[exim-cvs] Log incoming-TLS details on rejects. Bug 305

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Exim Git Commits Mailing List
Datum:  
To: exim-cvs
Betreff: [exim-cvs] Log incoming-TLS details on rejects. Bug 305
Gitweb: http://git.exim.org/exim.git/commitdiff/e45a1c3738f3cec60acf36ae268f8cbf35a2ce7d
Commit:     e45a1c3738f3cec60acf36ae268f8cbf35a2ce7d
Parent:     09ae8f9f555a3cfe7c2887d920279d41fb88879c
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Sun Mar 9 16:41:20 2014 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Sun Mar 9 21:22:22 2014 +0000


    Log incoming-TLS details on rejects. Bug 305
---
 doc/doc-docbook/spec.xfpt |    1 +
 doc/doc-txt/ChangeLog     |    3 ++
 src/src/smtp_in.c         |   48 ++++++++++++++++++++++++++++++++------------
 3 files changed, 39 insertions(+), 13 deletions(-)


diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 0922085..345effd 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -34056,6 +34056,7 @@ the following table:
 &`R   `&        on &`<=`& lines: reference for local bounce
 &`    `&        on &`=>`&  &`**`& and &`==`& lines: router name
 &`S   `&        size of message
+&`SNI `&        server name indication from TLS client hello
 &`ST  `&        shadow transport name
 &`T   `&        on &`<=`& lines: message subject (topic)
 &`    `&        on &`=>`& &`**`& and &`==`& lines: transport name
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 83c255c..0c51bc3 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -48,6 +48,9 @@ TL/05 Rename SPF condition results err_perm and err_temp to standardized


JH/04 Add ${utf8clean:} operator. Contributed by Alex Rau.

+JH/05 Bugzilla 305: Log incoming-TLS details on rejects, subject to log
+      selectors, in both main and reject logs.
+
 Exim version 4.82
 -----------------


diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index 1d62bab..9981e8d 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -1163,6 +1163,32 @@ return string_sprintf("SMTP connection from %s", hostname);



+#ifdef SUPPORT_TLS
+static uschar *
+s_tlslog(uschar * s, int * sizep, int * ptrp)
+{
+  int size = sizep ? *sizep : 0;
+  int ptr = ptrp ? *ptrp : 0;
+
+  if ((log_extra_selector & LX_tls_cipher) != 0 && tls_in.cipher != NULL)
+    s = string_append(s, &size, &ptr, 2, US" X=", tls_in.cipher);
+  if ((log_extra_selector & LX_tls_certificate_verified) != 0 &&
+       tls_in.cipher != NULL)
+    s = string_append(s, &size, &ptr, 2, US" CV=",
+      tls_in.certificate_verified? "yes":"no");
+  if ((log_extra_selector & LX_tls_peerdn) != 0 && tls_in.peerdn != NULL)
+    s = string_append(s, &size, &ptr, 3, US" DN=\"",
+      string_printing(tls_in.peerdn), US"\"");
+  if ((log_extra_selector & LX_tls_sni) != 0 && tls_in.sni != NULL)
+    s = string_append(s, &size, &ptr, 3, US" SNI=\"",
+      string_printing(tls_in.sni), US"\"");
+
+  if (sizep) *sizep = size;
+  if (ptrp) *ptrp = ptr;
+  return s;
+}
+#endif
+
 /*************************************************
 *      Log lack of MAIL if so configured         *
 *************************************************/
@@ -1195,18 +1221,7 @@ if (sender_host_authenticated != NULL)
   }


 #ifdef SUPPORT_TLS
-if ((log_extra_selector & LX_tls_cipher) != 0 && tls_in.cipher != NULL)
-  s = string_append(s, &size, &ptr, 2, US" X=", tls_in.cipher);
-if ((log_extra_selector & LX_tls_certificate_verified) != 0 &&
-     tls_in.cipher != NULL)
-  s = string_append(s, &size, &ptr, 2, US" CV=",
-    tls_in.certificate_verified? "yes":"no");
-if ((log_extra_selector & LX_tls_peerdn) != 0 && tls_in.peerdn != NULL)
-  s = string_append(s, &size, &ptr, 3, US" DN=\"",
-    string_printing(tls_in.peerdn), US"\"");
-if ((log_extra_selector & LX_tls_sni) != 0 && tls_in.sni != NULL)
-  s = string_append(s, &size, &ptr, 3, US" SNI=\"",
-    string_printing(tls_in.sni), US"\"");
+s = s_tlslog(s, &size, &ptr);
 #endif


sep = (smtp_connection_had[SMTP_HBUFF_SIZE-1] != SCH_NONE)?
@@ -2694,8 +2709,13 @@ the connection is not forcibly to be dropped, return 0. Otherwise, log why it
is closing if required and return 2. */

 if (log_reject_target != 0)
-  log_write(0, log_reject_target, "%s %s%srejected %s%s",
+  log_write(0, log_reject_target, "%s%s %s%srejected %s%s",
     host_and_ident(TRUE),
+#ifdef SUPPORT_TLS
+    s_tlslog(NULL, NULL, NULL),
+#else
+    "",
+#endif
     sender_info, (rc == FAIL)? US"" : US"temporarily ", what, log_msg);


if (!drop) return 0;
@@ -4777,4 +4797,6 @@ while (done <= 0)
return done - 2; /* Convert yield values */
}

+/* vi: aw ai sw=2
+*/
/* End of smtp_in.c */