Made -oMaa and -oMt work with -bh and -bs to pretend the connection is

authenticated or an ident call has been made. Suppress the default
values for $authenticated_id and $authenticated_sender (but permit -oMai
and -oMas) when testing with -bh.

8 files changed, 368 insertions, 16 deletions

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 2b3f4745e..8ec3d8865 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.380 2006/07/21 16:48:42 jetmore Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.381 2006/07/27 10:13:52 ph10 Exp $
 
 Change log file for Exim from version 4.21
 -------------------------------------------
@@ -126,6 +126,11 @@ JJ/01 exipick: added --reverse (and -R synonym), --random, --size, --sort and
 
 JJ/02 exipick: rewrote --help documentation to hopefully make more clear.
 
+PH/23 Made -oMaa and -oMt work with -bh and -bs to pretend the connection is
+      authenticated or an ident call has been made. Suppress the default
+      values for $authenticated_id and $authenticated_sender (but permit -oMai
+      and -oMas) when testing with -bh.
+
 
 Exim version 4.62
 -----------------
diff --git a/src/src/exim.c b/src/src/exim.c
index 3ac7d8313..8c5c23eff 100644
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/exim.c,v 1.41 2006/07/13 13:53:33 ph10 Exp $ */
+/* $Cambridge: exim/src/src/exim.c,v 1.42 2006/07/27 10:13:52 ph10 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -1287,6 +1287,7 @@ BOOL more = TRUE;
 BOOL one_msg_action = FALSE;
 BOOL queue_only_set = FALSE;
 BOOL receiving_message = TRUE;
+BOOL sender_ident_set = FALSE;
 BOOL unprivileged;
 BOOL removed_privilege = FALSE;
 BOOL verify_address_mode = FALSE;
@@ -2520,7 +2521,11 @@ for (i = 1; i < argc; i++)
 
       /* -oMt: Set sender ident */
 
-      else if (Ustrcmp(argrest, "Mt") == 0) sender_ident = argv[++i];
+      else if (Ustrcmp(argrest, "Mt") == 0)
+        {
+        sender_ident_set = TRUE;
+        sender_ident = argv[++i];
+        }
 
       /* Else a bad argument */
 
@@ -4055,12 +4060,14 @@ if ((sender_address == NULL && !smtp_input) ||
   sender_local = TRUE;
 
   /* A trusted caller can supply authenticated_sender and authenticated_id
-  via -oMas and -oMai and if so, they will already be set. */
+  via -oMas and -oMai and if so, they will already be set. Otherwise, force
+  defaults except when host checking. */
 
-  if (authenticated_sender == NULL)
+  if (authenticated_sender == NULL && !host_checking)
     authenticated_sender = string_sprintf("%s@%s", originator_login,
       qualify_domain_sender);
-  if (authenticated_id == NULL) authenticated_id = originator_login;
+  if (authenticated_id == NULL && !host_checking)
+    authenticated_id = originator_login;
   }
 
 /* Trusted callers are always permitted to specify the sender address.
@@ -4225,20 +4232,24 @@ if (raw_active_hostname != NULL)
   }
 
 /* Handle host checking: this facility mocks up an incoming SMTP call from a
-given IP address so that the blocking and relay configuration can be tested. An
-RFC 1413 call is made only if we are running in the test harness and an
-incoming interface and both ports are specified, because there is no TCP/IP
-call to find the ident for. */
+given IP address so that the blocking and relay configuration can be tested.
+Unless a sender_ident was set by -oMt, we discard it (the default is the
+caller's login name). An RFC 1413 call is made only if we are running in the
+test harness and an incoming interface and both ports are specified, because
+there is no TCP/IP call to find the ident for. */
 
 if (host_checking)
   {
   int x[4];
   int size;
 
-  sender_ident = NULL;
-  if (running_in_test_harness && sender_host_port != 0 &&
-      interface_address != NULL && interface_port != 0)
-    verify_get_ident(1413);
+  if (!sender_ident_set)
+    {
+    sender_ident = NULL;
+    if (running_in_test_harness && sender_host_port != 0 &&
+        interface_address != NULL && interface_port != 0)
+      verify_get_ident(1413);
+    }
 
   /* In case the given address is a non-canonical IPv6 address, canonicize
   it. The code works for both IPv4 and IPv6, as it happens. */
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index 881bfff58..531eaabe4 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/smtp_in.c,v 1.39 2006/07/13 13:53:33 ph10 Exp $ */
+/* $Cambridge: exim/src/src/smtp_in.c,v 1.40 2006/07/27 10:13:52 ph10 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -1156,7 +1156,10 @@ sync_cmd_limit = NON_SYNC_CMD_NON_PIPELINING;
 
 memset(sender_host_cache, 0, sizeof(sender_host_cache));
 
-sender_host_authenticated = NULL;
+/* If receiving by -bs from a trusted user, or testing with -bh, we allow
+authentication settings from -oMaa to remain in force. */
+
+if (!host_checking && !sender_host_notsocket) sender_host_authenticated = NULL;
 authenticated_by = NULL;
 
 #ifdef SUPPORT_TLS
diff --git a/test/confs/0537 b/test/confs/0537
new file mode 100644
index 000000000..b8dec5a30
--- /dev/null
+++ b/test/confs/0537
@@ -0,0 +1,50 @@
+# Exim test configuration 0537
+
+TRUSTED=
+
+exim_path = EXIM_PATH
+host_lookup_order = bydns
+primary_hostname = myhost.test.ex
+rfc1413_query_timeout = 0s
+spool_directory = DIR/spool
+log_file_path = DIR/spool/log/%slog
+gecos_pattern = ""
+gecos_name = CALLER_NAME
+
+# ----- Main settings -----
+
+acl_smtp_connect = connect
+acl_smtp_mail    = mail
+acl_not_smtp_start = mail
+
+queue_only
+trusted_users = TRUSTED
+
+# ----- ACLs -----
+
+begin ACL
+
+connect:
+  accept acl = log
+
+mail:
+  accept acl = log
+         acl = auth
+
+log:
+  accept logwrite = ===========================================================
+         logwrite = sender_ip_address=[$sender_host_address]
+         logwrite = sender_host_authenticated=$sender_host_authenticated
+         logwrite = authenticated_id=$authenticated_id
+         logwrite = authenticated_sender=$authenticated_sender
+         logwrite = interface_address=[$interface_address]
+         logwrite = received_protocol=$received_protocol
+         logwrite = sender_host_name=$sender_host_name
+         logwrite = sender_ident=$sender_ident
+
+auth:
+  accept authenticated = *
+         logwrite = +++ host is authenticated +++
+
+  accept
+
diff --git a/test/log/0537 b/test/log/0537
new file mode 100644
index 000000000..28145e6e4
--- /dev/null
+++ b/test/log/0537
@@ -0,0 +1,39 @@
+1999-03-02 09:44:33 ===========================================================
+1999-03-02 09:44:33 sender_ip_address=[5.6.7.8]
+1999-03-02 09:44:33 sender_host_authenticated=authname
+1999-03-02 09:44:33 authenticated_id=authid
+1999-03-02 09:44:33 authenticated_sender=authsender
+1999-03-02 09:44:33 interface_address=[9.10.11.12]
+1999-03-02 09:44:33 received_protocol=smtp
+1999-03-02 09:44:33 sender_host_name=hostname
+1999-03-02 09:44:33 sender_ident=ident
+1999-03-02 09:44:33 ===========================================================
+1999-03-02 09:44:33 sender_ip_address=[5.6.7.8]
+1999-03-02 09:44:33 sender_host_authenticated=authname
+1999-03-02 09:44:33 authenticated_id=authid
+1999-03-02 09:44:33 authenticated_sender=
+1999-03-02 09:44:33 interface_address=[9.10.11.12]
+1999-03-02 09:44:33 received_protocol=esmtpa
+1999-03-02 09:44:33 sender_host_name=hostname
+1999-03-02 09:44:33 sender_ident=ident
+1999-03-02 09:44:33 +++ host is authenticated +++
+1999-03-02 09:44:33 ===========================================================
+1999-03-02 09:44:33 sender_ip_address=[5.6.7.8]
+1999-03-02 09:44:33 sender_host_authenticated=authname
+1999-03-02 09:44:33 authenticated_id=authid
+1999-03-02 09:44:33 authenticated_sender=<asender@a.domain>
+1999-03-02 09:44:33 interface_address=[9.10.11.12]
+1999-03-02 09:44:33 received_protocol=esmtpa
+1999-03-02 09:44:33 sender_host_name=hostname
+1999-03-02 09:44:33 sender_ident=ident
+1999-03-02 09:44:33 +++ host is authenticated +++
+1999-03-02 09:44:33 ===========================================================
+1999-03-02 09:44:33 sender_ip_address=[5.6.7.8]
+1999-03-02 09:44:33 sender_host_authenticated=authname
+1999-03-02 09:44:33 authenticated_id=authid
+1999-03-02 09:44:33 authenticated_sender=authsender
+1999-03-02 09:44:33 interface_address=[9.10.11.12]
+1999-03-02 09:44:33 received_protocol=protocol
+1999-03-02 09:44:33 sender_host_name=hostname
+1999-03-02 09:44:33 sender_ident=ident
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex H=hostname [5.6.7.8] U=ident P=protocol A=authname:authid S=sss
diff --git a/test/scripts/0000-Basic/0537 b/test/scripts/0000-Basic/0537
new file mode 100644
index 000000000..615f797dd
--- /dev/null
+++ b/test/scripts/0000-Basic/0537
@@ -0,0 +1,47 @@
+# -oMa... options in various situations
+exim -oMa 5.6.7.8 -bh 1.2.3.4
+quit
+****          
+exim -bh 1.2.3.4 \
+     -oMa 5.6.7.8 \
+     -oMaa authname \
+     -oMai authid \
+     -oMr protocol \ 
+     -oMas authsender \
+     -oMi 9.10.11.12 \
+     -oMs hostname \
+     -oMt ident
+ehlo a.b
+mail from:<>      
+rset
+mail from:<> auth=<asender@a.domain>
+quit
+****          
+exim -DTRUSTED=CALLER \
+     -bs \
+     -oMa 5.6.7.8 \
+     -oMaa authname \
+     -oMai authid \
+     -oMr protocol \ 
+     -oMas authsender \
+     -oMi 9.10.11.12 \
+     -oMs hostname \
+     -oMt ident
+ehlo a.b
+mail from:<>
+rset
+mail from:<> auth=<asender@a.domain>
+quit
+****          
+exim -DTRUSTED=CALLER \
+     -oMa 5.6.7.8 \
+     -oMaa authname \
+     -oMai authid \
+     -oMr protocol \ 
+     -oMas authsender \
+     -oMi 9.10.11.12 \
+     -oMs hostname \
+     -oMt ident \
+     userx 
+****      
+no_msglog_check    
diff --git a/test/stderr/0537 b/test/stderr/0537
new file mode 100644
index 000000000..a4c766269
--- /dev/null
+++ b/test/stderr/0537
@@ -0,0 +1,167 @@
+>>> host in hosts_connection_nolog? no (option unset)
+>>> host in host_lookup? no (option unset)
+>>> host in host_reject_connection? no (option unset)
+>>> host in sender_unqualified_hosts? no (option unset)
+>>> host in recipient_unqualified_hosts? no (option unset)
+>>> host in helo_verify_hosts? no (option unset)
+>>> host in helo_try_verify_hosts? no (option unset)
+>>> host in helo_accept_junk_hosts? no (option unset)
+>>> using ACL "connect"
+>>> processing "accept"
+>>> check acl = log
+>>> using ACL "log"
+>>> processing "accept"
+>>> check logwrite = ===========================================================
+LOG: ===========================================================
+>>> check logwrite = sender_ip_address=[$sender_host_address]
+>>>                = sender_ip_address=[1.2.3.4]
+LOG: sender_ip_address=[1.2.3.4]
+>>> check logwrite = sender_host_authenticated=$sender_host_authenticated
+>>>                = sender_host_authenticated=
+LOG: sender_host_authenticated=
+>>> check logwrite = authenticated_id=$authenticated_id
+>>>                = authenticated_id=
+LOG: authenticated_id=
+>>> check logwrite = authenticated_sender=$authenticated_sender
+>>>                = authenticated_sender=
+LOG: authenticated_sender=
+>>> check logwrite = interface_address=[$interface_address]
+>>>                = interface_address=[]
+LOG: interface_address=[]
+>>> check logwrite = received_protocol=$received_protocol
+>>>                = received_protocol=smtp
+LOG: received_protocol=smtp
+>>> looking up host name for 1.2.3.4
+LOG: no host name found for IP address 1.2.3.4
+>>> check logwrite = sender_host_name=$sender_host_name
+>>>                = sender_host_name=
+LOG: sender_host_name=
+>>> check logwrite = sender_ident=$sender_ident
+>>>                = sender_ident=
+LOG: sender_ident=
+>>> accept: condition test succeeded
+>>> accept: condition test succeeded
+>>> host in hosts_connection_nolog? no (option unset)
+>>> host in host_lookup? no (option unset)
+>>> host in host_reject_connection? no (option unset)
+>>> host in sender_unqualified_hosts? no (option unset)
+>>> host in recipient_unqualified_hosts? no (option unset)
+>>> host in helo_verify_hosts? no (option unset)
+>>> host in helo_try_verify_hosts? no (option unset)
+>>> host in helo_accept_junk_hosts? no (option unset)
+>>> using ACL "connect"
+>>> processing "accept"
+>>> check acl = log
+>>> using ACL "log"
+>>> processing "accept"
+>>> check logwrite = ===========================================================
+LOG: ===========================================================
+>>> check logwrite = sender_ip_address=[$sender_host_address]
+>>>                = sender_ip_address=[5.6.7.8]
+LOG: sender_ip_address=[5.6.7.8]
+>>> check logwrite = sender_host_authenticated=$sender_host_authenticated
+>>>                = sender_host_authenticated=authname
+LOG: sender_host_authenticated=authname
+>>> check logwrite = authenticated_id=$authenticated_id
+>>>                = authenticated_id=authid
+LOG: authenticated_id=authid
+>>> check logwrite = authenticated_sender=$authenticated_sender
+>>>                = authenticated_sender=authsender
+LOG: authenticated_sender=authsender
+>>> check logwrite = interface_address=[$interface_address]
+>>>                = interface_address=[9.10.11.12]
+LOG: interface_address=[9.10.11.12]
+>>> check logwrite = received_protocol=$received_protocol
+>>>                = received_protocol=smtp
+LOG: received_protocol=smtp
+>>> check logwrite = sender_host_name=$sender_host_name
+>>>                = sender_host_name=hostname
+LOG: sender_host_name=hostname
+>>> check logwrite = sender_ident=$sender_ident
+>>>                = sender_ident=ident
+LOG: sender_ident=ident
+>>> accept: condition test succeeded
+>>> accept: condition test succeeded
+>>> host in pipelining_advertise_hosts? yes (matched "*")
+>>> using ACL "mail"
+>>> processing "accept"
+>>> check acl = log
+>>> using ACL "log"
+>>> processing "accept"
+>>> check logwrite = ===========================================================
+LOG: ===========================================================
+>>> check logwrite = sender_ip_address=[$sender_host_address]
+>>>                = sender_ip_address=[5.6.7.8]
+LOG: sender_ip_address=[5.6.7.8]
+>>> check logwrite = sender_host_authenticated=$sender_host_authenticated
+>>>                = sender_host_authenticated=authname
+LOG: sender_host_authenticated=authname
+>>> check logwrite = authenticated_id=$authenticated_id
+>>>                = authenticated_id=authid
+LOG: authenticated_id=authid
+>>> check logwrite = authenticated_sender=$authenticated_sender
+>>>                = authenticated_sender=
+LOG: authenticated_sender=
+>>> check logwrite = interface_address=[$interface_address]
+>>>                = interface_address=[9.10.11.12]
+LOG: interface_address=[9.10.11.12]
+>>> check logwrite = received_protocol=$received_protocol
+>>>                = received_protocol=esmtpa
+LOG: received_protocol=esmtpa
+>>> check logwrite = sender_host_name=$sender_host_name
+>>>                = sender_host_name=hostname
+LOG: sender_host_name=hostname
+>>> check logwrite = sender_ident=$sender_ident
+>>>                = sender_ident=ident
+LOG: sender_ident=ident
+>>> accept: condition test succeeded
+>>> check acl = auth
+>>> using ACL "auth"
+>>> processing "accept"
+>>> check authenticated = *
+>>> authname in "*"? yes (matched "*")
+>>> check logwrite = +++ host is authenticated +++
+LOG: +++ host is authenticated +++
+>>> accept: condition test succeeded
+>>> accept: condition test succeeded
+>>> using ACL "mail"
+>>> processing "accept"
+>>> check acl = log
+>>> using ACL "log"
+>>> processing "accept"
+>>> check logwrite = ===========================================================
+LOG: ===========================================================
+>>> check logwrite = sender_ip_address=[$sender_host_address]
+>>>                = sender_ip_address=[5.6.7.8]
+LOG: sender_ip_address=[5.6.7.8]
+>>> check logwrite = sender_host_authenticated=$sender_host_authenticated
+>>>                = sender_host_authenticated=authname
+LOG: sender_host_authenticated=authname
+>>> check logwrite = authenticated_id=$authenticated_id
+>>>                = authenticated_id=authid
+LOG: authenticated_id=authid
+>>> check logwrite = authenticated_sender=$authenticated_sender
+>>>                = authenticated_sender=<asender@a.domain>
+LOG: authenticated_sender=<asender@a.domain>
+>>> check logwrite = interface_address=[$interface_address]
+>>>                = interface_address=[9.10.11.12]
+LOG: interface_address=[9.10.11.12]
+>>> check logwrite = received_protocol=$received_protocol
+>>>                = received_protocol=esmtpa
+LOG: received_protocol=esmtpa
+>>> check logwrite = sender_host_name=$sender_host_name
+>>>                = sender_host_name=hostname
+LOG: sender_host_name=hostname
+>>> check logwrite = sender_ident=$sender_ident
+>>>                = sender_ident=ident
+LOG: sender_ident=ident
+>>> accept: condition test succeeded
+>>> check acl = auth
+>>> using ACL "auth"
+>>> processing "accept"
+>>> check authenticated = *
+>>> authname in "*"? yes (matched "*")
+>>> check logwrite = +++ host is authenticated +++
+LOG: +++ host is authenticated +++
+>>> accept: condition test succeeded
+>>> accept: condition test succeeded
diff --git a/test/stdout/0537 b/test/stdout/0537
new file mode 100644
index 000000000..086c9fa20
--- /dev/null
+++ b/test/stdout/0537
@@ -0,0 +1,30 @@
+
+**** SMTP testing session as if from host 1.2.3.4
+**** but without any ident (RFC 1413) callback.
+**** This is not for real!
+
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000

+221 myhost.test.ex closing connection

+
+**** SMTP testing session as if from host 5.6.7.8
+**** but without any ident (RFC 1413) callback.
+**** This is not for real!
+
+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000

+250-myhost.test.ex Hello ident at hostname [5.6.7.8]

+250-SIZE 52428800

+250-PIPELINING

+250 HELP

+250 OK

+250 Reset OK

+250 OK

+221 myhost.test.ex closing connection

+220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000

+250-myhost.test.ex Hello ident at hostname [5.6.7.8]

+250-SIZE 52428800

+250-PIPELINING

+250 HELP

+250 OK

+250 Reset OK

+250 OK

+221 myhost.test.ex closing connection