From: Jeremy Harris Date: Tue, 14 Apr 2020 20:51:51 +0000 (+0100) Subject: Early-pipe: invalidate cache on a failure of required-auth X-Git-Url: https://git.exim.org/users/jgh/exim.git/commitdiff_plain/bf624a64a4395692f94ad304126a81d35a6d95df?hp=6a72548d36fb6697c5748cb944dfdcbfeb31ad76 Early-pipe: invalidate cache on a failure of required-auth --- diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index 5fb22bcd3..5656e7903 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -1548,6 +1548,7 @@ if ( sx->esmtp if (require_auth == OK && !f.smtp_authenticated) { + invalidate_ehlo_cache_entry(sx); set_errno_nohost(sx->addrlist, ERRNO_AUTHFAIL, string_sprintf("authentication required but %s", fail_reason), DEFER, FALSE, &sx->delivery_start); diff --git a/test/confs/4056 b/test/confs/4056 index 03740f67a..d736bf62e 100644 --- a/test/confs/4056 +++ b/test/confs/4056 @@ -1,6 +1,8 @@ # test config 4056 # Early-pipe, AUTH (no TLS!) +AA = yes + keep_environment = PATH exim_path = EXIM_PATH host_lookup_order = bydns @@ -59,9 +61,17 @@ plain: driver = plaintext public_name = PLAIN + server_advertise_condition = AA server_condition = "\ ${if and {{eq{$auth2}{userx}}{eq{$auth3}{secret}}}{yes}{no}}" server_set_id = $auth2 client_send = ^userx^secret +# ----- Retry ----- + + +begin retry + +* * F,5d,10s + diff --git a/test/log/4056 b/test/log/4056 index 48c8d3b00..a61674766 100644 --- a/test/log/4056 +++ b/test/log/4056 @@ -3,21 +3,30 @@ 1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=client T=smtp H=127.0.0.1 [127.0.0.1] A=plain L C="250 OK id=10HmaY-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 10HmaY-0005vi-00 removed by CALLER +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@the.local.host.name U=CALLER P=local S=sss 1999-03-02 09:44:33 Start queue run: pid=pppp 1999-03-02 09:44:33 10HmaZ-0005vi-00 => b@test.ex R=client T=smtp H=127.0.0.1 [127.0.0.1] A=plain L* C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 10HmbB-0005vi-00 <= CALLER@the.local.host.name U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbB-0005vi-00 plain authenticator failed H=127.0.0.1 [127.0.0.1] 503 AUTH command used when not advertised +1999-03-02 09:44:33 10HmbB-0005vi-00 == c@test.ex R=client T=smtp defer (-42): authentication required but authentication attempt(s) failed +1999-03-02 09:44:33 10HmbB-0005vi-00 removed by CALLER +1999-03-02 09:44:33 10HmbB-0005vi-00 Completed +1999-03-02 09:44:33 10HmbC-0005vi-00 <= CALLER@the.local.host.name U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbC-0005vi-00 => d@test.ex R=client T=smtp H=127.0.0.1 [127.0.0.1] A=plain L C="250 OK id=10HmbD-0005vi-00" +1999-03-02 09:44:33 10HmbC-0005vi-00 Completed ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D 1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@the.local.host.name H=localhost (the.local.host.name) [127.0.0.1] P=esmtpa L. A=plain:userx S=sss id=E10HmaX-0005vi-00@the.local.host.name -1999-03-02 09:44:33 Start queue run: pid=pppp -1999-03-02 09:44:33 10HmaY-0005vi-00 => :blackhole: R=server -1999-03-02 09:44:33 10HmaY-0005vi-00 Completed -1999-03-02 09:44:33 End queue run: pid=pppp 1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@the.local.host.name H=localhost (the.local.host.name) [127.0.0.1] P=esmtpa L* A=plain:userx S=sss id=E10HmaZ-0005vi-00@the.local.host.name 1999-03-02 09:44:33 Start queue run: pid=pppp 1999-03-02 09:44:33 10HmbA-0005vi-00 => :blackhole: R=server 1999-03-02 09:44:33 10HmbA-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port PORT_D +1999-03-02 09:44:33 10HmbD-0005vi-00 <= CALLER@the.local.host.name H=localhost (the.local.host.name) [127.0.0.1] P=esmtpa L. A=plain:userx S=sss id=E10HmbC-0005vi-00@the.local.host.name diff --git a/test/scripts/4056-pipe-conn-auth/4056 b/test/scripts/4056-pipe-conn-auth/4056 index 403cf621c..9b2ab8223 100644 --- a/test/scripts/4056-pipe-conn-auth/4056 +++ b/test/scripts/4056-pipe-conn-auth/4056 @@ -5,27 +5,59 @@ exim -bd -DSERVER=server -oX PORT_D **** # exim a@test.ex -Subject test 1 +Subject: test 1 **** exim -q **** -exim -DNOTDAEMON -DSERVER=server -q +exim -Mrm $msg1 **** # # # # Go for it. This one should do (limited) early-pipelinng. exim b@test.ex -Subject test 2 +Subject: test 2 **** exim -q **** +# that should have gone to the server; deliver it there to blackhole exim -DNOTDAEMON -DSERVER=server -q **** # # killdaemon # +# +# +# +# Now have the server stop advertising AUTH +# Trying to use it will be attempted, fail, and should result in the cache being invalidated +# The message should be deferred; so still queued +exim -bd -DSERVER=server -DAA=no -oX PORT_D +**** +exim -odi c@test.ex +Subject: test 3 + +**** +killdaemon +# +exim -Mrm $msg1 +**** +# +# Tidy the retry db, for test purposes +sudo rm DIR/spool/db/retry +# +# +# Then, advertising again, initial attempt should not get early-pipe +# but should go through +exim -bd -DSERVER=server -oX PORT_D +**** +exim -odi d@test.ex +Subject: test 4 + +**** +killdaemon +# no_msglog_check diff --git a/test/stdout/4056 b/test/stdout/4056 new file mode 100644 index 000000000..503457c54 --- /dev/null +++ b/test/stdout/4056 @@ -0,0 +1,2 @@ +Message 10HmaY-0005vi-00 has been removed +Message 10HmbB-0005vi-00 has been removed