Commit 185780fd authored by Nigel Kukard's avatar Nigel Kukard
Browse files

* Fixed the [a.b.c.d] policy member for peer address specification

parent 6398db90
......@@ -317,20 +317,23 @@ sub policySourceItemMatches
$server->log(LOG_DEBUG,"[POLICIES] $debugTxt: - Resolved source '$item' to a IP/CIDR specification, match = $res") if ($log);
# Match peer IP (the server requesting the policy)
} elsif ($item =~ /^\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(?:\/\d{1,2})?\]$/) {
} elsif ($item =~ /^\[(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(?:\/\d{1,2})?)\]$/) {
# We don't want the [ and ]
my $cleanItem = $1;
# Check if peer is actually defined
if (defined($sessionData->{'_protocol_peeraddr'})) {
if (defined($sessionData->{'PeerAddress'})) {
# Check if its in a supported format
if ($sessionData->{'_protocol_peeraddr'} =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/) {
$res = ipMatches($sessionData->{'_protocol_peeraddr'},$item);
if ($sessionData->{'PeerAddress'} =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/) {
$res = ipMatches($sessionData->{'PeerAddress'},$cleanItem);
$server->log(LOG_DEBUG,"[POLICIES] $debugTxt: - Resolved source '$item' to a PEER IP/CIDR specification, match = $res") if ($log);
# If unsupported...
} else {
$server->log(LOG_DEBUG,"[POLICIES] $debugTxt: - Resolved source '$item' to a PEER IP/CIDR specification, but peeraddr '".$sessionData->{'_protocol_peeraddr'}."' is not yet supported") if ($log);
$server->log(LOG_DEBUG,"[POLICIES] $debugTxt: - Resolved source '$item' to a PEER IP/CIDR specification, but peeraddr '".$sessionData->{'PeerAddress'}."' is not yet supported") if ($log);
}
# If undefined...
} else {
$server->log(LOG_DEBUG,"[POLICIES] $debugTxt: - Resolved source '$item' to a PEER IP/CIDR specification, but peeraddr '".$sessionData->{'_protocol_peeraddr'}."' is not defined??") if ($log);
$server->log(LOG_DEBUG,"[POLICIES] $debugTxt: - Resolved source '$item' to a PEER IP/CIDR specification, but PeerAddress is not defined??") if ($log);
}
# Match SASL user, must be above email addy to match SASL usernames in the same format as email addies
......
......@@ -135,7 +135,6 @@ sub protocol_parse {
$res{'protocol_state'} = "RCPT" if (!defined($res{'protocol_state'}));
$res{'_protocol_transport'} = "HTTP";
$res{'_protocol_peeraddr'} = $serverInstance->{'peeraddr'};
return \%res;
}
......
......@@ -115,7 +115,6 @@ sub protocol_parse {
}
$res{'_protocol_transport'} = "Postfix";
$res{'_protocol_peeraddr'} = $serverInstance->{'peeraddr'};
return \%res;
}
......
......@@ -215,6 +215,9 @@ sub getSessionDataFromRequest
$sessionData->{'Size'} = $request->{'size'};
$sessionData->{'RecipientData'} = "";
}
# Requesting server address, we need this before the policy call
$sessionData->{'PeerAddress'} = $request->{'_peer_address'};
# If we in rcpt, caclulate and save policy
if ($request->{'protocol_state'} eq 'RCPT') {
......@@ -250,6 +253,9 @@ sub getSessionDataFromRequest
# Check for HTTP protocol transport
} elsif ($request->{'_protocol_transport'} eq "HTTP") {
# Requesting server address, we need this before the policy call
$sessionData->{'PeerAddress'} = $request->{'_peer_address'};
$sessionData->{'ClientAddress'} = $request->{'client_address'};
$sessionData->{'ClientReverseName'} = $request->{'client_reverse_name'} if (defined($request->{'client_reverse_name'}));
$sessionData->{'Helo'} = $request->{'helo_name'} if (defined($request->{'helo_name'}));
......
......@@ -435,6 +435,7 @@ sub process_request {
$request->{'sasl_username'} = lc($request->{'sasl_username'}) if (defined($request->{'sasl_username'}));
# Internal data
$request->{'_peer_address'} = $server->{'peeraddr'};
$request->{'_timestamp'} = time();
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment