net-analyzer/nagios-plugins: new revision with check_smtp TLS support.

This commit adds a new revision with a patch corresponding to upstream pull request 565. The pull request is approved, but has not been merged yet. It's goal is to add implicit TLS support to the check_smtp plugin (using the --ssl flag), for use on e.g. port 465 which is now a standard configuration. I've pruned the translation updates out of the patch to save space. Package-Manager: Portage-3.0.20, Repoman-3.0.2 Signed-off-by: Michael Orlitzky <mjo@gentoo.org>
author: Michael Orlitzky <mjo@gentoo.org> 2021-08-16 10:50:03 -0400
committer: Michael Orlitzky <mjo@gentoo.org> 2021-08-16 10:50:19 -0400
commit: 9bc1f6373e65832c98354b93d0ae57099da9c79c (patch)
tree: 8214318a80ce2e1c66dc27b32876554cbdc97d67 /net-analyzer
parent: dev-python/redis-py: remove second instance ALLARCHES (diff)
download: gentoo-9bc1f6373e65832c98354b93d0ae57099da9c79c.tar.gz
gentoo-9bc1f6373e65832c98354b93d0ae57099da9c79c.tar.bz2
gentoo-9bc1f6373e65832c98354b93d0ae57099da9c79c.zip
2 files changed, 149 insertions, 1 deletions
diff --git a/net-analyzer/nagios-plugins/files/check_smtp-implicit-tls.patch b/net-analyzer/nagios-plugins/files/check_smtp-implicit-tls.patch
new file mode 100644
index 000000000000..a0f30d2efdbf
--- /dev/null
+++ b/net-analyzer/nagios-plugins/files/check_smtp-implicit-tls.patch
@@ -0,0 +1,145 @@
+From 0a8cf08ebb0740aa55d6c60d3b79fcab282604fb Mon Sep 17 00:00:00 2001
+From: Franz Schwartau <franz@electromail.org>
+Date: Tue, 1 Sep 2020 12:48:51 +0200
+Subject: [PATCH 1/3] Add support for SMTP over TLS
+
+This is commonly used on smtps (465) port.
+
+PROXY protocol is not implemented with TLS in check_smtp.c, yet.
+---
+ plugins/check_smtp.c | 45 ++++++++++++++++++++++++++++++++++++--------
+ 1 file changed, 37 insertions(+), 8 deletions(-)
+
+diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
+index 0b1c54d4..d5923a6a 100644
+--- a/plugins/check_smtp.c
++++ b/plugins/check_smtp.c
+@@ -42,8 +42,8 @@ const char *email = "devel@nagios-plugins.org";
+ #ifdef HAVE_SSL
+ int check_cert = FALSE;
+ int days_till_exp_warn, days_till_exp_crit;
+-#  define my_recv(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
+-#  define my_send(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
++#  define my_recv(buf, len) (((use_starttls || use_ssl) && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
++#  define my_send(buf, len) (((use_starttls || use_ssl) && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
+ #else /* ifndef HAVE_SSL */
+ #  define my_recv(buf, len) read(sd, buf, len)
+ #  define my_send(buf, len) send(sd, buf, len, 0)
+@@ -107,6 +107,7 @@ double critical_time = 0;
+ int check_critical_time = FALSE;
+ int verbose = 0;
+ int use_ssl = FALSE;
++int use_starttls = FALSE;
+ int use_sni = FALSE;
+ short use_proxy_prefix = FALSE;
+ short use_ehlo = FALSE;
+@@ -199,12 +200,25 @@ main (int argc, char **argv)
+ 	result = my_tcp_connect (server_address, server_port, &sd);
+ 
+ 	if (result == STATE_OK) { /* we connected */
++#ifdef HAVE_SSL
++		if (use_ssl) {
++			result = np_net_ssl_init_with_hostname(sd, (use_sni ? server_address : NULL));
++			if (result != STATE_OK) {
++				printf (_("CRITICAL - Cannot create SSL context.\n"));
++				close(sd);
++				np_net_ssl_cleanup();
++				return STATE_CRITICAL;
++			} else {
++				ssl_established = 1;
++			}
++		}
++#endif
+ 
+ 		/* If requested, send PROXY header */
+ 		if (use_proxy_prefix) {
+ 			if (verbose)
+ 				printf ("Sending header %s\n", PROXY_PREFIX);
+-			send(sd, PROXY_PREFIX, strlen(PROXY_PREFIX), 0);
++			my_send(PROXY_PREFIX, strlen(PROXY_PREFIX));
+ 		}
+ 
+ 		/* watch for the SMTP connection string and */
+@@ -230,7 +244,7 @@ main (int argc, char **argv)
+ 		}
+ 
+ 		/* send the HELO/EHLO command */
+-		send(sd, helocmd, strlen(helocmd), 0);
++		my_send(helocmd, strlen(helocmd));
+ 
+ 		/* allow for response to helo command to reach us */
+ 		if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) {
+@@ -243,14 +257,14 @@ main (int argc, char **argv)
+ 			}
+ 		}
+ 
+-		if(use_ssl && ! supports_tls){
++		if(use_starttls && ! supports_tls){
+ 			printf(_("WARNING - TLS not supported by server\n"));
+ 			smtp_quit();
+ 			return STATE_WARNING;
+ 		}
+ 
+ #ifdef HAVE_SSL
+-		if(use_ssl) {
++		if(use_starttls) {
+ 		  /* send the STARTTLS command */
+ 		  send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0);
+ 
+@@ -495,6 +509,7 @@ process_arguments (int argc, char **argv)
+ 		{"use-ipv6", no_argument, 0, '6'},
+ 		{"help", no_argument, 0, 'h'},
+ 		{"lmtp", no_argument, 0, 'L'},
++		{"ssl", no_argument, 0, 's'},
+ 		{"starttls",no_argument,0,'S'},
+ 		{"sni", no_argument, 0, SNI_OPTION},
+ 		{"certificate",required_argument,0,'D'},
+@@ -516,7 +531,7 @@ process_arguments (int argc, char **argv)
+ 	}
+ 
+ 	while (1) {
+-		c = getopt_long (argc, argv, "+hVv46Lrt:p:f:e:c:w:H:C:R:SD:F:A:U:P:q",
++		c = getopt_long (argc, argv, "+hVv46Lrt:p:f:e:c:w:H:C:R:sSD:F:A:U:P:q",
+ 		                 longopts, &option);
+ 
+ 		if (c == -1 || c == EOF)
+@@ -633,9 +648,13 @@ process_arguments (int argc, char **argv)
+ #else
+ 			usage (_("SSL support not available - install OpenSSL and recompile"));
+ #endif
++		case 's':
++		/* ssl */
++			use_ssl = TRUE;
++			break;
+ 		case 'S':
+ 		/* starttls */
+-			use_ssl = TRUE;
++			use_starttls = TRUE;
+ 			use_ehlo = TRUE;
+ 			break;
+ 		case SNI_OPTION:
+@@ -694,6 +713,14 @@ process_arguments (int argc, char **argv)
+ 	if (from_arg==NULL)
+ 		from_arg = strdup(" ");
+ 
++	if (use_starttls && use_ssl) {
++		usage4 (_("Set either -s/--ssl or -S/--starttls"));
++	}
++
++	if (use_ssl && use_proxy_prefix) {
++		usage4 (_("PROXY protocol (-r/--proxy) is not implemented with SSL/TLS (-s/--ssl), yet."));
++	}
++
+ 	return validate_arguments ();
+ }
+ 
+@@ -851,6 +878,8 @@ print_help (void)
+ #ifdef HAVE_SSL
+   printf (" %s\n", "-D, --certificate=INTEGER[,INTEGER]");
+   printf ("    %s\n", _("Minimum number of days a certificate has to be valid."));
++  printf (" %s\n", "-s, --ssl");
++  printf ("    %s\n", _("Use SSL/TLS for the connection."));
+   printf (" %s\n", "-S, --starttls");
+   printf ("    %s\n", _("Use STARTTLS for the connection."));
+   printf (" %s\n", "--sni");
+
diff --git a/net-analyzer/nagios-plugins/nagios-plugins-2.3.3-r1.ebuild b/net-analyzer/nagios-plugins/nagios-plugins-2.3.3-r2.ebuild
index 419243e3b736..959874004cb5 100644
--- a/net-analyzer/nagios-plugins/nagios-plugins-2.3.3-r1.ebuild
+++ b/net-analyzer/nagios-plugins/nagios-plugins-2.3.3-r2.ebuild
@@ -62,7 +62,10 @@ DOCS=(
 	THANKS
 )
 
-PATCHES=( "${FILESDIR}/define-own-mysql-port-constant.patch" )
+PATCHES=(
+	"${FILESDIR}/define-own-mysql-port-constant.patch"
+	"${FILESDIR}/check_smtp-implicit-tls.patch"
+)
 
 src_prepare() {
 	default
author	Michael Orlitzky <mjo@gentoo.org>	2021-08-16 10:50:03 -0400
committer	Michael Orlitzky <mjo@gentoo.org>	2021-08-16 10:50:19 -0400
commit	9bc1f6373e65832c98354b93d0ae57099da9c79c (patch)
tree	8214318a80ce2e1c66dc27b32876554cbdc97d67 /net-analyzer
parent	dev-python/redis-py: remove second instance ALLARCHES (diff)
download	gentoo-9bc1f6373e65832c98354b93d0ae57099da9c79c.tar.gz gentoo-9bc1f6373e65832c98354b93d0ae57099da9c79c.tar.bz2 gentoo-9bc1f6373e65832c98354b93d0ae57099da9c79c.zip