From 017cfe9f35802a2846391cce20dfb1516dc40a30 Mon Sep 17 00:00:00 2001
From: manuel <manuel@mausz.at>
Date: Mon, 21 Mar 2016 15:52:37 +0100
Subject: implement tls before auth as environment variable

---
 qmail-smtpd.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

(limited to 'qmail-smtpd.c')

diff --git a/qmail-smtpd.c b/qmail-smtpd.c
index dac1b52..34643b1 100644
--- a/qmail-smtpd.c
+++ b/qmail-smtpd.c
@@ -70,6 +70,7 @@ int tls_verify();
 void tls_nogateway();
 int ssl_rfd = -1, ssl_wfd = -1; /* SSL_get_Xfd() are broken */
 stralloc proto = {0};
+int tls_before_auth = 0;
 #endif
 
 int safewrite(fd,buf,len) int fd; char *buf; int len;
@@ -310,6 +311,7 @@ void setup()
   relayclient = env_get("RELAYCLIENT");
 
 #ifdef TLS
+  if (env_get("TLSBEFOREAUTH")) tls_before_auth = 1;
   if (env_get("SMTPS")) { smtps = 1; tls_init(); }
   else
 #endif
@@ -595,8 +597,8 @@ void smtp_ehlo(arg) char *arg;
     out("\r\n250-STARTTLS");
 #endif
   out("\r\n250-PIPELINING\r\n250-8BITMIME\r\n");
-#if defined(TLS) && defined(TLS_BEFORE_AUTH)
-  if(ssl) smtp_authout();
+#if defined(TLS)
+  if(!tls_before_auth || (tls_before_auth && ssl)) smtp_authout();
 #else
   smtp_authout();
 #endif
@@ -979,8 +981,8 @@ int auth_login(arg) char *arg;
 {
   int r;
 
-#if defined(TLS) && defined(TLS_BEFORE_AUTH)
-  if (!ssl) return err_wantstarttls();
+#if defined(TLS)
+  if (tls_before_auth && !ssl) return err_wantstarttls();
 #endif
   if (*arg) {
     if (r = b64decode(arg,str_len(arg),&user) == 1) return err_input();
@@ -1006,8 +1008,8 @@ int auth_plain(arg) char *arg;
 {
   int r, id = 0;
 
-#if defined(TLS) && defined(TLS_BEFORE_AUTH)
-  if (!ssl) return err_wantstarttls();
+#if defined(TLS)
+  if (tls_before_auth && !ssl) return err_wantstarttls();
 #endif
   if (*arg) {
     if (r = b64decode(arg,str_len(arg),&resp) == 1) return err_input();
@@ -1035,8 +1037,8 @@ int auth_cram()
   int i, r;
   char *s;
 
-#if defined(TLS) && defined(TLS_BEFORE_AUTH)
-  if (!ssl) return err_wantstarttls();
+#if defined(TLS)
+  if (tls_before_auth && !ssl) return err_wantstarttls();
 #endif
 
   s = unique;                                           /* generate challenge */
-- 
cgit v1.2.3