From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Fri, 4 Nov 2022 19:45:54 +0000 (+0200)
Subject: lib-auth: Rename AUTH_REQUEST_FLAG_SECURED to AUTH_REQUEST_FLAG_CONN_SECURED
X-Git-Tag: 2.4.0~3424
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b7795c105298dc214753b68280e6eb3acb56759e;p=thirdparty%2Fdovecot%2Fcore.git

lib-auth: Rename AUTH_REQUEST_FLAG_SECURED to AUTH_REQUEST_FLAG_CONN_SECURED
---

diff --git a/src/lib-auth/auth-client-request.c b/src/lib-auth/auth-client-request.c
index 41151133b6..9b931ecd7f 100644
--- a/src/lib-auth/auth-client-request.c
+++ b/src/lib-auth/auth-client-request.c
@@ -24,7 +24,7 @@ static void auth_server_send_new_request(struct auth_client_connection *conn,
 
 	if ((info->flags & AUTH_REQUEST_FLAG_SUPPORT_FINAL_RESP) != 0)
 		str_append(str, "\tfinal-resp-ok");
-	if ((info->flags & AUTH_REQUEST_FLAG_SECURED) != 0) {
+	if ((info->flags & AUTH_REQUEST_FLAG_CONN_SECURED) != 0) {
 		str_append(str, "\tsecured");
 		if ((info->flags & AUTH_REQUEST_FLAG_TRANSPORT_SECURITY_TLS) != 0) {
 			str_append(str, "=tls");
diff --git a/src/lib-auth/auth-client.h b/src/lib-auth/auth-client.h
index 1528f40285..012041ddc2 100644
--- a/src/lib-auth/auth-client.h
+++ b/src/lib-auth/auth-client.h
@@ -8,7 +8,12 @@ struct auth_client;
 struct auth_client_request;
 
 enum auth_request_flags {
-	AUTH_REQUEST_FLAG_SECURED		= 0x01,
+	/* Connection from the previous hop (client, proxy, haproxy) is
+	   considered secured. Either because TLS is used, or because the
+	   connection is otherwise considered not to need TLS. Note that this
+	   doesn't necessarily mean that the client connection behind the
+	   previous hop is secured. */
+	AUTH_REQUEST_FLAG_CONN_SECURED		= 0x01,
 	AUTH_REQUEST_FLAG_VALID_CLIENT_CERT	= 0x02,
 	/* Skip penalty checks for this request */
 	AUTH_REQUEST_FLAG_NO_PENALTY		= 0x04,
diff --git a/src/lib-auth/test-auth-client.c b/src/lib-auth/test-auth-client.c
index 43be9650c2..47dd756fe6 100644
--- a/src/lib-auth/test-auth-client.c
+++ b/src/lib-auth/test-auth-client.c
@@ -1003,7 +1003,7 @@ test_client_auth_parallel(const char *mech, const char *username,
 	info.mech = mech;
 	info.service = "test";
 	info.session_id = "23423dfd243daaa223";
-	info.flags = AUTH_REQUEST_FLAG_SECURED;
+	info.flags = AUTH_REQUEST_FLAG_CONN_SECURED;
 
 	(void)net_addr2ip("10.0.0.15", &info.local_ip);
 	info.local_port = 143;
diff --git a/src/login-common/sasl-server.c b/src/login-common/sasl-server.c
index 4e98547620..d119282903 100644
--- a/src/login-common/sasl-server.c
+++ b/src/login-common/sasl-server.c
@@ -109,7 +109,7 @@ client_get_auth_flags(struct client *client)
 	if (client->connection_tls_secured || client->haproxy_terminated_tls)
 		auth_flags |= AUTH_REQUEST_FLAG_TRANSPORT_SECURITY_TLS;
 	if (client->connection_secured)
-		auth_flags |= AUTH_REQUEST_FLAG_SECURED;
+		auth_flags |= AUTH_REQUEST_FLAG_CONN_SECURED;
 	if (login_binary->sasl_support_final_reply)
 		auth_flags |= AUTH_REQUEST_FLAG_SUPPORT_FINAL_RESP;
 	return auth_flags;