[dovecot-cvs] dovecot/src/auth auth-client-interface.h, 1.2,
1.3 mech.c, 1.17, 1.18 mech.h, 1.12, 1.13
cras at procontrol.fi
cras at procontrol.fi
Mon May 17 04:32:19 EEST 2004
Update of /home/cvs/dovecot/src/auth
In directory talvi:/tmp/cvs-serv3177/src/auth
Modified Files:
auth-client-interface.h mech.c mech.h
Log Message:
Added ssl_require_client_cert auth-specific setting. Hide
ssl_verify_client_cert from default config file as it's automatically set if
needed and there's not much point in forcing it.
Index: auth-client-interface.h
===================================================================
RCS file: /home/cvs/dovecot/src/auth/auth-client-interface.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- auth-client-interface.h 10 Nov 2003 20:36:02 -0000 1.2
+++ auth-client-interface.h 17 May 2004 01:32:16 -0000 1.3
@@ -22,6 +22,10 @@
AUTH_PROTOCOL_POP3 = 0x02
};
+enum auth_client_request_new_flags {
+ AUTH_CLIENT_FLAG_SSL_VALID_CLIENT_CERT = 0x01
+};
+
enum auth_client_request_type {
AUTH_CLIENT_REQUEST_NEW = 1,
AUTH_CLIENT_REQUEST_CONTINUE
@@ -51,6 +55,7 @@
enum auth_mech mech;
enum auth_protocol protocol;
+ enum auth_client_request_new_flags flags;
};
/* Continue authentication request */
Index: mech.c
===================================================================
RCS file: /home/cvs/dovecot/src/auth/mech.c,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -d -r1.17 -r1.18
--- mech.c 10 Nov 2003 20:36:02 -0000 1.17
+++ mech.c 17 May 2004 01:32:16 -0000 1.18
@@ -22,6 +22,7 @@
char username_chars[256];
static int set_use_cyrus_sasl;
+static int ssl_require_client_cert;
static struct mech_module_list *mech_modules;
static struct auth_client_request_reply failure_reply;
@@ -75,6 +76,16 @@
return;
}
+ if (ssl_require_client_cert &&
+ (request->flags & AUTH_CLIENT_FLAG_SSL_VALID_CLIENT_CERT) == 0) {
+ /* we fail without valid certificate */
+ if (verbose)
+ i_info("Client didn't present valid SSL certificate");
+ failure_reply.id = request->id;
+ callback(&failure_reply, NULL, conn);
+ return;
+ }
+
#ifdef USE_CYRUS_SASL2
if (set_use_cyrus_sasl) {
auth_request = mech_cyrus_sasl_new(conn, request, callback);
@@ -291,6 +302,7 @@
if (set_use_cyrus_sasl)
mech_cyrus_sasl_init_lib();
#endif
+ ssl_require_client_cert = getenv("SSL_REQUIRE_CLIENT_CERT") != NULL;
}
void mech_deinit(void)
Index: mech.h
===================================================================
RCS file: /home/cvs/dovecot/src/auth/mech.h,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- mech.h 22 Aug 2003 06:51:15 -0000 1.12
+++ mech.h 17 May 2004 01:32:16 -0000 1.13
@@ -43,6 +43,7 @@
extern const char *default_realm;
extern const char *anonymous_username;
extern char username_chars[256];
+extern int ssl_require_client_cert;
void mech_register_module(struct mech_module *module);
void mech_unregister_module(struct mech_module *module);
More information about the dovecot-cvs
mailing list