Add support for MySQL and PostgreSQL handshakes

riemann · Dec 2, 2022 · 7898c49 · 7898c49
1 parent dfdbe42
commit 7898c49
Showing 1 changed file with 32 additions and 4 deletions.
diff --git a/lib/riemann/tools/tls_check.rb b/lib/riemann/tools/tls_check.rb
@@ -8,10 +8,10 @@
 
 module URI
   {
-    'IMAP'       => 143,
-    'IMAPS'      => 993,
-    'MYSQL'      => 3306,
-    'POSTGRESQL' => 5432,
+    'IMAP'     => 143,
+    'IMAPS'    => 993,
+    'MYSQL'    => 3306,
+    'POSTGRES' => 5432,
   }.each do |scheme, port|
     klass = Class.new(Generic)
     klass.const_set('DEFAULT_PORT', port)
@@ -233,11 +233,39 @@ def tls_socket(uri, address)
           imap_tls_socket(uri, address)
         when 'ldap'
           ldap_tls_socket(uri, address)
+        when 'mysql'
+          mysql_tls_socket(uri, address)
+        when 'postgres'
+          postgres_tls_socket(uri, address)
         else
           raw_tls_socket(uri, address)
         end
       end
 
+      def mysql_tls_socket(uri, address)
+        socket = TCPSocket.new(address, uri.port)
+        length = "#{socket.read(3)}\0".unpack1('L*')
+        _sequence = socket.read(1)
+        body = socket.read(length)
+        initial_handshake_packet = body.unpack('cZ*La8aScSS')
+
+        capabilities = initial_handshake_packet[5] | (initial_handshake_packet[8] << 16)
+
+        ssl_flag = 1 << 11
+        raise 'No TLS support' if (capabilities & ssl_flag).zero?
+
+        socket.write(['2000000185ae7f0000000001210000000000000000000000000000000000000000000000'].pack('H*'))
+        tls_handshake(socket, uri.host)
+      end
+
+      def postgres_tls_socket(uri, address)
+        socket = TCPSocket.new(address, uri.port)
+        socket.write(['0000000804d2162f'].pack('H*'))
+        raise 'Unexpected reply' unless socket.read(1) == 'S'
+
+        tls_handshake(socket, uri.host)
+      end
+
       def smtp_tls_socket(uri, address)
         socket = LineOrientedSocket.new(address, uri.port)
         socket.gets_until_match(/^220 /)