Add support for configurable SMTP auth data logging

Added the `logAuthData` flag to enable conditional logging of SMTP authentication data. Introduced the `SetLogAuthData` method for clients to toggle this flag. Adjusted existing logging logic to respect this new configuration.
This commit is contained in:
Winni Neessen 2024-10-15 19:52:31 +02:00
parent 7acfe8015d
commit 55a5d02fe0
Signed by: wneessen
GPG key ID: 385AC9889632126E

View file

@ -54,6 +54,9 @@ type Client struct {
// auth supported auth mechanisms // auth supported auth mechanisms
auth []string auth []string
// authIsActive indicates that the Client is currently during SMTP authentication
authIsActive bool
// keep a reference to the connection so it can be used to create a TLS connection later // keep a reference to the connection so it can be used to create a TLS connection later
conn net.Conn conn net.Conn
@ -78,12 +81,14 @@ type Client struct {
// isConnected indicates if the Client has an active connection // isConnected indicates if the Client has an active connection
isConnected bool isConnected bool
// logAuthData indicates if the Client should include SMTP authentication data in the logs
logAuthData bool
// localName is the name to use in HELO/EHLO // localName is the name to use in HELO/EHLO
localName string // the name to use in HELO/EHLO localName string // the name to use in HELO/EHLO
// logger will be used for debug logging // logger will be used for debug logging
logger log.Logger logger log.Logger
authIsActive bool
// mutex is used to synchronize access to shared resources, ensuring that only one goroutine can access // mutex is used to synchronize access to shared resources, ensuring that only one goroutine can access
// the resource at a time. // the resource at a time.
@ -177,10 +182,13 @@ func (c *Client) cmd(expectCode int, format string, args ...interface{}) (int, s
var logMsg []interface{} var logMsg []interface{}
logMsg = args logMsg = args
logFmt := format
if c.authIsActive { if c.authIsActive {
logMsg = []interface{}{"<auth redacted>"} logMsg = []interface{}{"<SMTP auth data redacted>"}
logFmt = "%s"
} }
c.debugLog(log.DirClientToServer, format, logMsg...) c.debugLog(log.DirClientToServer, logFmt, logMsg...)
id, err := c.Text.Cmd(format, args...) id, err := c.Text.Cmd(format, args...)
if err != nil { if err != nil {
c.mutex.Unlock() c.mutex.Unlock()
@ -190,10 +198,11 @@ func (c *Client) cmd(expectCode int, format string, args ...interface{}) (int, s
code, msg, err := c.Text.ReadResponse(expectCode) code, msg, err := c.Text.ReadResponse(expectCode)
logMsg = []interface{}{code, msg} logMsg = []interface{}{code, msg}
if c.authIsActive && code >= 300 { if c.authIsActive && code >= 300 && code <= 400 {
logMsg = []interface{}{code, "<auth redacted>"} logMsg = []interface{}{code, "<SMTP auth data redacted>"}
} }
c.debugLog(log.DirServerToClient, "%d %s", logMsg...) c.debugLog(log.DirServerToClient, "%d %s", logMsg...)
c.Text.EndResponse(id) c.Text.EndResponse(id)
c.mutex.Unlock() c.mutex.Unlock()
return code, msg, err return code, msg, err
@ -269,11 +278,15 @@ func (c *Client) Auth(a Auth) error {
} }
c.mutex.Lock() c.mutex.Lock()
c.authIsActive = true if !c.logAuthData {
c.authIsActive = true
}
c.mutex.Unlock() c.mutex.Unlock()
defer func() { defer func() {
c.mutex.Lock() c.mutex.Lock()
c.authIsActive = false if !c.logAuthData {
c.authIsActive = false
}
c.mutex.Unlock() c.mutex.Unlock()
}() }()
@ -577,6 +590,13 @@ func (c *Client) SetLogger(l log.Logger) {
c.logger = l c.logger = l
} }
// SetLogAuthData enables logging of authentication data in the Client.
func (c *Client) SetLogAuthData() {
c.mutex.Lock()
c.logAuthData = true
c.mutex.Unlock()
}
// SetDSNMailReturnOption sets the DSN mail return option for the Mail method // SetDSNMailReturnOption sets the DSN mail return option for the Mail method
func (c *Client) SetDSNMailReturnOption(d string) { func (c *Client) SetDSNMailReturnOption(d string) {
c.dsnmrtype = d c.dsnmrtype = d