diff options
Diffstat (limited to 'net-analyzer/nagios-plugins/files/check_smtp-implicit-tls.patch')
| -rw-r--r-- | net-analyzer/nagios-plugins/files/check_smtp-implicit-tls.patch | 145 |
1 files changed, 145 insertions, 0 deletions
diff --git a/net-analyzer/nagios-plugins/files/check_smtp-implicit-tls.patch b/net-analyzer/nagios-plugins/files/check_smtp-implicit-tls.patch new file mode 100644 index 000000000000..a0f30d2efdbf --- /dev/null +++ b/net-analyzer/nagios-plugins/files/check_smtp-implicit-tls.patch @@ -0,0 +1,145 @@ +From 0a8cf08ebb0740aa55d6c60d3b79fcab282604fb Mon Sep 17 00:00:00 2001 +From: Franz Schwartau <franz@electromail.org> +Date: Tue, 1 Sep 2020 12:48:51 +0200 +Subject: [PATCH 1/3] Add support for SMTP over TLS + +This is commonly used on smtps (465) port. + +PROXY protocol is not implemented with TLS in check_smtp.c, yet. +--- + plugins/check_smtp.c | 45 ++++++++++++++++++++++++++++++++++++-------- + 1 file changed, 37 insertions(+), 8 deletions(-) + +diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c +index 0b1c54d4..d5923a6a 100644 +--- a/plugins/check_smtp.c ++++ b/plugins/check_smtp.c +@@ -42,8 +42,8 @@ const char *email = "devel@nagios-plugins.org"; + #ifdef HAVE_SSL + int check_cert = FALSE; + int days_till_exp_warn, days_till_exp_crit; +-# define my_recv(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) +-# define my_send(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0)) ++# define my_recv(buf, len) (((use_starttls || use_ssl) && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len)) ++# define my_send(buf, len) (((use_starttls || use_ssl) && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0)) + #else /* ifndef HAVE_SSL */ + # define my_recv(buf, len) read(sd, buf, len) + # define my_send(buf, len) send(sd, buf, len, 0) +@@ -107,6 +107,7 @@ double critical_time = 0; + int check_critical_time = FALSE; + int verbose = 0; + int use_ssl = FALSE; ++int use_starttls = FALSE; + int use_sni = FALSE; + short use_proxy_prefix = FALSE; + short use_ehlo = FALSE; +@@ -199,12 +200,25 @@ main (int argc, char **argv) + result = my_tcp_connect (server_address, server_port, &sd); + + if (result == STATE_OK) { /* we connected */ ++#ifdef HAVE_SSL ++ if (use_ssl) { ++ result = np_net_ssl_init_with_hostname(sd, (use_sni ? server_address : NULL)); ++ if (result != STATE_OK) { ++ printf (_("CRITICAL - Cannot create SSL context.\n")); ++ close(sd); ++ np_net_ssl_cleanup(); ++ return STATE_CRITICAL; ++ } else { ++ ssl_established = 1; ++ } ++ } ++#endif + + /* If requested, send PROXY header */ + if (use_proxy_prefix) { + if (verbose) + printf ("Sending header %s\n", PROXY_PREFIX); +- send(sd, PROXY_PREFIX, strlen(PROXY_PREFIX), 0); ++ my_send(PROXY_PREFIX, strlen(PROXY_PREFIX)); + } + + /* watch for the SMTP connection string and */ +@@ -230,7 +244,7 @@ main (int argc, char **argv) + } + + /* send the HELO/EHLO command */ +- send(sd, helocmd, strlen(helocmd), 0); ++ my_send(helocmd, strlen(helocmd)); + + /* allow for response to helo command to reach us */ + if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) { +@@ -243,14 +257,14 @@ main (int argc, char **argv) + } + } + +- if(use_ssl && ! supports_tls){ ++ if(use_starttls && ! supports_tls){ + printf(_("WARNING - TLS not supported by server\n")); + smtp_quit(); + return STATE_WARNING; + } + + #ifdef HAVE_SSL +- if(use_ssl) { ++ if(use_starttls) { + /* send the STARTTLS command */ + send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0); + +@@ -495,6 +509,7 @@ process_arguments (int argc, char **argv) + {"use-ipv6", no_argument, 0, '6'}, + {"help", no_argument, 0, 'h'}, + {"lmtp", no_argument, 0, 'L'}, ++ {"ssl", no_argument, 0, 's'}, + {"starttls",no_argument,0,'S'}, + {"sni", no_argument, 0, SNI_OPTION}, + {"certificate",required_argument,0,'D'}, +@@ -516,7 +531,7 @@ process_arguments (int argc, char **argv) + } + + while (1) { +- c = getopt_long (argc, argv, "+hVv46Lrt:p:f:e:c:w:H:C:R:SD:F:A:U:P:q", ++ c = getopt_long (argc, argv, "+hVv46Lrt:p:f:e:c:w:H:C:R:sSD:F:A:U:P:q", + longopts, &option); + + if (c == -1 || c == EOF) +@@ -633,9 +648,13 @@ process_arguments (int argc, char **argv) + #else + usage (_("SSL support not available - install OpenSSL and recompile")); + #endif ++ case 's': ++ /* ssl */ ++ use_ssl = TRUE; ++ break; + case 'S': + /* starttls */ +- use_ssl = TRUE; ++ use_starttls = TRUE; + use_ehlo = TRUE; + break; + case SNI_OPTION: +@@ -694,6 +713,14 @@ process_arguments (int argc, char **argv) + if (from_arg==NULL) + from_arg = strdup(" "); + ++ if (use_starttls && use_ssl) { ++ usage4 (_("Set either -s/--ssl or -S/--starttls")); ++ } ++ ++ if (use_ssl && use_proxy_prefix) { ++ usage4 (_("PROXY protocol (-r/--proxy) is not implemented with SSL/TLS (-s/--ssl), yet.")); ++ } ++ + return validate_arguments (); + } + +@@ -851,6 +878,8 @@ print_help (void) + #ifdef HAVE_SSL + printf (" %s\n", "-D, --certificate=INTEGER[,INTEGER]"); + printf (" %s\n", _("Minimum number of days a certificate has to be valid.")); ++ printf (" %s\n", "-s, --ssl"); ++ printf (" %s\n", _("Use SSL/TLS for the connection.")); + printf (" %s\n", "-S, --starttls"); + printf (" %s\n", _("Use STARTTLS for the connection.")); + printf (" %s\n", "--sni"); + |