summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2012-11-09 00:19:09 +0000
committerJeremy Harris <jgh146exb@wizmail.org>2012-11-09 00:44:36 +0000
commit018c60d7505a46f7dfd8630fbd59a3f900f6ae22 (patch)
tree74f9f3ff7dbf79613abe667356fd40947910c960 /src
parent05caaeaae58a10357a29082c288dccdcd85e8ee4 (diff)
Auth info from transports must be tracked per-address.
Diffstat (limited to 'src')
-rw-r--r--src/src/deliver.c22
-rw-r--r--src/src/globals.c3
-rw-r--r--src/src/structs.h4
-rw-r--r--src/src/transports/smtp.c3
4 files changed, 20 insertions, 12 deletions
diff --git a/src/src/deliver.c b/src/src/deliver.c
index af39448c5..eef91036a 100644
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -774,14 +774,14 @@ else
string_printing(addr->peerdn), US"\"");
#endif
- if (smtp_authenticated)
+ if (addr->authenticator)
{
- s = string_append(s, &size, &ptr, 2, US" A=", client_authenticator);
- if (client_authenticated_id)
+ s = string_append(s, &size, &ptr, 2, US" A=", addr->authenticator);
+ if (addr->auth_id)
{
- s = string_append(s, &size, &ptr, 2, US":", client_authenticated_id);
- if (log_extra_selector & LX_smtp_mailauth && client_authenticated_sender)
- s = string_append(s, &size, &ptr, 2, US":", client_authenticated_sender);
+ s = string_append(s, &size, &ptr, 2, US":", addr->auth_id);
+ if (log_extra_selector & LX_smtp_mailauth && addr->auth_sndr)
+ s = string_append(s, &size, &ptr, 2, US":", addr->auth_sndr);
}
}
@@ -2928,14 +2928,13 @@ while (!done)
switch (*ptr++)
{
case '1':
- smtp_authenticated = TRUE;
- client_authenticator = (*ptr)? string_copy(ptr) : NULL;
+ addr->authenticator = (*ptr)? string_copy(ptr) : NULL;
break;
case '2':
- client_authenticated_id = (*ptr)? string_copy(ptr) : NULL;
+ addr->auth_id = (*ptr)? string_copy(ptr) : NULL;
break;
case '3':
- client_authenticated_sender = (*ptr)? string_copy(ptr) : NULL;
+ addr->auth_sndr = (*ptr)? string_copy(ptr) : NULL;
break;
}
while (*ptr++);
@@ -3682,6 +3681,9 @@ for (delivery_count = 0; addr_remote != NULL; delivery_count++)
deliver_set_expansions(addr);
+ /* Ensure any transport-set auth info is fresh */
+ addr->authenticator = addr->auth_id = addr->auth_sndr = NULL;
+
/* Compute the return path, expanding a new one if required. The old one
must be set first, as it might be referred to in the expansion. */
diff --git a/src/src/globals.c b/src/src/globals.c
index 9645504f5..616a2350d 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -315,6 +315,9 @@ address_item address_defaults = {
NULL, /* cipher */
NULL, /* peerdn */
#endif
+ NULL, /* authenticator */
+ NULL, /* auth_id */
+ NULL, /* auth_sndr */
(uid_t)(-1), /* uid */
(gid_t)(-1), /* gid */
0, /* flags */
diff --git a/src/src/structs.h b/src/src/structs.h
index 1ad5d9b7e..5fc01e9e5 100644
--- a/src/src/structs.h
+++ b/src/src/structs.h
@@ -536,6 +536,10 @@ typedef struct address_item {
uschar *peerdn; /* DN of server's certificate */
#endif
+ uschar *authenticator; /* auth driver name used by transport */
+ uschar *auth_id; /* auth "login" name used by transport */
+ uschar *auth_sndr; /* AUTH arg to SMTP MAIL, used by transport */
+
uid_t uid; /* uid for transporting */
gid_t gid; /* gid for transporting */
diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index b4ef7cf4d..6c3507609 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -1272,6 +1272,7 @@ if (continue_hostname == NULL
authenticator's client driver is running. */
smtp_authenticated = FALSE;
+ client_authenticator = client_authenticated_id = client_authenticated_sender = NULL;
require_auth = verify_check_this_host(&(ob->hosts_require_auth), NULL,
host->name, host->address, NULL);
@@ -1501,8 +1502,6 @@ if ((smtp_authenticated || ob->authenticated_sender_force) &&
Ustrlen(local_authenticated_sender)));
client_authenticated_sender = string_copy(local_authenticated_sender);
}
-else
- client_authenticated_sender = NULL;
/* From here until we send the DATA command, we can make use of PIPELINING
if the server host supports it. The code has to be able to check the responses