login: ssl_require_client_cert and ssl_username_from_cert settings should have had...

The actual functionality was provided by the auth_* settings, but with these
duplicated settings login process didn't give as good error messages.

diff --git a/src/login-common/client-common.c b/src/login-common/client-common.c
index 9979efa022b028d7e7baf3b0a280a8fc5f9de3fa..418668e11f408f29fa5ddb9a7c9290fe159e173c 100644 (file)
--- a/src/login-common/client-common.c
+++ b/src/login-common/client-common.c
@@ -497,7 +497,8 @@ bool client_is_trusted(struct client *client)
 
 const char *client_get_extra_disconnect_reason(struct client *client)
 {
-       if (client->set->ssl_require_client_cert && client->ssl_proxy != NULL) {
+       if (client->set->auth_ssl_require_client_cert &&
+           client->ssl_proxy != NULL) {
                if (ssl_proxy_has_broken_client_cert(client->ssl_proxy))
                        return "(client sent an invalid cert)";
                if (!ssl_proxy_has_valid_client_cert(client->ssl_proxy))
@@ -510,7 +511,7 @@ const char *client_get_extra_disconnect_reason(struct client *client)
        /* some auth attempts without SSL/TLS */
        if (client->auth_tried_disabled_plaintext)
                return "(tried to use disabled plaintext auth)";
-       if (client->set->ssl_require_client_cert)
+       if (client->set->auth_ssl_require_client_cert)
                return "(cert required, client didn't start TLS)";
        if (client->auth_tried_unsupported_mech)
                return "(tried to use unsupported auth mechanism)";

diff --git a/src/login-common/login-settings.c b/src/login-common/login-settings.c
index a2d3a04c5ab980a7a118ad135129d85120504d0d..a4dea5fda727e884eef764fab51d52c0b788f007 100644 (file)
--- a/src/login-common/login-settings.c
+++ b/src/login-common/login-settings.c
@@ -34,8 +34,8 @@ static const struct setting_define login_setting_defines[] = {
        DEF(SET_STR, ssl_cipher_list),
        DEF(SET_STR, ssl_cert_username_field),
        DEF(SET_BOOL, ssl_verify_client_cert),
-       DEF(SET_BOOL, ssl_require_client_cert),
-       DEF(SET_BOOL, ssl_username_from_cert),
+       DEF(SET_BOOL, auth_ssl_require_client_cert),
+       DEF(SET_BOOL, auth_ssl_username_from_cert),
        DEF(SET_BOOL, verbose_ssl),
 
        DEF(SET_BOOL, disable_plaintext_auth),
@@ -64,8 +64,8 @@ static const struct login_settings login_default_settings = {
        .ssl_cipher_list = "ALL:!LOW:!SSLv2:!EXP:!aNULL",
        .ssl_cert_username_field = "commonName",
        .ssl_verify_client_cert = FALSE,
-       .ssl_require_client_cert = FALSE,
-       .ssl_username_from_cert = FALSE,
+       .auth_ssl_require_client_cert = FALSE,
+       .auth_ssl_username_from_cert = FALSE,
        .verbose_ssl = FALSE,
 
        .disable_plaintext_auth = TRUE,
@@ -131,7 +131,8 @@ static bool login_settings_check(void *_set, pool_t pool, const char **error_r)
        set->log_format_elements_split =
                p_strsplit(pool, set->login_log_format_elements, " ");
 
-       if (set->ssl_require_client_cert || set->ssl_username_from_cert) {
+       if (set->auth_ssl_require_client_cert ||
+           set->auth_ssl_username_from_cert) {
                /* if we require valid cert, make sure we also ask for it */
                set->ssl_verify_client_cert = TRUE;
        }

diff --git a/src/login-common/login-settings.h b/src/login-common/login-settings.h
index 486bdd285bf08c9b68d454207efaff48fb890456..62a418f771f76fa854a8f630185c3f28f515d4a9 100644 (file)
--- a/src/login-common/login-settings.h
+++ b/src/login-common/login-settings.h
@@ -16,8 +16,8 @@ struct login_settings {
        const char *ssl_cipher_list;
        const char *ssl_cert_username_field;
        bool ssl_verify_client_cert;
-       bool ssl_require_client_cert;
-       bool ssl_username_from_cert;
+       bool auth_ssl_require_client_cert;
+       bool auth_ssl_username_from_cert;
        bool verbose_ssl;
 
        bool disable_plaintext_auth;