From b3ef41c94af9aefec7b6855cf2ce73ffeaba9d9a Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Thu, 4 Jun 2015 20:28:25 +0100
Subject: TLS authenticator

---
 test/confs/3700                     | 86 +++++++++++++++++++++++++++++++++++++
 test/log/3700                       | 13 ++++++
 test/runtest                        |  3 ++
 test/scripts/3700-TLS-auth/3700     | 13 ++++++
 test/scripts/3700-TLS-auth/REQUIRES |  2 +
 5 files changed, 117 insertions(+)
 create mode 100644 test/confs/3700
 create mode 100644 test/log/3700
 create mode 100644 test/scripts/3700-TLS-auth/3700
 create mode 100644 test/scripts/3700-TLS-auth/REQUIRES

(limited to 'test')

diff --git a/test/confs/3700 b/test/confs/3700
new file mode 100644
index 000000000..1565b5f79
--- /dev/null
+++ b/test/confs/3700
@@ -0,0 +1,86 @@
+# Exim test configuration 3700
+
+SERVER=
+
+exim_path = EXIM_PATH
+host_lookup_order = bydns
+primary_hostname = myhost.test.ex
+spool_directory = DIR/spool
+log_file_path = DIR/spool/log/SERVER%slog
+gecos_pattern = ""
+gecos_name = CALLER_NAME
+
+log_selector = +received_recipients +outgoing_port
+
+# ----- Main settings -----
+
+acl_smtp_mail = check_authd
+acl_smtp_rcpt = check_authd
+queue_only
+queue_run_in_order
+trusted_users = CALLER
+
+tls_on_connect_ports = PORT_S
+tls_advertise_hosts = *
+tls_certificate = DIR/aux-fixed/cert1
+
+tls_verify_hosts = *
+tls_verify_certificates = DIR/aux-fixed/cert2
+
+
+# ----- ACL -----
+
+begin acl
+
+check_authd:
+  deny     message = authentication required
+          !authenticated = *
+  accept
+
+
+# ----- Authentication -----
+
+begin authenticators
+
+tls:
+  driver = tls
+  server_debug_print = +++TLS \$auth1="$auth1"
+  server_param1 =    ${quote:${certextract {subject,CN,>:} \
+                                  {$tls_in_peercert}}}
+  server_condition = ${if def:auth1}
+  server_set_id =    $auth1
+
+
+# ----- Routers -----
+
+begin routers
+
+r1:
+  driver = accept
+  transport = ${if eq {$local_part}{smtps} {t2}{t1}}
+
+
+# ----- Transports -----
+
+begin transports
+
+t1:
+  driver = smtp
+  hosts = 127.0.0.1
+  port = PORT_D
+  allow_localhost
+  tls_certificate =         DIR/aux-fixed/cert2
+  tls_verify_certificates = DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames = :
+
+t2:
+  driver = smtp
+  hosts = 127.0.0.1
+  port = PORT_S
+  protocol = smtps
+  allow_localhost
+  tls_certificate =         DIR/aux-fixed/cert2
+  tls_verify_certificates = DIR/aux-fixed/cert1
+  tls_verify_cert_hostnames = :
+
+# End
diff --git a/test/log/3700 b/test/log/3700
new file mode 100644
index 000000000..0558c7f38
--- /dev/null
+++ b/test/log/3700
@@ -0,0 +1,13 @@
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= ok@test.ex U=CALLER P=local S=sss for x@y
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= ok@test.ex U=CALLER P=local S=sss for smtps@y
+1999-03-02 09:44:33 Start queue run: pid=pppp
+1999-03-02 09:44:33 10HmaX-0005vi-00 => x@y R=r1 T=t1 H=127.0.0.1 [127.0.0.1]:1225 X=TLS_proto_and_cipher CV=yes C="250 OK id=10HmaZ-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+1999-03-02 09:44:33 10HmaY-0005vi-00 => smtps@y R=r1 T=t2 H=127.0.0.1 [127.0.0.1]:1224 X=TLS_proto_and_cipher CV=yes C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 and for SMTPS on port 1224
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= ok@test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=tls:"Phil Pennock" S=sss id=E10HmaX-0005vi-00@myhost.test.ex for x@y
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= ok@test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=tls:"Phil Pennock" S=sss id=E10HmaY-0005vi-00@myhost.test.ex for smtps@y
diff --git a/test/runtest b/test/runtest
index c95e5a021..616ded37c 100755
--- a/test/runtest
+++ b/test/runtest
@@ -1375,6 +1375,9 @@ $munges =
     'delay_1500' =>
     { 'stderr' => 's/(1[5-9]|23\d)\d\d msec/ssss msec/' },
 
+    'tls_anycipher' =>
+    { 'mainlog' => 's/ X=TLS\S+ / X=TLS_proto_and_cipher /' },
+
   };
 
 
diff --git a/test/scripts/3700-TLS-auth/3700 b/test/scripts/3700-TLS-auth/3700
new file mode 100644
index 000000000..e4b68607a
--- /dev/null
+++ b/test/scripts/3700-TLS-auth/3700
@@ -0,0 +1,13 @@
+# TLS authentication (server only)
+munge tls_anycipher
+#
+exim -DSERVER=server -bd -oX PORT_D:PORT_S
+****
+exim -f ok@test.ex x@y
+****
+exim -f ok@test.ex smtps@y
+****
+exim -q
+****
+killdaemon
+no_msglog_check
diff --git a/test/scripts/3700-TLS-auth/REQUIRES b/test/scripts/3700-TLS-auth/REQUIRES
new file mode 100644
index 000000000..1ce59ac37
--- /dev/null
+++ b/test/scripts/3700-TLS-auth/REQUIRES
@@ -0,0 +1,2 @@
+authenticator tls
+running IPv4
-- 
cgit v1.2.3