login-common: Rename client.trusted to connection_trusted

author Timo Sirainen <timo.sirainen@open-xchange.com>

Thu, 3 Nov 2022 17:18:03 +0000 (19:18 +0200)

committer aki.tuomi <aki.tuomi@open-xchange.com>

Wed, 16 Nov 2022 08:09:54 +0000 (08:09 +0000)
author Timo Sirainen <timo.sirainen@open-xchange.com>
Thu, 3 Nov 2022 17:18:03 +0000 (19:18 +0200)
committer aki.tuomi <aki.tuomi@open-xchange.com>
Wed, 16 Nov 2022 08:09:54 +0000 (08:09 +0000)
diff --git a/src/imap-login/imap-login-cmd-id.c b/src/imap-login/imap-login-cmd-id.c

index 443b90d071b5dc498c257754c2968221bd992782..9a0aa95dd90169751e4d4ace002e4077921dedfe 100644 (file)
--- a/src/imap-login/imap-login-cmd-id.c
+++ b/src/imap-login/imap-login-cmd-id.c
@@ -112,7 +112,8 @@ client_try_update_info(struct imap_client *client,
  
         /* do not try to process NIL values as client-info,
            but store them for non-reserved keys */
-       if (client->common.trusted && !client->id_logged && value != NULL)
+       if (client->common.connection_trusted &&
+           !client->id_logged && value != NULL)
                 handler->callback(client, key, value);
         return TRUE;
  }
@@ -211,7 +212,7 @@ static void cmd_id_finish(struct imap_client *client)
                 t_strdup_printf("* ID %s\r\n",
                         imap_id_reply_generate(client->set->imap_id_send)));
         const char *msg = "ID completed.";
-       if (client->common.trusted)
+       if (client->common.connection_trusted)
                 msg = "Trusted ID completed.";
         client_send_reply(&client->common, IMAP_CMD_REPLY_OK, msg);
  }
diff --git a/src/login-common/client-common.c b/src/login-common/client-common.c

index 92ce7ed4344a3ded9d6d9c225d2c1b117b0e1874..33de97c4cb71a54beba54bca401616f2b85d6ab0 100644 (file)
--- a/src/login-common/client-common.c
+++ b/src/login-common/client-common.c
@@ -214,16 +214,17 @@ client_alloc(int fd, pool_t pool,
         event_add_str(client->event, "service", login_binary->protocol);
         event_set_log_message_callback(client->event, client_log_msg_callback,
                                        client);
-       client->trusted = client_is_trusted(client);
+       client->connection_trusted = client_is_trusted(client);
  
         if (conn->haproxied) {
                 client->haproxy_terminated_tls = conn->haproxy.ssl;
-               client->connection_secured = conn->haproxy.ssl || client->trusted;
+               client->connection_secured = conn->haproxy.ssl ||
+                       client->connection_trusted;
                 client->end_client_tls_secured = conn->haproxy.ssl;
                 client->local_name = conn->haproxy.hostname;
                 client->client_cert_common_name = conn->haproxy.cert_common_name;
         } else {
-               client->connection_secured = client->trusted ||
+               client->connection_secured = client->connection_trusted ||
                         net_ip_compare(&conn->real_remote_ip, &conn->real_local_ip);
         }
         client->proxy_ttl = LOGIN_PROXY_TTL;
diff --git a/src/login-common/client-common.h b/src/login-common/client-common.h

index f546671fcf33463fba3fdf2eada5ca072c49e999..8c0bfa46b9ddac4ce7707d8625c7afe0e01ab7ba 100644 (file)
--- a/src/login-common/client-common.h
+++ b/src/login-common/client-common.h
@@ -247,7 +247,10 @@ struct client {
            TLS secured, not whether the original client connection is TLS
            secured. */
         bool end_client_tls_secured:1;
-       bool trusted:1;
+       /* Connection is from a trusted client/proxy, which is allowed to e.g.
+          forward the original client IP address. Note that a trusted
+          connection is not necessarily considered secured. */
+       bool connection_trusted:1;
         bool ssl_servername_settings_read:1;
         bool banner_sent:1;
         bool authenticating:1;
diff --git a/src/pop3-login/client.c b/src/pop3-login/client.c

index 1148e7fcc3a9f4c7b691ea9bbbfe1504dd9ca810..26d0250bd0adb7e0878a931ed43797e71922f7c5 100644 (file)
--- a/src/pop3-login/client.c
+++ b/src/pop3-login/client.c
@@ -44,7 +44,7 @@ static bool cmd_xclient(struct pop3_client *client, const char *args)
         in_port_t remote_port;
         bool args_ok = TRUE;
  
-       if (!client->common.trusted) {
+       if (!client->common.connection_trusted) {
                 client_send_reply(&client->common, POP3_CMD_REPLY_OK,
                                   "You are not from trusted IP - ignoring");
                 return TRUE;
@@ -251,7 +251,7 @@ static void pop3_client_notify_auth_ready(struct client *client)
         client->io = io_add_istream(client->input, client_input, client);
  
         str = t_str_new(128);
-       if (client->trusted) {
+       if (client->connection_trusted) {
                 /* Dovecot extension to avoid extra roundtrip for CAPA */
                 str_append(str, "[XCLIENT] ");
         }
diff --git a/src/submission-login/client.c b/src/submission-login/client.c

index baf3226a023a7d031ef364bb576d319b139d2366..d2d02c71727077c2c7271f3c81a33543ed43e27e 100644 (file)
--- a/src/submission-login/client.c
+++ b/src/submission-login/client.c
@@ -225,7 +225,7 @@ static bool client_connection_is_trusted(void *context)
  {
         struct submission_client *client = context;
  
-       return client->common.trusted;
+       return client->common.connection_trusted;
  }
  
  static void submission_login_die(void)
author	Timo Sirainen <timo.sirainen@open-xchange.com>
	Thu, 3 Nov 2022 17:18:03 +0000 (19:18 +0200)
committer	aki.tuomi <aki.tuomi@open-xchange.com>
	Wed, 16 Nov 2022 08:09:54 +0000 (08:09 +0000)
src/imap-login/imap-login-cmd-id.c		patch \| blob \| blame \| history
src/login-common/client-common.c		patch \| blob \| blame \| history
src/login-common/client-common.h		patch \| blob \| blame \| history
src/pop3-login/client.c		patch \| blob \| blame \| history
src/submission-login/client.c		patch \| blob \| blame \| history