From 4ca9555bbe1639cb0677a9560e147697d827e609 Mon Sep 17 00:00:00 2001 From: Gilles Chehade Date: Fri, 15 May 2015 07:34:46 +0000 Subject: the code to prevent AUTH PLAIN from logging credentials upon authentication failure does not catch the AUTH LOGIN case. rework to use the session state rather than using the session command. spotted by pkern@debian.org --- usr.sbin/smtpd/smtp_session.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'usr.sbin/smtpd') diff --git a/usr.sbin/smtpd/smtp_session.c b/usr.sbin/smtpd/smtp_session.c index c2d8cbeac41..5dd6a585add 100644 --- a/usr.sbin/smtpd/smtp_session.c +++ b/usr.sbin/smtpd/smtp_session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtp_session.c,v 1.229 2015/04/19 20:29:12 gilles Exp $ */ +/* $OpenBSD: smtp_session.c,v 1.230 2015/05/15 07:34:45 gilles Exp $ */ /* * Copyright (c) 2008 Gilles Chehade @@ -1947,9 +1947,17 @@ smtp_reply(struct smtp_session *s, char *fmt, ...) log_info("smtp-in: Bad input on session %016"PRIx64 ": %.*s", s->id, n, buf); } - else if (strstr(s->cmd, "AUTH ") == s->cmd) { + else if (s->state == STATE_AUTH_INIT) { log_info("smtp-in: Failed command on session %016"PRIx64 - ": \"AUTH [...]\" => %.*s", s->id, n, buf); + ": \"AUTH PLAIN (...)\" => %.*s", s->id, n, buf); + } + else if (s->state == STATE_AUTH_USERNAME) { + log_info("smtp-in: Failed command on session %016"PRIx64 + ": \"AUTH LOGIN (username)\" => %.*s", s->id, n, buf); + } + else if (s->state == STATE_AUTH_PASSWORD) { + log_info("smtp-in: Failed command on session %016"PRIx64 + ": \"AUTH LOGIN (password)\" => %.*s", s->id, n, buf); } else { strnvis(tmp, s->cmd, sizeof tmp, VIS_SAFE | VIS_CSTYLE); -- cgit v1.2.3