summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'net-analyzer')
-rw-r--r--net-analyzer/nagios-plugins/files/check_smtp-implicit-tls.patch145
-rw-r--r--net-analyzer/nagios-plugins/nagios-plugins-2.3.3-r2.ebuild (renamed from net-analyzer/nagios-plugins/nagios-plugins-2.3.3-r1.ebuild)5
2 files changed, 149 insertions, 1 deletions
diff --git a/net-analyzer/nagios-plugins/files/check_smtp-implicit-tls.patch b/net-analyzer/nagios-plugins/files/check_smtp-implicit-tls.patch
new file mode 100644
index 000000000000..a0f30d2efdbf
--- /dev/null
+++ b/net-analyzer/nagios-plugins/files/check_smtp-implicit-tls.patch
@@ -0,0 +1,145 @@
+From 0a8cf08ebb0740aa55d6c60d3b79fcab282604fb Mon Sep 17 00:00:00 2001
+From: Franz Schwartau <franz@electromail.org>
+Date: Tue, 1 Sep 2020 12:48:51 +0200
+Subject: [PATCH 1/3] Add support for SMTP over TLS
+
+This is commonly used on smtps (465) port.
+
+PROXY protocol is not implemented with TLS in check_smtp.c, yet.
+---
+ plugins/check_smtp.c | 45 ++++++++++++++++++++++++++++++++++++--------
+ 1 file changed, 37 insertions(+), 8 deletions(-)
+
+diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
+index 0b1c54d4..d5923a6a 100644
+--- a/plugins/check_smtp.c
++++ b/plugins/check_smtp.c
+@@ -42,8 +42,8 @@ const char *email = "devel@nagios-plugins.org";
+ #ifdef HAVE_SSL
+ int check_cert = FALSE;
+ int days_till_exp_warn, days_till_exp_crit;
+-# define my_recv(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
+-# define my_send(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
++# define my_recv(buf, len) (((use_starttls || use_ssl) && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
++# define my_send(buf, len) (((use_starttls || use_ssl) && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
+ #else /* ifndef HAVE_SSL */
+ # define my_recv(buf, len) read(sd, buf, len)
+ # define my_send(buf, len) send(sd, buf, len, 0)
+@@ -107,6 +107,7 @@ double critical_time = 0;
+ int check_critical_time = FALSE;
+ int verbose = 0;
+ int use_ssl = FALSE;
++int use_starttls = FALSE;
+ int use_sni = FALSE;
+ short use_proxy_prefix = FALSE;
+ short use_ehlo = FALSE;
+@@ -199,12 +200,25 @@ main (int argc, char **argv)
+ result = my_tcp_connect (server_address, server_port, &sd);
+
+ if (result == STATE_OK) { /* we connected */
++#ifdef HAVE_SSL
++ if (use_ssl) {
++ result = np_net_ssl_init_with_hostname(sd, (use_sni ? server_address : NULL));
++ if (result != STATE_OK) {
++ printf (_("CRITICAL - Cannot create SSL context.\n"));
++ close(sd);
++ np_net_ssl_cleanup();
++ return STATE_CRITICAL;
++ } else {
++ ssl_established = 1;
++ }
++ }
++#endif
+
+ /* If requested, send PROXY header */
+ if (use_proxy_prefix) {
+ if (verbose)
+ printf ("Sending header %s\n", PROXY_PREFIX);
+- send(sd, PROXY_PREFIX, strlen(PROXY_PREFIX), 0);
++ my_send(PROXY_PREFIX, strlen(PROXY_PREFIX));
+ }
+
+ /* watch for the SMTP connection string and */
+@@ -230,7 +244,7 @@ main (int argc, char **argv)
+ }
+
+ /* send the HELO/EHLO command */
+- send(sd, helocmd, strlen(helocmd), 0);
++ my_send(helocmd, strlen(helocmd));
+
+ /* allow for response to helo command to reach us */
+ if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) {
+@@ -243,14 +257,14 @@ main (int argc, char **argv)
+ }
+ }
+
+- if(use_ssl && ! supports_tls){
++ if(use_starttls && ! supports_tls){
+ printf(_("WARNING - TLS not supported by server\n"));
+ smtp_quit();
+ return STATE_WARNING;
+ }
+
+ #ifdef HAVE_SSL
+- if(use_ssl) {
++ if(use_starttls) {
+ /* send the STARTTLS command */
+ send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0);
+
+@@ -495,6 +509,7 @@ process_arguments (int argc, char **argv)
+ {"use-ipv6", no_argument, 0, '6'},
+ {"help", no_argument, 0, 'h'},
+ {"lmtp", no_argument, 0, 'L'},
++ {"ssl", no_argument, 0, 's'},
+ {"starttls",no_argument,0,'S'},
+ {"sni", no_argument, 0, SNI_OPTION},
+ {"certificate",required_argument,0,'D'},
+@@ -516,7 +531,7 @@ process_arguments (int argc, char **argv)
+ }
+
+ while (1) {
+- c = getopt_long (argc, argv, "+hVv46Lrt:p:f:e:c:w:H:C:R:SD:F:A:U:P:q",
++ c = getopt_long (argc, argv, "+hVv46Lrt:p:f:e:c:w:H:C:R:sSD:F:A:U:P:q",
+ longopts, &option);
+
+ if (c == -1 || c == EOF)
+@@ -633,9 +648,13 @@ process_arguments (int argc, char **argv)
+ #else
+ usage (_("SSL support not available - install OpenSSL and recompile"));
+ #endif
++ case 's':
++ /* ssl */
++ use_ssl = TRUE;
++ break;
+ case 'S':
+ /* starttls */
+- use_ssl = TRUE;
++ use_starttls = TRUE;
+ use_ehlo = TRUE;
+ break;
+ case SNI_OPTION:
+@@ -694,6 +713,14 @@ process_arguments (int argc, char **argv)
+ if (from_arg==NULL)
+ from_arg = strdup(" ");
+
++ if (use_starttls && use_ssl) {
++ usage4 (_("Set either -s/--ssl or -S/--starttls"));
++ }
++
++ if (use_ssl && use_proxy_prefix) {
++ usage4 (_("PROXY protocol (-r/--proxy) is not implemented with SSL/TLS (-s/--ssl), yet."));
++ }
++
+ return validate_arguments ();
+ }
+
+@@ -851,6 +878,8 @@ print_help (void)
+ #ifdef HAVE_SSL
+ printf (" %s\n", "-D, --certificate=INTEGER[,INTEGER]");
+ printf (" %s\n", _("Minimum number of days a certificate has to be valid."));
++ printf (" %s\n", "-s, --ssl");
++ printf (" %s\n", _("Use SSL/TLS for the connection."));
+ printf (" %s\n", "-S, --starttls");
+ printf (" %s\n", _("Use STARTTLS for the connection."));
+ printf (" %s\n", "--sni");
+
diff --git a/net-analyzer/nagios-plugins/nagios-plugins-2.3.3-r1.ebuild b/net-analyzer/nagios-plugins/nagios-plugins-2.3.3-r2.ebuild
index 419243e3b736..959874004cb5 100644
--- a/net-analyzer/nagios-plugins/nagios-plugins-2.3.3-r1.ebuild
+++ b/net-analyzer/nagios-plugins/nagios-plugins-2.3.3-r2.ebuild
@@ -62,7 +62,10 @@ DOCS=(
THANKS
)
-PATCHES=( "${FILESDIR}/define-own-mysql-port-constant.patch" )
+PATCHES=(
+ "${FILESDIR}/define-own-mysql-port-constant.patch"
+ "${FILESDIR}/check_smtp-implicit-tls.patch"
+)
src_prepare() {
default