This allows using Dovecot proxying feature towards less trusted servers.
i_free(client->proxy_backend_capability);
client->proxy_backend_capability =
i_strdup(t_strcut(line + 5 + 12, ']'));
- if (str_array_icase_find(capabilities, "ID")) {
+ if (str_array_icase_find(capabilities, "ID") &&
+ !client->common.proxy_not_trusted) {
proxy_write_id(client, str);
if (client->common.proxy_nopipelining) {
/* write login or starttls after I OK */
reply_r->proxy_mech = value;
else if (strcmp(key, "proxy_nopipelining") == 0)
reply_r->proxy_nopipelining = TRUE;
+ else if (strcmp(key, "proxy_not_trusted") == 0)
+ reply_r->proxy_not_trusted = TRUE;
else if (strcmp(key, "master") == 0)
reply_r->master_user = value;
else if (strcmp(key, "ssl") == 0) {
client->proxy_master_user = i_strdup(reply->master_user);
client->proxy_password = i_strdup(reply->password);
client->proxy_nopipelining = reply->proxy_nopipelining;
+ client->proxy_not_trusted = reply->proxy_not_trusted;
/* disable input until authentication is finished */
if (client->io != NULL)
unsigned int proxy:1;
unsigned int proxy_nopipelining:1;
+ unsigned int proxy_not_trusted:1;
unsigned int temp:1;
unsigned int nologin:1;
unsigned int authz_failure:1;
unsigned int auth_process_comm_fail:1;
unsigned int proxy_auth_failed:1;
unsigned int proxy_nopipelining:1;
+ unsigned int proxy_not_trusted:1;
unsigned int auth_waiting:1;
unsigned int auth_user_disabled:1;
unsigned int auth_pass_expired:1;
string_t *str;
i_assert(client->common.proxy_ttl > 1);
- if (client->proxy_xclient) {
+ if (client->proxy_xclient &&
+ !client->common.proxy_not_trusted) {
/* remote supports XCLIENT, send it */
o_stream_nsend_str(output, t_strdup_printf(
"XCLIENT ADDR=%s PORT=%u SESSION=%s TTL=%u\r\n",
projects / thirdparty / dovecot / core.git / commitdiff
