From: Timo Sirainen Date: Mon, 27 Apr 2020 13:43:39 +0000 (+0300) Subject: auth: Add %{[real_]local/remote_ip/port} aliases for %{[real_]lip/rip/lport/rport) X-Git-Tag: 2.3.13~335 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bb2a9ba49a8b6c078179f57fe07b82dba845d41e;p=thirdparty%2Fdovecot%2Fcore.git auth: Add %{[real_]local/remote_ip/port} aliases for %{[real_]lip/rip/lport/rport) --- diff --git a/src/auth/auth-request-var-expand.c b/src/auth/auth-request-var-expand.c index 7b79c90281..f77bb37a6e 100644 --- a/src/auth/auth-request-var-expand.c +++ b/src/auth/auth-request-var-expand.c @@ -47,6 +47,17 @@ auth_request_var_expand_static_tab[AUTH_REQUEST_VAR_TAB_COUNT+1] = { { '\0', NULL, "auth_domain" }, { '\0', NULL, "local_name" }, { '\0', NULL, "client_id" }, + + /* aliases: */ + { '\0', NULL, "local_ip" }, + { '\0', NULL, "remote_ip" }, + { '\0', NULL, "local_port" }, + { '\0', NULL, "remote_port" }, + { '\0', NULL, "real_local_ip" }, + { '\0', NULL, "real_remote_ip" }, + { '\0', NULL, "real_local_port" }, + { '\0', NULL, "real_remote_port" }, + /* be sure to update AUTH_REQUEST_VAR_TAB_COUNT */ { '\0', NULL, NULL } }; @@ -99,9 +110,11 @@ auth_request_get_var_expand_table_full(const struct auth_request *auth_request, tab[3].value = escape_func(fields->service, auth_request); /* tab[4] = we have no home dir */ if (fields->local_ip.family != 0) - tab[5].value = net_ip2addr(&fields->local_ip); + tab[5].value = tab[35].value = + net_ip2addr(&fields->local_ip); if (fields->remote_ip.family != 0) - tab[6].value = net_ip2addr(&fields->remote_ip); + tab[6].value = tab[36].value = + net_ip2addr(&fields->remote_ip); tab[7].value = dec2str(auth_request->client_pid); if (auth_request->mech_password != NULL) { tab[8].value = escape_func(auth_request->mech_password, @@ -122,8 +135,8 @@ auth_request_get_var_expand_table_full(const struct auth_request *auth_request, case AUTH_REQUEST_SECURED_TLS: tab[11].value = "TLS"; break; default: tab[11].value = ""; break; }; - tab[12].value = dec2str(fields->local_port); - tab[13].value = dec2str(fields->remote_port); + tab[12].value = tab[37].value = dec2str(fields->local_port); + tab[13].value = tab[38].value = dec2str(fields->remote_port); tab[14].value = fields->valid_client_cert ? "valid" : ""; if (fields->requested_login_user != NULL) { @@ -141,11 +154,13 @@ auth_request_get_var_expand_table_full(const struct auth_request *auth_request, tab[18].value = fields->session_id == NULL ? NULL : escape_func(fields->session_id, auth_request); if (fields->real_local_ip.family != 0) - tab[19].value = net_ip2addr(&fields->real_local_ip); + tab[19].value = tab[39].value = + net_ip2addr(&fields->real_local_ip); if (fields->real_remote_ip.family != 0) - tab[20].value = net_ip2addr(&fields->real_remote_ip); - tab[21].value = dec2str(fields->real_local_port); - tab[22].value = dec2str(fields->real_remote_port); + tab[20].value = tab[40].value = + net_ip2addr(&fields->real_remote_ip); + tab[21].value = tab[41].value = dec2str(fields->real_local_port); + tab[22].value = tab[42].value = dec2str(fields->real_remote_port); tab[23].value = i_strchr_to_next(username, '@'); if (tab[23].value != NULL) { tab[23].value = escape_func(t_strcut(tab[23].value, '@'), diff --git a/src/auth/auth-request-var-expand.h b/src/auth/auth-request-var-expand.h index 70535a3376..6958e3621b 100644 --- a/src/auth/auth-request-var-expand.h +++ b/src/auth/auth-request-var-expand.h @@ -8,7 +8,7 @@ auth_request_escape_func_t(const char *string, #define AUTH_REQUEST_VAR_TAB_USER_IDX 0 #define AUTH_REQUEST_VAR_TAB_USERNAME_IDX 1 #define AUTH_REQUEST_VAR_TAB_DOMAIN_IDX 2 -#define AUTH_REQUEST_VAR_TAB_COUNT 35 +#define AUTH_REQUEST_VAR_TAB_COUNT 43 extern const struct var_expand_table auth_request_var_expand_static_tab[AUTH_REQUEST_VAR_TAB_COUNT+1]; diff --git a/src/auth/test-auth-request-var-expand.c b/src/auth/test-auth-request-var-expand.c index 557b0760cd..e54e2ba9e0 100644 --- a/src/auth/test-auth-request-var-expand.c +++ b/src/auth/test-auth-request-var-expand.c @@ -83,16 +83,19 @@ static bool test_empty_request(string_t *str, const char *input) static void test_auth_request_var_expand_shortlong(void) { static const char *test_input_short = - "%u\n%n\n%d\n%s\n%h\n%l\n%r\n%p\n%w\n%m\n%c\n%a\n%b\n%k\n"; + "%u\n%n\n%d\n%s\n%h\n%l\n%r\n%l\n%r\n%p\n%w\n%m\n%c\n" + "%a\n%b\n%a\n%b\n%k\n"; static const char *test_input_long = "%{user}\n%{username}\n%{domain}\n%{service}\n%{home}\n" - "%{lip}\n%{rip}\n%{pid}\n%{password}\n%{mech}\n%{secured}\n" - "%{lport}\n%{rport}\n%{cert}\n"; + "%{lip}\n%{rip}\n%{local_ip}\n%{remote_ip}\n" + "%{pid}\n%{password}\n%{mech}\n%{secured}\n" + "%{lport}\n%{rport}\n%{local_port}\n%{remote_port}\n%{cert}\n"; static const char *test_output = /* %{home} is intentionally always expanding to empty */ "+user@+domain1@+domain2\n+user\n+domain1@+domain2\n+service\n\n" - "7.91.205.21\n73.150.2.210\n54321\n+password\n+mech\nsecured\n" - "21\n210\nvalid\n"; + "7.91.205.21\n73.150.2.210\n7.91.205.21\n73.150.2.210\n" + "54321\n+password\n+mech\nsecured\n" + "21\n210\n21\n210\nvalid\n"; const struct var_expand_table *tab; string_t *str = t_str_new(256); const char *error; @@ -149,11 +152,15 @@ static void test_auth_request_var_expand_long(void) static const char *test_input = "%{login_user}\n%{login_username}\n%{login_domain}\n%{session}\n" "%{real_lip}\n%{real_rip}\n%{real_lport}\n%{real_rport}\n" + "%{real_local_ip}\n%{real_remote_ip}\n" + "%{real_local_port}\n%{real_remote_port}\n" "%{master_user}\n%{session_pid}\n" "%{orig_user}\n%{orig_username}\n%{orig_domain}\n"; static const char *test_output = "+loginuser@+logindomain1@+logindomain2\n+loginuser\n+logindomain1@+logindomain2\n+session\n" "13.81.174.20\n13.81.174.21\n200\n201\n" + "13.81.174.20\n13.81.174.21\n" + "200\n201\n" "+masteruser@+masterdomain1@+masterdomain2\n5000\n" "+origuser@+origdomain1@+origdomain2\n+origuser\n+origdomain1@+origdomain2\n"; string_t *str = t_str_new(256);