[dovecot-cvs] dovecot/src/pop3-login client-authenticate.c, 1.15, 1.16 client.c, 1.18, 1.19

[cras at procontrol.fi]

Update of /home/cvs/dovecot/src/pop3-login
In directory talvi:/tmp/cvs-serv3177/src/pop3-login

Modified Files:
	client-authenticate.c client.c 
Log Message:
Added ssl_require_client_cert auth-specific setting. Hide
ssl_verify_client_cert from default config file as it's automatically set if
needed and there's not much point in forcing it.



Index: client-authenticate.c
===================================================================
RCS file: /home/cvs/dovecot/src/pop3-login/client-authenticate.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- client-authenticate.c	1 May 2004 19:09:35 -0000	1.15
+++ client-authenticate.c	17 May 2004 01:32:17 -0000	1.16
@@ -11,6 +11,7 @@
 #include "auth-client.h"
 #include "../auth/auth-mech-desc.h"
 #include "../pop3/capability.h"
+#include "ssl-proxy.h"
 #include "master.h"
 #include "auth-common.h"
 #include "client.h"
@@ -132,6 +133,17 @@
 	t_pop();
 }
 
+static enum auth_client_request_new_flags
+client_get_auth_flags(struct pop3_client *client)
+{
+        enum auth_client_request_new_flags auth_flags = 0;
+
+	if (client->common.proxy != NULL &&
+	    ssl_proxy_has_valid_client_cert(client->common.proxy))
+		auth_flags |= AUTH_CLIENT_FLAG_SSL_VALID_CLIENT_CERT;
+	return auth_flags;
+}
+
 static void login_callback(struct auth_request *request,
 			   struct auth_client_request_reply *reply,
 			   const unsigned char *data, void *context)
@@ -196,6 +208,7 @@
 	client->common.auth_request =
 		auth_client_request_new(auth_client, AUTH_MECH_PLAIN,
 					AUTH_PROTOCOL_POP3,
+                                        client_get_auth_flags(client),
 					login_callback, client, &error);
 	if (client->common.auth_request != NULL) {
 		/* don't read any input from client until login is finished */
@@ -305,6 +318,7 @@
 	client->common.auth_request =
 		auth_client_request_new(auth_client, mech->mech,
 					AUTH_PROTOCOL_POP3,
+                                        client_get_auth_flags(client),
 					authenticate_callback, client, &error);
 	if (client->common.auth_request != NULL) {
 		/* following input data will go to authentication */

Index: client.c
===================================================================
RCS file: /home/cvs/dovecot/src/pop3-login/client.c,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -d -r1.18 -r1.19
--- client.c	3 Dec 2003 00:40:21 -0000	1.18
+++ client.c	17 May 2004 01:32:17 -0000	1.19
@@ -80,7 +80,8 @@
 		client->common.io = NULL;
 	}
 
-	fd_ssl = ssl_proxy_new(client->common.fd, &client->common.ip);
+	fd_ssl = ssl_proxy_new(client->common.fd, &client->common.ip,
+			       &client->common.proxy);
 	if (fd_ssl != -1) {
 		client->tls = TRUE;
 		client->secured = TRUE;
@@ -298,6 +299,8 @@
 	net_disconnect(client->common.fd);
 	client->common.fd = -1;
 
+	if (client->common.proxy != NULL)
+		ssl_proxy_free(client->common.proxy);
 	client_unref(client);
 }