[dovecot-cvs] dovecot/src/auth auth-client-interface.h, 1.2, 1.3 mech.c, 1.17, 1.18 mech.h, 1.12, 1.13

Mon May 17 04:32:19 EEST 2004

Update of /home/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv3177/src/auth

Modified Files:
	auth-client-interface.h mech.c mech.h 
Log Message:
Added ssl_require_client_cert auth-specific setting. Hide
ssl_verify_client_cert from default config file as it's automatically set if
needed and there's not much point in forcing it.



Index: auth-client-interface.h
===================================================================
RCS file: /home/cvs/dovecot/src/auth/auth-client-interface.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3

--- auth-client-interface.h	10 Nov 2003 20:36:02 -0000	1.2
+++ auth-client-interface.h	17 May 2004 01:32:16 -0000	1.3
@@ -22,6 +22,10 @@
 	AUTH_PROTOCOL_POP3	= 0x02
 };
 
+enum auth_client_request_new_flags {
+	AUTH_CLIENT_FLAG_SSL_VALID_CLIENT_CERT = 0x01
+};
+
 enum auth_client_request_type {
 	AUTH_CLIENT_REQUEST_NEW = 1,
         AUTH_CLIENT_REQUEST_CONTINUE
@@ -51,6 +55,7 @@
 
 	enum auth_mech mech;
 	enum auth_protocol protocol;
+        enum auth_client_request_new_flags flags;
 };
 
 /* Continue authentication request */

Index: mech.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/mech.c,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -d -r1.17 -r1.18
--- mech.c	10 Nov 2003 20:36:02 -0000	1.17
+++ mech.c	17 May 2004 01:32:16 -0000	1.18
@@ -22,6 +22,7 @@
 char username_chars[256];
 
 static int set_use_cyrus_sasl;
+static int ssl_require_client_cert;
 static struct mech_module_list *mech_modules;
 static struct auth_client_request_reply failure_reply;
 
@@ -75,6 +76,16 @@
 		return;
 	}
 
+	if (ssl_require_client_cert &&
+	    (request->flags & AUTH_CLIENT_FLAG_SSL_VALID_CLIENT_CERT) == 0) {
+		/* we fail without valid certificate */
+		if (verbose)
+			i_info("Client didn't present valid SSL certificate");
+		failure_reply.id = request->id;
+		callback(&failure_reply, NULL, conn);
+		return;
+	}
+
 #ifdef USE_CYRUS_SASL2
 	if (set_use_cyrus_sasl) {
 		auth_request = mech_cyrus_sasl_new(conn, request, callback);
@@ -291,6 +302,7 @@
 	if (set_use_cyrus_sasl)
 		mech_cyrus_sasl_init_lib();
 #endif
+        ssl_require_client_cert = getenv("SSL_REQUIRE_CLIENT_CERT") != NULL;
 }
 
 void mech_deinit(void)

Index: mech.h
===================================================================
RCS file: /home/cvs/dovecot/src/auth/mech.h,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- mech.h	22 Aug 2003 06:51:15 -0000	1.12
+++ mech.h	17 May 2004 01:32:16 -0000	1.13
@@ -43,6 +43,7 @@
 extern const char *default_realm;
 extern const char *anonymous_username;
 extern char username_chars[256];
+extern int ssl_require_client_cert;
 
 void mech_register_module(struct mech_module *module);
 void mech_unregister_module(struct mech_module *module);

