a5c157f44f85f06584143de0ec35f4cf6
Merge: 92ea84f 3f101f0
Author: Theo Schlossnagle <jesus at lethargy.org>
Date: Fri Jan 27 13:27:43 2012 -0800
Merge pull request #49 from TheTeaWeevil/master
SASL SMTP Response Support
commit 3f101f068925bb2945f43579b29a13d33088a227
Author: Philip Maddox <pmaddox at circonus.com>
Date: Fri Jan 27 16:17:16 2012 -0500
Added support for reporting SASL responses for PLAIN and LOGIN commands
diff --git a/src/modules-lua/noit/module/smtp.lua b/src/modules-lua/noit/module/smtp.lua
index 0c21ef4..3b5d8ba 100644
--- a/src/modules-lua/noit/module/smtp.lua
+++ b/src/modules-lua/noit/module/smtp.lua
@@ -63,6 +63,22 @@ function onload(image)
<parameter name="ciphers"
required="optional"
allowed=".+">A list of ciphers to be used in the SSL protocol (for SSL checks).</parameter>
+ <parameter name="sasl_authentication"
+ required="optional"
+ default="off"
+ allowed="(?:off|login|plain)">Specifies the type of SASL Authentication to use</parameter>
+ <parameter name="sasl_user"
+ required="optional"
+ default=""
+ allowed=".+">The SASL Authentication username</parameter>
+ <parameter name="sasl_password"
+ required="optional"
+ default=""
+ allowed=".+">The SASL Authentication password</parameter>
+ <parameter name="sasl_auth_id"
+ required="optional"
+ default=""
+ allowed=".+">The SASL Authorization Identity</parameter>
</checkconfig>
<examples>
<example>
@@ -176,6 +192,67 @@ local function mkaction(e, check)
end
end
+local function mk_sasllogin(e, check)
+ return function (username, password)
+ local start_time = noit.timeval.now()
+ local actual_code = 0
+ local message = ""
+ local success = "true"
+ write_cmd(e, "AUTH LOGIN")
+ actual_code, message = read_cmd(e)
+ if actual_code ~= 334 then
+ success = "false"
+ end
+ if success == "true" then
+ write_cmd(e, username)
+ actual_code, message = read_cmd(e)
+ if actual_code ~= 334 then
+ success = "false"
+ end
+ end
+ if success == "true" then
+ write_cmd(e, password)
+ actual_code, message = read_cmd(e)
+ if actual_code ~= 235 then
+ success = "false"
+ end
+ end
+ local elapsed = noit.timeval.now() - start_time
+ local elapsed_ms = math.floor(tostring(elapsed) * 1000)
+ check.metric("sasl_login_time", elapsed_ms)
+ check.metric("sasl_login_success", success)
+ check.metric("sasl_login_response", message)
+ return success
+ end
+end
+
+local function mk_saslplain(e, check)
+ return function (cmd_string)
+ local start_time = noit.timeval.now()
+ local actual_code = 0
+ local message = ""
+ local success = "true"
+ write_cmd(e, "AUTH PLAIN")
+ actual_code, message = read_cmd(e)
+ if actual_code ~= 334 then
+ success = "false"
+ end
+ if success == "true" then
+ write_cmd(e, cmd_string)
+ actual_code, message = read_cmd(e)
+ if actual_code ~= 235 then
+ success = "false"
+ end
+ end
+ local elapsed = noit.timeval.now() - start_time
+ local elapsed_ms = math.floor(tostring(elapsed) * 1000)
+ check.metric("sasl_plain_time", elapsed_ms)
+ check.metric("sasl_plain_success", success)
+ check.metric("sasl_plain_response", message)
+ return success
+ end
+end
+
function initiate(module, check)
local starttime = noit.timeval.now()
local e = noit.socket(check.target_ip)
@@ -197,6 +274,8 @@ function initiate(module, check)
payload = payload:gsub("\n", "\r\n")
local status = 'connected'
local action = mkaction(e, check)
+ local sasl_login = mk_sasllogin(e, check)
+ local sasl_plain = mk_saslplain(e, check)
if not action("banner", nil, 220)
or not action("ehlo", ehlo, 250) then return end
@@ -224,6 +303,14 @@ function initiate(module, check)
if not action("ehlo", ehlo, 250) then return end
end
+ if check.config.sasl_authentication ~= nil then
+ if check.config.sasl_authentication == "login" then
+ sasl_login(noit.base64_encode(check.config.sasl_user or ""), noit.base64_encode(check.config.sasl_password or ""))
+ elseif check.config.sasl_authentication == "plain" then
+ sasl_plain(noit.base64_encode((check.config.sasl_auth_id or "") .. "\0" .. (check.config.sasl_user or "") .. "\0" .. (check.config.sasl_password or "")))
+ end
+ end
+
if action("mailfrom", mailfrom, 250)
and action("rcptto", rcptto, 250)
and action("data", "DATA", 354)
hooks/post-receive
--
Reconnoiter
More information about the Reconnoiter-devel
mailing list
