Merge branch 'master' into check_swap_scanf_expressions

3 files changed, 59 insertions, 11 deletions

diff --git a/plugins/check_disk.c b/plugins/check_disk.c
index a99f35e..39dc6cd 100644
--- a/plugins/check_disk.c
+++ b/plugins/check_disk.c
@@ -626,21 +626,36 @@ process_arguments (int argc, char **argv)
       if (! strcasecmp (optarg, "bytes")) {
         mult = (uintmax_t)1;
         units = strdup ("B");
-      } else if ( (! strcmp (optarg, "kB")) || (!strcmp(optarg, "KiB")) ) {
+      } else if (!strcmp(optarg, "KiB")) {
         mult = (uintmax_t)1024;
-        units = strdup ("kiB");
-      } else if ( (! strcmp (optarg, "MB")) || (!strcmp(optarg, "MiB")) )  {
+        units = strdup ("KiB");
+      } else if (! strcmp (optarg, "kB")) {
+        mult = (uintmax_t)1000;
+        units = strdup ("kB");
+      } else if (!strcmp(optarg, "MiB")) {
         mult = (uintmax_t)1024 * 1024;
         units = strdup ("MiB");
-      } else if ( (! strcmp (optarg, "GB")) || (!strcmp(optarg, "GiB")) ) {
+      } else if (! strcmp (optarg, "MB")) {
+        mult = (uintmax_t)1000 * 1000;
+        units = strdup ("MB");
+      } else if (!strcmp(optarg, "GiB")) {
         mult = (uintmax_t)1024 * 1024 * 1024;
         units = strdup ("GiB");
-      } else if ( (! strcmp (optarg, "TB")) || (!strcmp(optarg, "TiB")) ) {
+      } else if (! strcmp (optarg, "GB")){
+        mult = (uintmax_t)1000 * 1000 * 1000;
+        units = strdup ("GB");
+      } else if (!strcmp(optarg, "TiB")) {
         mult = (uintmax_t)1024 * 1024 * 1024 * 1024;
         units = strdup ("TiB");
-      } else if ( (! strcmp (optarg, "PB")) || (!strcmp(optarg, "PiB")) ) {
+      } else if (! strcmp (optarg, "TB")) {
+        mult = (uintmax_t)1000 * 1000 * 1000 * 1000;
+        units = strdup ("TB");
+      } else if (!strcmp(optarg, "PiB")) {
         mult = (uintmax_t)1024 * 1024 * 1024 * 1024 * 1024;
         units = strdup ("PiB");
+      } else if (! strcmp (optarg, "PB")){
+        mult = (uintmax_t)1000 * 1000 * 1000 * 1000 * 1000;
+        units = strdup ("PB");
       } else {
         die (STATE_UNKNOWN, _("unit type %s not known\n"), optarg);
       }
diff --git a/plugins/check_mysql.c b/plugins/check_mysql.c
index 6cfa70e..91e150f 100644
--- a/plugins/check_mysql.c
+++ b/plugins/check_mysql.c
@@ -138,7 +138,10 @@ main (int argc, char **argv)
                 mysql_ssl_set(&mysql,key,cert,ca_cert,ca_dir,ciphers);
         /* establish a connection to the server and error checking */
         if (!mysql_real_connect(&mysql,db_host,db_user,db_pass,db,db_port,db_socket,0)) {
-                if (ignore_auth && mysql_errno (&mysql) == ER_ACCESS_DENIED_ERROR)
+                /* Depending on internally-selected auth plugin MySQL might return */
+                /* ER_ACCESS_DENIED_NO_PASSWORD_ERROR or ER_ACCESS_DENIED_ERROR. */
+                /* Semantically these errors are the same. */
+                if (ignore_auth && (mysql_errno (&mysql) == ER_ACCESS_DENIED_ERROR || mysql_errno (&mysql) == ER_ACCESS_DENIED_NO_PASSWORD_ERROR))
                 {
                         printf("MySQL OK - Version: %s (protocol %d)\n",
                                 mysql_get_server_info(&mysql),
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index eaa7eeb..c0ab838 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -3,7 +3,7 @@
 * Monitoring check_smtp plugin
 * 
 * License: GPL
-* Copyright (c) 2000-2007 Monitoring Plugins Development Team
+* Copyright (c) 2000-2023 Monitoring Plugins Development Team
 * 
 * Description:
 * 
@@ -52,6 +52,7 @@ int days_till_exp_warn, days_till_exp_crit;
 enum {
         SMTP_PORT       = 25
 };
+#define PROXY_PREFIX "PROXY TCP4 0.0.0.0 0.0.0.0 25 25\r\n"
 #define SMTP_EXPECT "220"
 #define SMTP_HELO "HELO "
 #define SMTP_EHLO "EHLO "
@@ -102,6 +103,8 @@ double critical_time = 0;
 int check_critical_time = FALSE;
 int verbose = 0;
 int use_ssl = FALSE;
+int use_sni = FALSE;
+short use_proxy_prefix = FALSE;
 short use_ehlo = FALSE;
 short use_lhlo = FALSE;
 short ssl_established = 0;
@@ -184,6 +187,13 @@ main (int argc, char **argv)
 
         if (result == STATE_OK) { /* we connected */
 
+                /* If requested, send PROXY header */
+                if (use_proxy_prefix) {
+                        if (verbose)
+                                printf ("Sending header %s\n", PROXY_PREFIX);
+                        send(sd, PROXY_PREFIX, strlen(PROXY_PREFIX), 0);
+                }
+
                 /* watch for the SMTP connection string and */
                 /* return a WARNING status if we couldn't read any data */
                 if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) {
@@ -225,7 +235,7 @@ main (int argc, char **argv)
                     smtp_quit();
                     return STATE_UNKNOWN;
                   }
-                  result = np_net_ssl_init(sd);
+                  result = np_net_ssl_init_with_hostname(sd, (use_sni ? server_address : NULL));
                   if(result != STATE_OK) {
                     printf (_("CRITICAL - Cannot create SSL context.\n"));
                     close(sd);
@@ -454,6 +464,10 @@ process_arguments (int argc, char **argv)
         int c;
         char* temp;
 
+        enum {
+          SNI_OPTION
+        };
+
         int option = 0;
         static struct option longopts[] = {
                 {"hostname", required_argument, 0, 'H'},
@@ -476,8 +490,10 @@ process_arguments (int argc, char **argv)
                 {"help", no_argument, 0, 'h'},
                 {"lmtp", no_argument, 0, 'L'},
                 {"starttls",no_argument,0,'S'},
+                {"sni", no_argument, 0, SNI_OPTION},
                 {"certificate",required_argument,0,'D'},
                 {"ignore-quit-failure",no_argument,0,'q'},
+                {"proxy",no_argument,0,'r'},
                 {0, 0, 0, 0}
         };
 
@@ -494,7 +510,7 @@ process_arguments (int argc, char **argv)
         }
 
         while (1) {
-                c = getopt_long (argc, argv, "+hVv46Lt:p:f:e:c:w:H:C:R:SD:F:A:U:P:q",
+                c = getopt_long (argc, argv, "+hVv46Lrt:p:f:e:c:w:H:C:R:SD:F:A:U:P:q",
                                  longopts, &option);
 
                 if (c == -1 || c == EOF)
@@ -621,6 +637,16 @@ process_arguments (int argc, char **argv)
                         use_ssl = TRUE;
                         use_ehlo = TRUE;
                         break;
+                case SNI_OPTION:
+#ifdef HAVE_SSL
+                        use_sni = TRUE;
+#else
+                        usage (_("SSL support not available - install OpenSSL and recompile"));
+#endif
+                        break;
+                case 'r':
+                        use_proxy_prefix = TRUE;
+                        break;
                 case 'L':
                         use_lhlo = TRUE;
                         break;
@@ -819,11 +845,15 @@ print_help (void)
   printf ("    %s\n", _("FROM-address to include in MAIL command, required by Exchange 2000")),
   printf (" %s\n", "-F, --fqdn=STRING");
   printf ("    %s\n", _("FQDN used for HELO"));
+  printf (" %s\n", "-r, --proxy");
+  printf ("    %s\n", _("Use PROXY protocol prefix for the connection."));
 #ifdef HAVE_SSL
   printf (" %s\n", "-D, --certificate=INTEGER[,INTEGER]");
   printf ("    %s\n", _("Minimum number of days a certificate has to be valid."));
   printf (" %s\n", "-S, --starttls");
   printf ("    %s\n", _("Use STARTTLS for the connection."));
+  printf (" %s\n", "--sni");
+  printf ("    %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
 #endif
 
         printf (" %s\n", "-A, --authtype=STRING");
@@ -860,6 +890,6 @@ print_usage (void)
   printf ("%s\n", _("Usage:"));
   printf ("%s -H host [-p port] [-4|-6] [-e expect] [-C command] [-R response] [-f from addr]\n", progname);
   printf ("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-q]\n");
-  printf ("[-F fqdn] [-S] [-L] [-D warn days cert expire[,crit days cert expire]] [-v] \n");
+  printf ("[-F fqdn] [-S] [-L] [-D warn days cert expire[,crit days cert expire]] [-r] [--sni] [-v] \n");
 }