From: Timo Sirainen Date: Thu, 23 Oct 2008 17:31:41 +0000 (+0300) Subject: Added %k variable to display valid-client-cert status. It expands to "valid" or empty. X-Git-Tag: 1.2.alpha4~169 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=258ff7d4f03dd9d29eca3664e4acacdf7f528234;p=thirdparty%2Fdovecot%2Fcore.git Added %k variable to display valid-client-cert status. It expands to "valid" or empty. --HG-- branch : HEAD --- diff --git a/src/auth/auth-request-handler.c b/src/auth/auth-request-handler.c index 6568b46393..a06e047554 100644 --- a/src/auth/auth-request-handler.c +++ b/src/auth/auth-request-handler.c @@ -276,7 +276,6 @@ bool auth_request_handler_auth_begin(struct auth_request_handler *handler, size_t initial_resp_len; unsigned int id; buffer_t *buf; - bool valid_client_cert; /* [...] */ list = t_strsplit(args, "\t"); @@ -304,7 +303,6 @@ bool auth_request_handler_auth_begin(struct auth_request_handler *handler, /* parse optional parameters */ initial_resp = NULL; - valid_client_cert = FALSE; for (list += 2; *list != NULL; list++) { arg = strchr(*list, '='); if (arg == NULL) { @@ -317,8 +315,6 @@ bool auth_request_handler_auth_begin(struct auth_request_handler *handler, if (auth_request_import(request, name, arg)) ; - else if (strcmp(name, "valid-client-cert") == 0) - valid_client_cert = TRUE; else if (strcmp(name, "resp") == 0) { initial_resp = arg; /* this must be the last parameter */ @@ -343,7 +339,8 @@ bool auth_request_handler_auth_begin(struct auth_request_handler *handler, hash_insert(handler->requests, POINTER_CAST(id), request); - if (request->auth->ssl_require_client_cert && !valid_client_cert) { + if (request->auth->ssl_require_client_cert && + !request->valid_client_cert) { /* we fail without valid certificate */ auth_request_handler_auth_fail(handler, request, "Client didn't present valid SSL certificate"); diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c index e3d3ccee53..5caffc5c98 100644 --- a/src/auth/auth-request.c +++ b/src/auth/auth-request.c @@ -147,6 +147,8 @@ void auth_request_export(struct auth_request *request, auth_stream_reply_add(reply, "secured", "1"); if (request->skip_password_check) auth_stream_reply_add(reply, "skip_password_check", "1"); + if (request->valid_client_cert) + auth_stream_reply_add(reply, "valid-client-cert", "1"); if (request->mech_name != NULL) auth_stream_reply_add(reply, "mech", request->mech_name); } @@ -179,6 +181,8 @@ bool auth_request_import(struct auth_request *request, request->secured = TRUE; else if (strcmp(key, "nologin") == 0) request->no_login = TRUE; + else if (strcmp(key, "valid-client-cert") == 0) + request->valid_client_cert = TRUE; else if (strcmp(key, "skip_password_check") == 0) { i_assert(request->master_user != NULL); request->skip_password_check = TRUE; @@ -1347,6 +1351,7 @@ auth_request_get_var_expand_table(const struct auth_request *auth_request, { 'c', NULL }, { 'a', NULL }, { 'b', NULL }, + { 'k', NULL }, { '\0', NULL } }; struct var_expand_table *tab; @@ -1386,6 +1391,7 @@ auth_request_get_var_expand_table(const struct auth_request *auth_request, tab[11].value = auth_request->secured ? "secured" : ""; tab[12].value = dec2str(auth_request->local_port); tab[13].value = dec2str(auth_request->remote_port); + tab[14].value = auth_request->valid_client_cert ? "valid" : ""; return tab; } diff --git a/src/auth/auth-request.h b/src/auth/auth-request.h index edf1170226..659db81537 100644 --- a/src/auth/auth-request.h +++ b/src/auth/auth-request.h @@ -91,6 +91,7 @@ struct auth_request { unsigned int skip_password_check:1; unsigned int proxy:1; unsigned int proxy_maybe:1; + unsigned int valid_client_cert:1; unsigned int cert_username:1; unsigned int userdb_lookup:1; unsigned int userdb_lookup_failed:1;