From: Aki Tuomi Date: Mon, 20 Feb 2017 18:37:09 +0000 (+0200) Subject: imap-login: Allow x-forward- to specify forward fields from trusted networks X-Git-Tag: 2.3.0.rc1~1920 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=998eadc15aabe598cc9301fdb28c0fef5225b3f7;p=thirdparty%2Fdovecot%2Fcore.git imap-login: Allow x-forward- to specify forward fields from trusted networks --- diff --git a/src/imap-login/imap-login-client.c b/src/imap-login/imap-login-client.c index bfe51c284c..79f1c1a284 100644 --- a/src/imap-login/imap-login-client.c +++ b/src/imap-login/imap-login-client.c @@ -200,6 +200,17 @@ client_update_info(struct imap_client *client, client->common.session_id = p_strdup(client->common.pool, value); } + } else if (strncasecmp(key, "x-forward-", 10) == 0) { + /* handle extra field */ + if (client->common.forward_fields == NULL) + client->common.forward_fields = str_new(client->common.preproxy_pool, 32); + else + str_append_c(client->common.forward_fields, '\t'); + /* prefixing is done by auth process */ + str_append_tabescaped(client->common.forward_fields, + key+10); + str_append_c(client->common.forward_fields, '='); + str_append_tabescaped(client->common.forward_fields, value); } else { return FALSE; } @@ -209,7 +220,8 @@ client_update_info(struct imap_client *client, static bool client_id_reserved_word(const char *key) { i_assert(key != NULL); - return str_array_icase_find(imap_login_reserved_id_keys, key); + return (strncasecmp(key, "x-forward-", 10) == 0 || + str_array_icase_find(imap_login_reserved_id_keys, key)); } static void cmd_id_handle_keyvalue(struct imap_client *client, diff --git a/src/imap-login/imap-proxy.c b/src/imap-login/imap-proxy.c index eddc7260fb..5e6820166c 100644 --- a/src/imap-login/imap-proxy.c +++ b/src/imap-login/imap-proxy.c @@ -40,13 +40,30 @@ static void proxy_write_id(struct imap_client *client, string_t *str) "\"x-originating-port\" \"%u\" " "\"x-connected-ip\" \"%s\" " "\"x-connected-port\" \"%u\" " - "\"x-proxy-ttl\" \"%u\")\r\n", + "\"x-proxy-ttl\" \"%u\"", client_get_session_id(&client->common), net_ip2addr(&client->common.ip), client->common.remote_port, net_ip2addr(&client->common.local_ip), client->common.local_port, client->common.proxy_ttl - 1); + + /* append any forward_ variables to request */ + for(const char *const *ptr = client->common.auth_passdb_args; *ptr != NULL; ptr++) { + if (strncasecmp(*ptr, "forward_", 8) == 0) { + str_append_c(str, ' '); + const char *key = t_strconcat("x-forward-", + t_strcut((*ptr)+8, '='), + NULL); + const char *val = i_strchr_to_next(*ptr, '='); + str_append_c(str, ' '); + imap_append_string(str, key); + str_append_c(str, ' '); + imap_append_nstring(str, val); + } + } + + str_append(str, ")\r\n"); } static void proxy_free_password(struct client *client) diff --git a/src/login-common/client-common-auth.c b/src/login-common/client-common-auth.c index 07bc1b71c7..d5e9bc52e3 100644 --- a/src/login-common/client-common-auth.c +++ b/src/login-common/client-common-auth.c @@ -213,6 +213,8 @@ static void client_auth_parse_args(struct client *client, bool success, alt_username_set(&alt_usernames, client->pool, key, value); } + } else if (strncmp(key, "forward_", 8) == 0) { + /* these are passed to upstream */ } else if (client->set->auth_debug) i_debug("Ignoring unknown passdb extra field: %s", key); }