diff options
| author | manuel <manuel@mausz.at> | 2016-03-21 15:52:37 +0100 |
|---|---|---|
| committer | manuel <manuel@mausz.at> | 2016-03-21 15:52:37 +0100 |
| commit | 017cfe9f35802a2846391cce20dfb1516dc40a30 (patch) | |
| tree | 6aea0e0f993968f4c31ccd5c6be517190e4ae3f5 | |
| parent | 8de6e0db2523d68161799dd5cbaf1d05b7dc40a2 (diff) | |
| download | qmail-017cfe9f35802a2846391cce20dfb1516dc40a30.tar.gz qmail-017cfe9f35802a2846391cce20dfb1516dc40a30.tar.bz2 qmail-017cfe9f35802a2846391cce20dfb1516dc40a30.zip | |
implement tls before auth as environment variable
| -rw-r--r-- | qmail-smtpd.c | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/qmail-smtpd.c b/qmail-smtpd.c index dac1b52..34643b1 100644 --- a/qmail-smtpd.c +++ b/qmail-smtpd.c | |||
| @@ -70,6 +70,7 @@ int tls_verify(); | |||
| 70 | void tls_nogateway(); | 70 | void tls_nogateway(); |
| 71 | int ssl_rfd = -1, ssl_wfd = -1; /* SSL_get_Xfd() are broken */ | 71 | int ssl_rfd = -1, ssl_wfd = -1; /* SSL_get_Xfd() are broken */ |
| 72 | stralloc proto = {0}; | 72 | stralloc proto = {0}; |
| 73 | int tls_before_auth = 0; | ||
| 73 | #endif | 74 | #endif |
| 74 | 75 | ||
| 75 | int safewrite(fd,buf,len) int fd; char *buf; int len; | 76 | int safewrite(fd,buf,len) int fd; char *buf; int len; |
| @@ -310,6 +311,7 @@ void setup() | |||
| 310 | relayclient = env_get("RELAYCLIENT"); | 311 | relayclient = env_get("RELAYCLIENT"); |
| 311 | 312 | ||
| 312 | #ifdef TLS | 313 | #ifdef TLS |
| 314 | if (env_get("TLSBEFOREAUTH")) tls_before_auth = 1; | ||
| 313 | if (env_get("SMTPS")) { smtps = 1; tls_init(); } | 315 | if (env_get("SMTPS")) { smtps = 1; tls_init(); } |
| 314 | else | 316 | else |
| 315 | #endif | 317 | #endif |
| @@ -595,8 +597,8 @@ void smtp_ehlo(arg) char *arg; | |||
| 595 | out("\r\n250-STARTTLS"); | 597 | out("\r\n250-STARTTLS"); |
| 596 | #endif | 598 | #endif |
| 597 | out("\r\n250-PIPELINING\r\n250-8BITMIME\r\n"); | 599 | out("\r\n250-PIPELINING\r\n250-8BITMIME\r\n"); |
| 598 | #if defined(TLS) && defined(TLS_BEFORE_AUTH) | 600 | #if defined(TLS) |
| 599 | if(ssl) smtp_authout(); | 601 | if(!tls_before_auth || (tls_before_auth && ssl)) smtp_authout(); |
| 600 | #else | 602 | #else |
| 601 | smtp_authout(); | 603 | smtp_authout(); |
| 602 | #endif | 604 | #endif |
| @@ -979,8 +981,8 @@ int auth_login(arg) char *arg; | |||
| 979 | { | 981 | { |
| 980 | int r; | 982 | int r; |
| 981 | 983 | ||
| 982 | #if defined(TLS) && defined(TLS_BEFORE_AUTH) | 984 | #if defined(TLS) |
| 983 | if (!ssl) return err_wantstarttls(); | 985 | if (tls_before_auth && !ssl) return err_wantstarttls(); |
| 984 | #endif | 986 | #endif |
| 985 | if (*arg) { | 987 | if (*arg) { |
| 986 | if (r = b64decode(arg,str_len(arg),&user) == 1) return err_input(); | 988 | if (r = b64decode(arg,str_len(arg),&user) == 1) return err_input(); |
| @@ -1006,8 +1008,8 @@ int auth_plain(arg) char *arg; | |||
| 1006 | { | 1008 | { |
| 1007 | int r, id = 0; | 1009 | int r, id = 0; |
| 1008 | 1010 | ||
| 1009 | #if defined(TLS) && defined(TLS_BEFORE_AUTH) | 1011 | #if defined(TLS) |
| 1010 | if (!ssl) return err_wantstarttls(); | 1012 | if (tls_before_auth && !ssl) return err_wantstarttls(); |
| 1011 | #endif | 1013 | #endif |
| 1012 | if (*arg) { | 1014 | if (*arg) { |
| 1013 | if (r = b64decode(arg,str_len(arg),&resp) == 1) return err_input(); | 1015 | if (r = b64decode(arg,str_len(arg),&resp) == 1) return err_input(); |
| @@ -1035,8 +1037,8 @@ int auth_cram() | |||
| 1035 | int i, r; | 1037 | int i, r; |
| 1036 | char *s; | 1038 | char *s; |
| 1037 | 1039 | ||
| 1038 | #if defined(TLS) && defined(TLS_BEFORE_AUTH) | 1040 | #if defined(TLS) |
| 1039 | if (!ssl) return err_wantstarttls(); | 1041 | if (tls_before_auth && !ssl) return err_wantstarttls(); |
| 1040 | #endif | 1042 | #endif |
| 1041 | 1043 | ||
| 1042 | s = unique; /* generate challenge */ | 1044 | s = unique; /* generate challenge */ |