[dovecot-cvs] dovecot/src/imap-login client-authenticate.c, 1.14, 1.15 client.c, 1.22, 1.23

[cras at procontrol.fi]

Update of /home/cvs/dovecot/src/imap-login
In directory talvi:/tmp/cvs-serv3177/src/imap-login

Modified Files:
	client-authenticate.c client.c 
Log Message:
Added ssl_require_client_cert auth-specific setting. Hide
ssl_verify_client_cert from default config file as it's automatically set if
needed and there's not much point in forcing it.



Index: client-authenticate.c
===================================================================
RCS file: /home/cvs/dovecot/src/imap-login/client-authenticate.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- client-authenticate.c	1 May 2004 19:09:34 -0000	1.14
+++ client-authenticate.c	17 May 2004 01:32:17 -0000	1.15
@@ -11,6 +11,7 @@
 #include "imap-parser.h"
 #include "auth-client.h"
 #include "../auth/auth-mech-desc.h"
+#include "ssl-proxy.h"
 #include "client.h"
 #include "client-authenticate.h"
 #include "auth-common.h"
@@ -160,6 +161,17 @@
 	}
 }
 
+static enum auth_client_request_new_flags
+client_get_auth_flags(struct imap_client *client)
+{
+        enum auth_client_request_new_flags auth_flags = 0;
+
+	if (client->common.proxy != NULL &&
+	    ssl_proxy_has_valid_client_cert(client->common.proxy))
+		auth_flags |= AUTH_CLIENT_FLAG_SSL_VALID_CLIENT_CERT;
+	return auth_flags;
+}
+
 int cmd_login(struct imap_client *client, struct imap_arg *args)
 {
 	const char *user, *pass, *error;
@@ -193,10 +205,12 @@
 	buffer_append(client->plain_login, pass, strlen(pass));
 
 	client_ref(client);
+
 	client->common.auth_request =
 		auth_client_request_new(auth_client, AUTH_MECH_PLAIN,
-					AUTH_PROTOCOL_IMAP, login_callback,
-					client, &error);
+					AUTH_PROTOCOL_IMAP,
+					client_get_auth_flags(client),
+					login_callback, client, &error);
 	if (client->common.auth_request == NULL) {
 		client_send_tagline(client, t_strconcat(
 			"NO Login failed: ", error, NULL));
@@ -324,6 +338,7 @@
 	client->common.auth_request =
 		auth_client_request_new(auth_client, mech->mech,
 					AUTH_PROTOCOL_IMAP,
+					client_get_auth_flags(client),
 					authenticate_callback,
 					client, &error);
 	if (client->common.auth_request != NULL) {

Index: client.c
===================================================================
RCS file: /home/cvs/dovecot/src/imap-login/client.c,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -d -r1.22 -r1.23
--- client.c	3 Dec 2003 00:40:21 -0000	1.22
+++ client.c	17 May 2004 01:32:17 -0000	1.23
@@ -124,7 +124,8 @@
 		client->common.io = NULL;
 	}
 
-	fd_ssl = ssl_proxy_new(client->common.fd, &client->common.ip);
+	fd_ssl = ssl_proxy_new(client->common.fd, &client->common.ip,
+			       &client->common.proxy);
 	if (fd_ssl != -1) {
 		client->tls = TRUE;
 		client->secured = TRUE;
@@ -421,6 +422,8 @@
 		client->common.fd = -1;
 	}
 
+	if (client->common.proxy != NULL)
+		ssl_proxy_free(client->common.proxy);
 	client_unref(client);
 }