Mercurial > dovecot > original-hg > dovecot-1.2
changeset 8320:d49aa6720fb2 HEAD
Added %k variable to display valid-client-cert status. It expands to "valid" or empty.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Thu, 23 Oct 2008 20:31:41 +0300 |
parents | 8553bb4c53ad |
children | b62e350500c9 |
files | src/auth/auth-request-handler.c src/auth/auth-request.c src/auth/auth-request.h |
diffstat | 3 files changed, 9 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/src/auth/auth-request-handler.c Thu Oct 23 20:15:16 2008 +0300 +++ b/src/auth/auth-request-handler.c Thu Oct 23 20:31:41 2008 +0300 @@ -276,7 +276,6 @@ size_t initial_resp_len; unsigned int id; buffer_t *buf; - bool valid_client_cert; /* <id> <mechanism> [...] */ list = t_strsplit(args, "\t"); @@ -304,7 +303,6 @@ /* parse optional parameters */ initial_resp = NULL; - valid_client_cert = FALSE; for (list += 2; *list != NULL; list++) { arg = strchr(*list, '='); if (arg == NULL) { @@ -317,8 +315,6 @@ if (auth_request_import(request, name, arg)) ; - else if (strcmp(name, "valid-client-cert") == 0) - valid_client_cert = TRUE; else if (strcmp(name, "resp") == 0) { initial_resp = arg; /* this must be the last parameter */ @@ -343,7 +339,8 @@ hash_insert(handler->requests, POINTER_CAST(id), request); - if (request->auth->ssl_require_client_cert && !valid_client_cert) { + if (request->auth->ssl_require_client_cert && + !request->valid_client_cert) { /* we fail without valid certificate */ auth_request_handler_auth_fail(handler, request, "Client didn't present valid SSL certificate");
--- a/src/auth/auth-request.c Thu Oct 23 20:15:16 2008 +0300 +++ b/src/auth/auth-request.c Thu Oct 23 20:31:41 2008 +0300 @@ -147,6 +147,8 @@ auth_stream_reply_add(reply, "secured", "1"); if (request->skip_password_check) auth_stream_reply_add(reply, "skip_password_check", "1"); + if (request->valid_client_cert) + auth_stream_reply_add(reply, "valid-client-cert", "1"); if (request->mech_name != NULL) auth_stream_reply_add(reply, "mech", request->mech_name); } @@ -179,6 +181,8 @@ request->secured = TRUE; else if (strcmp(key, "nologin") == 0) request->no_login = TRUE; + else if (strcmp(key, "valid-client-cert") == 0) + request->valid_client_cert = TRUE; else if (strcmp(key, "skip_password_check") == 0) { i_assert(request->master_user != NULL); request->skip_password_check = TRUE; @@ -1347,6 +1351,7 @@ { 'c', NULL }, { 'a', NULL }, { 'b', NULL }, + { 'k', NULL }, { '\0', NULL } }; struct var_expand_table *tab; @@ -1386,6 +1391,7 @@ tab[11].value = auth_request->secured ? "secured" : ""; tab[12].value = dec2str(auth_request->local_port); tab[13].value = dec2str(auth_request->remote_port); + tab[14].value = auth_request->valid_client_cert ? "valid" : ""; return tab; }
--- a/src/auth/auth-request.h Thu Oct 23 20:15:16 2008 +0300 +++ b/src/auth/auth-request.h Thu Oct 23 20:31:41 2008 +0300 @@ -91,6 +91,7 @@ unsigned int skip_password_check:1; unsigned int proxy:1; unsigned int proxy_maybe:1; + unsigned int valid_client_cert:1; unsigned int cert_username:1; unsigned int userdb_lookup:1; unsigned int userdb_lookup_failed:1;