Mercurial > dovecot > original-hg > dovecot-1.2

changeset 8320:d49aa6720fb2 HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added %k variable to display valid-client-cert status. It expands to "valid" or empty.
author Timo Sirainen <tss@iki.fi>
date Thu, 23 Oct 2008 20:31:41 +0300
parents 8553bb4c53ad
children b62e350500c9
files src/auth/auth-request-handler.c src/auth/auth-request.c src/auth/auth-request.h
diffstat 3 files changed, 9 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/src/auth/auth-request-handler.c	Thu Oct 23 20:15:16 2008 +0300
+++ b/src/auth/auth-request-handler.c	Thu Oct 23 20:31:41 2008 +0300
@@ -276,7 +276,6 @@
 	size_t initial_resp_len;
 	unsigned int id;
 	buffer_t *buf;
-	bool valid_client_cert;
 
 	/* <id> <mechanism> [...] */
 	list = t_strsplit(args, "\t");
@@ -304,7 +303,6 @@
 
 	/* parse optional parameters */
 	initial_resp = NULL;
-	valid_client_cert = FALSE;
 	for (list += 2; *list != NULL; list++) {
 		arg = strchr(*list, '=');
 		if (arg == NULL) {
@@ -317,8 +315,6 @@
 
 		if (auth_request_import(request, name, arg))
 			;
-		else if (strcmp(name, "valid-client-cert") == 0)
-			valid_client_cert = TRUE;
 		else if (strcmp(name, "resp") == 0) {
 			initial_resp = arg;
 			/* this must be the last parameter */
@@ -343,7 +339,8 @@
 
 	hash_insert(handler->requests, POINTER_CAST(id), request);
 
-	if (request->auth->ssl_require_client_cert && !valid_client_cert) {
+	if (request->auth->ssl_require_client_cert &&
+	    !request->valid_client_cert) {
 		/* we fail without valid certificate */
                 auth_request_handler_auth_fail(handler, request,
 			"Client didn't present valid SSL certificate");
--- a/src/auth/auth-request.c	Thu Oct 23 20:15:16 2008 +0300
+++ b/src/auth/auth-request.c	Thu Oct 23 20:31:41 2008 +0300
@@ -147,6 +147,8 @@
 		auth_stream_reply_add(reply, "secured", "1");
 	if (request->skip_password_check)
 		auth_stream_reply_add(reply, "skip_password_check", "1");
+	if (request->valid_client_cert)
+		auth_stream_reply_add(reply, "valid-client-cert", "1");
 	if (request->mech_name != NULL)
 		auth_stream_reply_add(reply, "mech", request->mech_name);
 }
@@ -179,6 +181,8 @@
 		request->secured = TRUE;
 	else if (strcmp(key, "nologin") == 0)
 		request->no_login = TRUE;
+	else if (strcmp(key, "valid-client-cert") == 0)
+		request->valid_client_cert = TRUE;
 	else if (strcmp(key, "skip_password_check") == 0) {
 		i_assert(request->master_user !=  NULL);
 		request->skip_password_check = TRUE;
@@ -1347,6 +1351,7 @@
 		{ 'c', NULL },
 		{ 'a', NULL },
 		{ 'b', NULL },
+		{ 'k', NULL },
 		{ '\0', NULL }
 	};
 	struct var_expand_table *tab;
@@ -1386,6 +1391,7 @@
 	tab[11].value = auth_request->secured ? "secured" : "";
 	tab[12].value = dec2str(auth_request->local_port);
 	tab[13].value = dec2str(auth_request->remote_port);
+	tab[14].value = auth_request->valid_client_cert ? "valid" : "";
 	return tab;
 }
 
--- a/src/auth/auth-request.h	Thu Oct 23 20:15:16 2008 +0300
+++ b/src/auth/auth-request.h	Thu Oct 23 20:31:41 2008 +0300
@@ -91,6 +91,7 @@
 	unsigned int skip_password_check:1;
 	unsigned int proxy:1;
 	unsigned int proxy_maybe:1;
+	unsigned int valid_client_cert:1;
 	unsigned int cert_username:1;
 	unsigned int userdb_lookup:1;
 	unsigned int userdb_lookup_failed:1;