summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2021-01-25 14:55:06 +0000
committerJeremy Harris <jgh146exb@wizmail.org>2021-01-25 14:55:06 +0000
commit37a81ae7317bb78b2ff152821930c2ff0873512b (patch)
tree6d9fc9a97b69f0c789569eb35888dbbcaaa16469
parent8d7e00e408df4d92c37caabbfd68cdc75ebd2dfb (diff)
AUTH: avoid logging creds on ACL denial
-rw-r--r--doc/doc-txt/ChangeLog4
-rw-r--r--src/src/smtp_in.c68
-rw-r--r--test/log/34502
-rw-r--r--test/log/34602
-rw-r--r--test/rejectlog/34502
-rw-r--r--test/rejectlog/34602
6 files changed, 48 insertions, 32 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index e1381c156..b20991280 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -180,6 +180,10 @@ JH/36 Bug 2687: Fix interpretation of multiple ^ chars in a plaintext
JH/37 Enforce the expected size, for fixed-size records read from hints-DB
files. For bad sizes read, delete the record and whine to paniclog.
+JH/38 When logging an AUTH failure, as server, do not include sensitive
+ information. Previously, the credentials would be included if given
+ as part of the AUTH command line and an ACL denied authentidcation.
+
Exim version 4.94
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index 0467b2257..14dd11498 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -3279,18 +3279,7 @@ int codelen = 3;
uschar *smtp_code;
uschar *lognl;
uschar *sender_info = US"";
-uschar *what =
-#ifdef WITH_CONTENT_SCAN
- where == ACL_WHERE_MIME ? US"during MIME ACL checks" :
-#endif
- where == ACL_WHERE_PREDATA ? US"DATA" :
- where == ACL_WHERE_DATA ? US"after DATA" :
-#ifndef DISABLE_PRDR
- where == ACL_WHERE_PRDR ? US"after DATA PRDR" :
-#endif
- smtp_cmd_data ?
- string_sprintf("%s %s", acl_wherenames[where], smtp_cmd_data) :
- string_sprintf("%s in \"connect\" ACL", acl_wherenames[where]);
+uschar *what;
if (drop) rc = FAIL;
@@ -3306,19 +3295,45 @@ fixed, sender_address at this point became the rewritten address. I'm not sure
this is what should be logged, so I've changed to logging the unrewritten
address to retain backward compatibility. */
-#ifndef WITH_CONTENT_SCAN
-if (where == ACL_WHERE_RCPT || where == ACL_WHERE_DATA)
-#else
-if (where == ACL_WHERE_RCPT || where == ACL_WHERE_DATA || where == ACL_WHERE_MIME)
+switch (where)
+ {
+#ifdef WITH_CONTENT_SCAN
+ case ACL_WHERE_MIME: what = US"during MIME ACL checks"; break;
+#endif
+ case ACL_WHERE_PREDATA: what = US"DATA"; break;
+ case ACL_WHERE_DATA: what = US"after DATA"; break;
+#ifndef DISABLE_PRDR
+ case ACL_WHERE_PRDR: what = US"after DATA PRDR"; break;
#endif
+ default:
+ {
+ uschar * place = smtp_cmd_data ? smtp_cmd_data : US"in \"connect\" ACL";
+ int lim = 100;
+
+ if (where == ACL_WHERE_AUTH) /* avoid logging auth creds */
+ {
+ uschar * s;
+ for (s = smtp_cmd_data; *s && !isspace(*s); ) s++;
+ lim = s - smtp_cmd_data; /* atop after method */
+ }
+ what = string_sprintf("%s %.*s", acl_wherenames[where], lim, place);
+ }
+ }
+switch (where)
{
- sender_info = string_sprintf("F=<%s>%s%s%s%s ",
- sender_address_unrewritten ? sender_address_unrewritten : sender_address,
- sender_host_authenticated ? US" A=" : US"",
- sender_host_authenticated ? sender_host_authenticated : US"",
- sender_host_authenticated && authenticated_id ? US":" : US"",
- sender_host_authenticated && authenticated_id ? authenticated_id : US""
- );
+ case ACL_WHERE_RCPT:
+ case ACL_WHERE_DATA:
+#ifdef WITH_CONTENT_SCAN
+ case ACL_WHERE_MIME:
+#endif
+ sender_info = string_sprintf("F=<%s>%s%s%s%s ",
+ sender_address_unrewritten ? sender_address_unrewritten : sender_address,
+ sender_host_authenticated ? US" A=" : US"",
+ sender_host_authenticated ? sender_host_authenticated : US"",
+ sender_host_authenticated && authenticated_id ? US":" : US"",
+ sender_host_authenticated && authenticated_id ? authenticated_id : US""
+ );
+ break;
}
/* If there's been a sender verification failure with a specific message, and
@@ -4035,21 +4050,18 @@ while (done <= 0)
/* Find the name of the requested authentication mechanism. */
s = smtp_cmd_data;
- while ((c = *smtp_cmd_data) != 0 && !isspace(c))
- {
+ for (; (c = *smtp_cmd_data) && !isspace(c); smtp_cmd_data++)
if (!isalnum(c) && c != '-' && c != '_')
{
done = synprot_error(L_smtp_syntax_error, 501, NULL,
US"invalid character in authentication mechanism name");
goto COMMAND_LOOP;
}
- smtp_cmd_data++;
- }
/* If not at the end of the line, we must be at white space. Terminate the
name and move the pointer on to any data that may be present. */
- if (*smtp_cmd_data != 0)
+ if (*smtp_cmd_data)
{
*smtp_cmd_data++ = 0;
while (isspace(*smtp_cmd_data)) smtp_cmd_data++;
diff --git a/test/log/3450 b/test/log/3450
index 3fcb043eb..5f2fe4239 100644
--- a/test/log/3450
+++ b/test/log/3450
@@ -1,4 +1,4 @@
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 H=(foobar) [127.0.0.1] rejected AUTH plain AHVzZXJ4AHNlY3JldA==: STARTTLS required before AUTH
+1999-03-02 09:44:33 H=(foobar) [127.0.0.1] rejected AUTH plain: STARTTLS required before AUTH
diff --git a/test/log/3460 b/test/log/3460
index 3fcb043eb..5f2fe4239 100644
--- a/test/log/3460
+++ b/test/log/3460
@@ -1,4 +1,4 @@
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 H=(foobar) [127.0.0.1] rejected AUTH plain AHVzZXJ4AHNlY3JldA==: STARTTLS required before AUTH
+1999-03-02 09:44:33 H=(foobar) [127.0.0.1] rejected AUTH plain: STARTTLS required before AUTH
diff --git a/test/rejectlog/3450 b/test/rejectlog/3450
index b2fa6d6df..880086838 100644
--- a/test/rejectlog/3450
+++ b/test/rejectlog/3450
@@ -1,3 +1,3 @@
******** SERVER ********
-1999-03-02 09:44:33 H=(foobar) [127.0.0.1] rejected AUTH plain AHVzZXJ4AHNlY3JldA==: STARTTLS required before AUTH
+1999-03-02 09:44:33 H=(foobar) [127.0.0.1] rejected AUTH plain: STARTTLS required before AUTH
diff --git a/test/rejectlog/3460 b/test/rejectlog/3460
index b2fa6d6df..880086838 100644
--- a/test/rejectlog/3460
+++ b/test/rejectlog/3460
@@ -1,3 +1,3 @@
******** SERVER ********
-1999-03-02 09:44:33 H=(foobar) [127.0.0.1] rejected AUTH plain AHVzZXJ4AHNlY3JldA==: STARTTLS required before AUTH
+1999-03-02 09:44:33 H=(foobar) [127.0.0.1] rejected AUTH plain: STARTTLS required before AUTH