From: Aki Tuomi <aki.tuomi@dovecot.fi>
Date: Fri, 1 Dec 2017 11:16:07 +0000 (+0200)
Subject: lib-auth: Add AUTH_REQUEST_FLAG_TLS
X-Git-Tag: 2.3.1~30
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3dffa06b43f476d3702655e21f1e60000dd40b36;p=thirdparty%2Fdovecot%2Fcore.git

lib-auth: Add AUTH_REQUEST_FLAG_TLS

Indicates whether connection is over TLS encryption.
---

diff --git a/src/lib-auth/auth-client-request.c b/src/lib-auth/auth-client-request.c
index 47458bf658..40640d63f5 100644
--- a/src/lib-auth/auth-client-request.c
+++ b/src/lib-auth/auth-client-request.c
@@ -34,8 +34,13 @@ static void auth_server_send_new_request(struct auth_server_connection *conn,
 
 	if ((info->flags & AUTH_REQUEST_FLAG_SUPPORT_FINAL_RESP) != 0)
 		str_append(str, "\tfinal-resp-ok");
-	if ((info->flags & AUTH_REQUEST_FLAG_SECURED) != 0)
+	if ((info->flags & AUTH_REQUEST_FLAG_SECURED) != 0) {
 		str_append(str, "\tsecured");
+		if ((info->flags & AUTH_REQUEST_FLAG_TRANSPORT_SECURITY_TLS) != 0)
+			str_append(str, "=tls");
+	} else {
+		i_assert((info->flags & AUTH_REQUEST_FLAG_TRANSPORT_SECURITY_TLS) == 0);
+	}
 	if ((info->flags & AUTH_REQUEST_FLAG_NO_PENALTY) != 0)
 		str_append(str, "\tno-penalty");
 	if ((info->flags & AUTH_REQUEST_FLAG_VALID_CLIENT_CERT) != 0)
diff --git a/src/lib-auth/auth-client.h b/src/lib-auth/auth-client.h
index dba7a2cfe0..99bc604210 100644
--- a/src/lib-auth/auth-client.h
+++ b/src/lib-auth/auth-client.h
@@ -15,7 +15,9 @@ enum auth_request_flags {
 	/* Support final SASL response */
 	AUTH_REQUEST_FLAG_SUPPORT_FINAL_RESP	= 0x08,
 	/* Enable auth_debug=yes logging for this request */
-	AUTH_REQUEST_FLAG_DEBUG			= 0x10
+	AUTH_REQUEST_FLAG_DEBUG			= 0x10,
+	/* If TLS was used */
+	AUTH_REQUEST_FLAG_TRANSPORT_SECURITY_TLS = 0x20,
 };
 
 enum auth_request_status {