From: Timo Sirainen Date: Thu, 3 Nov 2022 17:18:03 +0000 (+0200) Subject: login-common: Rename client.trusted to connection_trusted X-Git-Tag: 2.4.0~3425 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=465a72ec8103c5614674eb5e23c58225cdff2528;p=thirdparty%2Fdovecot%2Fcore.git login-common: Rename client.trusted to connection_trusted --- diff --git a/src/imap-login/imap-login-cmd-id.c b/src/imap-login/imap-login-cmd-id.c index 443b90d071..9a0aa95dd9 100644 --- a/src/imap-login/imap-login-cmd-id.c +++ b/src/imap-login/imap-login-cmd-id.c @@ -112,7 +112,8 @@ client_try_update_info(struct imap_client *client, /* do not try to process NIL values as client-info, but store them for non-reserved keys */ - if (client->common.trusted && !client->id_logged && value != NULL) + if (client->common.connection_trusted && + !client->id_logged && value != NULL) handler->callback(client, key, value); return TRUE; } @@ -211,7 +212,7 @@ static void cmd_id_finish(struct imap_client *client) t_strdup_printf("* ID %s\r\n", imap_id_reply_generate(client->set->imap_id_send))); const char *msg = "ID completed."; - if (client->common.trusted) + if (client->common.connection_trusted) msg = "Trusted ID completed."; client_send_reply(&client->common, IMAP_CMD_REPLY_OK, msg); } diff --git a/src/login-common/client-common.c b/src/login-common/client-common.c index 92ce7ed434..33de97c4cb 100644 --- a/src/login-common/client-common.c +++ b/src/login-common/client-common.c @@ -214,16 +214,17 @@ client_alloc(int fd, pool_t pool, event_add_str(client->event, "service", login_binary->protocol); event_set_log_message_callback(client->event, client_log_msg_callback, client); - client->trusted = client_is_trusted(client); + client->connection_trusted = client_is_trusted(client); if (conn->haproxied) { client->haproxy_terminated_tls = conn->haproxy.ssl; - client->connection_secured = conn->haproxy.ssl || client->trusted; + client->connection_secured = conn->haproxy.ssl || + client->connection_trusted; client->end_client_tls_secured = conn->haproxy.ssl; client->local_name = conn->haproxy.hostname; client->client_cert_common_name = conn->haproxy.cert_common_name; } else { - client->connection_secured = client->trusted || + client->connection_secured = client->connection_trusted || net_ip_compare(&conn->real_remote_ip, &conn->real_local_ip); } client->proxy_ttl = LOGIN_PROXY_TTL; diff --git a/src/login-common/client-common.h b/src/login-common/client-common.h index f546671fcf..8c0bfa46b9 100644 --- a/src/login-common/client-common.h +++ b/src/login-common/client-common.h @@ -247,7 +247,10 @@ struct client { TLS secured, not whether the original client connection is TLS secured. */ bool end_client_tls_secured:1; - bool trusted:1; + /* Connection is from a trusted client/proxy, which is allowed to e.g. + forward the original client IP address. Note that a trusted + connection is not necessarily considered secured. */ + bool connection_trusted:1; bool ssl_servername_settings_read:1; bool banner_sent:1; bool authenticating:1; diff --git a/src/pop3-login/client.c b/src/pop3-login/client.c index 1148e7fcc3..26d0250bd0 100644 --- a/src/pop3-login/client.c +++ b/src/pop3-login/client.c @@ -44,7 +44,7 @@ static bool cmd_xclient(struct pop3_client *client, const char *args) in_port_t remote_port; bool args_ok = TRUE; - if (!client->common.trusted) { + if (!client->common.connection_trusted) { client_send_reply(&client->common, POP3_CMD_REPLY_OK, "You are not from trusted IP - ignoring"); return TRUE; @@ -251,7 +251,7 @@ static void pop3_client_notify_auth_ready(struct client *client) client->io = io_add_istream(client->input, client_input, client); str = t_str_new(128); - if (client->trusted) { + if (client->connection_trusted) { /* Dovecot extension to avoid extra roundtrip for CAPA */ str_append(str, "[XCLIENT] "); } diff --git a/src/submission-login/client.c b/src/submission-login/client.c index baf3226a02..d2d02c7172 100644 --- a/src/submission-login/client.c +++ b/src/submission-login/client.c @@ -225,7 +225,7 @@ static bool client_connection_is_trusted(void *context) { struct submission_client *client = context; - return client->common.trusted; + return client->common.connection_trusted; } static void submission_login_die(void)