[Reconnoiter-devel] [reconnoiter commit] Reconnoiter branch, master, updated. a64139dcd7cce8a609a80ee6827795c4ee240da5

git at labs.omniti.com git at labs.omniti.com
Fri Jan 27 16:31:03 EST 2012


Pushed by: jesus
The branch, master has been updated
       via  a64139dcd7cce8a609a80ee6827795c4ee240da5 (commit)
       via  b60d0a0a5c157f44f85f06584143de0ec35f4cf6 (commit)
       via  3f101f068925bb2945f43579b29a13d33088a227 (commit)
      from  92ea84fba40e491c2a29a0f6a1c94b6af12146d9 (commit)

Summary of changes:
 docs/config/modules/noit.module.http.xml |   24 ++++++-
 docs/config/modules/noit.module.smtp.xml |  112 ++++++++++++++++++++++++++++++
 src/modules-lua/noit/module/smtp.lua     |   87 +++++++++++++++++++++++
 3 files changed, 222 insertions(+), 1 deletions(-)

Log:
commit a64139dcd7cce8a609a80ee6827795c4ee240da5
Author: Theo Schlossnagle <jesus at omniti.com>
Date:   Fri Jan 27 16:31:01 2012 -0500

    update docs from code

diff --git a/docs/config/modules/noit.module.http.xml b/docs/config/modules/noit.module.http.xml
index 54720ae..8a01426 100644
--- a/docs/config/modules/noit.module.http.xml
+++ b/docs/config/modules/noit.module.http.xml
@@ -343,7 +343,29 @@
               </listitem>
             </varlistentry>
           </variablelist>
-          <para>This regular expression is matched against the body of the response.  If a match is not found, the check will be marked as "bad."</para>
+          <para>This regular expression is matched against the body of the response. If a match is not found, the check will be marked as "bad."</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+    <variablelist>
+      <varlistentry>
+        <term>body_match_*</term>
+        <listitem>
+          <variablelist>
+            <varlistentry>
+              <term>required</term>
+              <listitem>
+                <para>optional</para>
+              </listitem>
+            </varlistentry>
+            <varlistentry>
+              <term>allowed</term>
+              <listitem>
+                <para>.+</para>
+              </listitem>
+            </varlistentry>
+          </variablelist>
+          <para>This regular expression is matched against the body of the response. If a match is found it is captured and added as a metric. For example, if setting is named 'body_match_foo_bar' and a match is found new metric called 'foo_bar' will be added.</para>
         </listitem>
       </varlistentry>
     </variablelist>
diff --git a/docs/config/modules/noit.module.smtp.xml b/docs/config/modules/noit.module.smtp.xml
index 963bb66..dd554cd 100644
--- a/docs/config/modules/noit.module.smtp.xml
+++ b/docs/config/modules/noit.module.smtp.xml
@@ -271,6 +271,118 @@
         </listitem>
       </varlistentry>
     </variablelist>
+    <variablelist>
+      <varlistentry>
+        <term>sasl_authentication</term>
+        <listitem>
+          <variablelist>
+            <varlistentry>
+              <term>required</term>
+              <listitem>
+                <para>optional</para>
+              </listitem>
+            </varlistentry>
+            <varlistentry>
+              <term>default</term>
+              <listitem>
+                <para>off</para>
+              </listitem>
+            </varlistentry>
+            <varlistentry>
+              <term>allowed</term>
+              <listitem>
+                <para>(?:off|login|plain)</para>
+              </listitem>
+            </varlistentry>
+          </variablelist>
+          <para>Specifies the type of SASL Authentication to use</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+    <variablelist>
+      <varlistentry>
+        <term>sasl_user</term>
+        <listitem>
+          <variablelist>
+            <varlistentry>
+              <term>required</term>
+              <listitem>
+                <para>optional</para>
+              </listitem>
+            </varlistentry>
+            <varlistentry>
+              <term>default</term>
+              <listitem>
+                <para/>
+              </listitem>
+            </varlistentry>
+            <varlistentry>
+              <term>allowed</term>
+              <listitem>
+                <para>.+</para>
+              </listitem>
+            </varlistentry>
+          </variablelist>
+          <para>The SASL Authentication username</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+    <variablelist>
+      <varlistentry>
+        <term>sasl_password</term>
+        <listitem>
+          <variablelist>
+            <varlistentry>
+              <term>required</term>
+              <listitem>
+                <para>optional</para>
+              </listitem>
+            </varlistentry>
+            <varlistentry>
+              <term>default</term>
+              <listitem>
+                <para/>
+              </listitem>
+            </varlistentry>
+            <varlistentry>
+              <term>allowed</term>
+              <listitem>
+                <para>.+</para>
+              </listitem>
+            </varlistentry>
+          </variablelist>
+          <para>The SASL Authentication password</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+    <variablelist>
+      <varlistentry>
+        <term>sasl_auth_id</term>
+        <listitem>
+          <variablelist>
+            <varlistentry>
+              <term>required</term>
+              <listitem>
+                <para>optional</para>
+              </listitem>
+            </varlistentry>
+            <varlistentry>
+              <term>default</term>
+              <listitem>
+                <para/>
+              </listitem>
+            </varlistentry>
+            <varlistentry>
+              <term>allowed</term>
+              <listitem>
+                <para>.+</para>
+              </listitem>
+            </varlistentry>
+          </variablelist>
+          <para>The SASL Authorization Identity</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
   </section>
   <example>
     <title>Send an email to test SMTP service.</title>

commit b60d0a0a5c157f44f85f06584143de0ec35f4cf6
Merge: 92ea84f 3f101f0
Author: Theo Schlossnagle <jesus at lethargy.org>
Date:   Fri Jan 27 13:27:43 2012 -0800

    Merge pull request #49 from TheTeaWeevil/master
    
    SASL SMTP Response Support


commit 3f101f068925bb2945f43579b29a13d33088a227
Author: Philip Maddox <pmaddox at circonus.com>
Date:   Fri Jan 27 16:17:16 2012 -0500

    Added support for reporting SASL responses for PLAIN and LOGIN commands

diff --git a/src/modules-lua/noit/module/smtp.lua b/src/modules-lua/noit/module/smtp.lua
index 0c21ef4..3b5d8ba 100644
--- a/src/modules-lua/noit/module/smtp.lua
+++ b/src/modules-lua/noit/module/smtp.lua
@@ -63,6 +63,22 @@ function onload(image)
     <parameter name="ciphers"
                required="optional"
                allowed=".+">A list of ciphers to be used in the SSL protocol (for SSL checks).</parameter>
+    <parameter name="sasl_authentication"
+               required="optional"
+               default="off"
+               allowed="(?:off|login|plain)">Specifies the type of SASL Authentication to use</parameter>
+    <parameter name="sasl_user"
+               required="optional"
+               default=""
+               allowed=".+">The SASL Authentication username</parameter>
+    <parameter name="sasl_password"
+               required="optional"
+               default=""
+               allowed=".+">The SASL Authentication password</parameter>
+    <parameter name="sasl_auth_id"
+               required="optional"
+               default=""
+               allowed=".+">The SASL Authorization Identity</parameter>
   </checkconfig>
   <examples>
     <example>
@@ -176,6 +192,67 @@ local function mkaction(e, check)
   end
 end
 
+local function mk_sasllogin(e, check)
+  return function (username, password) 
+    local start_time = noit.timeval.now()
+    local actual_code = 0
+    local message = ""
+    local success = "true"
+    write_cmd(e, "AUTH LOGIN")
+    actual_code, message = read_cmd(e)
+    if actual_code ~= 334 then
+      success = "false"
+    end
+    if success == "true" then
+      write_cmd(e, username)
+      actual_code, message = read_cmd(e)
+      if actual_code ~= 334 then
+        success = "false"
+      end
+    end
+    if success == "true" then
+      write_cmd(e, password)
+      actual_code, message = read_cmd(e)
+      if actual_code ~= 235 then
+        success = "false"
+      end
+    end
+    local elapsed = noit.timeval.now() - start_time
+    local elapsed_ms = math.floor(tostring(elapsed) * 1000)
+    check.metric("sasl_login_time",  elapsed_ms)
+    check.metric("sasl_login_success", success)
+    check.metric("sasl_login_response", message)
+    return success
+  end
+end
+
+local function mk_saslplain(e, check)
+  return function (cmd_string)
+    local start_time = noit.timeval.now()
+    local actual_code = 0
+    local message = ""
+    local success = "true"
+    write_cmd(e, "AUTH PLAIN")
+    actual_code, message = read_cmd(e)
+    if actual_code ~= 334 then
+      success = "false"
+    end
+    if success == "true" then
+      write_cmd(e, cmd_string)
+      actual_code, message = read_cmd(e)
+      if actual_code ~= 235 then
+        success = "false"
+      end
+    end
+    local elapsed = noit.timeval.now() - start_time
+    local elapsed_ms = math.floor(tostring(elapsed) * 1000)
+    check.metric("sasl_plain_time",  elapsed_ms)
+    check.metric("sasl_plain_success", success)
+    check.metric("sasl_plain_response", message)
+    return success
+  end
+end
+
 function initiate(module, check)
   local starttime = noit.timeval.now()
   local e = noit.socket(check.target_ip)
@@ -197,6 +274,8 @@ function initiate(module, check)
   payload = payload:gsub("\n", "\r\n")
   local status = 'connected'
   local action = mkaction(e, check)
+  local sasl_login = mk_sasllogin(e, check)
+  local sasl_plain = mk_saslplain(e, check)
 
   if     not action("banner", nil, 220)
       or not action("ehlo", ehlo, 250) then return end
@@ -224,6 +303,14 @@ function initiate(module, check)
     if not action("ehlo", ehlo, 250) then return end
   end
 
+  if check.config.sasl_authentication ~= nil then
+    if check.config.sasl_authentication == "login" then
+      sasl_login(noit.base64_encode(check.config.sasl_user or ""), noit.base64_encode(check.config.sasl_password or ""))
+    elseif check.config.sasl_authentication == "plain" then
+      sasl_plain(noit.base64_encode((check.config.sasl_auth_id or "") .. "\0" .. (check.config.sasl_user or "") .. "\0" .. (check.config.sasl_password or "")))
+    end
+  end
+
   if     action("mailfrom", mailfrom, 250)
      and action("rcptto", rcptto, 250)
      and action("data", "DATA", 354)




hooks/post-receive
-- 
Reconnoiter


More information about the Reconnoiter-devel mailing list