From: Stephan Bosch Date: Wed, 8 Nov 2023 03:25:31 +0000 (+0100) Subject: auth: mech - Add channel binding mechanism security flag X-Git-Tag: 2.4.0~28 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=af3b1b55212226b33c53f777523d9ba4752682fb;p=thirdparty%2Fdovecot%2Fcore.git auth: mech - Add channel binding mechanism security flag --- diff --git a/src/auth/mech.c b/src/auth/mech.c index aa0c300661..aff631945d 100644 --- a/src/auth/mech.c +++ b/src/auth/mech.c @@ -109,6 +109,8 @@ static void mech_register_add(struct mechanisms_register *reg, str_append(reg->handshake, "\tforward-secrecy"); if ((mech->flags & MECH_SEC_MUTUAL_AUTH) != 0) str_append(reg->handshake, "\tmutual-auth"); + if ((mech->flags & MECH_SEC_CHANNEL_BINDING) != 0) + str_append(reg->handshake, "\tchannel-binding"); str_append_c(reg->handshake, '\n'); list->next = reg->modules; diff --git a/src/lib-auth-client/auth-client-connection.c b/src/lib-auth-client/auth-client-connection.c index 966e282488..886dd3df91 100644 --- a/src/lib-auth-client/auth-client-connection.c +++ b/src/lib-auth-client/auth-client-connection.c @@ -91,6 +91,8 @@ auth_server_input_mech(struct auth_client_connection *conn, mech_desc.flags |= MECH_SEC_FORWARD_SECRECY; else if (strcmp(*args, "mutual-auth") == 0) mech_desc.flags |= MECH_SEC_MUTUAL_AUTH; + else if (strcmp(*args, "channel-binding") == 0) + mech_desc.flags |= MECH_SEC_CHANNEL_BINDING; } array_push_back(&conn->available_auth_mechs, &mech_desc); return 0; diff --git a/src/lib-auth-client/auth-client-interface.h b/src/lib-auth-client/auth-client-interface.h index f70562975f..5e22e0805f 100644 --- a/src/lib-auth-client/auth-client-interface.h +++ b/src/lib-auth-client/auth-client-interface.h @@ -26,6 +26,8 @@ enum mech_security_flags { MECH_SEC_MUTUAL_AUTH = 0x0040, /* Allow NULs in input data */ MECH_SEC_ALLOW_NULS = 0x0080, + /* Requires channel binding */ + MECH_SEC_CHANNEL_BINDING = 0x0100, }; /* auth failure codes */