From 65249bc2e7f159e2bc19857e99f09f38392229c4 Mon Sep 17 00:00:00 2001 From: "teuto.net Netzdienste GmbH" Date: Fri, 31 Dec 2021 14:47:05 +0100 Subject: [PATCH] added pop3 STARTTLS queryResponse (#84) * added pop3 STARTTLS queryResponse * implemented pop3 test, added pop3 starttls parameter to README Co-authored-by: Timo Boldt --- README.md | 2 +- prober/tcp.go | 11 +++++++++++ prober/tcp_test.go | 39 +++++++++++++++++++++++++++++++++++++++ test/tcp.go | 27 +++++++++++++++++++++++++++ 4 files changed, 78 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 872a3f9..bb6dcfd 100644 --- a/README.md +++ b/README.md @@ -311,7 +311,7 @@ target: ### ``` -# Use the STARTTLS command before starting TLS for those protocols that support it (smtp, ftp, imap, postgres) +# Use the STARTTLS command before starting TLS for those protocols that support it (smtp, ftp, imap, pop3, postgres) [ starttls: ] ``` diff --git a/prober/tcp.go b/prober/tcp.go index 81d326a..b8d01b1 100644 --- a/prober/tcp.go +++ b/prober/tcp.go @@ -119,6 +119,17 @@ var ( expectBytes: []byte{0x53}, }, }, + "pop3": []queryResponse{ + queryResponse{ + expect: "OK", + }, + queryResponse{ + send: "STLS", + }, + queryResponse{ + expect: "OK", + }, + }, } ) diff --git a/prober/tcp_test.go b/prober/tcp_test.go index 8b478b8..c33ae4b 100644 --- a/prober/tcp_test.go +++ b/prober/tcp_test.go @@ -324,6 +324,45 @@ func TestProbeTCPStartTLSIMAP(t *testing.T) { checkTLSVersionMetrics("TLS 1.3", registry, t) } +// TestProbeTCPStartTLSPOP3 tests STARTTLS against a mock POP3 server +func TestProbeTCPStartTLSPOP3(t *testing.T) { + server, certPEM, _, caFile, teardown, err := test.SetupTCPServer() + if err != nil { + t.Fatalf(err.Error()) + } + defer teardown() + + server.StartPOP3() + defer server.Close() + + module := config.Module{ + TCP: config.TCPProbe{ + StartTLS: "pop3", + }, + TLSConfig: config.TLSConfig{ + CAFile: caFile, + InsecureSkipVerify: false, + }, + } + + registry := prometheus.NewRegistry() + + ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + defer cancel() + + if err := ProbeTCP(ctx, newTestLogger(), server.Listener.Addr().String(), module, registry); err != nil { + t.Fatalf("error: %s", err) + } + + cert, err := newCertificate(certPEM) + if err != nil { + t.Fatal(err) + } + checkCertificateMetrics(cert, registry, t) + checkOCSPMetrics([]byte{}, registry, t) + checkTLSVersionMetrics("TLS 1.3", registry, t) +} + // TestProbeTCPStartTLSPostgreSQL tests STARTTLS against a mock PostgreSQL server func TestProbeTCPStartTLSPostgreSQL(t *testing.T) { server, certPEM, _, caFile, teardown, err := test.SetupTCPServer() diff --git a/test/tcp.go b/test/tcp.go index fe4ca60..0137b1d 100644 --- a/test/tcp.go +++ b/test/tcp.go @@ -164,6 +164,33 @@ func (t *TCPServer) StartIMAP() { }() } +// StartPOP3 starts a listener that negotiates a TLS connection with an pop3 +// client using STARTTLS +func (t *TCPServer) StartPOP3() { + go func() { + conn, err := t.Listener.Accept() + if err != nil { + panic(fmt.Sprintf("Error accepting on socket: %s", err)) + } + defer conn.Close() + + fmt.Fprintf(conn, "+OK XPOP3 ready.\n") + if _, e := fmt.Fscanf(conn, "STLS\n"); e != nil { + panic("Error in dialog. No STLS received.") + } + fmt.Fprintf(conn, "+OK Begin TLS negotiation now.\n") + + // Upgrade to TLS. + tlsConn := tls.Server(conn, t.TLS) + if err := tlsConn.Handshake(); err != nil { + level.Error(t.logger).Log("msg", err) + } + defer tlsConn.Close() + + t.stopCh <- struct{}{} + }() +} + // StartPostgreSQL starts a listener that negotiates a TLS connection with an postgresql // client using STARTTLS func (t *TCPServer) StartPostgreSQL() {