Add tls_verify_hosts and tls_try_verify_hosts to smtp transport

[exim.git] / src / src / verify.c

diff --git a/src/src/verify.c b/src/src/verify.c
index 52404575f15d9d3ebf342a3b06ca4fc5badfc4c5..c83748a12f5c7f067d0e2d6ce68c85d1a7062501 100644 (file)
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -2,7 +2,7 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2009 */
+/* Copyright (c) University of Cambridge 1995 - 2014 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* Functions concerned with verifying things. The original code for callout
@@ -641,7 +641,8 @@ else
 #ifdef EXPERIMENTAL_OCSP
         ob->hosts_require_ocsp,
 #endif
-        ob->tls_dh_min_bits,         callout);
+        ob->tls_dh_min_bits, callout,
+         ob->tls_verify_hosts, ob->tls_try_verify_hosts);
 
         /* TLS negotiation failed; give an error.  Try in clear on a new connection,
            if the options permit it for this host. */
@@ -694,13 +695,23 @@ else
 
     done = TRUE; /* so far so good; have response to HELO */
 
-    /*XXX the EHLO response would be analyzed here for IGNOREQUOTA, SIZE, PIPELINING, AUTH */
-    /* If we haven't authenticated, but are required to, give up. */
+    /*XXX the EHLO response would be analyzed here for IGNOREQUOTA, SIZE, PIPELINING */
 
-    /*XXX "filter command specified for this transport" ??? */
-    /* for now, transport_filter by cutthrough-delivery is not supported */
+    /* For now, transport_filter by cutthrough-delivery is not supported */
     /* Need proper integration with the proper transport mechanism. */
-
+    if (cutthrough_delivery)
+      {
+      if (addr->transport->filter_command)
+        {
+        cutthrough_delivery= FALSE;
+        HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of transport filter\n");
+        }
+      if (ob->dkim_domain)
+        {
+        cutthrough_delivery= FALSE;
+        HDEBUG(D_acl|D_v) debug_printf("Cutthrough cancelled by presence of DKIM signing\n");
+        }
+      }
 
     SEND_FAILED:
     RESPONSE_FAILED:
@@ -722,11 +733,27 @@ else
         }
       }
 
+    /* If we haven't authenticated, but are required to, give up. */
+    /* Try to AUTH */
+
+    else done = smtp_auth(responsebuffer, sizeof(responsebuffer),
+       addr, host, ob, esmtp, &inblock, &outblock) == OK  &&
+
+               /* Copy AUTH info for logging */
+      ( (addr->authenticator = client_authenticator),
+        (addr->auth_id = client_authenticated_id),
+
+    /* Build a mail-AUTH string (re-using responsebuffer for convenience */
+        !smtp_mail_auth_str(responsebuffer, sizeof(responsebuffer), addr, ob)
+      )  &&
+
+      ( (addr->auth_sndr = client_authenticated_sender),
+
     /* Send the MAIL command */
+        (smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>%s\r\n",
+          from_address, responsebuffer) >= 0)
+      )  &&
 
-    else done =
-      smtp_write_command(&outblock, FALSE, "MAIL FROM:<%s>\r\n",
-        from_address) >= 0 &&
       smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer),
         '2', callout);