diff options
author | Gilles Chehade <gilles@cvs.openbsd.org> | 2019-07-11 11:56:53 +0000 |
---|---|---|
committer | Gilles Chehade <gilles@cvs.openbsd.org> | 2019-07-11 11:56:53 +0000 |
commit | 1b6642da1ccd59a58db9a963db0de8a08ab856c5 (patch) | |
tree | 662a045dde431ce0c49d3b7637e8ff52dcb755b6 | |
parent | 88446afd154303ac7a04da0329ff27659f89cf99 (diff) |
there are three ways to authenticate 'AUTH PLAIN', 'AUTH PLAIN <creds>' and
'AUTH LOGIN', this ensures all three have credentials obfuscated in smtp
reports
-rw-r--r-- | usr.sbin/smtpd/smtp_session.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/usr.sbin/smtpd/smtp_session.c b/usr.sbin/smtpd/smtp_session.c index 55010df34d3..4484ec38fcd 100644 --- a/usr.sbin/smtpd/smtp_session.c +++ b/usr.sbin/smtpd/smtp_session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtp_session.c,v 1.396 2019/07/10 19:53:52 gilles Exp $ */ +/* $OpenBSD: smtp_session.c,v 1.397 2019/07/11 11:56:52 gilles Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> @@ -1205,7 +1205,7 @@ smtp_command(struct smtp_session *s, char *line) * These states are special. */ if (s->state == STATE_AUTH_INIT) { - report_smtp_protocol_client("smtp-in", s->id, "AUTH PLAIN ********"); + report_smtp_protocol_client("smtp-in", s->id, "********"); smtp_rfc4954_auth_plain(s, line); return; } @@ -1215,7 +1215,11 @@ smtp_command(struct smtp_session *s, char *line) return; } - report_smtp_protocol_client("smtp-in", s->id, line); + if (s->state == STATE_HELO && strncasecmp(line, "AUTH PLAIN ", 11) == 0) + report_smtp_protocol_client("smtp-in", s->id, "AUTH PLAIN ********"); + else + report_smtp_protocol_client("smtp-in", s->id, line); + /* * Unlike other commands, "mail from" and "rcpt to" contain a |