From: Aki Tuomi Date: Tue, 31 Dec 2024 10:17:54 +0000 (+0200) Subject: auth: Add ssl_client_cert_fp and ssl_client_cert_pubkey_fp fields X-Git-Tag: 2.4.2~744 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e6f71be6d872178ea5c94b5a7ccb63221cf0f799;p=thirdparty%2Fdovecot%2Fcore.git auth: Add ssl_client_cert_fp and ssl_client_cert_pubkey_fp fields --- diff --git a/src/auth/auth-request-fields.c b/src/auth/auth-request-fields.c index b7bfb00b1c..51e82aabcb 100644 --- a/src/auth/auth-request-fields.c +++ b/src/auth/auth-request-fields.c @@ -80,6 +80,14 @@ void auth_request_export(struct auth_request *request, string_t *dest) str_printfa(dest, "\trport=%u", fields->remote_port); if (fields->ssl_ja3_hash != NULL) auth_str_add_keyvalue(dest, "ssl_ja3_hash", fields->ssl_ja3_hash); + if (fields->ssl_client_cert_fp != NULL) { + auth_str_add_keyvalue(dest, "ssl_client_cert_fp", + fields->ssl_client_cert_fp); + } + if (fields->ssl_client_cert_pubkey_fp != NULL) { + auth_str_add_keyvalue(dest, "ssl_client_cert_pubkey_fp", + fields->ssl_client_cert_pubkey_fp); + } if (fields->real_local_ip.family != 0) { auth_str_add_keyvalue(dest, "real_lip", net_ip2addr(&fields->real_local_ip)); @@ -168,6 +176,10 @@ bool auth_request_import_info(struct auth_request *request, auth_request_import_info(request, "real_rport", value); } else if (strcmp(key, "ssl_ja3_hash") == 0) { fields->ssl_ja3_hash = p_strdup(request->pool, value); + } else if (strcmp(key, "ssl_client_cert_fp") == 0) { + fields->ssl_client_cert_fp = p_strdup(request->pool, value); + } else if (strcmp(key, "ssl_client_cert_pubkey_fp") == 0) { + fields->ssl_client_cert_pubkey_fp = p_strdup(request->pool, value); } else if (strcmp(key, "real_lip") == 0) { if (net_addr2ip(value, &fields->real_local_ip) == 0) event_add_ip(event, "real_local_ip", diff --git a/src/auth/auth-request-var-expand.c b/src/auth/auth-request-var-expand.c index e101c8d1b2..6ab31c66a3 100644 --- a/src/auth/auth-request-var-expand.c +++ b/src/auth/auth-request-var-expand.c @@ -41,6 +41,8 @@ auth_request_var_expand_static_tab[] = { { .key = "local_name", .value = NULL }, { .key = "client_id", .value = NULL }, { .key = "ssl_ja3_hash", .value = NULL }, + { .key = "ssl_client_cert_fp", .value = NULL }, + { .key = "ssl_client_cert_pubkey_fp", .value = NULL }, { .key = "owner_user", .value = NULL }, VAR_EXPAND_TABLE_END /* be sure to update AUTH_REQUEST_VAR_TAB_COUNT */ @@ -169,6 +171,10 @@ auth_request_get_var_expand_table_full(const struct auth_request *auth_request, var_expand_table_set_value(tab, "local_name", fields->local_name); var_expand_table_set_value(tab, "client_id", fields->client_id); var_expand_table_set_value(tab, "ssl_ja3_hash", fields->ssl_ja3_hash); + var_expand_table_set_value(tab, "ssl_client_cert_fp", + fields->ssl_client_cert_fp); + var_expand_table_set_value(tab, "ssl_client_cert_pubkey_fp", + fields->ssl_client_cert_pubkey_fp); var_expand_table_set_value(tab, "owner_user", username); return ret_tab; } diff --git a/src/auth/auth-request-var-expand.h b/src/auth/auth-request-var-expand.h index 3f4a394003..8e3e6ae3a7 100644 --- a/src/auth/auth-request-var-expand.h +++ b/src/auth/auth-request-var-expand.h @@ -6,7 +6,7 @@ auth_request_escape_func_t(const char *string, const struct auth_request *auth_request); #define AUTH_REQUEST_VAR_TAB_USER_IDX 0 -#define AUTH_REQUEST_VAR_TAB_COUNT 29 +#define AUTH_REQUEST_VAR_TAB_COUNT 31 extern const struct var_expand_table auth_request_var_expand_static_tab[AUTH_REQUEST_VAR_TAB_COUNT+1]; diff --git a/src/auth/auth-request.h b/src/auth/auth-request.h index ba2070cf78..cfe3d223f3 100644 --- a/src/auth/auth-request.h +++ b/src/auth/auth-request.h @@ -64,6 +64,8 @@ struct auth_request_fields { struct ip_addr local_ip, remote_ip, real_local_ip, real_remote_ip; in_port_t local_port, remote_port, real_local_port, real_remote_port; const char *ssl_ja3_hash; + const char *ssl_client_cert_fp; + const char *ssl_client_cert_pubkey_fp; /* extra_fields are returned in authentication reply. Fields prefixed with "userdb_" are automatically placed to userdb_reply instead. */