Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 39018 - qmail doesn't respect notlsbeforeauth
Summary: qmail doesn't respect notlsbeforeauth
Status: RESOLVED DUPLICATE of bug 40010
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Net-Mail Packages
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-01-22 03:45 UTC by Andrei Ivanov
Modified: 2005-07-17 13:06 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Fixed to honor notlsbeforeauth (auth-after-tls-only.patch,2.18 KB, patch)
2004-05-13 14:13 UTC, Zachary Bedell 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andrei Ivanov 2004-01-22 03:45:53 UTC 
I've emerged qmail with -notlsbeforeauth for normal usage, but a friend asked me to emerge it with notlsbeforeauth for some tests, but it seems something goes wrong.

I've done USE="notlsbeforeauth" emerge qmail, restarted svscan, and 

Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
220 hostname ESMTP
AUTH PLAIN
530 Must issue a STARTTLS command first (#5.7.0)
EHLO localhost
250-hostname
250-STARTTLS
250-SIZE 0
250-PIPELINING
250 8BITMIME

While qmail was compiling I checked /var/tmp/portage/qmail-1.03-r15/work/qmail-1.03/conf-cc and there was no -DTLS_BEFORE_AUTH, so it should have worked.

And the ebuild has some small problems (maybe I should submit this as another bug):

>>> Merging net-mail/qmail-1.03-r15 to /
/usr/sbin/ebuild.sh: line 446: [: missing `]'
 * Error moving /etc/tcp.smtp to /etc/tcprules.d/tcp.qmail-smtp, be sure to check the
 * configuration! You may have already moved the files,
 * in which case you can delete /etc/tcp.smtp
/usr/sbin/ebuild.sh: line 446: [: missing `]'
 * Error moving /etc/tcp.smtp.cdb to /etc/tcprules.d/tcp.qmail-smtp.cdb, be sure to check the
 * configuration! You may have already moved the files,
 * in which case you can delete /etc/tcp.smtp.cdb
/usr/sbin/ebuild.sh: line 446: [: missing `]'
 * Error moving /etc/tcp.qmtp to /etc/tcprules.d/tcp.qmail-qmtp, be sure to check the
 * configuration! You may have already moved the files,
 * in which case you can delete /etc/tcp.qmtp
/usr/sbin/ebuild.sh: line 446: [: missing `]'
 * Error moving /etc/tcp.qmtp.cdb to /etc/tcprules.d/tcp.qmail-qmtp.cdb, be sure to check the
 * configuration! You may have already moved the files,
 * in which case you can delete /etc/tcp.qmtp.cdb
/usr/sbin/ebuild.sh: line 446: [: missing `]'
 * Error moving /etc/tcp.qmqp to /etc/tcprules.d/tcp.qmail-qmqp, be sure to check the
 * configuration! You may have already moved the files,
 * in which case you can delete /etc/tcp.qmqp
/usr/sbin/ebuild.sh: line 446: [: missing `]'
 * Error moving /etc/tcp.qmqp.cdb to /etc/tcprules.d/tcp.qmail-qmqp.cdb, be sure to check the
 * configuration! You may have already moved the files,
 * in which case you can delete /etc/tcp.qmqp.cdb
/usr/sbin/ebuild.sh: line 446: [: missing `]'
 * Error moving /etc/tcp.pop3 to /etc/tcprules.d/tcp.qmail-pop3, be sure to check the
 * configuration! You may have already moved the files,
 * in which case you can delete /etc/tcp.pop3
/usr/sbin/ebuild.sh: line 446: [: missing `]'
 * Error moving /etc/tcp.pop3.cdb to /etc/tcprules.d/tcp.qmail-pop3.cdb, be sure to check the
 * configuration! You may have already moved the files,
 * in which case you can delete /etc/tcp.pop3.cdb


Portage 2.0.50_pre16 (default-x86-1.4, gcc-3.3.2, glibc-2.3.3_pre20031222-r0, 2.4.20-gentoo-r8)
=================================================================
System uname: 2.4.20-gentoo-r8 i686 Pentium III (Coppermine)
Gentoo Base System version 1.4.3.12
Autoconf: sys-devel/autoconf-2.59
Automake: sys-devel/automake-1.7.8
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CFLAGS="-march=pentium3 -O3 -pipe -fomit-frame-pointer -fprefetch-loop-arrays -ffast-math -fforce-addr -falign-functions=4 -mfpmath=sse"
CHOST="i686-pc-linux-gnu"
COMPILER="gcc3"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/alias /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d"
CXXFLAGS="-march=pentium3 -O3 -pipe -fomit-frame-pointer -fprefetch-loop-arrays -ffast-math -fforce-addr -falign-functions=4 -mfpmath=sse"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache fixpackages sandbox sfperms userpriv usersandbox"
GENTOO_MIRRORS=" http://gentoo.oregonstate.edu http://distro.ibiblio.org/pub/linux/distributions/gentoo/distfiles"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="acl adns apache2 berkdb crypt curl gd gdbm gif gpm imap innodb java jpeg ldap libg++ libwww maildir memlimit ncurses nls noauthcram oss pam pdflib pg-hier pg-intdatetime pg-vacuumdelay png python readline samba slang slp spell sse ssl tcpd tiff truetype x86 xml xml2 zlib"
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-01-22 13:00:10 UTC 
I'll look at it on the weekend.
i've fixed that other glitch for now.
if you want to dig deeper into the sources for TLS_BEFORE_AUTH, feel free.
Comment 2 SpanKY gentoo-dev 2004-01-22 21:17:40 UTC 
just my 2 cents, but i can verify that it doesnt matter whether you have - or + notlsbeforeauth ... you'll currently always have to auth after starttls

but i didnt care much since you know, thats how i want it :)
Comment 3 Zachary Bedell 2004-05-13 12:44:38 UTC 
I think I've found the cause of this problem.  I'm working on a patch, but perhaps someone else who better groks the various hierarchy of patches that are stuffed on top of qmail might beat me too it based on this info.

The give away was the following warnings when compiling qmail-smtpd.c:
  qmail-smtpd.c:506:12: warning: extra tokens at end of #ifdef directive
  qmail-smtpd.c:901:12: warning: extra tokens at end of #ifdef directive
  qmail-smtpd.c:928:12: warning: extra tokens at end of #ifdef directive
  qmail-smtpd.c:957:12: warning: extra tokens at end of #ifdef directive

All of those fall on lines in the form of:
  #ifdef TLS && TLS_BEFORE_AUTH

I don't think doing a C-style AND works in an #ifdef.  I changed the last three of those lines to look like this instead:
  #ifdef TLS
  #ifdef TLS_BEFORE_AUTH
    if (!ssl) return err_wantstarttls();
  #endif
  #endif

That gives me "better" results.  qmail-smtpd will accept AUTH without TLS, but it doesn't advertise AUTH in its ESMTP capabilities.

Back at line 506, things look like:
  #ifdef TLS && TLS_BEFORE_AUTH 
    if(ssl) smtp_authout();
  #else // TLS && TLS_BEFORE_AUTH
    smtp_authout();
  #endif // TLS && TLS_BEFORE_AUTH 

I assume that should be like this instead:
  #ifdef TLS 
  #ifdef TLS_BEFORE_AUTH 
    if(ssl) smtp_authout();
  #else
    smtp_authout();
  #endif
  #else // TLS && TLS_BEFORE_AUTH
    smtp_authout();
  #endif // TLS && TLS_BEFORE_AUTH

I'm looking at the various patches that get applied to qmail-smtpd.c now to see if I can figure out how to patch the patches and submit something a bit more directly useful.
Comment 4 Zachary Bedell 2004-05-13 14:13:46 UTC 
Created attachment 31365 [details, diff]
Fixed to honor notlsbeforeauth

Replaced file in portage/net-mail/qmail/files/1.03-r14 w/ attached patch and
emerged.  Also had to setuid root vpopmail's vchkpw to get it working, but
that's definitely unrelated.
Comment 5 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2004-05-13 20:20:53 UTC 
Zachary: reading more qmail bugs would have pointed out this problem to you already.

i've been really busy with things besides qmail for a long time now, but qmail will get major improvements by the end of next month provided i get some time from work.

*** This bug has been marked as a duplicate of 40010 ***