From 69d8eed78db16f47ad71f53fbf3b2b9dc00f460b Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Wed, 29 Nov 2017 22:18:18 +0000 Subject: [PATCH] TLS: Fix excessive calling of smtp_auth_acl under AUTH_TLS. Bug 2203 --- src/src/smtp_in.c | 11 +++++++---- test/confs/3700 | 4 ++++ test/log/3700 | 2 ++ 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index 1fdb705a5..1f1e7ddd4 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -187,7 +187,7 @@ static smtp_cmd_list cmd_list[] = { { "auth", sizeof("auth")-1, AUTH_CMD, TRUE, TRUE }, #ifdef SUPPORT_TLS { "starttls", sizeof("starttls")-1, STARTTLS_CMD, FALSE, FALSE }, - { "tls_auth", 0, TLS_AUTH_CMD, FALSE, TRUE }, + { "tls_auth", 0, TLS_AUTH_CMD, FALSE, FALSE }, #endif /* If you change anything above here, also fix the definitions below. */ @@ -2826,8 +2826,12 @@ if (check_proxy_protocol_host()) smtps port for use with older style SSL MTAs. */ #ifdef SUPPORT_TLS - if (tls_in.on_connect && tls_server_start(tls_require_ciphers, &user_msg) != OK) - return smtp_log_tls_fail(user_msg); + if (tls_in.on_connect) + { + if (tls_server_start(tls_require_ciphers, &user_msg) != OK) + return smtp_log_tls_fail(user_msg); + cmd_list[CMD_LIST_TLS_AUTH].is_mail_cmd = TRUE; + } #endif /* Run the connect ACL if it exists */ @@ -3800,7 +3804,6 @@ cmd_list[CMD_LIST_HELO].is_mail_cmd = TRUE; cmd_list[CMD_LIST_EHLO].is_mail_cmd = TRUE; #ifdef SUPPORT_TLS cmd_list[CMD_LIST_STARTTLS].is_mail_cmd = TRUE; -cmd_list[CMD_LIST_TLS_AUTH].is_mail_cmd = TRUE; #endif /* Set the local signal handler for SIGTERM - it tries to end off tidily */ diff --git a/test/confs/3700 b/test/confs/3700 index 94bd26ebd..00a17b497 100644 --- a/test/confs/3700 +++ b/test/confs/3700 @@ -9,6 +9,7 @@ log_selector = +received_recipients +outgoing_port # ----- Main settings ----- +acl_smtp_auth = log_call acl_smtp_mail = check_authd acl_smtp_rcpt = check_authd queue_only @@ -27,6 +28,9 @@ tls_verify_certificates = DIR/aux-fixed/cert2 begin acl +log_call: + accept logwrite = Auth ACL called, after smtp cmd "$smtp_command" + check_authd: deny message = authentication required !authenticated = * diff --git a/test/log/3700 b/test/log/3700 index 0558c7f38..82c09850e 100644 --- a/test/log/3700 +++ b/test/log/3700 @@ -9,5 +9,7 @@ ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 and for SMTPS on port 1224 +1999-03-02 09:44:33 Auth ACL called, after smtp cmd "STARTTLS" 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= ok@test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=tls:"Phil Pennock" S=sss id=E10HmaX-0005vi-00@myhost.test.ex for x@y +1999-03-02 09:44:33 Auth ACL called, after smtp cmd "" 1999-03-02 09:44:33 10HmbA-0005vi-00 <= ok@test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=tls:"Phil Pennock" S=sss id=E10HmaY-0005vi-00@myhost.test.ex for smtps@y -- 2.30.2