Auth info from transports must be tracked per-address.

diff --git a/src/src/deliver.c b/src/src/deliver.c
index af39448c595962488b37a90afad4316008cf287e..eef91036ac97053383ba8398dc39c3703c988035 100644 (file)
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -774,14 +774,14 @@ else
       string_printing(addr->peerdn), US"\"");
   #endif
 
       string_printing(addr->peerdn), US"\"");
   #endif
 

-  if (smtp_authenticated)
+  if (addr->authenticator)

     {
     {

-    s = string_append(s, &size, &ptr, 2, US" A=", client_authenticator);
-    if (client_authenticated_id)
+    s = string_append(s, &size, &ptr, 2, US" A=", addr->authenticator);
+    if (addr->auth_id)

       {
       {

-      s = string_append(s, &size, &ptr, 2, US":", client_authenticated_id);
-      if (log_extra_selector & LX_smtp_mailauth  &&  client_authenticated_sender)
-        s = string_append(s, &size, &ptr, 2, US":", client_authenticated_sender);
+      s = string_append(s, &size, &ptr, 2, US":", addr->auth_id);
+      if (log_extra_selector & LX_smtp_mailauth  &&  addr->auth_sndr)
+        s = string_append(s, &size, &ptr, 2, US":", addr->auth_sndr);

       }
     }
 
       }
     }
 


@@ -2928,14 +2928,13 @@ while (!done)
     switch (*ptr++)
     {
     case '1':
     switch (*ptr++)
     {
     case '1':

-      smtp_authenticated = TRUE;
-      client_authenticator = (*ptr)? string_copy(ptr) : NULL;
+      addr->authenticator = (*ptr)? string_copy(ptr) : NULL;

       break;
     case '2':
       break;
     case '2':

-      client_authenticated_id = (*ptr)? string_copy(ptr) : NULL;
+      addr->auth_id = (*ptr)? string_copy(ptr) : NULL;

       break;
     case '3':
       break;
     case '3':

-      client_authenticated_sender = (*ptr)? string_copy(ptr) : NULL;
+      addr->auth_sndr = (*ptr)? string_copy(ptr) : NULL;

       break;
     }
     while (*ptr++);
       break;
     }
     while (*ptr++);


@@ -3682,6 +3681,9 @@ for (delivery_count = 0; addr_remote != NULL; delivery_count++)
 
   deliver_set_expansions(addr);
 
 
   deliver_set_expansions(addr);
 

+  /* Ensure any transport-set auth info is fresh */
+  addr->authenticator = addr->auth_id = addr->auth_sndr = NULL;
+

   /* Compute the return path, expanding a new one if required. The old one
   must be set first, as it might be referred to in the expansion. */
 
   /* Compute the return path, expanding a new one if required. The old one
   must be set first, as it might be referred to in the expansion. */
 

diff --git a/src/src/globals.c b/src/src/globals.c
index 9645504f5611f22dc2486280b14fa49a77ebfa23..616a2350d777dfe9c580f7e89027d2835f3c2763 100644 (file)
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -315,6 +315,9 @@ address_item address_defaults = {
   NULL,                 /* cipher */
   NULL,                 /* peerdn */
   #endif
   NULL,                 /* cipher */
   NULL,                 /* peerdn */
   #endif

+  NULL,                        /* authenticator */
+  NULL,                        /* auth_id */
+  NULL,                        /* auth_sndr */

   (uid_t)(-1),          /* uid */
   (gid_t)(-1),          /* gid */
   0,                    /* flags */
   (uid_t)(-1),          /* uid */
   (gid_t)(-1),          /* gid */
   0,                    /* flags */

diff --git a/src/src/structs.h b/src/src/structs.h
index 1ad5d9b7e25366b9bc7b171ad4af46efad651492..5fc01e9e5316490777b23d5a1e72d6a3149b28b7 100644 (file)
--- a/src/src/structs.h
+++ b/src/src/structs.h
@@ -536,6 +536,10 @@ typedef struct address_item {
   uschar *peerdn;                 /* DN of server's certificate */
   #endif
 
   uschar *peerdn;                 /* DN of server's certificate */
   #endif
 

+  uschar *authenticator;         /* auth driver name used by transport */
+  uschar *auth_id;               /* auth "login" name used by transport */
+  uschar *auth_sndr;             /* AUTH arg to SMTP MAIL, used by transport */
+

   uid_t   uid;                    /* uid for transporting */
   gid_t   gid;                    /* gid for transporting */
 
   uid_t   uid;                    /* uid for transporting */
   gid_t   gid;                    /* gid for transporting */
 

diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index b4ef7cf4d77c72af3ea5a8f742430e99cab9c09b..6c3507609f2671e8c6b66284aecd2635cd67365a 100644 (file)
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -1272,6 +1272,7 @@ if (continue_hostname == NULL
   authenticator's client driver is running. */
 
   smtp_authenticated = FALSE;
   authenticator's client driver is running. */
 
   smtp_authenticated = FALSE;

+  client_authenticator = client_authenticated_id = client_authenticated_sender = NULL;

   require_auth = verify_check_this_host(&(ob->hosts_require_auth), NULL,
     host->name, host->address, NULL);
 
   require_auth = verify_check_this_host(&(ob->hosts_require_auth), NULL,
     host->name, host->address, NULL);
 


@@ -1501,8 +1502,6 @@ if ((smtp_authenticated || ob->authenticated_sender_force) &&
     Ustrlen(local_authenticated_sender)));
   client_authenticated_sender = string_copy(local_authenticated_sender);
   }
     Ustrlen(local_authenticated_sender)));
   client_authenticated_sender = string_copy(local_authenticated_sender);
   }

-else
-  client_authenticated_sender = NULL;

 
 /* From here until we send the DATA command, we can make use of PIPELINING
 if the server host supports it. The code has to be able to check the responses
 
 /* From here until we send the DATA command, we can make use of PIPELINING
 if the server host supports it. The code has to be able to check the responses