Module: check_mk
Branch: master
Commit: 4fb090fa0f2c617c42a0509c9593f70ac856d6a3
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=4fb090fa0f2c61…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Wed Dec 16 15:25:16 2015 +0100
#2816 check_mail_loop: now supports STARTTLS for IMAP authentification
---
.werks/2816 | 9 ++++++++
ChangeLog | 1 +
checks/check_mail_loop | 3 +++
doc/treasures/active_checks/check_mail_loop | 33 +++++++++++++++++++++++++--
web/plugins/wato/active_checks.py | 6 ++++-
5 files changed, 49 insertions(+), 3 deletions(-)
diff --git a/.werks/2816 b/.werks/2816
new file mode 100644
index 0000000..0c13af0
--- /dev/null
+++ b/.werks/2816
@@ -0,0 +1,9 @@
+Title: check_mail_loop: now supports STARTTLS for IMAP authentification
+Level: 1
+Component: checks
+Compatible: compat
+Version: 1.2.7i4
+Date: 1450275857
+Class: feature
+
+
diff --git a/ChangeLog b/ChangeLog
index 63416cd..cf852c5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -65,6 +65,7 @@
* 2885 cisco_hsrp: now reports the HSRP state...
* 2812 Avaya Series 88xx / 45xx: New temperature, fan and CPU utilization checks...
* 2870 dotnet_clrmemory, wmi_cpuload, wmi_webservices, msexch_activesync,
msexch_autodiscovery, msexch_availability, msexch_isstore, msexch_owa,
msexch_rpcclientaccess: a whole slew of new checks relating to monitoring MS Exchange...
+ * 2816 check_mail_loop: now supports STARTTLS for IMAP authentification
* 2660 FIX: fixed windows agent using the wrong working directory...
* 2664 FIX: ps: Speedup in situation with many matching processes...
* 2661 FIX: windows agent: fixed incomplete process list...
diff --git a/checks/check_mail_loop b/checks/check_mail_loop
index 5bdedd3..d8bb23b 100644
--- a/checks/check_mail_loop
+++ b/checks/check_mail_loop
@@ -32,6 +32,9 @@ def check_mail_loop_arguments(params):
else:
args += ' --smtp-server=$HOSTADDRESS$'
+ if 'imap_tls' in params:
+ args += ' --imap-tls'
+
if 'smtp_tls' in params:
args += ' --smtp-tls'
diff --git a/doc/treasures/active_checks/check_mail_loop
b/doc/treasures/active_checks/check_mail_loop
index 2f677de..6c635b5 100755
--- a/doc/treasures/active_checks/check_mail_loop
+++ b/doc/treasures/active_checks/check_mail_loop
@@ -51,6 +51,7 @@ OPTIONS:
(leave empty for anonymous SMTP)
--smtp-password PW Password to authenticate SMTP
--smtp-tls Use TLS over SMTP (disabled by default)
+ --imap-tls Use TLS for IMAP authentification (disabled by default)
--fetch-protocol PROTO Set to "IMAP" or "POP3", depending on your
mailserver
(defaults to IMAP)
@@ -92,7 +93,7 @@ OPTIONS:
short_options = 'dh'
long_options = ['smtp-server=', 'smtp-port=', 'smtp-username=',
'smtp-password=',
- 'smtp-tls', 'fetch-protocol=', 'fetch-server=',
'fetch-port=', 'fetch-username=',
+ 'smtp-tls', 'fetch-tls', 'fetch-protocol=',
'fetch-server=', 'fetch-port=', 'fetch-username=',
'fetch-password=', 'fetch-ssl', 'mail-from=',
'mail-to=', 'warning=', 'critical=',
'connect-timeout=', 'delete-messages', 'help',
'status-dir=', 'status-suffix=', "debug", ]
@@ -119,6 +120,7 @@ fetch_port = None
fetch_user = None
fetch_pass = None
fetch_ssl = False
+imap_tls = False
mail_from = None
mail_to = None
warning = None
@@ -153,6 +155,8 @@ for o,a in opts:
fetch_user = a
elif o == '--fetch-password':
fetch_pass = a
+ elif o == '--imap-tls':
+ imap_tls = True
elif o == '--fetch-ssl':
fetch_ssl = True
elif o == '--mail-from':
@@ -220,6 +224,22 @@ def save_expected_mails():
lines.append('%d %s' % (ts, key))
file(status_path, 'w').write('\n'.join(lines) + '\n')
+def add_starttls_support(self, keyfile = None, certfile = None):
+ import ssl
+ name = "STARTTLS"
+ typ, dat = self._simple_command(name)
+ if typ != 'OK':
+ raise self.error(dat[-1])
+
+ self.sock = ssl.wrap_socket(self.sock)
+ self.file = self.sock.makefile()
+
+ cap = 'CAPABILITY'
+ self._simple_command(cap)
+ if not cap in self.untagged_responses:
+ raise self.error('no CAPABILITY response from server')
+ self.capabilities = tuple(self.untagged_responses[cap][-1].upper().split())
+
def fetch_mails():
global g_M
if not g_expected:
@@ -244,7 +264,16 @@ def fetch_mails():
else:
# Get mails from IMAP mailbox
fetch_class = fetch_ssl and imaplib.IMAP4_SSL or imaplib.IMAP4
- g_M = fetch_class(fetch_server, fetch_port)
+
+ if imap_tls:
+ # starttls in imaplib is only available with python >= 3.2
+ # we are going to implement our own version
+ imaplib.Commands.update({"STARTTLS": ("NONAUTH")})
+ g_M = imaplib.IMAP4(fetch_server, fetch_port)
+ add_starttls_support(g_M)
+ else:
+ g_M = fetch_class(fetch_server, fetch_port)
+
g_M.login(fetch_user, fetch_pass)
g_M.select('INBOX', readonly=False) # select INBOX
retcode, messages = g_M.search(None, 'NOT', 'DELETED')
diff --git a/web/plugins/wato/active_checks.py b/web/plugins/wato/active_checks.py
index 8f798f7..b8554f7 100644
--- a/web/plugins/wato/active_checks.py
+++ b/web/plugins/wato/active_checks.py
@@ -1744,7 +1744,7 @@ register_rule(group,
'the SMTP protocol and then tries to receive these mails back by
querying the '
'inbox of a IMAP or POP3 mailbox. With this check you can verify
that your whole '
'mail delivery progress is working.'),
- optional_keys = ['smtp_server', 'smtp_tls', 'smtp_port',
'smtp_auth', 'connect_timeout', 'delete_messages',
'duration'],
+ optional_keys = ['smtp_server', 'smtp_tls', 'smtp_port',
'smtp_auth', 'imap_tls', 'connect_timeout',
'delete_messages', 'duration'],
elements = [
('item', TextUnicode(
title = _('Name'),
@@ -1761,6 +1761,10 @@ register_rule(group,
title = _('Use TLS over SMTP'),
totext = _('Encrypt SMTP communication using TLS'),
)),
+ ('imap_tls', FixedValue(True,
+ title = _('Use TLS for IMAP authentification'),
+ totext = _('IMAP authentification uses TLS'),
+ )),
('smtp_port', Integer(
title = _('SMTP TCP Port to connect to'),
help = _('The TCP Port the SMTP server is listening on. Defaulting to
<tt>25</tt>.'),