lib-storage: mail-user: Added more information about the client conne…

…ction. Submission service will need it to pass to the backend MTA in XCLIENT and for creating the "Received:" header.
dovecot · Dec 11, 2017 · 211caf3 · 211caf3
1 parent e213fe0
commit 211caf3
Show file tree

Hide file tree

Showing 7 changed files with 36 additions and 2 deletions.
diff --git a/src/imap/main.c b/src/imap/main.c
@@ -319,16 +319,22 @@ login_client_connected(const struct master_login_client *login_client,
 #define MSG_BYE_INTERNAL_ERROR "* BYE "MAIL_ERRSTR_CRITICAL_MSG"\r\n"
 	struct mail_storage_service_input input;
 	struct client *client;
-	enum mail_auth_request_flags flags;
+	enum mail_auth_request_flags flags = login_client->auth_req.flags;
 	const char *error;
 
 	i_zero(&input);
 	input.module = input.service = "imap";
 	input.local_ip = login_client->auth_req.local_ip;
 	input.remote_ip = login_client->auth_req.remote_ip;
+	input.local_port = login_client->auth_req.local_port;
+	input.remote_port = login_client->auth_req.remote_port;
 	input.username = username;
 	input.userdb_fields = extra_fields;
 	input.session_id = login_client->session_id;
+	if ((flags & MAIL_AUTH_REQUEST_FLAG_CONN_SECURED) != 0)
+		input.conn_secured = TRUE;
+	if ((flags & MAIL_AUTH_REQUEST_FLAG_CONN_SSL_SECURED) != 0)
+		input.conn_ssl_secured = TRUE;
 
 	if (client_create_from_input(&input, login_client->fd, login_client->fd,
 				     &client, &error) < 0) {
@@ -344,7 +350,6 @@ login_client_connected(const struct master_login_client *login_client,
 		master_service_client_connection_destroyed(master_service);
 		return;
 	}
-	flags = login_client->auth_req.flags;
 	if ((flags & MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION) != 0)
 		client->tls_compression = TRUE;
 	client_add_input_capability(client, login_client->data,

diff --git a/src/lib-storage/mail-storage-service.c b/src/lib-storage/mail-storage-service.c
@@ -666,6 +666,10 @@ mail_storage_service_init_post(struct mail_storage_service_ctx *ctx,
 	i_zero(&conn_data);
 	conn_data.local_ip = &user->input.local_ip;
 	conn_data.remote_ip = &user->input.remote_ip;
+	conn_data.local_port = user->input.local_port;
+	conn_data.remote_port = user->input.remote_port;
+	conn_data.secured = user->input.conn_secured;
+	conn_data.ssl_secured = user->input.conn_ssl_secured;
 
 	/* NOTE: if more user initialization is added, add it also to
 	   mail_user_dup() */

diff --git a/src/lib-storage/mail-storage-service.h b/src/lib-storage/mail-storage-service.h
@@ -62,6 +62,10 @@ struct mail_storage_service_input {
 	bool no_userdb_lookup:1;
 	/* Enable auth_debug=yes for this lookup */
 	bool debug:1;
+	/* Connection is secure (SSL or just trusted) */
+	bool conn_secured:1;
+	/* Connection is secured using SSL specifically */
+	bool conn_ssl_secured:1;
 };
 
 extern struct module *mail_storage_service_modules;

diff --git a/src/lib-storage/mail-user.h b/src/lib-storage/mail-user.h
@@ -19,6 +19,10 @@ struct mail_user_vfuncs {
 
 struct mail_user_connection_data {
 	struct ip_addr *local_ip, *remote_ip;
+	in_port_t local_port, remote_port;
+
+	bool secured:1;
+	bool ssl_secured:1;
 };
 
 struct mail_user {

diff --git a/src/lmtp/client.c b/src/lmtp/client.c
@@ -99,7 +99,13 @@ static void client_read_settings(struct client *client)
 	input.module = input.service = "lmtp";
 	input.local_ip = client->local_ip;
 	input.remote_ip = client->remote_ip;
+	input.local_port = client->local_port;
+	input.remote_port = client->remote_port;
 	input.username = "";
+	input.conn_ssl_secured =
+		smtp_server_connection_is_ssl_secured(client->conn);
+	input.conn_secured = input.conn_ssl_secured ||
+		smtp_server_connection_is_trusted(client->conn);
 
 	if (mail_storage_service_read_settings(storage_service, &input,
 					       client->pool,

diff --git a/src/lmtp/lmtp-local.c b/src/lmtp/lmtp-local.c
@@ -344,6 +344,10 @@ int lmtp_local_rcpt(struct client *client,
 	input.local_port = client->local_port;
 	input.remote_port = client->remote_port;
 	input.session_id = session_id;
+	input.conn_ssl_secured =
+		smtp_server_connection_is_ssl_secured(client->conn);
+	input.conn_secured = input.conn_ssl_secured ||
+		smtp_server_connection_is_trusted(client->conn);
 
 	ret = mail_storage_service_lookup(storage_service, &input,
 					  &service_user, &error);

diff --git a/src/pop3/main.c b/src/pop3/main.c
@@ -257,16 +257,23 @@ login_client_connected(const struct master_login_client *login_client,
 {
 	struct client *client;
 	struct mail_storage_service_input input;
+	enum mail_auth_request_flags flags = login_client->auth_req.flags;
 	const char *error;
 	buffer_t input_buf;
 
 	i_zero(&input);
 	input.module = input.service = "pop3";
 	input.local_ip = login_client->auth_req.local_ip;
 	input.remote_ip = login_client->auth_req.remote_ip;
+	input.local_port = login_client->auth_req.local_port;
+	input.remote_port = login_client->auth_req.remote_port;
 	input.username = username;
 	input.userdb_fields = extra_fields;
 	input.session_id = login_client->session_id;
+	if ((flags & MAIL_AUTH_REQUEST_FLAG_CONN_SECURED) != 0)
+		input.conn_secured = TRUE;
+	if ((flags & MAIL_AUTH_REQUEST_FLAG_CONN_SSL_SECURED) != 0)
+		input.conn_ssl_secured = TRUE;
 
 	buffer_create_from_const_data(&input_buf, login_client->data,
 				      login_client->auth_req.data_size);