auth: auth-mech-connection - Do not announce channel binding mechanisms for minor...

author Stephan Bosch <stephan.bosch@open-xchange.com>

Wed, 8 Nov 2023 03:15:03 +0000 (04:15 +0100)

committer Aki Tuomi <aki.tuomi@open-xchange.com>

Wed, 12 Feb 2025 10:34:16 +0000 (12:34 +0200)
author Stephan Bosch <stephan.bosch@open-xchange.com>
Wed, 8 Nov 2023 03:15:03 +0000 (04:15 +0100)
committer Aki Tuomi <aki.tuomi@open-xchange.com>
Wed, 12 Feb 2025 10:34:16 +0000 (12:34 +0200)
diff --git a/src/auth/auth-client-connection.c b/src/auth/auth-client-connection.c

index 49fdac43dc70e8195022252e177e7ba3a0c69867..b328634830341388a1c88878f6cc3f94fa2b9c0c 100644 (file)
--- a/src/auth/auth-client-connection.c
+++ b/src/auth/auth-client-connection.c
@@ -185,7 +185,7 @@ auth_client_cancel(struct auth_client_connection *conn, const char *const *args)
  
  static void auth_client_finish_handshake(struct auth_client_connection *conn)
  {
-       const char *mechanisms;
+       const char *mechanisms, *mechanisms_cbind = "";
         string_t *str;
  
         if (conn->token_auth) {
@@ -193,11 +193,15 @@ static void auth_client_finish_handshake(struct auth_client_connection *conn)
                         mech_dovecot_token.mech_name, "\tprivate\n", NULL);
         } else {
                 mechanisms = str_c(conn->auth->reg->handshake);
+               if (conn->conn.minor_version >= 3) {
+                       mechanisms_cbind =
+                               str_c(conn->auth->reg->handshake_cbind);
+               }
         }
  
         str = t_str_new(128);
-       str_printfa(str, "%sSPID\t%s\nCUID\t%u\nCOOKIE\t",
-                   mechanisms, my_pid, conn->connect_uid);
+       str_printfa(str, "%s%sSPID\t%s\nCUID\t%u\nCOOKIE\t",
+                   mechanisms, mechanisms_cbind, my_pid, conn->connect_uid);
         binary_to_hex_append(str, conn->cookie, sizeof(conn->cookie));
         str_append(str, "\nDONE\n");
  
diff --git a/src/auth/mech.c b/src/auth/mech.c

index aff631945d7ef846ebc848361b21efe6d2f1e691..67e6df2dd61b522c8c8d2fb0202a53b38f31e2a3 100644 (file)
--- a/src/auth/mech.c
+++ b/src/auth/mech.c
@@ -90,28 +90,34 @@ static void mech_register_add(struct mechanisms_register *reg,
                               const struct mech_module *mech)
  {
         struct mech_module_list *list;
+       string_t *handshake;
  
         list = p_new(reg->pool, struct mech_module_list, 1);
         list->module = *mech;
  
-       str_printfa(reg->handshake, "MECH\t%s", mech->mech_name);
+       if ((mech->flags & MECH_SEC_CHANNEL_BINDING) != 0)
+               handshake = reg->handshake_cbind;
+       else
+               handshake = reg->handshake;
+
+       str_printfa(handshake, "MECH\t%s", mech->mech_name);
         if ((mech->flags & MECH_SEC_PRIVATE) != 0)
-               str_append(reg->handshake, "\tprivate");
+               str_append(handshake, "\tprivate");
         if ((mech->flags & MECH_SEC_ANONYMOUS) != 0)
-               str_append(reg->handshake, "\tanonymous");
+               str_append(handshake, "\tanonymous");
         if ((mech->flags & MECH_SEC_PLAINTEXT) != 0)
-               str_append(reg->handshake, "\tplaintext");
+               str_append(handshake, "\tplaintext");
         if ((mech->flags & MECH_SEC_DICTIONARY) != 0)
-               str_append(reg->handshake, "\tdictionary");
+               str_append(handshake, "\tdictionary");
         if ((mech->flags & MECH_SEC_ACTIVE) != 0)
-               str_append(reg->handshake, "\tactive");
+               str_append(handshake, "\tactive");
         if ((mech->flags & MECH_SEC_FORWARD_SECRECY) != 0)
-               str_append(reg->handshake, "\tforward-secrecy");
+               str_append(handshake, "\tforward-secrecy");
         if ((mech->flags & MECH_SEC_MUTUAL_AUTH) != 0)
-               str_append(reg->handshake, "\tmutual-auth");
+               str_append(handshake, "\tmutual-auth");
         if ((mech->flags & MECH_SEC_CHANNEL_BINDING) != 0)
-               str_append(reg->handshake, "\tchannel-binding");
-       str_append_c(reg->handshake, '\n');
+               str_append(handshake, "\tchannel-binding");
+       str_append_c(handshake, '\n');
  
         list->next = reg->modules;
         reg->modules = list;
@@ -144,6 +150,7 @@ mech_register_init(const struct auth_settings *set)
         reg->pool = pool;
         reg->set = set;
         reg->handshake = str_new(pool, 512);
+       reg->handshake_cbind = str_new(pool, 256);
  
         if (!array_is_created(&set->mechanisms) ||
             array_is_empty(&set->mechanisms))
diff --git a/src/auth/mech.h b/src/auth/mech.h

index 885d8e027ca1880a90356fe8e3170bc722ec1e3a..905d9e08575a1b4ecaf383add50e3f295701b3c9 100644 (file)
--- a/src/auth/mech.h
+++ b/src/auth/mech.h
@@ -53,6 +53,7 @@ struct mechanisms_register {
  
         struct mech_module_list *modules;
         buffer_t *handshake;
+       buffer_t *handshake_cbind;
  };
  
  extern const struct mech_module mech_dovecot_token;
author	Stephan Bosch <stephan.bosch@open-xchange.com>
	Wed, 8 Nov 2023 03:15:03 +0000 (04:15 +0100)
committer	Aki Tuomi <aki.tuomi@open-xchange.com>
	Wed, 12 Feb 2025 10:34:16 +0000 (12:34 +0200)
src/auth/auth-client-connection.c		patch \| blob \| blame \| history
src/auth/mech.c		patch \| blob \| blame \| history
src/auth/mech.h		patch \| blob \| blame \| history