auth: Fail authentication if certificate username was unexpectedly missing

author Aki Tuomi <aki.tuomi@open-xchange.com>

Mon, 21 Jan 2019 08:54:06 +0000 (10:54 +0200)

committer Ville Savolainen <ville.savolainen@dovecot.fi>

Fri, 25 Jan 2019 11:00:55 +0000 (13:00 +0200)
author Aki Tuomi <aki.tuomi@open-xchange.com>
Mon, 21 Jan 2019 08:54:06 +0000 (10:54 +0200)
committer Ville Savolainen <ville.savolainen@dovecot.fi>
Fri, 25 Jan 2019 11:00:55 +0000 (13:00 +0200)
diff --git a/src/auth/auth-request-handler.c b/src/auth/auth-request-handler.c

index 617dc1883d884a58e876af4cb1c4f1e48158cbef..3044e94f915c3394b6e10ca170ca9bbe18ad6dd7 100644 (file)
--- a/src/auth/auth-request-handler.c
+++ b/src/auth/auth-request-handler.c
@@ -560,6 +560,14 @@ bool auth_request_handler_auth_begin(struct auth_request_handler *handler,
                 return TRUE;
         }
  
+       if (request->set->ssl_require_client_cert &&
+           request->set->ssl_username_from_cert &&
+           !request->cert_username) {
+                auth_request_handler_auth_fail(handler, request,
+                       "SSL certificate didn't contain username");
+               return TRUE;
+       }
+
         /* Empty initial response is a "=" base64 string. Completely empty
            string shouldn't really be sent, but at least Exim does it,
            so just allow it for backwards compatibility.. */
author	Aki Tuomi <aki.tuomi@open-xchange.com>
	Mon, 21 Jan 2019 08:54:06 +0000 (10:54 +0200)
committer	Ville Savolainen <ville.savolainen@dovecot.fi>
	Fri, 25 Jan 2019 11:00:55 +0000 (13:00 +0200)