- fprintf(f, "VERSION\t%d\t%d\nCPID\t%d\n"
- "AUTH\t%d\t%s\tservice=smtp\trip=%s\tlip=%s\tresp=%s\n",
- VERSION_MAJOR, VERSION_MINOR, getpid(), cuid,
- ablock->public_name, sender_host_address, interface_address,
- data ? (char *) data : "");
+ /* Added by PH: data must not contain tab (as it is
+ b64 it shouldn't, but check for safety). */
+
+ if (Ustrchr(data, '\t') != NULL) {
+ ret = FAIL;
+ goto out;
+ }
+
+ /* Added by PH: extra fields when TLS is in use or if the TCP/IP
+ connection is local. */
+
+ if (tls_cipher != NULL)
+ auth_extra_data = string_sprintf("secured\t%s%s",
+ tls_certificate_verified? "valid-client-cert" : "",
+ tls_certificate_verified? "\t" : "");
+ else if (Ustrcmp(sender_host_address, interface_address) == 0)
+ auth_extra_data = US"secured\t";
+