[exim-cvs] Allow a forced-fail for banner expansion to close…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Exim Git Commits Mailing List
Date:  
À: exim-cvs
Sujet: [exim-cvs] Allow a forced-fail for banner expansion to close connection without panic-log
Gitweb: https://git.exim.org/exim.git/commitdiff/4f7a93c27e3d43b44c42d3fc503f03b9b42ca622
Commit:     4f7a93c27e3d43b44c42d3fc503f03b9b42ca622
Parent:     4243a209fd9499f30bebd58ceaa2d0d9845407ae
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Sat Dec 10 16:19:16 2022 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Sat Dec 10 16:19:16 2022 +0000


    Allow a forced-fail for banner expansion to close connection without panic-log
---
 doc/doc-docbook/spec.xfpt             |  9 +++++++--
 src/src/smtp_in.c                     | 19 ++++++++++++-------
 test/confs/5711                       |  1 +
 test/confs/5721                       |  1 +
 test/log/5711                         | 11 +++++++----
 test/log/5721                         | 11 +++++++----
 test/scripts/5710-GnuTLS-events/5711  |  7 ++++++-
 test/scripts/5720-OpenSSL-events/5721 |  8 +++++++-
 test/stdout/5711                      | 10 ++++++++--
 test/stdout/5721                      | 10 ++++++++--
 10 files changed, 64 insertions(+), 23 deletions(-)


diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 1b3c2b454..75a53786d 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -17692,13 +17692,18 @@ This facility is only available on Linux.
 .cindex "banner for SMTP"
 .cindex "welcome banner for SMTP"
 .cindex "customizing" "SMTP banner"
-This string, which is expanded every time it is used, is output as the initial
+If a connect ACL does not supply a message,
+this string (which is expanded every time it is used) is output as the initial
 positive response to an SMTP connection. The default setting is:
 .code
 smtp_banner = $smtp_active_hostname ESMTP Exim \
   $version_number $tod_full
 .endd
-Failure to expand the string causes a panic error. If you want to create a
+.new
+Failure to expand the string causes a panic error;
+a forced fail just closes the connection.
+.wen
+If you want to create a
 multiline response to the initial SMTP connection, use &"\n"& in the string at
 appropriate points, but not at the end. Note that the 220 code is not included
 in this string. Exim adds it automatically (several times in the case of a
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index b161f362d..6c043d434 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -3040,13 +3040,7 @@ code = US"220";   /* Default status code */
 esc = US"";       /* Default extended status code */
 esclen = 0;       /* Length of esc */


-if (!user_msg)
-  {
-  if (!(s = expand_string(smtp_banner)))
-    log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Expansion of \"%s\" (smtp_banner) "
-      "failed: %s", smtp_banner, expand_string_message);
-  }
-else
+if (user_msg)
   {
   int codelen = 3;
   s = user_msg;
@@ -3057,6 +3051,17 @@ else
     esclen = codelen - 4;
     }
   }
+else if (!(s = expand_string(smtp_banner)))
+  {
+  log_write(0, f.expand_string_forcedfail ? LOG_MAIN : LOG_MAIN|LOG_PANIC_DIE,
+    "Expansion of \"%s\" (smtp_banner) failed: %s",
+    smtp_banner, expand_string_message);
+  /* for force-fail */
+#ifndef DISABLE_TLS
+  if (tls_in.on_connect) tls_close(NULL, TLS_SHUTDOWN_WAIT);
+#endif
+  return FALSE;
+  }


/* Remove any terminating newlines; might as well remove trailing space too */

diff --git a/test/confs/5711 b/test/confs/5711
index 57a9fef08..2c6af3cf2 100644
--- a/test/confs/5711
+++ b/test/confs/5711
@@ -14,6 +14,7 @@ tls_advertise_hosts = *
tls_certificate = DIR/aux-fixed/cert1

host_reject_connection = ${acl {hrc}}
+smtp_banner = ${if != {$received_port}{PORT_D4} {my banner}fail}
event_action = ${acl {tls_fail}}

log_selector = +pid
diff --git a/test/confs/5721 b/test/confs/5721
index 84c7785d9..6839bd528 100644
--- a/test/confs/5721
+++ b/test/confs/5721
@@ -14,6 +14,7 @@ tls_advertise_hosts = *
tls_certificate = DIR/aux-fixed/cert1

host_reject_connection = ${acl {hrc}}
+smtp_banner = ${if != {$received_port}{PORT_D4} {my banner}fail}
event_action = ${acl {tls_fail}}

log_selector = +pid
diff --git a/test/log/5711 b/test/log/5711
index baf38b97d..4ebb2e2ea 100644
--- a/test/log/5711
+++ b/test/log/5711
@@ -1,6 +1,6 @@

******** SERVER ********
-1999-03-02 09:44:33 [1237] exim x.yz daemon started: pid=p1236, no queue runs, listening for SMTPS on port PORT_D port PORT_D2 port PORT_D3
+1999-03-02 09:44:33 [1237] exim x.yz daemon started: pid=p1236, no queue runs, listening for SMTPS on port PORT_D port PORT_D2 port PORT_D3 port PORT_D4
1999-03-02 09:44:33 [1238] eval host_reject_connection
1999-03-02 09:44:33 [1238] ACL conn
1999-03-02 09:44:33 [1238] ACL quit
@@ -15,6 +15,9 @@
1999-03-02 09:44:33 [1235] H=[127.0.0.1] dropped by 'connect' ACL: we dislike you
1999-03-02 09:44:33 [1240] eval host_reject_connection
1999-03-02 09:44:33 [1240] ACL conn
-1999-03-02 09:44:33 [1240] EV tls:fail:connect
-1999-03-02 09:44:33 [1240] EVDATA: (gnutls_handshake): The TLS connection was non-properly terminated.
-1999-03-02 09:44:33 [1240] TLS error on connection from [127.0.0.1] (tls lib accept fn): TCP connection closed by peer
+1999-03-02 09:44:33 [1240] Expansion of "${if != {$received_port}{1228} {my banner}fail}" (smtp_banner) failed: "if" failed and "fail" requested
+1999-03-02 09:44:33 [1241] eval host_reject_connection
+1999-03-02 09:44:33 [1241] ACL conn
+1999-03-02 09:44:33 [1241] EV tls:fail:connect
+1999-03-02 09:44:33 [1241] EVDATA: (gnutls_handshake): The TLS connection was non-properly terminated.
+1999-03-02 09:44:33 [1241] TLS error on connection from [127.0.0.1] (tls lib accept fn): TCP connection closed by peer
diff --git a/test/log/5721 b/test/log/5721
index 41583c55a..28d5bf8a9 100644
--- a/test/log/5721
+++ b/test/log/5721
@@ -1,6 +1,6 @@

******** SERVER ********
-1999-03-02 09:44:33 [1237] exim x.yz daemon started: pid=p1236, no queue runs, listening for SMTPS on port PORT_D port PORT_D2 port PORT_D3
+1999-03-02 09:44:33 [1237] exim x.yz daemon started: pid=p1236, no queue runs, listening for SMTPS on port PORT_D port PORT_D2 port PORT_D3 port PORT_D4
1999-03-02 09:44:33 [1238] eval host_reject_connection
1999-03-02 09:44:33 [1238] ACL conn
1999-03-02 09:44:33 [1238] ACL quit
@@ -14,6 +14,9 @@
1999-03-02 09:44:33 [1235] H=[127.0.0.1] dropped by 'connect' ACL: we dislike you
1999-03-02 09:44:33 [1240] eval host_reject_connection
1999-03-02 09:44:33 [1240] ACL conn
-1999-03-02 09:44:33 [1240] EV tls:fail:connect
-1999-03-02 09:44:33 [1240] EVDATA: SSL_accept: TCP connection closed by peer
-1999-03-02 09:44:33 [1240] TLS error on connection from [127.0.0.1] (tls lib accept fn): TCP connection closed by peer
+1999-03-02 09:44:33 [1240] Expansion of "${if != {$received_port}{1228} {my banner}fail}" (smtp_banner) failed: "if" failed and "fail" requested
+1999-03-02 09:44:33 [1241] eval host_reject_connection
+1999-03-02 09:44:33 [1241] ACL conn
+1999-03-02 09:44:33 [1241] EV tls:fail:connect
+1999-03-02 09:44:33 [1241] EVDATA: SSL_accept: TCP connection closed by peer
+1999-03-02 09:44:33 [1241] TLS error on connection from [127.0.0.1] (tls lib accept fn): TCP connection closed by peer
diff --git a/test/scripts/5710-GnuTLS-events/5711 b/test/scripts/5710-GnuTLS-events/5711
index 725703f2a..6817c8c29 100644
--- a/test/scripts/5710-GnuTLS-events/5711
+++ b/test/scripts/5710-GnuTLS-events/5711
@@ -1,6 +1,6 @@
# smtp-on-connect drop-before-tls-accept
#
-exim -DSERVER=server -tls-on-connect -bd -oX PORT_D:PORT_D2:PORT_D3
+exim -DSERVER=server -tls-on-connect -bd -oX PORT_D:PORT_D2:PORT_D3:PORT_D4
****
#
# Normal, full connect and quit
@@ -25,6 +25,11 @@ client-anytls -tls-on-connect 127.0.0.1 PORT_D3
???*
****
#
+# server fails banner expansion
+client-anytls -tls-on-connect 127.0.0.1 PORT_D4
+???*
+****
+#
# client disconnects before server TLS accept completes
client 127.0.0.1 PORT_D
+++ 1
diff --git a/test/scripts/5720-OpenSSL-events/5721 b/test/scripts/5720-OpenSSL-events/5721
index 19f977c7b..14bcd2cb6 100644
--- a/test/scripts/5720-OpenSSL-events/5721
+++ b/test/scripts/5720-OpenSSL-events/5721
@@ -1,6 +1,6 @@
# smtp-on-connect drop-before-tls-accept
#
-exim -DSERVER=server -tls-on-connect -bd -oX PORT_D:PORT_D2:PORT_D3
+exim -DSERVER=server -tls-on-connect -bd -oX PORT_D:PORT_D2:PORT_D3:PORT_D4
****
#
# Normal, full connect and quit
@@ -25,6 +25,12 @@ client-anytls -tls-on-connect 127.0.0.1 PORT_D3
???*
****
#
+# server fails banner expansion
+client-anytls -tls-on-connect 127.0.0.1 PORT_D4
+???*
+****
+#
+#
# client disconnects before server TLS accept completes
client 127.0.0.1 PORT_D
+++ 1
diff --git a/test/stdout/5711 b/test/stdout/5711
index f96f81b96..6a928b2e9 100644
--- a/test/stdout/5711
+++ b/test/stdout/5711
@@ -2,7 +2,7 @@ Connecting to 127.0.0.1 port 1225 ... connected
Attempting to start TLS
Succeeded in starting TLS
??? 220
-<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+<<< 220 my banner
>>> quit

??? 221
<<< 221 myhost.test.ex closing connection
@@ -11,7 +11,7 @@ Connecting to 127.0.0.1 port 1225 ... connected
Attempting to start TLS
Succeeded in starting TLS
??? 220
-<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+<<< 220 my banner
End of script
Connecting to 127.0.0.1 port 1226 ... connected
Attempting to start TLS
@@ -25,6 +25,12 @@ Failed to start TLS
???*
Expected EOF read
End of script
+Connecting to 127.0.0.1 port 1228 ... connected
+Attempting to start TLS
+Succeeded in starting TLS
+???*
+Expected EOF read
+End of script
Connecting to 127.0.0.1 port 1225 ... connected
+++ 1
End of script
diff --git a/test/stdout/5721 b/test/stdout/5721
index f96f81b96..6a928b2e9 100644
--- a/test/stdout/5721
+++ b/test/stdout/5721
@@ -2,7 +2,7 @@ Connecting to 127.0.0.1 port 1225 ... connected
Attempting to start TLS
Succeeded in starting TLS
??? 220
-<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+<<< 220 my banner
>>> quit

??? 221
<<< 221 myhost.test.ex closing connection
@@ -11,7 +11,7 @@ Connecting to 127.0.0.1 port 1225 ... connected
Attempting to start TLS
Succeeded in starting TLS
??? 220
-<<< 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
+<<< 220 my banner
End of script
Connecting to 127.0.0.1 port 1226 ... connected
Attempting to start TLS
@@ -25,6 +25,12 @@ Failed to start TLS
???*
Expected EOF read
End of script
+Connecting to 127.0.0.1 port 1228 ... connected
+Attempting to start TLS
+Succeeded in starting TLS
+???*
+Expected EOF read
+End of script
Connecting to 127.0.0.1 port 1225 ... connected
+++ 1
End of script