diff options
| author | Jacek Masiulaniec <jacekm@cvs.openbsd.org> | 2009-05-19 11:42:53 +0000 |
|---|---|---|
| committer | Jacek Masiulaniec <jacekm@cvs.openbsd.org> | 2009-05-19 11:42:53 +0000 |
| commit | 4579f9e8556f4837002ef10b9409bc7857688c25 (patch) | |
| tree | de2e131f6811cd72eae2f94c35dfe56a17a373a7 /usr.sbin | |
| parent | 65424ed6191c108c9522ceb76fb060bf2a3dccc1 (diff) | |
- Don't advertise nor accept STARTTLS command when session is secure.
- Make the condition when STARTTLS and AUTH are advertised & accepted
more readable.
ok gilles@
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/smtpd/smtp_session.c | 28 | ||||
| -rw-r--r-- | usr.sbin/smtpd/smtpd.h | 7 |
2 files changed, 21 insertions, 14 deletions
diff --git a/usr.sbin/smtpd/smtp_session.c b/usr.sbin/smtpd/smtp_session.c index 8affe5ebeea..47fc8960164 100644 --- a/usr.sbin/smtpd/smtp_session.c +++ b/usr.sbin/smtpd/smtp_session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtp_session.c,v 1.89 2009/05/18 20:23:35 jacekm Exp $ */ +/* $OpenBSD: smtp_session.c,v 1.90 2009/05/19 11:42:52 jacekm Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@openbsd.org> @@ -111,6 +111,9 @@ struct session_cmd rfc4954_cmdtab[] = { int session_rfc3207_stls_handler(struct session *s, char *args) { + if (! ADVERTISE_TLS(s)) + return 0; + if (s->s_state == S_GREETED) { session_respond(s, "503 Polite people say HELO first"); return 1; @@ -134,6 +137,9 @@ session_rfc4954_auth_handler(struct session *s, char *args) char *method; char *eom; + if (! ADVERTISE_AUTH(s)) + return 0; + if (s->s_state == S_GREETED) { session_respond(s, "503 Polite people say HELO first"); return 1; @@ -323,12 +329,10 @@ session_rfc5321_ehlo_handler(struct session *s, char *args) s->s_env->sc_hostname, args, ss_to_text(&s->s_ss)); session_respond(s, "250-8BITMIME"); - /* only advertise starttls if listener can support it */ - if (s->s_l->flags & F_STARTTLS) + if (ADVERTISE_TLS(s)) session_respond(s, "250-STARTTLS"); - /* only advertise auth if session is secure */ - if ((s->s_l->flags & F_AUTH) && (s->s_flags & F_SECURE)) + if (ADVERTISE_AUTH(s)) session_respond(s, "250-AUTH PLAIN LOGIN"); session_respond(s, "250 HELP"); @@ -532,14 +536,12 @@ session_command(struct session *s, char *cmd, size_t nr) } /* RFC 4954 - AUTH */ - if ((s->s_l->flags & F_AUTH) && (s->s_flags & F_SECURE)) { - for (i = 0; i < nitems(rfc4954_cmdtab); ++i) - if (strcasecmp(rfc4954_cmdtab[i].name, cmd) == 0) - break; - if (i < nitems(rfc4954_cmdtab)) { - if (rfc4954_cmdtab[i].func(s, args)) - return; - } + for (i = 0; i < nitems(rfc4954_cmdtab); ++i) + if (strcasecmp(rfc4954_cmdtab[i].name, cmd) == 0) + break; + if (i < nitems(rfc4954_cmdtab)) { + if (rfc4954_cmdtab[i].func(s, args)) + return; } rfc5321: diff --git a/usr.sbin/smtpd/smtpd.h b/usr.sbin/smtpd/smtpd.h index 6d5d7540009..c2e785db5d5 100644 --- a/usr.sbin/smtpd/smtpd.h +++ b/usr.sbin/smtpd/smtpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: smtpd.h,v 1.110 2009/05/19 11:37:44 jacekm Exp $ */ +/* $OpenBSD: smtpd.h,v 1.111 2009/05/19 11:42:52 jacekm Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@openbsd.org> @@ -79,6 +79,11 @@ #define F_AUTH 0x04 #define F_SSL (F_SMTPS|F_STARTTLS) +#define ADVERTISE_TLS(s) \ + ((s)->s_l->flags & F_STARTTLS && !((s)->s_flags & F_SECURE)) + +#define ADVERTISE_AUTH(s) \ + ((s)->s_l->flags & F_AUTH && ((s)->s_flags & F_SECURE)) struct netaddr { struct sockaddr_storage ss; |