root/src/modules-lua/noit/module/smtp.lua

Revision b553f9a4d73487ee85e5cfedf2cd67352b4d5e6b, 7.9 kB (checked in by Theo Schlossnagle <jesus@omniti.com>, 3 years ago)

refs #340

This is a rather major change. Targets can now be hostnames in addition
to IP addresses so long as //checks/@resolve_targets is not false.

If a target is entered that does not look like an IP (inet_pton fails)
then the check is marked as needing resolution NP_RESOLVE.

A passive look-aside dns cache has been implemented in noit_check_resolver.c
that is used to power the whole system and some reasonably simply console
command have been provided:

show dns_cache [fqdn1 [fqdn2]] -- shows the state
dns_cache <fqdn> [fqdn2 [fqdn3]] -- submits for lookup
no dns_cache <fqdn> [fqdn2 [fqdn3]] -- purges from cache

The big change is that modules that relied on check->target to be an IP
address are going to explode when names are provided. Instead, modules
should now use target for the provided target (possibly a FQDN) and use
target_ip (check->target_ip or check.target_ip) for a resolved IP address
and also check for the case of empty string: (check->target_ip[0] == '\0')
for the case that resolution has failed. In lua, the target_ip will be
presented as nil in the case of failed name resolution.

I believe I've updated all necessary components of the system for this to
"just work" but people that have implemented their own check should update
them before they elect to use non-IP addresses as targets.

The dns subsystem supports both IPv4 and IPv6, but currently prefers IPv4
addresses if any are present.

  • Property mode set to 100644
Line 
1 -- Copyright (c) 2008, OmniTI Computer Consulting, Inc.
2 -- All rights reserved.
3 --
4 -- Redistribution and use in source and binary forms, with or without
5 -- modification, are permitted provided that the following conditions are
6 -- met:
7 --
8 --     * Redistributions of source code must retain the above copyright
9 --       notice, this list of conditions and the following disclaimer.
10 --     * Redistributions in binary form must reproduce the above
11 --       copyright notice, this list of conditions and the following
12 --       disclaimer in the documentation and/or other materials provided
13 --       with the distribution.
14 --     * Neither the name OmniTI Computer Consulting, Inc. nor the names
15 --       of its contributors may be used to endorse or promote products
16 --       derived from this software without specific prior written
17 --       permission.
18 --
19 -- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20 -- "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21 -- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
22 -- A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
23 -- OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
24 -- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
25 -- LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26 -- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27 -- THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 -- (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 -- OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30
31 module(..., package.seeall)
32
33 function onload(image)
34   image.xml_description([=[
35 <module>
36   <name>smtp</name>
37   <description><para>Send an email via an SMTP server.</para></description>
38   <loader>lua</loader>
39   <object>noit.module.smtp</object>
40   <moduleconfig />
41   <checkconfig>
42     <parameter name="port" required="optional" default="25"
43                allowed="\d+">Specifies the TCP port to connect to.</parameter>
44     <parameter name="ehlo" required="optional" default="noit.local"
45                allowed=".+">Specifies the EHLO parameter.</parameter>
46     <parameter name="from" required="optional" default=""
47                allowed=".+">Specifies the envelope sender.</parameter>
48     <parameter name="to" required="required"
49                allowed=".+">Specifies the envelope recipient.</parameter>
50     <parameter name="payload" required="optional" default="Subject: Testing"
51                allowed=".+">Specifies the payload sent (on the wire). CR LF DOT CR LF is appended automatically.</parameter>
52     <parameter name="starttls" required="optional" default="false"
53                allowed="(?:true|false)">Specified if the client should attempt a STARTTLS upgrade</parameter>
54     <parameter name="ca_chain"
55                required="optional"
56                allowed=".+">A path to a file containing all the certificate authorities that should be loaded to validate the remote certificate (for SSL checks).</parameter>
57     <parameter name="certificate_file"
58                required="optional"
59                allowed=".+">A path to a file containing the client certificate that will be presented to the remote server (for SSL checks).</parameter>
60     <parameter name="key_file"
61                required="optional"
62                allowed=".+">A path to a file containing key to be used in conjunction with the cilent certificate (for SSL checks).</parameter>
63     <parameter name="ciphers"
64                required="optional"
65                allowed=".+">A list of ciphers to be used in the SSL protocol (for SSL checks).</parameter>
66   </checkconfig>
67   <examples>
68     <example>
69       <title>Send an email to test SMTP service.</title>
70       <para>The following example sends an email via 10.80.117.6 from test@omniti.com to devnull@omniti.com</para>
71       <programlisting><![CDATA[
72       <noit>
73         <modules>
74           <loader image="lua" name="lua">
75             <config><directory>/opt/reconnoiter/libexec/modules-lua/?.lua</directory></config>
76           </loader>
77           <module loader="lua" name="smtp" object="noit.module.smtp"/>
78         </modules>
79         <checks>
80           <check uuid="2d42adbc-7c7a-11dd-a48f-4f59e0b654d3" module="smtp" target="10.80.117.6">
81             <config>
82               <from>test@omniti.com</from>
83               <to>devnull@omniti.com</to>
84             </config>
85           </check>
86         </checks>
87       </noit>
88       ]]></programlisting>
89     </example>
90   </examples>
91 </module>
92 ]=]);
93   return 0
94 end
95
96 function init(module)
97   return 0
98 end
99
100 function config(module, options)
101   return 0
102 end
103
104 local function read_cmd(e)
105   local final_status, out
106   final_status, out = 0, ""
107   repeat
108     local str = e:read("\r\n")
109     local status, c, message = string.match(str, "^(%d+)([-%s])(.+)$")
110     if not status then
111       return 421, "[internal error]"
112     end
113     final_status = status
114     if string.len(out) > 0 then
115       out = string.format( "%s %s", out, message)
116     else
117       out = message
118     end
119   until c ~= "-"
120   return (final_status+0), out
121 end
122
123 local function write_cmd(e, cmd)
124   e:write(cmd);
125   e:write("\r\n");
126 end
127
128 local function mkaction(e, check)
129   return function (phase, tosend, expected_code)
130     local start_time = noit.timeval.now()
131     local success = true
132     if tosend then
133       write_cmd(e, tosend)
134     end
135     local actual_code, message = read_cmd(e)
136     if expected_code ~= actual_code then
137       check.status(string.format("%d/%d %s", expected_code, actual_code, message))
138       check.bad()
139       success = false
140     else
141       check.available()
142     end
143     local elapsed = noit.timeval.now() - start_time
144     local elapsed_ms = math.floor(tostring(elapsed) * 1000)
145     check.metric(phase .. "_time",  elapsed_ms)
146     return success
147   end
148 end
149
150 function initiate(module, check)
151   local starttime = noit.timeval.now()
152   local e = noit.socket()
153   local rv, err = e:connect(check.target_ip, check.config.port or 25)
154   check.unavailable()
155
156   if rv ~= 0 then
157     check.bad()
158     check.status(err or message or "no connection")
159     return
160   end
161
162   local try_starttls = check.config.starttls == "true" or check.config.starttls == "on"
163   local good = true
164   local ehlo = string.format("EHLO %s", check.config.ehlo or "noit.local")
165   local mailfrom = string.format("MAIL FROM:<%s>", check.config.from or "")
166   local rcptto = string.format("RCPT TO:<%s>", check.config.to)
167   local payload = check.config.payload or "Subject: Test\n\nHello."
168   payload = payload:gsub("\n", "\r\n")
169   local status = 'connected'
170   local action = mkaction(e, check)
171
172   if     not action("banner", nil, 220)
173       or not action("ehlo", ehlo, 250) then return end
174
175   if try_starttls then
176     local starttls  = action("starttls", "STARTTLS", 220)
177     e:ssl_upgrade_socket(check.config.certificate_file, check.config.key_file,
178                          check.config.ca_chain, check.config.ciphers)
179
180     local ssl_ctx = e:ssl_ctx()
181     if ssl_ctx ~= nil then
182       if ssl_ctx.error ~= nil then status = status .. ',sslerror' end
183       check.metric_string("cert_error", ssl_ctx.error)
184       check.metric_string("cert_issuer", ssl_ctx.issuer)
185       check.metric_string("cert_subject", ssl_ctx.subject)
186       check.metric_uint32("cert_start", ssl_ctx.start_time)
187       check.metric_uint32("cert_end", ssl_ctx.end_time)
188       check.metric_uint32("cert_end_in", ssl_ctx.end_time - os.time())
189       if noit.timeval.seconds(starttime) > ssl_ctx.end_time then
190         good = false
191         status = status .. ',ssl=expired'
192       end
193     end
194
195     if not action("ehlo", ehlo, 250) then return end
196   end
197
198   if     action("mailfrom", mailfrom, 250)
199      and action("rcptto", rcptto, 250)
200      and action("data", "DATA", 354)
201      and action("body", payload .. "\r\n.", 250)
202      and action("quit", "QUIT", 221)
203   then
204     status = status .. ',sent'
205   else
206     return
207   end
208   check.status(status)
209   if good then check.good() end
210
211   local elapsed = noit.timeval.now() - starttime
212   local elapsed_ms = math.floor(tostring(elapsed) * 1000)
213   check.metric("duration",  elapsed_ms)
214 end
215
Note: See TracBrowser for help on using the browser.