]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
projects / thirdparty / dovecot / core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 040863c)
auth: mech - Add channel binding mechanism security flag
authorStephan Bosch <stephan.bosch@open-xchange.com>
Wed, 8 Nov 2023 03:25:31 +0000 (04:25 +0100)
committerStephan Bosch <stephan.bosch@open-xchange.com>
Fri, 17 Jan 2025 17:36:39 +0000 (18:36 +0100)
src/auth/mech.c patch | blob | blame | history
src/lib-auth-client/auth-client-connection.c patch | blob | blame | history
src/lib-auth-client/auth-client-interface.h patch | blob | blame | history

diff --git a/src/auth/mech.c b/src/auth/mech.c
index aa0c300661f5e363fa55bfa3f9f2fe2ab1d60d82..aff631945d7ef846ebc848361b21efe6d2f1e691 100644 (file)
--- a/src/auth/mech.c
+++ b/src/auth/mech.c
@@ -109,6 +109,8 @@ static void mech_register_add(struct mechanisms_register *reg,
                str_append(reg->handshake, "\tforward-secrecy");
        if ((mech->flags & MECH_SEC_MUTUAL_AUTH) != 0)
                str_append(reg->handshake, "\tmutual-auth");
+       if ((mech->flags & MECH_SEC_CHANNEL_BINDING) != 0)
+               str_append(reg->handshake, "\tchannel-binding");
        str_append_c(reg->handshake, '\n');
 
        list->next = reg->modules;
diff --git a/src/lib-auth-client/auth-client-connection.c b/src/lib-auth-client/auth-client-connection.c
index 966e2824886766d34025a198ac61f6aed8c7b13f..886dd3df91a60c6098e510f6cd8f4d99f76e1908 100644 (file)
--- a/src/lib-auth-client/auth-client-connection.c
+++ b/src/lib-auth-client/auth-client-connection.c
@@ -91,6 +91,8 @@ auth_server_input_mech(struct auth_client_connection *conn,
                        mech_desc.flags |= MECH_SEC_FORWARD_SECRECY;
                else if (strcmp(*args, "mutual-auth") == 0)
                        mech_desc.flags |= MECH_SEC_MUTUAL_AUTH;
+               else if (strcmp(*args, "channel-binding") == 0)
+                       mech_desc.flags |= MECH_SEC_CHANNEL_BINDING;
        }
        array_push_back(&conn->available_auth_mechs, &mech_desc);
        return 0;
diff --git a/src/lib-auth-client/auth-client-interface.h b/src/lib-auth-client/auth-client-interface.h
index f70562975f5df558b94c1b5721fe0b6b90e4ccb1..5e22e0805f6d0aa82be6cf05843ebefea24d5f59 100644 (file)
--- a/src/lib-auth-client/auth-client-interface.h
+++ b/src/lib-auth-client/auth-client-interface.h
@@ -26,6 +26,8 @@ enum mech_security_flags {
        MECH_SEC_MUTUAL_AUTH            = 0x0040,
        /* Allow NULs in input data */
        MECH_SEC_ALLOW_NULS             = 0x0080,
+       /* Requires channel binding */
+       MECH_SEC_CHANNEL_BINDING        = 0x0100,
 };
 
 /* auth failure codes */
Mirror of https://github.com/dovecot/core.git