lib-auth: Rename AUTH_REQUEST_FLAG_SECURED to AUTH_REQUEST_FLAG_CONN_SECURED

diff --git a/src/lib-auth/auth-client-request.c b/src/lib-auth/auth-client-request.c
index 41151133b64fe386a8cfb35ff748d68fe72a2c0f..9b931ecd7ff26ca85f359a495ad2241f731d5fd7 100644 (file)
--- a/src/lib-auth/auth-client-request.c
+++ b/src/lib-auth/auth-client-request.c
@@ -24,7 +24,7 @@ static void auth_server_send_new_request(struct auth_client_connection *conn,
 
        if ((info->flags & AUTH_REQUEST_FLAG_SUPPORT_FINAL_RESP) != 0)
                str_append(str, "\tfinal-resp-ok");
-       if ((info->flags & AUTH_REQUEST_FLAG_SECURED) != 0) {
+       if ((info->flags & AUTH_REQUEST_FLAG_CONN_SECURED) != 0) {
                str_append(str, "\tsecured");
                if ((info->flags & AUTH_REQUEST_FLAG_TRANSPORT_SECURITY_TLS) != 0) {
                        str_append(str, "=tls");

diff --git a/src/lib-auth/auth-client.h b/src/lib-auth/auth-client.h
index 1528f402858680e2408e6d84eeaa76d876b7ff96..012041ddc2990be7402995fdb77a2a85d03e67ce 100644 (file)
--- a/src/lib-auth/auth-client.h
+++ b/src/lib-auth/auth-client.h
@@ -8,7 +8,12 @@ struct auth_client;
 struct auth_client_request;
 
 enum auth_request_flags {
-       AUTH_REQUEST_FLAG_SECURED               = 0x01,
+       /* Connection from the previous hop (client, proxy, haproxy) is
+          considered secured. Either because TLS is used, or because the
+          connection is otherwise considered not to need TLS. Note that this
+          doesn't necessarily mean that the client connection behind the
+          previous hop is secured. */
+       AUTH_REQUEST_FLAG_CONN_SECURED          = 0x01,
        AUTH_REQUEST_FLAG_VALID_CLIENT_CERT     = 0x02,
        /* Skip penalty checks for this request */
        AUTH_REQUEST_FLAG_NO_PENALTY            = 0x04,

diff --git a/src/lib-auth/test-auth-client.c b/src/lib-auth/test-auth-client.c
index 43be9650c27d0a9e131cfe2e580dff98eba76a6e..47dd756fe66532d5e21188dd013b5a331825f56b 100644 (file)
--- a/src/lib-auth/test-auth-client.c
+++ b/src/lib-auth/test-auth-client.c
@@ -1003,7 +1003,7 @@ test_client_auth_parallel(const char *mech, const char *username,
        info.mech = mech;
        info.service = "test";
        info.session_id = "23423dfd243daaa223";
-       info.flags = AUTH_REQUEST_FLAG_SECURED;
+       info.flags = AUTH_REQUEST_FLAG_CONN_SECURED;
 
        (void)net_addr2ip("10.0.0.15", &info.local_ip);
        info.local_port = 143;

diff --git a/src/login-common/sasl-server.c b/src/login-common/sasl-server.c
index 4e98547620eac8ad4f52731d675d29c660e5903e..d1192829037861c6a1a79d04a115e2a97dd2a0c9 100644 (file)
--- a/src/login-common/sasl-server.c
+++ b/src/login-common/sasl-server.c
@@ -109,7 +109,7 @@ client_get_auth_flags(struct client *client)
        if (client->connection_tls_secured || client->haproxy_terminated_tls)
                auth_flags |= AUTH_REQUEST_FLAG_TRANSPORT_SECURITY_TLS;
        if (client->connection_secured)
-               auth_flags |= AUTH_REQUEST_FLAG_SECURED;
+               auth_flags |= AUTH_REQUEST_FLAG_CONN_SECURED;
        if (login_binary->sasl_support_final_reply)
                auth_flags |= AUTH_REQUEST_FLAG_SUPPORT_FINAL_RESP;
        return auth_flags;