Auths: for A-R header, and SMTP auth, note the public-name not the authenticator...

       Also, for TLS auth use a custom propspec

diff --git a/src/src/acl.c b/src/src/acl.c
index fb8b75bc7b28c72e489b465c83de23336f50a900..61316a81e20c434a09afcf86a3d9d430b44024d3 100644 (file)
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -2970,9 +2970,8 @@ for (; cb != NULL; cb = cb->next)
     break;
 
     case ACLC_AUTHENTICATED:
     break;
 
     case ACLC_AUTHENTICATED:

-    rc = (sender_host_authenticated == NULL)? FAIL :
-      match_isinlist(sender_host_authenticated, &arg, 0, NULL, NULL, MCL_STRING,
-        TRUE, NULL);
+      rc = sender_host_authenticated ? match_isinlist(sender_host_authenticated,
+             &arg, 0, NULL, NULL, MCL_STRING, TRUE, NULL) : FAIL;

     break;
 
     #ifdef EXPERIMENTAL_BRIGHTMAIL
     break;
 
     #ifdef EXPERIMENTAL_BRIGHTMAIL

diff --git a/src/src/globals.c b/src/src/globals.c
index 7e228d09872d7c6d3d6bc3be8a7863908ddb4abc..5f1c87fc0f6de80c41f1ebf2b1597c61a3e3a8f7 100644 (file)
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -1277,6 +1277,7 @@ uschar *sender_helo_name       = NULL;
 uschar **sender_host_aliases   = &no_aliases;
 uschar *sender_host_address    = NULL;
 uschar *sender_host_authenticated = NULL;
 uschar **sender_host_aliases   = &no_aliases;
 uschar *sender_host_address    = NULL;
 uschar *sender_host_authenticated = NULL;

+uschar *sender_host_auth_pubname  = NULL;

 unsigned int sender_host_cache[(MAX_NAMED_LIST * 2)/32];
 BOOL    sender_host_dnssec     = FALSE;
 uschar *sender_host_name       = NULL;
 unsigned int sender_host_cache[(MAX_NAMED_LIST * 2)/32];
 BOOL    sender_host_dnssec     = FALSE;
 uschar *sender_host_name       = NULL;

diff --git a/src/src/globals.h b/src/src/globals.h
index b5cb6407bb273c6958fc087354afc74cc1f4ca0b..801a00fb3347a6e116e48064be4f469b01e7fe61 100644 (file)
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -786,6 +786,7 @@ extern uschar *sender_fullhost;        /* Sender host name + address */
 extern BOOL    sender_helo_dnssec;     /* True if HELO verify used DNS and was DNSSEC */
 extern uschar *sender_helo_name;       /* Host name from HELO/EHLO */
 extern uschar **sender_host_aliases;   /* Points to list of alias names */
 extern BOOL    sender_helo_dnssec;     /* True if HELO verify used DNS and was DNSSEC */
 extern uschar *sender_helo_name;       /* Host name from HELO/EHLO */
 extern uschar **sender_host_aliases;   /* Points to list of alias names */

+extern uschar *sender_host_auth_pubname; /* Public-name of authentication method */

 extern unsigned int sender_host_cache[(MAX_NAMED_LIST * 2)/32]; /* Cache bits for incoming host */
 extern BOOL    sender_host_dnssec;     /* true if sender_host_name verified in DNSSEC */
 extern BOOL    sender_host_notsocket;  /* Set for -bs and -bS */
 extern unsigned int sender_host_cache[(MAX_NAMED_LIST * 2)/32]; /* Cache bits for incoming host */
 extern BOOL    sender_host_dnssec;     /* true if sender_host_name verified in DNSSEC */
 extern BOOL    sender_host_notsocket;  /* Set for -bs and -bS */

diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index c45e7e26f5ef19f1453fed32dedc9ffa89f0e3e0..03dcad73e25cb27644dc7b378299127767f3e881 100644 (file)
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -2375,7 +2375,8 @@ smtp_exit_function_called = FALSE;    /* For avoiding loop in not-quit exit */
 /* If receiving by -bs from a trusted user, or testing with -bh, we allow
 authentication settings from -oMaa to remain in force. */
 
 /* If receiving by -bs from a trusted user, or testing with -bh, we allow
 authentication settings from -oMaa to remain in force. */
 

-if (!host_checking && !sender_host_notsocket) sender_host_authenticated = NULL;
+if (!host_checking && !sender_host_notsocket)
+  sender_host_auth_pubname = sender_host_authenticated = NULL;

 authenticated_by = NULL;
 
 #ifdef SUPPORT_TLS
 authenticated_by = NULL;
 
 #ifdef SUPPORT_TLS


@@ -3625,6 +3626,7 @@ switch(rc)
     {
     if (set_id) authenticated_id = string_copy_malloc(set_id);
     sender_host_authenticated = au->name;
     {
     if (set_id) authenticated_id = string_copy_malloc(set_id);
     sender_host_authenticated = au->name;

+    sender_host_auth_pubname  = au->public_name;

     authentication_failed = FALSE;
     authenticated_fail_id = NULL;   /* Impossible to already be set? */
 
     authentication_failed = FALSE;
     authenticated_fail_id = NULL;   /* Impossible to already be set? */
 


@@ -4556,10 +4558,10 @@ while (done <= 0)
                 US"invalid data for AUTH");
               goto COMMAND_LOOP;
               }
                 US"invalid data for AUTH");
               goto COMMAND_LOOP;
               }

-            if (acl_smtp_mailauth == NULL)
+            if (!acl_smtp_mailauth)

               {
               ignore_msg = US"client not authenticated";
               {
               ignore_msg = US"client not authenticated";

-              rc = (sender_host_authenticated != NULL)? OK : FAIL;
+              rc = sender_host_authenticated ? OK : FAIL;

               }
             else
               {
               }
             else
               {


@@ -5356,7 +5358,7 @@ while (done <= 0)
          + (tls_in.active >= 0 ? pcrpted : 0)
          ];
 
          + (tls_in.active >= 0 ? pcrpted : 0)
          ];
 

-      sender_host_authenticated = NULL;
+      sender_host_auth_pubname = sender_host_authenticated = NULL;

       authenticated_id = NULL;
       sync_cmd_limit = NON_SYNC_CMD_NON_PIPELINING;
       DEBUG(D_tls) debug_printf("TLS active\n");
       authenticated_id = NULL;
       sync_cmd_limit = NON_SYNC_CMD_NON_PIPELINING;
       DEBUG(D_tls) debug_printf("TLS active\n");


@@ -5751,8 +5753,15 @@ authres_smtpauth(gstring * g)
 if (!sender_host_authenticated)
   return g;
 
 if (!sender_host_authenticated)
   return g;
 

-g = string_append(g, 4, US";\n\tauth=pass"
-       " (", sender_host_authenticated, US") smtp.auth=", authenticated_id);
+g = string_append(g, 2, US";\n\tauth=pass (", sender_host_auth_pubname);
+
+if (Ustrcmp(sender_host_auth_pubname, "tls") != 0)
+  g = string_append(g, 2, US") smtp.auth=", authenticated_id);
+else if (authenticated_id)
+  g = string_append(g, 2, US") x509.auth=", authenticated_id);
+else
+  g = string_catn(g, US") reason=x509.auth", 17);
+

 if (authenticated_sender)
   g = string_append(g, 2, US" smtp.mailfrom=", authenticated_sender);
 return g;
 if (authenticated_sender)
   g = string_append(g, 2, US" smtp.mailfrom=", authenticated_sender);
 return g;

diff --git a/test/confs/3700 b/test/confs/3700
index 00a17b497645c72be632716bb3a39761eec6df55..6578ecb2d14737caac69142b56414594424415d3 100644 (file)
--- a/test/confs/3700
+++ b/test/confs/3700
@@ -12,6 +12,8 @@ log_selector = +received_recipients +outgoing_port
 acl_smtp_auth = log_call
 acl_smtp_mail = check_authd
 acl_smtp_rcpt = check_authd
 acl_smtp_auth = log_call
 acl_smtp_mail = check_authd
 acl_smtp_rcpt = check_authd

+acl_smtp_data = ar_header
+

 queue_only
 queue_run_in_order
 trusted_users = CALLER
 queue_only
 queue_run_in_order
 trusted_users = CALLER


@@ -36,6 +38,8 @@ check_authd:
           !authenticated = *
   accept
 
           !authenticated = *
   accept
 

+ar_header:
+  accept  add_header = :at_start:${authresults {$primary_hostname}}

 
 # ----- Authentication -----
 
 
 # ----- Authentication -----
 


@@ -54,9 +58,14 @@ tls:
 
 begin routers
 
 
 begin routers
 

-r1:
-  driver = accept
-  transport = ${if eq {$local_part}{smtps} {t2}{t1}}
+server_r:
+  driver =     accept
+  condition =  ${if eq {server}{SERVER}}
+  transport =  file
+
+client_r1:
+  driver =     accept
+  transport =  ${if eq {$local_part}{smtps} {t2}{t1}}

 
 
 # ----- Transports -----
 
 
 # ----- Transports -----


@@ -82,4 +91,9 @@ t2:
   tls_verify_certificates = DIR/aux-fixed/cert1
   tls_verify_cert_hostnames = :
 
   tls_verify_certificates = DIR/aux-fixed/cert1
   tls_verify_cert_hostnames = :
 

+file:
+  driver = appendfile
+  file = DIR/test-mail/$local_part
+  user = CALLER
+

 # End
 # End

diff --git a/test/log/3700 b/test/log/3700
index 82c09850e0660c73bd25ffe21cabccd21e617163..d81b944d731d3dee6751d554b349b9c865ab9cf2 100644 (file)
--- a/test/log/3700
+++ b/test/log/3700
@@ -1,9 +1,9 @@
 1999-03-02 09:44:33 10HmaX-0005vi-00 <= ok@test.ex U=CALLER P=local S=sss for x@y
 1999-03-02 09:44:33 10HmaY-0005vi-00 <= ok@test.ex U=CALLER P=local S=sss for smtps@y
 1999-03-02 09:44:33 Start queue run: pid=pppp
 1999-03-02 09:44:33 10HmaX-0005vi-00 <= ok@test.ex U=CALLER P=local S=sss for x@y
 1999-03-02 09:44:33 10HmaY-0005vi-00 <= ok@test.ex U=CALLER P=local S=sss for smtps@y
 1999-03-02 09:44:33 Start queue run: pid=pppp

-1999-03-02 09:44:33 10HmaX-0005vi-00 => x@y R=r1 T=t1 H=127.0.0.1 [127.0.0.1]:1225 X=TLS_proto_and_cipher CV=yes C="250 OK id=10HmaZ-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 => x@y R=client_r1 T=t1 H=127.0.0.1 [127.0.0.1]:1225 X=TLS_proto_and_cipher CV=yes C="250 OK id=10HmaZ-0005vi-00"

 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
 1999-03-02 09:44:33 10HmaX-0005vi-00 Completed

-1999-03-02 09:44:33 10HmaY-0005vi-00 => smtps@y R=r1 T=t2 H=127.0.0.1 [127.0.0.1]:1224 X=TLS_proto_and_cipher CV=yes C="250 OK id=10HmbA-0005vi-00"
+1999-03-02 09:44:33 10HmaY-0005vi-00 => smtps@y R=client_r1 T=t2 H=127.0.0.1 [127.0.0.1]:1224 X=TLS_proto_and_cipher CV=yes C="250 OK id=10HmbA-0005vi-00"

 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
 1999-03-02 09:44:33 End queue run: pid=pppp
 
 1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
 1999-03-02 09:44:33 End queue run: pid=pppp
 


@@ -13,3 +13,9 @@
 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= ok@test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=tls:"Phil Pennock" S=sss id=E10HmaX-0005vi-00@myhost.test.ex for x@y
 1999-03-02 09:44:33 Auth ACL called, after smtp cmd ""
 1999-03-02 09:44:33 10HmbA-0005vi-00 <= ok@test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=tls:"Phil Pennock" S=sss id=E10HmaY-0005vi-00@myhost.test.ex for smtps@y
 1999-03-02 09:44:33 10HmaZ-0005vi-00 <= ok@test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=tls:"Phil Pennock" S=sss id=E10HmaX-0005vi-00@myhost.test.ex for x@y
 1999-03-02 09:44:33 Auth ACL called, after smtp cmd ""
 1999-03-02 09:44:33 10HmbA-0005vi-00 <= ok@test.ex H=localhost (myhost.test.ex) [127.0.0.1] P=esmtpsa X=TLS_proto_and_cipher CV=yes A=tls:"Phil Pennock" S=sss id=E10HmaY-0005vi-00@myhost.test.ex for smtps@y

+1999-03-02 09:44:33 Start queue run: pid=pppp
+1999-03-02 09:44:33 10HmaZ-0005vi-00 => x <x@y> R=server_r T=file
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Completed
+1999-03-02 09:44:33 10HmbA-0005vi-00 => smtps <smtps@y> R=server_r T=file
+1999-03-02 09:44:33 10HmbA-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp

diff --git a/test/mail/3403.userx b/test/mail/3403.userx
index c344d9b703ef5e1c9f89256d3fa86b53eb569f80..08cdf9a3126a36f04d476fc4967011cdc07dcf38 100644 (file)
--- a/test/mail/3403.userx
+++ b/test/mail/3403.userx
@@ -1,6 +1,6 @@
 From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999
 Authentication-Results: myhost.test.ex;
 From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999
 Authentication-Results: myhost.test.ex;

-       auth=pass (plain1) smtp.auth=userx
+       auth=pass (PLAIN) smtp.auth=userx

 Received: from CALLER (helo=testing.ex)
        by myhost.test.ex with local-esmtpa (Exim x.yz)
        (envelope-from <CALLER@myhost.test.ex>)
 Received: from CALLER (helo=testing.ex)
        by myhost.test.ex with local-esmtpa (Exim x.yz)
        (envelope-from <CALLER@myhost.test.ex>)

diff --git a/test/mail/3700.smtps b/test/mail/3700.smtps
new file mode 100644 (file)
index 0000000..60a3d23
--- /dev/null
+++ b/test/mail/3700.smtps
@@ -0,0 +1,19 @@
+From ok@test.ex Tue Mar 02 09:44:33 1999
+Authentication-Results: myhost.test.ex;
+       iprev=pass (localhost);
+       auth=pass (tls) x509.auth="Phil Pennock"
+Received: from localhost ([127.0.0.1] helo=myhost.test.ex)
+       by myhost.test.ex with esmtpsa (TLSv1:ke-RSA-AES256-SHA:xxx)
+       (Exim x.yz)
+       (envelope-from <ok@test.ex>)
+       id 10HmbA-0005vi-00
+       for smtps@y; Tue, 2 Mar 1999 09:44:33 +0000
+Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+       (envelope-from <ok@test.ex>)
+       id 10HmaY-0005vi-00
+       for smtps@y; Tue, 2 Mar 1999 09:44:33 +0000
+Message-Id: <E10HmaY-0005vi-00@myhost.test.ex>
+From: ok@test.ex
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+

diff --git a/test/mail/3700.x b/test/mail/3700.x
new file mode 100644 (file)
index 0000000..8154499
--- /dev/null
+++ b/test/mail/3700.x
@@ -0,0 +1,19 @@
+From ok@test.ex Tue Mar 02 09:44:33 1999
+Authentication-Results: myhost.test.ex;
+       iprev=pass (localhost);
+       auth=pass (tls) x509.auth="Phil Pennock"
+Received: from localhost ([127.0.0.1] helo=myhost.test.ex)
+       by myhost.test.ex with esmtpsa (TLSv1:ke-RSA-AES256-SHA:xxx)
+       (Exim x.yz)
+       (envelope-from <ok@test.ex>)
+       id 10HmaZ-0005vi-00
+       for x@y; Tue, 2 Mar 1999 09:44:33 +0000
+Received: from CALLER by myhost.test.ex with local (Exim x.yz)
+       (envelope-from <ok@test.ex>)
+       id 10HmaX-0005vi-00
+       for x@y; Tue, 2 Mar 1999 09:44:33 +0000
+Message-Id: <E10HmaX-0005vi-00@myhost.test.ex>
+From: ok@test.ex
+Date: Tue, 2 Mar 1999 09:44:33 +0000
+
+

diff --git a/test/scripts/3700-TLS-auth/3700 b/test/scripts/3700-TLS-auth/3700
index e4b68607ac09a9157b3f9b34fb3822cafc7484b8..f9b41d31c8cd15dd163e99d1f2cdfe671d65291c 100644 (file)
--- a/test/scripts/3700-TLS-auth/3700
+++ b/test/scripts/3700-TLS-auth/3700
@@ -10,4 +10,6 @@ exim -f ok@test.ex smtps@y
 exim -q
 ****
 killdaemon
 exim -q
 ****
 killdaemon

+exim -DSERVER=server -DNOTDAEMON -q
+****

 no_msglog_check
 no_msglog_check