summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2018-03-25 16:42:34 +0100
committerJeremy Harris <jgh146exb@wizmail.org>2018-03-25 17:04:10 +0100
commit40394cc11a826278cef2e205313f9339ca90d16d (patch)
treef1e4ed4bd9f4cab88dcec003027b21655531e437
parentf3908561b1eef15d57608ab6b346125bf2a11478 (diff)
Add non-mtp source info to ${authres }
-rw-r--r--doc/doc-docbook/spec.xfpt6
-rw-r--r--src/src/expand.c16
-rw-r--r--src/src/globals.c1
-rw-r--r--src/src/globals.h1
-rw-r--r--src/src/receive.c9
-rw-r--r--test/confs/05714
-rw-r--r--test/log/05711
-rw-r--r--test/scripts/0000-Basic/05712
8 files changed, 33 insertions, 7 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 7d5b3b3cf..b65b6fe5b 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -11595,10 +11595,15 @@ preserve some of the authentication information in the variable
user/password authenticator configuration might preserve the user name for use
in the routers. Note that this is not the same information that is saved in
&$sender_host_authenticated$&.
+
When a message is submitted locally (that is, not over a TCP connection)
the value of &$authenticated_id$& is normally the login name of the calling
process. However, a trusted user can override this by means of the &%-oMai%&
command line option.
+.new
+This second case also sets up inforamtion used by the
+&$authresults$& expansion item.
+.wen
.vitem &$authenticated_fail_id$&
.cindex "authentication" "fail" "id"
@@ -38939,6 +38944,7 @@ openssl rsa -in dkim_rsa.private -out /dev/stdout -pubout -outform PEM
.endd
Take the base-64 lines from the output of the second command, concatenated,
for the DNS TXT record.
+See section 3.6 of RFC6376 for the record specification.
Under GnuTLS:
.code
diff --git a/src/src/expand.c b/src/src/expand.c
index a1ac7d198..f878e7b7f 100644
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -1662,6 +1662,21 @@ return yield;
+/* Append a "local" element to an Autherntication-Results: header
+if this was a non-smtp message.
+*/
+
+static gstring *
+authres_local(gstring * g, const uschar * sysname)
+{
+if (!authentication_local)
+ return g;
+g = string_append(g, 3, US";\n\tlocal=pass (non-smtp, ", sysname, US")");
+if (authenticated_id) g = string_append(g, 2, " u=", authenticated_id);
+return g;
+}
+
+
/* Append an "iprev" element to an Autherntication-Results: header
if we have attempted to get the calling host's name.
*/
@@ -4141,6 +4156,7 @@ while (*s != 0)
US"Authentication-Results: ", sub_arg[0], US"; none");
yield->ptr -= 6;
+ yield = authres_local(yield, sub_arg[0]);
yield = authres_iprev(yield);
yield = authres_smtpauth(yield);
#ifdef SUPPORT_SPF
diff --git a/src/src/globals.c b/src/src/globals.c
index aed695066..7d18b38b5 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -434,6 +434,7 @@ uschar *authenticated_fail_id = NULL;
uschar *authenticated_id = NULL;
uschar *authenticated_sender = NULL;
BOOL authentication_failed = FALSE;
+BOOL authentication_local = FALSE;
auth_instance *auths = NULL;
uschar *auth_advertise_hosts = US"*";
auth_instance auth_defaults = {
diff --git a/src/src/globals.h b/src/src/globals.h
index 66d6c26be..da1230b7f 100644
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -228,6 +228,7 @@ extern uschar *authenticated_fail_id; /* ID that failed authentication */
extern uschar *authenticated_id; /* ID that was authenticated */
extern uschar *authenticated_sender; /* From AUTH on MAIL */
extern BOOL authentication_failed; /* TRUE if AUTH was tried and failed */
+extern BOOL authentication_local; /* TRUE if non-smtp (implicit authentication) */
extern uschar *auth_advertise_hosts; /* Only advertise to these */
extern auth_info auths_available[]; /* Vector of available auth mechanisms */
extern auth_instance *auths; /* Chain of instantiated auths */
diff --git a/src/src/receive.c b/src/src/receive.c
index 6a534dc87..4cc43eb3a 100644
--- a/src/src/receive.c
+++ b/src/src/receive.c
@@ -3572,15 +3572,16 @@ else
goto TIDYUP;
#endif /* WITH_CONTENT_SCAN */
- if (acl_not_smtp != NULL)
+ if (acl_not_smtp)
{
uschar *user_msg, *log_msg;
+ authentication_local = TRUE;
rc = acl_check(ACL_WHERE_NOTSMTP, NULL, acl_not_smtp, &user_msg, &log_msg);
if (rc == DISCARD)
{
recipients_count = 0;
blackholed_by = US"non-SMTP ACL";
- if (log_msg != NULL)
+ if (log_msg)
blackhole_log_msg = string_sprintf(": %s", log_msg);
}
else if (rc != OK)
@@ -3595,11 +3596,11 @@ else
/* The ACL can specify where rejections are to be logged, possibly
nowhere. The default is main and reject logs. */
- if (log_reject_target != 0)
+ if (log_reject_target)
log_write(0, log_reject_target, "F=<%s> rejected by non-SMTP ACL: %s",
sender_address, log_msg);
- if (user_msg == NULL) user_msg = US"local configuration problem";
+ if (!user_msg) user_msg = US"local configuration problem";
if (smtp_batched_input)
{
moan_smtp_batch(NULL, "%d %s", 550, user_msg);
diff --git a/test/confs/0571 b/test/confs/0571
index cf4881a0a..a818257f5 100644
--- a/test/confs/0571
+++ b/test/confs/0571
@@ -27,8 +27,8 @@ acl_not_smtp = ${if def:sender_address \
begin acl
acl_29_29_29:
- deny dnslists = test.ex/$sender_address_domain
- accept
+ deny dnslists = test.ex/$sender_address_domain
+ accept logwrite = authresults: ${authresults {$primary_hostname}}
acl_29_29_0:
deny dnslists = test.ex
diff --git a/test/log/0571 b/test/log/0571
index afae80f19..e402d75a0 100644
--- a/test/log/0571
+++ b/test/log/0571
@@ -1,4 +1,5 @@
1999-03-02 09:44:33 10HmaX-0005vi-00 F=<ted@29.29.0.com> rejected by non-SMTP ACL: cannot test auto-keyed dnslists condition in non-SMTP ACL
1999-03-02 09:44:33 10HmaY-0005vi-00 <= <> R=10HmaX-0005vi-00 U=EXIMUSER P=local S=sss
1999-03-02 09:44:33 10HmaY-0005vi-00 no immediate delivery: queued by ACL
+1999-03-02 09:44:33 10HmaZ-0005vi-00 authresults: Authentication-Results: myhost.test.ex;\n local=pass (non-smtp, myhost.test.ex) u=CALLER
1999-03-02 09:44:33 10HmaZ-0005vi-00 <= bill@29.29.29.com U=CALLER P=local S=sss
diff --git a/test/scripts/0000-Basic/0571 b/test/scripts/0000-Basic/0571
index 3eab04cbf..f8422c8b9 100644
--- a/test/scripts/0000-Basic/0571
+++ b/test/scripts/0000-Basic/0571
@@ -6,7 +6,7 @@ should fail
.
****
#
-exim -f bill@29.29.29.com -odq ok1@test.ex
+exim -oMai CALLER -f bill@29.29.29.com -odq ok1@test.ex
should pass
.
****