summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Denker <jsd@av8n.com>2012-06-02 18:30:09 -0700
committerJohn Denker <jsd@av8n.com>2012-06-02 18:35:51 -0700
commit81b5f8f3ab26a7969956faef29a90499ece40ff5 (patch)
treefaa914ee47854058f3830cb0f018ea70cdeb3975
parent72937a56ee2beec1732797e1fc4cbe8ea057e4ca (diff)
don't offer AUTH unless a passwd checker was specified on command line;
don't offer CRAM-style auth at all.
-rw-r--r--qmail-smtpd.c32
1 files changed, 21 insertions, 11 deletions
diff --git a/qmail-smtpd.c b/qmail-smtpd.c
index dc029ae..7d062a2 100644
--- a/qmail-smtpd.c
+++ b/qmail-smtpd.c
@@ -26,7 +26,13 @@
#include "wait.h"
#include "fd.h"
-#define AUTHCRAM
+// AUTHCRAM is not #defined for now, because:
+// 1) It requires cmd5checkpw (not just checkpassword), and
+// a) cmd5checkpw requires separate administration of the poppasswed file.
+// b) cmd5checkpw requires leaving plaintext passwords on disk, yecchhhh.
+// 2) We don't need the added security if we only offer auth
+// over channels that are already protected by ssl.
+
#define MAXHOPS 100
unsigned int databytes = 0;
int timeout = 1200;
@@ -233,6 +239,8 @@ int seenmail = 0;
int flagbarf; /* defined if seenmail */
stralloc mailfrom = {0};
stralloc rcptto = {0};
+char *hostname;
+char **childargs;
void smtp_helo(arg) char *arg;
{
@@ -241,15 +249,17 @@ void smtp_helo(arg) char *arg;
}
void smtp_ehlo(arg) char *arg;
{
- smtp_greet("250-");
+ smtp_greet("250-"); out("\r\n");
+ if (hostname && childargs) {
#ifdef AUTHCRAM
- out("\r\n250-AUTH LOGIN CRAM-MD5 PLAIN");
- out("\r\n250-AUTH=LOGIN CRAM-MD5 PLAIN");
+ out("250-AUTH LOGIN CRAM-MD5 PLAIN\r\n");
+ out("250-AUTH=LOGIN CRAM-MD5 PLAIN\r\n");
#else
- out("\r\n250-AUTH LOGIN PLAIN");
- out("\r\n250-AUTH=LOGIN PLAIN");
+ out("250-AUTH LOGIN PLAIN\r\n");
+ out("250-AUTH=LOGIN PLAIN\r\n");
#endif
- out("\r\n250-PIPELINING\r\n250 8BITMIME\r\n");
+ }
+ out("250-PIPELINING\r\n250 8BITMIME\r\n");
seenmail = 0; dohelo(arg);
}
void smtp_rset(arg) char *arg;
@@ -421,8 +431,6 @@ static stralloc user = {0};
static stralloc pass = {0};
static stralloc resp = {0};
static stralloc slop = {0};
-char *hostname;
-char **childargs;
substdio ssup;
char upbuf[128];
int authd = 0;
@@ -647,8 +655,10 @@ void main(argc,argv)
int argc;
char **argv;
{
- hostname = argv[1];
- childargs = argv + 2;
+ hostname = "";
+ if (argc > 1) hostname = argv[1];
+ childargs = 0;
+ if (argc > 2) childargs = argv + 2;
sig_pipeignore();
if (chdir(auto_qmail) == -1) die_control();