Logging: mark continued-TLS connection deliveries with "X-*"

author: Jeremy Harris <jgh146exb@wizmail.org> 2017-03-14 16:38:41 +0000
committer: Jeremy Harris <jgh146exb@wizmail.org> 2017-03-15 22:33:06 +0000
commit: 5e6d12accb0bdfa1cee9d8c9a1ecec3131b9f502 (patch)
tree: 805222640f581e7748458513afcd2fbdf6353c16
parent: 4d8393c0433106c18f19b43287fee86d189378a5 (diff)
7 files changed, 41 insertions, 41 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index be93cf670..91dacb7bb 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -35769,9 +35769,10 @@ down a single SMTP connection, an asterisk follows the IP address in the log
 lines for the second and subsequent messages.
 .new
 When two or more messages are delivered down a single TLS connection, the
-TLS-related information logged for the first message delivered
-(which may not be the earliest line in the log)
+DNS and TLS-related information logged for the first message delivered
 will not be present in the log lines for the second and subsequent messages.
+A TLS-marker indication of &'X=*'& is added to the log line instead of
+cipher information.
 .wen
 
 .cindex "delivery" "cutthrough; logging"
@@ -35900,7 +35901,7 @@ the following table:
 &`T   `&        on &`<=`& lines: message subject (topic)
 &`    `&        on &`=>`& &`**`& and &`==`& lines: transport name
 &`U   `&        local user or RFC 1413 identity
-&`X   `&        TLS cipher suite
+&`X   `&        TLS cipher suite, or TLS usage mark
 .endd
 
 
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 5b5dcbd7f..f43475ba3 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -24,7 +24,8 @@ JH/03 Rework the transport continued-connection mechanism: when TLS is active,
       the passed-on TCP connection.  Instead, proxy the child (and any
       subsequent ones) for TLS via a unix-domain socket channel.  Logging is
       affected: the continued delivery log lines do not have any DNSSEC, TLS
-      cipher, Certificate or OCSP information.
+      cipher, Certificate or OCSP information. A "continued-TLS" marker is
+      added instead of the cipher information: "X=*".
 
 JH/04 Shorten the log line for daemon startup by collapsing adjacent sets of
       identical IP addresses on different listening ports.  Will also affect
diff --git a/src/src/deliver.c b/src/src/deliver.c
index cb4616e6c..7743d37c3 100644
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -3396,7 +3396,7 @@ while (!done)
 
     /* Cut out any "delete" items on the list. */
 
-    for (rp = &(addr->retries); (r = *rp); rp = &r->next)
+    for (rp = &addr->retries; (r = *rp); rp = &r->next)
       if (Ustrcmp(r->key, ptr+1) == 0)           /* Found item with same key */
         {
         if ((r->flags & rf_delete) == 0) break;  /* It was not "delete" */
@@ -3408,7 +3408,7 @@ while (!done)
     /* We want to add a delete item only if there is no non-delete item;
     however we still have to step ptr through the data. */
 
-    if (!r || (*ptr & rf_delete) == 0)
+    if (!r || !(*ptr & rf_delete))
       {
       r = store_get(sizeof(retry_item));
       r->next = addr->retries;
@@ -3458,36 +3458,34 @@ while (!done)
     switch (subid)
       {
       case '1':
-      addr->cipher = NULL;
-      addr->peerdn = NULL;
-
-      if (*ptr)
-	addr->cipher = string_copy(ptr);
-      while (*ptr++);
-      if (*ptr)
-	addr->peerdn = string_copy(ptr);
-      break;
+	addr->cipher = NULL;
+	addr->peerdn = NULL;
+
+	if (*ptr)
+	  addr->cipher = string_copy(ptr);
+	while (*ptr++);
+	if (*ptr)
+	  addr->peerdn = string_copy(ptr);
+	break;
 
       case '2':
-      if (*ptr)
-	(void) tls_import_cert(ptr, &addr->peercert);
-      else
-	addr->peercert = NULL;
-      break;
+	if (*ptr)
+	  (void) tls_import_cert(ptr, &addr->peercert);
+	else
+	  addr->peercert = NULL;
+	break;
 
       case '3':
-      if (*ptr)
-	(void) tls_import_cert(ptr, &addr->ourcert);
-      else
-	addr->ourcert = NULL;
-      break;
+	if (*ptr)
+	  (void) tls_import_cert(ptr, &addr->ourcert);
+	else
+	  addr->ourcert = NULL;
+	break;
 
 # ifndef DISABLE_OCSP
       case '4':
-      addr->ocsp = OCSP_NOT_REQ;
-      if (*ptr)
-	addr->ocsp = *ptr - '0';
-      break;
+	addr->ocsp = *ptr ? *ptr - '0' : OCSP_NOT_REQ;
+	break;
 # endif
       }
     while (*ptr++);
@@ -4713,13 +4711,13 @@ for (delivery_count = 0; addr_remote; delivery_count++)
         if (!addr->peerdn)
 	  *ptr++ = 0;
 	else
-          {
-          ptr += sprintf(CS ptr, "%.512s", addr->peerdn);
-          ptr++;
-          }
+          ptr += sprintf(CS ptr, "%.512s", addr->peerdn) + 1;
 
         rmt_dlv_checked_write(fd, 'X', '1', big_buffer, ptr - big_buffer);
         }
+      else if (continue_proxy)		/* known TLS, but no cipher info */
+        rmt_dlv_checked_write(fd, 'X', '1', US"*\0", 3);
+
       if (addr->peercert)
 	{
         ptr = big_buffer;
diff --git a/test/log/2013 b/test/log/2013
index 79bc3f612..ad78743ec 100644
--- a/test/log/2013
+++ b/test/log/2013
@@ -4,9 +4,9 @@
 1999-03-02 09:44:33 Start queue run: pid=pppp -qqf
 1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => userz@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbB-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => userz@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=* CV=no C="250 OK id=10HmbB-0005vi-00"
 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbC-0005vi-00"
+1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=* CV=no C="250 OK id=10HmbC-0005vi-00"
 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
 1999-03-02 09:44:33 End queue run: pid=pppp -qqf
 
diff --git a/test/log/2113 b/test/log/2113
index 08b08cc84..88eafe9b3 100644
--- a/test/log/2113
+++ b/test/log/2113
@@ -4,9 +4,9 @@
 1999-03-02 09:44:33 Start queue run: pid=pppp -qqf
 1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00"
 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaZ-0005vi-00 => userz@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbB-0005vi-00"
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => userz@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=* CV=no C="250 OK id=10HmbB-0005vi-00"
 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
-1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbC-0005vi-00"
+1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=* CV=no C="250 OK id=10HmbC-0005vi-00"
 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
 1999-03-02 09:44:33 End queue run: pid=pppp -qqf
 
diff --git a/test/stderr/2013 b/test/stderr/2013
index 60b23885f..c183664d6 100644
--- a/test/stderr/2013
+++ b/test/stderr/2013
@@ -49,7 +49,7 @@ cmd buf flush ddd bytes
   SMTP<< 250 OK id=10HmbB-0005vi-00
   SMTP(close)>>
 LOG: MAIN
-  => userz@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbB-0005vi-00"
+  => userz@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=* CV=no C="250 OK id=10HmbB-0005vi-00"
 LOG: MAIN
   Completed
 >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
@@ -70,7 +70,7 @@ cmd buf flush ddd bytes
   SMTP(close)>>
 >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
 LOG: MAIN
-  => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbC-0005vi-00"
+  => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=* CV=no C="250 OK id=10HmbC-0005vi-00"
 LOG: MAIN
   Completed
 >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
diff --git a/test/stderr/2113 b/test/stderr/2113
index 55cfc39dd..ae0044b99 100644
--- a/test/stderr/2113
+++ b/test/stderr/2113
@@ -49,7 +49,7 @@ cmd buf flush ddd bytes
   SMTP<< 250 OK id=10HmbB-0005vi-00
   SMTP(close)>>
 LOG: MAIN
-  => userz@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbB-0005vi-00"
+  => userz@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=* CV=no C="250 OK id=10HmbB-0005vi-00"
 LOG: MAIN
   Completed
 >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
@@ -70,7 +70,7 @@ cmd buf flush ddd bytes
   SMTP(close)>>
 >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
 LOG: MAIN
-  => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbC-0005vi-00"
+  => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=* CV=no C="250 OK id=10HmbC-0005vi-00"
 LOG: MAIN
   Completed
 >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
author	Jeremy Harris <jgh146exb@wizmail.org>	2017-03-14 16:38:41 +0000
committer	Jeremy Harris <jgh146exb@wizmail.org>	2017-03-15 22:33:06 +0000
commit	5e6d12accb0bdfa1cee9d8c9a1ecec3131b9f502 (patch)
tree	805222640f581e7748458513afcd2fbdf6353c16
parent	4d8393c0433106c18f19b43287fee86d189378a5 (diff)