summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2017-11-29 22:18:18 +0000
committerJeremy Harris <jgh146exb@wizmail.org>2017-11-29 22:30:26 +0000
commit69d8eed78db16f47ad71f53fbf3b2b9dc00f460b (patch)
treeb0517f84013ed571ec794c6e4a9f1d4900137433
parent938593e9ad0825a25793da32b391a3a2f1d6bcd1 (diff)
TLS: Fix excessive calling of smtp_auth_acl under AUTH_TLS. Bug 2203
-rw-r--r--src/src/smtp_in.c11
-rw-r--r--test/confs/37004
-rw-r--r--test/log/37002
3 files changed, 13 insertions, 4 deletions
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index 1fdb705a5..1f1e7ddd4 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -187,7 +187,7 @@ static smtp_cmd_list cmd_list[] = {
{ "auth", sizeof("auth")-1, AUTH_CMD, TRUE, TRUE },
#ifdef SUPPORT_TLS
{ "starttls", sizeof("starttls")-1, STARTTLS_CMD, FALSE, FALSE },
- { "tls_auth", 0, TLS_AUTH_CMD, FALSE, TRUE },
+ { "tls_auth", 0, TLS_AUTH_CMD, FALSE, FALSE },
#endif
/* If you change anything above here, also fix the definitions below. */
@@ -2826,8 +2826,12 @@ if (check_proxy_protocol_host())
smtps port for use with older style SSL MTAs. */
#ifdef SUPPORT_TLS
- if (tls_in.on_connect && tls_server_start(tls_require_ciphers, &user_msg) != OK)
- return smtp_log_tls_fail(user_msg);
+ if (tls_in.on_connect)
+ {
+ if (tls_server_start(tls_require_ciphers, &user_msg) != OK)
+ return smtp_log_tls_fail(user_msg);
+ cmd_list[CMD_LIST_TLS_AUTH].is_mail_cmd = TRUE;
+ }
#endif
/* Run the connect ACL if it exists */
@@ -3800,7 +3804,6 @@ cmd_list[CMD_LIST_HELO].is_mail_cmd = TRUE;
cmd_list[CMD_LIST_EHLO].is_mail_cmd = TRUE;
#ifdef SUPPORT_TLS
cmd_list[CMD_LIST_STARTTLS].is_mail_cmd = TRUE;
-cmd_list[CMD_LIST_TLS_AUTH].is_mail_cmd = TRUE;
#endif
/* Set the local signal handler for SIGTERM - it tries to end off tidily */
diff --git a/test/confs/3700 b/test/confs/3700
index 94bd26ebd..00a17b497 100644
--- a/test/confs/3700
+++ b/test/confs/3700
@@ -9,6 +9,7 @@ log_selector = +received_recipients +outgoing_port
# ----- Main settings -----
+acl_smtp_auth = log_call
acl_smtp_mail = check_authd
acl_smtp_rcpt = check_authd
queue_only
@@ -27,6 +28,9 @@ tls_verify_certificates = DIR/aux-fixed/cert2
begin acl
+log_call:
+ accept logwrite = Auth ACL called, after smtp cmd "$smtp_command"
+
check_authd:
deny message = authentication required
!authenticated = *
diff --git a/test/log/3700 b/test/log/3700
index 0558c7f38..82c09850e 100644
--- a/test/log/3700
+++ b/test/log/3700
@@ -9,5 +9,7 @@
******** SERVER ********
1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 and for SMTPS on port 1224
+1999-03-02 09:44:33 Auth ACL called, after smtp cmd "STARTTLS"
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= ok@test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=tls:"Phil Pennock" S=sss id=E10HmaX-0005vi-00@myhost.test.ex for x@y
+1999-03-02 09:44:33 Auth ACL called, after smtp cmd ""
1999-03-02 09:44:33 10HmbA-0005vi-00 <= ok@test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=tls:"Phil Pennock" S=sss id=E10HmaY-0005vi-00@myhost.test.ex for smtps@y