base.m4, auth.m4: Track a per-message authenticated user.

If we're relaying mail, and believing `AUTH=...' notes on `MAIL' lines,
then (a) we might be given several messages during a session, and (b)
they will in general have different `AUTH=...' notes, or none at all.
If we want to report the authenticated sender of a message, then, it's
important to track this information separately for each message.

Therefore, introduce `$acl_m_user', as a per-message counterpart to
`$acl_c_user'.  It gets set the same as `$acl_c_user' for non-SMTP
messages (where there can only be one) and after we've just checked a
submitter, in `mail_auth_check'; but it also gets set from
`$authenticated_sender' in the `mailauth' ACL.

diff --git a/auth.m4 b/auth.m4
index 019623d..04e1a07 100644 (file)
--- a/auth.m4
+++ b/auth.m4
@@ -93,6 +93,9 @@ mailauth:
        ## sender was presumably checked upstream, and we can believe that
        ## the name has been transmitted honestly.
        accept   condition = ${if def:tls_peerdn}
+                set acl_m_user = ${if match_address{$authenticated_sender} \
+                                                   {*@CONF_master_domain} \
+                                      {${local_part:$authenticated_sender}}}
 
        ## If this is submission, and the client has authenticated, then we
        ## check that the name matches the user.

diff --git a/base.m4 b/base.m4
index a00757e..cb0f7a6 100644 (file)
--- a/base.m4
+++ b/base.m4
@@ -147,6 +147,7 @@ SECTION(acl, misc)m4_dnl
 not_smtp_start:
        ## Record the user's name.
        warn     set acl_c_user = $sender_ident
+                set acl_m_user = $sender_ident
 
        ## Done.
        accept
@@ -312,6 +313,10 @@ mail_check_auth:
        deny     message = Sender not authenticated
                 condition = ${if !def:acl_c_user}
 
+       ## Set the per-message authentication flag, since we now know that
+       ## there's a sensible value.
+       warn     set acl_m_user = $acl_c_user
+
        ## All done.
        accept