Add client_condition to authenticators.

author: Philip Hazel <ph10@hermes.cam.ac.uk> 2007-06-18 13:57:49 +0000
committer: Philip Hazel <ph10@hermes.cam.ac.uk> 2007-06-18 13:57:49 +0000
commit: 6c512171a8449f14cc284e13aabc0153d9977c43 (patch)
tree: abb960215b47568d9dc6da67ab39fcf172b9219b /src
parent: 93655c46a6d1c1931c50fe6e17fd711578d4f07e (diff)
3 files changed, 29 insertions, 8 deletions
diff --git a/src/src/globals.c b/src/src/globals.c
index 7b14f7b93..7d34c6699 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/globals.c,v 1.73 2007/06/14 14:18:19 ph10 Exp $ */
+/* $Cambridge: exim/src/src/globals.c,v 1.74 2007/06/18 13:57:50 ph10 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -32,6 +32,8 @@ static void dummy(int x) { dummy(x-1); }
 data blocks and hence have the opt_public flag set. */
 
 optionlist optionlist_auths[] = {
+  { "client_condition", opt_stringptr | opt_public,
+                 (void *)(offsetof(auth_instance, client_condition)) },
   { "driver",        opt_stringptr | opt_public,
                  (void *)(offsetof(auth_instance, driver_name)) },
   { "public_name",   opt_stringptr | opt_public,
@@ -327,6 +329,7 @@ auth_instance auth_defaults    = {
     NULL,                      /* private options block pointer */
     NULL,                      /* driver_name */
     NULL,                      /* advertise_condition */
+    NULL,                      /* client_condition */
     NULL,                      /* public_name */
     NULL,                      /* set_id */
     NULL,                      /* server_mail_auth_condition */
diff --git a/src/src/structs.h b/src/src/structs.h
index 71d9d3a68..cc0e521b7 100644
--- a/src/src/structs.h
+++ b/src/src/structs.h
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/structs.h,v 1.15 2007/01/08 10:50:18 ph10 Exp $ */
+/* $Cambridge: exim/src/src/structs.h,v 1.16 2007/06/18 13:57:50 ph10 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -362,6 +362,7 @@ typedef struct auth_instance {
   void   *options_block;          /* Pointer to private options */
   uschar *driver_name;            /* Must be first */
   uschar *advertise_condition;    /* Are we going to advertise this?*/
+  uschar *client_condition;       /* Should the client try this? */
   uschar *public_name;            /* Advertised name */
   uschar *set_id;                 /* String to set as authenticated id */
   uschar *mail_auth_condition;    /* Condition for AUTH on MAIL command */
diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index 2fce7bab2..537f32aa5 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/transports/smtp.c,v 1.36 2007/02/08 15:16:19 ph10 Exp $ */
+/* $Cambridge: exim/src/src/transports/smtp.c,v 1.37 2007/06/18 13:57:50 ph10 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -789,7 +789,8 @@ return yield;
 
 /* If continue_hostname is not null, we get here only when continuing to
 deliver down an existing channel. The channel was passed as the standard
-input.
+input. TLS is never active on a passed channel; the previous process always
+closes it down before passing the connection on.
 
 Otherwise, we have to make a connection to the remote host, and do the
 initial protocol exchange.
@@ -886,6 +887,11 @@ outblock.ptr = outbuffer;
 outblock.cmd_count = 0;
 outblock.authenticating = FALSE;
 
+/* Reset the parameters of a TLS session. */
+
+tls_cipher = NULL;
+tls_peerdn = NULL;
+
 /* If an authenticated_sender override has been specified for this transport
 instance, expand it. If the expansion is forced to fail, and there was already
 an authenticated_sender for this message, the original value will be used.
@@ -1233,14 +1239,25 @@ if (continue_hostname == NULL
       DEBUG(D_transport) debug_printf("scanning authentication mechanisms\n");
 
       /* Scan the configured authenticators looking for one which is configured
-      for use as a client and whose name matches an authentication mechanism
-      supported by the server. If one is found, attempt to authenticate by
-      calling its client function. */
+      for use as a client, which is not suppressed by client_condition, and
+      whose name matches an authentication mechanism supported by the server.
+      If one is found, attempt to authenticate by calling its client function.
+      */
 
       for (au = auths; !smtp_authenticated && au != NULL; au = au->next)
         {
         uschar *p = names;
-        if (!au->client) continue;
+        if (!au->client ||
+            (au->client_condition != NULL &&
+             !expand_check_condition(au->client_condition, au->name,
+               US"client authenticator")))
+          {
+          DEBUG(D_transport) debug_printf("skipping %s authenticator: %s\n",
+            au->name,
+            (au->client)? "client_condition is false" :
+                          "not configured as a client");
+          continue;
+          }
 
         /* Loop to scan supported server mechanisms */
author	Philip Hazel <ph10@hermes.cam.ac.uk>	2007-06-18 13:57:49 +0000
committer	Philip Hazel <ph10@hermes.cam.ac.uk>	2007-06-18 13:57:49 +0000
commit	6c512171a8449f14cc284e13aabc0153d9977c43 (patch)
tree	abb960215b47568d9dc6da67ab39fcf172b9219b /src
parent	93655c46a6d1c1931c50fe6e17fd711578d4f07e (diff)