summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGilles Chehade <gilles@cvs.openbsd.org>2019-07-11 11:56:53 +0000
committerGilles Chehade <gilles@cvs.openbsd.org>2019-07-11 11:56:53 +0000
commit1b6642da1ccd59a58db9a963db0de8a08ab856c5 (patch)
tree662a045dde431ce0c49d3b7637e8ff52dcb755b6
parent88446afd154303ac7a04da0329ff27659f89cf99 (diff)
there are three ways to authenticate 'AUTH PLAIN', 'AUTH PLAIN <creds>' and
'AUTH LOGIN', this ensures all three have credentials obfuscated in smtp reports
-rw-r--r--usr.sbin/smtpd/smtp_session.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/usr.sbin/smtpd/smtp_session.c b/usr.sbin/smtpd/smtp_session.c
index 55010df34d3..4484ec38fcd 100644
--- a/usr.sbin/smtpd/smtp_session.c
+++ b/usr.sbin/smtpd/smtp_session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: smtp_session.c,v 1.396 2019/07/10 19:53:52 gilles Exp $ */
+/* $OpenBSD: smtp_session.c,v 1.397 2019/07/11 11:56:52 gilles Exp $ */
/*
* Copyright (c) 2008 Gilles Chehade <gilles@poolp.org>
@@ -1205,7 +1205,7 @@ smtp_command(struct smtp_session *s, char *line)
* These states are special.
*/
if (s->state == STATE_AUTH_INIT) {
- report_smtp_protocol_client("smtp-in", s->id, "AUTH PLAIN ********");
+ report_smtp_protocol_client("smtp-in", s->id, "********");
smtp_rfc4954_auth_plain(s, line);
return;
}
@@ -1215,7 +1215,11 @@ smtp_command(struct smtp_session *s, char *line)
return;
}
- report_smtp_protocol_client("smtp-in", s->id, line);
+ if (s->state == STATE_HELO && strncasecmp(line, "AUTH PLAIN ", 11) == 0)
+ report_smtp_protocol_client("smtp-in", s->id, "AUTH PLAIN ********");
+ else
+ report_smtp_protocol_client("smtp-in", s->id, line);
+
/*
* Unlike other commands, "mail from" and "rcpt to" contain a