From: Philip Hazel Date: Thu, 27 Jul 2006 10:13:52 +0000 (+0000) Subject: Made -oMaa and -oMt work with -bh and -bs to pretend the connection is X-Git-Tag: exim-4_63~7 X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=33d73e3b7a0201f4af19e8217ced618e68eaf1fb;p=exim.git Made -oMaa and -oMt work with -bh and -bs to pretend the connection is authenticated or an ident call has been made. Suppress the default values for $authenticated_id and $authenticated_sender (but permit -oMai and -oMas) when testing with -bh. --- diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 2b3f4745e..8ec3d8865 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.380 2006/07/21 16:48:42 jetmore Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.381 2006/07/27 10:13:52 ph10 Exp $ Change log file for Exim from version 4.21 ------------------------------------------- @@ -126,6 +126,11 @@ JJ/01 exipick: added --reverse (and -R synonym), --random, --size, --sort and JJ/02 exipick: rewrote --help documentation to hopefully make more clear. +PH/23 Made -oMaa and -oMt work with -bh and -bs to pretend the connection is + authenticated or an ident call has been made. Suppress the default + values for $authenticated_id and $authenticated_sender (but permit -oMai + and -oMas) when testing with -bh. + Exim version 4.62 ----------------- diff --git a/src/src/exim.c b/src/src/exim.c index 3ac7d8313..8c5c23eff 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/exim.c,v 1.41 2006/07/13 13:53:33 ph10 Exp $ */ +/* $Cambridge: exim/src/src/exim.c,v 1.42 2006/07/27 10:13:52 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -1287,6 +1287,7 @@ BOOL more = TRUE; BOOL one_msg_action = FALSE; BOOL queue_only_set = FALSE; BOOL receiving_message = TRUE; +BOOL sender_ident_set = FALSE; BOOL unprivileged; BOOL removed_privilege = FALSE; BOOL verify_address_mode = FALSE; @@ -2520,7 +2521,11 @@ for (i = 1; i < argc; i++) /* -oMt: Set sender ident */ - else if (Ustrcmp(argrest, "Mt") == 0) sender_ident = argv[++i]; + else if (Ustrcmp(argrest, "Mt") == 0) + { + sender_ident_set = TRUE; + sender_ident = argv[++i]; + } /* Else a bad argument */ @@ -4055,12 +4060,14 @@ if ((sender_address == NULL && !smtp_input) || sender_local = TRUE; /* A trusted caller can supply authenticated_sender and authenticated_id - via -oMas and -oMai and if so, they will already be set. */ + via -oMas and -oMai and if so, they will already be set. Otherwise, force + defaults except when host checking. */ - if (authenticated_sender == NULL) + if (authenticated_sender == NULL && !host_checking) authenticated_sender = string_sprintf("%s@%s", originator_login, qualify_domain_sender); - if (authenticated_id == NULL) authenticated_id = originator_login; + if (authenticated_id == NULL && !host_checking) + authenticated_id = originator_login; } /* Trusted callers are always permitted to specify the sender address. @@ -4225,20 +4232,24 @@ if (raw_active_hostname != NULL) } /* Handle host checking: this facility mocks up an incoming SMTP call from a -given IP address so that the blocking and relay configuration can be tested. An -RFC 1413 call is made only if we are running in the test harness and an -incoming interface and both ports are specified, because there is no TCP/IP -call to find the ident for. */ +given IP address so that the blocking and relay configuration can be tested. +Unless a sender_ident was set by -oMt, we discard it (the default is the +caller's login name). An RFC 1413 call is made only if we are running in the +test harness and an incoming interface and both ports are specified, because +there is no TCP/IP call to find the ident for. */ if (host_checking) { int x[4]; int size; - sender_ident = NULL; - if (running_in_test_harness && sender_host_port != 0 && - interface_address != NULL && interface_port != 0) - verify_get_ident(1413); + if (!sender_ident_set) + { + sender_ident = NULL; + if (running_in_test_harness && sender_host_port != 0 && + interface_address != NULL && interface_port != 0) + verify_get_ident(1413); + } /* In case the given address is a non-canonical IPv6 address, canonicize it. The code works for both IPv4 and IPv6, as it happens. */ diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index 881bfff58..531eaabe4 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/smtp_in.c,v 1.39 2006/07/13 13:53:33 ph10 Exp $ */ +/* $Cambridge: exim/src/src/smtp_in.c,v 1.40 2006/07/27 10:13:52 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -1156,7 +1156,10 @@ sync_cmd_limit = NON_SYNC_CMD_NON_PIPELINING; memset(sender_host_cache, 0, sizeof(sender_host_cache)); -sender_host_authenticated = NULL; +/* If receiving by -bs from a trusted user, or testing with -bh, we allow +authentication settings from -oMaa to remain in force. */ + +if (!host_checking && !sender_host_notsocket) sender_host_authenticated = NULL; authenticated_by = NULL; #ifdef SUPPORT_TLS diff --git a/test/confs/0537 b/test/confs/0537 new file mode 100644 index 000000000..b8dec5a30 --- /dev/null +++ b/test/confs/0537 @@ -0,0 +1,50 @@ +# Exim test configuration 0537 + +TRUSTED= + +exim_path = EXIM_PATH +host_lookup_order = bydns +primary_hostname = myhost.test.ex +rfc1413_query_timeout = 0s +spool_directory = DIR/spool +log_file_path = DIR/spool/log/%slog +gecos_pattern = "" +gecos_name = CALLER_NAME + +# ----- Main settings ----- + +acl_smtp_connect = connect +acl_smtp_mail = mail +acl_not_smtp_start = mail + +queue_only +trusted_users = TRUSTED + +# ----- ACLs ----- + +begin ACL + +connect: + accept acl = log + +mail: + accept acl = log + acl = auth + +log: + accept logwrite = =========================================================== + logwrite = sender_ip_address=[$sender_host_address] + logwrite = sender_host_authenticated=$sender_host_authenticated + logwrite = authenticated_id=$authenticated_id + logwrite = authenticated_sender=$authenticated_sender + logwrite = interface_address=[$interface_address] + logwrite = received_protocol=$received_protocol + logwrite = sender_host_name=$sender_host_name + logwrite = sender_ident=$sender_ident + +auth: + accept authenticated = * + logwrite = +++ host is authenticated +++ + + accept + diff --git a/test/log/0537 b/test/log/0537 new file mode 100644 index 000000000..28145e6e4 --- /dev/null +++ b/test/log/0537 @@ -0,0 +1,39 @@ +1999-03-02 09:44:33 =========================================================== +1999-03-02 09:44:33 sender_ip_address=[5.6.7.8] +1999-03-02 09:44:33 sender_host_authenticated=authname +1999-03-02 09:44:33 authenticated_id=authid +1999-03-02 09:44:33 authenticated_sender=authsender +1999-03-02 09:44:33 interface_address=[9.10.11.12] +1999-03-02 09:44:33 received_protocol=smtp +1999-03-02 09:44:33 sender_host_name=hostname +1999-03-02 09:44:33 sender_ident=ident +1999-03-02 09:44:33 =========================================================== +1999-03-02 09:44:33 sender_ip_address=[5.6.7.8] +1999-03-02 09:44:33 sender_host_authenticated=authname +1999-03-02 09:44:33 authenticated_id=authid +1999-03-02 09:44:33 authenticated_sender= +1999-03-02 09:44:33 interface_address=[9.10.11.12] +1999-03-02 09:44:33 received_protocol=esmtpa +1999-03-02 09:44:33 sender_host_name=hostname +1999-03-02 09:44:33 sender_ident=ident +1999-03-02 09:44:33 +++ host is authenticated +++ +1999-03-02 09:44:33 =========================================================== +1999-03-02 09:44:33 sender_ip_address=[5.6.7.8] +1999-03-02 09:44:33 sender_host_authenticated=authname +1999-03-02 09:44:33 authenticated_id=authid +1999-03-02 09:44:33 authenticated_sender= +1999-03-02 09:44:33 interface_address=[9.10.11.12] +1999-03-02 09:44:33 received_protocol=esmtpa +1999-03-02 09:44:33 sender_host_name=hostname +1999-03-02 09:44:33 sender_ident=ident +1999-03-02 09:44:33 +++ host is authenticated +++ +1999-03-02 09:44:33 =========================================================== +1999-03-02 09:44:33 sender_ip_address=[5.6.7.8] +1999-03-02 09:44:33 sender_host_authenticated=authname +1999-03-02 09:44:33 authenticated_id=authid +1999-03-02 09:44:33 authenticated_sender=authsender +1999-03-02 09:44:33 interface_address=[9.10.11.12] +1999-03-02 09:44:33 received_protocol=protocol +1999-03-02 09:44:33 sender_host_name=hostname +1999-03-02 09:44:33 sender_ident=ident +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@myhost.test.ex H=hostname [5.6.7.8] U=ident P=protocol A=authname:authid S=sss diff --git a/test/scripts/0000-Basic/0537 b/test/scripts/0000-Basic/0537 new file mode 100644 index 000000000..615f797dd --- /dev/null +++ b/test/scripts/0000-Basic/0537 @@ -0,0 +1,47 @@ +# -oMa... options in various situations +exim -oMa 5.6.7.8 -bh 1.2.3.4 +quit +**** +exim -bh 1.2.3.4 \ + -oMa 5.6.7.8 \ + -oMaa authname \ + -oMai authid \ + -oMr protocol \ + -oMas authsender \ + -oMi 9.10.11.12 \ + -oMs hostname \ + -oMt ident +ehlo a.b +mail from:<> +rset +mail from:<> auth= +quit +**** +exim -DTRUSTED=CALLER \ + -bs \ + -oMa 5.6.7.8 \ + -oMaa authname \ + -oMai authid \ + -oMr protocol \ + -oMas authsender \ + -oMi 9.10.11.12 \ + -oMs hostname \ + -oMt ident +ehlo a.b +mail from:<> +rset +mail from:<> auth= +quit +**** +exim -DTRUSTED=CALLER \ + -oMa 5.6.7.8 \ + -oMaa authname \ + -oMai authid \ + -oMr protocol \ + -oMas authsender \ + -oMi 9.10.11.12 \ + -oMs hostname \ + -oMt ident \ + userx +**** +no_msglog_check diff --git a/test/stderr/0537 b/test/stderr/0537 new file mode 100644 index 000000000..a4c766269 --- /dev/null +++ b/test/stderr/0537 @@ -0,0 +1,167 @@ +>>> host in hosts_connection_nolog? no (option unset) +>>> host in host_lookup? no (option unset) +>>> host in host_reject_connection? no (option unset) +>>> host in sender_unqualified_hosts? no (option unset) +>>> host in recipient_unqualified_hosts? no (option unset) +>>> host in helo_verify_hosts? no (option unset) +>>> host in helo_try_verify_hosts? no (option unset) +>>> host in helo_accept_junk_hosts? no (option unset) +>>> using ACL "connect" +>>> processing "accept" +>>> check acl = log +>>> using ACL "log" +>>> processing "accept" +>>> check logwrite = =========================================================== +LOG: =========================================================== +>>> check logwrite = sender_ip_address=[$sender_host_address] +>>> = sender_ip_address=[1.2.3.4] +LOG: sender_ip_address=[1.2.3.4] +>>> check logwrite = sender_host_authenticated=$sender_host_authenticated +>>> = sender_host_authenticated= +LOG: sender_host_authenticated= +>>> check logwrite = authenticated_id=$authenticated_id +>>> = authenticated_id= +LOG: authenticated_id= +>>> check logwrite = authenticated_sender=$authenticated_sender +>>> = authenticated_sender= +LOG: authenticated_sender= +>>> check logwrite = interface_address=[$interface_address] +>>> = interface_address=[] +LOG: interface_address=[] +>>> check logwrite = received_protocol=$received_protocol +>>> = received_protocol=smtp +LOG: received_protocol=smtp +>>> looking up host name for 1.2.3.4 +LOG: no host name found for IP address 1.2.3.4 +>>> check logwrite = sender_host_name=$sender_host_name +>>> = sender_host_name= +LOG: sender_host_name= +>>> check logwrite = sender_ident=$sender_ident +>>> = sender_ident= +LOG: sender_ident= +>>> accept: condition test succeeded +>>> accept: condition test succeeded +>>> host in hosts_connection_nolog? no (option unset) +>>> host in host_lookup? no (option unset) +>>> host in host_reject_connection? no (option unset) +>>> host in sender_unqualified_hosts? no (option unset) +>>> host in recipient_unqualified_hosts? no (option unset) +>>> host in helo_verify_hosts? no (option unset) +>>> host in helo_try_verify_hosts? no (option unset) +>>> host in helo_accept_junk_hosts? no (option unset) +>>> using ACL "connect" +>>> processing "accept" +>>> check acl = log +>>> using ACL "log" +>>> processing "accept" +>>> check logwrite = =========================================================== +LOG: =========================================================== +>>> check logwrite = sender_ip_address=[$sender_host_address] +>>> = sender_ip_address=[5.6.7.8] +LOG: sender_ip_address=[5.6.7.8] +>>> check logwrite = sender_host_authenticated=$sender_host_authenticated +>>> = sender_host_authenticated=authname +LOG: sender_host_authenticated=authname +>>> check logwrite = authenticated_id=$authenticated_id +>>> = authenticated_id=authid +LOG: authenticated_id=authid +>>> check logwrite = authenticated_sender=$authenticated_sender +>>> = authenticated_sender=authsender +LOG: authenticated_sender=authsender +>>> check logwrite = interface_address=[$interface_address] +>>> = interface_address=[9.10.11.12] +LOG: interface_address=[9.10.11.12] +>>> check logwrite = received_protocol=$received_protocol +>>> = received_protocol=smtp +LOG: received_protocol=smtp +>>> check logwrite = sender_host_name=$sender_host_name +>>> = sender_host_name=hostname +LOG: sender_host_name=hostname +>>> check logwrite = sender_ident=$sender_ident +>>> = sender_ident=ident +LOG: sender_ident=ident +>>> accept: condition test succeeded +>>> accept: condition test succeeded +>>> host in pipelining_advertise_hosts? yes (matched "*") +>>> using ACL "mail" +>>> processing "accept" +>>> check acl = log +>>> using ACL "log" +>>> processing "accept" +>>> check logwrite = =========================================================== +LOG: =========================================================== +>>> check logwrite = sender_ip_address=[$sender_host_address] +>>> = sender_ip_address=[5.6.7.8] +LOG: sender_ip_address=[5.6.7.8] +>>> check logwrite = sender_host_authenticated=$sender_host_authenticated +>>> = sender_host_authenticated=authname +LOG: sender_host_authenticated=authname +>>> check logwrite = authenticated_id=$authenticated_id +>>> = authenticated_id=authid +LOG: authenticated_id=authid +>>> check logwrite = authenticated_sender=$authenticated_sender +>>> = authenticated_sender= +LOG: authenticated_sender= +>>> check logwrite = interface_address=[$interface_address] +>>> = interface_address=[9.10.11.12] +LOG: interface_address=[9.10.11.12] +>>> check logwrite = received_protocol=$received_protocol +>>> = received_protocol=esmtpa +LOG: received_protocol=esmtpa +>>> check logwrite = sender_host_name=$sender_host_name +>>> = sender_host_name=hostname +LOG: sender_host_name=hostname +>>> check logwrite = sender_ident=$sender_ident +>>> = sender_ident=ident +LOG: sender_ident=ident +>>> accept: condition test succeeded +>>> check acl = auth +>>> using ACL "auth" +>>> processing "accept" +>>> check authenticated = * +>>> authname in "*"? yes (matched "*") +>>> check logwrite = +++ host is authenticated +++ +LOG: +++ host is authenticated +++ +>>> accept: condition test succeeded +>>> accept: condition test succeeded +>>> using ACL "mail" +>>> processing "accept" +>>> check acl = log +>>> using ACL "log" +>>> processing "accept" +>>> check logwrite = =========================================================== +LOG: =========================================================== +>>> check logwrite = sender_ip_address=[$sender_host_address] +>>> = sender_ip_address=[5.6.7.8] +LOG: sender_ip_address=[5.6.7.8] +>>> check logwrite = sender_host_authenticated=$sender_host_authenticated +>>> = sender_host_authenticated=authname +LOG: sender_host_authenticated=authname +>>> check logwrite = authenticated_id=$authenticated_id +>>> = authenticated_id=authid +LOG: authenticated_id=authid +>>> check logwrite = authenticated_sender=$authenticated_sender +>>> = authenticated_sender= +LOG: authenticated_sender= +>>> check logwrite = interface_address=[$interface_address] +>>> = interface_address=[9.10.11.12] +LOG: interface_address=[9.10.11.12] +>>> check logwrite = received_protocol=$received_protocol +>>> = received_protocol=esmtpa +LOG: received_protocol=esmtpa +>>> check logwrite = sender_host_name=$sender_host_name +>>> = sender_host_name=hostname +LOG: sender_host_name=hostname +>>> check logwrite = sender_ident=$sender_ident +>>> = sender_ident=ident +LOG: sender_ident=ident +>>> accept: condition test succeeded +>>> check acl = auth +>>> using ACL "auth" +>>> processing "accept" +>>> check authenticated = * +>>> authname in "*"? yes (matched "*") +>>> check logwrite = +++ host is authenticated +++ +LOG: +++ host is authenticated +++ +>>> accept: condition test succeeded +>>> accept: condition test succeeded diff --git a/test/stdout/0537 b/test/stdout/0537 new file mode 100644 index 000000000..086c9fa20 --- /dev/null +++ b/test/stdout/0537 @@ -0,0 +1,30 @@ + +**** SMTP testing session as if from host 1.2.3.4 +**** but without any ident (RFC 1413) callback. +**** This is not for real! + +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +221 myhost.test.ex closing connection + +**** SMTP testing session as if from host 5.6.7.8 +**** but without any ident (RFC 1413) callback. +**** This is not for real! + +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello ident at hostname [5.6.7.8] +250-SIZE 52428800 +250-PIPELINING +250 HELP +250 OK +250 Reset OK +250 OK +221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250-myhost.test.ex Hello ident at hostname [5.6.7.8] +250-SIZE 52428800 +250-PIPELINING +250 HELP +250 OK +250 Reset OK +250 OK +221 myhost.test.ex closing connection