diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2018-02-25 15:24:26 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2018-02-25 16:30:55 +0000 |
| commit | c44ff8bea951faba4aae92b868b69e221bf7b52b (patch) | |
| tree | aba38608793c0142aa92bec91b8aafca36dfecc3 /src | |
| parent | b988b06146c5d16e0ca0ea86ffcf2d83938088ed (diff) | |
Auths: for A-R header, and SMTP auth, note the public-name not the authenticator name
Also, for TLS auth use a custom propspec
Diffstat (limited to 'src')
| -rw-r--r-- | src/src/acl.c | 5 | ||||
| -rw-r--r-- | src/src/globals.c | 1 | ||||
| -rw-r--r-- | src/src/globals.h | 1 | ||||
| -rw-r--r-- | src/src/smtp_in.c | 21 |
4 files changed, 19 insertions, 9 deletions
diff --git a/src/src/acl.c b/src/src/acl.c index fb8b75bc7..61316a81e 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -2970,9 +2970,8 @@ for (; cb != NULL; cb = cb->next) break; case ACLC_AUTHENTICATED: - rc = (sender_host_authenticated == NULL)? FAIL : - match_isinlist(sender_host_authenticated, &arg, 0, NULL, NULL, MCL_STRING, - TRUE, NULL); + rc = sender_host_authenticated ? match_isinlist(sender_host_authenticated, + &arg, 0, NULL, NULL, MCL_STRING, TRUE, NULL) : FAIL; break; #ifdef EXPERIMENTAL_BRIGHTMAIL diff --git a/src/src/globals.c b/src/src/globals.c index 7e228d098..5f1c87fc0 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -1277,6 +1277,7 @@ uschar *sender_helo_name = NULL; uschar **sender_host_aliases = &no_aliases; uschar *sender_host_address = NULL; uschar *sender_host_authenticated = NULL; +uschar *sender_host_auth_pubname = NULL; unsigned int sender_host_cache[(MAX_NAMED_LIST * 2)/32]; BOOL sender_host_dnssec = FALSE; uschar *sender_host_name = NULL; diff --git a/src/src/globals.h b/src/src/globals.h index b5cb6407b..801a00fb3 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -786,6 +786,7 @@ extern uschar *sender_fullhost; /* Sender host name + address */ extern BOOL sender_helo_dnssec; /* True if HELO verify used DNS and was DNSSEC */ extern uschar *sender_helo_name; /* Host name from HELO/EHLO */ extern uschar **sender_host_aliases; /* Points to list of alias names */ +extern uschar *sender_host_auth_pubname; /* Public-name of authentication method */ extern unsigned int sender_host_cache[(MAX_NAMED_LIST * 2)/32]; /* Cache bits for incoming host */ extern BOOL sender_host_dnssec; /* true if sender_host_name verified in DNSSEC */ extern BOOL sender_host_notsocket; /* Set for -bs and -bS */ diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index c45e7e26f..03dcad73e 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -2375,7 +2375,8 @@ smtp_exit_function_called = FALSE; /* For avoiding loop in not-quit exit */ /* If receiving by -bs from a trusted user, or testing with -bh, we allow authentication settings from -oMaa to remain in force. */ -if (!host_checking && !sender_host_notsocket) sender_host_authenticated = NULL; +if (!host_checking && !sender_host_notsocket) + sender_host_auth_pubname = sender_host_authenticated = NULL; authenticated_by = NULL; #ifdef SUPPORT_TLS @@ -3625,6 +3626,7 @@ switch(rc) { if (set_id) authenticated_id = string_copy_malloc(set_id); sender_host_authenticated = au->name; + sender_host_auth_pubname = au->public_name; authentication_failed = FALSE; authenticated_fail_id = NULL; /* Impossible to already be set? */ @@ -4556,10 +4558,10 @@ while (done <= 0) US"invalid data for AUTH"); goto COMMAND_LOOP; } - if (acl_smtp_mailauth == NULL) + if (!acl_smtp_mailauth) { ignore_msg = US"client not authenticated"; - rc = (sender_host_authenticated != NULL)? OK : FAIL; + rc = sender_host_authenticated ? OK : FAIL; } else { @@ -5356,7 +5358,7 @@ while (done <= 0) + (tls_in.active >= 0 ? pcrpted : 0) ]; - sender_host_authenticated = NULL; + sender_host_auth_pubname = sender_host_authenticated = NULL; authenticated_id = NULL; sync_cmd_limit = NON_SYNC_CMD_NON_PIPELINING; DEBUG(D_tls) debug_printf("TLS active\n"); @@ -5751,8 +5753,15 @@ authres_smtpauth(gstring * g) if (!sender_host_authenticated) return g; -g = string_append(g, 4, US";\n\tauth=pass" - " (", sender_host_authenticated, US") smtp.auth=", authenticated_id); +g = string_append(g, 2, US";\n\tauth=pass (", sender_host_auth_pubname); + +if (Ustrcmp(sender_host_auth_pubname, "tls") != 0) + g = string_append(g, 2, US") smtp.auth=", authenticated_id); +else if (authenticated_id) + g = string_append(g, 2, US") x509.auth=", authenticated_id); +else + g = string_catn(g, US") reason=x509.auth", 17); + if (authenticated_sender) g = string_append(g, 2, US" smtp.mailfrom=", authenticated_sender); return g; |