From: Stephan Bosch Date: Sat, 9 Dec 2017 01:34:52 +0000 (+0100) Subject: lib-master: master-auth: Pass more information about the user connection to the backe... X-Git-Tag: 2.3.0.rc1~137 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e213fe0f4040bb6001e76edd51131ccf18129a3f;p=thirdparty%2Fdovecot%2Fcore.git lib-master: master-auth: Pass more information about the user connection to the backend in struct master_auth_request. Adds remote and local ports and security information about the connection. This changes the master-auth protocol incompatibly, so the major version is updated. --- diff --git a/src/lib-master/master-auth.h b/src/lib-master/master-auth.h index 91b63550a1..59db83977b 100644 --- a/src/lib-master/master-auth.h +++ b/src/lib-master/master-auth.h @@ -25,7 +25,11 @@ struct master_service; enum mail_auth_request_flags { /* Connection has TLS compression enabled */ - MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION = 0x01 + MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION = BIT(0), + /* Connection is secure (SSL or just trusted) */ + MAIL_AUTH_REQUEST_FLAG_CONN_SECURED = BIT(1), + /* Connection is secured using SSL specifically */ + MAIL_AUTH_REQUEST_FLAG_CONN_SSL_SECURED = BIT(2), }; /* Authentication request. File descriptor may be sent along with the @@ -40,9 +44,10 @@ struct master_auth_request { unsigned int client_pid; uint8_t cookie[MASTER_AUTH_COOKIE_SIZE]; - /* Local and remote IPs of the connection. The file descriptor + /* Properties of the connection. The file descriptor itself may be a local socketpair. */ struct ip_addr local_ip, remote_ip; + in_port_t local_port, remote_port; uint32_t flags; diff --git a/src/login-common/sasl-server.c b/src/login-common/sasl-server.c index c74a2280b8..9d8b418578 100644 --- a/src/login-common/sasl-server.c +++ b/src/login-common/sasl-server.c @@ -135,10 +135,16 @@ static int master_send_request(struct anvil_request *anvil_request) req.auth_id = anvil_request->auth_id; req.local_ip = client->local_ip; req.remote_ip = client->ip; + req.local_port = client->local_port; + req.remote_port = client->remote_port; req.client_pid = getpid(); if (client->ssl_iostream != NULL && ssl_iostream_get_compression(client->ssl_iostream) != NULL) req.flags |= MAIL_AUTH_REQUEST_FLAG_TLS_COMPRESSION; + if (client->secured) + req.flags |= MAIL_AUTH_REQUEST_FLAG_CONN_SECURED; + if (client->ssl_secured) + req.flags |= MAIL_AUTH_REQUEST_FLAG_CONN_SSL_SECURED; memcpy(req.cookie, anvil_request->cookie, sizeof(req.cookie)); buf = t_buffer_create(256);