auth: Add ssl_client_cert_fp and ssl_client_cert_pubkey_fp fields

author Aki Tuomi <aki.tuomi@open-xchange.com>

Tue, 31 Dec 2024 10:17:54 +0000 (12:17 +0200)

committer aki.tuomi <aki.tuomi@open-xchange.com>

Mon, 26 May 2025 05:39:13 +0000 (05:39 +0000)
author Aki Tuomi <aki.tuomi@open-xchange.com>
Tue, 31 Dec 2024 10:17:54 +0000 (12:17 +0200)
committer aki.tuomi <aki.tuomi@open-xchange.com>
Mon, 26 May 2025 05:39:13 +0000 (05:39 +0000)
diff --git a/src/auth/auth-request-fields.c b/src/auth/auth-request-fields.c

index b7bfb00b1caf060670f6f15f7c5c0e1219ec0389..51e82aabcb53d40076460c18336dfc2f84f2fbf2 100644 (file)
--- a/src/auth/auth-request-fields.c
+++ b/src/auth/auth-request-fields.c
@@ -80,6 +80,14 @@ void auth_request_export(struct auth_request *request, string_t *dest)
                 str_printfa(dest, "\trport=%u", fields->remote_port);
         if (fields->ssl_ja3_hash != NULL)
                 auth_str_add_keyvalue(dest, "ssl_ja3_hash", fields->ssl_ja3_hash);
+       if (fields->ssl_client_cert_fp != NULL) {
+               auth_str_add_keyvalue(dest, "ssl_client_cert_fp",
+                                     fields->ssl_client_cert_fp);
+       }
+       if (fields->ssl_client_cert_pubkey_fp != NULL) {
+               auth_str_add_keyvalue(dest, "ssl_client_cert_pubkey_fp",
+                                     fields->ssl_client_cert_pubkey_fp);
+       }
         if (fields->real_local_ip.family != 0) {
                 auth_str_add_keyvalue(dest, "real_lip",
                                       net_ip2addr(&fields->real_local_ip));
@@ -168,6 +176,10 @@ bool auth_request_import_info(struct auth_request *request,
                         auth_request_import_info(request, "real_rport", value);
         } else if (strcmp(key, "ssl_ja3_hash") == 0) {
                 fields->ssl_ja3_hash = p_strdup(request->pool, value);
+       } else if (strcmp(key, "ssl_client_cert_fp") == 0) {
+               fields->ssl_client_cert_fp = p_strdup(request->pool, value);
+       } else if (strcmp(key, "ssl_client_cert_pubkey_fp") == 0) {
+               fields->ssl_client_cert_pubkey_fp = p_strdup(request->pool, value);
         } else if (strcmp(key, "real_lip") == 0) {
                 if (net_addr2ip(value, &fields->real_local_ip) == 0)
                         event_add_ip(event, "real_local_ip",
diff --git a/src/auth/auth-request-var-expand.c b/src/auth/auth-request-var-expand.c

index e101c8d1b211b5f0550686cb1401c80130e7edc7..6ab31c66a3c195257357eba0f7e7161d14f0c6ba 100644 (file)
--- a/src/auth/auth-request-var-expand.c
+++ b/src/auth/auth-request-var-expand.c
@@ -41,6 +41,8 @@ auth_request_var_expand_static_tab[] = {
         { .key = "local_name", .value = NULL },
         { .key = "client_id", .value = NULL },
         { .key = "ssl_ja3_hash", .value = NULL },
+       { .key = "ssl_client_cert_fp", .value = NULL },
+       { .key = "ssl_client_cert_pubkey_fp", .value = NULL },
         { .key = "owner_user", .value = NULL },
         VAR_EXPAND_TABLE_END
         /* be sure to update AUTH_REQUEST_VAR_TAB_COUNT */
@@ -169,6 +171,10 @@ auth_request_get_var_expand_table_full(const struct auth_request *auth_request,
         var_expand_table_set_value(tab, "local_name", fields->local_name);
         var_expand_table_set_value(tab, "client_id", fields->client_id);
         var_expand_table_set_value(tab, "ssl_ja3_hash", fields->ssl_ja3_hash);
+       var_expand_table_set_value(tab, "ssl_client_cert_fp",
+                                  fields->ssl_client_cert_fp);
+       var_expand_table_set_value(tab, "ssl_client_cert_pubkey_fp",
+                                  fields->ssl_client_cert_pubkey_fp);
         var_expand_table_set_value(tab, "owner_user", username);
         return ret_tab;
  }
diff --git a/src/auth/auth-request-var-expand.h b/src/auth/auth-request-var-expand.h

index 3f4a39400366c7f7c16171d26bb327b7b4bfefb1..8e3e6ae3a729b6c8319aadbd713bd9de81e0cf0b 100644 (file)
--- a/src/auth/auth-request-var-expand.h
+++ b/src/auth/auth-request-var-expand.h
@@ -6,7 +6,7 @@ auth_request_escape_func_t(const char *string,
                            const struct auth_request *auth_request);
  
  #define AUTH_REQUEST_VAR_TAB_USER_IDX 0
-#define AUTH_REQUEST_VAR_TAB_COUNT 29
+#define AUTH_REQUEST_VAR_TAB_COUNT 31
  extern const struct var_expand_table
  auth_request_var_expand_static_tab[AUTH_REQUEST_VAR_TAB_COUNT+1];
  
diff --git a/src/auth/auth-request.h b/src/auth/auth-request.h

index ba2070cf78f8de0438d12883bbe3ad1368ebbaa8..cfe3d223f3bbe299049604e9a510c951ec3a48cb 100644 (file)
--- a/src/auth/auth-request.h
+++ b/src/auth/auth-request.h
@@ -64,6 +64,8 @@ struct auth_request_fields {
         struct ip_addr local_ip, remote_ip, real_local_ip, real_remote_ip;
         in_port_t local_port, remote_port, real_local_port, real_remote_port;
         const char *ssl_ja3_hash;
+       const char *ssl_client_cert_fp;
+       const char *ssl_client_cert_pubkey_fp;
  
          /* extra_fields are returned in authentication reply. Fields prefixed
             with "userdb_" are automatically placed to userdb_reply instead. */
author	Aki Tuomi <aki.tuomi@open-xchange.com>
	Tue, 31 Dec 2024 10:17:54 +0000 (12:17 +0200)
committer	aki.tuomi <aki.tuomi@open-xchange.com>
	Mon, 26 May 2025 05:39:13 +0000 (05:39 +0000)
src/auth/auth-request-fields.c		patch \| blob \| blame \| history
src/auth/auth-request-var-expand.c		patch \| blob \| blame \| history
src/auth/auth-request-var-expand.h		patch \| blob \| blame \| history
src/auth/auth-request.h		patch \| blob \| blame \| history