summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--qmail-smtpd.c26
1 files changed, 22 insertions, 4 deletions
diff --git a/qmail-smtpd.c b/qmail-smtpd.c
index 4466168..c8ee61b 100644
--- a/qmail-smtpd.c
+++ b/qmail-smtpd.c
@@ -151,6 +151,7 @@ void err_authmail() { out("503 no auth during mail transaction (#5.5.0)\r\n"); }
151int err_noauth() { out("504 auth type unimplemented (#5.5.1)\r\n"); return -1; } 151int err_noauth() { out("504 auth type unimplemented (#5.5.1)\r\n"); return -1; }
152int err_authabrt() { out("501 auth exchange canceled (#5.0.0)\r\n"); return -1; } 152int err_authabrt() { out("501 auth exchange canceled (#5.0.0)\r\n"); return -1; }
153int err_input() { out("501 malformed auth input (#5.5.4)\r\n"); return -1; } 153int err_input() { out("501 malformed auth input (#5.5.4)\r\n"); return -1; }
154int err_wantstarttls() { out("530 Must issue a STARTTLS command first (#5.7.0)\r\n"); return -1; };
154void err_authfail() { out("535 authentication failed (#5.7.1)\r\n"); } 155void err_authfail() { out("535 authentication failed (#5.7.1)\r\n"); }
155 156
156stralloc greeting = {0}; 157stralloc greeting = {0};
@@ -508,6 +509,13 @@ void smtp_helo(arg) char *arg;
508 seenmail = 0; dohelo(arg); 509 seenmail = 0; dohelo(arg);
509 if (bhelook) flagbarfbhelo = bmcheck(BMCHECK_BHELO); 510 if (bhelook) flagbarfbhelo = bmcheck(BMCHECK_BHELO);
510} 511}
512void smtp_authout() {
513#ifdef CRAM_MD5
514 out("250-AUTH LOGIN PLAIN CRAM-MD5\r\n");
515#else
516 out("250-AUTH LOGIN PLAIN\r\n");
517#endif
518}
511/* ESMTP extensions are published here */ 519/* ESMTP extensions are published here */
512void smtp_ehlo(arg) char *arg; 520void smtp_ehlo(arg) char *arg;
513{ 521{
@@ -522,12 +530,12 @@ void smtp_ehlo(arg) char *arg;
522 out("\r\n250-STARTTLS"); 530 out("\r\n250-STARTTLS");
523#endif 531#endif
524 out("\r\n250-PIPELINING\r\n250-8BITMIME\r\n"); 532 out("\r\n250-PIPELINING\r\n250-8BITMIME\r\n");
525 out("250-SIZE "); out(size); out("\r\n"); 533#if defined(TLS) && defined(TLS_BEFORE_AUTH)
526#ifdef CRAM_MD5 534 if(ssl) smtp_authout();
527 out("250 AUTH LOGIN PLAIN CRAM-MD5\r\n");
528#else 535#else
529 out("250 AUTH LOGIN PLAIN\r\n"); 536 smtp_authout();
530#endif 537#endif
538 out("250 SIZE "); out(size); out("\r\n");
531 seenmail = 0; dohelo(arg); 539 seenmail = 0; dohelo(arg);
532 if (bhelook) flagbarfbhelo = bmcheck(BMCHECK_BHELO); 540 if (bhelook) flagbarfbhelo = bmcheck(BMCHECK_BHELO);
533} 541}
@@ -826,6 +834,9 @@ int auth_login(arg) char *arg;
826{ 834{
827 int r; 835 int r;
828 836
837#if defined(TLS) && defined(TLS_BEFORE_AUTH)
838 if (!ssl) return err_wantstarttls();
839#endif
829 if (*arg) { 840 if (*arg) {
830 if (r = b64decode(arg,str_len(arg),&user) == 1) return err_input(); 841 if (r = b64decode(arg,str_len(arg),&user) == 1) return err_input();
831 } 842 }
@@ -850,6 +861,9 @@ int auth_plain(arg) char *arg;
850{ 861{
851 int r, id = 0; 862 int r, id = 0;
852 863
864#if defined(TLS) && defined(TLS_BEFORE_AUTH)
865 if (!ssl) return err_wantstarttls();
866#endif
853 if (*arg) { 867 if (*arg) {
854 if (r = b64decode(arg,str_len(arg),&resp) == 1) return err_input(); 868 if (r = b64decode(arg,str_len(arg),&resp) == 1) return err_input();
855 } 869 }
@@ -876,6 +890,10 @@ int auth_cram()
876 int i, r; 890 int i, r;
877 char *s; 891 char *s;
878 892
893#if defined(TLS) && defined(TLS_BEFORE_AUTH)
894 if (!ssl) return err_wantstarttls();
895#endif
896
879 s = unique; /* generate challenge */ 897 s = unique; /* generate challenge */
880 s += fmt_uint(s,getpid()); 898 s += fmt_uint(s,getpid());
881 *s++ = '.'; 899 *s++ = '.';
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-12 12:31:44 +0000