From 211caf3c233d562b0c8137e5eefae3cb1ef13003 Mon Sep 17 00:00:00 2001 From: Stephan Bosch Date: Sat, 9 Dec 2017 02:09:35 +0100 Subject: [PATCH] lib-storage: mail-user: Added more information about the client connection. Submission service will need it to pass to the backend MTA in XCLIENT and for creating the "Received:" header. --- src/imap/main.c | 9 +++++++-- src/lib-storage/mail-storage-service.c | 4 ++++ src/lib-storage/mail-storage-service.h | 4 ++++ src/lib-storage/mail-user.h | 4 ++++ src/lmtp/client.c | 6 ++++++ src/lmtp/lmtp-local.c | 4 ++++ src/pop3/main.c | 7 +++++++ 7 files changed, 36 insertions(+), 2 deletions(-) diff --git a/src/imap/main.c b/src/imap/main.c index 4f67b5a9c1..f9961af5ad 100644 --- a/src/imap/main.c +++ b/src/imap/main.c @@ -319,16 +319,22 @@ login_client_connected(const struct master_login_client *login_client, #define MSG_BYE_INTERNAL_ERROR "* BYE "MAIL_ERRSTR_CRITICAL_MSG"\r\n" struct mail_storage_service_input input; struct client *client; - enum mail_auth_request_flags flags; + enum mail_auth_request_flags flags = login_client->auth_req.flags; const char *error; i_zero(&input); input.module = input.service = "imap"; input.local_ip = login_client->auth_req.local_ip; input.remote_ip = login_client->auth_req.remote_ip; + input.local_port = login_client->auth_req.local_port; + input.remote_port = login_client->auth_req.remote_port; input.username = username; input.userdb_fields = extra_fields; input.session_id = login_client->session_id; + if ((flags & MAIL_AUTH_REQUEST_FLAG_CONN_SECURED) != 0) + input.conn_secured = TRUE; + if ((flags & MAIL_AUTH_REQUEST_FLAG_CONN_SSL_SECURED) != 0) + input.conn_ssl_secured = TRUE; if (client_create_from_input(&input, login_client->fd, login_client->fd, &client, &error) < 0) { @@ -344,7 +350,6 @@ login_client_connected(const struct master_login_client *login_client, master_service_client_connection_destroyed(master_service); return; } - flags = login_client->auth_req.flags; if ((flags & MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION) != 0) client->tls_compression = TRUE; client_add_input_capability(client, login_client->data, diff --git a/src/lib-storage/mail-storage-service.c b/src/lib-storage/mail-storage-service.c index dd77032eb6..3ddc306f3a 100644 --- a/src/lib-storage/mail-storage-service.c +++ b/src/lib-storage/mail-storage-service.c @@ -666,6 +666,10 @@ mail_storage_service_init_post(struct mail_storage_service_ctx *ctx, i_zero(&conn_data); conn_data.local_ip = &user->input.local_ip; conn_data.remote_ip = &user->input.remote_ip; + conn_data.local_port = user->input.local_port; + conn_data.remote_port = user->input.remote_port; + conn_data.secured = user->input.conn_secured; + conn_data.ssl_secured = user->input.conn_ssl_secured; /* NOTE: if more user initialization is added, add it also to mail_user_dup() */ diff --git a/src/lib-storage/mail-storage-service.h b/src/lib-storage/mail-storage-service.h index e02e09ef90..9bbb304ec0 100644 --- a/src/lib-storage/mail-storage-service.h +++ b/src/lib-storage/mail-storage-service.h @@ -62,6 +62,10 @@ struct mail_storage_service_input { bool no_userdb_lookup:1; /* Enable auth_debug=yes for this lookup */ bool debug:1; + /* Connection is secure (SSL or just trusted) */ + bool conn_secured:1; + /* Connection is secured using SSL specifically */ + bool conn_ssl_secured:1; }; extern struct module *mail_storage_service_modules; diff --git a/src/lib-storage/mail-user.h b/src/lib-storage/mail-user.h index 9529242f83..410707eccb 100644 --- a/src/lib-storage/mail-user.h +++ b/src/lib-storage/mail-user.h @@ -19,6 +19,10 @@ struct mail_user_vfuncs { struct mail_user_connection_data { struct ip_addr *local_ip, *remote_ip; + in_port_t local_port, remote_port; + + bool secured:1; + bool ssl_secured:1; }; struct mail_user { diff --git a/src/lmtp/client.c b/src/lmtp/client.c index 734a5fc43b..61b5ce486a 100644 --- a/src/lmtp/client.c +++ b/src/lmtp/client.c @@ -99,7 +99,13 @@ static void client_read_settings(struct client *client) input.module = input.service = "lmtp"; input.local_ip = client->local_ip; input.remote_ip = client->remote_ip; + input.local_port = client->local_port; + input.remote_port = client->remote_port; input.username = ""; + input.conn_ssl_secured = + smtp_server_connection_is_ssl_secured(client->conn); + input.conn_secured = input.conn_ssl_secured || + smtp_server_connection_is_trusted(client->conn); if (mail_storage_service_read_settings(storage_service, &input, client->pool, diff --git a/src/lmtp/lmtp-local.c b/src/lmtp/lmtp-local.c index 7b969e15ff..fda0211663 100644 --- a/src/lmtp/lmtp-local.c +++ b/src/lmtp/lmtp-local.c @@ -344,6 +344,10 @@ int lmtp_local_rcpt(struct client *client, input.local_port = client->local_port; input.remote_port = client->remote_port; input.session_id = session_id; + input.conn_ssl_secured = + smtp_server_connection_is_ssl_secured(client->conn); + input.conn_secured = input.conn_ssl_secured || + smtp_server_connection_is_trusted(client->conn); ret = mail_storage_service_lookup(storage_service, &input, &service_user, &error); diff --git a/src/pop3/main.c b/src/pop3/main.c index daf91d9cee..cb1b6d72ed 100644 --- a/src/pop3/main.c +++ b/src/pop3/main.c @@ -257,6 +257,7 @@ login_client_connected(const struct master_login_client *login_client, { struct client *client; struct mail_storage_service_input input; + enum mail_auth_request_flags flags = login_client->auth_req.flags; const char *error; buffer_t input_buf; @@ -264,9 +265,15 @@ login_client_connected(const struct master_login_client *login_client, input.module = input.service = "pop3"; input.local_ip = login_client->auth_req.local_ip; input.remote_ip = login_client->auth_req.remote_ip; + input.local_port = login_client->auth_req.local_port; + input.remote_port = login_client->auth_req.remote_port; input.username = username; input.userdb_fields = extra_fields; input.session_id = login_client->session_id; + if ((flags & MAIL_AUTH_REQUEST_FLAG_CONN_SECURED) != 0) + input.conn_secured = TRUE; + if ((flags & MAIL_AUTH_REQUEST_FLAG_CONN_SSL_SECURED) != 0) + input.conn_ssl_secured = TRUE; buffer_create_from_const_data(&input_buf, login_client->data, login_client->auth_req.data_size);