From 018c60d7505a46f7dfd8630fbd59a3f900f6ae22 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Fri, 9 Nov 2012 00:19:09 +0000 Subject: [PATCH] Auth info from transports must be tracked per-address. --- src/src/deliver.c | 22 ++++++++++++---------- src/src/globals.c | 3 +++ src/src/structs.h | 4 ++++ src/src/transports/smtp.c | 3 +-- 4 files changed, 20 insertions(+), 12 deletions(-) diff --git a/src/src/deliver.c b/src/src/deliver.c index af39448c5..eef91036a 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -774,14 +774,14 @@ else string_printing(addr->peerdn), US"\""); #endif - if (smtp_authenticated) + if (addr->authenticator) { - s = string_append(s, &size, &ptr, 2, US" A=", client_authenticator); - if (client_authenticated_id) + s = string_append(s, &size, &ptr, 2, US" A=", addr->authenticator); + if (addr->auth_id) { - s = string_append(s, &size, &ptr, 2, US":", client_authenticated_id); - if (log_extra_selector & LX_smtp_mailauth && client_authenticated_sender) - s = string_append(s, &size, &ptr, 2, US":", client_authenticated_sender); + s = string_append(s, &size, &ptr, 2, US":", addr->auth_id); + if (log_extra_selector & LX_smtp_mailauth && addr->auth_sndr) + s = string_append(s, &size, &ptr, 2, US":", addr->auth_sndr); } } @@ -2928,14 +2928,13 @@ while (!done) switch (*ptr++) { case '1': - smtp_authenticated = TRUE; - client_authenticator = (*ptr)? string_copy(ptr) : NULL; + addr->authenticator = (*ptr)? string_copy(ptr) : NULL; break; case '2': - client_authenticated_id = (*ptr)? string_copy(ptr) : NULL; + addr->auth_id = (*ptr)? string_copy(ptr) : NULL; break; case '3': - client_authenticated_sender = (*ptr)? string_copy(ptr) : NULL; + addr->auth_sndr = (*ptr)? string_copy(ptr) : NULL; break; } while (*ptr++); @@ -3682,6 +3681,9 @@ for (delivery_count = 0; addr_remote != NULL; delivery_count++) deliver_set_expansions(addr); + /* Ensure any transport-set auth info is fresh */ + addr->authenticator = addr->auth_id = addr->auth_sndr = NULL; + /* Compute the return path, expanding a new one if required. The old one must be set first, as it might be referred to in the expansion. */ diff --git a/src/src/globals.c b/src/src/globals.c index 9645504f5..616a2350d 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -315,6 +315,9 @@ address_item address_defaults = { NULL, /* cipher */ NULL, /* peerdn */ #endif + NULL, /* authenticator */ + NULL, /* auth_id */ + NULL, /* auth_sndr */ (uid_t)(-1), /* uid */ (gid_t)(-1), /* gid */ 0, /* flags */ diff --git a/src/src/structs.h b/src/src/structs.h index 1ad5d9b7e..5fc01e9e5 100644 --- a/src/src/structs.h +++ b/src/src/structs.h @@ -536,6 +536,10 @@ typedef struct address_item { uschar *peerdn; /* DN of server's certificate */ #endif + uschar *authenticator; /* auth driver name used by transport */ + uschar *auth_id; /* auth "login" name used by transport */ + uschar *auth_sndr; /* AUTH arg to SMTP MAIL, used by transport */ + uid_t uid; /* uid for transporting */ gid_t gid; /* gid for transporting */ diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index b4ef7cf4d..6c3507609 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -1272,6 +1272,7 @@ if (continue_hostname == NULL authenticator's client driver is running. */ smtp_authenticated = FALSE; + client_authenticator = client_authenticated_id = client_authenticated_sender = NULL; require_auth = verify_check_this_host(&(ob->hosts_require_auth), NULL, host->name, host->address, NULL); @@ -1501,8 +1502,6 @@ if ((smtp_authenticated || ob->authenticated_sender_force) && Ustrlen(local_authenticated_sender))); client_authenticated_sender = string_copy(local_authenticated_sender); } -else - client_authenticated_sender = NULL; /* From here until we send the DATA command, we can make use of PIPELINING if the server host supports it. The code has to be able to check the responses -- 2.25.1