lib-master: master-auth: Pass more information about the user connection to the backe...

Adds remote and local ports and security information about the connection.
This changes the master-auth protocol incompatibly, so the major version is updated.

diff --git a/src/lib-master/master-auth.h b/src/lib-master/master-auth.h
index 91b63550a10e193406273ad1ee6bdbf3c5e43877..59db83977bc7624941873d8b7176e3c19481a747 100644 (file)
--- a/src/lib-master/master-auth.h
+++ b/src/lib-master/master-auth.h
@@ -25,7 +25,11 @@ struct master_service;
 
 enum mail_auth_request_flags {
        /* Connection has TLS compression enabled */
-       MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION  = 0x01
+       MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION  = BIT(0),
+       /* Connection is secure (SSL or just trusted) */
+       MAIL_AUTH_REQUEST_FLAG_CONN_SECURED = BIT(1),
+       /* Connection is secured using SSL specifically */
+       MAIL_AUTH_REQUEST_FLAG_CONN_SSL_SECURED = BIT(2),
 };
 
 /* Authentication request. File descriptor may be sent along with the
@@ -40,9 +44,10 @@ struct master_auth_request {
        unsigned int client_pid;
        uint8_t cookie[MASTER_AUTH_COOKIE_SIZE];
 
-       /* Local and remote IPs of the connection. The file descriptor
+       /* Properties of the connection. The file descriptor
           itself may be a local socketpair. */
        struct ip_addr local_ip, remote_ip;
+       in_port_t local_port, remote_port;
 
        uint32_t flags;
 

diff --git a/src/login-common/sasl-server.c b/src/login-common/sasl-server.c
index c74a2280b8291f4595d9e71ccceb01cd3e218242..9d8b418578b4ce9eb1ffb24f3746f55c00b98394 100644 (file)
--- a/src/login-common/sasl-server.c
+++ b/src/login-common/sasl-server.c
@@ -135,10 +135,16 @@ static int master_send_request(struct anvil_request *anvil_request)
        req.auth_id = anvil_request->auth_id;
        req.local_ip = client->local_ip;
        req.remote_ip = client->ip;
+       req.local_port = client->local_port;
+       req.remote_port = client->remote_port;
        req.client_pid = getpid();
        if (client->ssl_iostream != NULL &&
            ssl_iostream_get_compression(client->ssl_iostream) != NULL)
                req.flags |= MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION;
+       if (client->secured)
+               req.flags |= MAIL_AUTH_REQUEST_FLAG_CONN_SECURED;
+       if (client->ssl_secured)
+               req.flags |= MAIL_AUTH_REQUEST_FLAG_CONN_SSL_SECURED;
        memcpy(req.cookie, anvil_request->cookie, sizeof(req.cookie));
 
        buf = t_buffer_create(256);