Pass authenticator pubname through spool. Bug 2648

8 files changed, 27 insertions, 8 deletions

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 959218100..e61ad6226 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -130,6 +130,10 @@ JH/26 Bug 2646: fix a memory usage issue in ldap lookups.  Previously, when more
       details, an internal consistency trap could be hit while walking the list
       of servers.
 
+JH/27 Bug 2648: fix the passing of an authenticator public-name through spool
+      files.  The value is used by the authresults expansion item.  Previously
+      if this was used in a router or transport, a crash could result.
+
 
 Exim version 4.94
 -----------------
diff --git a/src/exim_monitor/em_globals.c b/src/exim_monitor/em_globals.c
index 925e88e05..30d22b5eb 100644
--- a/src/exim_monitor/em_globals.c
+++ b/src/exim_monitor/em_globals.c
@@ -205,6 +205,7 @@ uschar *sender_address         = NULL;
 uschar *sender_fullhost        = NULL;
 uschar *sender_helo_name       = NULL;
 uschar *sender_host_address    = NULL;
+uschar *sender_host_auth_pubname = NULL;
 uschar *sender_host_authenticated = NULL;
 uschar *sender_host_name       = NULL;
 int     sender_host_port       = 0;
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index cf6271c60..b50070cfa 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -5894,12 +5894,14 @@ if (!sender_host_authenticated)
 
 g = string_append(g, 2, US";\n\tauth=pass (", sender_host_auth_pubname);
 
-if (Ustrcmp(sender_host_auth_pubname, "tls") != 0)
-  g = string_append(g, 2, US") smtp.auth=", authenticated_id);
-else if (authenticated_id)
-  g = string_append(g, 2, US") x509.auth=", authenticated_id);
+if (Ustrcmp(sender_host_auth_pubname, "tls") == 0)
+  g = authenticated_id
+    ? string_append(g, 2, US") x509.auth=", authenticated_id)
+    : string_cat(g, US") reason=x509.auth");
 else
-  g = string_cat(g, US") reason=x509.auth");
+  g = authenticated_id
+    ? string_append(g, 2, US") smtp.auth=", authenticated_id)
+    : string_cat(g, US", no id saved)");
 
 if (authenticated_sender)
   g = string_append(g, 2, US" smtp.mailfrom=", authenticated_sender);
diff --git a/src/src/spool_in.c b/src/src/spool_in.c
index 7d95fccc1..022ac02bc 100644
--- a/src/src/spool_in.c
+++ b/src/src/spool_in.c
@@ -253,7 +253,7 @@ sender_helo_name = NULL;
 sender_host_address = NULL;
 sender_host_name = NULL;
 sender_host_port = 0;
-sender_host_authenticated = NULL;
+sender_host_authenticated = sender_host_auth_pubname = NULL;
 sender_ident = NULL;
 f.sender_local = FALSE;
 f.sender_set_untrusted = FALSE;
@@ -580,6 +580,8 @@ for (;;)
       host_lookup_deferred = TRUE;
     else if (Ustrcmp(p, "ost_lookup_failed") == 0)
       host_lookup_failed = TRUE;
+    else if (Ustrncmp(p, "ost_auth_pubname", 16) == 0)
+      sender_host_auth_pubname = string_copy_taint(var + 18, tainted);
     else if (Ustrncmp(p, "ost_auth", 8) == 0)
       sender_host_authenticated = string_copy_taint(var + 10, tainted);
     else if (Ustrncmp(p, "ost_name", 8) == 0)
diff --git a/src/src/spool_out.c b/src/src/spool_out.c
index 4539e3c69..113765bab 100644
--- a/src/src/spool_out.c
+++ b/src/src/spool_out.c
@@ -174,9 +174,11 @@ if (sender_host_address)
   fprintf(fp, "-host_address %s.%d\n", sender_host_address, sender_host_port);
   if (sender_host_name)
     spool_var_write(fp, US"host_name", sender_host_name);
-  if (sender_host_authenticated)
-    spool_var_write(fp, US"host_auth", sender_host_authenticated);
   }
+if (sender_host_authenticated)
+  spool_var_write(fp, US"host_auth", sender_host_authenticated);
+if (sender_host_auth_pubname)
+  spool_var_write(fp, US"host_auth_pubname", sender_host_auth_pubname);
 
 /* Also about the interface a message came in on */
 
diff --git a/test/confs/3403 b/test/confs/3403
index 161cdeaee..5d59e6dee 100644
--- a/test/confs/3403
+++ b/test/confs/3403
@@ -40,6 +40,7 @@ begin routers
 d1:
   driver = accept
   headers_add = aid: $authenticated_id
+  headers_add = rtr_authres: ${authresults {$primary_hostname}}
   retry_use_local_part
   transport = t1
 
diff --git a/test/mail/3403.userx b/test/mail/3403.userx
index 08cdf9a31..9ec9b79b7 100644
--- a/test/mail/3403.userx
+++ b/test/mail/3403.userx
@@ -10,6 +10,8 @@ Message-Id: <E10HmaX-0005vi-00@myhost.test.ex>
 From: CALLER_NAME <CALLER@myhost.test.ex>
 Date: Tue, 2 Mar 1999 09:44:33 +0000
 aid: userx
+rtr_authres: Authentication-Results: myhost.test.ex;
+	auth=pass (PLAIN) smtp.auth=userx
 
 Test data
 
diff --git a/test/stdout/3415 b/test/stdout/3415
index 0889dd795..d806fa66c 100644
--- a/test/stdout/3415
+++ b/test/stdout/3415
@@ -159,6 +159,7 @@ ddddddddd 0
 --helo_name rhu.barb
 -host_address 127.0.0.1.9999
 -host_auth au1
+-host_auth_pubname PLAIN
 -interface_address 127.0.0.1.1225
 -received_protocol esmtpa
 -body_linecount 0
@@ -186,6 +187,7 @@ ddddddddd 0
 --helo_name rhu.barb
 -host_address 127.0.0.1.9999
 -host_auth au1
+-host_auth_pubname PLAIN
 -interface_address 127.0.0.1.1225
 -received_protocol esmtpa
 -body_linecount 0
@@ -211,6 +213,7 @@ ddddddddd 0
 --helo_name rhu.barb
 -host_address 127.0.0.1.9999
 -host_auth au1
+-host_auth_pubname PLAIN
 -interface_address 127.0.0.1.1225
 -received_protocol esmtpa
 -body_linecount 0
@@ -236,6 +239,7 @@ ddddddddd 0
 --helo_name rhu.barb
 -host_address 127.0.0.1.9999
 -host_auth au1
+-host_auth_pubname PLAIN
 -interface_address 127.0.0.1.1225
 -received_protocol esmtpa
 -body_linecount 0
@@ -261,6 +265,7 @@ ddddddddd 0
 --helo_name rhu.barb
 -host_address 127.0.0.1.9999
 -host_auth au1
+-host_auth_pubname PLAIN
 -interface_address 127.0.0.1.1225
 -received_protocol esmtpa
 -body_linecount 0