From 5e6d12accb0bdfa1cee9d8c9a1ecec3131b9f502 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Tue, 14 Mar 2017 16:38:41 +0000 Subject: [PATCH] Logging: mark continued-TLS connection deliveries with "X-*" --- doc/doc-docbook/spec.xfpt | 7 ++--- doc/doc-txt/ChangeLog | 3 ++- src/src/deliver.c | 56 +++++++++++++++++++-------------------- test/log/2013 | 4 +-- test/log/2113 | 4 +-- test/stderr/2013 | 4 +-- test/stderr/2113 | 4 +-- 7 files changed, 41 insertions(+), 41 deletions(-) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index be93cf670..91dacb7bb 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -35769,9 +35769,10 @@ down a single SMTP connection, an asterisk follows the IP address in the log lines for the second and subsequent messages. .new When two or more messages are delivered down a single TLS connection, the -TLS-related information logged for the first message delivered -(which may not be the earliest line in the log) +DNS and TLS-related information logged for the first message delivered will not be present in the log lines for the second and subsequent messages. +A TLS-marker indication of &'X=*'& is added to the log line instead of +cipher information. .wen .cindex "delivery" "cutthrough; logging" @@ -35900,7 +35901,7 @@ the following table: &`T `& on &`<=`& lines: message subject (topic) &` `& on &`=>`& &`**`& and &`==`& lines: transport name &`U `& local user or RFC 1413 identity -&`X `& TLS cipher suite +&`X `& TLS cipher suite, or TLS usage mark .endd diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 5b5dcbd7f..f43475ba3 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -24,7 +24,8 @@ JH/03 Rework the transport continued-connection mechanism: when TLS is active, the passed-on TCP connection. Instead, proxy the child (and any subsequent ones) for TLS via a unix-domain socket channel. Logging is affected: the continued delivery log lines do not have any DNSSEC, TLS - cipher, Certificate or OCSP information. + cipher, Certificate or OCSP information. A "continued-TLS" marker is + added instead of the cipher information: "X=*". JH/04 Shorten the log line for daemon startup by collapsing adjacent sets of identical IP addresses on different listening ports. Will also affect diff --git a/src/src/deliver.c b/src/src/deliver.c index cb4616e6c..7743d37c3 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -3396,7 +3396,7 @@ while (!done) /* Cut out any "delete" items on the list. */ - for (rp = &(addr->retries); (r = *rp); rp = &r->next) + for (rp = &addr->retries; (r = *rp); rp = &r->next) if (Ustrcmp(r->key, ptr+1) == 0) /* Found item with same key */ { if ((r->flags & rf_delete) == 0) break; /* It was not "delete" */ @@ -3408,7 +3408,7 @@ while (!done) /* We want to add a delete item only if there is no non-delete item; however we still have to step ptr through the data. */ - if (!r || (*ptr & rf_delete) == 0) + if (!r || !(*ptr & rf_delete)) { r = store_get(sizeof(retry_item)); r->next = addr->retries; @@ -3458,36 +3458,34 @@ while (!done) switch (subid) { case '1': - addr->cipher = NULL; - addr->peerdn = NULL; - - if (*ptr) - addr->cipher = string_copy(ptr); - while (*ptr++); - if (*ptr) - addr->peerdn = string_copy(ptr); - break; + addr->cipher = NULL; + addr->peerdn = NULL; + + if (*ptr) + addr->cipher = string_copy(ptr); + while (*ptr++); + if (*ptr) + addr->peerdn = string_copy(ptr); + break; case '2': - if (*ptr) - (void) tls_import_cert(ptr, &addr->peercert); - else - addr->peercert = NULL; - break; + if (*ptr) + (void) tls_import_cert(ptr, &addr->peercert); + else + addr->peercert = NULL; + break; case '3': - if (*ptr) - (void) tls_import_cert(ptr, &addr->ourcert); - else - addr->ourcert = NULL; - break; + if (*ptr) + (void) tls_import_cert(ptr, &addr->ourcert); + else + addr->ourcert = NULL; + break; # ifndef DISABLE_OCSP case '4': - addr->ocsp = OCSP_NOT_REQ; - if (*ptr) - addr->ocsp = *ptr - '0'; - break; + addr->ocsp = *ptr ? *ptr - '0' : OCSP_NOT_REQ; + break; # endif } while (*ptr++); @@ -4713,13 +4711,13 @@ for (delivery_count = 0; addr_remote; delivery_count++) if (!addr->peerdn) *ptr++ = 0; else - { - ptr += sprintf(CS ptr, "%.512s", addr->peerdn); - ptr++; - } + ptr += sprintf(CS ptr, "%.512s", addr->peerdn) + 1; rmt_dlv_checked_write(fd, 'X', '1', big_buffer, ptr - big_buffer); } + else if (continue_proxy) /* known TLS, but no cipher info */ + rmt_dlv_checked_write(fd, 'X', '1', US"*\0", 3); + if (addr->peercert) { ptr = big_buffer; diff --git a/test/log/2013 b/test/log/2013 index 79bc3f612..ad78743ec 100644 --- a/test/log/2013 +++ b/test/log/2013 @@ -4,9 +4,9 @@ 1999-03-02 09:44:33 Start queue run: pid=pppp -qqf 1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLS1.x:xxxxRSA_AES_256_CBC_SHAnnn:256 CV=no DN="C=UK,O=The Exim Maintainers,OU=Test Suite,CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaZ-0005vi-00 => userz@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbB-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 => userz@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=* CV=no C="250 OK id=10HmbB-0005vi-00" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbC-0005vi-00" +1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=* CV=no C="250 OK id=10HmbC-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qqf diff --git a/test/log/2113 b/test/log/2113 index 08b08cc84..88eafe9b3 100644 --- a/test/log/2113 +++ b/test/log/2113 @@ -4,9 +4,9 @@ 1999-03-02 09:44:33 Start queue run: pid=pppp -qqf 1999-03-02 09:44:33 10HmaX-0005vi-00 => userx@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1] X=TLSv1:AES256-SHA:256 CV=no DN="/C=UK/O=The Exim Maintainers/OU=Test Suite/CN=Phil Pennock" C="250 OK id=10HmbA-0005vi-00" 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed -1999-03-02 09:44:33 10HmaZ-0005vi-00 => userz@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbB-0005vi-00" +1999-03-02 09:44:33 10HmaZ-0005vi-00 => userz@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=* CV=no C="250 OK id=10HmbB-0005vi-00" 1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed -1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbC-0005vi-00" +1999-03-02 09:44:33 10HmaY-0005vi-00 => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=* CV=no C="250 OK id=10HmbC-0005vi-00" 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed 1999-03-02 09:44:33 End queue run: pid=pppp -qqf diff --git a/test/stderr/2013 b/test/stderr/2013 index 60b23885f..c183664d6 100644 --- a/test/stderr/2013 +++ b/test/stderr/2013 @@ -49,7 +49,7 @@ cmd buf flush ddd bytes SMTP<< 250 OK id=10HmbB-0005vi-00 SMTP(close)>> LOG: MAIN - => userz@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbB-0005vi-00" + => userz@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=* CV=no C="250 OK id=10HmbB-0005vi-00" LOG: MAIN Completed >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> @@ -70,7 +70,7 @@ cmd buf flush ddd bytes SMTP(close)>> >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> LOG: MAIN - => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbC-0005vi-00" + => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=* CV=no C="250 OK id=10HmbC-0005vi-00" LOG: MAIN Completed >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> diff --git a/test/stderr/2113 b/test/stderr/2113 index 55cfc39dd..ae0044b99 100644 --- a/test/stderr/2113 +++ b/test/stderr/2113 @@ -49,7 +49,7 @@ cmd buf flush ddd bytes SMTP<< 250 OK id=10HmbB-0005vi-00 SMTP(close)>> LOG: MAIN - => userz@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbB-0005vi-00" + => userz@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=* CV=no C="250 OK id=10HmbB-0005vi-00" LOG: MAIN Completed >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> @@ -70,7 +70,7 @@ cmd buf flush ddd bytes SMTP(close)>> >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> LOG: MAIN - => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* C="250 OK id=10HmbC-0005vi-00" + => usery@test.ex R=client T=send_to_server H=127.0.0.1 [127.0.0.1]* X=* CV=no C="250 OK id=10HmbC-0005vi-00" LOG: MAIN Completed >>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> -- 2.25.1